IETF Logo Mail Archive

Re: Non routable IPv6 registry proposal

Fernando Gont <fgont@si6networks.com> Wed, 20 January 2021 23:28 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 700103A15D3 for <ietf@ietfa.amsl.com>; Wed, 20 Jan 2021 15:28:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7sIb7eeKA3zn for <ietf@ietfa.amsl.com>; Wed, 20 Jan 2021 15:28:10 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 955643A15C8 for <ietf@ietf.org>; Wed, 20 Jan 2021 15:28:07 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:d955:1f06:4019:5ef2] (unknown [IPv6:2800:810:464:2b9:d955:1f06:4019:5ef2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id D0D7B284F67; Wed, 20 Jan 2021 23:28:03 +0000 (UTC)
Subject: Re: Non routable IPv6 registry proposal
To: Phillip Hallam-Baker <phill@hallambaker.com>, IETF Discussion Mailing List <ietf@ietf.org>
References: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <9451a740-fc04-64bb-2dd5-3bc79f601d30@si6networks.com>
Date: Wed, 20 Jan 2021 20:25:52 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/QaYDJFzP21iIOaxtucLaM4Kbps0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2021 23:28:15 -0000

Philip,

On 20/1/21 17:06, Phillip Hallam-Baker wrote:
[...]
> 
> The background to this proposal is as follows:
> 
> 0) Nowhere does the 'end to end' principle demand that the source and 
> destination addresses on an IP packet remain constant.

The end-to-end principle are guideliness, rather than specific mandates.

IPv6 is (was?) supposed o be end-to-end, and address translation (which 
you seem to be implying) goes against simplicity and robustness.



> 1) NAT is here to stay. IPv6 does not eliminate the need for NAT except 
> for enterprises which 'own' their IPv6 address blocks.

I won't challenge this.



> I have IPv6 service from Verizon but I obviously can't use it on my 
> internal network because my IPv6 address changes every few months. This 
> is certain to be the case for virtually every residential Internet drop 
> and the vast majority of business customers.

Depends on what you're implying. You could certainly use them, and the 
network would eventually gracefully renumber..  -- whether this would be 
practical, is a different question.



> 2) NAT multiplexing will become an increasing problem
> 
> Current NAT conflates two functions. The function of translating IP 
> addresses at the network boundary will continue to be motivated by 
> operational and security concerns that are not going to go away.
> 
> The function of multiplexing multiple hosts onto a single IPv4 Internet 
> address is never going to go away but only for the limited number of 
> Internet hosts that require that access. 

These two are essentially variants of the same thing.


> I have a very large number of 
> IP connected devices in the house but I really don't want the coffee pot 
> talking to the open Internet.

You do not need a NAT for that: you can deploy a firewall.



> As people end up with thousands of devices inside their home, port 
> exhaustion at the NAT box and the ridiculous complexity of it all is 
> going to become a major headache. Sharing one IP address between 100 
> hosts works, its not ideal but it works right up to the point where you 
> decide that you need fault tolerance and you are going to need two NAT 
> boxes and the mapping data has to be synchronized.

You don't need this for IPv6. i.e., even if you translated (NPT) , you 
don't need to multiplex all hosts into the same address -- this is/was 
done in IPv4 because IPv4 addresses are scarce. BUt that's not the case 
with IPv6.



> Solution
> 
> The solution is to provide a non-routable space where address block 
> collisions are unlikely. 

Welcome to ULAs: RFC4193



> The only ways to avoid collisions are either to (1) randomly assign 
> spaces in a sufficiently large space or (2) have a registrar whose 
> function is to guarantee uniqueness.

FWIW, ULAs do (1).


[...]
> 
> This is probably sufficient. But a registry model would make for more 
> efficient allocation of the space and allow the allocation to be bound 
> to a public key whose private part is held by the registrant.

That comes at the price of running the registry. And I'm curios: if 
you're going to pay, why not get a routable prefix, and simply not 
announce it via BGP?



[...]
> So this allows traffic patterns where as far as Alice's mobile and Bob's 
> desktop are concerned, a communication is established on the 2002://16 
> net and is constant the entire time. But behind the scenes, those 
> addresses are being mapped to/from Internet routable addresses at the 
> network boundary and those mappings are changed dynamically as Alice 
> moves about from her home IP network, to her wireless provider, to her 
> company provider. If she is at home and a tree takes out her Fios (like 
> happened to me), her mobile provider simply kicks in without a pause.

You don't need a registry for this. You can achive the same thing with 
ULS  + NPT.


Or even worse, we should fix IPv6's support for multi-prefix/multi-link 
networks, which is known to be broken.



> [Yes, I know there are similar ideas. But having an assigned private 
> address space that is globally unique but not used for Internet routing 
> helps simplify those as well]

Regarding globally-uniqueness, you may want to check the ULA spec 
(RFC4193) and this: 
https://tools.ietf.org/html/draft-gont-6man-ipv6-ula-scop

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.29.0 | Report a Bug | By Email | System Status