Transit Questions (IPv6, MTU, EDNS)

newer
reprogram Brocade SFP+ optic to...

older
Linux.conf.au 2015 in Auckland -...

Alexander Neilson

24 Jun 2014 24 Jun '14

5:35 p.m.

Hi All I am looking to see what others experiences are with transit providers. Mainly I am wondering about IPv6 Support and MTU Sizes

...

From talking to my upstream providers it appears that 1500MTU is the limit I have access to, and one of my two upstreams doesn’t provide IPv6 for transit.

This leads my to a few logical questions: * How many transit providers provide MTU above 1500 Bytes? * How many transit providers do not provide IPv6 transit? * How do others handle EDNS? I was doing some looking around our systems a while back and I found a default setting in the Bind9 version we were running that set EDNS to 4096 Bytes. Now all of our transit is limited it seems to 1500 Bytes, so I set the config to limit the announced support down into the usable range by us and saw a reduction in the need for DNS retries. Do other people just have better handling of fragmentation? Do you find any issues having EDNS announcing support for sizes above your transit? do you just have transit that supports MTU over 1500 Bytes? And a big issue in my opinion is the lack of IPv6 support from transit providers. I am not sure about other providers but it will be one deciding factor when purchasing transit going forward. Happy to receive information off list if people don’t want to name on here. Regards Alexander Alexander Neilson Neilson Productions Limited alexander(a)neilson.net.nz 021 329 681 022 456 2326

Attachments:

smime.p7s (application/pkcs7-signature — 4.0 KB)

Show replies by date

Ben

24 Jun 24 Jun

5:57 p.m.

On Wed, Jun 25, 2014 at 10:35:38PM +1200, Alexander Neilson wrote:

...

Hi All

I am looking to see what others experiences are with transit providers.

Mainly I am wondering about IPv6 Support and MTU Sizes

From talking to my upstream providers it appears that 1500MTU is the limit I have access to, and one of my two upstreams doesn?t provide IPv6 for transit.

This leads my to a few logical questions: * How many transit providers provide MTU above 1500 Bytes? * How many transit providers do not provide IPv6 transit? * How do others handle EDNS? I was doing some looking around our systems a while back and I found a default setting in the Bind9 version we were running that set EDNS to 4096 Bytes. Now all of our transit is limited it seems to 1500 Bytes, so I set the config to limit the announced support down into the usable range by us and saw a reduction in the need for DNS retries.

Do other people just have better handling of fragmentation? Do you find any issues having EDNS announcing support for sizes above your transit? do you just have transit that supports MTU over 1500 Bytes?

I'm not a big fan of TCP/IP DNS .. and so I just keep DNS answers small. So I cannot say anything about that sorry. Internet Transit over 1500 bytes is not really doable. Even if you managed to get over 1500 MTU, where are you going to get it to? A lot of the time MTU path discovery doesn't work nearly as well as preferable, so if you have a server with a large MTU you pretty much have to use MSS clamping to fit traffic for 1500 MTU. You may have better luck if you want a larger tunnel between two locations. But the internet in general isn't likely to shift any time soon, as much as I'd like to see it happen. There's also a question of whether large MTU's are even a good thing. On a 10 megabit DSL connection, 1500 MTU means that packets take over 1 msec, to send, and having a few in the queue means you're going to add jitter. If you want to prioritise VOIP traffic or minimise latency in general, then serialisation delay becomes a concern. It's not so bad now that connections are starting to increase in speed, but I don't really see it being a good idea until you get to gigabit speeds, where the benefits of conserving bandwidth hardly matter. And modern ethernet cards deal well with lots of smaller packets.

...

And a big issue in my opinion is the lack of IPv6 support from transit providers. I am not sure about other providers but it will be one deciding factor when purchasing transit going forward.

I'd rather uptake of IPv6 was controlled and functional myself. If you take a look around the current IPv6 Network most people haven't even configured reverse DNS. The main usage cases where IPv6 is beneficial is in situations like Skype, where clients on shared networks want to create direct connections to each other. Any Skype still doesn't support IPv6 AFAIK. The benefits of web servers, and email servers having concurrent IPv6 and IPv4 is mostly as a kind of proof-of-concept. I wouldn't say it's necessarily a bad idea to choose providers based on being able to offer IPv6, but using it at the moment doesn't really hold any benefit - and that's probably one of the reasons that uptake is so low in New Zealand. Peering is often worse for things like Akamai, and other CDN's. Facebook had a sustained outage that hit (some) IPv6 users and not IPv4 users.

...

Happy to receive information off list if people don?t want to name on here.

Regards Alexander

Alexander Neilson Neilson Productions Limited

alexander(a)neilson.net.nz 021 329 681 022 456 2326

...

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Brian E Carpenter

25 Jun 25 Jun

3:44 a.m.

On 25/06/2014 22:57, Ben wrote: ...

...

I'd rather uptake of IPv6 was controlled and functional myself. If you take a look around the current IPv6 Network most people haven't even configured reverse DNS.

No, and that will probably continue. Relying on reverse DNS for much of anything is a bad idea anyway, and hopefully it will fade away as IPv6 makes it less and less useful.

...

The main usage cases where IPv6 is beneficial is in situations like Skype, where clients on shared networks want to create direct connections to each other.

Er, no, the main use case is where a provider has actually run out of IPv4 addresses, and this is starting to happen in some places. And the other main value of course is for applications that are severely damaged by NAT, which is still as real a problem as it has been for 20 years, although people have got used to it.

...

Any Skype still doesn't support IPv6 AFAIK. The benefits of web servers, and email servers having concurrent IPv6 and IPv4 is mostly as a kind of proof-of-concept.

Huh? Given the recent growth in IPv6 acccesses reported by Google and Facebook, I think we are a long way past the proof of concept phase or geeks-only usage. You're right about Skype though. BitTorrent has cracked the dual stack p2p problem but not Skype. Brian

Roland Dobbins

24 Jun 24 Jun

6:32 p.m.

On Jun 25, 2014, at 5:35 PM, Alexander Neilson wrote:

...

* How many transit providers provide MTU above 1500 Bytes?

1500 is pretty much the most prevalent MTU size on the Internet these days, as packets ingress at operator edges and then egress them on the 'far side'. So, an MTU larger than 1500 isn't going to help you on the public Internet. It's mainly useful within internal data centers, and WAN-type connections between same.

...

* How do others handle EDNS?

Fragmentation of large EDNS0 responses (or anything else) is pretty much automagic, from an operational perspective (except when folks have done silly things like block ICMP type-3/code-4 or ICMPv6 type-2). So, this isn't really a concern when looking at the MTU size your upstream transit provider offers. ---------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com Equo ne credite, Teucri. -- Laocoön

Alexander Neilson

6:39 p.m.

On 25/06/2014, at 11:32 pm, Roland Dobbins wrote:

...

On Jun 25, 2014, at 5:35 PM, Alexander Neilson wrote:

...
* How many transit providers provide MTU above 1500 Bytes?

1500 is pretty much the most prevalent MTU size on the Internet these days, as packets ingress at operator edges and then egress them on the 'far side'. So, an MTU larger than 1500 isn't going to help you on the public Internet. It's mainly useful within internal data centers, and WAN-type connections between same.

I guess I was expecting if blocking of needs fragmentation wasn’t too frequent then MTU sizes would start to grow through transit and then as people upgraded PMTUD would start to use larger MTU sizes end to end as links improved.

...

...
* How do others handle EDNS?

Fragmentation of large EDNS0 responses (or anything else) is pretty much automagic, from an operational perspective (except when folks have done silly things like block ICMP type-3/code-4 or ICMPv6 type-2). So, this isn't really a concern when looking at the MTU size your upstream transit provider offers.

I guess I was thinking people would have done those silly things more (as per the MTU size not growing on the internet) and therefore EDNS would have size issues. Is it more that fewer people have these silly config errors? or that DNS has a robust fallback position trying smaller EDNS sizes / alternatives to get a useful reply?

...

---------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com

Equo ne credite, Teucri.

-- Laocoön

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Roland Dobbins

6:59 p.m.

On Jun 25, 2014, at 6:39 PM, Alexander Neilson wrote:

...

I guess I was expecting if blocking of needs fragmentation wasn’t too frequent then MTU sizes would start to grow through transit and then as people upgraded PMTUD would start to use larger MTU sizes end to end as links improved.

PMTU-D sometimes has issues because of inappropriate filtering of ICMP/ICMPv6. That being said, 1500 is going to be the most pervasive MTU for quite some time.

...

I guess I was thinking people would have done those silly things more (as per the MTU size not growing on the internet) and therefore EDNS would have size issues. Is it more that fewer people have these silly config errors? or that DNS has a robust fallback position trying smaller EDNS sizes / alternatives to get a useful reply?

The latter. You're worrying about non-issues - if these were major problems, the Internet wouldn't function. EDNS0 has been in pervasive use for something like 15 years, so it isn't something new or exotic. ;> Get your transit with 1500 MTU, and you'll be fine. It's good that you're already thinking of IPv6 - more people should - and you should design your applications, services, network, et. al. to support it, as well as make it an RFP item as you noted. But it's going to be a while before it becomes critical. ---------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com Equo ne credite, Teucri. -- Laocoön

Mark Goldfinch

25 Jun 25 Jun

2:13 a.m.

Greetings all, On 25 June 2014 23:59, Roland Dobbins wrote:

...

EDNS0 has been in pervasive use for something like 15 years, so it isn't something new or exotic.

also noteworthy to mention is that Bind performing recursive DNS functions will look at whether EDNS0 usage causes problems with individual resolvers, and retry queries without EDNS0 if it suspects it could be a problem. Long-term anyone operating an authoritative name-server which can't serve EDNS0 (for what ever reason), is in for a bad time - DNSSEC necessitates large responses. https://deepthought.isc.org/article/AA-00708/0/Why-does-BIND-log-messages-ab... provides some highlights on Bind's behaviour. Cheers, -- *Mark Goldfinch* *Platform Manager, Modica Group* Tel: +64 4 498 6000 mark.goldfinch(a)modicagroup.com www.modicagroup.com http://facebook.com/modicagroup http://www.linkedin.com/company/modica-group-ltd https://twitter.com/modicagroup https://plus.google.com/+Modicagroup/posts [image: logo] Trusted Customer Engagement - communicate, connect and transact with your audience via mobile and internet channels IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email by mistake, please notify the sender immediately and do not disclose the contents to anyone or make copies thereof.

3833

Age (days ago)

3834

Last active (days ago)

List overview

Download

6 comments

5 participants

participants (5)

Alexander Neilson
Ben
Brian E Carpenter
Mark Goldfinch
Roland Dobbins