Heavy Networking | February 12, 2016
Show 275: Future Of Networking: Geoff Huston
Ethan
Banks
Greg
Ferro
Listen, Subscribe & Follow:
This is the Packet Pushers podcast: a place where more than 30 years of networking hasn’t gathered any dust, just a pile of unpaid technical debt, while we try to work out if the creditors are coming to collect this quarter.
Today’s show is the latest in our Future of Networking series, where we peer over the horizon to speculate about what the future will hold.
Our guest is Geoff Huston, Chief Scientist at APNIC, which serves IP addresses for the Asia-Pacific region. He’s been in computer science and networking since the 1980s, including ten years in the telecom trenches.
Join us for a far-ranging and often contrarian conversation on a variety of topics, including why we may not need IPv6 after all; instead, we should focus on the use of DNS and the routing of names instead of IP Addresses.
“If we really needed v6 like we need water, we would’ve died of thirst years ago,” says Huston. He argues that IPv4 and NAT are serving us just fine, and could serve us well for another couple of decades. There is no quick way out of the mess because what we thought we needed 20 years ago has now changed completely.
Network operators are working to pack functionality into the network instead of working to deploy IPv6. There is little incentive for providers or users to deploy it. In fact, deploying middle boxes such as CDN and CGNs are removing the need to adopt the protocol.
We also get into a detailed discussion of DNSSEC and how its single, rooted hierarchy improves on trust flaws in the current certificate system.
Finally, Geoff has a message for engineers just starting out: “Most of what we play with is not right. It was the best guess of the day. You should willing and prepared to question stuff. The things people tell you is best is often based on mythology. The first thought is often not the best thing to implement.”
Sponsor: ThousandEyes
ThousandEyes delivers visibility into every network your organization relies on—from your data center to the cloud. You can quickly and precisely pinpoint the root cause of network issues— wherever they occur — and then share your insights with your vendors and customers. Sign up for an account at ThousandEyes.com/packetpushers to monitor 3 locations for free, and choose a ThousandEyes t-shirt.
Links:
Share this episode
good discussion, very informative.
Outstanding episode. What a great speaker.
Greg – the Future of Networking series is absolutely fantastic. Comer, Casado and now Huston – simply awesome. What about getting someone like McKeown, Scott Shenker or Jennifer Rexford on to talk about possible SDN futures? I hear what Geoff is saying and Doug had some fascinating points – still, I think there is much promise. Especially in better abstractions – this seems right up your alley. Thanks again for putting these together.
Probably one of my favorite shows I’ve heard on PP. Geoff was an outstanding guest, and the topic was both relevant and profoundly interesting.
Thanks for saying so. Geoff was a great guest. Nice when people speak their mind without reservation, even when that takes you to places you don’t expect.
I’ve already gotten into 4 arguments with coworkers today cause of him 🙂
Mine too! I’ve been listening to PP for years and still go back from time to time to listen to this one again!
Geoff has a rare gift of lucidity. One of the best PP podcasts of all time.
Excellent, excellent episode guys. Great stuff. Can’t wait to hear the next one..
Very nice episode. Geoff recommend 2 “books”, one was TCP/IP Illustrated, I didn’t get the other’s title!
Geoff responds:
S. Keshav – “An Engineering Approach to Computer Networking”
http://www.amazon.com/Engineering-Approach-Computer-Networking-Telephone/dp/0201634422/ref=sr_1_1?sr=8-1&ie=UTF8&keywords=Keshav%2BComputer%2BNetworks&tag=ethere-21&qid=1455732291
Thank you very much!
I am a junior engineer just starting my journey in networking. I loved this podcast , very interesting to question everything they told us and we know…
Thank you
Can anyone provide a reference to the book Geoff mentions at ~57:38?
“book by Kashab(sp)”
I think Geoff is referring to Keshab K. Parhi but I’m not sure which book exactly. I’ll ask.
Here you go.
S. Keshav – “An Engineering Approach to Computer Networking”
http://www.amazon.com/Engineering-Approach-Computer-Networking-Telephone/dp/0201634422/ref=sr_1_1?sr=8-1&ie=UTF8&keywords=Keshav%2BComputer%2BNetworks&tag=ethere-21&qid=1455732291
Excellent talk, provoked the thought process. IPv6 stand point is a quite shocker, considering the $$$$$$$ SP’s are spending to scale the CG-NAT
Loving this series, please keep up the awesome work. Perhaps an Ed Horley vs. Geoff Huston IPv6 showdown is in order 🙂
More seriously, would love a real life discussion of what named data networking actually looks like. How do we get there from where we are at today w/ destination routing and barely anything above L3 in our network devices (other than ADCs I guess).
Even more seriously, would love an open discussion w/ Ed and Geoff 😉
I’d also be curious about what named data networking is versus what we have in today’s network. Are there instances of this already? Anycast kind of does what I think the regional routing piece of NDN would look like, but it doesn’t handle the authenticity. From the discussion, it sounds like DNSSEC’s approach / solution would fit that bill.
I remember certain firewall’s would let you enter the domain name in the CLI for an IP filter but would resolve it to an IP address before commit, making the feature kind of pointless. Good to see some progress.
I don’t know if it would be the showdown you expect but here are some thoughts and a couple of points people need to keep in mind. They are all my narrow uninformed opinion, so take it with a grain of salt folks. BTW, I like Geoff and think the work he is doing is pretty important, just in case someone wants to accuse me otherwise I put that out there right away.
1. Geoff’s tilt on the world looks from the ISP operator side of the Internet – I think Facebook, Verizon, T-mobile, Sprint, Apple and others would disagree on the business model side of IPv6 for mobile and IPv6 datacenter – perhaps having Paul Saab w/ Facebook on the show would help clear some of that up, happy to do an introduction to make that happen.
2. Geoff fails to address some fundamentals that are present today, like the fact that IPv6 is on and preferred by default in every major OS (mobile/server/desktop) – IT folks still needs to do SOMETHING with IPv6 which usually falls into:
a. turn off IPv6 (which still requires all of point b. below)
b. decide you need to manage and control it (so learn IPv6, use IPv6, have security for IPv6, etc. – basically you are starting down the road to adoption if you use it or a lifetime of security and audit control if you turn it off – either way, you STILL need to know IPv6)
c. ignore it and hope it goes away (what most folks are doing – I don’t see that ending well but open to other opinions that have some rational behind them)
3. I will leave it to others to comment on NDN, DNSEC, SDN/NFV and other topics that were covered in the podcast. I’m not sure I think DNS as a transport method is as viable as Geoff thinks, but you can chat with Cricket Liu about that one along with DNSSEC (I think he would qualify as an expert), happy to do an introduction.
4. Geoff has the luxury of observing from a single RIR (APNIC). I think John Curran from ARIN might challenge Geoff on some of his comments about the adoption rate in the US verse some of the areas that Geoff is providing numbers on and how the operators in the US view things. I think that would be true of RIPE for much of Europe also. Consider John as a guest, again, happy to do an introduction.
5. Geoff does like to challenge people in terms of thinking (which is a good thing) and has some interesting ideas around financial and technical debt motivations driving behavior for IPv6. I don’t think I necessarily agree with them but they are fun to listen to and many have a grain of truth to them which mean they resonate with folks. For listeners, if you haven’t had to do any significant work with IPv6 it is hard to have a clear perspective on it (I think) and to understand in context some of Geoff’s points. Geoff clearly has great experience with IPv6 and IPv4 so sometimes you become jaded when you see how sausage is made, god knows I am.
6. As others have mentioned, you should bring solutions to the table (even if theoretical in nature) if you are going to poke holes in what is working today. I think we are far from a perfect standard of what works for the Internet, but we are all obligated to help drive it forward. What I don’t think came across in the podcast was that Geoff has been involved in many of the standards for a long time and has proposed solutions too. I don’t think there was time to necessarily capture that so I don’t want to see him get hammered on that point too much. After all, I doubt I could sit through the amount of standards and peer meetings he does even if someone was paying me to do so. I would challenge others to even try and make it through a single IETF webcast meeting or an ARIN or APNIC session and vote (which you can do) remotely. As some who has voted at ARIN meetings, it isn’t as easy and clear cut as you think. If you want a great perspective on how ugly that is have a chat with Russ White sometime.
So, there it is, a few thoughts. How appropriate I ended that on 6.
IPv6 is the future and the future is now.
– Ed
Thanks for your comment Ed. I believe, however, that your view on IPv6 can be a little bit biased. Maybe you see IPv6 in that light because IPv6 is what “employs” you, e.g., you write books about IPv6, run IPv6 workshops, etc. No ofense here please as I really enjoyed your book about IPv6 in Windows.
I have, however, a very different point of view. If you try to deploy IPv6 in enterprise, acadamia or ISP networks, you will face quite a lot of problems, e.g., slaac vs dhcp, extension headers and security, problems with too much multicast etc. Furthermore, what upset me even more, is the fact that the IETF community denies these problems and doesn’t want to solve them. These unsolved problems have, unfortunately, serious operation consequences. For example Lorenzo’s point of view about DHCPv6 in Android has a serious impact for accounting users in wireless IPv6 networks.
Yes, there are networks where IPv6 is widely deployed – e.g., Comcast, Verizon, T-Mobile or Facebook, but these big networks have enough money to do whatever deployment they want. If you speak with smaller ISPs, they simply don’t have the budget for upgrading devices or their internal information systems to support IPv6. Why would they do that if IPv6 doesn’t bring any benefits for them? And no, it isn’t true that every ISP change their HW regularly every 4 years.
So maybe IPv6 is future, but the future is not here yet. For example, I don’t see any progress with IPv6 traffic and flow ratio in our fully dualstacked network in last year! I have more than 80% penetration of IPv6 clients both wired and wireless, but the traffic/flow ratios are same as there is no new IPv6 content available. It will take really long time to convert networks to IPv6 and there could always be a different solution than IPv6.
> For example, I don’t see any progress with IPv6 traffic and flow ratio in our fully dualstacked network in last year!
Out of interest, what ratios are you seeing? When I looked at it a while ago, dual-stack clients would do 30-40% of their traffic via IPv6. Mainly due to Google, Facebook, YouTube, Netflix. Those services are a good chunk of a typical user’s traffic.
I haven’t checked stats recently though.
Similar results. Flow ratio is stable around 20%, traffic ratio is around 35%. You can see the numbers at 6lab.cz for our university or http://6lab.cz/live-statistics/ipv6-cesnet-nework/ for all universities in the Czech Republic.
Fantastic show. I always had the view that QOS is a work around, not part of the process, never heard any one else say it out loud.
Listening to Geoff was like sitting in front of Morpheus, and him handing you a red pill and a glass of water.
Well, I don’t understand why everybody loved this show.
This guy is saying that everything is junk and doesn’t give any solution.
There is no future of networking in this show…
I don’t think Mr. Huston was saying that everything was junk. “Everything” includes things that fit the bill at the time or for a particular need, but over time have proven either to be or not to be right for certain parts of the network. I think the guest was suggesting that applications have evolved to handle a multitude of networking challenges (DNS, latency, jitter, packet loss), and thus there’s little need to focus energy on developing solutions to those challenges in the middle of the network. More importantly there’s a speed cost to adding intelligence in the middle of the network. This has been known for a while; however, the definitions of network-edge and “middle of the network” seem to have shifted (at least in my mind). Now, it can be the application itself, not the LAN router and/or switch. I don’t need to smarts to be on that LAN router or switch, if the application can handle it. However, the reality is that our network definitions vary depending on whom you talk to, so solutions will vary depending on what camp you are in.
I guess I’m in the minority of people who were not thrilled by Mr. Huston. The biggest issue I had was his tendency to speak in absolutes, since it added a tone that to me came off as arrogance, and I found it off-putting. I also suspect the vast majority, if not all, of his comments were intended to be applied only to the Internet backbone. I know this question came up as part of the discussion about SDN, but it would have been helpful to have that perspective explicitly stated if it were, in fact, true. The fact that one of the other hosts specifically mentioned that SDN is being usefully applied in enterprise networks suggests that the intended scope of Mr. Huston’s comments was perhaps not as clear as it could have been.
I also found some of his comments to be inconsistent. Early in the interview he mentioned being at the far end of a long fiber run, implying that it was somewhat of an issue, yet in his later rant against QoS he says the better and cheaper answer is to just throw more bandwidth at the problem. Virtually everyone would love to have more bandwidth, but the reality is that it is not always cheap to just add more. I also have worked for many years at a large telco (over 20, in fact), and it’s very expensive to upgrade existing multi-gigabit links on our backbone, as it is for the not quite as fast links on our network edge. His distaste for QoS in general would have benefited from a clarification that he was talking about QoS across the Internet (assuming he actually was), since QoS is a very useful, even critical feature in most enterprise networks today, which, incidentally, also often decide that it is too expensive to just throw more bandwidth at the problem. When properly configured QoS works very well, and it’s naive to simply dismiss it out of hand as a poor solution.
His argument that IPv6 isn’t needed because we’re still getting along just fine with IPv4 is essentially just supporting the status quo. That same argument could be made against all new network technologies, including Name Defined Networking that he seems to think is so wonderful. After all, our existing address-based network model is working extremely well. Virtually all new computers today come with at least some basic support for IPv6 enabled by default, and I suspect that it will quietly become the primary protocol in many systems before too long (I’d guess a few years). Rather than requiring someone to “throw the big IPv6 switch” and turn it on across the Internet, IPv6 is slowly sneaking up on us and will eventually become the ubiquitous carrier protocol.
His disapproval of MPLS also seemed misplaced to me, since MPLS is very widely deployed across the Internet infrastructure and it works extremely well. MPLS grew out of Cisco’s Tag Switching technology, which was an effort to increase the efficiency and forwarding capacity of backbone routers. I find it hard to see significant negatives to MPLS given its obvious success, and I would have welcomed a more detailed discussion of why Mr. Huston feels as he does about it, especially given his comments later that core routers should only be forwarding packets based on their destination addresses, which is exactly what MPLS does, and it does it better than simple IP forwarding. This was another inconsistency I found irritating.
Given Mr. Huston’s attitude toward Multicast, I found it strange that he would be so enamored with NDN, since the two technologies seem to share some significant fundamental concepts, specifically that a listener/consumer submits a request to the network for some content, which is then forwarded to the listener/consumer via some discovery process. I’m not much of a fan of Multicast either, but I at least acknowledge that it has some useful applications. I don’t believe that it’s a very good general purpose protocol, however, which is why I’m similarly unimpressed with NDN.
Finally, while I agree that DNS is probably the biggest unsung hero of the Internet, and that DNSSEC is a useful addition to it, his suggestion that it could be used as a transport protocol is completely ludicrous. DNS is a distributed database system well suited for what it does, but it was not designed to be and is not well suited for being an end-to-end transport protocol. (How would one DNS client exchange data with another DNS client?) DNSSEC is a similarly effective solution to a security design gap in DNS, but the complexity of deploying DNSSEC servers makes it challenging to deploy to the huge scale that would be needed to be useful for data transport.
I’m sure Mr. Huston is an extremely intelligent fellow, but his tendency to make blanket, absolute statements that are sometimes at odds with existing reality sometimes hurts his credibility, at least to me. If nothing else, however, he did bring up several topics that I think deserve more in-depth discussion on future shows, and I do agree with his apparent attitude that it’s valuable to question conventional thinking. We certainly wouldn’t be where we are if that never happened.
This is just my 2¢. Thanks for letting me vent!
Avid follower of PP and this episode has been my favourite so far this year. Great thought provoking arguments, advice and passion for data communication explored in this episode. Love it! Keep up the awesome work you guys do.
“Maybe we just need to be patient. Steam ships did not halt operation the first day a diesel powered vessel appeared. It was a much slower process that led to an outcome of the change of the maritime fleet. The next generation of mechanization of naval vessels offered cheaper services, and, as often happens, market price won in that commodity market.” – Geoff Huston, 6 Jan 2006
Is 10 years long enough to decide that slow and low adoption of IPv6 is enough ?
Amusing that Geoff would say this at the APRICOT 2016 meeting on Wed the 24th of Feb after being on the podcast:
https://youtu.be/BwQwUd1CMHw?t=22m
“You should all run v6, you know, what can I say, you should really run v6. But as you are not listening, you are mining your history. Fair enough.” – Geoff Hoston, 24 Feb, 2016
That was with John Curran on the stage with him at the same time as he is presenting btw.
I don’t see any difference in that statement and what was discussed. The point is that IPv6 is not being adopted because there is value in IPv4 life support. We discussed the reasons why IPv4 continues to be used, and why there is resistance to IPv6.
I agree that we really should run IPv6 but the reality is that carriers and service providers all around the world have zero motivation. Its cost money to replace hardware and there is no revenue associated with upgrading to IPv6.
/greg
Really good show, I liked Geoff very different point of view.
I am not so sure about DNSSEC however.
Sometime ago I came across this interesting article that I would like to share with the community:
https://www.reddit.com/r/netsec/comments/2sjrcv/why_dnssec_is_not_the_answer/
I’m far from being a security expert, but it somehow stuck.
Food for thoughts..
Greg / Ethan
That was an outstanding episode, it not very often you both are lost for words!
That was the best podcast I listen to in a long time. Please get Geoff on the show again ASAP
Really interesting, I was compelled to get off my backside and add a commitment
Just goes to show someone change change your whole preservative, get him to InterOp!
Geoff is right that the Internet of today works on IPv4 and doesn’t really need IPv6. To be honest, the reason why I advocate so strenuously for IPv6 is for social reasons, not for technical reasons.
Because of its address shortage, IPv4 leads to increasing centralization. The few, rich and lucky at the right time, get to create new things. Everyone else goes through multi-layered NATs and middle-men who capture your value and send your habits to Google Analytics. “Restoring end-to-end connectivity” is now forgotten under commercial greed, but I remember an Internet where I could install a server and my friend could download a file, with permission from nobody else.
Centralization is also the real problem with DNS. DNS works now because everybody has agreed to follow ICANN. ICANN is stunningly corrupt. If they ever mess with the DNS root, then out goes the fabulous DNSSEC end-to-end security model. For that matter, repressive regimes might be tempted to create their own DNSSEC hierarchies. China is throwing impressive resources at the Great Firewall, and CloudFlare is demonstrating how affordable on-demand DNSSEC signatures can be.
Well, there are still plenty of unsolved problems, and lots of stuff to play with while trying to find solutions.
Your last comment that “The first thought is often not the best thing to implement” is what stands out the most to me in your post. It sums up your argument nicely. You are right, we don’t really need IPv6 yet, we are making it by now and getting better at making things work. However, this doesn’t mean that I don’t think we will have to think about moving to something different. I think we will have to eventually and should work as much on making something good as we are making IPv4’s work now.