Re: [v6ops] Interesting problems with using IPv6
"Hemant Singh (shemant)" <shemant@cisco.com> Tue, 09 September 2014 15:59 UTC
Return-Path: <shemant@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C64771A7001 for <v6ops@ietfa.amsl.com>; Tue, 9 Sep 2014 08:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.853
X-Spam-Level:
X-Spam-Status: No, score=-15.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gs5kBzluPTN for <v6ops@ietfa.amsl.com>; Tue, 9 Sep 2014 08:59:01 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 700541A6FFF for <v6ops@ietf.org>; Tue, 9 Sep 2014 08:59:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7596; q=dns/txt; s=iport; t=1410278341; x=1411487941; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=75dUCQqkNsNxnN2cNy86DnfVo3Oqooi2w29DHqjOga8=; b=VlWAq2sjmPfJyvdXeoMcyLmkKZlrl12iXmu+meDcvYdpt4oUlwZzAzfr CN/6kGyIaRiwJRY4ahJ1bH+oQU0/snUNDbXl2SQ98v7lkIcobhh4fz2LW dBsnrTFRKRvokRlPSVxlGIbhC2EMBHhHpHUX5oAgnEDrZeJVoTIm7nkQ9 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiwFAHcjD1StJV2c/2dsb2JhbABZDoJ/U1cEgnjHJQqHTAEZdBZ4hAMBAQEEAQEBIBE4AgsMBAIBCBEEAQEDAgYdAwICAiULFAEICAIEAQ0FCIg6DacXlWYBF4EsiFSEdiYWGwcGgnM2gR0FjxmCKIQwgjyGJYZrjGSDH0JsAYEFAR8EHoEHAQEB
X-IronPort-AV: E=Sophos;i="5.04,492,1406592000"; d="scan'208";a="76330168"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP; 09 Sep 2014 15:58:43 +0000
Received: from xhc-aln-x01.cisco.com (xhc-aln-x01.cisco.com [173.36.12.75]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s89Fwh7b018588 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 9 Sep 2014 15:58:43 GMT
Received: from xmb-rcd-x06.cisco.com ([169.254.6.218]) by xhc-aln-x01.cisco.com ([173.36.12.75]) with mapi id 14.03.0195.001; Tue, 9 Sep 2014 10:58:42 -0500
From: "Hemant Singh (shemant)" <shemant@cisco.com>
To: Andrew 👽 Yourtchenko <ayourtch@gmail.com>, Chuck Anderson <cra@wpi.edu>
Thread-Topic: [v6ops] Interesting problems with using IPv6
Thread-Index: AQHPy7BYcufcLcCSE0CP+QdxqYnKUZv4XruAgACCkQCAAAzxgP//rUdQgACT44CAABYhgP//ryjQ
Date: Tue, 09 Sep 2014 15:58:42 +0000
Message-ID: <75B6FA9F576969419E42BECB86CB1B89155AF84D@xmb-rcd-x06.cisco.com>
References: <1410082125488.85722@surrey.ac.uk> <540CB702.3000605@gmail.com> <20140908183339.GB98785@ricotta.doit.wisc.edu> <540E26D9.3070907@gmail.com> <1410227735.13436.YahooMailNeo@web162204.mail.bf1.yahoo.com> <540ECB9E.9000102@foobar.org> <CAKD1Yr1_sCLHv=D3MeCe47Fa0dxXTXH5B+=wOKpvmEDFkJFiZw@mail.gmail.com> <75B6FA9F576969419E42BECB86CB1B89155AF364@xmb-rcd-x06.cisco.com> <20140909142226.GP15839@angus.ind.WPI.EDU> <CAPi140Nwzjh-f_kj9tWmcmcjqh55nUdyr6EjHbQySom+SvX_fQ@mail.gmail.com>
In-Reply-To: <CAPi140Nwzjh-f_kj9tWmcmcjqh55nUdyr6EjHbQySom+SvX_fQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.131.71.117]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/aq5N2eGLKJZBNWSeCAQDZ1mBqjM
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Interesting problems with using IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 15:59:04 -0000
Andrew, Great input from you. However, there is one catch. A basic switch works at layer-2 and may not have its implementation communicate with upper transport layers such as TCP and UDP. The switch is merely snooping MLD. Then the switch should just support never letting its cpu go higher than 40% and rate limit processing in the switch punt path. Hemant -----Original Message----- From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Andrew ?? Yourtchenko Sent: Tuesday, September 09, 2014 11:42 AM To: Chuck Anderson Cc: v6ops@ietf.org Subject: Re: [v6ops] Interesting problems with using IPv6 Not delving into the whole "why in today-scale network we need to maintain separate groups per each solicited multicast" argument, let's just assume there are some noticeable gains there and focus on the number of groups. 1) http://tools.ietf.org/html/rfc4941#section-3.3 says: 1. Process the Prefix Information Option as defined in [ADDRCONF], either creating a new public address or adjusting the lifetimes of existing addresses, both public and temporary. If a received option will extend the lifetime of a public address, the lifetimes of temporary addresses should be extended, subject to the overall constraint that no temporary addresses should ever remain "valid" or "preferred" for a time longer than (TEMP_VALID_LIFETIME) or (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR), respectively. The configuration variables TEMP_VALID_LIFETIME and TEMP_PREFERRED_LIFETIME correspond to approximate target lifetimes for temporary addresses. One way to interpret this text is that with the defaults, a host with SLAAC and temporary addresses will have: 1 LL + 1 SLAAC + 7 temp addresses = 9. This gives 1.5 order of magnitude less groups than in the example you cite - a not terribly unreasonable number, though it's still a 9x amount. The TEMP_VALID_LIFETIME and TEMP_PREFERRED_LIFETIME are host-coded, the network (for better or worse) appears to have not much say about them. 2) The "300 addresses" situation might look like either the defaults were changed, or the stack is being "helpful" as described in http://tools.ietf.org/html/rfc4941#section-6: An implementation might want to keep track of which addresses are being used by upper layers so as to be able to remove a deprecated temporary address from internal data structures once no upper layer protocols are using it (but not before). This is in contrast to current approaches where addresses are removed from an interface when they become invalid [ADDRCONF], independent of whether or not upper layer protocols are still using them. For TCP connections, such information is available in control blocks. For UDP-based applications, it may be the case that only the applications have knowledge about what addresses are actually in use. Consequently, an implementation generally will need to use heuristics in deciding when an address is no longer in use. Would this mean the host has a connection that is lasting 300 days and is using the same temporary address ? This does not look too temporary, so arguably that application should not be using temporary addresses (Also: interesting that e.g. Linux limits the default # to 16 - cf.: http://oss.sgi.com/archives/netdev/2004-01/msg01002.html which is still true in the Ubuntu 14.04.) BTW, talking about the applications, they should be able to select whether they need the temporary addresses or not: rfc5014. Do they intentionally select the temporary addresses on the long-lasting connections ? Now, let me argue with myself: 1) IPv6 requiring 9x time the IPv4 addresses is still quite a stretch. If someone needs a long-lasting session, they should use a stable address. 2) Does application have a way to say "I do not want temporary addresses" ? (cf: https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1068756) Seems not today ? 3) Also, http://tools.ietf.org/html/rfc4941#section-3.6 clearly says: " In addition, some applications may not behave robustly if temporary addresses are used and an address expires before the application has terminated, or if it opens multiple sessions, but expects them to all use the same addresses. Consequently, the use of temporary addresses SHOULD be disabled by default in order to minimize potential disruptions. Individual applications, which have specific knowledge about the normal duration of connections, MAY override this as appropriate." So, if the hosts were gentle with the number of addresses they try to use, apps with long-lasting connections were to disable the temporary addresses and the server fleet had the temporary addresses disabled altogether, SLAAC (and, where appropriate, temporary addresses) would not be so bad at all. Of course, the amount of manual work this requires today means that the A-bit is turned off and the DHCPv6 is being used. Which may be perfectly okay - but if it is not, and we do assert that "An RA with prefix having an A-bit set and default settings, should not cause the 10x expansion to the resource requirements compared to Legacy IP", seems like some sort of a correction in default stacks/apps behavior with respect to temporary addresses could be useful. --a _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Mark ZZZ Smith
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Philip Homburg
- Re: [v6ops] Interesting problems with using IPv6 Nick Hilliard
- Re: [v6ops] Interesting problems with using IPv6 Tore Anderson
- Re: [v6ops] Interesting problems with using IPv6 Nick Hilliard
- Re: [v6ops] Interesting problems with using IPv6 Lorenzo Colitti
- Re: [v6ops] Interesting problems with using IPv6 Hemant Singh (shemant)
- Re: [v6ops] Interesting problems with using IPv6 Chuck Anderson
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Hemant Singh (shemant)
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Hemant Singh (shemant)
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 神明達哉
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Andrew 👽 Yourtchenko
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 joel jaeggli
- Re: [v6ops] Interesting problems with using IPv6 Brian Haberman
- Re: [v6ops] Interesting problems with using IPv6 Ray Hunter
- Re: [v6ops] Interesting problems with using IPv6 Erik Nordmark
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Chuck Anderson
- Re: [v6ops] Interesting problems with using IPv6 Fernando Gont
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Sander Steffann
- Re: [v6ops] Interesting problems with using IPv6 Bernie Volz (volz)
- Re: [v6ops] Interesting problems with using IPv6 Sander Steffann
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Owen DeLong
- Re: [v6ops] Interesting problems with using IPv6 Mark ZZZ Smith
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Mikael Abrahamsson
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Erik Nordmark
- Re: [v6ops] Interesting problems with using IPv6 Nick Hilliard
- Re: [v6ops] Interesting problems with using IPv6 Brian E Carpenter
- Re: [v6ops] Interesting problems with using IPv6 Mikael Abrahamsson