Thursday, July 19, 2007

Geoff Huston on the IPv6 Transition

The End of the (IPv4) World is Nigher!
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we’ve seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we’ve now seen ICANN also make its pronouncement on this topic.

We're definitely running out of IPv4 address space and the transition to IPv6 needs to happen sometime soon. Personally, I don't think we'll see the type of widespread adoption necessary to push us past the tipping point until at least 2012. Network operators will slice up the customer allocations into ever smaller chunks and the end users will NAT more and more services behind the handful of addresses using ever more inventive methods. That's a good thing (sort of) as Huston is predicting that we'll be looking at an exhaustion point for the address space in "late 2009 / early 2010"
rather than looking at an exhaustion date for IPv4 addresses of around 2012 to 2014, which appears to be so comfortably off in the distant future as to be inconsequential to today’s Internet industry, the exhaustion date has drawn in to late 2009 / early 2010. This is just a little over two and a half years from today and all of a sudden a rather abstract debate about the viability of various options to cope with this address exhaustion issue is looking uncomfortably real.

He bases this prediction on a growth curve that fits rather well into an o(2) polynomial function (Extensive data here).

So what's a Network Administrator to do? Unfortunately, most of us fall into the same boat. Until our providers move to IPv6 there's not much of an incentive for us to undertake the process within our networks; The business case isn't there but the potential for interruption to essential services are. The latter, I think, is why we'll continue to see widespread reluctance to migrate in the near future (and even beyond Huston's probable exhaustion date).

Too many businesses (even high tech ones) treat the network layer as black box because they do not understand the complexities involved. And because most technology executives (CTOs, I'm looking at you!) don't come from a network background and don't know what goes inside that black box they don't fund it to the fullest extent as they do with their software engineering or systems budgets. The result is that one of the most important technology layers, one which all the other flashier layers are dependent upon, is not allowed to perform to its limits or is not properly engineered to handle what is demanded of it.

We end up, then, with a situation where the business sees no need to migrate to IPv6 and the network administrators are reluctant to make the case because of a perception that the business will not listen to their recommendation. My advice: Prepare now. Start building the deployment plans and evaluating your networks and equipment to determine what needs to be done. The business will eventually realize that there is a need to migrate and when the time comes you'll be ready.

Wednesday, July 18, 2007

Watch your WiFi: iPhones flooding ARP requests?

NetworkWorld picked up a story on Apple's new iPhone taking out Cisco LWAPs at Duke University:
The built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C., school’s pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. The campus network staff is talking with Cisco, the main WLAN provider, and have opened a help desk ticket with Apple. But so far, the precise cause of the problem remains unknown.

I tend to agree with one of the commenter's speculation that the iPhone's wireless stack is trying to find its "home" network and in the process is sending out a flood of Unicast ARP requests. That's probably circumventing whatever flood controls might be in place which causes the Controller to fall over. Since they're using Light-Weight Controllers (my guess is that it's the 4400-series) multiple WAPs will become unreachable simultaneously as they all depend on the controller to function properly.

Cisco will probably get a fix out there to prevent this behavior, but I also think the onus is on Apple to fix their WiFi stack. The fact that Apple has been completely silent on the matter doesn't help things. If they're aware of an issue they need to be open about it and work to resolve the problem as quickly as possible. Instead, it looks like they've taken the traditional Apple line of clamming up about everything. That works well when you're trying to build buzz for your Latest Coolest Thing Ever™ but it creates horrible feelings in the marketplace when there's an issue that requires resolution.

Hat Tip Instapundit

Update: Cisco Security Advisory: Wireless ARP Storm Vulnerabilities

They don't mention the Duke issue at all, but it's pretty clear the problem was due to their handling of unicast ARPs when doing Layer-3 roaming.

Thursday, July 5, 2007

I'm bored ...

I'm waiting for dinner to cook (mmmm.. Spaghetti and meatballs) soI figured I'd take some pictures while I walkmy roommate's dog.


My Car

Rachel Lucas is right

I can't argue with the facts.