Categories
Deploy360 IPv6

Microsoft moves to IPv6 only internally

There’s an interesting post on the RIPE Labs discussing how Microsoft is moving to IPv6 only on its internal network. Marcus Keane presented their experiences during RIPE 73, and we also gave that some coverage on Deploy360, but this expands a bit more on their motivations for doing so.

The primary reason is of course the exhaustion of public IPv4 space, but with a large corporate network spread over more than 100 countries, they’re also running out of private IPv4 address space. Whilst operating multiple NATs might temporarily relieve the situation, this is becoming more difficult to manage and the problem has been exacerbated by the acquisition of other companies with their own NATs, plus the expansion of the Azure cloud computing service.

Dual-stack also only partially addresses the problem as not only are IPv4 addresses still required, but this doubles the complexity of designing their network and dealing with issues when they arise. As a result, Microsoft have been experimenting with IPv6-only networks for the past couple of years, and have now started to deploy this on their production networks.

By focusing initially on the guest network, this minimises the risk to existing and possibly more critical systems, and provides more flexibility for changing things if necessary. It’s interesting that some of the deployment issues encountered were due to DHCPv6 bug in Windows 10, plus the need to support Android devices which doesn’t support DHCPv6. Another interesting issue is that whilst Azure Active Directory can be used to authenticate users, the ACLs on the wireless controllers do not currently support IPv6, although this is in the process of being added.

Nevertheless, the article provides an interesting case study on how a large enterprise clearly understands the necessity of deploying IPv6, and is actively taking steps to implement IPv6 in a production environment.

More Information:

Deploy360 also aims to help this process, so please take a look at our Start Here page to understand how you can get started with IPv6.

 

Categories
Deploy360 IPv6

IPv4 Exhaustion Gets Real – Microsoft Runs Out Of U.S. Addresses For Azure Cloud – Time To Move To IPv6!

us ipv4BOOM! IPv4 address exhaustion just hit home really hard for a good number of people.  They set up virtual machines (VMs) in a US region on Microsoft’s Azure Cloud and now suddenly find that when they use those VMs to access other websites they are treated as if they are from a country outside the US.  Why?

Because Microsoft RAN OUT OF IPv4 ADDRESSES from its “U.S.” blocks of IPv4 addresses!

As Microsoft notes in their blog post:

Some Azure customers may have noticed that for a VM deployed in a US region, when they launch a localized page on a web browser it may redirect them to an international site. 

Oops.

They go on to say precisely what we and many others have been warning about for some time:

IPv4 address space has been fully assigned in the United States, meaning there is no additional IPv4 address space available. This requires Microsoft to use the IPv4 address space available to us globally for the addressing of new services. The result is that we will have to use IPv4 address space assigned to a non-US region to address services which may be in a US region.  It is not possible to transfer registration because the IP space is allocated to the registration authorities by Internet Assigned Numbers Authority.

Keep in mind, too, that back in 2011 Microsoft bought 666,624 IPv4 addresses from Nortel for $7.5 million. So they have already been shopping for more IPv4 space in the North American region.

They’re out.  Done.  Finished.

And so all those people wanting to run VMs on Microsoft’s Azure Cloud are suddenly confronting the reality that if they wanted their server to appear as if it came from the US, they can’t!

Sure, their domain name can look like it is a regular address for a US company… but in the underlying IP addressing their server will appear to the rest of the Internet to be in Brazil or some other location based on some of the geographical IP databases.

UPDATE: It is apparently not just Azure Cloud accounts in the US.  Over on Hacker News a commenter indicated that an Azure account in the North Europe datacenter in Dublin, Ireland, is also getting an IP address from Brazil.  I would guess (but don’t know for a fact) that this means Microsoft may be out of European IP addresses, too.

The impact is that servers running in the Azure Cloud (on VMs) may be treated by applications and services running on other servers as if they are outside the U.S. and so they may be given different choices or options than would be given to US servers.  The example shown in Microsoft’s blog post is of a web browser running on a VM connecting to a site and being given a Portuguese web page because the web server thought the incoming connection was coming from Brazil.  Depending upon how strongly the web server being visited serves out pages based on geographic IP data there may or may not be an easy option to get to pages intended for visitors from the US – or it might at least require more steps.   On a more serious note, there may be some sites that might block traffic in their firewalls based on where IP addresses are thought to be coming from – and so while you thought your server was set up “in the U.S.” it could instead wind up on someone’s blocked list.

Somewhat ironically, we wrote just yesterday about the need for cloud providers to get with the IPv6 program – and today we have living proof of WHY cloud providers need to care.

And as we also noted earlier this week, Latin and South America are basically out of IPv4 addresses – so while Microsoft can use some Brazilian IPv4 addresses today, odds are pretty good they won’t be able to get any more!

Here are a couple of other posts about today’s news:

The cold hard reality is that we simply cannot continue to rely on the “experimental” version of the Internet that used IPv4 addresses.  We need to collectively take the leap to the production version of the Internet using IPv6.

There are BILLIONS of people still to come online on the Internet – and there are BILLIONS more devices that we want to put online as part of the “Internet of Things”.  IPv4 simply doesn’t have the necessary number of addresses!

To get started with IPv6, please visit our “Start Here” page to find resources that are focused for your type of organization. And if you don’t find what you need, please let us know!  We are here to help you make the transition!

As Microsoft so vividly showed us today, IPv4 exhaustion is going to increasingly make IT systems more complicated.  It’s time to make the move to IPv6 where we don’t have to worry about address exhaustion – or having to use IP addresses from a different part of the world.

The time for IPv6 is now!

Good discussions on this topic are happening at:

 

Categories
IPv6

IPv4 Exhaustion Gets Real – Microsoft Runs Out Of U.S. Addresses For Azure Cloud – Time To Move To IPv6!

us ipv4BOOM! IPv4 address exhaustion just hit home really hard for a good number of people.  They set up virtual machines (VMs) in a US region on Microsoft’s Azure Cloud and now suddenly find that when they use those VMs to access other websites they are treated as if they are from a country outside the US.  Why?

Because Microsoft RAN OUT OF IPv4 ADDRESSES from its “U.S.” blocks of IPv4 addresses!

As Microsoft notes in their blog post:

Some Azure customers may have noticed that for a VM deployed in a US region, when they launch a localized page on a web browser it may redirect them to an international site. 

Oops.

They go on to say precisely what we and many others have been warning about for some time:

IPv4 address space has been fully assigned in the United States, meaning there is no additional IPv4 address space available. This requires Microsoft to use the IPv4 address space available to us globally for the addressing of new services. The result is that we will have to use IPv4 address space assigned to a non-US region to address services which may be in a US region.  It is not possible to transfer registration because the IP space is allocated to the registration authorities by Internet Assigned Numbers Authority.

Keep in mind, too, that back in 2011 Microsoft bought 666,624 IPv4 addresses from Nortel for $7.5 million. So they have already been shopping for more IPv4 space in the North American region.

They’re out.  Done.  Finished.

And so all those people wanting to run VMs on Microsoft’s Azure Cloud are suddenly confronting the reality that if they wanted their server to appear as if it came from the US, they can’t!

Sure, their domain name can look like it is a regular address for a US company… but in the underlying IP addressing their server will appear to the rest of the Internet to be in Brazil or some other location based on some of the geographical IP databases.

UPDATE: It is apparently not just Azure Cloud accounts in the US.  Over on Hacker News a commenter indicated that an Azure account in the North Europe datacenter in Dublin, Ireland, is also getting an IP address from Brazil.  I would guess (but don’t know for a fact) that this means Microsoft may be out of European IP addresses, too.

The impact is that servers running in the Azure Cloud (on VMs) may be treated by applications and services running on other servers as if they are outside the U.S. and so they may be given different choices or options than would be given to US servers.  The example shown in Microsoft’s blog post is of a web browser running on a VM connecting to a site and being given a Portuguese web page because the web server thought the incoming connection was coming from Brazil.  Depending upon how strongly the web server being visited serves out pages based on geographic IP data there may or may not be an easy option to get to pages intended for visitors from the US – or it might at least require more steps.   On a more serious note, there may be some sites that might block traffic in their firewalls based on where IP addresses are thought to be coming from – and so while you thought your server was set up “in the U.S.” it could instead wind up on someone’s blocked list.

Somewhat ironically, we wrote just yesterday about the need for cloud providers to get with the IPv6 program – and today we have living proof of WHY cloud providers need to care.

And as we also noted earlier this week, Latin and South America are basically out of IPv4 addresses – so while Microsoft can use some Brazilian IPv4 addresses today, odds are pretty good they won’t be able to get any more!

Here are a couple of other posts about today’s news:

The cold hard reality is that we simply cannot continue to rely on the “experimental” version of the Internet that used IPv4 addresses.  We need to collectively take the leap to the production version of the Internet using IPv6.

There are BILLIONS of people still to come online on the Internet – and there are BILLIONS more devices that we want to put online as part of the “Internet of Things”.  IPv4 simply doesn’t have the necessary number of addresses!

To get started with IPv6, please visit our “Start Here” page to find resources that are focused for your type of organization. And if you don’t find what you need, please let us know!  We are here to help you make the transition!

As Microsoft so vividly showed us today, IPv4 exhaustion is going to increasingly make IT systems more complicated.  It’s time to make the move to IPv6 where we don’t have to worry about address exhaustion – or having to use IP addresses from a different part of the world.

The time for IPv6 is now!

Good discussions on this topic are happening at:

 

Categories
IPv6

GigaOm: Cloud Providers Need To Get IPv6!

GigaOm article about IPv6Over on GigaOm today we were delighted to see the article “With billions of devices coming online, cloud providers better get with IPv6 program“.  In that article, author Barb Darrow writes:

As we enter the internet of things era, with millions; check that, billions of devices coming online, we’re going to need a lot more unique IP addresses. That means the big cloud providers need to get on the stick to support IPv6, the internet protocol that opens up billions of new addresses for just that purpose.

EXACTLY!

This is a key point we’ve been making in our events and presentations – with all these many devices coming online, and also with 3-4 billion more people to come online, we need to move to using IPv6!

In the article, she goes on to note that IPv6 is NOT supported by Microsoft Azure, Google Computer Engine and most of Amazon Web Services.  She does point out that IBM Softlayer does support IPv6 as will a new “Verizon Cloud” service apparently coming out later this year.  (All of which has made me note that we need a page on this Deploy360 site about “cloud services that support IPv6”.)

A few weeks back I asked a friend of mine who has an Internet of Things (IoT) startup whether his new service supported IPv6.  He runs his system, not surprisingly, on a cloud platform – in his case Amazon’s Elastic Compute Cloud (EC2) – and because EC2 doesn’t have IPv6, he can’t run his apps over IPv6.

We need to get there.  We need all the cloud providers to be enabled for IPv6, because they will then enable all the companies, large and small and everything in between, to make the move to the “production” version of the Internet.

Barb Darrow mentions in the GigaOm article that “the device population explosion pose to cloud providers and the very architecture of data centers will be a hot topic next week at Structure“, where Structure is GigaOm’s conference on the whole “cloud” topic.  That sounds great… although in looking at the agenda I don’t see anything specifically mentioning IPv6.  Hopefully that is a topic that gets covered and maybe we’ll be able to write about some of the IPv6-related news next week.

UPDATE: In a comment to this post, Barb Darrow indicates that IPv6 will be a topic in the Structure panel “What has to happen to enable the infrastructure to support IOT?”  And indeed, to support the Internet of Things (IoT) we very definitely need to move to IPv6!

Meanwhile, if you are a cloud provider – or anyone else – do check out our “Start Here” page or just browse through some of our IPv6 resources to get started with the move to IPv6!

Categories
IPv6

Microsoft: The Best Xbox One Gaming Experience Will Be Over IPv6

Xbox One and IPv6Do you want the best gaming experience using the upcoming Xbox One console from Microsoft?  If so, you should ask your network operator if you can get IPv6!  Or, if you are a network operator, you should look at rolling out IPv6 to your customers!

Yesterday at NANOG 59 in Phoenix, Arizona, Microsoft’s Chris Palmer explained that the Xbox One gaming console uses IPv6 for the peer-to-peer (p2p) communication between gamers.   His slides are now available from the NANOG site and they walk through the IPv6 support and the rationale for the continued use of the Teredo transition technology so that Xbox One will work over IPv4.  (The video is also included below.)

A key point on Palmer’s second slide is this:

Network operators that want to provide the best possible user experience for Xbox One users:

  • Provide IPv6 Connectivity
  • Allow transition technologies such as Teredo to function
  • Allow for IPsec transport mode to function

So… if you are a network operator and you want your gaming customers using the Xbox One to have the best possible gaming experience, make IPv6 available to your customers! (Find out how to get started with IPv6)

For more about getting started with IPv6, see:

I learned of this talk through a post via Wes George in the Google+ IPv6 community and there has been some discussion there.  There has also been a good bit of discussion in the IPv6-ops mailing list (to which you can subscribe if you are interested) with concerns being raised about the continued usage of Teredo and the challenges of using that particular transition technology.  Christopher Palmer answered some of the questions and also pointed to a more detailed technical document about the Xbox One and IPv6 available in Word form from Microsoft’s web site. Dan Wing also pointed out that there are other similar P2P usage of IPv6 such as Apple’s Back To My Mac (documented in RFC 6281) and Microsoft’s Direct Access.

Even with the concerns this is definitely a great step forward in getting more consumer electronics not only IPv6-enabled but actively using IPv6 in their operations.  Kudos to Christopher Palmer and the rest of the Microsoft team for making this happen!

The video of Christopher Palmer’s presentation is also available for viewing:

Now… can we get the rest of the gaming consoles to please work over IPv6?   And will this move encourage more network operators to get serious about rolling out IPv6 to their customers?


UPDATE: This post seems to have attracted some attention and there are some interesting discussion threads over on Hacker News and also over on Reddit.