A swift kick in the NATs

[WereCatf]

1 minute ago, leadeater said:

Speaking of I'm not sure why we also don't transition to internet infrastructure allowing jumbo frames, pretty well everything supports that now.

Latency. Jumbo-frames allow for higher bandwidth at the expense of higher latency. Since many of the tasks we do on the Internet are latency-sensitive and we can push for pretty high bandwidths even with smaller MTU, it doesn't really make much sense to use jumbo-frames everywhere.

[leadeater]

5 minutes ago, WereCatf said:

Latency. Jumbo-frames allow for higher bandwidth at the expense of higher latency. Since many of the tasks we do on the Internet are latency-sensitive and we can push for pretty high bandwidths even with smaller MTU, it doesn't really make much sense to use jumbo-frames everywhere.

You can enable it but that doesn't mean it'll get used, and in cases where you have fragmentation prevention of that by allowing larger frame should result in lower latency not higher.

[WereCatf]

13 minutes ago, leadeater said:

allowing larger frame should result in lower latency not higher.

In the time it takes for you to receive a single 10k jumbo-frame, you'll have already received six 1500-MTU frames and processed, like e.g. already sent a reply to, some of them as well -- that is, lower latency for the smaller frames.

 

To quote Wikipedia on this:

Quote

However, this gain is not without a downside. Large packets occupy a slow link for more time than a smaller packet, causing greater delays to subsequent packets, and increasing network delay and delay variation. For example, a 1500-byte packet, the largest allowed by Ethernet at the network layer, ties up a 14.4k modem for about one second.

 

Large packets are also problematic in the presence of communications errors. If no forward error correction is used, corruption of a single bit in a packet requires that the entire packet be retransmitted, which can be costly. At a given bit error rate, larger packets are more susceptible to corruption. Their greater payload makes retransmissions of larger packets take longer. Despite the negative effects on retransmission duration, large packets can still have a net positive effect on end-to-end TCP performance.

Those retransmissions and their latency-increasing effect on the rest of the traffic on the link is a big downside on an Internet-scale network.

[leadeater]

20 minutes ago, WereCatf said:

Those retransmissions and their latency-increasing effect on the rest of the traffic on the link is a big downside on an Internet-scale network.

Yea I'm not really sure that applies to today much. There is a very good reason why for example you enable jumbo frames on iSCSI connections as you get actual lower storage access latency and higher bandwidth. Sure these are not congested or low bandwidth links but the same is also true of internet infrastructure of today.

 

All our 100Gbps links between our datacenters are all jumbo frame enabled (these are shared links) because we get much better performance than without jumbo frames. These links are ~600km in distance and routed with VXLAN used on VLANs that are required to be stretched otherwise we stick to layer 3 between them. Jumbo frames disabled is hands down worse here.

 

Edit:

Also jumbo frames as I mentioned will only be used if the sending application needs to send something that large, otherwise it'll never do it.

[WereCatf]

14 minutes ago, leadeater said:

Yea I'm not really sure that applies to today much. There is a very good reason why for example you enable jumbo frames on iSCSI connections as you get actual lower storage access latency and higher bandwidth. Sure these at not congested or low bandwidth links but the same is also true of internet infrastructure of today.

Well, okay. At this point I'm really only relying on what I've read: I don't have access to high-speed networks, I don't deal with massive amounts of data or anything like that. I'd say you are in a far better position to share some actual first-hand experience on this topic and I won't contest you on this. If you say that allowing for jumbo-frames is better in all situations, even at Internet-scale, I am not in a position to prove you wrong and I will happily admit to my lack of experience in this area.

[leadeater]

1 hour ago, WereCatf said:

I'd say you are in a far better position to share some actual first-hand experience on this topic and I won't contest you on this.

Well you did raise a good point, not all applications are the same and have different needs, particularly ones with user interaction or viewing. Even if say games would send jumbo sized frames it probably is better they stay smaller and have more frequent positional updates etc.

 

1 hour ago, WereCatf said:

If you say that allowing for jumbo-frames is better in all situations, even at Internet-scale

Well I'm honestly not sure on that, I know it can help but I also know doing it adds a bunch of complexity that just may not be worth it. It's nice and simple on our native Ethernet WAN links that are purpose for our national research data network and it was designed from that start for those needs. Internet is well, a little more organic in it's evolution 

[Mark Kaine]

2 hours ago, leadeater said:

Your router won't make a choice unless it needs to and an example of that is if the destination is on a different protocol. However that's not really a situation you were encountering because if you only have an ipv6 address the router cannot do any translation as it has nothing to translate to, there is no ipv4 address that is has. So in that situation traffic is getting routed as normal over ipv6

... 

Now in my current situation it's the other way around though, I'm only using ipv4, because we can talk about this all day (although we probably shouldn't...) but the fact remains ipv6 is terrible for gaming or even for using the internet, network errors, *lag*, DNS errors... (this happens mostly on consoles weirdly) 

 

Every one of my friends says the same "ipv6 suuxx" because it really does. 

 

Maybe it's not like that everywhere but here it's really awful, so no I don't really have a choice, it's not working (without huge issues) 

 

Hence I was (am still) wondering how I even connect to people with ipv6 address, which surely exist... 

 

Right now my conclusion is that this might not be possible and would possibly explain a huge part of network related errors in games. 

 

Like for example "could not establish connection to one or more players" 

 

That could simply mean they have ipv6 and the game therfore can't connect me, tho this is purely speculation of course. 

 

Btw the article I linked earlier is..., great? Explains a lot of stuff really well, and even things I've been trying to say as well. 

 

Example:

. 

Quote

It would have been so easy if the early Internet and TCP/IP network designers had made IPv6 backward compatible with IPv4. They didn't. 

 

That leads the thought process of saying we need a new standard, the only reason it's not happening is because everyone is already too invested in this thing. And I'm not the only one thinking this... Though in the end I understand that's probably not going to happen... 

 

 

Here's another one that imo simply shows this stuff is *not easy* at all, and that there are many potential issues. 

 

Quote

These are some of the most popular ways to get IPv6 and IPv4 on the same network. There are many others. Want to know what the worst news about all of them is? None of them are very compatible with the others. As I've said before, like it or lump it you are going to need to move to IPv6.

In the meantime, you're almost certain to need one, or more, of these technologies in the next few years. Again, Before deploying any IPv4/IPv6 bridging solutions, you're going to need to spend a lot of time having your network engineers and vendors making sure that everything in your new network stacks can interoperate. It' all too easy to mix and match equipment and methods in ways that will slow your network down to a crawl.

 

https://www.zdnet.com/article/five-ways-for-ipv6-and-ipv4-to-peacefully-co-exist/

[leadeater]

Just now, Mark Kaine said:

Every one of my friends says the same "ipv6 suuxx" because it really does. 

Well in general I agree, but that's mostly because of the lack of deployment which has implications on end users when using it. Because of the more limited deployment things are not so equal between the two because if the endpoint you are talking to does have an ipv6 address but also has an ipv4 address odds are the ipv4 path is actually going to be better and also more resilient as there would be more ipv4 alternative paths if one goes down or is congested, this much less so for ipv6.

 

So yea, ipv6 will be kind of worse until more people use it but more people won't use it while it's "kind of worse" lol

[Mark Kaine]

Yeah, exactly lol.

[Franck]

ALG when you have it on a router is as far as i have seen been disabled by default and it should be.

[jagdtigger]

9 hours ago, Mark Kaine said:

like I still don't understand how 4 and 6 connect when they're incompatible

They dont connect because they are incompatible. But as the transport layer dont care about the protocol they can coexist on the same network. If you want to connect to a ipv6 host it will use ipv6, if the host is ipv4 it will use ipv4. But if you have a ipv6 connection only for example there is a need for some "trickery" aka tunneling. This still wont make it possible to make ipv4 talk to ipv6, but simply wraps the ipv4 packet into ipv6 until it reaches the destination v4 network. There a different device extracts the v4 packet and sends it to its destination using IPv4.

[2FA]

On 11/3/2020 at 6:19 AM, WereCatf said:

If your PC's IP-address begins with 192.168, then it's not directly connected to the Internet.

FTFY. Only the 192.168.0.0/16 space is private (not counting 10.0.0.0/8 and 172.16.0.0/12). Pedantic, I know.

[Mark Kaine]

8 hours ago, Franck said:

ALG when you have it on a router is as far as i have seen been disabled by default and it should be.

OH yeah lol, I couldn't find that shit... I'm sure my router has it though because it has VoIP? 

 

There's only "telephonie" and afaik you can't even delete it permanently... 

 

1 hour ago, jagdtigger said:

They dont connect because they are incompatible. But as the transport layer dont care about the protocol they can coexist on the same network. If you want to connect to a ipv6 host it will use ipv6, if the host is ipv4 it will use ipv4. But if you have a ipv6 connection only for example there is a need for some "trickery" aka tunneling. This still wont make it possible to make ipv4 talk to ipv6, but simply wraps the ipv4 packet into ipv6 until it reaches the destination v4 network. There a different device extracts the v4 packet and sends it to its destination using IPv4.

Ok so if I have ipv4 and my friend has ipv6 *only* we can't connect to play games etc, at least not peer to peer ones? 

 

 

Because I simply refuse to turn this on, it's like a built-in lagswitch lol... 

 

^ipv6 support turned on, just to show the options

 

This is how it's set :

 

 

 

So there is no ipv6 "support" running whatsoever (if my router isn't lying) 

 

Good thing is no one I know has this on I guess , and if, they have probably both (and yes this is by far the most popular router type here, they're pretty good, no draytek but still) 

[Franck]

32 minutes ago, Mark Kaine said:

OH yeah lol, I couldn't find that shit... I'm sure my router has it though because it has VoIP? 

Not necessary but in the case of VOIP chance that your have the option is very high. your option might be called SIPALG option or simply SIP which in that case it's on by default specially those meant for older PBX systems.

 

36 minutes ago, Mark Kaine said:

Ok so if I have ipv4 and my friend has ipv6 *only* we can't connect to play games etc, at least not peer to peer ones? 

IPv4 can be handled by IPv6 updated systems. the inverse is not necessary true. There is some exception case which i don't remember as i just keep everything IPv6 end to end to solve futur problem... specially since the wake up call we got with europe hitting the limit

[Mark Kaine]

58 minutes ago, Franck said:

Not necessary but in the case of VOIP chance that your have the option is very high. your option might be called SIPALG option or simply SIP

It's quite difficult to find that info, AVM doesn't seem to mention it at all. This is what I found so far (on google) 

 

 

 

So does that maybe mean it can't be disabled because it doesn't have it? 

 

I know AVM often doesn't use stuff others do because "security" and implement their own solutions, but this is all too vague to me to draw a proper conclusion... 

 

 

"inbuild sip server" doesn't tell me anything!? 

[Kisai]

48 minutes ago, Franck said:

Not necessary but in the case of VOIP chance that your have the option is very high. your option might be called SIPALG option or simply SIP which in that case it's on by default specially those meant for older PBX systems.

 

IPv4 can be handled by IPv6 updated systems. the inverse is not necessary true. There is some exception case which i don't remember as i just keep everything IPv6 end to end to solve futur problem... specially since the wake up call we got with europe hitting the limit

I'll give you a few examples

Dell PowerEdge 1950/2950 (which are still in service), can run IPv6 inside the OS, but their BMC ((DRAC 5) which is embedded Linux AFAIK) only work on ipv4, and you can't just rip out the BMC, and thus you can't PXE boot them over ipv6.

StarTech KVM's, can only be configured for ipv4, again, embedded Linux is the problem.

 

Many Cisco core routers only added IPv6 in new IOS versions (12.0 at the bare minimum 2001-2006) with some not getting it as late as 2013 (IOS XE 3.9S). So take into account that a lot of this hardware sits around in use until it catches fire or the parts can't be acquired, it's very likely that hardware all over the place doesn't support IPv6 and likely won't ever support it unless someone drives a truck through it (eg CPE hardware, and DSL/DOCSIS hardware installed outside the CO.)

 

Like short of some regulation requiring all hardware and software that connects to the public internet to use IPv6-only at a specified cut-off date, or a demand to kill NAT systems so that individual computers/subscribers on the internet can be easily identified, it's going to take some services moving to ipv6 only space for some ISP's to care, and customers won't really care since they only see the DNS name.

 

[divito]

10 hours ago, Franck said:

ALG when you have it on a router is as far as i have seen been disabled by default and it should be.

I have an Archer C9 and it's all on by default.

I'm kind of imagining that none of it is all that useful.
 

[Mark Kaine]

They generally turn on everything that could be a security risk by default, because users "might need it" lol 

 

(also updating hw just a few years old is a no go) 

 

They stopped updating my router last year and it's only like 4 yrs old... 

 

[jagdtigger]

9 hours ago, Mark Kaine said:

Because I simply refuse to turn this on, it's like a built-in lagswitch lol... 

 

^ipv6 support turned on, just to show the options

OFC its a lag switch, its tunneling the v6 traffic........ (most likely cause for the lag is your  ISP cheaping out on the tunneling server)

 

  

7 hours ago, Mark Kaine said:

They stopped updating my router last year and it's only like 4 yrs old... 

Did you look at 3rd party fw like dd or openwrt?

[Mark Kaine]

25 minutes ago, jagdtigger said:

most likely cause for the lag is your  ISP cheaping out on the tunneling server

I'm pretty sure they don't want ppl to use IPV6, they aren't buying up IPV4 addresses just for fun, you know! [speculation of course] 

 

25 minutes ago, jagdtigger said:

Did you look at 3rd party fw like dd or openwrt

Actually looked yeah, found openwrt, but the site didn't really fill me with confidence, neither did it look like it's actually a working firmware lol... 

 

Whats dd? 

 

My router is fritz!box 6372 SL btw 

 

Is there a good site where I could look this up? 

 

 

EDIT : Actually, on a second look, this looks legit? 

https://openwrt.org/toh/avm/avm_7362_sl

 

So I need the Openwrt "install" and then the Openwrt "upgrade" I'm guessing? 

 

[jagdtigger]

17 minutes ago, Mark Kaine said:

I'm pretty sure they don't want ppl to use IPV6, they aren't buying up IPV4 addresses just for fun, you know! [speculation of course] 

Actually thats spot on, they dont want to upgrade perfectly functioning equipment so they just keep on forcing IPv4 onto customers as long as they can do it without backlash.

 

17 minutes ago, Mark Kaine said:

Whats dd? 

DDWRT.

 

17 minutes ago, Mark Kaine said:

So I need the Openwrt "install" and then the Openwrt "upgrade" I'm guessing? 

Yes, as it is written in the flashing instructions. Never had a fritzbox so i cant help you with it.

[Franck]

14 hours ago, divito said:

I have an Archer C9 and it's all on by default.

I'm kind of imagining that none of it is all that useful.
 

I mentioned in a follow up that yes if you have SIP-ALG it is very likely to be on by default.