IETF Logo Mail Archive

Re: [arch-d] Treating "private" address ranges specially

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 01 April 2021 01:30 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82473A0BFD for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 18:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ncsSeO-zv9CG for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 18:30:40 -0700 (PDT)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC4943A0BF5 for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 18:30:12 -0700 (PDT)
Received: by mail-pg1-x52b.google.com with SMTP id l76so534717pga.6 for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 18:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=7p1QLk614E65gNJ2FGA4gFAwws3TZXTEEBZzU8hZW/U=; b=EPs4XGgcHQTuWymJrAheXNhI7OWElf38nxBYHbA47MybbEJ+C5Qk4G1QONN86cM0ck EMAYw5Q2CaB1drh3T2PDWYkBv3bwhkCezs8LPqhtWiZ4TkjpsEI8yA0gI18sCQNJU+D9 C3oDtTi+3qyGEqYgd2j/16v6teG45ooyymYCvRJcik19BP8bWlc3E7FbXYjtq5+Eq6d4 4AyZjxHsLNGTxhOovt8r3DfreKuCRIHYb0vvWpaf19+pOiJrshU1giGwd47zL9WBgyoM cfWWGv1A3sMOOQJMVTJaJCAvOYdYAC+2QQOtH/cjgDoM/lV6oSHjnKLgVTvqAel5rKcH 6D7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=7p1QLk614E65gNJ2FGA4gFAwws3TZXTEEBZzU8hZW/U=; b=cO5M0iBCJLQ/RtRP2rdkxBmvS4TKtSfmuPTOCBps3cTsd1cvtRQ+ArSRAtYl0L6s27 7mEbuJVZA4N75uCd0N00gAtJaD8MiyYyP/V62kfujD//fMh816IEyBNdaQIY3bCDl7Wh 8Dix2HkRv6dsBuGUE1FpuZXzI2SVmSHjOCzUsZi1QkM+G57NPzA2DZnfRH37twvWNRTk UgmA/supqR/t8pyqkolh/xp9N/UHsdLXhB7blIN+3bzVI0tSQZH6I1Y54X0rPfP/puiY ogsMw2lPBbZMMWA7OhKqwlYnBxOpYhwY/cli2erPvByoLQTwDubosd9sxV8Ar3A11VmS BO+w==
X-Gm-Message-State: AOAM532vJ7HyIRPmKUT/r3hD0N27HwujqX2LYcOaqGbRFNN5NRBat/qR tN7oSRFWqg8jmWo1fJJFZ3sL/FrM9edEqQ==
X-Google-Smtp-Source: ABdhPJxbdlXqjKCunu2P8/bSMNumdDl/pNqA0S0dHo6PV5g//QfRKZ0M+g/r6A0sYFzHw6N8g/VP1Q==
X-Received: by 2002:a62:6413:0:b029:1f3:a5b4:d978 with SMTP id y19-20020a6264130000b02901f3a5b4d978mr5436665pfb.44.1617240609317; Wed, 31 Mar 2021 18:30:09 -0700 (PDT)
Received: from [192.168.178.20] ([151.210.131.14]) by smtp.gmail.com with ESMTPSA id e190sm3422310pfe.3.2021.03.31.18.30.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Mar 2021 18:30:08 -0700 (PDT)
To: Joseph Touch <touch@strayalpha.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, Erik Kline <ek.ietf@gmail.com>, architecture-discuss@ietf.org
References: <4329d51a-d5ba-45b3-9fb0-6795dc6fccd3@www.fastmail.com> <CAMGpriWA4B8AThNKBOHo-bfAdQ2s5iYv8rBOB7X8UVc5GsqENA@mail.gmail.com> <CAMGpriUJkWYPyw7=oAj_GnGu2J14T3=VZYNWPZtAs870P=x0sg@mail.gmail.com> <a68636c2-5df0-46eb-8147-79ec6a992f8a@www.fastmail.com> <CAMGpriU_L8HbLFX_mMBtBXxy=XOc5BAnYgVR9R8TQO=DPvRD_g@mail.gmail.com> <F59E2FC3-19CE-4D14-9F1C-9F7125D89455@mnot.net> <CAMGpriVJCsird15oBfT=gSDTr59_yf9TkLmOSO7a9DGX0VRjOg@mail.gmail.com> <CA+9kkMB2iOA-QaCidJHVN=qqZ8TtPXV=xyfuKh+i44VzZLWG3w@mail.gmail.com> <0cfae1b5-378d-1b28-9a60-89ef15cd793a@gmail.com> <1E1FB005-5830-46E0-B8DA-9ADC89A13B1E@strayalpha.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <0f1d54e4-07da-725a-a655-66c226d44027@gmail.com>
Date: Thu, 01 Apr 2021 14:30:04 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <1E1FB005-5830-46E0-B8DA-9ADC89A13B1E@strayalpha.com>
Content-Type: multipart/mixed; boundary="------------D5040E703C9FA6A2E65969D7"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/3dOtPbmub-uXzUHaSM1RlQuhzC4>
Subject: Re: [arch-d] Treating "private" address ranges specially
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 01:30:43 -0000

On 01-Apr-21 13:17, Joseph Touch wrote:
> 
> 
>> On Mar 31, 2021, at 1:27 PM, Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
>>
>> On 31-Mar-21 22:07, Ted Hardie wrote:
>>
>> <snip>
>>
>>> The document's description of the address space architecture is:
>>>
>>>
>>>      2.1. IP Address Space
>>>
>>> Every IP address belongs to an IP address space, which can be one of three different values:
>>>
>>> 1. local: contains the local host only. In other words, addresses whose target differs for every device.
>>>
>>> 2. private: contains addresses that have meaning only within the current network. In other words, addresses whose target differs based on network position.
>>>
>>> 3. public: contains all other addresses. In other words, addresses whose target is the same for all devices globally on the IP network.
>>
>> The problem is that this classification is worse than heresy; it's nonsense.
> 
> How is this different from RFC6890?

While 6890 is better than what came before, I'm afraid that it still doesn't capture reality (and therefore the IANA registry doesn't either, which is no fault of IANA).

>> 1) local. That seems trivially true
> 
> Again, RFC6890?
> 
> ...
>> 2) private. There is no definition of "private" address in any IETF document. 
> 
> RFC1918??

Yes, you're right, it does use the word "private". But that is in some old out-dated address space where things are relatively simple. In any case, the definition proposed in the cited document doesn't seem to limit itself to that, but tries to extrapolate the same categories to IPv6 and that simply doesn't work.

> 
>> 3) public. Ditto. Globally reachable != public.
> 
> AFAICT, those are equivalent terms; there are lots of “not officially private”, “not officially local” addresses that are not globally reachable either (e.g., most things behind NATs).
> 
> So at best, this hierarchy isn’t ill defined or lacking RFC authority; it’s just incomplete.

I really don't agree. There is a class of address prefixes that are *potentially* globally reachable and therefore potentially public, but there is no way to know by looking at a specific address. So there is no algorithm to reliably return "private" or "public". When I worked for the Network 9 company, you would have needed quite a large table to know which 9.x.y.z addresses were public and which were private. When you installed the corporate VPN, it didn't install a single route to 9/8. It installed a local routing table with a page or two of prefixes. The sort of algorithm proposed here would simply return "public" for any such address. (Try the attached Python script.)

Regards
   Brian

v2.23.0 | Report a Bug | By Email