IPv6 and the need for IPAM

For many, the thought of moving to IPv6 is aipv6 theoretical exercise.  The thinking goes that the existing network, running IPv4, with a mixture of route-able and private IP addresses is more than enough for today, and tomorrow.  Why complicate things?  The straight facts are IPv4 exhaustion is coming, and organizations will need the appropriate “hands on” skills in working with IPv6.

For the unfamiliar, IPv6 is the successor to IPv4.  IP or “Internet Protocol” is the underlying technology that allows you to be reading this blog post.  At its simplest, IPv4 assigns your computer a location on the network, a location that allows routers a way to get information to and from your system.

Then, one could assume IPv6 is a simple upgrade, since TCP, UDP and ICMP continue to operate in a similar manner.  The short answer is “no.”  IPv6 uses a base 16 notation to denote it’s address.  IPv4 uses a quad dotted base 10 notation.  It means that for network admins and architects, the simple familiar 123.123.123.123 becomes abcd:abcd:abcd:abcd:abcd.  With the address space being trillions of trillions of trillions of times bigger, concepts like NAT go away.  You do not need them, when every star in every galaxy in existence could have it’s own 4.3 billion addresses.

Why no NAT?  There is no need since every address is route-able.  Applications in addition to using ports, could use IPv6 addressing schemes for control and backplace operations as well as data transport.  Our method of layer 4 to 7 communication fundamentally changes.

To start on this journey, a good IPAM (IP Address Management) solution is needed.  Beyond spreadsheets, or Active Directory, think of how your organization will handle this transition.  It is coming, and the sooner organizations prepare, the better.  IPAM brings benefits of managing the IP space effectively, and combine that with Software Defined Networks (SDN) you can get some very powerful ways to reduce the costs of transition and get a better managed network out of this.

It’s best to start now, rather than later.  Blue Cat provides some very robust software that happens to provide IPAM functionality and SDN components that take network and address management to the next level.  If you are thinking of modernizing your network, they should be in your list of products to review.

Not getting the most of your Internet speed?

ERLFor the last few months, Internet speed here at itinthedatacenter.com have been less than impressive.  With a Business connection, the advertised speed earlier this year was 45mb/s down and 10mb/s up.  That increased in late May and early June to 60mb/s down and 10mb/s up.  Normally, 45mb/s was what we could hit all day long.  With the upgrade, we where hoping to get that extra 15mb/s  out of our connection.

For the last 4 years, since practically the days when I first got the business line, I have been using a very reliable Cisco 851 to do the routing.  The little machine is simple, and it never once ever hung or died like some of the consumer routers from Speedstream or Netgear did on me.  Knowing the router is very low end, I only really ran some NAT on it, and that was about it.

In March, after years of the same, I decided to enable the Firewall on the unit.  Now some will say “no way!” you lived that long without a firewall on the internet.  Truth is, since the router was NAT, it only allowed in a specific set of ports and only what was outbound, but it was not configured to do anything about spoofed packets or other problems.  I run a DMZ firewall that does screening and other IPS, so I was not too concerned.  However, I wanted to start a bit more filtering on the edge.

I enabled the firewall on the Cisco, and after a few days, I noticed the speeds hover at 30mb/s.  Speedtest after Speedtest, it did not matter, the speed was the same.  In early August, I contacted my provider, who also provides a Cisco 851 for my network access, and asked them to swap some gear and test for me.  Sure enough, they swapped the 851 for a 867VAE.  They performed their tests from that new router they got the full speed.  Hooked up the old Cisco behind the new router, and the speeds fell to 30mb/s.  We identified the culprit!

I had a choice, eBay a bigger, more power hungry Cisco, or find something that is enterprise class, but, not as expensive.  After looking at Mikrotik (which is very good BTW), I settled on the EdgeMAX Lite by Ubiquiti.

The price and the performance have been very good!  The initial set up and upgrade of the firmware to 1.5.0 was challenging, but once that was done, the network speeds have improved.  I now run the same configuration as the Cisco, Firewall and NAT enabled, and get 60mb/s all the time.  The CPU on the machine sits around 6% when at full speed here. This is the new model with the proper venting, so, I expect it to perform really quite well for the next while.

If you are suffering from poor Internet speed, and you have a fast connection like we do, seriously consider the EdgeMAX Lite (ERL).  The price and performance cannot be beat!

Follow-Up: Inexpensive FXO/FXS cards and Bell Canada Caller-ID

Caller-IDI promised an update on the status of the inexpensive FXO/FXS card I had ordered.

The card arrived in early May, after some very quick shipping.  The packaging was good, and the card came undamaged.  It is your typical Wildcard AEX410 card.

I mentioned trying this on VMware to see if I can virtualize it.  Well, as it turns out even vSphere 5.5 cannot use this card in VT-d mode.  The card is a PCI design, that sits behind a PCIe bridge.  That’s something VMware says will not work.  I tried a number of settings but no luck. The card would kernel panic the VM every time.

In early August, some lightning storms had the pleasure of taking out one of my trusty SPA3102’s.  These are not the most amazing VoIP gateways, but it was good for Caller-ID.  I have struggled for years looking for FXO system that will work with Bell Canada’s Caller-ID.  So far, out of all the products (AudioCodes, SPA, Grandstream, Wildcard) the only product that reads Caller-ID from Bell Canada is the SPA3102.

With the end of my trusty unit I put a physical server in to host my VoIP PBX, along with the Wildcard AEX410.  The Wildcard works just fine in that system with the same V2P (yes, Virtual to Physical!) converted system.  Since even the Wildcard will not read the Caller-ID, I have  a replacement SPA3102 daisy chained to the Wildcard FXO port.  If the power goes out, the SPA will still et the call work, which is great. So far, this combination gives me clear voice calls on the PSTN line, something the SPA itself cannot do, and I get Caller-ID.

The Wildcard works great, except, if you want Caller-ID in Canada, you will need to go with someone other than Bell Canada.