Mailinglist Archive: opensuse-factory (1578 mails)

< Previous Next >
[opensuse-factory] Re: 12.1 IPv6 addressing issue
James Knott <james.knott@xxxxxxxxxx> writes:

Sebastian Freundt wrote:
I don't know why I picked up your routing table argument, I was originally
talking about the neighbourhood table, aka arp6.

freundt@qaos:pts/2:~> ip -6 neigh | wc -l
3863
freundt@qaos:pts/2:~> ip -6 neigh | grep STALE wc -l
grep: wc: No such file or directory
freundt@qaos:pts/2:~> ip -6 neigh | grep STALE | wc -l
1649


Unless statically configured, those tables are temporary and expire
after a short period of time and they are filled automatically via arp
in IPv4 or neighbour discovery in IPv6. Unless you are changing IP
address extremely frequently, it shouldn't be an issue. Also, how do

Define extremely frequently. On a network with 3600 nodes changing their
randomised IPs every hour for some reason, the router has to send on
average one icmp6 packet per second just to keep up with address changes.

you know it searches the stale addresses first? It seems to me that
if the computer knows the addresses are stale, the active one would be
checked first.

Because last time I checked Linux, BSD and IOS complied to RFC 4861,
sections 7.2.2 and 7.3.2 clearly state when, why and how neighbour
solicitations are sent.

Ok, I won't change a route willy-nilly but if someone else came along with
their 4000+ computers using*my* address space there will be trouble, it's
inevitable.

With IPv4, each of those 4000+ computers will have one address. With
IPv6, they'd have 2 or 3 with the random address changing
occasionally. How is that a significantly greater problem? Also, you

Because you're not living in the real world :) When we had a v4 network
the computers were hierarchised, every working group had their 100 to 200
computers on a private net, with about 10 of them having globally routable
unicast addresses.

Then came IPv6, everyone was excited (well I think of it as overzealous)
and it was considered a good idea to make them all globally routable.
Someone read it was bad practice to split up the assigned /64 even further
and so the decision was made to line them all up in one gigantic network.
Daft, I know, because little did we know about *efficient* routing
policies, NDP, multicast, and whatnot.

Now 4 years later, we have the same hardware (on the network side) to back
our decision but the clients have changed a lot, motherboards come with
two NICs by default and, oh joy, there's an IPMI jack as well, lucky we
are that we have so many addresses, let's wire it all up, this is gonna
give us the most fail-safe network ever. Having to cope with more than
10000 addresses (and that translates to 10000 A4 sheets of paper(!) our
students and professors had to sign) already--I really feel for that poor
router--someone decided it would be more `private' to assign another
address per NIC per day/hour/dont-care, BRILLIANT! Twice the amount, no
papers signed for the extra addresses, we lost track anyway, ...

Oh wait, there's more, and noone really considered that, expired addresses
don't just disappear from NIC, they're just flagged `invalid' which means
new sockets won't/can't use them, long standing data connections be
thanked you can occasionally find up to 20, but at least one *additional*
*expired* address on the NICs. Where are we, right, a neighbourhood table
of more than 100000 addresses, constantly icmp'd for.

Did you expect this? See that's why I don't take advice from you :P


don't route to computers on your local network. All addressing there
is by MAC address. Routing is used when you go to other networks via
the router. But again, the other routers only have to know the route

Yes, so? I was talking about the neigh table. There is just one router
on our network.

to your network. Then when the packet gets to your network does your
router match up the IP address with the MAC address and pass the
packet to the final destination.

Nicely explained, but that's my point, the ONE router does have to keep up
with all the different neighbours.


I for one prefer working with conservative and modest people who think
before they implement their ideas, restricting a /64 to 1 host or
restricting a link to one address (on the router side) is not the worst
idea, if you*really* think about it.


At the basic level, there's not a lot of difference between IPv4 &
IPv6. Most of what applies to IPv4 also does to IPv6. Using a single
address & NAT is more complex than simply routing a block of addresses.

Ah, you would have been on the side of the overexcited/underinformed (yes
those are synonyms to me) people on our NOC team 4 years ago then. You
don't know how much you remind me of them :)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups