Re: Over-utilisation of v6 neighbour slots
On 10/28/2013 10:49 PM, Lorenzo Colitti wrote: On Tue, Oct 29, 2013 at 6:53 AM, Phil Mayers mailto:p.may...@imperial.ac.uk>> wrote: I wanted to follow up on this. Some folks from Cisco kindly contacted me off-list, and correctly guessed that a large number of the IPv6 neighbour entries were in state "STALE", and pointed me to the relatively new: ipv6 nd cache expire ...interface-level command. This wasn't in the IOS train we were running until relatively recently, so I hadn't seen it before. I wonder what the designers were thinking when they did the original implementation. Without this option, a box with enough client churn could run out of neighbour cache entries even if all the clients are perfectly behaved. Perhaps they didn't think of it because it doesn't happen in IPv4 due to a) much fewer addresses on a given box due to scarcity and b) ARP has timeouts. Probably not scarcity in 1918 world, but I think you hit the nail on the head with "arp has timeouts." :) Doug
Re: Over-utilisation of v6 neighbour slots
On 21/10/13 20:35, Phil Mayers wrote: Specifically, our Cisco 6500/sup720 ran out of IPv6 FIB slots, as num_routes + num_neighs exceeded 32k (the default IPv4/IPv6 TCAM split on this platform being 192k/32k). I wanted to follow up on this. Some folks from Cisco kindly contacted me off-list, and correctly guessed that a large number of the IPv6 neighbour entries were in state "STALE", and pointed me to the relatively new: ipv6 nd cache expire ...interface-level command. This wasn't in the IOS train we were running until relatively recently, so I hadn't seen it before. Having applied this, we saw a sharp drop in v6 neighbour count, although it didn't seem to take effect on existing entries - I was able to force it by flapping the interface and refreshing all the neighbours. The entries seem to expire after "ipv6 nd cache expire" + "ipv6 nd reachable-time" i.e. I see a max age in the neighbour table of 24 minutes for parameter values of "1200" and "30" (in seconds and milliseconds) respectively. There are also a bunch of newer per-interface ND commands (per-IF ND cache size limits, for example) that could help with resource exhaustion, so people on Cisco gear should take a look.
Re: What is Brocade up to here?
http://www.ted.com/talks/jonathan_zittrain_the_web_is_a_random_act_of_kindness.html On Oct 28, 2013, at 4:41 PM, Ron Broersma wrote: > On Oct 28, 2013, at 8:29 AM, Sander Steffann wrote: >> Hi, >> It's been broken for months, too. Happy Eyeballs seems to work pretty well for the internet. >>> >>> Did they just fix it? >> >> I did send them a heads-up, so they might. > > I also immediately gave a heads up to one of my contacts there, and heard > back that they "fixed it last night". No details yet on exactly what was > misconfigured. > --Ron >
Re: What is Brocade up to here?
On Oct 28, 2013, at 8:29 AM, Sander Steffann wrote: > Hi, > >>> It's been broken for months, too. Happy Eyeballs seems to work pretty well >>> for the internet. >> >> Did they just fix it? > > I did send them a heads-up, so they might. I also immediately gave a heads up to one of my contacts there, and heard back that they "fixed it last night". No details yet on exactly what was misconfigured. --Ron
Re: What is Brocade up to here?
Hi, >> It's been broken for months, too. Happy Eyeballs seems to work pretty well >> for the internet. > > Did they just fix it? I did send them a heads-up, so they might. Sander
Re: What is Brocade up to here?
https://ripe67.ripe.net/presentations/288-Jen_RIPE67.pdf includes similar behaviors. -- Tassos sth...@nethelp.no wrote on 27/10/2013 17:35: % host brocade.com brocade.com has address 144.49.210.200 brocade.com has IPv6 address 2620:100:4:6401::20 If I try "telnet 2620:100:4:6401::20 80" I get this rather "interesting" result (my IPv6 address is 2001:8c0:9602:1::2): 16:27:01.107632 IP6 2001:8c0:9602:1::2.14710 > 2620:100:4:6401::20.80: Flags [S], seq 148079426, win 65535, options [mss 1440,nop,wscale 3,sackOK,TS val 1218395701 ecr 0], length 0 16:27:01.289048 IP6 2620:100:4:6400::7 > 2001:8c0:9602:1::2: ICMP6, neighbor solicitation, who has 2001:8c0:9602:1::2, length 32 16:27:01.289200 IP6 2620:100:4:6400::7 > 2001:8c0:9602:1::2: ICMP6, neighbor solicitation, who has 2001:8c0:9602:1::2, length 32 Since brocade.com is around 80 ms and more than 15 router hops away, I'm really curious about the neighbor solicitation. It is quite consistent. (Oh yeah, I never get an answer from port 80 on the IPv6 address. But HE takes care of things nicely, so brocade.com works in my browser.) Anybody know what Brocade is up to here? Steinar Haug, AS 2116
Re: What is Brocade up to here?
On Sun, 27 Oct 2013, niels=clue...@bakker.net wrote: It's been broken for months, too. Happy Eyeballs seems to work pretty well for the internet. Did they just fix it? $ telnet -6 brocade.com 80 Trying 2620:100:4:6401::20... Connected to brocade.com. Escape character is '^]'. quit 301 Moved Permanently Moved Permanently The document has moved href="http://www.brocade.com/index.page";>here. IBM_HTTP_Server at internet.brocade.com Port 80 Connection closed by foreign host. -- Mikael Abrahamssonemail: swm...@swm.pp.se