Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-00.txt
Nick Buraglio <buraglio@forwardingplane.net> Tue, 24 October 2023 12:32 UTC
Return-Path: <buraglio@forwardingplane.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C81FC15153E for <ipv6@ietfa.amsl.com>; Tue, 24 Oct 2023 05:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forwardingplane.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilY2qjcHZ_bF for <ipv6@ietfa.amsl.com>; Tue, 24 Oct 2023 05:32:21 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2515C151548 for <ipv6@ietf.org>; Tue, 24 Oct 2023 05:32:21 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-778a6c440faso231733585a.3 for <ipv6@ietf.org>; Tue, 24 Oct 2023 05:32:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardingplane.net; s=google; t=1698150740; x=1698755540; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=K0rcJPtrv8El8i/IugaOAqTbyU4O8IQKxn4quUjIm4M=; b=OKEMFXc3Bw8xqzsVGbjJtPF/HJsDhce5CYASvUU57h76fTbUYCmzUE0nMU0Uxo2VSF cgHogv3q7dMoFB/qLZYH7Nqc+j7+7GNaEIhp95AFqQyr28TCxced3qnNyReCh/tczXip MQ7aW7axpp2yCcXI+H9lEhMnB1L+wpt6x+fuQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698150740; x=1698755540; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=K0rcJPtrv8El8i/IugaOAqTbyU4O8IQKxn4quUjIm4M=; b=q2I/TJ2x68kfeIXlj2fxjt0o/dmYebHopP1fj+v5S4a2GcXPvect3VnIqDE785JnUB YwFn2BPNTNoRsLZgDTvYWA9bVMkMj73WLYDvQhQdp8Cd3//Ff5OHdbf9Pl+qA25rpjIW 7OA7mF/oR6eYOg203EjjeOvxtBrpTq3Kb1vvwHbWDpEQypz8yS6iqSgbQwtY0hw4RrEz nNEE2vHvOG4nXOvxlP2oNg2p/f4RdtF7PKiF79xjvWbE1yNiGjVK+oDah+wbRQ7qlPfN ISK5RJA7VwO4MtW2fKuGk3LxAxg/i76U4EwmVKAVGTgZC0IAi6g/d6SsUrxDThz7eMj/ vjqQ==
X-Gm-Message-State: AOJu0Yy/C5Qf8ieAK4pHPMtsQgAwnpX69H3ASItvYSi+4az4H233BNz+ frK6IY6pHaL6XKFkpqNRUFni/m61OD6RrrQULoAN36TSF/p/C7TREm85/Q==
X-Google-Smtp-Source: AGHT+IHP+2gxKyvdBdAEtB9hJaeKRBURze5DXVPM3x/oSYaCstae/7jOuZeDkrpg1EQrUJ4ChJRQ31u28D7quh9SqKs=
X-Received: by 2002:ac8:5c02:0:b0:418:1c96:8ae9 with SMTP id i2-20020ac85c02000000b004181c968ae9mr11757873qti.11.1698150740543; Tue, 24 Oct 2023 05:32:20 -0700 (PDT)
MIME-Version: 1.0
References: <e1c50f43dac34ee296be60ef97acf06f@huawei.com> <1A5F2950-22F6-4F48-B528-00368B6898EF@employees.org> <CAJU8_nXsZfTQx8JFobt=p14O78RqrcOicB5V4Z1N3pHojOkzEw@mail.gmail.com> <AE7749C6-F4B4-4DC5-ABBE-39CE53870A17@employees.org> <CAJU8_nV2VMyZ7=NHodkrFKE3Kz4zOEZJBcGKUhqEVPmb2en+Pw@mail.gmail.com> <CAJU8_nWERUVQSnxtnVw9eG0vhfhZTebGho-uO3yA2v_Dq5FL5w@mail.gmail.com> <85dbb14c-a3d7-fd50-6872-16f483b9d172@gmail.com> <CAJU8_nWxY3MSzfpH=5T6co19E6s2hH7Wz6reO4S9dXKxS_MQxQ@mail.gmail.com> <F7D02A81-1894-4DD1-A37D-338ED3EAED1F@employees.org> <1535bf14-ef0d-1ff2-d76a-1d88b762ddd2@gmail.com> <38E4A9DF-44B7-492C-AF7C-A8FF43ADBE26@employees.org> <1efc2830-a8ff-a4a3-e1d8-f55672db5979@gmail.com> <9E039643-96A7-4A7E-B797-363DD106F61A@employees.org> <CAPt1N1k2TNmfJgyrfgjoPADGSDamEfDg9GS0EtzgZ=uhNSQuXg@mail.gmail.com>
In-Reply-To: <CAPt1N1k2TNmfJgyrfgjoPADGSDamEfDg9GS0EtzgZ=uhNSQuXg@mail.gmail.com>
From: Nick Buraglio <buraglio@forwardingplane.net>
Date: Tue, 24 Oct 2023 07:32:09 -0500
Message-ID: <CACMsEX_SJPLqc1Jm4SqFEeokvnHM-Pa8vkQ3VpMN8uhYcSUBPg@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Ole Troan <otroan=40employees.org@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aa66ae06087587ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/2P9zZs2UhDABDAOS8qWfo0T0_AU>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-00.txt
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 12:32:25 -0000
On Tue, Oct 24, 2023 at 5:04 AM Ted Lemon <mellon@fugue.com> wrote: > > I hadn't had a time to read the new document until just now. Thanks for pointing this issue out, Ole—I had thought that the plan was to require the ULA/48<->ULA/48 automation suggested in 6724, not to just modify the table to assume that any ULA <-> any ULA will always work. I agree that this is incorrect. IIRC, we had discussed making this a MUST and it was not a popular option. I don't have the thread here in front of me but if I remember it was on the v6ops list and was not well received. The issue is as Ole pointed out, the wording is "Since ULAs are defined to have a /48 site prefix, an implementation *might* choose to add such a row automatically on a machine with a ULA.”, which as we detailed in https://datatracker.ietf.org/doc/draft-ietf-v6ops-ula/ is an operations non-starter in a non-trivial percentage of implementations. This makes that design option exceedingly hard to implement and support, specifically on kit that needs it (such as cameras, IOT, OT, and other embedded systems). This approach was seen as a best case, short term given that ULA is by design meant to be local. ULA to ULA that is outside of the /48 scope perhaps *should* fail, by the current definition of how use is intended. Then there is, of course, the fact that applications can still do whatever they'd like (for example, older versions of Java disable IPv6 by default and could, in theory, disable or require ULA use). >> Ordered SA, DA pairs (winner at bottom): >> 192.168.10.10 -> 198.51.100.121 >> fd00::1 -> fd00:dead:beef::1 >> Which isn’t necessarily going to work. For outside the ULA zone, wouldn’t it be better to use global? Probably. That feels to me like a caveat in the happy eyeballs section. In the cases that a network is dual stacked and only has ULA, ULA will win but fail, and in some cases HE will force IPv4 use (without the presence of an IPv6 translator). If we add that caveat, which is probably more of an edge case than a typical deployment, would that be sufficient? > > On Tue, Oct 24, 2023 at 11:56 AM Ole Troan <otroan= 40employees.org@dmarc.ietf.org> wrote: >> >> >> >> > On 24 Oct 2023, at 04:09, Brian E Carpenter < brian.e.carpenter@gmail.com> wrote: >> > >> > On 24-Oct-23 10:46, Ole Troan wrote: >> >>>>> On Mon, Oct 23, 2023 at 4:29 PM Brian E Carpenter < brian.e.carpenter@gmail.com> wrote: >> >>>>> On 24-Oct-23 05:32, Kyle Rose wrote: >> >>>>>> Just to clarify one thing in my previous email (and in so doing to further demonstrate how complex address selection is even without Happy Eyeballs): >> >>>>>> >> >>>>>> Given an IPv6 destination address, SAS as currently formulated *irrespective of any changes we make to the default policy table* will return a ULA if that is the only v6 address the client has. As it should! >> >>>>>> >> >>>>>> My *preference* is for the combined DAS/SAS address selection algorithm examining all the (source,dest) pairs for all of a host's A/AAAA records to put the (v4,v4) pair before the (ULA,GUA) pair because I expect the former to work and the latter to fail, for the reasons I mentioned. >> >>>>> >> >>>>> And that's *exactly* why we need a "NPTv6 present" flag that defaults to False. >> >>>>> >> >>>>> With some mechanism for turning it on. As suggested elsewhere, putting it in the router advertisement would be a good spot, because I'm not sure deriving it empirically is the right approach either (since some networks might enable NAT66 as fallback but with severe performance penalties). >> >>>>> >> >>>>> But, to Nick's plea, also not for 6724bis. >> >>>> We have a separate draft on NTPv6-bis. >> >>>> I’m not at all convinced we need a flag for NTPv6. >> >>> >> >>> I'm totally convinced that we do, from trying to write code without it. >> >> Well, this email uses it as transport without the flag… >> > >> > I'm sure we can make anything work; my implementation of the flag works by attempting a connection. The point of the flag is to ensure that ULA->GUA is excluded from the choices unless it actually works. True, HE will exclude it anyway but not all apps use HE. The more of HE's logic that we can move to the kernel, the better. >> > >> > (Hmm. Being honest, I haven't actually tested the ULA->GUA success path, because I don't have NPTv6 installed. But I do have NAT44 installed, and the logic for RFC1918->Global IPv4 is identical.) >> >> Trying to read 6724 + 6724-update and deduce behaviour turned out to be so tricky that I wrote a little 6724/update implementation. >> >> ULA -> GUA works the same for both 6724 and 6724-update: >> >> Sources: >> [fd00::1, fe80::1, ::ffff:c0a8:a0a, ::ffff:a9fe:d4e] >> >> Destinations: >> 2a02:26f0:4300:289::b33 >> 2a02:26f0:4300:28e::b33 >> 104.110.1.61 >> >> Ordered SA, DA pairs (winner at bottom): >> fd00::1 -> 2a02:26f0:4300:28e::b33 >> fd00::1 -> 2a02:26f0:4300:289::b33 >> 192.168.10.10 -> 104.110.1.61 >> >> Both prefers v4 in this case. But HE takes care of that, so that’s fine. >> With or without a flag, you’d like the implementation to try. >> >> With 6724-update, ULA to ULA will be preferred. And in the below example since you are exiting the site, you’d also expect the implementation to probe. >> >> Sources: >> [2001:db8::1, fd00::1, fe80::1, ::ffff:c0a8:a0a, ::ffff:a9fe:d4e] >> Destinations: >> fd00:dead:beef::1 >> 198.51.100.121 >> >> Ordered SA, DA pairs (winner at bottom): >> 192.168.10.10 -> 198.51.100.121 >> fd00::1 -> fd00:dead:beef::1 >> >> Which isn’t necessarily going to work. For outside the ULA zone, wouldn’t it be better to use global? >> >> Which brings me to the main point: >> "Since ULAs are defined to have a /48 site prefix, an implementation >> might choose to add such a row automatically on a machine with a ULA.” >> >> Is from RFC6724. Why wouldn’t have this implemented be enough? >> And push implementations to do this instead of respinning 6724. >> >> O. >> >> >> >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- [IPv6] I-D Action: draft-ietf-6man-rfc6724-update… internet-drafts
- [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc6724-u… Nick Buraglio
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Erik Auerswald
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Jeremy Duncan
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… David Farmer
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Mark Smith
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Nick Buraglio
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Eric Vyncke (evyncke)
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Kyle Rose
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Eric Vyncke (evyncke)
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Tim Chown
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… David Farmer
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Bob Hinden
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Mark Smith
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… David Farmer
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… David Farmer
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Nick Buraglio
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Nick Buraglio
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Eric Vyncke (evyncke)
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Trøan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Erik Auerswald
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ted Hardie
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Nick Buraglio
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Mark Smith
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ted Lemon
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Nick Buraglio
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ole Troan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Ted Lemon
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Jeremy Duncan
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] Fwd: I-D Action: draft-ietf-6man-rfc67… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Vasilenko Eduard
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… David Farmer
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Brian E Carpenter
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Pascal Thubert
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Kyle Rose
- [IPv6] ULA>ULA [was: I-D Action: draft-ietf-6man-… Brian E Carpenter
- Re: [IPv6] ULA>ULA [was: I-D Action: draft-ietf-6… Kyle Rose