Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today
At 18:10 12/08/2014 -0400, William Herrin wrote: We went with 768 - enough time to replace the routers with ASR9010s. It is merely a stop-gap measure to give everyone time to replace their routers in an orderly fashion. -Hank
On Tue, Aug 12, 2014 at 2:42 PM, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-swit...
I note that the recommended command in that article, "mls cef maximum-routes ip 1000", will throw most of your IPv6 routes out of the TCAM instead. Which if you have any IPv6 traffic of substance just kills you in the other direction. Might want to try something more like "mls cef maximum-routes ip 900".
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> Can I solve your unusual networking challenges?
On Wed, 13 Aug 2014 08:08:04 +0300, Hank Nussbacher said:
We went with 768 - enough time to replace the routers with ASR9010s. It is merely a stop-gap measure to give everyone time to replace their routers in an orderly fashion.
The same people who, knowing the 6509 had this default config issue, and neither replaced the gear nor did the reconfig to buy time *before* the wall got hit, are going to replace said 6509 in orderly fashion? Hank, you gotta learn to wear respiratory apparatus when working near open containers of magic router pixie dust - that stuff can screw you up if you inhale it. :)
On Wed, Aug 13, 2014 at 1:40 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Wed, 13 Aug 2014 08:08:04 +0300, Hank Nussbacher said:
We went with 768 - enough time to replace the routers with ASR9010s. It is merely a stop-gap measure to give everyone time to replace their routers in an orderly fashion.
The same people who, knowing the 6509 had this default config issue, and neither replaced the gear nor did the reconfig to buy time *before* the wall got hit, are going to replace said 6509 in orderly fashion?
Sadly enough: A: not everyone knew about the issue - there are a large number of folk running BGP on 65xx and taking full tables who are not plugged into NANOG / the community. In many cases they are single homed enterprise folk, but run BGP anyway (because com consultant set it up, some employee with clue did it years ago and then left, etc). B: they *did* know about the issue, but convincing management to spend the cash to buy hardware that doesn't suck was hard, because "everything is working fine at the moment" -- some folk needed things to fail spectacularity to be able to justify shelling out the $$$ ( yes, they could recard the TCAM, but they are using this as an excuse to get some real gear)... Am I overly cynical, or does this all work out perfectly for some vendors? I'm guessing that a certain vendor is going to see a huge number of orders for new equipment, for an event that could have been (and was) easily predicted... "Here, buy my widget... and then you'll come back in a few years and buy another one.. <mwahahahah>". Yup, folk purchasing these *should* have known (not like there was no discussions of this), but, well, not everyone spends all day reading NANOG / RIPE / CIDR report... W
Hank, you gotta learn to wear respiratory apparatus when working near open containers of magic router pixie dust - that stuff can screw you up if you inhale it. :)
-- -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/13/2014 6:52 AM, Warren Kumari wrote:
Am I overly cynical, or does this all work out perfectly for some vendors? I'm guessing that a certain vendor is going to see a huge number of orders for new equipment, for an event that could have been (and was) easily predicted... "Here, buy my widget... and then you'll come back in a few years and buy another one.. <mwahahahah>". Yup, folk purchasing these *should* have known (not like there was no discussions of this), but, well, not everyone spends all day reading NANOG / RIPE / CIDR report...
I am not an operator, but I used to be a *really* active routing engineer once upon a time in the stone age :-) and what really bothers me is the serious lack of general awareness on the issue of routing table size, aggregation, and stability, and what effect it has on the global Internet. Especially questions like this: "Is it time to switch to all IPv6 yet?" http://tech-beta.slashdot.org/story/14/08/13/0048244/the-ipv4-internet-hiccu... If anyone *seriously* believes that IPv6 will have any positive effect on this particular issue, you are sorely misinformed. If anything, it will make the problem worse, since the ability to "get aggregation wrong" will be much easier. I'm not being cynical, I'm being a realist. :-/ - - ferg p.s. I recall some IPv6 prefix growth routing projections by Vince Fuller and Tony Li from several years ago which illustrated this, but cannot find a reference at the moment.... - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlPrcJ8ACgkQKJasdVTchbINbAD9FKCQYHW2QTHrUB7NFOzJMpAx 9pbU7474w6CFgkCiBk0A/22u0wD5Mse0oMVCgcpBeopVq0SxChU1fkp9EUgk0+ZS =NCm3 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Apologies for replying to my own post, but... below: On 8/13/2014 7:05 AM, Paul Ferguson wrote:
On 8/13/2014 6:52 AM, Warren Kumari wrote:
Am I overly cynical, or does this all work out perfectly for some vendors? I'm guessing that a certain vendor is going to see a huge number of orders for new equipment, for an event that could have been (and was) easily predicted... "Here, buy my widget... and then you'll come back in a few years and buy another one.. <mwahahahah>". Yup, folk purchasing these *should* have known (not like there was no discussions of this), but, well, not everyone spends all day reading NANOG / RIPE / CIDR report...
I am not an operator, but I used to be a *really* active routing engineer once upon a time in the stone age :-) and what really bothers me is the serious lack of general awareness on the issue of routing table size, aggregation, and stability, and what effect it has on the global Internet.
Especially questions like this:
"Is it time to switch to all IPv6 yet?"
http://tech-beta.slashdot.org/story/14/08/13/0048244/the-ipv4-internet-hiccu...
If anyone *seriously* believes that IPv6 will have any positive effect on this particular issue, you are sorely misinformed. If anything, it will make the problem worse, since the ability to "get aggregation wrong" will be much easier.
I'm not being cynical, I'm being a realist. :-/
- ferg
p.s. I recall some IPv6 prefix growth routing projections by Vince Fuller and Tony Li from several years ago which illustrated this, but cannot find a reference at the moment....
I found it: "Scaling issues with ipv6 routing+multihoming" Vince Fuller, Cisco Systems http://iab.org/wp-content/IAB-uploads/2011/03/vaf-iab-raws.pdf I think the slides [above] were done for an IAB routing workshop in ~2006. Also: "Scaling of Internet Routing and Addressing: past view, present reality,and possible futures" Vince Fuller, Cisco Systems http://www.vaf.net/~vaf/apricotworkshop.pdf FYI, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlPrinQACgkQKJasdVTchbLU/QD+LB1B4YoSjmVuipl5c5WskbWU CpGkLaxEgOsf7kxssOIA+gPWSlSDMG+86RDREGecy8/WGftSON0EHHi9pBxMDl/P =9XW4 -----END PGP SIGNATURE-----
On 8/13/14 8:55 AM, Paul Ferguson wrote:
Apologies for replying to my own post, but... below:
On 8/13/2014 7:05 AM, Paul Ferguson wrote:
p.s. I recall some IPv6 prefix growth routing projections by Vince Fuller and Tony Li from several years ago which illustrated this, but cannot find a reference at the moment....
The raws workshop report makes for interesting reading, especially with respect to how things actually turned out now that we're a decade on. http://tools.ietf.org/html/rfc4984
I found it:
"Scaling issues with ipv6 routing+multihoming" Vince Fuller, Cisco Systems http://iab.org/wp-content/IAB-uploads/2011/03/vaf-iab-raws.pdf
I think the slides [above] were done for an IAB routing workshop in ~2006.
Also:
"Scaling of Internet Routing and Addressing: past view, present reality,and possible futures" Vince Fuller, Cisco Systems http://www.vaf.net/~vaf/apricotworkshop.pdf
FYI,
- ferg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/13/2014 11:09 AM, joel jaeggli wrote:
On 8/13/14 8:55 AM, Paul Ferguson wrote:
Apologies for replying to my own post, but... below:
On 8/13/2014 7:05 AM, Paul Ferguson wrote:
p.s. I recall some IPv6 prefix growth routing projections by Vince Fuller and Tony Li from several years ago which illustrated this, but cannot find a reference at the moment....
The raws workshop report makes for interesting reading, especially with respect to how things actually turned out now that we're a decade on.
Thanks for that -- I had completely forgotten about it. :-) - - ferg
I found it:
"Scaling issues with ipv6 routing+multihoming" Vince Fuller, Cisco Systems http://iab.org/wp-content/IAB-uploads/2011/03/vaf-iab-raws.pdf
I think the slides [above] were done for an IAB routing workshop in ~2006.
Also:
"Scaling of Internet Routing and Addressing: past view, present reality,and possible futures" Vince Fuller, Cisco Systems http://www.vaf.net/~vaf/apricotworkshop.pdf
FYI,
- ferg
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlPrqwkACgkQKJasdVTchbJcDQEA15MMXnmxFgk3MVVJ0ikgFTtO 6XNwJ6nSqL7a6Lq/xvYA/3MM8xA4wrj6Qfy5KDyjOCu3v+hZbTok9gqNHZ+6JZSO =ef9l -----END PGP SIGNATURE-----
On 14 Aug 2014, at 4:14 am, Paul Ferguson <fergdawgster@mykolab.com> wrote:
On 8/13/14 8:55 AM, Paul Ferguson wrote:
Apologies for replying to my own post, but... below:
On 8/13/2014 7:05 AM, Paul Ferguson wrote:
p.s. I recall some IPv6 prefix growth routing projections by Vince Fuller and Tony Li from several years ago which illustrated this, but cannot find a reference at the moment....
I shared some speculation on the next five years of routing table growth at NANOG 60. BGP routing table growth has been remarkably stable for many years, and most of the older predictive exercises have proved to be reasonably accurate. with all the usual caveats applying to a post-V4-exhaustion world having a lot more uncertainties than before the current figures show that the default free zone in IPv4 will hit 1 million entires in 2019 (http://www.potaroo.net/presentations/2014-02-09-bgp2013.pdf. slide 30). IPv6 is a much less certain exercise. If we take the most extreme picture of of the recent past and apply en exponential growth model to the IPv6 network, then the V6 table gets to 125,000 entries by the same 2019. (slide 34 of the same pack) Frankly, these figures are not particularly alarming at present. Yes, we've crossed over some equipment thresholds in the past (TCAM banks of 256K entires, now 512K and at some point its looking possible that we'll get to 1M entries. If yesterday is a lot like tomorrow then this is some 4 years out for the global routing table if we add the IPv4 and IPv6 tables together. If I were buying equipment today I'd want a minimum of 2M entries in the TCAM on the forwarding cards, and I'd also want to understand my options for field upgrades to at least 4M over the anticipated operational lifecycle of the equipment. But you may have a different crystal ball of course. Geoff
On Aug 13, 2014, at 6:52 AM, Warren Kumari <warren@kumari.net> wrote:
On Wed, Aug 13, 2014 at 1:40 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Wed, 13 Aug 2014 08:08:04 +0300, Hank Nussbacher said:
We went with 768 - enough time to replace the routers with ASR9010s. It is merely a stop-gap measure to give everyone time to replace their routers in an orderly fashion.
The same people who, knowing the 6509 had this default config issue, and neither replaced the gear nor did the reconfig to buy time *before* the wall got hit, are going to replace said 6509 in orderly fashion?
Sadly enough: A: not everyone knew about the issue - there are a large number of folk running BGP on 65xx and taking full tables who are not plugged into NANOG / the community. In many cases they are single homed enterprise folk, but run BGP anyway (because com consultant set it up, some employee with clue did it years ago and then left, etc).
I suspect this is true to some extent. Last NANOG had a record attendance and if I remember correctly, 300(!!!!) NEW attendees. Also, Philip Smith is STILL doing the BGP fundamentals tutorials with a full house every time. Granted this is mostly around rest of world but there are new folks coming along all the time and while many old timers are aware of all the historical info on route aggregation, this should be brought up ad nauseum for new folks. Do enterprise type educational folks who include routing tutorials do anything with route aggregation? Just wondering out loud.
B: they *did* know about the issue, but convincing management to spend the cash to buy hardware that doesn't suck was hard, because "everything is working fine at the moment" -- some folk needed things to fail spectacularity to be able to justify shelling out the $$$ ( yes, they could recard the TCAM, but they are using this as an excuse to get some real gear)…
Oh yeah, I'd bet this is also the case. Just like in 'security' related issues…. - merike
Am I overly cynical, or does this all work out perfectly for some vendors? I'm guessing that a certain vendor is going to see a huge number of orders for new equipment, for an event that could have been (and was) easily predicted... "Here, buy my widget... and then you'll come back in a few years and buy another one.. <mwahahahah>". Yup, folk purchasing these *should* have known (not like there was no discussions of this), but, well, not everyone spends all day reading NANOG / RIPE / CIDR report...
W
Hank, you gotta learn to wear respiratory apparatus when working near open containers of magic router pixie dust - that stuff can screw you up if you inhale it. :)
-- -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
Subject: Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today Date: Wed, Aug 13, 2014 at 11:27:46AM -0700 Quoting Merike Kaeo (merike@doubleshotsecurity.com):
B: they *did* know about the issue, but convincing management to spend the cash to buy hardware that doesn't suck was hard, because "everything is working fine at the moment" -- some folk needed things to fail spectacularity to be able to justify shelling out the $$$ ( yes, they could recard the TCAM, but they are using this as an excuse to get some real gear)…
Oh yeah, I'd bet this is also the case. Just like in 'security' related issues….
This is why "test crash" was introduced. http://markmail.org/message/tu46ecy272o3stvp /Måns, just rebooted. (with a new carving already configured) -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Thousands of days of civilians ... have produced a ... feeling for the aesthetic modules --
participants (8)
-
Geoff Huston -
Hank Nussbacher -
joel jaeggli -
Merike Kaeo -
Måns Nilsson -
Paul Ferguson -
Valdis.Kletnieks@vt.edu -
Warren Kumari