The Internet is still very much growing, and IP addresses are a part of that.  Each IP address uniquely identifies an end point.  We got around IPv4 exhaustion for a while by using NAT.  But there are still hundreds of new websites and other types of services that require unique IP’s showing up every day.

It’ll be interesting when the runout actually occurs.  Because it’s likely to affect smaller businesses, NSPs, ISPs, and web hosts first.  Customers will be the last to be affected because they honestly don’t understand.

Another issue slowing deployment is a lack of CPE (Customer Premises Equipment) that support IPv6.  CPE is your Linksys (now part of Cisco), NETGEAR, D-Link, Cisco, ZyXEL, or whatever “router” — it’s your link to your ISP, and to the Internet at large.  And if your CPE doesn’t do IPv6, you can’t either.  Atleast not without slow and unreliable hackery.

So lets hope ISPs get on the ball, and SOON.  I am tempted to call mine this week just to see how much I can confuse their techs.

CloudEngines saw fit to include relatively robust filesystem support sporting HFS+, NTFS as well as the usual ext2/3, FAT/FAT32/VFAT.  HFS+ is provided by custom kernel modules, that work better than their cousins integrated into the Linux kernel (I’ve had some experience with them).  I haven’t yet tested the NTFS support.

The really unique thing about the Pogoplug is that it is completely integrated with the Internet.  The API system allows you to write your own scripts, or use others.  You can even cross-compile and run binaries on the Pogoplug itself.  Setup was easier than anything I’ve ever used of this nature. I plugged my device in, and went to the Pogoplug site.  I created a login, it quickly identified my Pogoplug device (I assume the Pogoplug called home and it saw us both coming from the same IP) and I was able to immediately use the WebUI to upload and download files.  They don’t support SMB/CIFS, but they have OS level drivers for Windows, OS/X, and Linux readily available.  I’ve only tried the OS/X and Win64 (Windows 7) drivers and they work very well.  Honestly since they seem to be fully supporting multiple OSes, and SMB/CIFS is so complicated and slow I don’t feel like this is much of a minus.  It does limit native support to “Supported” OSes for now unless the WebUI/API access fits for you.  I don’t know what their product roadmap is but I did find a (broken) symlink/mention of Samba within the device itself, and for those users that are on other OSes and *really* want CIFS they can cross-compile and install/run their own Samba binaries.

The native clients I’ve tested under Windows 7 and OS/X 10.6 (Snow Leopard) seem to perform well and bug free.  I’ll be pushing them a bit harder in the coming days to see what happens.  So far though I’ve had no issues.  The Native clients can be set to multiple drive or single drive mode.  The Windows client defaults to single drive mode with all of your connected drives showing up as P:\<Device Name>.  The OS/X (and I assume Linux clients) default to multiple drive mode with all of your connected drives showing up as separately mounted volumes.

You also can not initialize (format) a drive from the Pogoplug.  So you have to format your removable devices with a PC/Mac first.  This rather minor since if you have this device, then you have a machine, and the drives are removable by nature.

Performance is also very good, thanks in no small part to the speedy embedded Orion SoC, the Ethernet controller also has TSO, Receive and Transmit Checksum Offloading (part of TOE) which helps keep the CPU free from a lot of overhead.  These offload features are common in higher end servers and many ‘gaming’ Ethernet adapters.  Having a 1.2GHz CPU and these helpful hardware offload engines means that the CPU doesn’t work too hard and the performance will generally be limited by the RAM speeds.  To get the full LAN performance you do need to install the native clients.  The unit may be a little slow when you first start it as it indexes your files for searching and generates thumbnails and video previews.  This latter bit enables one of the more interesting features, search.

You can search all of your Pogoplug drives relatively easily from the WebUI, I haven’t toyed with this much yet but on the drive after you mount it the Pogoplug software creates a .ceid file that includes the name of the device and the version of the metadata, and a .cedata directory holding an SQLite 3 database file for indexed information and directories for the generated thumbnails and video previews.

The Pogoplug also ‘integrates’ with Facebook, MySpace and Twitter.  The Twitter support is definitely buggy, I was able to authenticate to it for one drive but not for another, and after signing out I have been unable to authenticate again.  Once setup you can ‘share’ a folder to these services and the unit will post updates whenever the folders are changed.  The update includes a (public) link to the folder’s contents.  Users can then download the data.  However the data is pushed directly from your Pogoplug so you must be connected via broadband.

On the hardware side inside the case there’s documented JTAG and Serial Port.  What does this mean?  Well if you’re asking then it won’t matter to you.    Basically it means that with a JTAG dongle and a 3.3v FTDI to USB serial adapter you have a $130 ARM9 dev kit, not bad at all.

I haven’t (yet) opened mine…I may yet buy another to do just that.  The Orion/Feroceon has a SATA controller that’s turned off (and quite possibly not even pinned out) on this board.  It also has a second Gig-E MAC thats likewise not available.  The CloudEngines/Pogoplug Engineers do read their forums, and seem to be (refreshingly!) helpful to those people who ask specific questions about the hardware and essentially how to use it as a dev platform, de-brick it, etc.  Being so helpful as to even link to DigiKey Parts for the mating connectors to the JTAG/Serial ports.

There are some chinks.  It has a NEON PINK “foot”.  The device has no ‘shutdown’ command (either via WebUI or SSH, or anything) so you can’t cleanly shut down the unit, you have to manually eject via the WebUI.  Unplugging the device, at least with HFS+, can cause the filesystem to come up ReadOnly with no way to fix it from the Pogoplug short of ejecting the device and manually running the included chkhfs utility.  Even that may not work since the utility is based off hfsprogs, which aren’t very good.  It will claim errors, not tell you what they are, and refuse to fix them.  Morale, either eject before you unplug the Pogoplug, or use other, better supported, filesystems.  I also have no clue what happens to the device when it loses Internet connectivity.  It may turn into a pretty pink and white brick, I don’t know, that’s one of the only things that actually worry me so far. I’ll be toying with that in coming days and make an updated post time permitting.

I keep seeing a LOT of well meaning but mis-informed or mis-understood claims about IPv6, even in technical circles. What I am going to try to address here though is from the every persons point of view. What it is, why we need it, what it fixes, why it’s hard to deploy/make available, what it (may) mean for an individual user.

The article here was sparked by IO9′s Article.

What Is IPv6?

Well simply put it is Internet 2.0 or Web 2.0, despite what you may have heard from the media.  IPv6 is short for Internet Protocol Version 6.  We currently use IPv4. IPv6 has a truely massive number of addresses (really, it doesn’t relate in simple terms).  IPv4 has around 4 Billion addresses, of which about 3 Billion are useable.  IPv6 though is big enough to give every person on the earth, every device, every item, it’s own group of say a million addresses, and still have many trillions left over.

Why is IPv6 the Real Web 2.0?

AKA Why is it so had to get IPv6 out there?

Because it requires touching and replacing or modifying every router, every piece of software, every device, in order to support it.  Your web browser, your operating system (Windows, Linux, OS/X), your Internet router/gateway (which a LOT of people confuse between ethernet switches and these things), your wireless access points, your ISPs equipment, your TiVo, your smart phone, everything.  This is also why it’s so very hard to get out there.

Now the tech heads and geniuses out there responsible for this have developed a number of ways to assist this migration to IPv6.  To allow IPv4 and IPv6 to sort of talk to each other.  They can easily exist together, but talking to each other is another matter entirely.  These methods are not perfect, they suck actually.  From the IPv4 side, it’s like sending a letter addressed to a city rather than a person.  For IPv6 it’s easier, in fact, there’s a block of IPv6 addresses (these blocks of addresses are called a prefix, like an area code, so I’ll use the term prefix from here on out) that are set aside to map directly to the old IPv4 addresses.  That’s how big the address space in IPv6 is!  Whats the number?  OK you REALLY sure you want to know?  Fine.  2¹²⁸ — Two to the power of 128.  That’s in scientific notation 3.4*10³⁸ or a 34 followed by 38 zeroes (rounded). How big is that? Every single dollar bill of the American national debt could be individually numbered. And we’d still have a LOT of space left over. Heck we could give out a Trillion addresses to every person, device, or object on the planet, and still be likely to have leftovers.  The TCP/IP Guide has a Section On IPv6 Address Space Size

IPv4 addresses are everywhere.  Dotted quad’s we call them.  4.2.2.1 — 127.0.0.1 … etc.  Largely people are ignorant of them, and they damn well should be.  Numbers are for computers.  Humans name things, computers number them, and computers are REALLY good at translating and mapping between the two.  DNS is the protocol that does this.  And in that it’s been so successful that the vast majority of Internet users have no clue whatsoever that IP addresses (v4 or v6 or otherwise) even exist!  DNS itself needs to be revamped as a protocol in order to support IPv6 (and it largely has been) — and then redeployed too, globally.  This is taking place bit by bit.

E-Mail.  Every mail server has an IP address (or more than one in many cases).  It receives connections on that address from other mail servers and mail clients asking them to receive mail for, or send mail to, a given email address (user at domain).  Spam filtering software.  Anti-Virus software.

All of this stuff is on the list of things that need to be modified, or replaced for IPv6 support. The list is huge.

Why Do We Need IPv6?

We’re running out of IPv4 addresses.  No one in the beginning could possibly imagine that there would be such a huge number of devices connected to the Internet.  Now almost every phone, game console, and electronic device has some form of Internet connectivity.  That doesn’t necessarily mean each of these devices needs a globally unique address, but it makes things easier, faster, more reliable, and cheaper if each device does.  The reason is that if you use NAT (many many homes do this) your private address has to be mapped to a public one at some point.  This device has to keep track of each and every connection from each and every device that it’s performing this mapping for.  Worse some protocols put IP addresses inside of their data, and so the NAT has to know about these protocols, identify them, and modify the information inside the packets for these protocols!  (FTP is one such protocol, HTTP is not).

Well why not reuse all those “Web 1.0″ addresses?

IPv4 is “Web 1.0.”  The media gave us all that term, and most people have no idea what it means.  Web 2.0 (Go ahead and look, we’ll wait here) really only describes a bunch of web browser, JavaScript,  and HTML technologies and says nothing about the actual core guts of the internet IP, DNS, BGP (this is the ISP to ISP route sharing protocol — every ISP “core” router HAS to speak this to other ISPs), OSPF (this is one of a number of ISP internal route sharing protocols, MPLS.  Nor anything about a lot of other core internet protocols like HTTP, SMTP, IMAP, etc.

So wow I will get my own unique addresses?!

No, not likely.  This is because of the way that “core routers” (there’s no such thing by the way, which I will try to address in a moment) have to keep track of each unique destination.  Right now, and for the foreseeable future with both IPv6 and IPv4 the ay this works is that a ISP get a BIG block of addresses (BIG being relative in the terms of IPv4 or IPv6 — with IPv6 they get a LOT more space…enough in fact to have an IPv6 address within their own network for each IPv4 address and still have a billion left)… So they tell the other ISPs they’re connected to about that one big block, not about individual customers or devices.  They say to their neighbor “I can deliver packets to addresses beginning with 127.0, pass it along.”   Another ISP might have 127.1 another might have 127.2.0-15, etc.  IPv6 does the same thing.  IPv6 addresses are just so much longer I’m not using them in this example.  The neighbors only know about and remember the big block of addresses, not the individual addresses or smaller blocks given to individual customers.

Now within an ISP they keep track of many more much smaller blocks of addresses, maybe even down to individual addresses.  Inside an ISP similar trading of information on what addresses are served by which of their routers happens (no this does NOT happen with the average end user!).  The difference here is that since they’re all internal addresses, and a router notices when two or more addresses or blocks occur contiguously, they are often aggregated into a single larger block.  Think of it like this.  Router A is connected to B C D and E, E is connected to F and G.  F has 1 2 and G has 3 4.  E knows this, instead of telling A about 1 2 3 4 (and A further telling B C and D about 1 2 3 4) it just tells A 1-4.  Imagine this for a few hundred, and you can see the savings.  Instead of passing along each individual number it just tells it a range of numbers.  There are restrictions on how these ranges are made up (for the geeks out there it has to be on a bit boundary), but that’s the basic idea.

Wait what’s so different about inside an ISP versus outside?!  — simple, inside the ISP they know the adjacent addresses STAY adjacent and are inside the same entity, themselves.  Out in the bigger internet you can’t do that.  You might own 1 and 2, but someone else is 3 and 4.  And you don’t want packets for 3 and 4 arriving at your doorstep, now do ya?  Well that’s what would happen if the big ISPs aggregated routes together like that, because once a route is aggregated it loses it’s own unique identity.

Whats so wrong with having lots of routes then?  Two things, memory and speed.  Memory is finite.  And the memory used in big “core routers” is far more expensive (and far faster too) than your desktop or laptop memory.  Speed is the other reason.  Big routers have less than a microsecond to decide where a packet is supposed to be going, and do something about it. They make a huge number of these decisions in parallel too, and each of these decisions have to reference some part of the database of what-goes-where that the router has built up for itself based on who it’s connected to, and what they say they are connected to.

Earlier you said there’s no such thing as a “core router”?

Indeed I did.  For this discussion, you don’t have a router.  Indeed we at ISPs call what you have CPE, Cutomer Premise Equipment, or an End User Gateway Device.  They’re meant to connect one machine, or a very small number of machines (4-5 at most typically) to the ISPs router and from there the internet at large.

The internet is a bit more like a web.  A cobweb.  Lots of different parts connected in lots of different ways.  You as a end user are only connected at one point, to your ISP via your cable modem, DSL line, satellite, smart phone, or, old fashioned dial up modem.  Your ISP, if it’s a small local ISP will be connected to 2 or more (usualy atleast 3 or 4) larger ISPs, and possibly some other small local ISPs or local business customers that have their own routers.  Each of these routers tell each other who they’re connected to.  As connections between ISPs are made, and broken, this changes.  Each of these changes ripples through the internet, so when an ISP in say Missoula, MT disconnects from another ISP here in Montana that has been telling everyone it’s connected to that it is connected to that ISP, every big ISP knows in seconds, and every small ISP in some seconds after that.  So what just happened in Missoula, MT is known in Beijing, China in very short order.

This is also another reason why individuals can’t have unique addresses that move between ISPs  You may not move from one ISPs territory to another very often, but there are billions of people out there.  Imagine now that those updates too have to be propagated and stored.  Starting to see the problem?

Larger businesses with dozens or hundreds or workstations, or on site servers, or other specil high reliability requirements connect to ISPs in much the same way as ISPs connect to each other, they just don’t say to ISP B “hey I am connected to ISP A so you can reach ISP  A through me” but they do tell both A and B that they have the addresses 6 7 and 8 say.  This is called multihoming.  Why?  Well think of an ISP as a “home” for an address.  Your address exists at multiple “homes” when you connect with multiple ISPs and advertise to each of them your block of addresses.  There’s an intentional barrier to entry here because ISPs do not want, and cannot support, an unlimited number of these connections, because each of these connections requires the Internet as a whole to see and remember the unique block of addresses assigned to that business.  And whenever that business disconnects (say they’re upgrading their network or have a long lasting power outage) from one ISP or the other, the whole Internet hears about it, each router tells all it’s neighbors about that change in connectivity.

There’s a LOT of research going on into better ways of dealing with the global routing table (that’s what it’s called…but there really isn’t one table, it’s more like each router has it’s own idea or ideas at what the routing table looks like right *now* and if you wait even half a second, it’s going to change, probably several times) but no one has found a silver bullet yet.  And even if/when they do, there’s still the same problem we have with IPv6, all the ISPs have to adopt and deploy it, everywhere.

If there’s interest I’ll go into TCP/IP, UDP/IP, DNS, and BGP/OSPF/Routing in a separate article (or articles).  How a connection is established, what NAT is, what a Firewall is/does and why NAT and firewalling are different, and why routing is different than those two.

Well I made the leap to Windows 7 after having to buy a new laptop (long story short the desktop is dead). Upon upgrading to Win7 RC1, as the laptop came with Vista, my Time Capsule disks stopped working with a mysterious username/password error number 86. I never was able to find out what the hell that meant, but I made an educated guess that Microsoft had disabled some of the old password standards, say NTLM maybe.

That turns out to be the case. These same instructions will probably get Windows XP and Windows 2000 shares to work with Vista and Win7.

Open the Local Security Policy MMC applet, you can do this by searching for Security in the start menu or from the command prompt by typing:

%windir%\system32\secpol.msc /s

Once there open the Local Policies folder, then the Security Options view. From there find “Network security: LAN Manager authentication level” – you will probably find this is set to “Send NTLMv2 response only” – change this to “Send LM & NTLM – use NTLMv2 session security if negotiated” – this does lower your security level but is pretty much required to work with anything pre-vista.

Further down you should see “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” – you may have to make sure that both require boxes there are unchecked as well.

This should get your Time Capsule, Airport Disks, and Pre-Vista SMB/CIFS shares working again!

I’ll try to keep this updated.

But Mr. SysOp, how lame are you that it’s going to take months to setup a machine?!  I have a day job folks.  A BUSY day job.  Doing SA work in my VERY limited spare time is hard, and not very attractive.  So yes it could take a while.  I might throw up Nexenta or the free ESX and find out I hate it.  I want to have time to play with those options before I commit to moving live services to it.  Once I do that I’ll be totally stuck with my choice, warts and all.

*sigh*

deactivate neighbor 216.x.y.z

commit

If a woman ever tells a man size doesn’t matter, she’s certainly not being truthful.  Similarly anyone talking about packet sizes is also spinning a yarn.

Tunnels can and will reduce your MTU.  A lot of consumer NAT devices don’t handle/pass along the ICMP Unreachable codes packet-too-big and cant fragment correctly.  This means people end up ‘broken’ trying to access your site.  PMTU extensions can maybe help in some cases, but if the messages are getting dropped nothing will help.

We’ve been experiencing such a state/problem.  The most obvious place having an issue is the Comcast Mail Servers and the RoadRunner Mail Servers.  Individuals have also been experiencing it.

Worse we’ve had a hard time narrowing down the problem path.  Because it’s intermittent.

*sigh* Epic Failure.

We’ve been seeing occasional problems with a tunnel “somewhere” on the internet getting into our path.  It shouldn’t be a problem except that it seems a lot of firewalls still filter ICMP Unreachable’s at the least.

DON’T DO THAT.

Now we can do SSL Names Based VHosts….sorta.  Only IE7 on Vista, Opera 8, and Firefox 2+ support it (sni.velox.ch is a test site FYI).  C’mon Apple!  Get with it.  And Microsoft?  WTF is up with Vista only support.  

Soon.  Soon.  And this becomes more and more important as we run out of IPv4 addresses.  In fact for a LOT of places, it’s the primary use of IPv4 address space, including here!

YIM also has an awesome quirk, that has gotten better and worse, of rather apparently randomly filtering messages, especially messages with URLs according to some scheme only they seem to know.

Another quirk of YIM is sometimes you get queued messages without being told that happened.  So the person logs in sometime later and gets stuff you thought they were just ignoring.