Over-utilisation of v6 neighbour slots
p.mayers at imperial.ac.uk
Thu Oct 24 10:49:31 CEST 2013
On 10/24/2013 08:18 AM, Benedikt Stockebrand wrote:
> In my opintion the problem here is not so much Apple, but Cisco. While
Well, I think there's more than one problem.
Certainly fixed-size (and relatively small) FIBs in Cisco-land are a
problem. On devices where the FIB is a relatively fast-but-inflexible
architecture - like TCAM - good sizing decisions at design time need to
be married with smart algorithms at runtime (i.e. partition TCAM
dynamically not statically at reboot!). Sup720 doesn't do well in both
It is only relatively recently that TCAM-based platforms have started to
grow in terms of FIB size - sup2T still comes in the same sizes as
sup720, but the new 6880 has bigger.
But even if you forget completely about the FIB-size issue, I *still*
assert that Apple's v6 privacy address behaviour is idiotic. For those
of us who log v6->MAC mappings into SQL, it balloons the logging
requirements. It loads IPv6 FHS implementations. And it provides
negligible - perhaps zero - improvement in privacy.
I've observed Apple devices powering up, generating a random IPv6
address, NEVER USING IT, then powering it down and losing it, at
intervals of tens of seconds. That's just asinine.
I assert that rolling the address on a timer, not on power/link
activity, is the intent of the RFCs, and the desired behaviour, and that
Apple are doing the wrong thing here.
> I understand that CAM/TCAM is painfully expensive in hardware, in the
> long run increasing its size is the way to go. On the Cisco side, the
In the long run, a move to RAM-based trie lookups seems to be the way to
go for FIBs, for the superior power use characteristics if nothing else.
> quick workaround may be a reliable expiration mechanism. On your side,
> maybe some further segmentation can help to spread the load over
> multiple routers (yes, I know that's frequently not an option on WiFi).
...as is the case here. That said, we are pondering moving the wireless
routing off onto dedicated devices - anyone got any recommendations? ;o)
More information about the ipv6-ops