Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Tetramin
Apr 1, 2006

I'ma buck you up.

Docjowles posted:

I used to work for a regional ISP (coincidentally also in Colorado). One time our marketing team sent a mailing with this sweet stealth bomber on it advertising our speeds in miles per hour :confused: The lead network engineer almost quit over that lol

Lol badass

Adbot
ADBOT LOVES YOU

Eletriarnation
Apr 6, 2005

People don't appreciate the substance of things...
objects in space.


Oven Wrangler

MrMoo posted:

Facebook and others use IPv6 because the headers are smaller and less processing needed in routing, something like 10% faster?

China raised an order that all new equipment must support IPv6, so it helps to court their monies no doubt.

The headers aren't smaller, if you're just talking about raw IP traffic. IPv4 headers are 20 bytes and IPv6 headers are 40 bytes. It's kind of hard to avoid since the source and destination addresses for v6 take up 32 bytes by themselves.

That said, if you are doing some kind of extra processing or tunneling with IPv4 like NAT that you don't need with IPv6, then that could very well end up making more of a difference to the performance of whatever you're doing than the header length. I should have said "your addressing system doesn't inherently have much to do with how fast you're going, but modern networks are complicated".

Eletriarnation fucked around with this message at 15:59 on Nov 15, 2023

SamDabbers
May 26, 2003



Docjowles posted:

I used to work for a regional ISP (coincidentally also in Colorado). One time our marketing team sent a mailing with this sweet stealth bomber on it advertising our speeds in miles per hour :confused: The lead network engineer almost quit over that lol

Hello? Tech support? My internet is going 55 mph and I'm concerned the data bus will explode on the information superhighway if it slows down any more

uhhhhahhhhohahhh
Oct 9, 2012
ipv6 is slower because it takes the computer longer to type the address in (it has more characters)

MrMoo
Sep 14, 2000

Eletriarnation posted:

The headers aren't smaller, if you're just talking about raw IP traffic. IPv4 headers are 20 bytes and IPv6 headers are 40 bytes.

Technically IPv4 headers can be up to 60 bytes, but the real issue is the number of fields that network devices need to process. IPv6 reduces that from 6 to 4. Copying bytes is "free" in an ASIC, evaluating the content is not, hence why network switches are cheaper than network routers.

https://www.microsoftpressstore.com/articles/article.aspx?p=2225063&seqNum=3

uhhhhahhhhohahhh posted:

ipv6 is slower because it takes the computer longer to type the address in (it has more characters)

I like that devices end up with multiple addresses and some with short term lifetimes, idk how the designers of IPv6 expected the typical IT technician or network engineer to cope with that.

Like most apps record a device with a single IPv4 address, now you have multiple with different lifetimes, and each one very terse to read, awesome. Because mDNS is going to actually reliably work everywhere, any day now.

MrMoo fucked around with this message at 16:14 on Nov 15, 2023

Eletriarnation
Apr 6, 2005

People don't appreciate the substance of things...
objects in space.


Oven Wrangler

MrMoo posted:

Technically IPv4 headers can be up to 60 bytes.

Yes, I saw that too when I went to double check myself before posting but options aren't commonly used.

MrMoo posted:

, but the real issue is the number of fields that network devices need to process. IPv6 reduces that from 6 to 4. Copying bytes is "free" in an ASIC, evaluating the content is not, hence why network switches are cheaper than network routers.

https://www.microsoftpressstore.com/articles/article.aspx?p=2225063&seqNum=3

I mean yeah that's totally valid but, and hopefully I'm not splitting hairs too finely here, I wouldn't say that "we can use a simpler forwarding architecture" is usually what people mean when they say that a network is faster. They're usually talking either about latency or bandwidth. I can understand why the article that spurred the discussion wouldn't get into this kind of detail but it was funny to me because being "faster" isn't the point of IPv6 in the first place, and outside of edge cases like "we are Actually Facebook" it indeed doesn't matter.

tortilla_chip
Jun 13, 2007

k-partite
The real motivation for moving to IPv6 was a combination of exhaustion of addresses in the network fabric itself and the desire to do prefix delegation to tupperware hosts.

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

I'll be long dead before ipv6 is forced upon us all.

Kazinsal
Dec 13, 2011


Also the original spec for NAT in 1994 had no concept of dynamically translating ports and just assumed that you would be able to have as many globally routable IPs on hand as your best guess was for how many internal hosts would simultaneously need to talk out to the internet.

Because that scales reasonably.

Then we solved that for another 20 years with port translation and then solved the unexpected explosion of always-on mobile internet access on smartphones with CGNAT.

Rudager
Apr 29, 2008

GreenNight posted:

I'll be long dead before ipv6 is forced upon us all.

Buried under a pile of NATs.

Everytime I see CG-NAT I just hear chief Wiggum in my head going No, NAT up stupid!

wolrah
May 8, 2006
what?

MrMoo posted:

I like that devices end up with multiple addresses and some with short term lifetimes, idk how the designers of IPv6 expected the typical IT technician or network engineer to cope with that.

Like most apps record a device with a single IPv4 address, now you have multiple with different lifetimes, and each one very terse to read, awesome. Because mDNS is going to actually reliably work everywhere, any day now.

Don't use the ephemeral addresses for anything not ephemeral?

Every IPv6 device will have a link local address, those are in the fe80::/64 network and should never be used for anything long term. They're the equivalent of a 169.254 address in IPv4, just there to allow devices to communicate without any network-assigned address.

In a network using SLAAC the router advertises the prefix and the host assigns itself one or two addresses depending on the OS and configuration. On older systems you'll usually get one address which is based directly on the MAC address of the interface. This address should always be the same as long as the network and NIC remain the same.

At some point people realized that making the MAC address part of the global address makes it possible to uniquely identify a machine on the internet and track it across networks, so some new mechanisms were developed to choose host addresses. There's one method that generates a repeatable address based on the interface, a network identifier, and a private key unique to the host. Again the address should never change unless the network or hardware changes. These are your reliable identifiers. There's another method to generate temporary addresses that are effectively random, which are intended to be used to increase privacy for outgoing connections from devices or applications that don't care.

For those who really care about assigning specific addresses to specific devices, DHCPv6 is also a thing and works more or less the same as DHCP in IPv4, your DHCP server assigns whatever address it wants to the clients and those addresses will remain the same as long as the DHCP server wants them to. Android for whatever reason explicitly does not support it, every other major platform does.

tl;dr: You have more addresses to choose from on most IPv6 enabled devices, but there's still always a reliable long-lived address unless the system has gone out of its way to only use temporary addresses (technically allowed in the spec but intended for IoT type stuff not normal computers).

It's not hard to keep track of IPv6 devices if you don't just assume that every address is going to be around forever.

Also in the end if you're regularly entering in IP addresses of any kind something is wrong. If the thing needs to be accessed by humans it should have a DNS name (not mDNS, real DNS).


Rudager posted:

Everytime I see CG-NAT I just hear chief Wiggum in my head going No, NAT up stupid!
Now that's going to be stuck in my head, and I'm OK with this.

Moey
Oct 22, 2010

I LIKE TO MOVE IT

Docjowles posted:

That was goofy but I thought it was a reasonable article overall for a random local newspaper that’s not a trade journal or anything.

I used to work for a regional ISP (coincidentally also in Colorado). One time our marketing team sent a mailing with this sweet stealth bomber on it advertising our speeds in miles per hour :confused: The lead network engineer almost quit over that lol

Unless you were breaking 700 million mph, I'm also not impressed.

I scared you out of Colorado, correct? I thought you relocated but now don't remember.

Docjowles
Apr 9, 2009

Moey posted:

Unless you were breaking 700 million mph, I'm also not impressed.

I scared you out of Colorado, correct? I thought you relocated but now don't remember.

Oh drat hey Moey, been a while. Yeah I moved to Boston in like 2015 but I actually moved back to CO last summer. Apparently the east coast doesnt suit me anymore. You still up in the mountains?

Moey
Oct 22, 2010

I LIKE TO MOVE IT

Docjowles posted:

Oh drat hey Moey, been a while. Yeah I moved to Boston in like 2015 but I actually moved back to CO last summer. Apparently the east coast doesn’t suit me anymore. You still up in the mountains?

Welcome back!

Yup, still in the same town.

You finally cave and decide to start sliding down the mountain like a good Colorado resident?

Prescription Combs
Apr 20, 2005
   6

Tetramin posted:


ISE stuff


How'd your upgrades go? I'm in the middle of doing 6 VMs from 2.7 to 3.2 in situ. :gonk: It's semi nerve wracking and I didn't have a choice to do it any other way.

Horsebanger
Jun 25, 2009

Steering wheel! Hey! Steering wheel! Someone tell him to give it to me!

Rudager posted:

Buried under a pile of NATs.

Everytime I see CG-NAT I just hear chief Wiggum in my head going No, NAT up stupid!

It is still no NAT november...

CGNAT loving sucks and I hated keeping it running.

Tetramin
Apr 1, 2006

I'ma buck you up.

Prescription Combs posted:

How'd your upgrades go? I'm in the middle of doing 6 VMs from 2.7 to 3.2 in situ. :gonk: It's semi nerve wracking and I didn't have a choice to do it any other way.

It got pushed until 12/8. Luckily, because my boss mentioned to me like two days before the original time that I can hit up our partner company for some help planning it, getting my ducks in a row, and figuring out licensing.

I also was able to get a fresh VM for our secondary admin node, so it looks like Ill only need to do an upgrade to the Primary and then join all of my new VMs to the deployment.

Still feeling a bit nervous about it, but after discussing the plan with our partner and now that I only will need to upgrade one server, Im feeling way better.


But yeah good luck with yours fellow goon. I would be sweating a bit in your shoes honestly, are yall using ISE for dot1x etc? Im curious if youve ran the URT and what it told you. I ran it on my 6 server deployment and it said it would be like 70 minutes per node, and were only really doing TACACs+RADIUS for our network gear.

Anyway once I actually complete it next week, Ill try to make a post about what I ran into and stuff like that.

In both of our situations, Id really say to check if you can leverage a partner relationship, get an hour with a delivery engineer to see if you can hammer out your process and ask any questions. It really made me feel a lot better.

Adbot
ADBOT LOVES YOU

Prescription Combs
Apr 20, 2005
   6
3 of 6 are done. The last 2 were a pair and had some hangups but making them standalone I was able to get them to successfully upgrade and rejoin each other. So far, the licensing has been a piece of cake. A TAC case with serials and had them convert everything over to the Smart Virtual Account for me so I could do the specific license reservation afterwards since they're not internet connected.

All these ISE servers do is TACACS and RADIUS. Whole lotta money for a buncha ISE licenses but it's what the customer wanted so it is what it is.

E: between ISE and doing 4 pairs of FMCs with a swath of FTD's I'll be glad when this week is over.

Prescription Combs fucked around with this message at 05:24 on Nov 29, 2023

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply