Skip to content

Month: June 2017

A case for IP v6

So when companies talk about IP V6, it is very often at the scope of “terminating V6 at the border firewall/load balancer and then lead it as V4 into the internal network. Problems that arise there are most often tracking problems (»Our internal statistics can’t handle V6 addresses in Via: headers from the proxy«).

But when you do containers, the need for V6 is much more urgent and internal. Turns out that Docker Port Twiddling is exactly the nuisance that it looks like and networkers strongly urge you to surgically remove all traces of native Docker networking bullshit and go all in on IP-per-Container. Mostly, because that’s what IPs are for: Routing packets, determining their destination and stuff. Networkers have ASICs and protocols that are purpose-built for this stuff.

Now, let us assume you have a modern 40- or 56-core machine that you are running stuff on in your Kubernetes cluster. It means that you will easily at least 30 and up to 100 pods per machine. In a moderately sized cluster with some 100 nodes you get to use 100×100, 10.000 IPs to handle that. And because IP space is not handed out in sets of one, but in the form of subnets per node, you will have need for more than 10k addresses. Expect to consume a /17 or /16 to handle this.

Even if you are digging into 10/8 for internal addressing here, this is going to be a problem – it’s unlikely that you will be able to use all of 10/8, because non-cluster things exist, too, in your environment, and you will likely have more than one cluster.

With V6, things are becoming a complete non-issue, with the minor issue of getting V6 running on the inside of your organisation.

Leave a Comment

A day with planes

Where I live, at the bottom of a dried up lake, 10 feet below sea level, it looks like this.

Polderbaan

I am getting there by bike, it’s less than five minutes. And because there is friet and ice cream available in the parking lot, the Schnuppel wanted to go there. Ice cream and large airplanes, in this order.

2 Comments

Google Chrome integrates Adblocker

The Ad and Adblock situations both are now so bad that even Google considers integrating an Adblocker by default into the Chrome browser.

This is a twofold action. It’s purpose is of course to filter out ads, the worst of the worst in annoyance and the obvious malvertising. It’s purpose is also to take back control on adblocking, because it will let through acceptable ads according to the Coalition for Better Ads standards.

CfBA condemns Popups, Sound, Prestitials and Large Stickies on the Desktop, and more on mobile.

It will be interesting to see if it changes anything. People are truly beyond caring.

1 Comment

Kyle reviews Prey

Kyle Kingsburg is usually known for his work in distributed systems verification.

But he is also a Gamer, and he reviews Prey (The review is 100% Spoiler, if you care about these things) and in particular the story, the storytelling mechanisms used and their relationship and adequateness for the themes the game touches.

I know nothing about Prey, and am also only mildly interested. But the style of discussion and the view on story and storytelling was reminiscent of literature or theater criticism and review, the kind you get when you listen to Deutschlandradio or NDR Kultur over breakfast.

In a way, #neuland again, because this is precisely not how “high culture” in Germany deals with modern media – but it should.

1 Comment