?

Log in

No account? Create an account

fanf

IPv6 day

« previous entry | next entry »
23rd May 2011 | 22:59

My previous post was incredibly boring and probably quite baffling without any context.

I have recently been preparing my mail servers for IPv6 day. My office mates have been doing similar prep work on their services. Cambridge University's network and DNS have supported IPv6 for a number of years now, and many of the desktops on the computing service staff network use it. Outside the CS the Institute of Astronomy has deployed it extensively, as have the student union and the student-run computing facility, and there is a smattering of it in the Computer Lab and Churchill College. Not much out of a few hundred institutions.

IPv6 day has provided a good push to get us to move our deployment further along. There is not actually much pressure to deploy it here: we have over two hundred thousand public IP addresses (though nearly half of them are dedicated to the Engineering department and the Computer Lab for more-or-less valid historical reasons) and we make extensive use of 172.16.0.0/12 private IP addresses. That should probably be enough for 55,000 people. So progress has been slow.

Our network manager has been looking more closely at rolling out IPv6 to more institutions in the University, and this required coming up with a more detailed addressing plan. It soon became clear that our current 2001:630:200::/48 allocation is uncomfortably small. We have too many institutions to sub-allocate on the /56 boundary, and many of them are too large to fit into a /60 range (only 16 subnets). The colleges have a lot student rooms, and for ease of management it may (eventually) make sense to give them individual /64 subnets, which will easily eat up 2^14 subnets. The federal nature of the University leads to a fair amount of fragmentation, especially since we prefer to allocate on multiple-of-four boundaries to make delegating reverse DNS easier.

After a lot of arguing with JANET and RIPE over their various bureaucratic allocation policies, we have (at last) got the OK for a new /44 allocation. [Since the IPv6 address space is practically infinite, it is obviously important to make sure that we use it efficiently or something. Just like A&A who allocate a /48 to each home user. Obviously there is enough IPv6 space for a one-size-fits-all allocation policy.] As you can see from the list in my previous post, JANET have been allocating /48 ranges to their subscriber institutions, mostly without space between them. This means we can't grow our current allocation because we share our parent /44 with eight other institutions. So we have the joy of a renumbering ahead of us. Good thing it will be small... You can also see from the list that we will be the second UK university to get a /44 after Oxford.

| Leave a comment | Share

Comments {16}

Any sufficiently advanced Political Correctness...

from: rbarclay
date: 23rd May 2011 22:32 (UTC)

If you need success stories (or just plain old sympathy for shared pain), I can put you in touch with the colleagues from ACOnet (Austrian Academic network), who run dual-stack for pretty much everything for a couple years now.

Reply | Thread

Tony Finch

from: fanf
date: 24th May 2011 00:24 (UTC)

Thanks. I'm feeling reasonably confident, though I am expecting a fair number of unexpected niggles and not enough time to find all of them.

One of the main things that we haven't updated properly yet is our stats scripts, and that won't happen till after IPv6 day...

Reply | Parent | Thread

tigerfort

from: tigerfort
date: 23rd May 2011 22:57 (UTC)

I had wondered whether there was any particular reason why Oxford had a /44 block while everyone else was only assigned a /48. But if they were simply the first to get round to saying "this isn't enough space", that makes, um, at least some sense. (Also, I hadn't immediately thought about the fact that Oxford and Cambridge are likely to have rather more sub-institutions than most other UK universities.)

Reply | Thread

Tony Finch

from: fanf
date: 24th May 2011 00:28 (UTC)

That Oxford simply asked first is my understanding, yes. I'm not sure if we have that many more departments than other universities of comparable size; but we have less central control, and more delegation of IT policy and operations to departments than is usual.

Reply | Parent | Thread

tigerfort

from: tigerfort
date: 24th May 2011 15:58 (UTC)

I was thinking in terms of having colleges (which are semi-independent sub-institutions in a position to demand and get their own IP blocks) rather than simple accommodation blocks (which generally aren't). So the university has the same number of departments, and then 30-ish (Cam) or 40-ish (Ox) extra sub-institutions on top. Unusual delegation to departments is going to have a similar effect, of course.

Reply | Parent | Thread

Tony Finch

from: fanf
date: 24th May 2011 16:22 (UTC)

IP address allocation works by IANA giving large blocks to the regional Internet registries (in our case RIPE) which in turn allocate to local Internet registries, which are functions of ISPs. LIRs then allocate blocks to their customers. JANET is the ISP and LIR for UK academia, and it allocates IP addresses along with network connections. Since colleges get connectivity from their university (not directly from JANET) they also get address space allocations from their university and aren't entitled to more direct allocations.

The federal structure means that we don't have things like a central DHCP pool, there's less sharing of network infrastructure than there could be.

Reply | Parent | Thread

tigerfort

from: tigerfort
date: 24th May 2011 21:36 (UTC)

Sorry, I wasn't clear: I didn't mean that colleges could demand blocks from JANET, but that a college can plausibly come to Ox/Cam computing services and demand to be given a block of their own (within the university's larger block) in a way that doesn't apply to halls of residence (or equivalent) elsewhere. (Not least, of course, because an accommodation building at, say, Bath or Newcastle, doesn't have the range of other functions that colleges do.)

Reply | Parent | Thread

Gerald the cuddly duck

from: gerald_duck
date: 24th May 2011 01:22 (UTC)

One way of looking at the situation is that the people who devised IPv6 think it's reasonable to use 64 bits of addressing for a broadcast domain (so you can use the MAC address as the IP address and still have sixteen bits spare for… mumble) whereas the typical IPv4 LAN uses only 8 bits. So IPv6 supports 264 LANs where IPv4 supports 224.

Arguably, an organisation that has 2-14.4 of the available IPv4 addresses should, by magnitude scaling, get 2-38.4 of the available IPv6 space and Cambridge should get at least a /40?

Also, arguably, it was a mistake to make IPv6's numbering space bear no relationship whatever to IPv4's. I suggested one alternative a year ago. Another alternative I came up with and dismissed as too complicated (compared with my proposal, though not compared with the current mess) was to create an injection from IPv4 addresses into the IPv6 address space, turning abcdefgh.ijklmnop.qrstuvwx.yzαβγδεζ into XXXXXXXX.XXXXXXXX.a0b0c0d0.e0f0g0h0.i0j0k0l0.m0n0o0p0.q0r0s0t0.u0v0w0x0.y0z0α0β0.γ0δ0ε0ζ0.00000000.00000000.00000000.00000000.00000000.00000000. This would mean that:
  • Configuration files written in IPv4-speak would also work for IPv6.
  • Everyone with an IPv4 address allocation automatically gets 248 times the square of the number of addresses they currently have.
  • Extra slack is created at every level of the numbering hierarchy.
  • There's no second parallel allocation mechanism.
  • The map of current IPv4 addresses still takes up only 2-16 of the total IPv6 address space, leaving plenty of room for new applications and numbering ranges.
  • There's less need for tunneling.

But it's too late, so nobody would be interested. *sigh*

Reply | Thread

Tony Finch

from: fanf
date: 24th May 2011 09:23 (UTC)

Yes we understand the IPv6 addressing architecture.

It is unpleasant of you to suggest that the historical unfairness in IP address allocation should be carried across into IPv6. The far East is growing rapidly, so APNIC was the first RIR to run out of IPv4, and v6 is an opportunity to fix this not to perpetuate it.

If you want to fix the Internet properly, you need to look to the routing architecture first; the addressing scheme will come as a consequence and should look very different to IP of any version.

Reply | Parent | Thread

Gerald the cuddly duck

from: gerald_duck
date: 24th May 2011 16:06 (UTC)

Sorry — my point was that considering the 2 2/3-fold expansion in network addressing bits rather than the fourfold expansion in total addressing bits would justify a larger allocation for Cambridge and, given the hugely sparse and profligate use of the bottom 64 bits, seems to me a legitimate perspective.

Yes, there are considerable problems with the proportions of the IPv4 address space that have been given to different entities. However, although that may rankle ideologically, how much does it matter in practice? If APNIC got the square of its IPv4 allocation as its IPv6 allocation, might that not be ample? Similarly, the number of Cambridge colleges might double in the lifetime of IPv6, but it's hardly likely to square.

If IPv4 allocations were algorithmically mapped into IPv6 ones, squaring the space available at every level, that would be entirely adequate for most entities and they could complain to their parent if it wasn't (who, in turn, would likely have ample spare to give them a bit more). There would be a few difficulties to iron out, but for the vast majority of entities everything would be simple. As things stand now, everyone has to stake their claim for IPv6 addresses, massively increasing the administrative overhead.

You mentioned revisiting the Internet's routeing architecture in my posting last year. I've not thought the issue through fully, but my instinct is to agree.

Reply | Parent | Thread

Dr Plokta

from: drplokta
date: 24th May 2011 05:46 (UTC)

There may not be much pressure to deploy IPV6 now, but wait until the mechanisms are in place for the university to make money by giving up unused IPV4 blocks.

Reply | Thread

Tony Finch

from: fanf
date: 24th May 2011 09:10 (UTC)

Hah yes. Microsoft and Nortel have set the price at $10 each (!) and I suppose it'll just go up from there...

Reply | Parent | Thread

Gerald the cuddly duck

from: gerald_duck
date: 24th May 2011 16:09 (UTC)

Seriously, can one actually monetise one's allocations? I've got a /25 that hasn't been routeable externally for the past three or four years. For $1,200 I'd switch to using 10.*!

Reply | Parent | Thread

Gerald the cuddly duck

from: gerald_duck
date: 24th May 2011 16:41 (UTC)

And, now I come to think about it, I "bought" a class C off Demon back in 1993. It seems they've since divvied it up and reallocated it.

On the one hand, I'm not completely certain they were entitled to do that when I stopped being their customer; on the other, given that I used the lack of a formal contract to avoid a notice period when I wanted to terminate service, I guess that cuts both ways and I've now got nothing to say I still own $2,500 of addresses. )-8

Reply | Parent | Thread

Tony Finch

from: fanf
date: 24th May 2011 22:28 (UTC)

The Nortel case was somewhat special because it was allocated before the existence of RIRs with basically no usage conditions. The transfer policies for RIR-allocated space typically require the recipient to demonstrate a need for the address space as they would for any other allocation (true for ARIN and RIPE). So while space is available there's no market. Since APNIC has run out of space they are not applying any needs-based policy.

Reply | Parent | Thread

tigerfort

from: tigerfort
date: 24th May 2011 15:50 (UTC)

Indeed. I'll be very interested (once the move is over and everyone is on IPV6) to see what the graph of price (for a smallish IPV4 block) against time. I'm probably expecting a steady (though increasingly steep) rise, a brief plateau, and then a sudden drop to nothing (or near enough), but there are plenty of scenarios that could change that.

Reply | Parent | Thread