Google Deploys IPv6 For Internal Network 260
itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."
Re:Business as usual? (Score:5, Interesting)
And while the current versions of most OSes support IPv6, they do not do so by default.
What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.
Windows 7 actually defaults to it being turned on, but will generally not do anything with it if it doesn't get an IPV6 DHCP address. But some MS technology (like the Win7 HomeGroup support, and DirectAccess) work via IPV6. Odds are there are a TON of people using IPV6 on their home network and just don't know it.
Re:IPv6 (Score:2, Interesting)
NAT has improved protocol design a lot though. Before NAT, there were things like FTP, with inband port signaling. Most modern protocols avoid mentioning port numbers in the payload and can run on any port, through multiple port forwardings if necessary. Notable exception and bad example: SIP. I expect more bad protocol design once people again assume that end-to-end IP addressing is universally available.
Re:IPv6 (Score:4, Interesting)
OK, but that's not very clear. I can see why a program that picked a completely random port might be awkward to get to work with a firewall. But restricting the range of ports that it can use, then permitting those, would work wouldn't it?
I'm not sure it's a good idea to restrict protocol flexibility in that way anyway. There's a fundamental issue with NAT or firewalls in that they need to know details of what the users behind them want and don't want to do. This may be true for a business with a central IT department who can configure the device as necessary, but it's not true in general. If my ISP runs a NAT to conserve IP space, am I supposed to contact them to forward whatever ports are necessary? I don't think that'll work well. I just hope IPv6 actually does get rolled out before that becomes necessary.
ipv6 - a private protocol for google? (Score:3, Interesting)
I'm lucky enough to use an isp that offers native ipv6.
This coupled with a nifty firefox plugin (IPvFox) enables me to determine with some certainty that somewhere between 95-99% (tongue in cheek) of all ipv6 traffic on the internet is googles.
They are pretty much the only company using it.
(O.K. rss.slashdot.org... kudos to you guys).
Re:Vendors are a tad better enabled now... (Score:4, Interesting)
I suspect that most of the pain was suffered by the vendors in this case. Google will have written the IPv6 requirements into the multimillion dollar purchase orders and is quite capable of phoning a VP of sales and telling him that if this is not fixed NOW you might find yourself no longer qualified as a Google supplier.
BTW I read that the DoD has come up with a unique way to encourage vendors to make sure that their IPv6 implementations actually work. They've been told that whether or not their own Web sites are accessible via IPv6 will be a factor in acquisition decisions. I can't reach Cisco on IPv6, though.
Re:What's the point? (Score:3, Interesting)
Even companies like Google will find it increasingly hard to get enough IPv4 addresses for their needs. See e.g.
Microsoft's recent purchase [bbc.co.uk] at $11.5 a pop.
I'm sure they require a lot of globally routable addresses for internal communication. Those can be converted to IPv6 to free up address space for their public endpoints, even while most of their users are IPv4 only.
From the user side of it, ISPs in growth areas like Asia simply cannot hand out IPv4 addresses to all their users, leading to kludges like ISP-level NAT. At that point, even if IPv4 is reachable due to the hacks, you would give them a better user experience (a faster and more reliable connection) by offering your services over IPv6 as well.
In short, even though IPv4 will be 'mandatory' for the foreseeable future, the hacks needed to make it work for everyone and everything that needs internet access may make it a second-grade experience compared to IPv6, maybe within a few years time.
Re:Technically complex... (Score:4, Interesting)
Google may have the largest networks, but I doubt they have the most complex networks. Otherwise they wouldn't be able to "scale out" as easily and quickly. I suspect most Google data centers are very similar in network topology and technologies used.
Old large organizations are the ones with weird complex networks which are not self-similar and use different network technologies. x.25 over tcp/ip, frame relay, netbios over tcp/ip, SDLC, token ring, FDDI, stuff that's still using Novell 802.3 ethernet frames ( http://support.novell.com/techcenter/articles/ana19930905.html [novell.com] ). If you're unlucky you'd need network equipment that can handle both the old stuff and ipv6 properly. The networks may not be connected to each other, but what if the old expensive equipment handling the "legacy network stuff" are also handling some IPv4 stuff?
Unless forced to I wouldn't bother upgrading an old bank to IPv6. Users inside can't connect directly to the outside world, unless they go through a proxy? That's a feature not a bug ;).