Over-utilisation of v6 neighbour slots

Phil Mayers p.mayers at imperial.ac.uk
Thu Oct 24 10:49:31 CEST 2013


On 10/24/2013 08:18 AM, Benedikt Stockebrand wrote:
> In my opintion the problem here is not so much Apple, but Cisco.  While

Well, I think there's more than one problem.

Certainly fixed-size (and relatively small) FIBs in Cisco-land are a 
problem. On devices where the FIB is a relatively fast-but-inflexible 
architecture - like TCAM - good sizing decisions at design time need to 
be married with smart algorithms at runtime (i.e. partition TCAM 
dynamically not statically at reboot!). Sup720 doesn't do well in both 
categories!

It is only relatively recently that TCAM-based platforms have started to 
grow in terms of FIB size - sup2T still comes in the same sizes as 
sup720, but the new 6880 has bigger.

But even if you forget completely about the FIB-size issue, I *still* 
assert that Apple's v6 privacy address behaviour is idiotic. For those 
of us who log v6->MAC mappings into SQL, it balloons the logging 
requirements. It loads IPv6 FHS implementations. And it provides 
negligible - perhaps zero - improvement in privacy.

I've observed Apple devices powering up, generating a random IPv6 
address, NEVER USING IT, then powering it down and losing it, at 
intervals of tens of seconds. That's just asinine.

I assert that rolling the address on a timer, not on power/link 
activity, is the intent of the RFCs, and the desired behaviour, and that 
Apple are doing the wrong thing here.

> I understand that CAM/TCAM is painfully expensive in hardware, in the
> long run increasing its size is the way to go.  On the Cisco side, the

In the long run, a move to RAM-based trie lookups seems to be the way to 
go for FIBs, for the superior power use characteristics if nothing else.

> quick workaround may be a reliable expiration mechanism.  On your side,
> maybe some further segmentation can help to spread the load over
> multiple routers (yes, I know that's frequently not an option on WiFi).

...as is the case here. That said, we are pondering moving the wireless 
routing off onto dedicated devices - anyone got any recommendations? ;o)

Cheers.
Phil


More information about the ipv6-ops mailing list