* Posts by James_K

11 publicly visible posts • joined 3 Jul 2019

This major internet routing blunder took A WEEK to fix. Why so long? It was IPv6 – and no one really noticed

James_K

Re: But... why?

"Point to point link? Or you just need two /128’s routed to devices as loopbacks?"

Point to point links need 2 addresses, one for each end. However, IPv6 does not need a global or even unique local address for routing, as link local addresses are often used. A /128 means the address is used to identify a system, but is not used for routing. For example, my firewall/router has a /128 address. I can use that address for testing with ping, traceroute, etc. I can also use it as a VPN end point. Any traffic for that address will travel from the ISP using the link local address.

The IPv6 loop back address is ::1.

James_K

"Is that what small offices and domestic users have to do... turn off IPV6?"

Someone at BT clearly did something wrong, as IPv4 and IPv6 are different protocols. There are many, many people around the world who have no such problem.

James_K

Re: "If anything, it is a demonstration of how robust IPv6 can be in the face of such mistakes."

"There are enough IPv6 addresses to give 7 to every atom in every human on earth."

There are enough to give every person on earth over 4000 /48s.

James_K

Re: Warning. You are announcing over 2 billion addresses! Proceed Y/N?

"How? Not possible while any site you might need uses IP4 only and some gadget that can't be updated only uses IP4. And while a single ISP (fixed or mobile) doesn't do IP6 properly."

Look up "bogon filtering", which routers can use to block invalid address space.

James_K

Re: Shifting to IP6 properly?

"How? Not possible while any site you might need uses IP4 only and some gadget that can't be updated only uses IP4. And while a single ISP (fixed or mobile) doesn't do IP6 properly."

There is something called 464XLAT for just that purpose. It converts between IPv4 and IPv6, as needed. My cell phone is on an IPv6 only network and uses 464XLAT for access to IPv4 sites and for apps that are IPv4 only.

James_K

Re: What transition?

"And the "this requires that everybody be retrained" bit is actually the real killer, because IPv6 obsoletes any knowledge of how networking works. You have people in IT who have paid multiples of their yearly salary to go on all the CCNA courses and the people who have just figured it out themselves. The people who have been on the training courses (or their employers) don't want to pay for another set of training courses and the people who haven't done the training don't want their hard earned knowledge obsoleted. And the beancounters refuse to pay silly money for new equipment (firewalls, modems, wap's etc) because it costs too much."

Actually, for the most part IPv6 works exactly the same as IPv4, other than larger addresses. There are differences, such as fixed length headers and extension headers, which improve router performance, ICMP6 is used for a lot more than ICMP in IPv4, which rationalizes a lot of things, including getting rid of ARP, which actually predates IP. There are other things that improve security too. As for Cisco certification, IPv6 has been part of the curriculum for several years, so anyone with a current certification should know IPv6.

If you're doing a massive rewrite of networking code then do it right and start from scratch, rather than building in more hacks.

James_K

Re: What transition?

"Windows 7, 8, 10 have *all* had IPv6 loaded in them and, by default, bound to all network interfaces."

Actually, IPv6 was mostly there in XP SP3.

James_K

Re: What transition?

"My suggestion. IPv6 people should recognize that they screwed up. Cancel the "transition" Come up with something serious and effective to tame IoT problem (which they didn't cause, but truly must not enable). Then design a new protocol compatible with both IPv4 and IPv6. And give a lot of thought to ease of implementation this time."

This is the real problem, hack after hack to get around the limitations of IPv4 address space. As a result, we have a hack called "NAT", which breaks the end to end nature of IP. Then we have hacks like STUN, to get around the problems NAT causes for VoIP and games, etc..

Instead of coming up with all these hacks, just start from a clean slate and come up with something adequate, such as IPv6. As for your idea, as others mentioned, it will add to the processing workload, something IPv6 was designed to avoid, with fixed length headers and more.

James_K

Re: But... why?

"The /127 would be 2. Just 2 IP addresses."

That would be a point to point link. However, one thing a lot of people fail to understand is that routing is often done over link local addresses, not GUA, with only a /128 address to provide an address for testing, etc., but not for routing. I had a problem with my ISP a few months ago and I had to explain that point to 2nd level support.

James_K

Re: "they weren't in use so nobody was affected"

"v6 isn't hard. People are just scared by new things."

+1

James_K

Re: "If anything, it is a demonstration of how robust IPv6 can be in the face of such mistakes."

Why would 4 addresses be used? IP only uses 2 addresses, whether IPv4 or IPv6. Perhaps you're thinking of the MAC addresses. WiFi frames use up to 4 MACs.