Re: Objection to draft-ietf-6man-rfc4291bis-07.txt

Lorenzo Colitti <lorenzo@google.com> Thu, 02 March 2017 10:19 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66880129473 for <ipv6@ietfa.amsl.com>; Thu, 2 Mar 2017 02:19:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fI90ey9KRvr for <ipv6@ietfa.amsl.com>; Thu, 2 Mar 2017 02:19:56 -0800 (PST)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8480E129687 for <ipv6@ietf.org>; Thu, 2 Mar 2017 02:19:56 -0800 (PST)
Received: by mail-ua0-x230.google.com with SMTP id q7so39314098uaf.2 for <ipv6@ietf.org>; Thu, 02 Mar 2017 02:19:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uWDLw3w8YRgEf3vJmXmIchUaaZU7DxbEQ1YeuCvvRs4=; b=aurKZC4zoLBmXlPXqyi/TY/E3NWA1W18EVhX/uGjRURMIUvB4VSPxHtAR2g4LKq12r eSCH5ri+gn799S2kCLSyxRMLesDaS6lELcynJZqT/H0sv4ktNQGoL5v0O3uSXmJWRZXj KTtNd+5bDeMT2Ag8+njdnHGdE/6Iq6M6nKL2a6WxOaBAKo0uLTocuzaZXtAbW2bi3Qxd rhQvHzXFbwtjD+FHO34XONtI4APS6kOw6HvIcm6/Vmrc6Yq+nL+y8gtE+kFM9yLRu6SU ptmLmZfsXSoQhqqjz02liHEpIeGgX8T+O69gRZ8M5GieGOp6R6w7nsufCB0UuuicCUth EU7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uWDLw3w8YRgEf3vJmXmIchUaaZU7DxbEQ1YeuCvvRs4=; b=bLW5XR0Z+KJNGZAVWXZCqfpgg3I0eQzIDKXEYaRJgCoK6nkwQxRgyI4pe1DYgk7JA5 Ix4asrzugx2tqh+Tb7VqBmUQEdTohUMwwvVQAUdKkqUa0plLdNCMV2fDbGfqQWT4mLWA +e72gLbSU61Gw1SL5axSHmR5tAMyW9KUO8GEIfLLzIDWAchN2G+/pr+qd3Tv3EfQfQJh gJ+jSv2yHkTZOyys5a8lRr026YzHMvMZ1muw+I8LKZWt1S4WcDfNt/OT6Z87LZmbImlI n+DcgFI0a5pHkA3P7jM6MDVtm/R09fZ+NjnjPslzsxi7SM+WCfN4vdouYRyMC1Z/faru 000w==
X-Gm-Message-State: AMke39nk7EvsPwB5jS3cZ5bJslw8x2xenrIjFlzcM+xYCZp2cc9MbO8gDTy5Z2TzdZdNflP3nKQW+9kdmtys33gS
X-Received: by 10.176.8.4 with SMTP id a4mr6856568uaf.171.1488449995209; Thu, 02 Mar 2017 02:19:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.171.2 with HTTP; Thu, 2 Mar 2017 02:19:34 -0800 (PST)
In-Reply-To: <20170302105206.15fc3886@echo.ms.redpill-linpro.com>
References: <20170223134026.GI5069@gir.theapt.org> <9277BC0B-04F3-4FC1-901E-F83A8F0E02D7@google.com> <58AF6429.70809@foobar.org> <902276E9-0521-4D4E-A42B-C45E64763896@google.com> <58AF726A.3040302@foobar.org> <F7C230DE-4759-4B78-ABF2-6799F85B3C62@google.com> <58B014F6.2040400@foobar.org> <6DA95097-8730-4353-A0C9-3EB4719EA891@google.com> <CAKD1Yr0qk_njAGnex_FZsYisCVw=eM8hXTr1v+wqvcfX_09wiQ@mail.gmail.com> <CAN-Dau0ohz3Wp55bs+eoFvSyoUjuKfjzKGSAsJS3wUt3z7TGtA@mail.gmail.com> <CAKD1Yr0wK8EiAbz39EZz-xZLtsSV2JROSzNECKtGo36Zc=RZ0Q@mail.gmail.com> <CAN-Dau2N-fv3o9o4807m_fbMktjC6hq28sMZhfECKg5cbb4g6Q@mail.gmail.com> <CAKD1Yr3tHm5x29w4L5KtKi7PqDHRxkPr6i9mJMtHLaPc2eM2GQ@mail.gmail.com> <20170302105206.15fc3886@echo.ms.redpill-linpro.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 02 Mar 2017 19:19:34 +0900
Message-ID: <CAKD1Yr2AYaAQMuGZiKXYwKdgz1dzKs5fc5bm7hQjpuq3O_V8gQ@mail.gmail.com>
Subject: Re: Objection to draft-ietf-6man-rfc4291bis-07.txt
To: Tore Anderson <tore@fud.no>
Content-Type: multipart/alternative; boundary="f403045ee7783b4be60549bcc51b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/3uTyhOtn-BAagIxlyVOjT6JejX4>
Cc: 6man WG <ipv6@ietf.org>, james woodyatt <jhw@google.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 10:19:58 -0000

On Thu, Mar 2, 2017 at 6:52 PM, Tore Anderson <tore@fud.no> wrote:

> 1) 2001:db8::192.0.2.1/120
> 2) 2001:db8::198.51.100.1/120
> 3) 2001:db8::203.0.113.0/120
>
> These are all in the same /64 but if these tree hosts assume the /120
> prefix length is incorrect and "helpfully correct" it to /64, then they
> can no longer communicate with each other.
>

I think you and I have already covered this case. I don't see how we can
define the IID in any meaningful way for RFC 6052 addresses. In the limited
case of /96 it might work, but in the general case it won't.

Consider a translation prefix of 2001:db8::/56. In this case 192.0.2.1/24
becomes (I think) 2001:db8:0:c0:2:100::/80. But if you configure
2001:db8:0:c0:2:100::/80 on an interface, that really won't work the way
you'd like it to. For example, suppose the node gets a packet whose
destination address is 2001:db8:0:c0:2:100::1. It won't match any of the IP
addresses configured it on the system. So it will either drop it, forward
it on-link (if L=1) or forward it back to the router it came from,
potentially causing a routing loop.

So really, you can't express this type of configuration using only an IPv6
address and a prefix length, because they don't provide enough information
to do that. "2001:db8:0:c0:2:100::/80" by itself is not enough: you need
one more piece of information, which is the length of the NAT64 prefix.

As I said before, I think we should have an exception for IPv6 addresses
where the only non-zero bits in the IID are an IPv4 address. Those aren't
really IPv6 addresses anyway, they're just convenient representations for
IPv4 addresses.