×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Deploys IPv6 For Internal Network

samzenpus posted more than 2 years ago | from the time-to-upgrade dept.

Google 260

itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

260 comments

IPv6 (-1)

Anonymous Coward | more than 2 years ago | (#38334734)

Something no one would need if proper assignment of IP ranges had been done.

Re:IPv6 (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38334778)

assignment of smaller blocks may have extended the life of IPv4 addresses however, there are physically not enough addresses for the devices we currently have. While, there may be enough at the moment, there wont be soon.

What is IPv4; 4.3 billion addresses. There are over 6 billion people on earth and many people in the western world have numerous devices. My household of 2 has 8 devices that are nearly always online. (Computers, Phones, Top-set Boxes, printers, etc....) This number does not take into account either one of our work sites which probably add another 1-2 addresses to that number.

And no, NAT is not a solution.

Re:IPv6 (4, Informative)

SuricouRaven (1897204) | more than 2 years ago | (#38334934)

2^32 - 2^24 - 2^16 - 2^20 - 2^16 - 2^28 = 4008574976. That's if you put them all on one giant flat network from hell, and so didn't use any for network or broadcast addresses. Yes, 2^16 in there twice - don't forget APIPA. The 2^28 is reserved for multicast.

Re:IPv6 (2, Interesting)

Anonymous Coward | more than 2 years ago | (#38335054)

NAT has improved protocol design a lot though. Before NAT, there were things like FTP, with inband port signaling. Most modern protocols avoid mentioning port numbers in the payload and can run on any port, through multiple port forwardings if necessary. Notable exception and bad example: SIP. I expect more bad protocol design once people again assume that end-to-end IP addressing is universally available.

Re:IPv6 (2)

Rising Ape (1620461) | more than 2 years ago | (#38335150)

Why is that bad in the absense of NAT?

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38335192)

Firewalls

Re:IPv6 (3, Interesting)

Rising Ape (1620461) | more than 2 years ago | (#38335420)

OK, but that's not very clear. I can see why a program that picked a completely random port might be awkward to get to work with a firewall. But restricting the range of ports that it can use, then permitting those, would work wouldn't it?

I'm not sure it's a good idea to restrict protocol flexibility in that way anyway. There's a fundamental issue with NAT or firewalls in that they need to know details of what the users behind them want and don't want to do. This may be true for a business with a central IT department who can configure the device as necessary, but it's not true in general. If my ISP runs a NAT to conserve IP space, am I supposed to contact them to forward whatever ports are necessary? I don't think that'll work well. I just hope IPv6 actually does get rolled out before that becomes necessary.

Re:IPv6 (1)

Anonymous Coward | more than 2 years ago | (#38336210)

You can certainly deal with it, but it's a complication. Every protocol you use requires administration of the firewall. Every administration of the firewall introduces a possibility of introducing human error into things and accidentally leaving a hole in your firewall you didn't intend. Plus it's more work :P

Re:IPv6 (5, Insightful)

allo (1728082) | more than 2 years ago | (#38335800)

you see, the good thing is not the NAT, but the firewall dropping packets from outside, again. As always, the people say the security comes from NAT, and really mean the requirement of having a firewall which drops packets coming in, because there is no mapping to which internal ip they should be routed.

Re:IPv6 (1)

Anonymous Coward | more than 2 years ago | (#38336230)

you see, that wasn't the point. What has happened is that NAT killed the idea that the end point of the connection has the same IP address that an external node would address packets to to reach that end point. That lack of end to end connectivity has made protocol designers create better protocols with less inband signaling. Firewalls alone would not have had that effect.

Re:IPv6 (4, Informative)

Anonymous Coward | more than 2 years ago | (#38336818)

Of course sometimes its still necessary, avoiding that just isn't as flexible.

SIP/H323 are a good example as the media has to be sent in a separate RTP connection. If it's not immediately obvious why that's the case RTP has to be sent as UDP to avoid latency/loss making a call unusable which TCP would. SIP can use TCP and H323 always does, so you can't send the media in the same connection.

Plus a lot of telecom environments don't have the same server handling the media as the signalling. One such use case is sometimes you get the phones to bypass the server and talk directly. That means less latency and less bandwidth used at the server, but it is only possible where end-to-end connectivity between the phones is is possible and NAT almost always breaks that.

Re:IPv6 (4, Insightful)

Pi1grim (1956208) | more than 2 years ago | (#38337372)

NAT killed one of the basic principles of the internet and you're trying to make it look like a good thing.

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38336766)

No inband addressing would certainly make the IPv4 to IPv6 transition easier.

Re:IPv6 (1)

akanouras (1431981) | more than 2 years ago | (#38335280)

I have an SIP phone at home, that is connected to my company's PBX through the internet.
When I call a landline number, the PBX sets up a data path directly from the SIP provider to my phone, without it being relayed through the PBX.

How would you implement that without in-band address signaling?

Re:IPv6 (1)

Anonymous Coward | more than 2 years ago | (#38335412)

I would have made the protocol single-port and I would have made the reinvitation address a higher level address (SIP URI) instead of an automatically allocated port number at an automatically detected address. Skype has a business because setting up SIP is so complicated unless you run it on public IP addresses, and SIP is so complicated because of network addresses in the payload.

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38336096)

Have your SIP phone initiate the data connection.

That's probably what's happening already. If not, it would not work with almost all home routers.

Re:IPv6 (3, Informative)

iserlohn (49556) | more than 2 years ago | (#38336274)

What happens when both end-points are behind a hide-NAT? ... ...
Many-to-one NAT by nature breaks the bi-directional model of TCP and UDP communications. You can workaround it by using dynamic port mappings ala uPNP, but it's a ugly hack really.

Re:IPv6 (1)

DaMattster (977781) | more than 2 years ago | (#38335322)

I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.

Re:IPv6 (0)

hairyfeet (841228) | more than 2 years ago | (#38335562)

That is because nobody will do squat about the squatters. Little known fact only 15% or so if the IP V4 addresses are actually being used by honest to God websites, the rest are either really old companies that got a shitload of numbers because they got there first and are now sitting on them, and of course the traditional squatters with an Adsense page hoping to make enough off of typos.

So if one were to do something about al the squatters we would have 85% free which we could in turn hand out and buy us some time to do the next IP version right, which means backwards compatibility along with offering free education and tax credits for those willing to go into networking to learn the new IP. Because as it is the flyover states are gonna severely fuck ALL of you friend, all of it goes right through those states sooner or later and the pay in right to work states suck so frankly nobody has bother to learn the new IP V6. When things go wrong which would have taken a couple of hours on IP V4 you'll be looking at days or even weeks simply because most of the old guard only know IP V4 and nobody is going into networking or IT anymore thanks to offshoring.

Any way you slice it thanks to no BC and no workers trained in the new protocol the switch is gonna be one giant clusterfuck. But hey this is what happens when you base a whole society on the race to the bottom and don't protect your workers from offshoring and H1-Bs, nobody wants a job where they don't know if they are gonna even have a job next week. I predict lots of breakage and middle America pretty much being a network dead zone where if anything breaks you are well and truly fucked. I personally haven't taken more than a glance at IP V6, I mean why should I? Nobody offers it here, pretty much every SMB and home router will have to be shitcanned and replaced with a router that may or may not work correctly unless you spend more money than its worth to buy an Airport, and in the end thanks to NAT it really doesn't offer my customers anything they don't already have, and of course no BC which means double the setup and double the hassles. No thanks.

Re:IPv6 (2)

aztracker1 (702135) | more than 2 years ago | (#38335750)

I think you probably have that number backwards.. the vast majority of addresses are held/assigned to various ISPs and being used for peer devices, home internet, mobile devices etc. Most small-medium businesses are using 1-8 addresses. Most of the unused IPs are in the mid-large businesses that aren't using all they've been assigned, though segmenting an address block may, or may not be possible.

I would suggest that anyone with even a class B should probably be encouraged to break them up and return unused blocks. That will only help for so long. With 4 billion addresses (maybe 3.5 billion usable) and 6 billion people and counting, more and more with multiple devices, it wil only go so far. I really think that mobile companies should be among the first on IPv6 with IPv4 access via NAT & proxy. Just my $.02

Re:IPv6 (1)

jimicus (737525) | more than 2 years ago | (#38336596)

I really think that mobile companies should be among the first on IPv6 with IPv4 access via NAT & proxy.

AFAICT the majority of mobile companies - at least in the UK - already are. Plug a USB dongle into your laptop or check the IP address on your phone, there's a good chance it's in RFC1918 address space and they're NAT'ing you.

Re:IPv6 (1)

viperidaenz (2515578) | more than 2 years ago | (#38337082)

Vodafone in new zealand was putting their users behind a nat since at least 2003, probably since they provided internet over their gprs network. You had to configure different AP's if you wanted a public IP

Re:IPv6 (3, Informative)

locokamil (850008) | more than 2 years ago | (#38335756)

Nice random hit on H1B's there. Blame ignorance and lack of initiative on the foreigners -- that always works out!

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38337016)

Speaking as a Canadian on an H-1B:

Blame Canada...?

Re:IPv6 (2, Informative)

RoLi (141856) | more than 2 years ago | (#38336406)

And no, NAT is not a solution.

Well, since IPv6 just will not happen [in-other-news.com], it's the best (which is not hard, because it's the only one) solution we have.

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38336892)

I think you made a mistake in your link.
I'm sure you meant to link to an announcement from the IETF and ISOC that they're calling off the whole thing, or at least a post from Google saying that they won't go through with that whole IPv6 thing at all, but it appears you accidentally linked to yet another blog claiming that IPv6 will never take off because it actually requires work on the part of the implementers instead of using magic pixie dust to "just add more numbers".
This despite that the very FA shows that Google remains committed to getting 100% IPv6-compatible, and that large ISPs like Comcast [comcast6.net] are initiating IPv6 trials this year.

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38336644)

It's about routability, stupid should be the quote used for IPv4 vs. IPv6. Who cares if you have unused IPv4 if you can't route them? The entire point of IPv6 is to fix routing problems on the internet. Finally, most of the address space (eg. /32) will almost exclusively be dedicated to routing and not assignments. In IPv4, the routing bit was "suppose to be" /8-/16, but that didn't work out very well. Internet routing is basically broken for the last decade+, but according to "everyone" it is A-OK!

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38336696)

And dikes don't keep out the ocean forever. But Amsterdam has been doing quite well with it for centuries.

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38337198)

And no, NAT is not a solution.

nevertheless, NAT is our future, like it or not.

Re:IPv6 (5, Informative)

AliasMarlowe (1042386) | more than 2 years ago | (#38334786)

Something no one would need if proper assignment of IP ranges had been done.

No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.

Re:IPv6 (1)

Chrisq (894406) | more than 2 years ago | (#38335914)

Something no one would need if proper assignment of IP ranges had been done.

No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.

I'm tempted to say pot - kettle - black here as far as speaking from ignorance goes. NAT allows devices behind the wall to be addressed by port, sharing a single IP address. At an extreme you could have 65535 addressable devices behind a NAT firewall, exposed to the public internet as one IP address. There are many reasons that this is not a good idea - primarily it would involve NAT at ISP level, leading to "double NAT" issues to people with home routers, but the number of IP addresses available is not an issue.

Re:IPv6 (1)

silas_moeckel (234313) | more than 2 years ago | (#38337282)

65k devices you say, you seem to know very little about NAT you need to have a unique port at the NAT box per unique ip/port/ip/port tuple, I've seen far more devices than that overloaded onto a single IP in corp networks, that said a lot can depend on the devices your using to perform NAT (PAT realy but that's a whole other debate). NAT still breaks things that should work SIP and FTP being the prime examples realy anything that can find 3 or more way communications useful. It makes sense for my phone call to go between phone A and B in my house even though were using a outside PBX, it makes sense to be able to copy files from server a to server B but getting instructions and authentication from client C. NAT was a hack that got the job done it's far from the optimum.

The whole debate is mute we need to move to a new addressing platform, 4 billion addresses are not sufficient for 7 billion people. I've got 40 ish IP's in use at my home alone and as everything become connected I expect that number to go up. I expect that the number of network to increase Bluetooth pans, zigbee and others can all link devices together including ip traffic. Is my refrigerator supposed to NAT for my coffee maker or the other way around? I do want my hypothetical coffee maker to talk to my alarm clock and hot water heater letting them know I've trying to get up at 5:30 not 7:30 and to get things ready,

Re:IPv6 (2)

saleenS281 (859657) | more than 2 years ago | (#38337366)

NAT breaks the internet, and it isn't a solution to running out of IP addresses.

The real issue is that in their eagerness to make sure we never run out again, they made it too complicated. It would've been far more sane to add a fifth set of numbers. That way all existing IP's would've been 000.XXX.XXX.XXX --> essentially not requiring ANY renumbering at all. And they still would've been in a format that people could relatively easily memorize or manually enter.

Re:IPv6 (5, Insightful)

Mr. Underbridge (666784) | more than 2 years ago | (#38334814)

Right, if decades ago the inventors of the internet had realized that it would scale from 10s of users to billions. I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did. To criticize them is preposterous.

Re:IPv6 (5, Informative)

vlm (69642) | more than 2 years ago | (#38334948)

I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did.

Not really. Don't forget there is a HUGE difference between the old classfull and VLSM/CIDR/classless numbering. That gain is the whole point of spending all that effort implementing netmasks. There really were not that many possible classfull lans compared to the number of minicomputer owning businesses in the world, etc.

For the post-92ish noobs, a really simple one line explanation is the netmask used to be stored inside the address itself, so for example if the first octet was 0 to 127, that meant that LAN had to be a (presumably giant bridged) /8, first octet 128-191 meant the netmask had to be a /16, not defaulted or was a pretty good guess, but operationally "had to be".

The early years of VLSM were pretty entertaining, old timers lecturing us how a LAN addressing scheme like 1.2.3.0/24 was "impossible" and so forth.

Without VLSM we would have to have done the ipv6 conversion years before the dotcom boom, rather than a decade or so after. Not entirely sure if we'd all be better off now, or not.

Re:IPv6 (2)

kqs (1038910) | more than 2 years ago | (#38335158)

And for the post-1980s noobs, the original idea was that the first octet would be the network part and the last three would be the host part. Since 250 or so networks was 10 times what was expected. Classful addressing is a jonny-come-lately.

And yes, the fact that IP was expandable from 250 subnets to the present day shows that the initial engineering was phenomenal, but we're well past time for the next version of IP. If people spent a quarter of the time they spend complaining about IPv6 just implementing it, we'd be in a much better Internet.

          -Kevin

Re:IPv6 (-1)

Anonymous Coward | more than 2 years ago | (#38335296)

SIgning comments on the web is a symptom of severe narcissism.

You ought to get that looked into, Kevin.

Re:IPv6 (5, Funny)

Ihmhi (1206036) | more than 2 years ago | (#38335180)

Oh man, what I would have given to be there for that conversation.

"How many addresses do you figure we need?"

"Couple billion I guess."

"But what if we need more?"

"Dude, okay, let's just say one per person. 4 and a half billion or so. Now everyone on the world can have one."

"But what if, you know, there ends up being a few more people than that in the future?"

"Jesus Christ man, it's not like 3 billion extra people are gonna pop up out of nowhere in the next 30 years!"

Re:IPv6 (1)

FingerSoup (928761) | more than 2 years ago | (#38335502)

I think the conversation would continue a little more like this...

"Yeah, well Not EVERYONE is going to be on the internet.... This is DARPA. Only the government is going to use it. Mostly Military. What do you think the D stands for?"

"True. Well, I don't think the politicians see the point of what we can do with this. I think they're going to cut our research funding soon."

"OK, lets get some schools and scientists on board for funding. I don't mind if we let a few schools use this thing... We can handle over a thousand people from there. It's not like the whole world will be on this thing. This is America!"

"Yeah, you're right. It's not like people are going to connect directly to the internet with their Apple II... Besides, you are going to need Mainframe or Minicomputer access. Where are they going to get access to one of those?"

"Good point. Nobody has enough money or room for their own mainframe or Mini. 4 Billion IP's sounds almost excessive..."

Re:IPv6 (4, Informative)

Lennie (16154) | more than 2 years ago | (#38335572)

Remember the mini-computer didn't even exists then.

So a computer was a large machine which took up a room.

And it was just an experiment, the experiment never ended.

If you want to know more about what the original creators thought, you should look up talks by Vint Cerf:
http://www.youtube.com/results?search_query=vint+cerf+ipv4+ipv6+depletion [youtube.com]

For example this video:
http://www.youtube.com/watch?v=LcXCieD5YKE [youtube.com]

Re:IPv6 (0)

Anonymous Coward | more than 2 years ago | (#38336896)

Remember the mini-computer didn't even exists then.

The ARPANET was built on minicomputers [wikipedia.org]. Specifically, the Honeywell DDP-516. Which naturally is a red-link on Wikipedia, because no doubt the first computers that were used to build the internet weren't "notable".

Re:IPv6 (1)

justforgetme (1814588) | more than 2 years ago | (#38335648)

Nah, from what I have read the conv went something like this:

RC [wikipedia.org] : "... well there's two in my office, one in yours, the Synchrocyclotron [wikipedia.org] requires fifteen and the LEP [wikipedia.org] guys requested four dozen."

TBL [wikipedia.org] : "so, what do you say? 4 or 8 per network?"

RC : "No no no, they all are to have a common address pool, weren't you listening?"

TBL : "common address pool, listen to yourself and who is going to build that then?"

RC : "no, that is the idea. I was thinking of two bytes of address space in the packet header, that is 65k addresses"

TBL : "weeeell, this experiment isn't going to work anyway...."

RC : "..."

TBL : "..."

RC : "Hey, lets give them 4bytes and brag that the address space in infinite!"

Re:IPv6 (4, Insightful)

tyler_larson (558763) | more than 2 years ago | (#38335918)

Decades ago, the engineers did in fact consider 128 bit addresses, but in the end they went with 32 specifically because v4 was not considered a "production" version. There's a link on the wikipedia page for ipv6 to a video with vint cerf explaining exactly that.

Re:IPv6 (3, Funny)

BlueParrot (965239) | more than 2 years ago | (#38336904)

v4 was not considered a "production" version

I knew there was a language issue. Had they only realise that in manager speak "it still have some issues" means "ship it" ...

Re:IPv6 (1)

Arrepiadd (688829) | more than 2 years ago | (#38334842)

Yes, because with a total of 4 billion IPv4 addresses and the fact that an ever increasing number of people are having more and more devices connected to the internet this is not something that would eventually be bound to happen.
You must be from a first world country, to be able to waste your time in Slashdot. How many IP addresses are you responsible for yourself? Phones? Tablets? Routers? E-book readers? Multiply that by everyone else in a first world country and that's a ton of IP addresses, and we are not even counting companies, the public sector or any non-first world country in the planet...
How many Chinese and Indians have a phone which needs an IP address? Is the number gonna get smaller anytime soon?

Screw IPv6, let's all use NAT... it's such a wonderful thing!

What Vendors? (-1)

Anonymous Coward | more than 2 years ago | (#38334750)

What vendors, Cisco? They seem big on advertising and limited on support.

Re:What Vendors? (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38334880)

Every vendor is short on delivery.

The only reason they have some support is because of the U.S. Federal Government mandate that all vendors support basic IPv6 by (i forget the year its somewhere between 2008 and 2012)

Now, that doesnt mean its a comprehensive solution (those cost even more development dollars). They simply did the least amount of work needed to still sell the product to the government.

It wont be until the rest of us demand proper support any vendor will put the time and money into a proper solution

Re:What Vendors? (2)

hedwards (940851) | more than 2 years ago | (#38335258)

And that's the rub, the hosting companies probably won't provide it until they absolutely have to as the ISPs are generally not providing access. And the ISPs won't be providing it until after the customers demand it. The customers mostly think that the internet is Youtube and probably Facebook and probably won't ever request it unless those sites go unavailable.

Re:What Vendors? (1)

Lennie (16154) | more than 2 years ago | (#38335702)

The quote below is from the he.net website, that doesn't seem all that great.

But people are starting to deploy it now, look at the growth of the number of BGP route entries in the routing tables:
http://www.flickr.com/photos/23667510@N03/6493294453 [flickr.com] (IPv4)
http://www.flickr.com/photos/23667510@N03/6493294527 [flickr.com] (IPv6)

And that is even though we need less IPv6 entries than IPv4 per network, because one IPv6 entry is much larger than one IPv4 entry. A lot of networks that now have 4 or 10 IPv4 entries, might now only need 1 or 2 IPv6 entries.

____

Networks Running IPv6

We can measure the percentage of networks running IPv6 by comparing the set of ASes in the IPv6 routing table to those in the combined set of IPv4 and IPv6.

IPv4 and IPv6 RIBs Last Parsed: Sun Dec 11 01:07:46 PST 2011
IPv4 ASes: 39706
IPv6 ASes: 4923
ASes using only IPv4: 34893
ASes using only IPv6: 110
ASes using IPv4 and IPv6: 4813
ASes using IPv4 or IPv6: 39816
Percentage of ASes (IPv4 or IPv6) running IPv6: 12.4%

Supported (5, Insightful)

inglorion_on_the_net (1965514) | more than 2 years ago | (#38334770)

"'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

Re:Supported (5, Insightful)

Chuckstar (799005) | more than 2 years ago | (#38334824)

I don't think they meant "we shouldn't hold the vendors accountable if the equipment doesn't work right".

I think they meant "we shouldn't expect that just because the vendor says it works, that it does".

Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.

Re:Supported (1)

Anonymous Coward | more than 2 years ago | (#38335248)

Were it so easy.

The hardware may not even be capable of supporting IPV6. So Cisco's magic fix will be " Buy our newer hardware. We'll might even be generous enough to give you a discount. "

If Google is smart ( and we know they are ) their infrastructure likely isn't from a single vendor. Gives the vendor way too much leverage. So this process has to be repeated with all the infrastructure they have in place from all of their vendors.

I'm sure there are folks out there " They knew this was coming, why isn't this a done deal already ? "

Size.

Yeah it's cheap to replace the router in your closet. Not so cheap ( or easy ) to replace thousands of them across multiple networks that all talk to one another via IPV4 now. One side can't speak X while the other Y. AND this has to be done in a manner so that it has minimal effect on network traffic. Even more so if you're talking about customer data.

For large companies, this is a huge and expensive undertaking just to " upgrade the network ".

Re:Supported (1)

mickey_mouse_2006 (959949) | more than 2 years ago | (#38336312)

With all due respect - it doesn't work that way. Cisco, Juniper, HP, have a huge customer base doing IPv4, and a minimal, almost non-existent base doing IPv6. So the R&D, new features, bug fixing and such will follow the money - ie, will go to IPv4 for the time being. Yes, it sounds (and it is!) shortsighted - but when Google brings to the table, say, $50 mill a year - that is chump change compared to the many other *billions* that IPv4 still brings (and will keep bringing, for the foreseeable future) to the table. And funnily enough - it's way more easier for Linksys/D-Link/Netgear to fix a bug or implement a feature on a SOHO device than it is for Cisco - not only they don't have to care about the installed base, but their customer base is used to sub-par firmware - so were they to implement an IPv6 feature in a buggy or less-than-optimal way . . . not that much of backslash. And they also have way shorter, to none, QA cycles, backward compatibility testing, interop testing, etc.

Re:Supported (3, Insightful)

Midnight Thunder (17205) | more than 2 years ago | (#38336444)

On the other hand not supporting or working with a customer like Google in their move to IPv6 would be short sighted. If Google were not happy with Cisco's attitude they could easily go an invest in another company and publicize why they dropped Cisco. That would hurt Cisco down the road as they end up no longer being taken seriously.

Companies know that IPv6 is going to become a reality sooner rather than later, especially in markets such as east Asia and Africa, which already have a rapidly diminishing pool of available IPv4 addresses. To ignore these markets would be handing future success over to companies who recognized the expanding niche and got in there early.

Re:Supported (5, Insightful)

jimicus (737525) | more than 2 years ago | (#38334940)

I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

Indeed, but it's the same with all commodity technology - you find various implementations, not all of which work properly.

The same was true 10 or 15 years ago with booting from CD. Same was true 5-6 years ago with PXE. Same's true with CIDR - I've come across equipment like printers that can't handle the idea - you have to give them a class A, B or C subnet mask. Same with STP (spanning tree) - I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work. Only a couple of weeks ago I met a server BIOS providing software RAID (yeuch) that needed the drives set to RAID in the BIOS for it to work. But if power to the server was lost, that specific BIOS setting would go. Every other BIOS setting would be just fine and you'd get no error at bootup; you'd just find your disks magically appeared differently on boot.

If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.

Re:Supported (1)

mickey_mouse_2006 (959949) | more than 2 years ago | (#38336380)

If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.

Maybe. But Google engineers don't live in a can - I'm sure they asked their vendors, "folks, what's the best way to go about this, in your opinion?" - and the IPv6 experts from Cisco/Juniper/others told them "here - like this" Only for Google to find out the "like this" didn't work exactly as expected - when that tidbit was fed back to the vendor, I bet they were like "hm, well, you're like the 1st one doing this. Let me get back to you on why it doesn't work as it should . . .". Don't hold your breathe. The bottom line is what Google itself says on its paper - not even the vendors are running IPv6. So the *customer* is doing the early field trial for them. Google and others end being beta testers for free, when they thought they were running production-quality, live-deployment, mission-critical ready code . . .

Re:Supported (0)

Anonymous Coward | more than 2 years ago | (#38336442)

I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work.

If you mean that a loop on the unmanaged switch cases a broadcast storm (the managed switch breaking is probably due to maxed CPU usage): this is a facet of RSTP-derived spanning-tree implementations - they are far superior for many purposes, but since they depend on communication between the bridges and not on detection of circulating BPDUs, they can fail to detect downstream bridging loops. Many unmanaged switches break 802.1Q and forward frames like BPDUs that are destined for the bridge management addresses. This breakage helps your situation, since the managed switch will see its own BPDUs on the port and block it.

If you mean that the managed switch dies when you connect an unmanaged switch with NO loop: then you have an extremely crappy managed switch. This use case has nothing to do with STP.

Re:Supported (5, Funny)

jimicus (737525) | more than 2 years ago | (#38336672)

If you mean that the managed switch dies when you connect an unmanaged switch with NO loop: then you have an extremely crappy managed switch. This use case has nothing to do with STP.

That's exactly what I mean; disable STP and it all starts to magically work.

This was a Dell switch, which probably explains rather a lot - rumour has it that particular model is a rebadged Allied Telesyn. Mind you, if Dell were to write to me informing me the sky was blue I'd stick my head out of the window.

The fine article is wrong (2, Informative)

agristin (750854) | more than 2 years ago | (#38334818)

"Each campus or office got a /48 address block, which meant that it was allotted 280 addresses. In turn, each building got a /56 block of those addresses (or about 272 addresses) and each VLAN (Virtual Local Area Network) received a /64 block, or about 264 addresses."

a /48 block is 65536 subnets for each campus. A /64 has 18,446,744,073,709,551,616 IP addresses.

The RFCs on this type of thing are RFC 6177 which replaced 3177 and RFC 5375. For a itworld/usenix article, fact checking is really low.

Re:The fine article is wrong (5, Insightful)

KiloByte (825081) | more than 2 years ago | (#38334864)

Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

Try this: 2<sup>80</sup> -> 280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

Re:The fine article is wrong (2)

camperdave (969942) | more than 2 years ago | (#38335540)

Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

Try this: 2<sup>80</sup> ->280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

It is the writer's fault. We have forced comment preview for exactly this reason.

Re:The fine article is wrong (1)

Anonymous Coward | more than 2 years ago | (#38335602)

We have forced comment preview for exactly this reason.

Comment preview? Isn't that just like those EULAs you click through to install something? *ducks*

IPv4.1 (2, Funny)

Anonymous Coward | more than 2 years ago | (#38334852)

Simple solution, bump it up a notch.

My octets go to 257. Solved.

Re:IPv4.1 (-1, Troll)

hedwards (940851) | more than 2 years ago | (#38335266)

You mean 256, noob.

Re:IPv4.1 (1)

TheRaven64 (641858) | more than 2 years ago | (#38335558)

Depends on whether he's talking about cardinals or ordinals.

Re:IPv4.1 (1)

hedwards (940851) | more than 2 years ago | (#38336194)

Not really, the top of the octet is at 255. An address like 257.257.257.257 would be rather larger than one that goes 256.256.256.256 .

Re:IPv4.1 (1)

TheRaven64 (641858) | more than 2 years ago | (#38336618)

Other than informing me that you didn't understand at least one of the words in my post, did you have a point?

Re:IPv4.1 (1)

FrootLoops (1817694) | more than 2 years ago | (#38337028)

I'm curious, what did you mean? I'm only familiar with the set theory definitions of cardinals and ordinals--roughly, one can say a cardinal is the equivalence class of bijectively equivalent sets, whereas an ordinal is the equivalence class of order-isomorphic well-ordered sets. (As ever with set theory, there are a world of subtleties.) In any case, these seem entirely irrelevant, and after glancing through a few other definitions, they also seem irrelevant.

Business as usual? (2)

vlm (69642) | more than 2 years ago | (#38334888)

For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,'

In other words, business as usual in all other areas of IT. Glad to see there is nothing "special" about ipv6 deployment.

And while the current versions of most OSes support IPv6, they do not do so by default.

What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

Re:Business as usual? (4, Interesting)

tgd (2822) | more than 2 years ago | (#38334964)

And while the current versions of most OSes support IPv6, they do not do so by default.

What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

Windows 7 actually defaults to it being turned on, but will generally not do anything with it if it doesn't get an IPV6 DHCP address. But some MS technology (like the Win7 HomeGroup support, and DirectAccess) work via IPV6. Odds are there are a TON of people using IPV6 on their home network and just don't know it.

Re:Business as usual? (-1)

Anonymous Coward | more than 2 years ago | (#38335080)

Hmm, would they use IPv6 for adhoc networks with wireless? My ubuntu cant seem to join one, and they cant seem to join me, maybe IPv6 is what causes this?

Re:Business as usual? (2)

rb12345 (1170423) | more than 2 years ago | (#38336996)

If you're using the brcmsmac driver by any chance, it doesn't actually support ad-hoc mode, regardless of IPv6.

Re:Business as usual? (1)

Anonymous Coward | more than 2 years ago | (#38336226)

The Apple Airport Express requires IPv6 support if you set it up as a music player. My router support IPv6, so the AE will work if I connect it by Ethernet cable. But my WiFi access point doesn't support IPv6, so the AE doesn't work if you tell it to join the wireless network. If you look in the AE's log you can see messages about it playing a music stream, followed by a IPv6 address. No idea why they require this. To make this more confusing, the AE will get a IPv4 address by DHCP, which you can ping over WiFi. It just never uses IPv4.

So now I need a new WiFi AP if I want to use this thing to play music.

Re:Business as usual? (5, Funny)

viperidaenz (2515578) | more than 2 years ago | (#38337352)

The easy solution is to replace all your hardware with Apple products. It's what Steve would have wanted

Hmm (2)

lightknight (213164) | more than 2 years ago | (#38334950)

Even I am kind of curious to see what would happen if we set a week in the future to switch everyone over. I say a week, not a day, because vendors will need at least 72 hours to issue emergency firmware upgrades after sections of the internet disappear, and allowing for different time zones and what not, of course.

Does anyone know if all the major service providers have upgraded their equipment to ipv6 yet? Any laggards?

Re:Hmm (1)

Anonymous Coward | more than 2 years ago | (#38335342)

Unlikely.

Would be too cost prohibitive for some in such a short period of time. Think Fortune 500 + size companies. You're talking about upgrading or replacing an extreme amount of hardware. My company alone would have numbers in the tens of thousands ( routers alone ) to replace. The project is ( and has been ) underway for some time already, but it is a slow and expensive rollout to ensure IPV4 tunneling is working for the rest of the hardware while the changover happens.

Have to since many of the endpoint devices aren't capable of IPV6 at all in their current form. Replacing BILLIONS of dollars of infrastructure takes time and planning, realizing some can't be upgraded at all. ( replaced only ) This becomes more complicated when the hardware in question is rather important. Say the optical hardware that is a major net pipe ? Can't just offline it and replace it :D

well inside IP4 works and just the out side (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38336026)

needs to be IPV6 so it can be like NAT is just need to make the out side stuff work with IPV6 and the in side can still have the older IPV4 only stuff.

Re:Hmm (3, Informative)

Midnight Thunder (17205) | more than 2 years ago | (#38336592)

In Europe, Asia and Africa ISPs are already making the slow move to IPv6. In North America it is only a handful of ISPs that have publicized their efforts (two come to mind: Comcast and TechSavvy), whereas others are putting short term profits before long term success.

In the short term companies that already have massive private networks can install a web proxy to deal with external IPv6 HTTP hosts. Long term they will need to revaluate the design of the network and what really needs to have access to the external IPv6 network and what can stay oblivious. In general anything that is only going to communicate with the internal network can stay IPv4 centric, while other devices with be dual IPv4/IPv6 stack.

The one challenge people with wanting to make the web server accessible from IPv6 clients are hosting centres that don't provide IPv6 yet. It is certainly possible to get around this by using a tunnel, but this is really far from optimal.

BTW Some hosting services that are IPv6 ready are listed here:

http://www.sixxs.net/wiki/IPv6_Enabled_Hosting [sixxs.net]

buggy and still-unfinished code (0)

Threni (635302) | more than 2 years ago | (#38334954)

> It requires a lot of work with vendors to get them to fix buggy and still-unfinished code.

Google should be used to that. They could always lazily stick 'beta' next to the product name, I guess.

Re:buggy and still-unfinished code (1)

gl4ss (559668) | more than 2 years ago | (#38335008)

maybe the vendors should have just sent them bipv6 products.

It took Google 4 years... (4, Insightful)

s7uar7 (746699) | more than 2 years ago | (#38335170)

Just think how long it would take companies without access to virtually unlimited funds and brain power. It's no wonder everyone is reluctant to make the move.

Re:It took Google 4 years... (0)

Anonymous Coward | more than 2 years ago | (#38335856)

Google has, possibly, one of the largest and most complex networks of any company on the planet. Most companies would actually have a far, far, far easier time.

Technically complex... (1)

Junta (36770) | more than 2 years ago | (#38336118)

While I anticipate Google to have one of the most complex networks, they also probably have a more reasonable organizational structure populated by more talented individuals on the whole. I say this not because I think Google is magic, but I optimistically *hope* they aren't as bad as some of the companies I have dealt with. Most companies have a technical staff either not talented enough, bound up in an impossibly convoluted organizational structure that paralyses them in any efforts to technically advance the state of things, or some combination of the two.

Re:Technically complex... (3, Interesting)

TheLink (130905) | more than 2 years ago | (#38336948)

Google may have the largest networks, but I doubt they have the most complex networks. Otherwise they wouldn't be able to "scale out" as easily and quickly. I suspect most Google data centers are very similar in network topology and technologies used.

Old large organizations are the ones with weird complex networks which are not self-similar and use different network technologies. x.25 over tcp/ip, frame relay, netbios over tcp/ip, SDLC, token ring, FDDI, stuff that's still using Novell 802.3 ethernet frames ( http://support.novell.com/techcenter/articles/ana19930905.html [novell.com] ). If you're unlucky you'd need network equipment that can handle both the old stuff and ipv6 properly. The networks may not be connected to each other, but what if the old expensive equipment handling the "legacy network stuff" are also handling some IPv4 stuff?

Unless forced to I wouldn't bother upgrading an old bank to IPv6. Users inside can't connect directly to the outside world, unless they go through a proxy? That's a feature not a bug ;).

Vendors are a tad better enabled now... (1)

Junta (36770) | more than 2 years ago | (#38336028)

Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready. In terms of the problems Google ran into, I'd wager a large chunk of them won't be inflicted again by the same company. Once kinks are worked out for even one customer, they are generally worked out for all customers.

That said, while I've seen a large amount of increased IPv6 capability from vendors (showing they have expertise *somewhere*), it's still an arcane art for almost everyone at these companies still yet relative to IPv4.

Re:Vendors are a tad better enabled now... (3, Interesting)

John Hasler (414242) | more than 2 years ago | (#38336526)

Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready.

I suspect that most of the pain was suffered by the vendors in this case. Google will have written the IPv6 requirements into the multimillion dollar purchase orders and is quite capable of phoning a VP of sales and telling him that if this is not fixed NOW you might find yourself no longer qualified as a Google supplier.

BTW I read that the DoD has come up with a unique way to encourage vendors to make sure that their IPv6 implementations actually work. They've been told that whether or not their own Web sites are accessible via IPv6 will be a factor in acquisition decisions. I can't reach Cisco on IPv6, though.

Re:It took Google 4 years... (1)

Anonymous Coward | more than 2 years ago | (#38336704)

I work for an ISP/Datacenter. We turned it on internally a year ago and any colo customer can have their /56 if they just ask.

Re:It took Google 4 years... (1)

Bob The Cowboy (308954) | more than 2 years ago | (#38337062)

Really? You don't think that a company the size and shape of Google might have a slightly more complex network than a shop of, say, 100 people?

Vendors (1)

DaMattster (977781) | more than 2 years ago | (#38335302)

Given the Google has absolutely no shortage of capital and brain power as noted before, I am surprised Google didn't just build its own routers, wireless access points, etc. Linux and BSD have come along way in their routing capabilities. Heck, Vyatta sells an open source router that probably competes very favorably. If I were Google, I would have opted for the open source methodology and contributed back to the community. You pay a vendor and expect quality, you don't beg them to improve their product. They should be jumping through hoops to help you.

Re:Vendors (4, Insightful)

Lennie (16154) | more than 2 years ago | (#38335456)

Because the hardware that can handle large amounts of small packets fast when you install your own software ('firmware'), does not exist AFAIK. Atleast not the type which will also be supported by (multiple) vendors (no1 wants to be stuck on, locked into, one vendor). designing not-massproduced ASICS isn't cheap. It would be like Google designing their own CPU's for their servers.

The closest things are:

- NetFPGA (some people at Google worked on that project I believe) / LibreRouter - which use FPGA's to handle packets, you tell it how to do that.

- projects like Netmap, handle packets in userspace so you don't have to push packets through the kernel on normal PC-hardware, making it faster: http://www.youtube.com/watch?v=SPtoXNW9yEQ [youtube.com]

The best chance currently to be useful in 'doing your own thing' is probalby:

- OpenFlow, which basically is an API standard which multiple vendors would support to describe what the hardware in a switch should be doing, a programming language almost. Some demo's:
http://www.youtube.com/user/stanfordopenflow [youtube.com]

Which can allow for lots of tricks, like 'software defined networking'

What's the point? (2)

C3ntaur (642283) | more than 2 years ago | (#38335310)

IPv6 is cool, I get it. But how many ISPs are offering it to their consumers? If I want to build a web presence, would I settle for only IPv6 address space? If not, how much would I pay to buy into the IPv4 space so I can reach all my potential customers?

Re:What's the point? (4, Informative)

zootie (190797) | more than 2 years ago | (#38336472)

IPv6 is very popular in Asia, and you have a large number of Eastern languages sites that are only reachable on IPv6 (some only have IPv4 for western visitors if their content applies).

And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.

The limiting factor is going to be the home routers. But as more ISPs begin offering the option (maybe bundled with a "higher performance tier" that will tie in with net neutrality), we'll likely see home routers advertising IPv6 support as if it was a new type of faster wireless. Albeit, it might take years.

Re:What's the point? (3, Interesting)

Anonymous Coward | more than 2 years ago | (#38336670)

Even companies like Google will find it increasingly hard to get enough IPv4 addresses for their needs. See e.g.
Microsoft's recent purchase [bbc.co.uk] at $11.5 a pop.
I'm sure they require a lot of globally routable addresses for internal communication. Those can be converted to IPv6 to free up address space for their public endpoints, even while most of their users are IPv4 only.

From the user side of it, ISPs in growth areas like Asia simply cannot hand out IPv4 addresses to all their users, leading to kludges like ISP-level NAT. At that point, even if IPv4 is reachable due to the hacks, you would give them a better user experience (a faster and more reliable connection) by offering your services over IPv6 as well.

In short, even though IPv4 will be 'mandatory' for the foreseeable future, the hacks needed to make it work for everyone and everything that needs internet access may make it a second-grade experience compared to IPv6, maybe within a few years time.

ipv6 - a private protocol for google? (3, Interesting)

Anonymous Coward | more than 2 years ago | (#38335874)

I'm lucky enough to use an isp that offers native ipv6.
This coupled with a nifty firefox plugin (IPvFox) enables me to determine with some certainty that somewhere between 95-99% (tongue in cheek) of all ipv6 traffic on the internet is googles.

They are pretty much the only company using it.

(O.K. rss.slashdot.org... kudos to you guys).

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...