IETF Logo Mail Archive

Re: IPv6 Link Local Addresses [was Re: Is 1111 1110 10 equal to 0xfe80 or 0x3fa?]

Yucel Guven <yucel.guven@gmail.com> Wed, 12 June 2019 17:37 UTC

Return-Path: <yucel.guven@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA5E6120073 for <ipv6@ietfa.amsl.com>; Wed, 12 Jun 2019 10:37:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SkeI-QtZxpu5 for <ipv6@ietfa.amsl.com>; Wed, 12 Jun 2019 10:37:41 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABAF9120121 for <ipv6@ietf.org>; Wed, 12 Jun 2019 10:37:41 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id u64so12317566oib.1 for <ipv6@ietf.org>; Wed, 12 Jun 2019 10:37:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zTgpDAHi226LeEifmxuwPJtadV23wuqTLJhA9IXoXWs=; b=dWTdPUzlO3OBpQAqLsMN0DgJ4AoI7xlk4cSG1FBvKEssskjKvIpN0nDLcvbhpo2Dn2 yBK0oJBlAOUB3fomiwxhtu513PX7+p/bg1KAjYL/zo2ia40ePjHLxtf7a+WCH0wWXukS lm51YDjxXA8bq8WVX3KY4Nfgq0UfwBoX7Q9IBdOmm2pZIftc0cBKSGJ8Dhm21nozsrgs /t0QCUoxtt/44XAxFiyHRpVXQyqrKTmChsiCE/zlAD8VmJuEeJEJimIgIKvlcZb/o86S T5VTMhI2FO3vMjRL1zPm72oYlP9DhehW1/tk8TvaSaZD8KQUk20dRpD4vi2zQlhFeWf4 G4+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zTgpDAHi226LeEifmxuwPJtadV23wuqTLJhA9IXoXWs=; b=N7CQdiOK7pIeYotKvNbyu7V/MYaTr3b2yXInuJzQi5P/grG9f92a3nkETpt2IQPrR2 qZBghhX3Vvwok+8i+4zimE3xq83SsbgtQUY8TS8JtFNeZo9NijDMnVNimNaOJbsBe7KB EAKn+6ImdJczxbHhzJG1K7M57an6lyhXW95Soaua4M/hzpQqqziHT01gldiUeflG8QWl bML6Ay93lLHEdHzoVGda2ys5LNEBOx8Eeo/tNVdJ4K8GAZ6BkbEa8J57WyA5XtGcNVD0 iYnSB1xdD/MH18eCVuoHTwOX9mxD8Ilm03/MviGG/YCZ1v245fJPeiAe8edOtD66DWxU lZ+A==
X-Gm-Message-State: APjAAAXAv9kkJe19xcWg67GcYX1F0Gx+liDqHFrI2TecI4JnQ4Z8lX46 eOFRpFgUdDMnlmN4I03Sba6+1Lei4CwB7VkWJu0=
X-Google-Smtp-Source: APXvYqxHAVX92BQDbxPnH65VP7mOks65lecZeak1lRFdlQPV4GVhC8mN4U9miuQzX2Vvvq6PFLqzTRwwUZ8ZbZnCx1o=
X-Received: by 2002:aca:ad54:: with SMTP id w81mr255605oie.86.1560361060939; Wed, 12 Jun 2019 10:37:40 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR15MB2506E62560613C85F74A1FF8BB100@DM6PR15MB2506.namprd15.prod.outlook.com> <CALx6S36vVpD9bAPSBQmhV+daR0Yr4heQ-LaiB4hABAs8ofVfNQ@mail.gmail.com> <DM6PR15MB25063BAF058C1825E2B63E30BB130@DM6PR15MB2506.namprd15.prod.outlook.com> <CAKQ4NaW-QRZDO52zDZTSqz_MsfrS1uQHdz6zFjo+gXvtYVnFxA@mail.gmail.com> <DM6PR15MB2506E06165EA22E66BBB9524BB130@DM6PR15MB2506.namprd15.prod.outlook.com> <7E03089C-8429-4B56-96D6-441490C850B2@gmail.com> <B3D43A45-5E90-4D04-BA64-17150EE6D2AA@gmail.com> <0138C92A-A95A-488D-8851-9F3227D2B8B8@employees.org> <CABNhwV1hy5S-GUK-MY7OcudaYJB0j1PVgF1CG6cGa7s7Qez63w@mail.gmail.com> <C278A105-13D3-4035-AB6E-785A8E2C095D@employees.org> <CABNhwV2848Csn=5xy29Rbe_4E1fD0HSeXonBY4M+=21cK11GOA@mail.gmail.com>
In-Reply-To: <CABNhwV2848Csn=5xy29Rbe_4E1fD0HSeXonBY4M+=21cK11GOA@mail.gmail.com>
From: Yucel Guven <yucel.guven@gmail.com>
Date: Wed, 12 Jun 2019 20:37:24 +0200
Message-ID: <CAKQ4NaWTO=+aHSmBdBZv_Op0zD6iffExAHvOgzNFp5QVhahQiw@mail.gmail.com>
Subject: Re: IPv6 Link Local Addresses [was Re: Is 1111 1110 10 equal to 0xfe80 or 0x3fa?]
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: Ole Troan <otroan@employees.org>, Bob Hinden <bob.hinden@gmail.com>, Alexandre Petrescu <alexandre.petrescu@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c23bfc058b23def4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/31Qics46dM979g-NOvoCduukOXA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 17:37:45 -0000

I agree with Ole.


Referring with the setups in the Lab. with Cisco, or Nokia, or other vendors

should not be taken as a reference or criteria to change the standards.

This type of software modifications are generally called as 'DCR, Design
Change Request',

and requires modification/tailoring of the device software with respect to

what customer requests from vendors.

On Wed, Jun 12, 2019 at 6:43 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:

> Hi Ole
>
> My reasoning which I gave Alex in assisting in authoring the draft as what
> I implemented with my IPv6 customers as our deployment standard was to have
> an intuitive link local for next hop adjacencies which we embedded the
> global unicast into the link local after the :: but what happened in the
> original implementation 16 bits bled over into the all 0s portion of link
> local and the ospf adjacencies would not come up with a Citrix Netscaler lb
> in 2 arm setup so we went back to our standard realized that Citrix was
> following the rfc 4291 and CISCO was not so we had to update our deployment
> standard to follow the rfc for mixed vendor environment.
>
> So in this case as some vendors like CISCO chose not to follow the rfc
> while others do for the use case of intuitive next hop is the reason to
> change the rfc so that the entire global unicast address can be embedded
> into the link local and the 16bit or more fields don’t have to be shaved
> off making the goal of intuitive next hop slightly better but still not as
> desired with the restriction of the all Os field not allowed to be used.
>
> Gyan
>
> On Wed, Jun 12, 2019 at 12:27 PM Ole Troan <otroan@employees.org> wrote:
>
>> Hi Gyan,
>>
>> > I went through this test in the lab a few months ago about verifying
>> across all Cisco platforms if you can specify non zero values in the all
>> 0's field in the Link Local prefix hardcoding the prefix and if the OSPF
>> neighbor would come up and it did come up in an all Cisco environment.
>> >
>> > So the main thing this draft accomplishes in my opinion and I think is
>> necessary gap that it is fixing is interoperability between vendors for the
>> use case of making the link local intuitive for the next hop by embedding
>> the entire global unicast address into the iid & 54 bit 0s field.
>> >
>> > Cisco happens to all the Link Local to be set and set all the 0s in the
>> prefix fe80::/10 up to 64 which is a violation of the RFC but it does allow
>> on all platforms and all codes.  I think we found that some unix flavors
>> allow the same.
>>
>> Bias warning: I was heavily involved in one of the implementations you
>> mention and the choice of how to implement link-local addresses.
>>
>> That one vendor has chosen to allow the operator to chose if she wants to
>> override the RFC behaviour, isn't in my view an argument for why we should
>> change the standards.
>>
>> Cheers,
>> Ole
>>
>>
>> >
>> > So now the change to the RFC 4291 is making it official that it now can
>> be allowed across all platforms to help with mixed vendor environments
>> where you can now embedd the entire global unicast address into the station
>> id making the default EUI64 station-id now intuitive.
>> >
>> >
>> https://datatracker.ietf..org/doc/html/draft-petrescu-6man-ll-prefix-len
>> <https://datatracker.ietf.org/doc/html/draft-petrescu-6man-ll-prefix-len>
>>
>> > **This is a copy/paste from a test I did in the lab a few months ago to
>> prove my point**
>> >
>> > I did a test in the lab for that one use case of making the default
>> link local EUI64 more intuitive in the lab and Id id a worst case scenario
>> test populating all the 16 bit nibbles and all hex digits within each
>> nibble so no :: 0's compression on a Cisco IOS XE router running 16.x code
>> and confirmed the OSPF neighbor still comes up even though the entire 54
>> bit all 0's field per the RFC is populated in effect violating the current
>> RFC but because its like-like intra-vendor the OSPF adjacency forms.
>> >
>> > So I have tested this concept and it works across all Cisco platforms
>> IOS, XE, XR, NXOS that you can populate the entire 54 bit all 0's field..
>> >
>> > So the big caveat with this and justification for this draft is "mix
>> vendor" environment inter-operability" which is one of the reasons for the
>> IETF and to have RFC's and standards that allows any device from any vendor
>> to communicate that supports the RFC.     I think that is a MAJOR point to
>> add to the justification behind the draft in the use cases where on a
>> managed IPv6 network that the administrator can now hardcode the IPv6
>> address fully populating entire 54 bit subnet-id & station-id and routing
>> protocols will now work and OSPF, ISIS, EIGRP adjacency can now work in a
>> mix vendor environment.
>> >
>> > R1
>> > ipv6 addr fe80:1111:1111:1111:1111:1111:1111:1111 link-local
>> >
>> > R2
>> > ipv6 addr fe80:1111:1111:1111:1111:1111:1111:2222 link-local
>> >
>> > R1#sh ipv6 ospf nei
>> >
>> >             OSPFv3 Router with ID (1.1.1.1) (Process ID 6000)
>> >
>> > Neighbor ID     Pri   State           Dead Time   Interface ID
>> Interface
>> > 2.2.2.2      1   FULL/DR         00:00:35    18
>> GigabitEthernet1/0/2
>> >
>> > R1#sh ipv6 ospf int g1/0/2
>> > GigabitEthernet1/0/2 is up, line protocol is up
>> >   Link Local Address FE80:1111:1111:1111:1111:1111:1111:1111, Interface
>> ID 18
>> >   Area 2.2.2.2, Process ID 6000, Instance ID 0, Router ID 1.1.1.1
>> >   Network Type BROADCAST, Cost: 1
>> >   SHA-1 authentication SPI 666661, secure socket UP (errors: 0)
>> >   Transmit Delay is 1 sec, State BDR, Priority 1
>> >   Designated Router (ID) 2.2.2.2, local address
>> FE80:1111:1111:1111:1111:1111:1111:2222
>> >   Backup Designated router (ID) 1.1.1.1, local address
>> FE80:1111:1111:1111:1111:1111:1111:1111
>> >   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>> >     Hello due in 00:00:03
>> >   Graceful restart helper support enabled
>> >   Index 1/5/14, flood queue length 0
>> >   Next 0x0(0)/0x0(0)/0x0(0)
>> >   Last flood scan length is 2, maximum is 9
>> >   Last flood scan time is 0 msec, maximum is 1 msec
>> >   Neighbor Count is 1, Adjacent neighbor count is 1
>> >     Adjacent with neighbor 2.2.2.2  (Designated Router)
>> >   Suppress hello for 0 neighbor(s)
>> >
>> > R2#sh ipv6 ospf nei
>> >
>> >             OSPFv3 Router with ID (2.2.2.2) (Process ID 6000)
>> >
>> > Neighbor ID     Pri   State           Dead Time   Interface ID
>> Interface
>> > 1.1.1.1   1   FULL/BDR        00:00:37    18
>> GigabitEthernet1/0/2
>> >
>> > R2#sh ipv6 ospf int g1/0/2
>> > GigabitEthernet1/0/2 is up, line protocol is up
>> >   Link Local Address FE80:1111:1111:1111:1111:1111:1111:2222, Interface
>> ID 18
>> >   Area 2.2.2.2, Process ID 6000, Instance ID 0, Router ID 104.255.32.2
>> >   Network Type BROADCAST, Cost: 1
>> >   SHA-1 authentication SPI 666661, secure socket UP (errors: 0)
>> >   Transmit Delay is 1 sec, State DR, Priority 1
>> >   Designated Router (ID) 2.2.2.2, local address
>> FE80:1111:1111:1111:1111:1111:1111:2222
>> >   Backup Designated router (ID) 1.1.1.1, local address
>> FE80:1111:1111:1111:1111:1111:1111:1111
>> >   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>> >     Hello due in 00:00:05
>> >   Graceful restart helper support enabled
>> >   Index 1/5/14, flood queue length 0
>> >   Next 0x0(0)/0x0(0)/0x0(0)
>> >   Last flood scan length is 0, maximum is 7
>> >   Last flood scan time is 0 msec, maximum is 1 msec
>> >   Neighbor Count is 1, Adjacent neighbor count is 1
>> >     Adjacent with neighbor 1.1.1.1  (Backup Designated Router)
>> >   Suppress hello for 0 neighbor(s)
>> >
>> >
>> > On Tue, Jun 11, 2019 at 4:44 AM Ole Troan <otroan@employees.org> wrote:
>> > >> This means that link local addresses have a 10 bit prefix
>> (1111111010) followed by 54 bits of zeros.  That is it, nothing more.
>>  Address with different prefixes or with a 1111111010 prefix followed by
>> non-zero 54 bits are not link local addresses.
>> > >>
>> > >> This is not ambiguous.
>> > >
>> > > So if an application asks my implementation to send a packet
>> addressed to fe80:1::1 out a particular link what should the implementation
>> do with it? It seems like there are only 3 choices:
>> > >
>> > >   1. Run ND on that link to see if it can find a neighbor there with
>> that address to send the packet to.
>> > >
>> > >   2. Send the packet to the current default router.
>> > >
>> > >   3. Something else (what?).
>> > >
>> > > I had though 1. was the answer since that is what is done with
>> packets addressed to link-local unicast destinations (which is what that
>> address is according to RFC4191 section 2.4), but that now seems to be
>> ambiguous.
>> >
>> > Let me illustrate with a typical per-interface FIB:
>> >
>> >  fe80::/10 -> drop
>> >  fe80::/64 -> glean
>> >  fe80::abcd -> neighbor abcd
>> >
>> > Cheers,
>> > Ole
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>> >
>> >
>> > --
>> > Gyan S. Mishra
>> > IT Network Engineering & Technology
>> > Verizon Communications Inc. (VZ)
>> > 13101 Columbia Pike FDC1 3rd Floor
>> > Silver Spring, MD 20904
>> > United States
>> > Phone: 301 502-1347
>> > Email: gyan.s.mishra@verizon.com
>> > www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT
>> >
>>
>> --
>
> Gyan S. Mishra
>
> IT Network Engineering & Technology
>
> Verizon Communications Inc. (VZ)
>
> 13101 Columbia Pike FDC1 3rd Floor
>
> Silver Spring, MD 20904
>
> United States
>
> Phone: 301 502-1347
>
> Email: gyan.s.mishra@verizon.com
>
> www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email