IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

Fernando Gont <fgont@si6networks.com> Fri, 24 January 2020 11:57 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9434120044 for <ipv6@ietfa.amsl.com>; Fri, 24 Jan 2020 03:57:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2dop5KhiazR for <ipv6@ietfa.amsl.com>; Fri, 24 Jan 2020 03:57:12 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C680120024 for <ipv6@ietf.org>; Fri, 24 Jan 2020 03:57:12 -0800 (PST)
Received: from [192.168.100.103] (unknown [186.183.3.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 50AA686325; Fri, 24 Jan 2020 12:55:53 +0100 (CET)
Subject: Re: RFC4941bis: consequences of many addresses for the network
To: otroan@employees.org, Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>
Cc: 6man WG <ipv6@ietf.org>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <e936078e-01f9-0254-a8d0-4095455154ac@si6networks.com> <D85412DF-4B03-4790-9E39-968D50ECF86B@employees.org> <m1iuwJV-0000MAC@stereo.hq.phicoh.net> <B341FF1B-C559-4D54-B117-A58EB6A3C955@employees.org>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <dfe3a236-4e61-d2be-929c-869a81994879@si6networks.com>
Date: Fri, 24 Jan 2020 08:47:50 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <B341FF1B-C559-4D54-B117-A58EB6A3C955@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/1a_QfAA7d8c1dFUojDvNdIuR9ag>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 11:57:15 -0000

On 24/1/20 07:52, otroan@employees.org wrote:
> Hi Philip,
> 
>> The question of an address per transport connection is why would you do that?
>> In many IPv4 installations, the NAT box has state per flow. So having an IPv6
>> address per transport connection doesn't seem beyond what we can do.
> 
> On reason might be because the application uses the temporary address in a way that taints it.
> E.g. the address is used in a connection where the user is identified through authentication.
> That address is now tained from thew perspective of privacy, and should not be used for other connections.
> 
> Given that we are downgrading 4941 to proposed standard, it might also be worth evaluating the state of 4941 implementations.
> Are applications clever enough to not reuse tainted addresses?
> Are they incorrectly exposed by e.g. MP-TCP or ICE implementations?
> Anyone with data on this?

As noted elsewhere, there's a difference between the generation of 
temporary addresses, and their use.

Hostas and applications are quite dumb baout the use of addresses -- not 
just temporary addresses -- since we haven't done much on the topic. 
That's why we had published this: 
https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations

I'm not aware of any API to trigger the generation of a new address, or 
deprecate an existing one. Or even to make more appropriate use of 
addresses based on their properties.

But, again, this is not an issue of temporary addresses, specifically. 
And thus would seem out of scope for this document.



> 
>> The question is what the benefits are. I don't see a lot of privacy benefits
>> for lots of addresses.
>>
>> Note that a single network port may still end up with losts of addresses:
>> - users may use bridges to extend the network and connect more than one host
>>   to a single port
>> - users may run virtual machines (or containers) in bridged mode and end up
>>   with multiple virtual hosts by behind a single port
>> - having an IPv6 address per process on a host may have benefits in particular
>>   if many processes would like to use the same port for some reason
>>
>> Typically, even very small network switches support many thousand MAC
>> addresses. I think that network devices should support similar numbers of
>> IPv6 addresses per /64.
> 
> Sure, but when a host incurs a cost in the network, and the network has to have some policy in place to protect itself, there is going to be a limit.

If you want to enforce policy, that's what dhcpv6 is for.

If you use a /64 for the subnet (tons of addresses available), employ 
SLAAC for address configuration ("this is the local prefix... do what 
you please"), and even refrain from having SLAAC convey network policy 
(e.g. as in our circa 2011 to set a bit in PIOs regarding whether 
temporary addresses are desirable), I don't think you can complain about 
having nodes "using more addresses than you'd wish".



> I think we need some text in 4941 discussing this, and also give a recommendation for host behaviour. And perhaps also for network configuration.

I don't think we can give a recommendation other than something along 
the lines of "beware of regenerating temporary addresses too quickly, 
because this might affect the network".

RFC4941 is a deployed reality, and I don't think rfc4941is is changing 
anything significantly in terms of the number of addresses.

Rather I take this discussion as an indication that in a number of 
scenarios the network may want to convey policy (no surprises here), 
which leads e to believe that:

1) we should make dhcpv6 mandatory for once and for all, such that 
networks that want to enforce policy, they can

2) we might want to do something along the lines of 
draft-gont-6man-managing-slaac-policy, such that a network that wouldn't 
like privacy addresses, can convey that information to hosts.


However, when it comes to rfc4941bis, I don't think there's much more to 
do than simply including a small paragraph noting that an implementation 
should be aware about regenerating addresses too quickly,

The topic of "many addresses in a network" is way broader than temporary 
addresses, and includes e.g. "throw-away addresses" (one address per 
app), which have nothing to do with temporary addresses.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email