draft-gont-6man-slaac-renum-00
Lee Howard <lee@asgard.org> Mon, 18 February 2019 18:07 UTC
Return-Path: <lee@asgard.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0321D130F6A for <ipv6@ietfa.amsl.com>; Mon, 18 Feb 2019 10:07:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbRrTOYQCNPu for <ipv6@ietfa.amsl.com>; Mon, 18 Feb 2019 10:07:40 -0800 (PST)
Received: from atl4mhob14.registeredsite.com (atl4mhob14.registeredsite.com [209.17.115.52]) by ietfa.amsl.com (Postfix) with ESMTP id 742C9130E6E for <ipv6@ietf.org>; Mon, 18 Feb 2019 10:07:40 -0800 (PST)
Received: from mailpod.hostingplatform.com (atl4qobmail01pod6.registeredsite.com [10.30.71.209]) by atl4mhob14.registeredsite.com (8.14.4/8.14.4) with ESMTP id x1II7c5r021517 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <ipv6@ietf.org>; Mon, 18 Feb 2019 13:07:38 -0500
Received: (qmail 781 invoked by uid 0); 18 Feb 2019 18:07:38 -0000
X-TCPREMOTEIP: 68.100.71.215
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?192.168.1.135?) (lee@asgard.org@68.100.71.215) by 0 with ESMTPA; 18 Feb 2019 18:07:38 -0000
From: Lee Howard <lee@asgard.org>
Subject: draft-gont-6man-slaac-renum-00
To: ipv6@ietf.org
Message-ID: <da050573-8a39-5dd1-c54f-d5faf2da469b@asgard.org>
Date: Mon, 18 Feb 2019 13:07:37 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/4ScgyjtJ-M9Af3ebGU7kYNfjqrQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2019 18:07:42 -0000
1. Introduction I would prefer "A common deployment scenario" over "Probably the most common deployment scenario." "tipically" --> "typically" 3.1 Improvement to SLAAC The passive voice confused me here. I think you mean, "When a host receives an RA from a router from which it has received other RAs, but this RA does not include PIO (+A) for the previous prefix, it (the host) should set the Preferred Lifetime for addresses in that prefix to 0." This solution assumes that a router will include all prefixes in ever RA; rfc4861 (NDP) says that RAs in response to RSs, or during initialization, "a router SHOULD include all options so that all information (e.g., prefixes) is propagated quickly during system initialization." Since it's not a MUST, it's potentially legal for routers to send separate RAs with different prefixes. In your proposed SLAAC scenario, the host would alternately deprecate each address. 3.3 Stable prefixes Where most of the discussion on the lists has been. When I was involved in large networks, we had two problems with stable prefixes. First, we had redundant DHCPv6 servers in diverse data centers, and no scalable way to share lease information between them. So if DHCPv6 server A issued a prefix, but then at renew or reboot or whatever DHCPv6 server A was unreachable or DHCPv6 server B just responded faster, then server B would issue a prefix from its pools. We found some ways to link backend systems such that we could do a few stable prefixes based on DUIDs, but it didn't scale (especially considering DUIDs are only stable with the gateway). The other problem was that the network changes constantly. There is no assurance that the edge device to which a customer is currently connected will remain the same, or that that edge device will remain in the same logical hub. For a variety of reasons, there was the potential for many thousands of disaggregated prefixes to be leaked into the IGP, and that would not be good for the network. I think this option needs to be included in the draft for the sake of completeness, but I still disagree with those who want it to be mandatory. When a client has learned its address from DHCPv6, does it also have this problem? I think it would, until the DHCPv6 lifetime expires. A CE router that reboots wouldn't know it needs to send a Reconfigure (and my understanding is that there's little support for that option, but I haven't tested). Additional suggestion: If home gateways implemented RPF, they would simply drop packets from invalid (i.e., old) prefixes. We could add a new ICMPv6 message called "Invalid Source" which the router would return, notifying the host that either that source address prefix is stale, or it was sending to the wrong router. Host logic could pretty well sort out whether there was a better router to try, might send RSs for more information, and/or might deprecate that prefix/address and try a different one, or try DHCPv6. I note that anywhere IP addresses are used for policy, the "flash renumbering" problem exists. In an SD-WAN environment, the controller might be able to learn the new prefix from the CE router and trigger new security and routing policies, and maybe even update DNS, but it can't touch hosts. I think this draft is important in describing this issue and giving us written exploration of solution space, but I don't think the problem description needs to advance; ultimately, a solution document should be adopted and move forward. Lee
- draft-gont-6man-slaac-renum-00 Lee Howard
- Re: draft-gont-6man-slaac-renum-00 Fernando Gont
- Re: draft-gont-6man-slaac-renum-01 Erik Kline
- Re: draft-gont-6man-slaac-renum-01 Brian E Carpenter
- Re: draft-gont-6man-slaac-renum-01 Bob Hinden
- Re: draft-gont-6man-slaac-renum-01 Sander Steffann
- Re: draft-gont-6man-slaac-renum-01 Mark Smith
- Re: draft-gont-6man-slaac-renum-01 Lorenzo Colitti
- Re: draft-gont-6man-slaac-renum-01 Erik Kline
- Re: draft-gont-6man-slaac-renum-01 Bob Hinden
- Re: draft-gont-6man-slaac-renum-01 Fernando Gont
- Re: draft-gont-6man-slaac-renum-01 Fernando Gont
- Re: draft-gont-6man-slaac-renum-01 Fernando Gont
- Re: draft-gont-6man-slaac-renum-01 Fernando Gont
- Re: draft-gont-6man-slaac-renum-01 Bob Hinden
- Re: draft-gont-6man-slaac-renum-01 Bernie Volz (volz)
- Re: draft-gont-6man-slaac-renum-01 Philip Homburg
- Re: draft-gont-6man-slaac-renum-01 Bernie Volz (volz)
- Re: draft-gont-6man-slaac-renum-01 神明達哉