Re: [GROW] draft-behringer-lla-only and draft-ietf-grow-private-ip-sp-cores
"Michael Behringer (mbehring)" <mbehring@cisco.com> Tue, 17 July 2012 12:48 UTC
Return-Path: <mbehring@cisco.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71EF821F85A2; Tue, 17 Jul 2012 05:48:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.999
X-Spam-Level:
X-Spam-Status: No, score=-9.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ccKm3qvhCwIk; Tue, 17 Jul 2012 05:48:11 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id E5D9921F857A; Tue, 17 Jul 2012 05:48:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8624; q=dns/txt; s=iport; t=1342529338; x=1343738938; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8asSaACKdXk2ZXsQQUewRLWDGfj6T1WsZZ27cMJZTEA=; b=Ag5VWgW/wYza7pyjVH3Uy6nRA4WKhUkxzhPKu22W6N/HlWidA2TScZHB 3nneSoc7NXCvcR2T9eES4CytW5YCJSF28yUPAx07nNbQwPLlQAJQ7puUU QBEHN3zfi7NhldEX0Pea6FSlTqpnAoXxNM/DFP0bWAO8UYCulz+FPn7ZU I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAPBeBVCtJXHB/2dsb2JhbABFuU+BB4IgAQEBBAEBAQ8BJzQEBwwEAgEIEQQBAQsUCQcnCxQJCAEBBAENBQgBCwcHh2sLnFqgMotAFAaFTWADlk+NEIFmgl+BVgk
X-IronPort-AV: E=Sophos;i="4.77,603,1336348800"; d="scan'208";a="99613793"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-9.cisco.com with ESMTP; 17 Jul 2012 12:48:37 +0000
Received: from xhc-rcd-x01.cisco.com (xhc-rcd-x01.cisco.com [173.37.183.75]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id q6HCmbwH025133 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 17 Jul 2012 12:48:37 GMT
Received: from xmb-rcd-x14.cisco.com ([169.254.4.60]) by xhc-rcd-x01.cisco.com ([173.37.183.75]) with mapi id 14.02.0298.004; Tue, 17 Jul 2012 07:48:37 -0500
From: "Michael Behringer (mbehring)" <mbehring@cisco.com>
To: "George, Wes" <wesley.george@twcable.com>, "grow@ietf.org" <grow@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: draft-behringer-lla-only and draft-ietf-grow-private-ip-sp-cores
Thread-Index: Ac0M1PTc8z4ZGA26S5W5umLx5IqzdwB6fdhwFVYuJJA=
Date: Tue, 17 Jul 2012 12:48:36 +0000
Message-ID: <3AA7118E69D7CD4BA3ECD5716BAF28DF02C124@xmb-rcd-x14.cisco.com>
References: <20120328112128.19122.59432.idtracker@ietfa.amsl.com> <DCC302FAA9FE5F4BBA4DCAD465693779173D6E9C51@PRVPEXVS03.corp.twcable.com>
In-Reply-To: <DCC302FAA9FE5F4BBA4DCAD465693779173D6E9C51@PRVPEXVS03.corp.twcable.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.194.18]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19046.000
x-tm-as-result: No--45.061600-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Sat, 21 Jul 2012 13:53:16 -0700
Cc: "draft-behringer-lla-only@tools.ietf.org" <draft-behringer-lla-only@tools.ietf.org>
Subject: Re: [GROW] draft-behringer-lla-only and draft-ietf-grow-private-ip-sp-cores
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 12:48:12 -0000
Wes, Thanks for your great input and sorry for the delay. In the meantime we have updated our draft to include many of your (and others') comments. (http://tools.ietf.org/html/draft-behringer-lla-only-01). Most importantly, we made it now an informational draft. We believe it is best to keep the drafts separate. There are important differences between private addresses and link local: One is routed, one is not; one needs to be configured, one not. We added however a xref to draft-ietf-grow-private-ip-sp-cores, because as you rightly comment, they are related. We still think there is value in draft-behringer-lla-only. Bottom line, we want to provide a document presenting the issues and advantages that allows operators to make an educated decision whether link local is the right approach for them. We'll ask for slots in Vancouver at v6ops and opsec to discuss the new version. Eric and Michael > -----Original Message----- > From: George, Wes [mailto:wesley.george@twcable.com] > Sent: 31 March 2012 01:15 > To: grow@ietf.org; v6ops@ietf.org > Cc: draft-behringer-lla-only@tools.ietf.org; Anthony Kirkham > Subject: draft-behringer-lla-only and draft-ietf-grow-private-ip-sp-cores > > Cross-posting to both lists again because I was unable to attend the v6ops > session where draft-behringer was discussed, draft-ietf-grow-private-ip-sp- > cores is likely nearing WGLC, and I believe that the issue I raised needs to be > addressed before either proceeds. I defer to the chairs of both groups to > determine how to manage this across the two groups. > > After reviewing both draft-grow-private-ip-sp-cores (Kirkham) and draft- > behringer-lla-only again, I am even more convinced that they either need to > be merged, or that draft-behringer needs to be abandoned altogether as a > bad idea. Draft-grow-private-ip-sp-cores is quite a lot more complete in its > discussion of the considerations around private IP usage, but focuses on > IPv4, meaning that it *is* incomplete for lack of discussion of IPv6, which is > a reality in most SP cores today. Nearly all of the same considerations apply > for IPv4 and IPv6 in this case, so there are probably a limited number of > changes that would be necessary to cover IPv6 in the Kirkham document. > I think that we need to come to some consensus on the recommended > behavior on both cases. If the recommendation is different for one versus > the other, we need to have a unified and clear articulation as to why this is > the case. It may be that the consensus is to not recommend a behavior at all, > and simply expand the format of Kirkham's document to cover any IPv6- > specific items, since it discusses pros and cons evenly (as an informational > doc) rather than recommending anything as a BCP. My vote is to do this, as I > am unconvinced that use of LLA represents BCP today, nor should it. I > outline some reasons below, but that's probably not as critical if others > agree that this is the proper method to proceed with these documents. > > > > If draft-behringer is left as a separate document, here are some specific > comments: > The advantages proposed in draft-behringer are IMO not enough to justify > recommending use of LLA. > - Smaller routing tables can be achieved through other methods such as > setting the interfaces into passive mode in the IGP (so that they are not > redistributed into the IGP) and/or not redistributing connected routes. > Further, as SPs make great use of interface bundling (LAG), the number of > interfaces with IP addresses is dramatically reduced, making the need to > pull the point to point interfaces out of the routing table significantly lower. > - Reduced attack surface - draft-ietf-grow-private-ip-sp-cores sections 10 > and 11 discuss this in great detail, and come to the conclusion that it is of > limited benefit, and that alternatives exist to protect the infrastructure. > - lower configuration complexity - while this is true, it is replaced by > additional complexity in troubleshooting. In the case of traces and pings > locally on the box, it adds the additional step of requiring the operator to > use extended ping and trace commands to specify the exit interface in order > to make the ping work (vs simply issuing "ping [ip address]"), and makes it > nearly impossible to derive the address of the remote interface without > determining the remote side router through some other means and logging > into the router to look. (vs practice today of using an IP in the same subnet, > usually 1 digit up or down that can be guessed to save time). > - less address space: The other draft mentions this as well, in the context of > IPv4 where it might make a difference, but this simply is not much of a > concern with IPv6. An entire network could be numbered many times over > out of one /64. > -simpler DNS : Most ISPs operating at the scale where this makes any > difference at all have tools to build the DNS forward and reverse entries for > their infrastructure automatically based on the router name and interface > name extracted from their inventory tools. It's a few bits of scripting, so it's > not like having less interfaces in DNS results in any net reduction in work or > increase in the possibility of mistakes. > > - Draft-ietf-grow-private-ip-sp-cores rightly notes that the proposed > solution to broken pings/traces/PMTUD from draft-behringer (RFC 5837) has > little or no implementation. This makes it a hard sell as any sort of > recommended solution unless the benefits are much more significant than > what is currently discussed in draft-behringer. This has to be a large enough > benefit to justify pushing hard on router vendors to implement the feature > and SPs to certify and deploy the code, and frankly there are many more > important features to consider. > > Thanks, > > Wes George > > > > -----Original Message----- > > From: grow-bounces@ietf.org [mailto:grow-bounces@ietf.org] On Behalf > > Of internet-drafts@ietf.org > > Sent: Wednesday, March 28, 2012 7:21 AM > > To: i-d-announce@ietf.org > > Cc: grow@ietf.org > > Subject: [GROW] I-D Action: draft-ietf-grow-private-ip-sp-cores-00.txt > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. This draft is a work item of the Global Routing > > Operations Working Group of the IETF. > > > > Title : Issues with Private IP Addressing in the Internet > > Author(s) : Anthony Kirkham > > Filename : draft-ietf-grow-private-ip-sp-cores-00.txt > > Pages : 15 > > Date : 2012-03-28 > > > > The purpose of this document is to provide a discussion of the > > potential problems of using private, RFC1918, or non-globally- > > routable addressing within the core of an SP network. The discussion > > focuses on link addresses and to a small extent loopback addresses. > > While many of the issues are well recognised within the ISP > > community, there appears to be no document that collectively > > describes the issues. > > > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-ietf-grow-private-ip-sp-core > > s-00.txt > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > This Internet-Draft can be retrieved at: > > ftp://ftp.ietf.org/internet-drafts/draft-ietf-grow-private-ip-sp-cores > > -00.txt > > > > _______________________________________________ > > GROW mailing list > > GROW@ietf.org > > https://www.ietf.org/mailman/listinfo/grow > > This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely for > the use of the individual or entity to which it is addressed. If you are not the > intended recipient of this E-mail, you are hereby notified that any > dissemination, distribution, copying, or action taken in relation to the > contents of and attachments to this E-mail is strictly prohibited and may be > unlawful. If you have received this E-mail in error, please notify the sender > immediately and permanently delete the original and any copy of this E- > mail and any printout.
- [GROW] I-D Action: draft-ietf-grow-private-ip-sp-… internet-drafts
- [GROW] draft-behringer-lla-only and draft-ietf-gr… George, Wes
- Re: [GROW] draft-behringer-lla-only anddraft-ietf… t.petch
- Re: [GROW] draft-behringer-lla-only anddraft-ietf… Anthony Kirkham
- [GROW] test t.petch
- Re: [GROW] draft-behringer-lla-only and draft-iet… Michael Behringer (mbehring)
- Re: [GROW] draft-behringer-lla-only and draft-iet… Warren Kumari