<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/06/2013 08:29 PM, Mark Smith
wrote:<br>
</div>
<blockquote
cite="mid:1360146566.11967.YahooMailNeo@web142504.mail.bf1.yahoo.com"
type="cite">
<pre wrap="">Hi,
There's been a discussion over the last few days on the IETF IPv6 6man (IPv6 maintenance) mailing list regarding the use of MAC addresses to generate IPv6 Interface Identifiers. One of the issues relates to how unique MAC addresses are.
Following on from "The Wild West" presentation I posted the other day, I emailed HD Moore to see if I could get some numbers regarding numbers of occurrences of duplication of individual MAC addresses. HD got back to me today, I've posted them at the following mailing list archive URLs. Make sure you're sitting down.
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mail-archive/web/ipv6/current/msg17105.html">https://www.ietf.org/mail-archive/web/ipv6/current/msg17105.html</a>
</pre>
</blockquote>
<br>
I guess this paves the way for a new SLAAC algorithm that uses a
timestamp along with the MAC and hashes it into 32 bits so we can
use sensible subnet lengths in IPv6-land. I for one welcome our new
/96 overlords. <span class="moz-smiley-s1"><span> :-) </span></span><br>
<br>
Or then again, maybe it's not a problem:<br>
<p>[Disclaimer: I'm sure smarter people than me have put more time
and thought into the issue, so apologies if this is old news, but
it was fun to spend a few minutes finding out how many /64s China
already has and fiddling around with some big numbers.]<br>
</p>
If we assume that Huawei is the main vendor of concern (300,000-ish
duplicate MACs, according to the graph in HD Moore's slide deck
which you linked to on Saturday), and that 100% of their devices are
in China (not a good assumption, but it makes the figures more
conservative), and that duplicates are spread around evenly (an even
worse assumption, but i'm not sure how to compensate for it), we can
get an idea of how likely MAC address clashes are.<br>
<br>
The average number of duplicates per address must be dramatically
less than 60,125 (#10 on the list in your post to the IETF list),
because 300,000 * 60,125 = 18,037,500,000 = more Internet-capable
devices than exist in the world today. But it's a small number
(only about 3-4 times the current number of deployed devices on the
Internet, based on the last figures i read somewhere), so it's a
good start for now.
<p>Then we can make some calculations:<br>
</p>
<ul>
<li>There are 234 IPv6 delegations from APNIC to China
(<a class="moz-txt-link-freetext" href="ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-latest">ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-latest</a>)</li>
<li>These delegations are of various lengths, totalling 7463 bits
of subnet space, or 62,650,688,471,040 /64s</li>
<li>This gives a ratio of duplicates to subnets of 1:(2^7463 /
18,037,500,000) = 1:3473</li>
</ul>
<p>Those odds seem pretty reasonable to me, especially given that:<br>
</p>
<ul>
<li>The number of IPv6 delegations will grow dramatically over the
next few years, expanding the potential space.<br>
</li>
<li>We've assumed that Huawei is capable of producing 18 billion
devices before fixing their duplicate MAC issue.<br>
</li>
<li>The next-closest vendor is a long way behind Huawei in terms
of numbers of duplicates.<br>
</li>
<li>It assumes that all devices with duplicate MACs are
concentrated in their country of origin.</li>
</ul>
I downloaded the above APNIC delegation report, imported it into
LibreOffice, filtered out everything but China, and made some
calculations here if anyone cares to check:
<a class="moz-txt-link-freetext" href="https://docs.google.com/spreadsheet/ccc?key=0An2Wre4MNFNHdG9aQl9Yb25tWUNDbUh6eURQVUFsT2c&usp=sharing">https://docs.google.com/spreadsheet/ccc?key=0An2Wre4MNFNHdG9aQl9Yb25tWUNDbUh6eURQVUFsT2c&usp=sharing</a><br>
<br>
Paul<br>
<br>
</body>
</html>