Re: Last Call: <draft-ietf-v6ops-host-addr-availability-05.txt> (Host address availability recommendations) to Best Current Practice
"Templin, Fred L" <Fred.L.Templin@boeing.com> Thu, 25 February 2016 00:46 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50AB51A1A72; Wed, 24 Feb 2016 16:46:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCLS38wmcMb2; Wed, 24 Feb 2016 16:46:44 -0800 (PST)
Received: from phx-mbsout-01.mbs.boeing.net (phx-mbsout-01.mbs.boeing.net [130.76.184.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECCCB1A0143; Wed, 24 Feb 2016 16:46:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u1P0khh3056651; Wed, 24 Feb 2016 17:46:43 -0700
Received: from XCH-BLV-402.nw.nos.boeing.com (xch-blv-402.nw.nos.boeing.com [130.247.25.31]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u1P0kZeN056617 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Wed, 24 Feb 2016 17:46:36 -0700
Received: from XCH-BLV-105.nw.nos.boeing.com ([169.254.5.221]) by XCH-BLV-402.nw.nos.boeing.com ([169.254.2.79]) with mapi id 14.03.0235.001; Wed, 24 Feb 2016 16:46:34 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Lorenzo Colitti <lorenzo@google.com>
Subject: Re: Last Call: <draft-ietf-v6ops-host-addr-availability-05.txt> (Host address availability recommendations) to Best Current Practice
Thread-Topic: Last Call: <draft-ietf-v6ops-host-addr-availability-05.txt> (Host address availability recommendations) to Best Current Practice
Thread-Index: AdFvZC/N+ySF3GaKS7OjPiJBaMC6jg==
Date: Thu, 25 Feb 2016 00:46:34 +0000
Message-ID: <2134F8430051B64F815C691A62D98318339719CE@XCH-BLV-105.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: multipart/alternative; boundary="_000_2134F8430051B64F815C691A62D98318339719CEXCHBLV105nwnosb_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Kcz5Fgq5DpOFylmPEBgJiRBfY6s>
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 00:46:48 -0000
See below for comments and rejoinders on this document from an earlier discussion thread on the v6ops list. Please use this thread for any follow-up discussion. Thanks – Fred fred.l.templin@boeing.com From: Lorenzo Colitti [mailto:lorenzo@google.com] Sent: Wednesday, February 24, 2016 12:07 AM To: Templin, Fred L Cc: v6ops@ietf.org WG Subject: Re: [v6ops] Comments on draft-ietf-v6ops-host-addr-availability-05 On Tue, Feb 23, 2016 at 7:31 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote: First, the document throughout uses expressions of the form "networks provide hosts with multiple global addresses" but IMHO that implies a sort of "push" operation where the network pushes addresses onto the host which is not the way things work in practice. I think a more appropriate expression form would be "networks provide hosts with a means to obtain multiple global addresses". We've already gone through the draft to change the terminology once (from "assign addresses" to the current "provide addresses"). I'm not sure that changing it again from "provide addresses" to "provide a means to obtain addresses" provides much value. FLT>>> Certainly “provide” is much better than “assign”, but it is up to the host to FLT>>> obtain (and defend) its own addresses whether it be through SLAAC, FLT>>> DHCPv6, manual config, or whatever. So, the network provides the FLT>>> means to obtain addresses while the host must act on its own behalf FLT>>> to obtain addresses (acquire might even be a better word than obtain). To me, "provide" does not a imply push operation. The network can also provide addresses / prefixes on request (e.g., if the host sends an RS or a DHCPv6 solicit.) FLT>>> I think we see this in different ways, but I understand the desire to not FLT>>> overhaul the document. As a compromise, I think this could easily be FLT>>> addressed by simply changing the abstract to read: FLT>>> FLT>>> “This document recommends that networks provide general-purpose end FLT>>> hosts with a means to acquire multiple global IPv6 addresses when they FLT>>> attach, and describes the benefits of and the options for doing so.” FLT>>> FLT>>> Then, make no other changes in the document, and readers will still FLT>>> understand what you are talking about. Second, the document seems to imply in several places that SLAAC can be used as a sort of implicit prefix delegation service; presumably in the same spirit as RFC7278. If that is the intention, then it also needs to say that the host needs to have some way of knowing outside of the scope of the node requirement standards that the prefix is being delegated for the host's exclusive use. For example, an unmodified host that obeys RFC4861 on a WiFi link would have no way of knowing that a prefix advertised in a PIO with (A=1; L=0) is in fact being delegated for its own exclusive use. The document therefore needs to note this rather than imply that an unmodified host can use SLAAC for prefix delegation. It is not the intention of the draft to imply this. In fact, it explicitly says the opposite: "If the host is aware that the prefix is dedicated (e.g., if it was provided via DHCPv6 PD and not SLAAC)..." Knowing that a prefix in the RA is dedicated or not would require protocol changes. We could consider those in the future, but not in v6ops, because protocol changes are not something that is in the remit of this WG. FLT>>> I would prefer to see the Section 9.3 sentence you cited appear earlier FLT>>> in the document, but I don’t see the point in arguing over it. OK to leave FLT>>> it as it is. The following addresses some of your inline points. I think the others are either minor editorial issues with no substantive implications or are already covered by the two main points above. 8) Section 6, under the heading "Using Stateless Address Autoconfiguration [RFC4862]." This section does not make a statement as to whether the "dedicated /64 prefix" is to be used only for SLAAC on the interface over which the prefix is advertised, or whether the prefix can be extended to a LAN link as in RFC7278. I don't think the draft needs to say this. RFC4862 does not contain anything about extending the prefix to other hosts. While the draft does cite RFC7278 elsewhere, RFC7278 is specific to only one type of link layer (3GPP links). So I think the text is unambiguous: if you're on a 3GPP network, you can use RFC7278, and if not, any ability to extend the prefix is unspecified. There's ND proxying, but it's experimental. Also see my prior point about protocol changes. FLT>>> OK. 9) Sectin 6, under the heading "Using Stateful DHCPv6 address assignment [RFC3315]" final sentence in the paragraph says "The number of IPv6 addresses that can be provided in a single DHCPv6 packet is approximately 30." but it does not say where the "30" came from. Is it because of packet size limitations? Some protocol constant? Something else? Suggest adding a trailing phrase giving some rationale for the "30". In section 8 the draft already says "the approximately 30 addresses that can fit into a single packet". I've modified the text you pointed to with "The maximum number of IPv6 addresses that can be provided in a single DHCPv6 packet, given a typical MTU of 1500 bytes or smaller, is approximately 30.". FLT>>> Good. 10) Table 1, "Extend network" is listed as "Yes" for SLAAC, which would seem to imply that SLAAC is intended to extend the prefix to a LAN link as in RFC7278. But, that can only be possible when the host has some way of knowing that the prefix has been "delegated" which is outside the scope of RFC4861. Can be addressed by adding a "**" next to the Yes with the footnote: I've changed that to No+, with "[+] Except on certain networks, e.g., [RFC7278]." There is currently no specified way for a host to do this except ND proxying, which is experimental. FLT>>> OK. 11) Table 1, ""Unlimited" endpoints is listed as "No" for DHCPv6 PD. Shouldn't it be a "Yes"? No. The network cannot provide prefix delegations to an unlimited number of endpoints. It can only provide prefix delegations to as many endpoints as it has available /64s. This is different from both SLAAC and IA_NA, where, absent scaling limitations, an "unlimited" number of endpoints can fit in one /64. I've changed the row name from "Unlimited" endpoints to Number "unlimited" endpoints. FLT>>> I would be OK with this, but in the footnote you say that SLAAC and IA_NA are FLT>>> “Subject to network limitations”, and “unlimited but limited” is an oxymoron. FLT>>> By that same token you could say that DHCPv6 PD is “unlimited but limited FLT>>> by the number of available /64s”. In some networks (e.g., ones that have FLT>>> procured a /32 or shorter) that could result in more endpoint numberings FLT>>> than SLAAC or IA_NA. FLT>>> FLT>>> My suggestion is to use the “Number “unlimited” endpoints” reword you FLT>>> have suggested, but also place a “**” next to the “No**” for DHCPv6 PD FLT>>> and add the following sentence after the table: FLT>>> FLT>>>”[**] Subject to the available prefix space. “ 13) Section 8, "The prefix MAY be provided using DHCPv6 PD, SLAAC with per-device VLANs, or any other means." Two issue with this - first, the text earlier also included "wireless network where every MAC address is placed in its own broadcast domain" which should also be reiterated here. I don't see a reason to reiterate one of the means to do so, given that this sentence already says "or any other means". FLT>>> OK. 14) Section 9.1, rename section as simply "Host Tracking", since the section covers both stateful and SLAAC. Fair enough. FLT>>> OK. 15) Section 9.1, paragraph beginning "Many large enterprise networks, including the enterprise networks of the authors' employers" seems to be advocating for a specific approach while the rest of the document is appropriately neutral. IMHO, this paragraph could be removed. The intent of that text is provide an existence proof of networks that do not use DHCPv6 but still maintain a notion of which MAC addresses associated with which IPv6 addresses. I've lost count of the number of times people have told me that this is not possible and that stateful DHCPv6 address assignment is the only possible way to meet legal requirements. I've tried to soften this by putting the authors' networks at the end. FLT>>> OK to the above change and leave the paragraph in place, but also please FLT>>> do me the favor of changing the first sentence of the second paragraph to: FLT>>> FLT>>> “DHCPv6 address assignment is typically associated with this requirement, FLT>>> but it is worth noting that it can also be addressed through other means.” 16) The document could benefit from adding a section on mobility. I think that mobility is a completely orthogonal problem to how many addresses are provided to hosts, and that it's out of scope here. FLT>>> Then, add a 1-2 sentence Section 9.4 that says so, e.g.: FLT>>> FLT>>> “9.4. Mobility Considerations FLT>>> FLT>>> Mobile hosts are becoming more and more prevalent in modern networks, FLT>>> and host mobility may have interactions with IPv6 address provisioning. FLT>>> Mobility implications are out of scope for this document.” FLT>>> One final question– do we need a short section on manual address configuration FLT>>> in addition to SLAAC and DHCPv6? Cheers, Lorenzo
- Re: Last Call: <draft-ietf-v6ops-host-addr-availa… Templin, Fred L