25 Mar

Subnetting IPv6 sounds very complex but to be true – it is very easy!
All you need to do is to understand basics of IPv6 addressesing – how an address is formed and how to efficiently use CIDR notation.

Firstly how an IPv6 address looks like? (good to clear fundamentals first!)
An IPv6 address has 8 sections seprated by coloums and each sections has carries 4 hexadecimal digits. So an IPv6 address is something like:
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx – Each x can have a hexa decimal value i.e from 0 to 9 and a to f. Thus 16 possible values for each x. Since each each x is stored in binary i.e 0 or 1 (that is 2 possible value) – number of bits per section turns out to be 2x2x2x2 = 16bits. Thus we have now each section with 16 bits per section and 8 sections in total. This turns out to be 16 + 16 + 16 + 16 + 16 + 16 + 16 + 16 bits = 128bit. This is why an IPv6 address has 128bits.
This means total possible addresses in IPv6 space is 2^128 = 340 282 366 920 938 463 463 374 607 431 768 211 456 addresses.
Next, an important point to remember here is  – in IPv6 address clients are mostly based on /64 subnet which means first 64 bits go to network part while next 64 bits go to the host part i.e usage IPv6 addresses which are allocated to end machines.

#### Now getting back on main question on how to subnet IPv6?

In most of cases RIRs like ARIN/APNIC allocate a /32 IPv6 block. This means first 2 sections 16+16 bits are reserved and rest 6 sections i.e 128-32 = 96 bits are available for use.

E.g let’s pick example of Google’s block.
Google has a allocation of 2404:6800::/32 from APNIC in Asia.
Now this is HUGE chunk.
First let’s understand what is range of 2404:6800::/32 looks like. :: here means that zeros are skipped and thus we can fill zeros to understand block.
2404:6800::/32 means = 2404:6800:0000:0000:0000:0000:0000:0000/32 and since only first 32 bits (16 bit per section) are reserved – we have first 2 sections reversed while rest 6 sections are available and we can fill any hexa decimal value in those sections.
Thus block 2404:6800::/32 goes from 2404:6800:0000:0000:0000:0000:0000:0000 to 2404:6800:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Now that’s a huge number of address space. You can simply count it by doing 2 to the power 96 (128-32) which will be 792 281 625 142 643 375 935 439 503 36 unique possible addresses!

#### Breaking it down further…

1. If you have multi datacenter setup – it is very likely that you would like to use IPv6 space across multiple locations and thus doing a BGP announcement for whole /32 isn’t a very good idea.
2. Many people on NANOG mailing list suggested me to use /48 block as it works well with BGP and most of ISPs do accept a /48 block.
3. Most of servers are allocated /64 block of IPv6 further down.

So in idea situation – you would have to break your /32 allocation into multiple /48s – which you can annouce from BGP and further /64s out of /48 for allocation per server/per client.

At this point it is likely that will think of how many such small blocks are possible out of main bigger block?

Ok – here’s the answer. You can break /32 into 65,6536 /48s. Each can represent a separate network below a BGP session. Next, you can further break /48 block into 65,536 /64s and each /64 you can allocate to a client. Thus each client will have 2^64 addresses i.e 184 467 440 737 095 516 16 addresses per client!

#### Let’s break it!

Coming back on example of Google’s block – 2404:6800::/32 here to get /48s out of the block – all you need to do is to change the 3rd section. Remember as each section represents 16bits, altering 3rd section gives 16+16+16 = 48 bits. Thus possible /48s out of 2404:6800::/32 will be
2404:6800:1::/48
2404:6800:2::/48
2404:6800:3::/48
also since it takes hexadecimal values, we can put a,b,c,d,e & f.
2404:6800:a::/48
2404:6800:b::/48
one can also use complete combination to fill all 4 digits i.e
2404:6800:XXXX::/48
here XXXX can take hexa decimal values of 65,536.
next, in similar manner altering 4th section gives /64s. Possible /64s out of Google’s IPv6 block:
2404:6800:1:1::/64
2404:6800:1:2::/64
2404:6800:1:3::/64

Next, each client can alter last 4 sections – and generate ton of IPv6 addresses!
E.g unique IP addresses 2404:6800:1:1::1 which is 2404:6800:1:1:0000:0000:0000:0001
2404:6800:1b11:21dd:00ab:0030:0020:0001  or just anything!

#### Quick point to remember here:

1. If you alter JUST the last i.e 8th section you can have 65,536 (2^16) IPs.
2. If characters in hexa decimal values confuse you, you can simply take last section values from 0 to 9999 i.e 10k possible IPs by just altering last section without hexa decimal.
3. Its a good idea to alter just last section and fill zeros in 5th, 6th and 7th section because 10k IPs would be sufficient per server and one can always add more later.
4. Also when filling 0 in 5th, 6th and 7th section, one can simply use double coloumn notation i.e  2404:6800:1:1:0000:0000:0000:0001 can be written as 2404:6800:1:1::1 skipping all zeros!

Well that’s all about IPv6 addressing. Hope you will find it useful! 🙂

19 Mar

Today I will be talking about a big problem. This is not about a routing glitch, or missing DNS entry (my usual blog posts…). It’s about one of fundamental problems in India which have ruined our society, relations & way of living.
It’s about Caste based discrimination in India. As we all know Jats demand for reservation isn’t something very old and people from Haryana did suffered quite a lot because of those protests. Overall I am just surprised from demands of Jats who are majority in Haryana, who grab over 80% of Govt. based jobs already in current system, who play a key role in choosing Govt. of Haryana, who have the Chief Minister from their caste ruling the state!
Infact Jats are considered as one of high & rich class in Haryana, and considered among ones who enjoy very good life style in India. And now they are ready to give all that pride & values just for getting so called “reservation”. Shameful.

My today’s post is not triggered by Jat reservation protest but because of painful life of my good friend who (call it unfortunately) is from higher caste but financially not very strong. I could see him running at admin block of my college from last one week. He was trying to get permission for getting free books from college library’s book bank.
Overall book bank concept was is something like – Free books for scheduled and backward class students (regardless of fact if or if not they can afford purchasing own books). Luckly, my friend (who is from upper caste) got permission to get free books from registrar sir on ground that he’s financially weak and cannot afford purchasing own books. I was quite happy to see college is supporting these students rather then sticking to caste based thumb rule.

But story does not ends here. There’s another student in our class who is from backward class. (I would rather call him of backward mindset rather then caste). He came to knew that my friend (who’s from upper class) got permission to get free books. He got so angry that he forcefully grabbed permission letter from my friend and tried best to keep him away from library unless he himself applied for free book offer. His action is not justified even if he was yet another financially weak student but irony – he’s one of richest guy in class (based on expenditure). Overall cost of books for this semester would be around 1000Rs (\$20 USD). Is that really very expensive for backward class (again call it mindset) student? No.
The backward class guy owns phone costing over \$300, his laptop costs over \$1200, external hard disk of over \$100 (for storing precious porn!) and his monthly pocket money is over \$50 already. This is an absurd & shameless use of system. This is why whole concept of caste based reservation is meaningless and completely stupid idea. And I am sad because I can see young generation is nourishing it well in worst possible manner. 🙁
Whole idea of reservation was essentially made to end the caste based “discrimination“, while it started yet another discrimination just from other side of caste system. Thus backward class boy gets reservation always (including the one he got while entering this college which he didn’t deserved other wise), he gets free books, next reservation in higher studies and worst reservation even at job level and my good friend who as I said unfortunately is from upper class has not much from our society except general hard working life and capability to compete against these idiots. Reservation system is probably only system in India where money doesn’t matter!
Sad to see such things happening at bottom of Pyramid – that is level where we live. This further reminds me of my plans to join politics at some later stage in life (certainly when I can “afford it”). 🙂

With hope that we will see a better system, less prone to such abuse – time for me to end this post with this nice song from movie “Peepli live

12 Mar

In last few days, I have been pushing discussion on APNIC & NANOG mailing lists about poor DNS infrastructure in India.

Thought to put a quick blog post on the issue.

#### So what’s exactly wrong?

To understand what’s wrong, let’s understand how DNS works at core level.

DNS relies on a hierarchy model with . (dot) on top which is Root and TLD i.e Top Level Domains below Root, which further  follow 2nd level domains which are popularly domain names we use.

So e.g mail.google.com is actually like

.
com.

First 3 are real DNS zones with own delegation. Let’s see their DNS servers using dig:

anurag@laptop:~\$ dig . ns +short
j.root-servers.net.
b.root-servers.net.
c.root-servers.net.
a.root-servers.net.
l.root-servers.net.
g.root-servers.net.
e.root-servers.net.
k.root-servers.net.
f.root-servers.net.
m.root-servers.net.
d.root-servers.net.
h.root-servers.net.
i.root-servers.net.

Next, com.

anurag@laptop:~\$ dig com. ns +short
l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

So here dot was the “root zone” which is on top of hierarchy, next com is Top Level Domain, just like net, org, in, us etc. Next, google.com. is 2nd level domain. Nameservers which hold data for google.com domain name sit on gTLD servers of com while root holds ALL dns servers of all Top level domains. So root knows who knows about com/net/org/biz/asia/in/se/us etc.

There are 13 root servers in world theoritically but actual number is over 100 since they are using anycasting very much and have nodes across multiple places. You can read more on official site of Root Servers along with their location map here.

#### That was the fundamental part. Coming back on main point, what’s missing in India?

We have 4 root servers deployed at Delhi, Mumbai & Chennai which seems like decent number but there are NO gTLD servers at all. Thus India relies on external world for resolving gTLD domains like com/net/ org. This is real problem. If you are from India, I would suggest you to take traceroutes to each of gTLD servers i.e

l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

and pass me on directly on email or via comments on the page.

Here is my original post at NANOG mailing list.