IETF Logo Mail Archive

[IPv6]Re: Analysis of Ungleich ULA Registry

David Farmer <farmer@umn.edu> Fri, 24 May 2024 09:37 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 831A2C180B46 for <ipv6@ietfa.amsl.com>; Fri, 24 May 2024 02:37:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N6ywJuCxvTaj for <ipv6@ietfa.amsl.com>; Fri, 24 May 2024 02:37:17 -0700 (PDT)
Received: from mta-p6.oit.umn.edu (mta-p6.oit.umn.edu [134.84.196.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F8ACC14F6FC for <ipv6@ietf.org>; Fri, 24 May 2024 02:37:16 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 4Vm0Lh1Clxz9vC81 for <ipv6@ietf.org>; Fri, 24 May 2024 09:37:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HLW3a7Hc7UXq for <ipv6@ietf.org>; Fri, 24 May 2024 04:37:15 -0500 (CDT)
Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 4Vm0Lg47nzz9vC7q for <ipv6@ietf.org>; Fri, 24 May 2024 04:37:15 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p6.oit.umn.edu 4Vm0Lg47nzz9vC7q
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p6.oit.umn.edu 4Vm0Lg47nzz9vC7q
Received: by mail-lf1-f71.google.com with SMTP id 2adb3069b0e04-5295ed311f1so465538e87.1 for <ipv6@ietf.org>; Fri, 24 May 2024 02:37:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; t=1716543433; x=1717148233; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FgOUFrGvEhZVdqEVS1prWgs8kQ7QinaTGwEokFyVzJE=; b=Xc3Pgd4dp7/ircSti/yA62TrjW0jJ7zR4IxgYVnXBuda6tbCa+I2FY+9E6i+UKKLAf 58Vqd+smiV2w9GrYwUEcPqz7Ecyb1Je0PnJokhMrOeaw57X+sg41yeMYSwmz1iwyALAy 3Wd95dGu8q/CG90/haM2jr4GTeC0RlfApaVZTLT4Zg2ijcdepIMSEO7Fb/XEpqzdFC1e KNmYAyLDyesX/n6ALUs7BwW77+U/d04/jVgjM8ClCTY3QFLg8aF8wlL3x//how3+EZ3p 903+/Hz7Cs4+9IJM7r3w6VKt8IRQdAbYS71E37Bl/7LmYOPOqge7p1jjE7jZennD/Mg/ YOFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716543433; x=1717148233; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FgOUFrGvEhZVdqEVS1prWgs8kQ7QinaTGwEokFyVzJE=; b=p4zSLrQaFASjIjkh8kVNhigJyp1LsK8ywAXOz+asfYPBDbOKeBPSHX8PXDkTXucXus u/7DQy50C0L0NAhkcNXURZOrOCQamZO1XPd3LwdtxnEpxCRTiZZRubDf3s8iYBZ8Htam L12tiTTMrv8eFmYnxXFNT2LyfbnUDtxUaUsGS+b9jU26zymSWz42g4BzUA9MZkkEHs/n Fw7Ea2+isqO8ikAhnRZ46CLJc3mdnj+Vu+8Eo1Uzl0SLGEmt5zeiBj46VO0bvzyGql/P UjdHauEmmODiU1O6vV/Ps1N+mOQo2wOY2UfFbGX1htQjvQxqrq8yPliqE6F6bvxoKZXT Fvyw==
X-Forwarded-Encrypted: i=1; AJvYcCVor4aJmnUiOSDI9zsLhvY03MGsms4zl51QDt8E/92Dqo42Rb7TuvFrksr9gKriF56wASSn2upJbURj3SjL
X-Gm-Message-State: AOJu0YxjfhnOnO6FwjWtwakqF66YhaIcckMm4mBXZQodIK/RjZBTPG9Z MoL5s3JJnFzjuL/T93yHQObA04Yu9cVQiCMrzDYLHNRZiTQtF4fVF66TdH3ZTg9ipENRNBXCB0o ELnovX4J3bKle3HQHpPGk7te7LELf4czEgEUW6XNw/JUv7kuqz/F8QGB1JHyBy5qUQ35GWiQJyH AnOpH8QrESNU24wzWu0s48
X-Received: by 2002:ac2:5469:0:b0:528:4241:2188 with SMTP id 2adb3069b0e04-52964bb092emr934733e87.29.1716543433242; Fri, 24 May 2024 02:37:13 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IF5W500+nF7s1WQJ4Nn7ktNgC7nP6GYpM6XtMb/2z8eJn00DGFltxCpU/7LXKIzWOT7vfWYzLggCBpviQY9pJM=
X-Received: by 2002:ac2:5469:0:b0:528:4241:2188 with SMTP id 2adb3069b0e04-52964bb092emr934702e87.29.1716543432719; Fri, 24 May 2024 02:37:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAN-Dau0J1uqpwnRXYpeSFGUTJ532MmpeGd4BLoAqqf8HzeFTjQ@mail.gmail.com> <CAJU8_nW7Q3WphfgtgnK0E+88R1_nENCy9MBBYhG2G1bkPD9UeQ@mail.gmail.com> <CAN-Dau0Nc0VHMHdRg7MG6yf2X1S_SrYbA6YhKUzBz7XiLkR5cg@mail.gmail.com> <CAO42Z2ye16kbexYv7DB5n7qzvxv0njezXEYUqsSzbiFLYOmUDQ@mail.gmail.com> <C3ECF392-D612-4D60-BEC5-87628CDAC694@gmail.com> <CAN-Dau3pdkQjk65ET2b9v5fiwQ+m1rMZAHnR6YNfOBhh+iiYKQ@mail.gmail.com> <CAO42Z2yjhLiUndHtLsPdqjA8YbFOO7LMh_bjn49JpsfkFdr+dQ@mail.gmail.com>
In-Reply-To: <CAO42Z2yjhLiUndHtLsPdqjA8YbFOO7LMh_bjn49JpsfkFdr+dQ@mail.gmail.com>
From: David Farmer <farmer@umn.edu>
Date: Fri, 24 May 2024 04:37:00 -0500
Message-ID: <CAN-Dau1d+BbcfzdvKERtXXSQ5UeAZCsxO9AQ664Zewb=R7u+zg@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000008ca25906192fe951"
Message-ID-Hash: 4NJAODHBB57MYNTCGTC3BKSHCP4I5XGO
X-Message-ID-Hash: 4NJAODHBB57MYNTCGTC3BKSHCP4I5XGO
X-MailFrom: farmer@umn.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [IPv6]Re: Analysis of Ungleich ULA Registry
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================


On Thu, May 23, 2024 at 23:39 Mark Smith <markzzzsmith@gmail.com> wrote:

> Hi David,
>
> On Fri, 24 May 2024 at 11:47, David Farmer <farmer@umn.edu> wrote:
> >
> >
> >
> > On Thu, May 23, 2024 at 8:05 PM Bob Hinden <bob.hinden@gmail.com> wrote:
> >>
> >> Mark,
> >> > On May 22, 2024, at 8:55 PM, Mark Smith <markzzzsmith@gmail.com>
> wrote:
> >> > I think you can only conclude that if you believe that most people are
> >> > generating ULA /48s correctly. I've seen enough examples that they
> >>
> >> I note that it’s probably not “people” doing this, it is routers.  On
> my home network, the routers (eero) creates what looks to me to be a ULA
> /48 with a random prefix.
> >
> >
> > I agree with Bob. Most people aren't generating them. Either their
> router is, or they use a tool. l\Looking at the Ungleich ULA Registry,
> while there are plenty that are not random, the vast majority are.
> >
>

In the above I simply said they mostly seem random.

You were using this registry data to justify the need for people to
> have shorter than /48s, meaning multiple /48s. I was pointing out that
> I don't think they're realistic because I've seen too many examples of
> incorrect and unrealistic ULAs.
>
> > 581 Names with >1 Entry
> > 8 Names with >10 Entries
>
> Are you saying that more than 10% of the 4886 unique names have a
> realistic need for between 131 072 /64s (2 x /48s) and 655 360 /64s
> (10 x /48s)?
>
> Or that 8 of them have a realistic need for 11 or more /48s?



> How do you know that these are legitimately sized registrations rather
> than just an IPv6 ULA "land grab" because ULA /48s are very cheap to
> generate?
>
> We shouldn't be miserly with IPv6 address space (I advocate and have
> deployed /48s for residential ISP customers), however we also
> shouldn't swing too far the other way and try to accommodate single
> address space sizes that are beyond realistic or common.


No, those numbers are exaggerated. Both by my simplistic analysis, and by
the likelihood they include use cases that are exaggerated as well. Those
numbers count generic names and organizations that are likely independent
uses, as a single common uses.

Further, neither you nor I know that any of the use cases represented in
the Ungleich ULA registry are justified or not. We both have opinions, and
they are closer than you might realise, I suspect many if not most of those
use cases for multiple /48s are not justified. Where we might disagree, and
the point I'm trying to make, is simply that when I look at the data it
seems to me at least a few of the use cases seem plausible and justified,
even if most of them are likely not.

I’m only saying use cases for more than one /48 of ULA seem to exist.

>> > .... I don't think
> >> > shorter than /48 ULA is actually a common requirement at all.
> >>
> >> I agree with that.
> >>
> >> I would go further and say that organizations that require shorter
> prefixes, should probably just get Global addresses from their ISPs or from
> the RIRs.
> >
> >
> > I agree they are not common. Even the Ungleich ULA Registry shows that,
> but it also seems to demonstrate their existence. However, my primary
> argument for short prefixes is that the known-local ULA change we are
> making puts a practical limit on the number of ULA prefixes of about 10.
> Again, this is not a problem for most networks; they seem to exist.
> >
> > Your answer seems to be don't use ULA for your internal addressing.
> >
>
> Not at all. There are security and renumbering benefits to deploying
> ULAs in parallel with GUAs in any network (internal services/servers
> that only have ULA addresses cannot be an Internet DoS target because
> the Internet traffic can't reach them).
>
> In a network large enough, e.g., with an supposed need for 1 048 576
> /64s, I'd quite happily use 16 x random ULA /48s rather than a single
> /44 "ULA".


And my point is, that is fine to use multiple ULA /48s instead of a larger
ULA aggregate, until we implement know-local ULA being discussed in the
RFC6724 update we are working on. That change will make anything more than
like 10 ULA prefixes a practical problem. And one way around that
limitation is aggregate ULA prefixes shorter than /48.

Further, ULA-C is one way to deliver such shorter ULA prefixes without,
changing the current definition of ULA. And if the RIRs are used for ULA-C
there is the added benefit of a way to verify the justification for shorter
prefixes.


The usefulness and time/cost savings of having a single /44 rather
> than 16 x /48s would be trivial in a large network for an internal
> address space.


> Experience with running a network with multiple aggregate address
> spaces isn't rare, ISPs have been doing it for decades with multiple
> IPv4 assignments from RIRs.


I agree, but I said, or meant to say, larger uses of ULA seems rare, not
larger use of address space generally.

>From the above you seem to agree larger use of ULA, more than a single /48
seems plausible and can exist. If so, how do you recommend dealing with the
practical limitations of known-local ULA to around 10 RIOs for ULA. There
can actually be 17 RIOs in a single RA, but you want some of them for GUA
and you probably want room for other options in your RA as well.

Thanks.

v2.30.2 | Report a Bug | By Email | System Status