Ten years ago, I published my first "IPv4 address use report" over 2005. After that, I did 2006, 2007, 2008, 2009, and 2010. Today, I'm going back to the well one last time and provide an overview of what happened with the IPv4 addresses the past decade, which will close the book on the IPv4 address space as far as I'm concerned.
At the end of 2005, 2056.30 million of the 3706.65 usable IPv4 addresses had been given out: 55%. Today, it's 3592.99 million, which is 97%. Can you imagine driving a car with a tank filled to 3%? Or work on a computer with a drive that's 97% full?Read the article - posted 2015-01-08
After yesterday's final yearly IPv4 address report, I thought that today, I'd look at the other numbers the five Regional Internet Registries give out: IPv6 addresses and autonomous system (AS) numbers.Read the article - posted 2015-01-09
Google has been measuring how many of its users have working IPv6 for some years now. At the beginning of 2014, this number was 2.75%; higher during weekends, lower on weekdays. We ended the year close to 6%, but then when we all went back to work in 2015, we dipped right back down below 5%!
As part of my BGP training course, I explain to the participants that they can get BGP either by buying a router from the likes of Cisco or Juniper, or by running routing software such as Zebra, Quagga or OpenBGPD on a Unix (-like) operating system. Then I always mention that I haven't tried OpenBGPD yet, but I really should.
There's no time like the present, so I decided to take the plunge today.
Read the article - posted 2015-02-01
Here's a bunch more information about these two and other open source routing software...Read the article - posted 2015-02-02
So HTTP 2 multiplexes multiple transfers over a single TCP session. It would be cleaner to do this using SCTP, which implements multiple streams natively. But having to figure out whether you can use SCTP or need to use TCP would be a significant complication, while negotiating the use of HTTP 2 over TCP port 80 should be relatively straightforward.
I'm glad the mandatory encryption didn't happen. Encryption is important, but there are times where it's unneeded, and forcing people to use it when they don't want/need it would just make for even more carelessness with certificates than we're already seeing today. For instance, the server serves the exact same copy of this webpage to anyone who requests it, so there's no point in encrypting it. Encryption would just add more time consuming round trips, use more battery power, and require me to buy a certificate.
Apparently most of the browser makers are already on the case, no mention of Safari, though. I'm interested to see how much faster HTTP 2 will be in practice.
Read the article - posted 2015-02-18
Yesterday I wrote about my new printer, which supports IPv6. I posted a photo on Twitter with the printer's IPv6 address, and before long people attempted to print over the internet. Eventually, two succeeded.
I'm not very happy that Canon allows this by default, and doesn't give you any way to block this other than to disable IPv6 or put the printer behind a firewall.
Here's another link to that part of the story, as the title I used yesterday doesn't mention IPv6 or firewalling.
Read the article - posted 2015-03-04
At the RIPE-70 meeting next month in Amsterdam I'll be doing a tutorial on BGP: "Get Your Hands Dirty with BGP".
This is the "light" version of the regular BGP training that I do several times a year: the theory part will be around 30 minutes and then about two hours of hands-on BGP using the Quagga routing software running in a virtual machine on the participant's laptops.Permalink - posted 2015-04-15
As you may have noticed, I write about BGP from time to time. When coming up with example configurations, there's always the challenge of which AS numbers and IP addresses/prefixes to use...Read the article - posted 2015-04-24
For some years now, the Regional Internet Registries have been rolling out RPKI. The Resource Public Key Infrastructure allows holders of IP addresses to authorize an autonomous system to inject those addresses in BGP. (See here for an overview of how RPKI works and more links.)
I've always thought it would be hard to deploy RPKI in the real world, because it's just way too easy for a certificate or ROA (route origination authorization) to expire. If that then leads to routes becoming invalid and the addresses in question being unreachable, that would be a good example of the cure being worse than the disease.
Fortunately, that's not the case: RPKI is ready for real-world deployment today.Read the article - posted 2015-04-30
I'm at the RIPE meeting in Amsterdam this week. Yesterday, one of the first presentations was one from Alcatel-Lucent's Greg Hankins: Evolution of Ethernet Speeds: What’s New and What’s Next.
Apparently, we're going to get some new Ethernet speeds in the (relatively) near future, such as 2.5, 5 and 25 Gbps. I can't wait!Read the article - posted 2015-05-12
At the NANOG meeting in San Francisco two weeks ago, there was a session on The benefits of deploying IPv6 only. Someone from T-Mobile explained that the latest Windows Mobile and Android support 464XLAT to allow IPv4-only applications to work over IPv6 with NAT64, so those devices now only get IPv6. Other devices only get IPv4, there's no dual stack. At that point, the panelists didn't know yet that Apple is requiring iOS 9 apps to work over IPv6 so those can work through NAT64 without 464XLAT.
Another interesting data point is the observation by Facebook that IPv6 tends to perform better than IPv4, with the margin being as large as 40%:
However, why this is is unclear: the RTTs are the same, yet the performance/bandwidth over IPv6 is better. There was some frustration because Apple's implementation of "happy eyeballs" only looks at the RTT to choose between IPv4 and IPv6, and thus lands on IPv4 a good deal of the time and doesn't enjoy the benefits of that better IPv6 performance.Permalink - posted 2015-06-17
This July 30th, at 23:59:60, a leap second was added to Coordinated Universal Time (UTC). Dyn Research posted the following graph on Twitter that shows there was significant BGP update instability for five minutes after the leap second occurred:
As we learned last month, Apple has included a DNS64/NAT64 implementation in the upcoming version 10.11 of the Mac operating system, for the purpose of testing whether iOS applications are "IPv6-clean". I installed the public beta of 10.11 last week, so I was able to see how this DNS64/NAT64 implementation works.Read the article - posted 2015-07-13
20 years ago today, I got my first autonomous system (AS) number, marking my entry in the BGP business. (5399, if you're wondering.)
To quote Ferris Bueller: "Life moves pretty fast. If you don't stop and look around once in a while, you could miss it." So let's look back and see what has happened over those 20 years.Read the article - posted 2015-08-15
These are the top 10 internet exchanges in the world exchanging the most traffic according to Packet Clearing House:
As you can see, the DE-CIX in Frankfurt is the top dog at 4.76 terabits per second peak traffic. (That's enough to transfer about a hundred HD movies or 595 gigabytes per second.) The Amsterdam Internet Exchange is second at 3.94 Tbps. But... we also have the Neutral Internet Exchange (NL-ix) in Amsterdam at 1.44 Tbps. So AMS-IX and NL-ix together make Amsterdam the city with the most internet traffic in the world at no less than 5.38 Tbps as per these statistics.
However, not all NL-ix traffic is actually exchanged in Amsterdam, they have many locations in the Netherlands and also some in the surrounding countries. It's still entirely possible that at least 830 Gbps of that 1.44 Tbps is exchanged in Amsterdam, though.Permalink - posted 2015-11-27