IETF Logo Mail Archive

Re: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability

Fernando Gont <fgont@si6networks.com> Wed, 15 April 2015 16:35 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 791131B3626 for <dhcwg@ietfa.amsl.com>; Wed, 15 Apr 2015 09:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ga2cVae2wL0m for <dhcwg@ietfa.amsl.com>; Wed, 15 Apr 2015 09:35:12 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6611B362B for <dhcwg@ietf.org>; Wed, 15 Apr 2015 09:35:12 -0700 (PDT)
Received: from cl-1071.udi-01.br.sixxs.net ([2001:1291:200:42e::2]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fgont@si6networks.com>) id 1YiQHO-0006tc-B4; Wed, 15 Apr 2015 18:35:10 +0200
Message-ID: <552E9307.6010205@si6networks.com>
Date: Wed, 15 Apr 2015 13:34:15 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Lorenzo Colitti <lorenzo@google.com>
References: <489D13FBFA9B3E41812EA89F188F018E1CA32071@xmb-rcd-x04.cisco.com> <CAKD1Yr0ojVmk-ctUO313zvAx01P=B-A2zVuwDm73+dLgVwDLOw@mail.gmail.com> <55250DF2.8050001@si6networks.com> <CAKD1Yr33wFmjjqjYu8YEpqYvnn=kh9oJhe1YAC7UEzacQFBaWg@mail.gmail.com> <55251EFA.4000204@si6networks.com> <CAKD1Yr0XK-DQkcJKwTYmiWzCzZs4pubCme9rAgoZ_ig-P5MgsQ@mail.gmail.com> <55253F14.6000706@si6networks.com> <CAKD1Yr0Q2634Rfw0_9NiU+-S_yfD2RwPs7uPWAbTuOADyx8bHg@mail.gmail.com> <5526B5F9.9090707@si6networks.com> <489D13FBFA9B3E41812EA89F188F018E1CA499A7@xmb-rcd-x04.cisco.com> <5526D45A.9020701@si6networks.com> <CAKD1Yr2g9sc8Y3URBMt=yNkD61-iG37rpNc5ZXJHjLfghD3KJA@mail.gmail.com> <5527FA77.5070301@si6networks.com> <CAKD1Yr3M0gbbbE6a=DfT1SW7jeXoHX1EQMbDagtF-+n13sAQ0w@mail.gmail.com> <552C679E.4020305@si6networks.com> <489D13FBFA9B3E41812EA89F188F018E1CA66028@xmb-rcd-x04.cisco.com> <552D6343.9050404@si6networks.com> <CAKD1Yr1v7Rf+uKCcYwsCKkSTuRUegQVMuPDfefR71Xb836LqaA@mail.gmail.com>
In-Reply-To: <CAKD1Yr1v7Rf+uKCcYwsCKkSTuRUegQVMuPDfefR71Xb836LqaA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/ZfmOUmXaWCW31aJOObj6I3LyV-Y>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "Bernie Volz (volz)" <volz@cisco.com>
Subject: Re: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 16:35:13 -0000

On 04/14/2015 10:09 PM, Lorenzo Colitti wrote:
> On Wed, Apr 15, 2015 at 3:58 AM, Fernando Gont <fgont@si6networks.com
> <mailto:fgont@si6networks.com>> wrote:
> 
>     That is true. In the first version of the I-D we didn't support ranges.
>     Now we do, and we should certainly put a huge warning that the address
>     space should be huge, or things don't work as expected.
> 
> Supporting stateless allocation in anything smaller than a /64 is harmful.
> 
> You are creating the risk that people coming from outdated IPv4
> assumptions will take a /112, think, "That's big enough for everyone,
> right? I only have a few hundred hosts. And I want to limit my subnet
> size to avoid these ND cache DoS attacks I've heard about," and get
> burned by the fact that there's a 50% chance of collision when there are
> 250 hosts in the network. Because your algorithm doesn't support
> collisions well, they'll be completely stuck.

The only reason for which ranges are supported is such that you can
reserve a small part of the address space for static allocations.

Reserving ~100-1000 out of the 2**64 addresses is more than enough for
that purpose, and does not affect the collision rate.



> Before you argue that it makes sense to support stateless allocation
> when the subnet is "large enough" - how large is large enough? People
> used to fully-stateful IPv4 deployments with forced forwarding (e.g.,
> large conference networks that force 1 IPv4 address = 1 MAC address and
> don't use broadcast ARP because the wifi chipset filters it out for
> them) may well do something like /96 (That's large enough, right? It's
> the size of the whole of the IPv4 Internet!) and put 20,000 hosts on it
> and fall over in the same way. Yes - large conferences like MWC do have
> 20k hosts on the same subnet.

Sorry, I don't follow. I never argued in favor of non-/64 subnets. And,
as noted above, the only reason for which our I-D supports ranges is so
that you can reserver a tiny bit of the address space for static
allocations. That's it.



> Also - if you change the range size, do all the addresses change? That
> would make it an even worse idea.

They don't. It's the Prefix that we include in F().

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email