Monday, November 30, 2015

Data Field Day Roundtable - telemetry and the impact on understanding data

I was finally able to participate in another Tech Field Day event recently, specifically Data Field Day Roundtable, and wanted to put down some thoughts on what I found interesting about it. As many folks are aware, participation in Tech Field Day isn't an endorsement of any company or product. Yes, these companies do pay to participate but for me the benefits of the event are around hearing from interesting colleagues and businesses doing innovative stuff in the market. I do encourage industry friends and colleague to watch what is put out by Stephen and crew as I really do feel it has a lot of value. Enough babble, let's jump into the one presentation that live in person at the event wasn't super engaging but after consideration merited another watch on video and some comments.

One of the challenges with lots of data is actually figuring out how to collect and process it. At huge scale the presentation that was given by Matthew Johnson with Netflix will scratch that itch for folk. Clearly designing and building systems for something as large and distributed as Netflix is complex, you just don't realize how complex until someone walks you through some of the math involved. It is an interesting presentation and worth a watch.

I found the presentation given later in the day by Phillip Liu from SignalFx to be thought provoking and this is the presentation I am referring to about being worth a second look. At first I didn't understand what SignalFx was actually providing that was different than what Splunk or DataDog might be doing. It wasn't until later in the presentation that I figured out what they had done. The online presentation is a very different experience then being there in person believe it or not. Phillip speaks very softly so most of the participants in the room really couldn't hear him well. This all changes with the video because he wore a mic for the streaming and video recording. I didn't get the light bulb moment until 41 minutes into a 54 minute presentation. Yes, I am that dim. You can hear me catch on at about 42:19 in the video.

Here in the video jumping in a little bit before I figure that out.

In summary, SignalFx is providing math (function) as a service! You can do a variety of functional equations on data points as they are streaming into the product. This allows you to do all sort of interesting things with the data in real time that in the past you had to run large data reports on to produce. Even more impressive is that anyone with basic math skills can use the tool or leverage what SignalFx is providing out of the box with integration with other major platforms. What was really interesting is that Cisco did a demo after that showing their IOS XR routing platform being able to stream data and have SignalFx do something with that data. This effort was possible because of Cisco's work with OpenConfig. Anees Shaikh with Google also presented talking about the efforts to standardize network management and monitoring. It builds out the foundation for why this new software first world is changing what is happening in networking so profoundly.

I'm glad I was able to finally make another Tech Field Day event and I think this was a great one to be involved with as it is an area of professional interest.
- Ed

Thursday, October 08, 2015

IPv6 site local addresses - why are those still around?

There have been more than a few occasions that site local addresses (which was deprecated by RFC 3879 way back in 2004) have been brought up to me lately, specifically around a feature that Windows has had for a very long time. This feature is the automatic use of three well know site local DNS name server entries if no IPv6 name server is provided to an interface. The three IPv6 addresses are:
You can see these in use on interfaces on the Windows client or server machine, especially for interfaces you might not be aware of on a given host. For instance, you might have ISATAP tunnel interfaces or a Bluetooth interface that display these. You can check using the following PowerShell:
PS C:\> Get-DnsClientServerAddress | ft

That will display all the client DNS server information for all the interfaces on a given Windows host. From that you will see something like:
InterfaceAlias               Interface Address ServerAddresses                                                                                                          
                             Index     Family                                                                                                                           
--------------               --------- ------- ---------------                                                                                                          
Local Area Connection 2             24 IPv4    {}                                                                                                                       
Local Area Connection 2             24 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                                                                   

isatap.{7901A47F-5E03-43A...        39 IPv4    {}                                                                                                                       
isatap.{7901A47F-5E03-43A...        39 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                                                                                                                                                                                          Bluetooth Network Connection         6 IPv4 {}                                                                                                                       
Bluetooth Network Connection         6 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3} 


There have been expressed some concerns about this being a vector of exploit because if someone sets up a DNS service on those IPv6 address space they could potentially lie to your host because you will use that as the preferred DNS resolver. This actually isn't the case and it has to do with the prefix policy table. So lets look at some more details.

One of the reason there is no concern around the misuse of site local to exploit a system is due to how the classification of site local is handled in the prefix policy table. You can view the local prefix policy table with the following PowerShell:
PS C:\> Get-NetPrefixPolicy

And the output is:
Prefix                                                       Precedence      Label
------                                                       ----------      -----
3ffe::/16                                                             1         12
fec0::/10                                                             1         11
::/96                                                                 1          3
fc00::/7                                                              3         13
2001::/32                                                             5          5
2002::/16                                                            30          2
::ffff:0:0/96                                                        35          4
::/0                                                                 40          1
::1/128                                                              50          0

The precedence of 1 means it is the least preferred, the same as the former 6bone network of 3ffe::/16 for instance which is no longer in use. The important thing to notice is that ::ffff:0:0/96 has a higher precedence based off the recommendations in RFC 6724. This means that IPv4 traffic and therefore DNS name resolver selection is preferred over site local. So if you have no IPv6 DNS server information even if you did have a site local DNS name server you would not use it if an IPv4 DNS name server option was available. This is the only use case that you might have an issue because if you are using any IPv6 and publishing an IPv6 DNS name resolver then you will prefer that IPv6 DNS name resolver right away. So the only use case where you might potentially use site local is if you actually assign a host an site local address. It makes no sense to do that at all but that is the one case where you might have a problem. So, the simple conclusion is...
Don't use site local, which is obvious, since it was depricated way back in 2004.

Hope this helps to address some concerns around this.
- Ed

Wednesday, September 30, 2015

ARIN IPv4 run out on RunAs Radio, time for IPv6! - Show 440

Super happy to have done another RunAs Radio show with Richard Campbell. We chat about what just happened with ARIN and the IPv4 run out. We cover a wide area of topics but it is hard to stay focused when chatting with a person as diverse and knowledgable as Richard!
Check out the show!
- Ed

Friday, September 25, 2015

ARIN finally ran out of IPv4 - what's next?

We have known for a long time that ARIN would be depleting their IPv4 address pool sometime this year. It happened yesterday Sept 24, 2015. So what does that really mean? Unlike some of the other RIRs around the world, ARIN chose to not have any excess reserved pool but to simply completely burn down what IPv4 address blocks they have left in inventory. This means that unlike other RIRs there is not "reserve" bucket at all to reach back into.

Honestly, while the event in very important we are still going to see IPv4 use for a long time. The reason why is that the majority of small and medium sized businesses still get their IPv4 address space from their local service provider. These ISPs still have IPv4 inventory left. I haven't seen any consolidated information about how much inventory major US providers have left but I can imagine at least several years worth. So, if a business needs IPv4 addresses they can still get them.

I do think to get them you will pay more money. Plan and simple economics come up. IPv4 is now a scarce commodity and the price per IPv4 address will only go up over time. This means that IPv6 addresses will become more common as they will be the cost effective option. Especially since that is the only way for the service providers to continue to grow and add customers. So for customers demanding IPv4 for any reason they will have to pay more and those that are willing to go IPv6 only will likely get the most cost effective service pricing.

The other impact is that a lot more folks are going to have to start getting comfortable with IPv6. How to manage it, use it and write applications that run on top of it. There is no way you can claim to be an early adopter of IPv6 at all now but you can certainly join the rapidly growing group of users who are learning and using IPv6. IPv6 is the future and the future is now!
- Ed

Wednesday, September 02, 2015

Datanauts 006 – Assessing IPv6 Readiness

I had a great time talking with Ethan Banks and Chris Wahl who are the co-hosts of the Datanauts podcast over at the Packet Pushers website. We dug into IPv6 and the state of things today. You can listen to the show and let us know what you think by hitting up the gents at @datanauts_show.
I can't recommend this podcast highly enough, it is really well done. I'm not just saying this because I was on the show. Honestly, I've listened to all the other Datanauts shows they have put out, the content is really that good. It is worth your time, trust me. Hope you enjoy it and please feel free to give feedback about what you thought about the show too. You can just hit me up on twitter @ehorley.
- Ed