IETF Logo Mail Archive

Re: [IPv6] Variable IIDs

Mark Smith <markzzzsmith@gmail.com> Sun, 05 November 2023 22:08 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D700C1D2D85 for <ipv6@ietfa.amsl.com>; Sun, 5 Nov 2023 14:08:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DjyyzZ5k71uV for <ipv6@ietfa.amsl.com>; Sun, 5 Nov 2023 14:08:33 -0800 (PST)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 880A5C1D2D81 for <ipv6@ietf.org>; Sun, 5 Nov 2023 14:07:58 -0800 (PST)
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-9bf86b77a2aso554691166b.0 for <ipv6@ietf.org>; Sun, 05 Nov 2023 14:07:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699222076; x=1699826876; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XSdZ9CIpvv2IrNWcn5g/tHfgGDADDhBAOVDIHIZfjCM=; b=Bz7X2WF2KQLKn1V5IzfSKZ1mjFIlFWp/hpJqqpAR1ar83G2JupE+Q22iAmtT5q6jhX miduDpGAv0D9pBcSgT0II/CE8XHK/xRhUPFUKWIv6hBIdG5OMH48fwSs6k4uIF7td7ph It6RNUNW1Z6wJ4Q+mE0IUCHXdMpCYfoITnlCDhRDq5iMk6iEAqoY4TWo7MUPgGWaJrFD 6RurlMftj6HQz6tPlzFUx7cC615xFVVXwQYVLJTQdmCpR0vCgov29uTnsILRNMAvC1Hd QZw9kxkY5m7g8yPeA0KpnilDBAub0YisujEgKNGCU1V5iyBB4sZtDV7+1Yg9hGa0eQJ9 FLJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699222076; x=1699826876; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XSdZ9CIpvv2IrNWcn5g/tHfgGDADDhBAOVDIHIZfjCM=; b=k3Yn6vptHZi/IRzd2TwyfZWuArcaTc/myufHZgvkuriwUE2ny3Jh5IsaTWUn2IZU/e LuXC7M1li6XFjqPRdfJs0eqAzYVnOMBP3Qyeyt8dpDD2Yf+3EBcXzfVkXGcM9Ugec8cS Cuzu70yqsbw+uBOki4hC9hxxsAWdhGGbprGL2P81zKBrmY2JO/LjX2ctLJhOO/Z1HlMi 9kqO5vi3P2YLXKG9s6v+M9l93PnGhMYOLd31o6K+MPurVDviu5VqxsacN9l6y8AZeTwF JTXJzFS4DRdWbiH3z0/cIVKHYbFS8oqE4JbO3nVZcynzib6zHUPs25ttNypXKQTVlK6i 6tgg==
X-Gm-Message-State: AOJu0Yw3VHnJLjy0uzrtUHSHxIJizAvOfcxX7KXPVhbEs4wHRzhnfZ/0 IISsDwYDC1x1vfDf5M17imIyoskXf+oYJKj4zbuOOhX5
X-Google-Smtp-Source: AGHT+IHcBiuJNltkXaEiqfNtO4xWT1xomLX3UHaHEz6cWM7N5Dtypbxu026pN8P+XwbYYGPgMTZihCQRtn6rJq0k2kk=
X-Received: by 2002:a17:907:930d:b0:9ad:f7e5:67d9 with SMTP id bu13-20020a170907930d00b009adf7e567d9mr11317536ejc.4.1699222076128; Sun, 05 Nov 2023 14:07:56 -0800 (PST)
MIME-Version: 1.0
References: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com> <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com> <CAO42Z2zxLwtZNtuwBKDzCZZXp4tUNvmMoDCOu1XgjFPwXjKvYQ@mail.gmail.com> <CAPt1N1muMaRKjcTkSUKOGfzWF3wNc5TQ6K3_9=eKr6-8eNHYKw@mail.gmail.com>
In-Reply-To: <CAPt1N1muMaRKjcTkSUKOGfzWF3wNc5TQ6K3_9=eKr6-8eNHYKw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Mon, 06 Nov 2023 09:07:45 +1100
Message-ID: <CAO42Z2yH5cQh_C2dfA5C036So=0b-2FT=-QyzwYhG+v0gE8phQ@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: 6man <ipv6@ietf.org>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003e007906096ef881"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/4OSf78kmlvBUazKpy2JdkZnY3Kw>
Subject: Re: [IPv6] Variable IIDs
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 22:08:37 -0000

On Sun, 5 Nov 2023, 18:57 Ted Lemon, <mellon@fugue.com> wrote:

> Ironically, this is the best argument I’ve heard against. If isps use this
> to save on rir fees, their customers will get single /80 prefixes, and we
> won’t have gained anything.
>
> To my mind the benefit of a wider prefix is that it lets me take the /64
> my isp gives me
>


Your ISP isn't giving you enough address space, and they're not the common
case either.

https://blog.apnic.net/2016/11/14/ipv6-deployment-survey-results/

and subnet it 65536 times, as was originally intended when the
> recommendation for customer prefix widths was 48 bits. If we don’t get
> that, there is no point in doing this work.
>


ISPs need to realise how cheap /48s actually are.

I worked at a mainly residential ISP up until June. One of the things we
did was give all customers of any type /48s for 500K customers at the time.

There can be no errors with a single size, you don't have to spend time and
money developing systems to manage multiple sizes, you don't need to
develop an address plan that facilitates multiple sizes, nor do you have to
ever deal with a customer moving to a different size. The costs of doing
those things will far outweigh the costs of all customers having /48s.

RFC6177 doesn't say you can't give all customers /48s, it just says it
should be up to the operator, rather than the more prescritive advice in
RFC3177.

APNIC don't charge for IPv6 space if your IPv4 space has the greater cost.

APNIC also had no issue with us giving all residential customers /48s.

It didn't take much justification for APNIC to move us from the initial /32
to a /28 when we started our deployment for about 500K customers. Not long
after that they shortened again to a /27.

Regards,
Mark.



> Op zo 5 nov 2023 om 05:56 schreef Mark Smith <markzzzsmith@gmail.com>
>
>>
>> On Sat, 4 Nov 2023, 23:00 Lorenzo Colitti, <lorenzo=
>> 40google.com@dmarc.ietf.org> wrote:
>>
>>> Brian,
>>>
>>> If we think /64 is too large, then I think it's OK to change 64 to
>>> something else. But making the IID length variable is the wrong solution.
>>> If we do that, we will create a race to the bottom that ends up at /128.
>>>
>>
>> I think one of the incentives to do this will be RIR fees.
>>
>> Internet service is obviously a commodity, which means there are strong
>> incentives to reduce costs if possible, in particular for residential
>> Internet services.
>>
>> So if an ISP can get their minimum assignment of an /32, and then
>> subdivide with IIDs smaller than 64 bits to fit all of their customers
>> within that single /32, that's I'm confident that's what many will do to
>> avoid paying RIR fees for shorter prefixes to suit /64 subnets/64 bit IIDs
>> for their customer base.
>>
>> The larger the ISP, the greater the incentive to do this, because the
>> savings from only using a /32 for all customers will be greater.
>>
>> Regards,
>> Mark.
>>
>>
>>
>>
>>
>>> Here's why. Today SLAAC only works on a /64, and a /64 guarantees that
>>> there will always be enough address space to number unlimited devices.
>>> Pretty much every network operator uses that because it's the only thing
>>> that works on all devices. Some operators insist on assigning only a /128
>>> to each device using DHCPv6. This is for various reasons, most notably
>>> consistency with IPv4, the fact that DHCP clients and servers by default
>>> only assign one address, scalability of network entities such as ND caches,
>>> desire to charge for more addresses (yes; as the lead of a major OS network
>>> stack, we get this depressingly often). It's pretty clear from any reading
>>> of RFC 7934 that that is harmful, but those operators don't know or want to
>>> do it anyway. Fortunately (well, unfortunately for those operators), this
>>> doesn't work on a substantial percentage of devices due to lack of support
>>> for DHCPv6, so it's not really a practical solution on most networks. Those
>>> operators occasionally complain about OSes that don't support DHCPv6, but
>>> on the whole we're generally in a situation where devices can get as many
>>> IP addresses as they need, within reason.
>>>
>>> However: if we define SLAAC to variable length, as you are proposing
>>> here then those operators will pick the minimum length accepted by
>>> implementations. Today that's /64. If implementations change to accept
>>> fewer addresses (say, /80), then those networks will move to providing the
>>> new minimum. And so on. This starts a race to the bottom that ends at /128.
>>> If you don't believe this, consider: many residential ISPs provide a
>>> reasonably-sized subnet to users, such as a /56. But some provide only a
>>> /60. Some - like mine! - only provide a /64. In my case I could only get a
>>> /56 by signing up for the business offering, which costs 3 times as much.
>>> Now, obviously this example is about prefix sizes, but if we make SLAAC
>>> variable, you can bet that operators will do this within subnets as well.
>>> Consider even during the v6ops discussion of
>>> draft-ietf-v6ops-dhcp-pd-per-device, some participants (Martin, I remember)
>>> asserted that the subnet must be made small enough to prohibit devices from
>>> extending the network.
>>>
>>> Note, I am not saying that most or even many networks will do this. But
>>> some will. The consequence of that is that OS vendors like ours will act in
>>> their users' interests, and allow those users to evade those restrictions
>>> by implementing NAT66. At that point everybody loses. The networks don't
>>> get paid more. App developers have to implement NAT traversal and
>>> keepalives. OS vendors have to implement hardware offload APIs for
>>> keepalives. Users have to deal with lower battery life and brittle apps due
>>> to NAT timeouts.
>>>
>>> Why do this? If we really think /64 is too wasteful, then we can change
>>> it, once. But we can't make it variable without creating a race to the
>>> bottom. The only way to do that is to pick one size.
>>>
>>> Cheers,
>>> Lorenzo
>>>
>>
>>> On Sat, Nov 4, 2023 at 2:06 AM Brian E Carpenter <
>>> brian.e.carpenter@gmail.com> wrote:
>>>
>>>> If anyone wants to turn this into an I-D, please feel free.
>>>>
>>>> title: Variable Length Interface Identifiers
>>>> abbrev: Variable IIDs
>>>> docname: draft-tbd-6man-variable-iids-00
>>>>
>>>> # Introduction
>>>>
>>>> The lowest common denominator method of configuration for IPv6 nodes is
>>>> SLAAC {{!RFC4862}}, which is carefully designed to allow any prefix length
>>>> and any interface identifier (IID) length, provided that they do not total
>>>> more than 128 bits. Until now, specifications of "IPv6 over foo" mappings,
>>>> starting with {{!RFC2464}}, have specified an IID length of 64 bits,
>>>> consistent with the value specified by {{!RFC4291}}.
>>>>
>>>> This document allows a router to announce an IID length other than 64
>>>> on a given link, and updates RFC 4291, RFC 2464 (and numerous other "IPv6
>>>> over foo" documents TBD), and RFC 4862 accordingly. It extends {{!RFC4861}}
>>>> by defining a new "IID length" mechanism in RA messages.
>>>>
>>>> Terminology: a "modified" host or router supports this spec. An
>>>> "unmodified" host or router supports RFC 4861 and 4862 precisely.
>>>>
>>>> # Modified procedures
>>>>
>>>> The predefined IID length specified by RFC 4291, RFC 2464, etc. is used
>>>> to configure the link-local IPv6 address of a node exactly as described in
>>>> RFC 4862.
>>>>
>>>> On a link where variable IID length is not supported, the predefined
>>>> IID length will continue to be used to configure all other addresses using
>>>> SLAAC.
>>>>
>>>> On a link where variable IID length is supported, each modified router
>>>> will include an "IID length" indication in every RA/PIO message with the A
>>>> bit set. This will override the value defined in RFC 2464 (etc.) and in RFC
>>>> 4291, for the prefix concerned.
>>>>
>>>> Suggestion: put the IID length in 6 bits of the Reserved2 field of the
>>>> PIO. 0b000000 would mean 64, i.e. no change and backwards compatible. Any
>>>> other value would define an IID length in bits. Values less than 48
>>>> (0b110000) are NOT RECOMMENDED. Values greater than 64 are impossible.
>>>>
>>>> (Note: Reserved1 is not available - see {{?RFC8425}}.)
>>>>
>>>> When a modified node receives an "IID length" less than 64, it will use
>>>> that value instead of the default for all unicast address autoconfiguration
>>>> under that prefix, except link-local.
>>>>
>>>> # Deployment issues
>>>>
>>>>   - Unmodified hosts and unmodified routers: no change, all use 64-bit
>>>> IIDs.
>>>>
>>>>   - Modified hosts and unmodified routers: no change, all use 64-bit
>>>> IIDs.
>>>>
>>>>   - Modified hosts and modified routers: configure to use longer
>>>> prefixes and shorter IIDs if desired.
>>>>
>>>>   - Modified routers and mixture of modified and unmodified hosts on a
>>>> link:
>>>>
>>>>     - The modified hosts will use a shorter IID and longer prefix if
>>>> that is announced.
>>>>
>>>>     - The unmodified hosts, according to RFC 4861, MUST ignore the
>>>> Reserved1 field. So, according to section 5.5.3 clause d) of RFC 4862, they
>>>> will ignore any PIO advertising a shorter IID. Therefore, the operator has
>>>> two choices:
>>>>
>>>>       1. Decide that unmodified hosts will not be supported (i.e. will
>>>> not be able to configure an address using SLAAC).
>>>>
>>>>       2. Announce (at least) two prefixes on the link - a /64 and a
>>>> longer one, with a shorter IID. For that to make sense, we need an extra
>>>> rule for modified hosts: if a host receives several PIOs from the same
>>>> router, it prefers all those with the shortest IID and ignores the others.
>>>>
>>>>   - Mixture of modified and unmodified routers on a link: don't do that!
>>>>
>>>> # IANA Considerations
>>>>
>>>> Maybe a registry for the Reserved2 field, like RFC 8425?
>>>>
>>>> # Security Considerations
>>>>
>>>> Nothing new?
>>>>
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>>>
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>

v2.23.0 | Report a Bug | By Email