James Knott <james.knott@rogers.com> writes:
Sebastian Freundt wrote:
I don't know why I picked up your routing table argument, I was originally talking about the neighbourhood table, aka arp6.
freundt@qaos:pts/2:~> ip -6 neigh | wc -l 3863 freundt@qaos:pts/2:~> ip -6 neigh | grep STALE wc -l grep: wc: No such file or directory freundt@qaos:pts/2:~> ip -6 neigh | grep STALE | wc -l 1649
Unless statically configured, those tables are temporary and expire after a short period of time and they are filled automatically via arp in IPv4 or neighbour discovery in IPv6. Unless you are changing IP address extremely frequently, it shouldn't be an issue. Also, how do
Define extremely frequently. On a network with 3600 nodes changing their randomised IPs every hour for some reason, the router has to send on average one icmp6 packet per second just to keep up with address changes.
you know it searches the stale addresses first? It seems to me that if the computer knows the addresses are stale, the active one would be checked first.
Because last time I checked Linux, BSD and IOS complied to RFC 4861, sections 7.2.2 and 7.3.2 clearly state when, why and how neighbour solicitations are sent.
Ok, I won't change a route willy-nilly but if someone else came along with their 4000+ computers using*my* address space there will be trouble, it's inevitable.
With IPv4, each of those 4000+ computers will have one address. With IPv6, they'd have 2 or 3 with the random address changing occasionally. How is that a significantly greater problem? Also, you
Because you're not living in the real world :) When we had a v4 network the computers were hierarchised, every working group had their 100 to 200 computers on a private net, with about 10 of them having globally routable unicast addresses. Then came IPv6, everyone was excited (well I think of it as overzealous) and it was considered a good idea to make them all globally routable. Someone read it was bad practice to split up the assigned /64 even further and so the decision was made to line them all up in one gigantic network. Daft, I know, because little did we know about *efficient* routing policies, NDP, multicast, and whatnot. Now 4 years later, we have the same hardware (on the network side) to back our decision but the clients have changed a lot, motherboards come with two NICs by default and, oh joy, there's an IPMI jack as well, lucky we are that we have so many addresses, let's wire it all up, this is gonna give us the most fail-safe network ever. Having to cope with more than 10000 addresses (and that translates to 10000 A4 sheets of paper(!) our students and professors had to sign) already--I really feel for that poor router--someone decided it would be more `private' to assign another address per NIC per day/hour/dont-care, BRILLIANT! Twice the amount, no papers signed for the extra addresses, we lost track anyway, ... Oh wait, there's more, and noone really considered that, expired addresses don't just disappear from NIC, they're just flagged `invalid' which means new sockets won't/can't use them, long standing data connections be thanked you can occasionally find up to 20, but at least one *additional* *expired* address on the NICs. Where are we, right, a neighbourhood table of more than 100000 addresses, constantly icmp'd for. Did you expect this? See that's why I don't take advice from you :P
don't route to computers on your local network. All addressing there is by MAC address. Routing is used when you go to other networks via the router. But again, the other routers only have to know the route
Yes, so? I was talking about the neigh table. There is just one router on our network.
to your network. Then when the packet gets to your network does your router match up the IP address with the MAC address and pass the packet to the final destination.
Nicely explained, but that's my point, the ONE router does have to keep up with all the different neighbours.
I for one prefer working with conservative and modest people who think before they implement their ideas, restricting a /64 to 1 host or restricting a link to one address (on the router side) is not the worst idea, if you*really* think about it.
At the basic level, there's not a lot of difference between IPv4 & IPv6. Most of what applies to IPv4 also does to IPv6. Using a single address & NAT is more complex than simply routing a block of addresses.
Ah, you would have been on the side of the overexcited/underinformed (yes those are synonyms to me) people on our NOC team 4 years ago then. You don't know how much you remind me of them :) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org