Mailing List Archive

On 31 January 2014 10:22, Templin, Fred L <Fred.L.Templin@boeing.com> wrote:
>> Not if you route a /64 to each host (the way 3GPP/LTE does for mobiles). :-)
>
> A /64 for each mobile is what I would expect. It is then up to the
> mobile to manage the /64 responsibly by either black-holing the
> portions of the /64 it is not using or by assigning the /64 to a
> link other than the service provider wireless access link (and
> then managing the NC appropriately).

<wasn't specifically directed at anyone>

Yep. My point, though, was that we can do the same kind of thing in
the datacenter.




<dangerously philosophical>

In general, I think ND exhaustion is one of those "solve it at Layer
3" situations, since we have the bits to do so.

IPv6 gives us a large enough space to see new problems of scale, and
sometimes the large enough space can be used to solve these problems
too, albeit with non-IPv4 thinking.

Hi Erik,

> -----Original Message-----
> From: Erik Kline [mailto:ek@google.com]
> Sent: Friday, January 31, 2014 10:46 AM
> To: Templin, Fred L
> Cc: Nick Hilliard; Cricket Liu; ipv6-ops@lists.cluenet.de; draft-carpenter-6man-why64@tools.ietf.org;
> Mark Boolootian
> Subject: Re: Question about IPAM tools for v6
>
> On 31 January 2014 10:22, Templin, Fred L <Fred.L.Templin@boeing.com> wrote:
> >> Not if you route a /64 to each host (the way 3GPP/LTE does for mobiles). :-)
> >
> > A /64 for each mobile is what I would expect. It is then up to the
> > mobile to manage the /64 responsibly by either black-holing the
> > portions of the /64 it is not using or by assigning the /64 to a
> > link other than the service provider wireless access link (and
> > then managing the NC appropriately).
>
> <wasn't specifically directed at anyone>
>
> Yep. My point, though, was that we can do the same kind of thing in
> the datacenter.

Sure, that works for me too.

> <dangerously philosophical>
>
> In general, I think ND exhaustion is one of those "solve it at Layer
> 3" situations, since we have the bits to do so.
>
> IPv6 gives us a large enough space to see new problems of scale, and
> sometimes the large enough space can be used to solve these problems
> too, albeit with non-IPv4 thinking.

Right - thanks for clarifying.

Thanks - Fred
fred.l.templin@boeing.com

>> /64 netmask opens up nd cache exhaustion as a DoS vector.
>
> FUD.

I probably should have qualified this statement a little better before
posting it.

Large locally-connected connected l2 domains can open up nd cache
exhaustion and many other problems as DoS vectors if the operating systems
connected to these domains do not have resource exhaustion limitations
built in, or they are built in but not configured properly.

In particular, the large address space prevents operating systems from
implementing certain types of mitigation mechanisms that might be possible
with ipv4 (e.g. slot based rate limiting). The ND rate limiters that I've
tested all cause collateral connectivity problems as they place all ND
floods from all hosts in the same RL bucket.

While some aspects of this problem are more generic and not specifically
related to the address domain size (i.e. they're similar to what's already
seen on ipv4), the fact that the addressing domain is so large does not
help either the o/s implementer or the operator and the issues relating to
ND flooding of whatever sort (NS/RA/etc) are something that explicitly need
to be understood by both the o/s implementer and the network operator
because otherwise connectivity problems can occur in production.

Nick

On 31 Jan 2014, at 15:26, Alexandru Petrescu <alexandru.petrescu@cea.fr> wrote:

> Speaking of scalability - is there any link layer (e.g. Ethernet) that supports 2^64 nodes in the same link? Any deployed such link? I doubt so.
>
> I suppose the largest number of nodes in a single link may reach somewhere in the thousands of nodes, but not 2^64.


Let me de-lurk and make the obvious point that using standard Ethernet addressing would limit the number of nodes on a single link to 2^47, and that would require every unicast address assigned to every possible vendor. Using just the Locally Administered addresses would limit you to 2^46.

Sam
--
Sam Wilson
Communications Infrastructure Section, IT Infrastructure
Information Services, The University of Edinburgh
Edinburgh, Scotland, UK



The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

On 03/02/2014 11:11, Sam Wilson wrote:
> Let me de-lurk and make the obvious point that using standard Ethernet
> addressing would limit the number of nodes on a single link to 2^47, and
> that would require every unicast address assigned to every possible
> vendor. Using just the Locally Administered addresses would limit you
> to 2^46.

it bothers me that I can't find any switch with 2^46 ports.

Damned vendors.

Nick

On 3 Feb 2014, at 11:17, Nick Hilliard <nick@foobar.org> wrote:

> On 03/02/2014 11:11, Sam Wilson wrote:
>> Let me de-lurk and make the obvious point that using standard Ethernet
>> addressing would limit the number of nodes on a single link to 2^47, and
>> that would require every unicast address assigned to every possible
>> vendor. Using just the Locally Administered addresses would limit you
>> to 2^46.
>
> it bothers me that I can't find any switch with 2^46 ports.
>
> Damned vendors.


The back of my envelope says that with my vendor of choice and a 4-deep tree (7-hop old-style STP limit) of 384-port switches I can't get more than about 2^34 edge ports. Very disappointing. That would need approximately 57 million routers, though, and 170 GW of electrical power, not counting the cooling requirements.

--
Sam Wilson
Communications Infrastructure Section, IT Infrastructure
Information Services, The University of Edinburgh
Edinburgh, Scotland, UK



The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

On 3 Feb 2014, at 11:32, Sam Wilson <Sam.Wilson@ed.ac.uk> wrote:

>
> On 3 Feb 2014, at 11:17, Nick Hilliard <nick@foobar.org> wrote:
>
>> On 03/02/2014 11:11, Sam Wilson wrote:
>>> Let me de-lurk and make the obvious point that using standard Ethernet
>>> addressing would limit the number of nodes on a single link to 2^47, and
>>> that would require every unicast address assigned to every possible
>>> vendor. Using just the Locally Administered addresses would limit you
>>> to 2^46.
>>
>> it bothers me that I can't find any switch with 2^46 ports.
>>
>> Damned vendors.
>
>
> The back of my envelope says that with my vendor of choice and a 4-deep tree (7-hop old-style STP limit) of 384-port switches I can't get more than about 2^34 edge ports. Very disappointing. That would need approximately 57 million routers, though, and 170 GW of electrical power, not counting the cooling requirements.

That's a lot of hamsters.

Tim

On 3 Feb 2014, at 11:58, Tim Chown <tjc@ecs.soton.ac.uk> wrote:

>
> On 3 Feb 2014, at 11:32, Sam Wilson <Sam.Wilson@ed.ac.uk> wrote:
>
>>
>> On 3 Feb 2014, at 11:17, Nick Hilliard <nick@foobar.org> wrote:
>>
>>> On 03/02/2014 11:11, Sam Wilson wrote:
>>>> Let me de-lurk and make the obvious point that using standard Ethernet
>>>> addressing would limit the number of nodes on a single link to 2^47, and
>>>> that would require every unicast address assigned to every possible
>>>> vendor. Using just the Locally Administered addresses would limit you
>>>> to 2^46.
>>>
>>> it bothers me that I can't find any switch with 2^46 ports.
>>>
>>> Damned vendors.
>>
>>
>> The back of my envelope says that with my vendor of choice and a 4-deep tree (7-hop old-style STP limit) of 384-port switches I can't get more than about 2^34 edge ports. Very disappointing. That would need approximately 57 million routers, though, and 170 GW of electrical power, not counting the cooling requirements.
>
> That's a lot of hamsters.


Turns out it's more hamsters than we have in the UK. <http://www.gridwatch.templar.co.uk/>

Sam

--
Sam Wilson
Communications Infrastructure Section, IT Infrastructure
Information Services, The University of Edinburgh
Edinburgh, Scotland, UK



The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.