[addr-select-dt] Proposed default policy table

"Tony Hain" <ahain@cisco.com> Thu, 08 July 2010 17:08 UTC

Return-Path: <ahain@cisco.com>
X-Original-To: addr-select-dt@core3.amsl.com
Delivered-To: addr-select-dt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9963A3A6B16 for <addr-select-dt@core3.amsl.com>; Thu, 8 Jul 2010 10:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.74
X-Spam-Level:
X-Spam-Status: No, score=-8.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGA9SNQe1+M9 for <addr-select-dt@core3.amsl.com>; Thu, 8 Jul 2010 10:08:29 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id BF5573A6B13 for <addr-select-dt@ietf.org>; Thu, 8 Jul 2010 10:08:29 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApcFAAujNUyrR7Ht/2dsb2JhbACTc4EWiyhxpnGBfgsBmG4NhRgEg3k
X-IronPort-AV: E=Sophos;i="4.53,559,1272844800"; d="scan'208";a="155781156"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-4.cisco.com with ESMTP; 08 Jul 2010 17:08:34 +0000
Received: from eagle (ssh-sjc-2.cisco.com [171.68.46.188]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o68H8aTA000120 for <addr-select-dt@ietf.org>; Thu, 8 Jul 2010 17:08:36 GMT
From: "Tony Hain" <ahain@cisco.com>
To: <addr-select-dt@ietf.org>
Date: Thu, 8 Jul 2010 10:08:18 -0700
Message-ID: <0f4301cb1ec0$297b4650$7c71d2f0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcsewCjnNmWuUu/XRJqLverIhfUvdw==
Content-Language: en-us
X-Mailman-Approved-At: Sun, 11 Jul 2010 06:00:56 -0700
Subject: [addr-select-dt] Proposed default policy table
X-BeenThere: addr-select-dt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ahain@cisco.com
List-Id: IPv6 Address Selection Design Team <addr-select-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/addr-select-dt>, <mailto:addr-select-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/addr-select-dt>
List-Post: <mailto:addr-select-dt@ietf.org>
List-Help: <mailto:addr-select-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/addr-select-dt>, <mailto:addr-select-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2010 17:08:30 -0000

For updating 3484-revise section 2.2, the table I have been running at home
for some time is:

Precedence  Label  Prefix
----------  -----  --------------------------------
        90      0  ::1/128
        75      1  fc00::/8
        70      1  fd00::/8
        50      2  2001::/16
        50      2  2400::/8
        50      2  2600::/8
        50      2  2a00::/8
        50      2  2c00::/8
        40      3  2002::/16
        30      3  2001::/32
        20      4  ::/0
        10      5  ::ffff:0:0/96
         5      6  ::/96
         4      6  fec0::/16

The explicit label 2 set is due to a bug in the vista stack, as that should
be a single entry of 2000::/3, (and the fec0 should be /10). The differences
from the proposed one in the October text are: 
- Adding explicit entries for each half of the ULA space to prefer local
when possible (rule 2).
- Explicitly listing 2000::/3 to avoid default resulting in the ambiguous
choice of ula as src.
- Keeping teredo and 6to4 as tunnels labeled the same.
- Tunnels before default to avoid the ambiguous choices default will result
in.
- packaging all deprecated prefixes in the same label.

The currently proposed table in 2.2 does not solve the problem in 1.1, so it
would be good to move that example to an appendix or at least after the 2.2
discussion, and replace it with the one of a host selecting between Internet
access and a closed network. 

I understand the desire to move teredo to less than IPv4. While I disagree
with the premise, a resulting policy table that does that might look like:

Precedence  Label  Prefix
----------  -----  --------------------------------
        90      0  ::1/128
        75      1  fc00::/8
        70      1  fd00::/8
        60      2  2000::/3
        50      3  ::/0
        30      4  2002::/16
        20      5  ::ffff:0:0/96
         5      4  2001::/32
         1      6  ::/96
         1      6  fec0::/16

I suggest leaving 10, 40, & 80 in the precedence so people can move IPv4 or
ULA around without feeling the need to rewrite the other labels (they don't
have to, but an obvious hole to park it in reduces confusion). I haven't
tried that, and don't have time before I leave today, but I will put that in
and see how it works before the IETF meeting. It should be close to what the
current text was trying to get to, but with the explicit ula and gua
prefixes to avoid default it should work more consistently.

Tony