IETF Logo Mail Archive

Re: A common problem with SLAAC in "renumbering" scenarios

Lee Howard <lee@asgard.org> Tue, 12 February 2019 21:55 UTC

Return-Path: <lee@asgard.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09AF612F1A6 for <ipv6@ietfa.amsl.com>; Tue, 12 Feb 2019 13:55:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0l0yHQ7uss7 for <ipv6@ietfa.amsl.com>; Tue, 12 Feb 2019 13:55:15 -0800 (PST)
Received: from atl4mhob12.registeredsite.com (atl4mhob12.registeredsite.com [209.17.115.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0738D130DC2 for <ipv6@ietf.org>; Tue, 12 Feb 2019 13:55:14 -0800 (PST)
Received: from mailpod.hostingplatform.com (atl4qobmail01pod6.registeredsite.com [10.30.71.209]) by atl4mhob12.registeredsite.com (8.14.4/8.14.4) with ESMTP id x1CLtAUH010116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <ipv6@ietf.org>; Tue, 12 Feb 2019 16:55:11 -0500
Received: (qmail 28760 invoked by uid 0); 12 Feb 2019 21:55:10 -0000
X-TCPREMOTEIP: 174.64.33.182
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?192.168.2.103?) (lee@asgard.org@174.64.33.182) by 0 with ESMTPA; 12 Feb 2019 21:55:10 -0000
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
To: ipv6@ietf.org
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <alpine.DEB.2.20.1901311236320.5601@uplift.swm.pp.se> <m1gpCcz-0000FlC@stereo.hq.phicoh.net> <ddd28787-8905-bafd-3546-2ceef436c8b0@si6networks.com> <m1gptWx-0000G3C@stereo.hq.phicoh.net> <69609C58-7205-4519-B17A-4FBC8AE2EA16@employees.org> <d40b41c3-ff1b-cab4-a8de-16692a78e8fd@go6.si> <D1E45CAD-08D0-43D4-90F7-C4DD44CB32C0@employees.org> <alpine.DEB.2.20.1902041330531.23912@uplift.swm.pp.se> <46B8DB92-DC81-4242-9780-0D00FB6BDB7A@employees.org> <1c7ebabb-d6f6-d877-d4aa-d6c0fc7d5c60@go6.si> <6278.1549471453@dooku.sandelman.ca> <CAO42Z2xdKtLJV11KXELBKca6CWn=B6Avz6bO_94kFFXaKiZ-pQ@mail.gmail.com> <4602.1549908472@localhost> <CAO42Z2w1swQNuwnrOyTCEMXt0NSyrBx7Ww3kUN-7dfEV=fvk3A@mail.gmail.com> <c16e0e1f-1ed2-ad88-80f1-070bdd8bccca@go6.si> <1F2C2AEE-1C7D-481C-BBA7-7E507312C53A@employees.org>
From: Lee Howard <lee@asgard.org>
Message-ID: <e56a6e5b-648d-200e-c35d-97f15a31fb2a@asgard.org>
Date: Tue, 12 Feb 2019 16:55:09 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <1F2C2AEE-1C7D-481C-BBA7-7E507312C53A@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-kM4i0CHeY87VkPNKv_f_V-rJ0A>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 21:55:17 -0000

Seems like I may still disagree about the architecture of the Internet. . .

On 2/12/19 9:53 AM, Ole Troan wrote:
> Jan,
>
>> On 12 Feb 2019, at 04:36, Jan Zorz - Go6 <jan@go6.si> wrote:
>>
>> Surprisingly, this is not causing major problems. Similar to IPv4, where changing the public IPv4 address on the CPE that is doing NAT to the internal LAN doesn't have considerable effect on the hosts inside (well, some sessions could drop on change, but that's the price you pay with NAT). In IPv6, if source and destination address is the same - if network in between changes and re-establishes quick enough - that should work (and it works in deployments out there ;) )
> “Not considerable effect”?
> It breaks all existing connections.

This is packet switching, not circuit switching. Be resilient.

> It requires updating DNS for services.
Yes. We have dynamic DNS for that.
> It might require updating static NAT entries and filtering rules.

Static what entries? ;-)

Filtering rules... you mean firewall rules? Yes, there should be a 
mechanism to update firewall rules when addresses change. PCP can do it. 
Or if we're in a Homenet context, the god box can glean it's PD and make 
that a variable in the firewall, or filter prefix first, and then 
evaluate host rules.

> ...
>
> If we accept that IPv6 will work no better than IPv4 behind a NAT. I challenge you to give me one good reason to do IPv6 at all.

IPv4 address prices continue to climb, and entry into the IPv4 Internet 
is cost prohibitive (anti-competitive) in many places. Even if you 
concede the need for translation to the legacy Internet, with IPv6 only 
the legacy fraction of traffic needs translation.

With many layers of NAT4444... the odds of something changing midway in 
the topology climb pretty high, so the problems you cite are worse in 
IPv4 than in IPv6.

Lee


>
> Ole
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email