Forgot your password?
typodupeerror
Google Businesses Network Networking The Internet IT Technology

Google Deploys IPv6 For Internal Network 260

Posted by samzenpus
from the time-to-upgrade dept.
itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."
This discussion has been archived. No new comments can be posted.

Google Deploys IPv6 For Internal Network

Comments Filter:
  • Supported (Score:5, Insightful)

    by inglorion_on_the_net (1965514) on Sunday December 11, 2011 @10:49AM (#38334770) Homepage

    "'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

    I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

    • Re:Supported (Score:5, Insightful)

      by Chuckstar (799005) on Sunday December 11, 2011 @10:55AM (#38334824)

      I don't think they meant "we shouldn't hold the vendors accountable if the equipment doesn't work right".

      I think they meant "we shouldn't expect that just because the vendor says it works, that it does".

      Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.

      • Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.

        So I'm not the only one who read the article as "stay as far away from IPv6 as possible for as long as you can manage"? If an organisation with the size, resources, and clout with vendors that Google has is four years into an estimated eight-year move to IPv6 (as opposed to "we switch over from v4 to v6 next weekend, set your watches"), that's a sign that I don't want to move my organisation to this stuff any time soon. A network upgrade should be, at worst, a somewhat over-long weekend, not a new career

    • Re:Supported (Score:5, Insightful)

      by jimicus (737525) on Sunday December 11, 2011 @11:11AM (#38334940)

      I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

      Indeed, but it's the same with all commodity technology - you find various implementations, not all of which work properly.

      The same was true 10 or 15 years ago with booting from CD. Same was true 5-6 years ago with PXE. Same's true with CIDR - I've come across equipment like printers that can't handle the idea - you have to give them a class A, B or C subnet mask. Same with STP (spanning tree) - I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work. Only a couple of weeks ago I met a server BIOS providing software RAID (yeuch) that needed the drives set to RAID in the BIOS for it to work. But if power to the server was lost, that specific BIOS setting would go. Every other BIOS setting would be just fine and you'd get no error at bootup; you'd just find your disks magically appeared differently on boot.

      If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.

  • by agristin (750854) on Sunday December 11, 2011 @10:54AM (#38334818) Journal

    "Each campus or office got a /48 address block, which meant that it was allotted 280 addresses. In turn, each building got a /56 block of those addresses (or about 272 addresses) and each VLAN (Virtual Local Area Network) received a /64 block, or about 264 addresses."

    a /48 block is 65536 subnets for each campus. A /64 has 18,446,744,073,709,551,616 IP addresses.

    The RFCs on this type of thing are RFC 6177 which replaced 3177 and RFC 5375. For a itworld/usenix article, fact checking is really low.

    • by KiloByte (825081) on Sunday December 11, 2011 @11:00AM (#38334864)

      Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

      Try this: 2<sup>80</sup> -> 280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

      • Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

        Try this: 2<sup>80</sup> ->280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

        It is the writer's fault. We have forced comment preview for exactly this reason.

        • by danomac (1032160)

          So you mean they can't edit it afterwards, like on /.?

        • by KiloByte (825081)

          We do, but the incorrect number is not on Slashdot. Also, I doubt the person who wrote this text could made this mistake, it's quite certainly the editor's fault ("editor" as a person, not as a program).

  • IPv4.1 (Score:2, Funny)

    by Anonymous Coward

    Simple solution, bump it up a notch.

    My octets go to 257. Solved.

  • by vlm (69642) on Sunday December 11, 2011 @11:03AM (#38334888)

    For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,'

    In other words, business as usual in all other areas of IT. Glad to see there is nothing "special" about ipv6 deployment.

    And while the current versions of most OSes support IPv6, they do not do so by default.

    What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

    • by tgd (2822) on Sunday December 11, 2011 @11:14AM (#38334964)

      And while the current versions of most OSes support IPv6, they do not do so by default.

      What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

      Windows 7 actually defaults to it being turned on, but will generally not do anything with it if it doesn't get an IPV6 DHCP address. But some MS technology (like the Win7 HomeGroup support, and DirectAccess) work via IPV6. Odds are there are a TON of people using IPV6 on their home network and just don't know it.

  • by lightknight (213164) on Sunday December 11, 2011 @11:13AM (#38334950) Homepage

    Even I am kind of curious to see what would happen if we set a week in the future to switch everyone over. I say a week, not a day, because vendors will need at least 72 hours to issue emergency firmware upgrades after sections of the internet disappear, and allowing for different time zones and what not, of course.

    Does anyone know if all the major service providers have upgraded their equipment to ipv6 yet? Any laggards?

    • needs to be IPV6 so it can be like NAT is just need to make the out side stuff work with IPV6 and the in side can still have the older IPV4 only stuff.

    • Re:Hmm (Score:4, Informative)

      by Midnight Thunder (17205) on Sunday December 11, 2011 @02:31PM (#38336592) Homepage Journal

      In Europe, Asia and Africa ISPs are already making the slow move to IPv6. In North America it is only a handful of ISPs that have publicized their efforts (two come to mind: Comcast and TechSavvy), whereas others are putting short term profits before long term success.

      In the short term companies that already have massive private networks can install a web proxy to deal with external IPv6 HTTP hosts. Long term they will need to revaluate the design of the network and what really needs to have access to the external IPv6 network and what can stay oblivious. In general anything that is only going to communicate with the internal network can stay IPv4 centric, while other devices with be dual IPv4/IPv6 stack.

      The one challenge people with wanting to make the web server accessible from IPv6 clients are hosting centres that don't provide IPv6 yet. It is certainly possible to get around this by using a tunnel, but this is really far from optimal.

      BTW Some hosting services that are IPv6 ready are listed here:

      http://www.sixxs.net/wiki/IPv6_Enabled_Hosting [sixxs.net]

  • There is a lot of stuff that does not have IPV6. Do they have some kind of NAT for the older IPv4 stuff?

  • by s7uar7 (746699) on Sunday December 11, 2011 @11:46AM (#38335170) Homepage
    Just think how long it would take companies without access to virtually unlimited funds and brain power. It's no wonder everyone is reluctant to make the move.
    • by allo (1728082)

      not everyone has a network as large as the network of google.

    • Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready. In terms of the problems Google ran into, I'd wager a large chunk of them won't be inflicted again by the same company. Once kinks are worked out for even one customer, they are generally worked out for all customers.

      That said, while I've seen a large amount of increased IPv6 capability from vendors (showing they have expertise *somewhere*), it's still an arcane art for almost everyone at these companies

      • by John Hasler (414242) on Sunday December 11, 2011 @02:24PM (#38336526) Homepage

        Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready.

        I suspect that most of the pain was suffered by the vendors in this case. Google will have written the IPv6 requirements into the multimillion dollar purchase orders and is quite capable of phoning a VP of sales and telling him that if this is not fixed NOW you might find yourself no longer qualified as a Google supplier.

        BTW I read that the DoD has come up with a unique way to encourage vendors to make sure that their IPv6 implementations actually work. They've been told that whether or not their own Web sites are accessible via IPv6 will be a factor in acquisition decisions. I can't reach Cisco on IPv6, though.

    • Really? You don't think that a company the size and shape of Google might have a slightly more complex network than a shop of, say, 100 people?

  • Given the Google has absolutely no shortage of capital and brain power as noted before, I am surprised Google didn't just build its own routers, wireless access points, etc. Linux and BSD have come along way in their routing capabilities. Heck, Vyatta sells an open source router that probably competes very favorably. If I were Google, I would have opted for the open source methodology and contributed back to the community. You pay a vendor and expect quality, you don't beg them to improve their product.
    • Re:Vendors (Score:5, Insightful)

      by Lennie (16154) on Sunday December 11, 2011 @12:21PM (#38335456) Homepage

      Because the hardware that can handle large amounts of small packets fast when you install your own software ('firmware'), does not exist AFAIK. Atleast not the type which will also be supported by (multiple) vendors (no1 wants to be stuck on, locked into, one vendor). designing not-massproduced ASICS isn't cheap. It would be like Google designing their own CPU's for their servers.

      The closest things are:

      - NetFPGA (some people at Google worked on that project I believe) / LibreRouter - which use FPGA's to handle packets, you tell it how to do that.

      - projects like Netmap, handle packets in userspace so you don't have to push packets through the kernel on normal PC-hardware, making it faster: http://www.youtube.com/watch?v=SPtoXNW9yEQ [youtube.com]

      The best chance currently to be useful in 'doing your own thing' is probalby:

      - OpenFlow, which basically is an API standard which multiple vendors would support to describe what the hardware in a switch should be doing, a programming language almost. Some demo's:
      http://www.youtube.com/user/stanfordopenflow [youtube.com]

      Which can allow for lots of tricks, like 'software defined networking'

  • by C3ntaur (642283) <centaur&netmagic,net> on Sunday December 11, 2011 @12:04PM (#38335310) Journal

    IPv6 is cool, I get it. But how many ISPs are offering it to their consumers? If I want to build a web presence, would I settle for only IPv6 address space? If not, how much would I pay to buy into the IPv4 space so I can reach all my potential customers?

    • Re:What's the point? (Score:5, Informative)

      by zootie (190797) on Sunday December 11, 2011 @02:17PM (#38336472)

      IPv6 is very popular in Asia, and you have a large number of Eastern languages sites that are only reachable on IPv6 (some only have IPv4 for western visitors if their content applies).

      And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.

      The limiting factor is going to be the home routers. But as more ISPs begin offering the option (maybe bundled with a "higher performance tier" that will tie in with net neutrality), we'll likely see home routers advertising IPv6 support as if it was a new type of faster wireless. Albeit, it might take years.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Even companies like Google will find it increasingly hard to get enough IPv4 addresses for their needs. See e.g.
      Microsoft's recent purchase [bbc.co.uk] at $11.5 a pop.
      I'm sure they require a lot of globally routable addresses for internal communication. Those can be converted to IPv6 to free up address space for their public endpoints, even while most of their users are IPv4 only.

      From the user side of it, ISPs in growth areas like Asia simply cannot hand out IPv4 addresses to all their users, leading to kludges like IS

  • by Anonymous Coward on Sunday December 11, 2011 @01:15PM (#38335874)

    I'm lucky enough to use an isp that offers native ipv6.
    This coupled with a nifty firefox plugin (IPvFox) enables me to determine with some certainty that somewhere between 95-99% (tongue in cheek) of all ipv6 traffic on the internet is googles.

    They are pretty much the only company using it.

    (O.K. rss.slashdot.org... kudos to you guys).

  • by whistl (234824) on Sunday December 11, 2011 @07:25PM (#38338450)

    Right now I'm running a free IP v6-over-v4 tunnel from my router to Hurricane Electric. I got assigned my own v6 LAN range. Mac OS X works fine, hits the v6 version of a website if it exists, the v4 version otherwise. Doesn't always work, I know. The DNS part is the problem to figure out. The larger infrastructure DNS servers (comcast, at&t, verizon, etc) need to support IPv6. Comcast has just begun rolling it out to end users, so hopefully they've got dnsv6 servers that work now and still return the correct regionally sorted IP addresses for cloud services like akamai.

  • by tengu1sd (797240) on Sunday December 11, 2011 @11:11PM (#38339764)

    'We should not expect something to work just because it is declared supported, . . ."

    Why should IPv6 be different than any other feature a vendor documents?

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI

Working...