Re: slaac-renum: New rev of draft-gont-6man-slaac-renum (Fwd: New Version Notification for draft-gont-6man-slaac-renum-08.txt)
Fernando Gont <fgont@si6networks.com> Mon, 25 May 2020 16:27 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC60A3A0AD1 for <ipv6@ietfa.amsl.com>; Mon, 25 May 2020 09:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClXjV9wOirxY for <ipv6@ietfa.amsl.com>; Mon, 25 May 2020 09:27:16 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34EE93A0AD0 for <ipv6@ietf.org>; Mon, 25 May 2020 09:27:15 -0700 (PDT)
Received: from [IPv6:2800:810:464:8801:dd85:c59a:9374:35d6] (unknown [IPv6:2800:810:464:8801:dd85:c59a:9374:35d6]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 794C12838F2; Mon, 25 May 2020 16:27:11 +0000 (UTC)
Subject: Re: slaac-renum: New rev of draft-gont-6man-slaac-renum (Fwd: New Version Notification for draft-gont-6man-slaac-renum-08.txt)
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
References: <158986953939.9945.6882780269741835824@ietfa.amsl.com> <8354111a-7d3f-ecfa-bcf1-baaae27209ee@si6networks.com> <m1jb46e-0000K4C@stereo.hq.phicoh.net> <04027980-51a1-a831-df0c-750c4194333e@si6networks.com> <m1jbRDw-0000IQC@stereo.hq.phicoh.net> <a2710dfc-ec66-9e9f-8a2b-0fa0ad7e2b32@si6networks.com> <m1jc9hu-0000K8C@stereo.hq.phicoh.net> <772d4a92-9a4d-ef71-dac5-cb944acba925@si6networks.com> <m1jdEpw-0000IEC@stereo.hq.phicoh.net>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <3da7df4d-a191-d9d9-6d00-b9c30d7b03d1@si6networks.com>
Date: Mon, 25 May 2020 13:26:59 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <m1jdEpw-0000IEC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/2kgzDYG6-3edI8u9YFy_gzJyRsM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2020 16:27:24 -0000
Hello, Philip, On 25/5/20 12:16, Philip Homburg wrote: > [note, I'm replying to multiple messages] > >> That wouldn't be the case. We're talking about: >> >> 1) Current algorithm as specified in the I-D, which separates processing >> of ULA and non-ULA. >> 2) LTA_INVALID set to, say, "Router Lifetime" >> >> Would that address your concern? > > My issue is with LTA_DEPRECATE. What's the issue with LTA_DEPRECATE when the algorithm separates the processing of different address types (e.g. ULA and NON-ULA)? Note: Previous alternative proposals have suggested to prefer the latest prefix received, in which case, if prefixes were sent in multiple RAs or there were multiple-prefixes sent by multiple routers, they were guaranteed to oscilate. >> FWIW, Section "4.4. Conveying Information in Router Advertisement (RA) >> Messages" of the draft recommends all PIOs in the same RA. > > I quote "SHOULD include all options" > > This means that valid reasons can exist why the router doesn't do that. SHOULD is "only do if you have a very good reason". And, if for some reason you were to send PIOs in different RAs, non-ulas are only deprecated by non-ulas, and ula-are only deprecated by ulas. (assumming PIOs are sent in multiple RAs (currently not the case, there are multiple non-ulas pios being sent (not the typical case, either) *and* an RA gets lost). Where's the breakage? > In addition any router designed before this will be published, only has a > "MAY". > > So we should seriously consider that case that it is split. The document does consider it -- that's why prefixes are not deprecated at once. Deprecation will only happen if there's another address of the same type being announced. > Even if you were to make it a MUST, existing routers are still built according > to MAY. Well, that's always the case with standards. That said, it has been reported that existing routers do not behave that way. So, if anything, that's a theoretical case of legacy implementations that doesn't actually happen in practice. >>> When ULAs were introduced, it was transparent to hosts. I know that >>> they now appear in address selection policy, but nothing will break if they >>> are not in the policy table. >> >> Is that true in the general case? I've certainly written code that >> would need to be different if there were no ULA rules in the RFC6724 >> policy table. > > Can you give an example. In thinking about the current problem, I found the > policy table remarkably ineffective when it comes to ULAs. See the rule about addresses of minumum scope. Otherwise you'd never get to actually use ULAs. > I can imagine an issue with destination selection if you have both a ULA and > a non-ULA as part of a single DNS RR-set. Which issue? >>> When ULAs were introduced, it was transparent to hosts. I know that >>> they now appear in address selection policy, but nothing will break if they >>> are not in the policy table. >> >> This seems to be at odds with your previous comment. Namely, if >> they are not in the policy-table, you may end up using ULAs for >> trying to communicate with globally-reachable addresses -- and as >> a result communications will likely fail. > > For source address selection, the longest match does the right thing. If > the destination is non-ULA, then a non-ULA source address is a better match. > > However, if the non-ULA local address is depricated, then the ULA will win, > and communication will fail. non-ULAs are only deprecated when you have another non-ula. Same with ULAs: you only deprecate an ULA if you have another preferred ULA. THe algorithm in draft-gont-6man-slaac-renum will never deprecate the only ULA you ahve or the only non-ula you have. >> Indeed, I'd argue that in order to make the best out of IPv6 >> addressing the host needs to be aware about the different address >> types. And an API sitting in between the apps and the lower layers >> should, to. > > Hosts work just fine without knowing the difference between ULA and non-ULA. > Host do need to know about link local, and in the past, site local was also > a big issue. But ULA is quite transparent. That's because strictly speaking is not a different address type: they are essentially GUAs that are known to be filtered on the site boundary. > This is similar to RFC 1918. That was introduced with no changes to hosts, and > even today, there is very little a host would have to know about RFC 1918. That's because in IPv4 you typically only configure one address per node. If you were configuring both RFC1918 and ipv4-GUAs, and you were not using NATs, then you'd experience trouble. >> When it comes to draft-gont-6man-slaac-renum, one may always make >> the distinction indirectly. e.g., rather than hardcode ULA/non-ULA >> in the document, specify the handling for "each address type", and >> indirectly specify the "address types" as concerned by this document. > > Yes, I'm sure we can refer to the policy table. I guess in practice this > would an operational headache. How do you ensure that every host in your > network has an updated policy table. If you introduce a new address type, yes, of course you need hosts to be updated. There's no magic. > Especially where there is a split between > the network admins and support for hosts. > > I don't see why such complexity is better than just checking if a router sends > all information in a single RA. The current algorithm does not have such complexity. It is quite simple, indeed. You seem to assume that: 1) You can positively tell whether a router splits RAs -- but you can't. You're still playing with probabilities here. 2) This requires more complexity, and more packets (multiply that by number of hosts in a network). 3) And all this to deal with a case that this document recommends against, does not currently happen in practice, and that is dealt with the current algorithm, as indicated above. That said, I wouldn't mind adding a note that this has been raised, for the group to give your algorithm a thought. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- slaac-renum: New rev of draft-gont-6man-slaac-ren… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont