Re: IPv6 could change things - Was: DMCA takedowns of networks
Michael Dillon wrote: [..] [..] The side effect of this is that it makes the network operator's tool sharper, and able to knock down single sites with a /32 ACL. You actually mean a /128 in the case of IPv6, the /32 would be the complete ISP... For a hosting provider, I would think that this strengthens the business case for IPv6. and they can just use a single /64 for a single 'virtual webhost', then assign a 32 bit customer-id and have every customer have 2^32 sites, bingo. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 could change things - Was: DMCA takedowns of networks
Jeffrey Ollie wrote: [..] But do the commonly-used operating systems support adding hundreds or thousands of addresses to an interface, and what would the performance implications be? Remember that IP addresses are 128bits, while hostnames (the ones for the Host: header in the HTTP query) are well, quite a bit longer than that on average. If thus something like this would become common-place, there definitely will be quite some people who will be paying some attention on optimizing Apache. But yes, the network stack itself is a different question, then again, you can just route a /64 into the loopback device and let your apache listen there... (which also allows you to do easy-failover as you can move that complete /64 to a different box ;) Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 could change things - Was: DMCA takedowns of networks
On Tue, Oct 27, 2009, Jeroen Massar wrote: But yes, the network stack itself is a different question, then again, you can just route a /64 into the loopback device and let your apache listen there... (which also allows you to do easy-failover as you can move that complete /64 to a different box ;) Funny you should mention that. A couple of tricks I've seen: * instead of a linked list and O(n) searching of interface aliases, use some kind of tree to map local IP - interface. * hacks to do a bind to all damned IP addresses and let userspace sort it out. I've done the former for a few thousand aliases with no degredation in performance. The hacks available for freebsd-4.x for the Web Polygraph software did something similar. 2c, Adrian
Re: IPv6 could change things - Was: DMCA takedowns of networks
Jeroen Massar wrote: But yes, the network stack itself is a different question, then again, you can just route a /64 into the loopback device and let your apache listen there... (which also allows you to do easy-failover as you can move that complete /64 to a different box ;) You are still comparing an application level decision to a stack level decision. Thousands of addresses on a stack could definitely pose an issue depending on the OS. Jack
Re: IPv6 could change things - Was: DMCA takedowns of networks
But do the commonly-used operating systems support adding hundreds or thousands of addresses to an interface, and what would the performance implications be? Jeff Ollie Last time I checked, and this may have changed, the limit in Linux was around 4096. In practice though, you also have to consider the physical limitations of the server itself. The biggest bang for the buck in dense hosting environments seems to be running about 1000 sites per box, with a few boxes dedicated to your heavy hitters with 100 or less ea. Until we start seeing IPv6-only hosting though, I suspect that we will see IPv6 address mirror the configuration of the IP assignments. Sites with dedicated IPs will have dedicated IPv6, sites with shared IP will have shared IPv6, if only to maintain sanity. If you're trying to make the case for IPv6 to hosting companies, you're barking up the wrong tree. IP address just became a scarce commodity, instead of providing you with a free IP address, the can now charge $100 a mo for one. They know darn well that it will take a while for every user to have IPv6 from their SP and that if you want to run a site you'll need access to the legacy IP Internet to reach your customers. On the bright side, this will encourage the market to adopt IPv6 because they can't afford IP. Hopefully ARIN adopts a policy of decommissioning IP space as they reclaim it to prevent people from receiving new allocations as people begin to go IPv6-only, otherwise we'll be stuck with two Internets for a very long time. -- Ray Soucy Communications Specialist +1 (207) 561-3526 Communications and Network Services University of Maine System http://www.maine.edu/
Re: IPv6 could change things - Was: DMCA takedowns of networks
Once upon a time, Jeffrey Ollie j...@ocjtech.us said: But do the commonly-used operating systems support adding hundreds or thousands of addresses to an interface, and what would the performance implications be? I've got Linux (and even Windows) boxes with several hundred IPs bound today; I don't see why IPv6 addresses would be any different. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: IPv6 could change things - Was: DMCA takedowns of networks
-Original Message- From: Ray Soucy [mailto:r...@maine.edu] Sent: Tuesday, October 27, 2009 9:45 AM To: Jeffrey Ollie Cc: North American Network Operators Group Subject: Re: IPv6 could change things - Was: DMCA takedowns of networks But do the commonly-used operating systems support adding hundreds or thousands of addresses to an interface, and what would the performance implications be? Jeff Ollie Last time I checked, and this may have changed, the limit in Linux was around 4096. So in this circumstance you could route a /116 to the server. COOL! In practice though, you also have to consider the physical limitations of the server itself. The biggest bang for the buck in dense hosting environments seems to be running about 1000 sites per box, with a few boxes dedicated to your heavy hitters with 100 or less ea. So in this circumstance you could route a /118 to the server serving 1000 sites and a /125 to the server serving 100 sites. Also COOL! Until we start seeing IPv6-only hosting though, I suspect that we will see IPv6 address mirror the configuration of the IP assignments. Sites with dedicated IPs will have dedicated IPv6, sites with shared IP will have shared IPv6, if only to maintain sanity. This passes my smell and duh tests. :) If you're trying to make the case for IPv6 to hosting companies, you're barking up the wrong tree. IP address just became a scarce commodity, instead of providing you with a free IP address, the can now charge $100 a mo for one. They know darn well that it will take a while for every user to have IPv6 from their SP and that if you want to run a site you'll need access to the legacy IP Internet to reach your customers. On the bright side, this will encourage the market to adopt IPv6 because they can't afford IP. Hopefully ARIN adopts a policy of decommissioning IP space as they reclaim it to prevent people from receiving new allocations as people begin to go IPv6-only, otherwise we'll be stuck with two Internets for a very long time. Agreed, except for one thing. ARIN shouldn't decommission IP space. The Internet will dictate that IPv4 will go away all on its own once IPv6 becomes the protocol of choice for enough of the net. At some point, the people who depend on IPv4 will not be able to pay for their providers supporting the IPv4 infrastructure as new devices become available that either only support IPv6, or don't implement a full suite of IPv4 to keep costs down. Also remember that at some point, there will be no IPv4 left. When this happens new entrants will suffer greatly at the hands of this circumstance. But we will get through it and there will be new sites that will be IPv6 only, then there will be demand for these sites, then there will be people who vote with their wallets for the new sites... Was I rambling there? :) In the end it will be economics that dictate a single protocol Internet. I am one who wishes we put a date in stone now to establish the cut date of IPv4 to IPv6, but that is unreasonable. This will take care of itself. _ Brian Johnson Converged Network Engineer (CCNP, ENA) Dickey Rural Networks
Re: IPv6 could change things - Was: DMCA takedowns of networks
On Tue, Oct 27, 2009 at 02:05:36PM +, Michael Dillon wrote: But, when IPv6 is a bit more common, there is no need for virtual hosters to share a single IP address between several sites. They may as well use a unique IPv6 address for every single site, even if they are all on the same server. The side effect of this is that it makes the network operator's tool sharper, and able to knock down single sites with a /32 ACL. A /128 you mean. If you look in Apache's httpd/server/vhost.c, you may notice that the server locates addressed virtual hosts using a simple 32-8 bit integer reduction hash, which produces a well balanced hash table in typical virtual server applications (generally these servers get addresses in contiguous blocks). Named virtuals are relegated to an extra hash bucket, essentially placing them all on a single unsorted linear list, which is searched if a by-address match is not found. Probably in the modern day, the additional processing (and system calls) necessary to render a web object into a reply is significantly higher than the overhead to locate a virtual server even at these orders of magnitude, but it's interesting that the software works differently. -- David W. HankinsIf you don't do it right the first time, Software Engineeryou'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins pgp5lDTPDChD6.pgp Description: PGP signature
Re: IPv6 could change things - Was: DMCA takedowns of networks
To expand on this from a programmers perspective, usually at the kernel/network stack level, a patricia radix-style trie is used for fast ipv6 lookups. The benefit of the patricia trie being that if you only have a difference keylength of 8 bits (/120) then the ip lookup only takes 8 steps in a worst-case scenario. The same concept applies to ipv4 cidr as well, but it is less obvious. William --Original Message-- From: Adrian Chadd To: Jeroen Massar Cc: North American Network Operators Group Subject: Re: IPv6 could change things - Was: DMCA takedowns of networks Sent: Oct 27, 2009 10:39 AM On Tue, Oct 27, 2009, Jeroen Massar wrote: But yes, the network stack itself is a different question, then again, you can just route a /64 into the loopback device and let your apache listen there... (which also allows you to do easy-failover as you can move that complete /64 to a different box ;) Funny you should mention that. A couple of tricks I've seen: * instead of a linked list and O(n) searching of interface aliases, use some kind of tree to map local IP - interface. * hacks to do a bind to all damned IP addresses and let userspace sort it out. I've done the former for a few thousand aliases with no degredation in performance. The hacks available for freebsd-4.x for the Web Polygraph software did something similar. 2c, Adrian -- William Pitcock SystemInPlace - Simple Hosting Solutions 1-866-519-6149
Re: IPv6 could change things - Was: DMCA takedowns of networks
Brian Johnson wrote: Last time I checked, and this may have changed, the limit in Linux was around 4096. So in this circumstance you could route a /116 to the server. COOL! These days what we might at one point have refered to as a host or server may actually be a hardware container with N 1 or so virtual systems... which may variously be: attached to the network via dedicated interface individual vlans a virtual bridge a layer-3 topology In practice though, you also have to consider the physical limitations of the server itself. The biggest bang for the buck in dense hosting environments seems to be running about 1000 sites per box, with a few boxes dedicated to your heavy hitters with 100 or less ea. So in this circumstance you could route a /118 to the server serving 1000 sites and a /125 to the server serving 100 sites. Also COOL! How many ips you can park on a particular hardware container is probably bounded only by the over-subscription rate of what you intend to serve. Most of the superficial limits (macs on a bridge table, ips on an interface etc can be worked around in fairly simple fashion but the number of connections per second or pps rate a given hardware container can pass though whatever abstraction is applied is less fungible. Until we start seeing IPv6-only hosting though, I suspect that we will see IPv6 address mirror the configuration of the IP assignments. Sites with dedicated IPs will have dedicated IPv6, sites with shared IP will have shared IPv6, if only to maintain sanity. This passes my smell and duh tests. :) If you're trying to make the case for IPv6 to hosting companies, you're barking up the wrong tree. IP address just became a scarce commodity, instead of providing you with a free IP address, the can now charge $100 a mo for one. They know darn well that it will take a while for every user to have IPv6 from their SP and that if you want to run a site you'll need access to the legacy IP Internet to reach your customers. On the bright side, this will encourage the market to adopt IPv6 because they can't afford IP. Hopefully ARIN adopts a policy of decommissioning IP space as they reclaim it to prevent people from receiving new allocations as people begin to go IPv6-only, otherwise we'll be stuck with two Internets for a very long time. Agreed, except for one thing. ARIN shouldn't decommission IP space. The Internet will dictate that IPv4 will go away all on its own once IPv6 becomes the protocol of choice for enough of the net. At some point, the people who depend on IPv4 will not be able to pay for their providers supporting the IPv4 infrastructure as new devices become available that either only support IPv6, or don't implement a full suite of IPv4 to keep costs down. Also remember that at some point, there will be no IPv4 left. When this happens new entrants will suffer greatly at the hands of this circumstance. But we will get through it and there will be new sites that will be IPv6 only, then there will be demand for these sites, then there will be people who vote with their wallets for the new sites... Was I rambling there? :) In the end it will be economics that dictate a single protocol Internet. I am one who wishes we put a date in stone now to establish the cut date of IPv4 to IPv6, but that is unreasonable. This will take care of itself. _ Brian Johnson Converged Network Engineer (CCNP, ENA) Dickey Rural Networks
Re: IPv6 could change things - Was: DMCA takedowns of networks
On Tue, 27 Oct 2009 10:41:46 -0500 Jack Bates jba...@brightok.net wrote: Jeroen Massar wrote: But yes, the network stack itself is a different question, then again, you can just route a /64 into the loopback device and let your apache listen there... (which also allows you to do easy-failover as you can move that complete /64 to a different box ;) You are still comparing an application level decision to a stack level decision. Thousands of addresses on a stack could definitely pose an issue depending on the OS. Depends a bit on how the OS handles interface address assignments. Linux creates host routes in a separate 'local' route table, which you can see via ip route show table local or for IPv6 ip -6 route show table local which I think would suggest that Linux's interface address assignment scalability is as scalable as it's route table scalability. Performing concurrent IPv6 Duplicate Address Detection on that many addresses when the interface/host comes up might be an issue. Regards, Mark.
