Re: [IPv6] RFC 6724 shouldn't prefer partial reachability over reachability

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 26 November 2023 19:39 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 050F2C14CF1E for <ipv6@ietfa.amsl.com>; Sun, 26 Nov 2023 11:39:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.196
X-Spam-Level:
X-Spam-Status: No, score=-2.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kLgboSd-mZEX for <ipv6@ietfa.amsl.com>; Sun, 26 Nov 2023 11:39:29 -0800 (PST)
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77BE4C14CEE3 for <ipv6@ietf.org>; Sun, 26 Nov 2023 11:39:29 -0800 (PST)
Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1cc9b626a96so24135155ad.2 for <ipv6@ietf.org>; Sun, 26 Nov 2023 11:39:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701027568; x=1701632368; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=yMNJGCTFna8XCJCWZYxrib2O4mWbagYjRfH88BqQ6Fk=; b=KQL0YuW8RPQ1wirf+pI1i/HMHgHLTirn7KFEZCaMIz5GYjUCtNAPGXm9gI7y4RT1Vn pWZUf7pk56IN8TtBAFHq7Q1dYm+alnLDvCnXbh5vQCO4K9Bc/rx9eePlNz3kDxs80q+B X5ftAydZgVpIMf8SW2V2888LhSa7j0R0Y6gKSPC223yJFp+a8159uRoAYtM0w5h5kE4K ZbgpSLIhAbdokzjdHJ+i5da6gJOznkuzcDMeifMBVCg+swxrdP6yGo0jUfCa4i/BKoDK episTUOFAJhdzaW0R6pcX4Jju9Dav+ROqwidQ4GNLxcIveatMxezTh2D+ogqrYaSfUzu dHPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701027568; x=1701632368; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yMNJGCTFna8XCJCWZYxrib2O4mWbagYjRfH88BqQ6Fk=; b=K6xpsEFQECzxAM5R19NjRKluYp1EOsK4tYBIfsY9rLAUdafY+BBZGvYxqKB4RYrHpe ZsmwiIK/xwuJomHONjqPDjO9pPPjuFipyqeOl1n67JXUbMKad/OSQcQWsViBqW8YWOKA H71wKWCKw/CLOl8Yftq2tHlbvs6fwG2NAPJb93tArAkupJQQK6I3nTmmUeEy34wxEs+q n6qVQ+H5v50kvJb8006FFzgn6aCS3okV4nRcLzkK5kb+0o+jtbV3wDlDeXtmT7omA6No waSsePQ5vbk70bmwEDji3zWUvTYZH/fQYFhhSArmAz7Q5RuMzKrpeAkridCnFno6F0WL fDTA==
X-Gm-Message-State: AOJu0YzfN+SQ7L2l7QgUgknK+DNedAjJG5Ei1DO3a+H4gph55hGz+BDq EnjucfdVBGKN2Pf2PcpsmPTnKwR8fEDTFQ==
X-Google-Smtp-Source: AGHT+IEOZzeupH1fZE2wrdxyAPclyLLYFQ85XsuV/acJ/MSPYLx2ryvwh3zTcB31G/3a+O3VxWaoTg==
X-Received: by 2002:a17:903:4282:b0:1c5:befa:d81d with SMTP id ju2-20020a170903428200b001c5befad81dmr7678311plb.10.1701027568389; Sun, 26 Nov 2023 11:39:28 -0800 (PST)
Received: from ?IPV6:2404:4400:541d:a600:44b7:2c2e:2bc6:8707? ([2404:4400:541d:a600:44b7:2c2e:2bc6:8707]) by smtp.gmail.com with ESMTPSA id t10-20020a170902e84a00b001cfcf33a880sm297190plg.281.2023.11.26.11.39.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 26 Nov 2023 11:39:28 -0800 (PST)
Message-ID: <2633377f-8ee4-d65f-0d2e-5e5d5290381e@gmail.com>
Date: Mon, 27 Nov 2023 08:39:25 +1300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Kyle Rose <krose@krose.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: 6man WG <ipv6@ietf.org>
References: <CAJU8_nV2QoGjZoegcUSXELqgeqW6OheTt32qq6YQ5XV0g5MPQw@mail.gmail.com> <10D22CA5-CD7A-471A-B4A9-21B77D16F5F7@employees.org> <CAJU8_nVQFvp_5ZnkByCvBeA7wFz9J5FVAeud2CD1Xd4UkyL_3Q@mail.gmail.com> <4202668E-EEBE-4FA6-9801-F2A9FC92CBD8@tiesel.net> <CAO42Z2y9g3ebZ2VuXDFSK71p3X2VMVQu2=h+sXSVhcfvvxn-Qg@mail.gmail.com> <CACMsEX8q7dmRAVXuOZFVS+z_hrks=n0ChBHR4Bz9gB9ryF0ZAA@mail.gmail.com> <CAO42Z2yFiKs09K-O+SxDytLst_Uu4MAae65PTgz3URLnc5MnQw@mail.gmail.com> <CAE=N4xcFU+87wXy8NkHuO7rZ-T7Z7VmTkfcYFJH3PAJ+8+NPww@mail.gmail.com> <CAJU8_nWEAwzEw-2RpYxyf-i8x_0t8AS5O4GQ8=uB0GGYDFB5jA@mail.gmail.com> <a24c332c-e949-32cc-f660-a4434aab4eef@gmail.com> <CAJU8_nUmuxZc8USDTZPJ-nQ05K3joYcXgVsExZBo6GDioWW4mg@mail.gmail.com> <458732.1701012011@dyas> <CAJU8_nUO_TiSJ62vEmpHtRV5khkF0r4EfvxhzizFxJKjUzkhcQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAJU8_nUO_TiSJ62vEmpHtRV5khkF0r4EfvxhzizFxJKjUzkhcQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/07CCPvI9jxUuWkh-ZEtXgUs4ZnA>
Subject: Re: [IPv6] RFC 6724 shouldn't prefer partial reachability over reachability
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Nov 2023 19:39:34 -0000

On 27-Nov-23 04:59, Kyle Rose wrote:
> On Sun, Nov 26, 2023 at 10:20 AM Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>> wrote:
> 
>     But, you as an operator, would be deleting those announcements based upon
>     your well configured BCP38.  So, it's really is entirely under your control,
>     which I agree with you: is a better.
> 
> 
> I am not referring to leaking routes, but to leaking rendezvous information, i.e., DNS. In a world in which operators run recursive resolvers that clients can be assumed to use when on your network, you maybe can configure yours to drop all external address records referring to ULA or 1918 space, but we're now in a world in which privacy (via DoH/DoQ) and end-to-end integrity (via DNSSEC) have been prioritized over operability, so you have to assume you won't have full control over what DNS entries a client sees. 

All the more reason for doing everything we can to avoid trying a ULA destination address that is definitely unreachable. That at least is theoretically possible by requiring a /48 match with a locally used ULA prefix. But I think that is logically disjoint from RFC6724.

> This has implications for the set of trade-offs involved in misconfigurations, especially when the naive user blames you for something not working even when it's mostly not under your control. With border routers sending ICMP unreachable rejections, working Happy Eyeballs would hopefully make failover transparent, but "hopefully" is doing a lot of heavy lifting in that expectation.

Yes. But our chances are no worse with ULAs in DNS than with RFC1918 in DNS, and that's a thing too.

Non-authoritative answer:
Name:    campus.eckerd.edu
Addresses:  fde1:53ba:e9a0:de11:cd63:b055:9846:cb20
           198.187.214.99
           10.1.96.92
           198.187.214.100
           10.1.99.45
           172.17.4.74

   Brian

> 
> Anyway, I consider this an acceptable set of trade-offs, but there is a discussion to be had about the implications that would benefit from the experience of big-time operators who have run into a much broader set of issues than I have.
> 
> Kyle
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------