IPv6 Performance - RIPE · PDF fileIPv6 Performance Geoff ... AS2614 0.00% 608 ROEDUNET...
54
IPv6 Performance Geoff Huston APNIC Labs November 2015
Transcript of IPv6 Performance - RIPE · PDF fileIPv6 Performance Geoff ... AS2614 0.00% 608 ROEDUNET...
IPv6 Performance
Geoff Huston APNIC Labs
November 2015
What are we looking at:
• How“reliable”areIPv6connections?
• How“fast”areIPv6connections?
What are we looking at:
• How“reliable”areIPv6connections?
• How“fast”areIPv6connections?
Do all TCP connection attempts succeed?
Is V6 slower than V4?
The Measurement Technique
• Embedascriptinanonlinead• HavethescriptgenerateasetofURLstofetch
• ExaminethepacketsseenattheservertodeterminereliabilityandRTT
Measurement Count
Measurement Count
Yes, that’s 10 M measurements per day!
Measurement Count Lo
g
What are we looking at:
• How“reliable”areIPv6connections?
• How“fast”areIPv6connections?
Do all TCP connection attempts succeed?
Is V6 slower than V4?
Outbound SYN
Busted SYN ACK Return path
Connection Failure
What the serv
er sees is a
n
incoming SYN, but n
o
matching inco
ming ACK
server client
Compare two data sets
• Thefirstdatasethasbeencollectedacross2011– Teredoand6to4werestillactiveasIPv6mechanisms
– LittleinthewayofotherIPv6services• Theseconddatasethasbeencollectedacross2015– MissingcomparativeIPv4datafortheperiodSeptember–OctoberL
2011 - Measuring Failure
Why is this failure rate
for V6
so incredibly high?
2011 - Relative Connection Failure Rates
And why is the V4 relative failure rate dropping over time?
What is this spike?
2011 - Relative Connection Failure Rates
What is going on with IPv4?
What is going on with IPv4?
ThefailurerateforV4decreasesasthevolumeofexperimentsincreases–whichimpliesthatthenumberof“nakedSYNs”beingsenttotheserversisnotrelatedtothenumberoftestsbeingperformed.AsidefromresidualIPv4failuresintheimagefetchduetodeviceresets,connectiondropouts,etc,thebulkoftherecordedfailureshereisprobablyattributabletoresearchersbotsdoingall-of-addressscanningonport80
What is going on with IPv4?
Syn attacks?
bot scanning on port 80?
What about IPv6?
Local Miredo Relay Failures
Why is the base failure rate of all IPv6 connections sitting at 40%? This is amazingly bad!
V6 Failure Rate by Address Type
All V6 Average Teredo
6 to 4 Unicast
6to4 Failure is Local Failure
6to4failureappearstoberelatedtotwofactors:
1. Theclient’ssitehasaprotocol41firewallfilterruleforincomingtraffic(thisispossiblymoreprevalentinAsiaPacthaninEurope)
2. Load/delay/reliabilityissuesintheserver’schosenoutbound6to4relay(notedinthedatagatheredattheUSserver)
Evenso,the10%to20%connectionfailureratefor6to4isunacceptablyhigh!
V6 Unicast Failures January–March2012:
110,761successfulV6connectingendpoints6,227failuresThat’safailurerateof5.3%!7clientsusedfe80::linklocaladdresses7clientsusedfc00:/7ULAsourceaddresses2clientsusedfec0::/16deprecatedsitelocaladdresses16clientsused1f02:d9fc::/16Nobodyused3ffe::/16prefixes!
Data Set 2: Connection Failure in 2015
January–November201524,212,563IPv6endpoints352,919Failurerate(4.1%)
Daily IPv6 Failures
Daily IPv6 Failures
RIP Flash!
HTML5 + TLS + Mobile Devices
6to4
6,634,6606to4endpoints– 27%ofallIPv6used6to4– 9%failureratewithinthesetof6to4connections
This is still very high!
Daily IPv6 Failures
Daily IPv6 Failures
• 6to4failureratehasimprovedfrom15%-20%in2011to9%in2015
• Teredohasallbutdisappeared• Unicastfailurerateisbetween1.5%and4%in2015– Currentunicastfailurerateis2%
Origin AS’s with High IPv6 Failure Rates
ASFailureSamplesASNameRateAS13679 99.69%318CentrosCulturalesdeMexico,A.C.,MXAS201986 94.74%133ARPINETArpinetLLC,AMAS5511 90.68%161OPENTRANSITOrangeS.A.,FRAS20880 72.56%962TELECOLUMBUSTeleColumbusAG,DEAS17660 57.06%1,041DRUKNET-ASDrukNetISP,BTAS21107 46.64%7,564BLICNET-ASBlicnetd.o.o.,BAAS4755 40.82%316TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISP,INAS37992 40.25%159THAMMASAT-BORDER-ASThammasatUniversityinthailand,THAS28580 39.64%1,158CILNETComunicacaoeInformaticaLTDA.,BRAS17412 35.58%163WOOSHWIRELESSNZWooshWireless,NZAS52207 33.62%931TULA-ASJSC"ER-TelecomHolding",RUAS4796 32.61%414BANDUNG-NET-AS-APInstituteofTechnologyBandung,IDAS30036 30.59%17,001MEDIACOM-ENTERPRISE-BUSINESS-MediacomCommunicationsCorp,USAS9329 29.35%184SLTINT-AS-APSriLankaTelecomInternet,LKAS7477 28.10%153TEREDONN-AS-APSkyMeshPtyLtd,AUAS52888 25.79%190UNIVERSIDADEFEDERALDESAOCARLOS,BRAS28343 24.52%681TPATELECOMUNICACOESLTDA,BRAS210 22.27%247WEST-NET-WEST-UtahEducationNetwork,USAS29632 19.25%239NASSIST-ASNetAssistLLC,UAAS20857 18.10%105TRANSIP-ASTransIPB.V.,NL
Origin AS’s with Zero Failure Rates
AS3223 0.00%3,138VOXILITYVoxilityS.R.L.,ROAS16265 0.00%2,761LEASEWEB-NETWORKLeaseWebNetworkB.V.,NLAS24961 0.00%2,644MYLOC-ASmyLocmanagedITAG,DEAS39832 0.00%1,945NO-OPERAOperaSoftwareASA,NOAS2686 0.00%1,824ATGS-MMD-AS-AT&TGlobalNetworkServices,LLC,USAS33070 0.00%1,633RMH-14-RackspaceHosting,USAS55536 0.00%1,351PSWITCH-HKPACSWITCHGLOBALIPNETWORK,HKAS21191 0.00%1,210ASN-SEVERTTKClosedJointStockCompanyTransTeleCom,RUAS22584 0.00%1,165NTELOS-PCS-NtelosInc.,USAS32780 0.00%1,119HOSTINGSERVICES-INC-HostingServices,Inc.,USAS29854 0.00%1,039WESTHOST-WestHost,Inc.,USAS18144 0.00%974AS-ENECOMEnergiaCommunications,Inc.,JPAS12510 0.00%762SAP_AG_WDFSAPSE,DEAS21837 0.00%757OPERASOFTWARE-OperaSoftwareAmericasLLC,USAS13213 0.00%741UK2NET-ASUK2-Ltd,GBAS9619 0.00%672SSDSonyGlobalSolutionsInc.,JPAS19994 0.00%660RACKSPACE-RackspaceHosting,USAS32934 0.00%654FACEBOOK-Facebook,Inc.,USAS25513 0.00%639ASN-MGTS-USPDOJSMoscowcitytelephonenetwork,RUAS2614 0.00%608ROEDUNETAgentiadeAdminaReteleiNationaledeInformaticaEducatiesiCercetare,RO
Ranked by IPv6 measurement count
Origin AS’s with Zero Failure Rates
AS3223 0.00%3,138VOXILITYVoxilityS.R.L.,ROAS16265 0.00%2,761LEASEWEB-NETWORKLeaseWebNetworkB.V.,NLAS24961 0.00%2,644MYLOC-ASmyLocmanagedITAG,DEAS39832 0.00%1,945NO-OPERAOperaSoftwareASA,NOAS2686 0.00%1,824ATGS-MMD-AS-AT&TGlobalNetworkServices,LLC,USAS33070 0.00%1,633RMH-14-RackspaceHosting,USAS55536 0.00%1,351PSWITCH-HKPACSWITCHGLOBALIPNETWORK,HKAS21191 0.00%1,210ASN-SEVERTTKClosedJointStockCompanyTransTeleCom,RUAS22584 0.00%1,165NTELOS-PCS-NtelosInc.,USAS32780 0.00%1,119HOSTINGSERVICES-INC-HostingServices,Inc.,USAS29854 0.00%1,039WESTHOST-WestHost,Inc.,USAS18144 0.00%974AS-ENECOMEnergiaCommunications,Inc.,JPAS12510 0.00%762SAP_AG_WDFSAPSE,DEAS21837 0.00%757OPERASOFTWARE-OperaSoftwareAmericasLLC,USAS13213 0.00%741UK2NET-ASUK2-Ltd,GBAS9619 0.00%672SSDSonyGlobalSolutionsInc.,JPAS19994 0.00%660RACKSPACE-RackspaceHosting,USAS32934 0.00%654FACEBOOK-Facebook,Inc.,USAS25513 0.00%639ASN-MGTS-USPDOJSMoscowcitytelephonenetwork,RUAS2614 0.00%608ROEDUNETAgentiadeAdminaReteleiNationaledeInformaticaEducatiesiCercetare,RO
Ranked by IPv6 measurement count
IPv6 Failures – Q3 2015
279,116failingIPv6addresses143,3576to4addresses118teredoaddresses92fe80::localscopeaddresses709unallocatedaddresses1,358unannouncedaddresses133,482addressesfromunicastallocatedroutedspace102,826unique/64s
What about IPv4 Connection Failures?
2011:failurerate0.2%
What about IPv4 Connection Failures?
2011:failurerate0.2%2015: 334,957,192IPv4endpoints 1,197,903ConnectionFailures(0.3%)
IPv4 Connection Failure
Missing PCAP data
Comparison
Comparison: Unicast
Comparison: Unicast
9x
It’s still not good!
IPv6UnicastFailurerate:1.8%(steady)IPv4Failurerate:0.2%(andfalling!)
What are we looking at:
• How“reliable”areIPv6connections?
• How“fast”areIPv6connections?
Do all TCP connection attempts succeed?
Is V6 slower than V4?
Let’s dive into SYNs!
Why SYNs?
• EveryTCPsessionstartswithaSYNhandshake
• Itstypicallyakernelleveloperation,whichmeansthatthereislittleinthewayofapplicationlevelinteractionwiththeSYNexchange
• Onthedownsidethereisonlyasinglesamplepointpermeasurement
Generating a comparative RTT profile
• Foreachsuccessfulconnectioncouplet(IPv4andIPv4)fromthesameendpoint,gatherthepairofRTTmeasurementsfromtheSYN-ACKexchanges• Usetheserver’sweblogstoassociateacouplet
ofIPv4andIPv6addresses• UsethepacketdumpstocollectRTT
informationfromtheSYN-ACKExchange• PlotthedifferenceinRTTinbuckets
2012 Data
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Num
ber of sam
ples (lo
g scale
)
Teredo 6 to 4 Unicast
2012 Data
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Num
ber of sam
ples (lo
g scale
)
Unicast
2015 Data – November 2015
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Num
ber of sam
ples (lo
g scale
) 2015 Data – November 2015
6 to 4
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Num
ber of sam
ples (lo
g scale
) 2015 Data – November 2015
6 to 4 Unicast
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Proportio
n of sam
ples
2015 Data CDF (using 10ms resolution)
6 to 4 Unicast
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Proportio
n of sam
ples
2015 Data CDF (using 10ms resolution)
6 to 4 Unicast
18% of samples unicast IPv6 is more than 1/100 sec faster than IPv4
24% of samples unicast IPv6 is more than 1/100 sec slower than IPv4
IPv6 is slower IPv6 is faster
RTT Difference (in fractions of a second)
Proportio
n of sam
ples
2015 Data CDF (using 0.1 ms resolution)
6 to 4 Unicast
Is IPv6 as “good” as IPv4?
Is IPv6 as “good” as IPv4?
IsIPv6asfastasIPv4?Basically,yesIPv6isfasterabouthalfofthetimeFor70%ofunicastcases,IPv6iswithin10msRTTofIPv4SotheyperformatmuchthesamerateButthat’sjustforunicastIPv6Theuseof6to4makesthisawholelotworse!
Is IPv6 as “good” as IPv4?
IsIPv6asrobustasIPv4?IPv4connectionreliabilitycurrentlysitsat0.2%ThebasefailurerateofUnicastV6connectionattemptsat1.8%ofthetotalV6unicastconnectionsisnotbrilliant.6to4isstillterrible!Itcouldbebetter.Itcouldbeawholelotbetter!
Is IPv6 as “good” as IPv4?
Ifyoucanestablishaconnection,thenIPv4andIPv6appeartohavecomparableRTTmeasurementsacrossmostoftheInternetButtheoddsofestablishingthatconnectionarestillweightedinfavourofIPv4!
That’s it!
Questions?
