Re: [v6ops] Interesting problems with using IPv6
Chuck Anderson <cra@WPI.EDU> Fri, 12 September 2014 23:13 UTC
Return-Path: <cra@WPI.EDU>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D19161A00A8 for <v6ops@ietfa.amsl.com>; Fri, 12 Sep 2014 16:13:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.354
X-Spam-Level:
X-Spam-Status: No, score=-5.354 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POK8Tgj90GPf for <v6ops@ietfa.amsl.com>; Fri, 12 Sep 2014 16:13:03 -0700 (PDT)
Received: from MAIL1.WPI.EDU (MAIL1.WPI.EDU [130.215.36.91]) by ietfa.amsl.com (Postfix) with ESMTP id B6CE21A0099 for <v6ops@ietf.org>; Fri, 12 Sep 2014 16:13:01 -0700 (PDT)
Received: from MAIL1.WPI.EDU (MAIL1.WPI.EDU [130.215.36.91]) by MAIL1.WPI.EDU (8.14.9/8.14.9) with ESMTP id s8CNCw42015954; Fri, 12 Sep 2014 19:12:58 -0400
X-DKIM: Sendmail DKIM Filter v2.8.3 MAIL1.WPI.EDU s8CNCw42015954
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wpi.edu; s=_dkim; t=1410563578; bh=AmbYsB1leIb9QEhHrIljUsxihqzm5swykDbcpmUfI0k=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Transfer-Encoding:In-Reply-To; b=RcJZse6Oz+hGpQj9GkTxJMxc7WGx3jy1Oo/CIIjx+462N3BOgOTCjd/1MCQ/IRnFH rIDQ8xKLW9ZZt/yH8fKEorZsfx0JXLUph99B/kfHYnEu66E4M498+HItLdttZOg/O/ GZgamRwyQlpt0HddcUxuLxMGurRJC8Kmud5Es51M=
Received: from MX3.WPI.EDU (mx3.wpi.edu [130.215.36.147]) by MAIL1.WPI.EDU (8.14.9/8.14.9) with ESMTP id s8CNCwd2015951; Fri, 12 Sep 2014 19:12:58 -0400
Received: from angus.ind.WPI.EDU (ANGUS.IND.WPI.EDU [130.215.130.21]) by MX3.WPI.EDU (8.14.4/8.14.4) with ESMTP id s8CNCvtq014989; Fri, 12 Sep 2014 19:12:58 -0400 (envelope-from cra@WPI.EDU)
Received: from angus.ind.WPI.EDU (localhost [127.0.0.1]) by angus.ind.WPI.EDU (8.14.4/8.14.4) with ESMTP id s8CNCvUt029477; Fri, 12 Sep 2014 19:12:57 -0400
Received: (from cra@localhost) by angus.ind.WPI.EDU (8.14.4/8.14.4/Submit) id s8CNCt0C029476; Fri, 12 Sep 2014 19:12:55 -0400
X-Authentication-Warning: angus.ind.WPI.EDU: cra set sender to cra@WPI.EDU using -f
Date: Fri, 12 Sep 2014 19:12:55 -0400
From: Chuck Anderson <cra@WPI.EDU>
To: Owen DeLong <owen@delong.com>
Message-ID: <20140912231254.GO31944@angus.ind.WPI.EDU>
References: <1410082125488.85722@surrey.ac.uk> <540CB702.3000605@gmail.com> <20140908183339.GB98785@ricotta.doit.wisc.edu> <540E26D9.3070907@gmail.com> <1410227735.13436.YahooMailNeo@web162204.mail.bf1.yahoo.com> <540ECB9E.9000102@foobar.org> <CAKD1Yr1_sCLHv=D3MeCe47Fa0dxXTXH5B+=wOKpvmEDFkJFiZw@mail.gmail.com> <75B6FA9F576969419E42BECB86CB1B89155AF364@xmb-rcd-x06.cisco.com> <20140909142226.GP15839@angus.ind.WPI.EDU> <101C89B1-019B-4E51-B869-FABC534E6D3D@delong.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <101C89B1-019B-4E51-B869-FABC534E6D3D@delong.com>
User-Agent: Mutt/1.5.20 (2009-12-10)
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/Dka1WWIhOFbeUN_F5I6fyCwGLFw
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Interesting problems with using IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 23:13:06 -0000
On Fri, Sep 12, 2014 at 03:33:52PM -0700, Owen DeLong wrote: > > It is not reasonable to expect a switch to scale to maintaining state > > for 300 * (# of hosts connected) Solicited-Node multicast groups. > > Nor does any rational use of SLAAC+Privacy addresses result in anything near that. Actually deployed networks are encountering 300+ privacy addresses on some machines. Is that a bug or by design of the OS vendor? I don't know. > > 15,000 MLD groups for 48 hosts on a 48 port switch is unreasonable. > > 25*48 = 1,200, not 15,000. Even if we double that, it’s still 2,400 max. > > A potential improvement could be if privacy addressing created a persistent random lower 24 bits and only rehashed the upper 40 bits of the suffix with each address rotation. In that way, you’d only have ~2 ND multicast groups per host. Agreed. Good idea. > > 90,000 MLD groups for a 300 port switch stack is also unreasonable. > > Most switches cannot handle that many IPv4 multicast groups--expecting > > them to handle that many IPv6 multicast groups is unreasonable. > > Again, this is not anything close to a real world scale for the situation. Using hyperbole derived numbers to make things sound bad enough that you can blame the protocol for a situation that is much more directly the result of bad network design is absurd. It isn't hyperbole. It has been observed multiple times by different people: http://blog.bimajority.org/2014/07/16/ipv6-privacy-addresses-windows-just-say-no/ "it was a Windows machine, [...] I saw that it was responsible for the vast majority of those multicast memberships: 350 different multicast groups in all, nearly all of which were “solicited node” groups for different IPv6 “privacy” addresses" http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/ "I used Ubuntu as an example, but it is hardly the worst offender. We have seen Windows machines with more than 300 IPv6 addresses" And a thorough description of the problem and possible solutions: http://inconcepts.biz/~jsw/ipv6_nd_problems_with_l2_mcast.pdf > > Having designed a ubiquitous protocol 16 years ago that can't be > > implemented reasonably cheaply on current hardware is an operational > > problem that can and should be dealt with by tweaking the protocol in > > some cases. I think the protocol change proposals put forward in the > > article are a quite reasonable starting point for discussing how to > > mitigate this issue and shouldn't be dismissed out of hand. > > I think that the protocol can be implemented reasonably cheaply on current hardware if you don’t design your network so poorly that the fact it hasn’t collapsed in on itself in IPv4 is a minor miracle. Lots of people have very large IPv6 networks running just fine on a pretty wide variety of commodity hardware at this point. The only reasonable way to avoid this problem today via network design, is to design you network to use DHCPv6 instead of SLAAC or turn off privacy addressing on all hosts. Unfortunately for less managed networks (the exact use case that SLAAC is designed for--hands off) it isn't feasible to go to every host and manually turn off privacy addressing. That means the only practical way to solve this problem is to only ever use DHCPv6. This is a somewhat surprising result, perhaps unanticipated by those who worked on ND & MLD, and probably not desireable for those who champion SLAAC. > Smaller layer 2 zones would greatly improve his situation. Turning off privacy addressing would also help. (This is, as has been pointed out, under the control of the network operator as he can set the M bit, turn off the A bit, and give out DHCP addresses as an example.) He doesn't have large Layer 2 zones. > I suspect there are a number of other viable solutions. OTOH, modifying ipv6 to support such an environment seems a fools errand to me. Modifying ND is not without precedent.
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Mark ZZZ Smith
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Philip Homburg
- Re: [v6ops] Interesting problems with using IPv6 Nick Hilliard
- Re: [v6ops] Interesting problems with using IPv6 Tore Anderson
- Re: [v6ops] Interesting problems with using IPv6 Nick Hilliard
- Re: [v6ops] Interesting problems with using IPv6 Lorenzo Colitti
- Re: [v6ops] Interesting problems with using IPv6 Hemant Singh (shemant)
- Re: [v6ops] Interesting problems with using IPv6 Chuck Anderson
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Hemant Singh (shemant)
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Hemant Singh (shemant)
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 神明達哉
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 joel jaeggli
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Ray Hunter
- Re: [v6ops] Interesting problems with using IPv6 Erik Nordmark
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Chuck Anderson
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Sander Steffann
- Re: [v6ops] Interesting problems with using IPv6 Bernie Volz (volz)
- Re: [v6ops] Interesting problems with using IPv6 Sander Steffann
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Mark ZZZ Smith
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Mikael Abrahamsson
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Erik Nordmark
- Re: [v6ops] Interesting problems with using IPv6 Nick Hilliard
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Mikael Abrahamsson