Hello all -

Yes, IPv6 implementation is barely at a crawl; I can count my clients who are actually using it on one hand. But it's not to early to get the worry beads out, because a tipping point is coming, some day.

My question: can RouterOS in current or even future incarnations really handle the full implications of IPv6?

I've issued and routed both /64s and /48s to clients. One /64 contains 18,446,744,073,709,551,616 v6 addresses - roughly 18 quintillion. Let's just say for sake of argument that a client found a way, legitimate or otherwise, to bind all of those addresses - could the RouterOS Neighbors table even handle that many entries? And how much RAM would that require? Try to do the math: 18 quintillion addresses x 16 bytes per address - you end up in the exa- or zettabyte range. Scary.

And then there's firewall rules and address lists to consider: what kind of system resources could potentially get consumed there? I'm sure there are countless other scenarios others on this board can think of, which are manageable in v4 but scale frighteningly in v6.

Thoughts and comments welcome.

- Ed

The ROS is broken numerous ways (and the IPv6 implementation is similar in nature), but your mentioned IPv6 address range and any calculation based on it is flawed equally for whatever platform you take.

There are not enough ethernet MAC addresses to allow all possible neighbors of a /64 address segment.
You also have a problem with cascading switches - maximum 3 levels according to ethernet standards.
So, a 13 port router (the biggest mikrotik at this moment) with 48 port switches (the biggest usually available) cascaded in 3 levels limits you to 1437683 neighbors.
Do you know many organizations of that size having a single LAN since you have a length limit for ethernet cables at about 100m - that means 1.5 million devices in a 400m radius? And assuming a mean 1W consumption per device this needs a power supply of 1.5 MW... This also means over 5 million BTU of heat.

Possible I say, possible

going to play devils advocate here... lets ignore the power consumption and heat issues, but talk about distances and number of machines...

13 port router -> 13 48 port switches which each connect to 48 switches, and again the next level... assuming you have 1 WAN uplink on the router, this would give you 1327104 ports...

if each of those ports are connected to a single large Quad or more processor machine, with 10 - 16 cores and 512Gb -> 2TB RAM (Dell R9XX series with 4 10 core Xeons, or a Quad proc AMD Opteron with 16 cores each) and each of these machines have the max VMs enabled (dont know limits for XEN or VMWare, but say HyperV which is "limited" to 1024 VMs per host) you now have 1,358,954,496 hosts on the network... nowhere near the max of a /48 or even /64, and given that bandwidth would be slightly limited to 1Gb uplink to all these machines, but back to the original question, if you had 1 billion (best doctor evil impression) hosts behind a single box, how would RouterOS (not just the hardware) cope?

going to play devils advocate here... lets ignore the power consumption and heat issues, but talk about distances and number of machines...

13 port router -> 13 48 port switches which each connect to 48 switches, and again the next level... assuming you have 1 WAN uplink on the router, this would give you 1327104 ports...

if each of those ports are connected to a single large Quad or more processor machine, with 10 - 16 cores and 512Gb -> 2TB RAM (Dell R9XX series with 4 10 core Xeons, or a Quad proc AMD Opteron with 16 cores each) and each of these machines have the max VMs enabled (dont know limits for XEN or VMWare, but say HyperV which is "limited" to 1024 VMs per host) you now have 1,358,954,496 hosts on the network... nowhere near the max of a /48 or even /64, and given that bandwidth would be slightly limited to 1Gb uplink to all these machines, but back to the original question, if you had 1 billion (best doctor evil impression) hosts behind a single box, how would RouterOS (not just the hardware) cope?

Why you make your life that difficult? If you want to overwhelm your IPv6 router then you only need a single box with some additional software and you'll be able to generate what ever amount of IPv6 addresses to your network as you ever like.
There are various IPv6 hacking tools, for example: http://thc.org/thc-ipv6/
I expect the ROS fail miserably as well all the rest of available IPv6 stacks.

going to play devils advocate here... lets ignore the power consumption and heat issues, but talk about distances and number of machines...

13 port router -> 13 48 port switches which each connect to 48 switches, and again the next level... assuming you have 1 WAN uplink on the router, this would give you 1327104 ports...

if each of those ports are connected to a single large Quad or more processor machine, with 10 - 16 cores and 512Gb -> 2TB RAM (Dell R9XX series with 4 10 core Xeons, or a Quad proc AMD Opteron with 16 cores each) and each of these machines have the max VMs enabled (dont know limits for XEN or VMWare, but say HyperV which is "limited" to 1024 VMs per host) you now have 1,358,954,496 hosts on the network... nowhere near the max of a /48 or even /64, and given that bandwidth would be slightly limited to 1Gb uplink to all these machines, but back to the original question, if you had 1 billion (best doctor evil impression) hosts behind a single box, how would RouterOS (not just the hardware) cope?

Why you make your life that difficult? If you want to overwhelm your IPv6 router then you only need a single box with some additional software and you'll be able to generate what ever amount of IPv6 addresses to your network as you ever like.
There are various IPv6 hacking tools, for example: http://thc.org/thc-ipv6/
I expect the ROS fail miserably as well all the rest of available IPv6 stacks.

That was my thinking. You can alias as many addresses to one NIC as you want, up to the limits of the interface / OS to keep track, potentially overwhelming a connected device's address table. So you don't need a whole bunch of VMs or discrete units to create a problem. But it's obvious from the replies posted here that the enormity of IPv6 exposes inadequacies in the entire infrastructure, of which RouterOS is but one small part. Thinking about it a bit more, the topic is more suited to a general IPv6 board, but if anyone has other thoughts to add, go for it.

Ed

Now to come a little back to earth

There are in my opinion some elements which circumvent somehow these elements.
- the routing table work on a network/prefix base, so not every IP will have its table entry.
- neighbor lists are dynamic, so they can be updated on a "need to use" base, like IPv4 ARP tables, in a bit bucket fashion, with the oldest information getting lost.
- all a device needs is to be able to cope with the information needed to fill its bandwidth (i am not talking of routes and other configuration elements, but dynamic data like neighbors, reacheability data etc.). So data not needed at that point can be discarded and then regenerated/rediscovered on the fly.
- since there is no NAT in IPv6, the routing approach can be done stateless/on the fly.

So basically you will get performance degradation on many IPs and high load, but not a complete failure of the device.