IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Owen DeLong <owen@delong.com> Wed, 27 February 2019 16:38 UTC

Return-Path: <owen@delong.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AEC513105F; Wed, 27 Feb 2019 08:38:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=delong.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9J9il8lGNGbO; Wed, 27 Feb 2019 08:38:15 -0800 (PST)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 43015130FF0; Wed, 27 Feb 2019 08:38:14 -0800 (PST)
Received: from kiev.delong.com (kiev.delong.com [192.159.10.5]) (authenticated bits=0) by owen.delong.com (8.15.2/8.15.2) with ESMTPSA id x1RGc0EM028275 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Feb 2019 08:38:02 -0800
DKIM-Filter: OpenDKIM Filter v2.11.0 owen.delong.com x1RGc0EM028275
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delong.com; s=mail; t=1551285484; bh=5FHcL67TOhj3LyGyCRsSjr3FPyN724aUcH4+XPMCIrk=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=i9c/xwM2LHVTltgTOcbD1UJvcJb76DzurSXXHzlZT6h/tyRFS63BVKRFlGFu2rnnE nzOD3DdmHwFs5tsbb8BRtAgh1uXv5fTAurhp3XzpyrBi1++VmvdDrK3Dka/DWghej9 84A+tiICzNASCisEeqUH5SUDNK1gz+DG/naJv9DQ=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAHL_VyAs2b5pNcrJJRV_ppthLoVN4+X4Axzte0QRxJ3s-bkNHw@mail.gmail.com>
Date: Wed, 27 Feb 2019 08:38:00 -0800
Cc: Fernando Gont <fgont@si6networks.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Content-Transfer-Encoding: quoted-printable
Message-Id: <198A82EC-532B-4390-A898-07AEE93EB004@delong.com>
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <1F07F2BB-2F37-4D12-9731-7892DF4E3D88@consulintel.es> <0a582916-af14-bd82-a4cd-002a36f8830b@huitema.net> <67515a73-26a5-3ed0-da88-1a4ce64550d3@foobar.org> <360afa02-cf23-375c-4876-780d3c2aa5ac@gont.com.ar> <CAHL_VyD34V=TRcsCp0DOO9HJNHyy5xkiMQ_cZoBa7zTE4fe5OA@mail.gmail.com> <ead01e0a-9211-7944-88d6-ae8d037c03a8@si6networks.com> <CAHL_VyAs2b5pNcrJJRV_ppthLoVN4+X4Axzte0QRxJ3s-bkNHw@mail.gmail.com>
To: Richard Patterson <richard@helix.net.nz>
X-Mailer: Apple Mail (2.3445.9.1)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (owen.delong.com [192.159.10.2]); Wed, 27 Feb 2019 08:38:04 -0800 (PST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/31B2XVE1v1_arEUU0Ua_hROyqXA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 16:38:24 -0000


> On Feb 26, 2019, at 02:35 , Richard Patterson <richard@helix.net.nz> wrote:
> 
> On Mon, 25 Feb 2019 at 18:37, Fernando Gont <fgont@si6networks.com> wrote:
>> Agreed. That said, with the current default lifetime values, things
>> become tricky:
>> At least in theory, you should be sending such RAs for "Valid Lifetime"
>> seconds. With a default of one month, that means that, in theory, you
>> should be sending such RAs for a month. And if there are multiple
>> crash-and-reboot events, you should advertise each of the stale
>> prefixes. (I assume the CPE just records the last one)
> 
> I get your reasoning, but I'm not sure if it's quite as dire as that,
> a single RA update with PrefLifetime of 0 should in theory suffice,
> but then we get in to discussing the reliability of ICMPv6 messaging.
> (as you have done in draft-gont-6man-slaac-renum-02 )

I think you’re leaving out the fact that there are two lifetimes…

There’s a preferred lifetime and a valid lifetime.

I’d argue that a prefix which is no longer valid on the link should
(ideally) be advertised for some period with a valid_lifetime of 0.
After all, if the prefix is no longer valid, there’s no benefit whatsoever
to allowing hosts on the link to continue to believe that it is, regardless
of the amount of time remaining in the timer on a previous RA.

I believe (someone will surely correct me if I am wrong) that a host
receiving an RA with different lifetime values is obliged to apply those
new values overriding any time remaining on the old values, regardless
of whether that increases or decreases the remaining time in the
lifetime values.

As such, 

> In my head, an address with the higher Preferred Lifetime should be
> selected over one with a lower value, however I couldn't find any
> recommendation as such in RFC6724, is this stipulated anywhere else?
> If not, would an update to 6724 that introduces a Preferred Lifetime
> comparison as a tie-breaker help?  i.e. When deciding between multiple
> non-deprecated source addresses, always pick the address with the
> highest Preferred Lifetime?

Selected for what? Source of a new session originated from the host?

(That’s the only case of selection I can think of). That’s governed by the
source address selection rules in RFC-6724 (obsoletes RFC-3484) in
the case where the application doesn’t bind a specific source address
to the socket. In the case where the application does bind a specific
source address, then, the source address selection methodology is
entirely in the hands of the application developer and/or any runtime
configuration said developer chooses to consider.

I guess all else described in RFC6724 being equal, one could use
longest remaining preferred lifetime as a tie-breaker, but I have yet
to encounter a network where you would reach such a tiebreaker
without arriving at a single prefix first by another method.

I do think it might be worth considering a change to how hosts process
Was wherein we keep track of the address of the router from which we
received the lifetime values currently being counted down and if we
receive a new RA from the same router that no longer includes
one of the prefixes we are counting down, we reduce the preferred
lifetime to zero while continuing to count down the valid lifetime.

I’m hard pressed to think of harm that comes from an invalid prefix
remaining on an interface so long as it is not preferred in most cases.
The one case that comes to mind is that hosts retaining that prefix
will be unable to reach hosts to which that prefix has been newly
assigned while they still retain it as a valid prefix.

Owen

v2.23.0 | Report a Bug | By Email