IETF Logo Mail Archive

Re: RFC6724-bis?

David Farmer <farmer@umn.edu> Fri, 23 September 2022 22:10 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F3E5C1522D0 for <ipv6@ietfa.amsl.com>; Fri, 23 Sep 2022 15:10:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hArO5bnDvmtA for <ipv6@ietfa.amsl.com>; Fri, 23 Sep 2022 15:10:33 -0700 (PDT)
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0088CC14F74E for <ipv6@ietf.org>; Fri, 23 Sep 2022 15:10:32 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4MZ5tw3jmBz9vCBd for <ipv6@ietf.org>; Fri, 23 Sep 2022 22:10:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivfpRz2IE1yA for <ipv6@ietf.org>; Fri, 23 Sep 2022 17:10:32 -0500 (CDT)
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 4MZ5tv60kJz9vCBl for <ipv6@ietf.org>; Fri, 23 Sep 2022 17:10:31 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p5.oit.umn.edu 4MZ5tv60kJz9vCBl
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4MZ5tv60kJz9vCBl
Received: by mail-ej1-f71.google.com with SMTP id xh12-20020a170906da8c00b007413144e87fso641812ejb.14 for <ipv6@ietf.org>; Fri, 23 Sep 2022 15:10:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=x0GDeVLiQ0TlACkHqljMr/Z9aH7genElbLfxG4O0h8U=; b=FpRzUGBHrjd7tEniaOkyyeCZWaVq03bjVzXXWpw7aJ++HYSK+Z2Afdz5h8TSQs28w/ 3yVS2yhMlyYOljG06rPEA1oqd59KgeSDiDfBqNOOwo96kUnhen+fTW81WxMvn2lbyOCI NnPDLtNpMc3iZm/TA3U1Z590C6CUuWEW7DAImvXCMTWsGaYcV+dIPLahT/zg9JV7UFzx qBffcJ95N482NwkT+NpQ5QNkBcaspe7jpdvMRhTJFsfCy5sAPM9i9NAZZS3fMUqpOlAe 8NKzVfz/Y4nnCUnQ8rejXFSrDE2CueRZbbJqwdFtX4+ubk2G09wGZPNt8CfMk4vrFeTs zhQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=x0GDeVLiQ0TlACkHqljMr/Z9aH7genElbLfxG4O0h8U=; b=cWjwueONMI81+x8LVdbXuaCXY4oG3A8tvMrvtPq/jHPrfHxJwPAWQBozmxdFAq6BbO 3JO6g1w4MgKrGhEbTG8TqW1G49yjTJemi1srE2cuyTLBYFwi5gMMk7pLoiCGHRIgb843 Y6aOTCDRwFWuTbrcZxCjHhG6Nvv9T6qsW/nObiL+4/VdRtfXYsKHmS5HesTjI5/z2Wh3 TL3h3mjvWQicbDK7zhFIr2LHcsk1nngzzTTv7GHDIUIDlqBY0sGBNrP/6x9mIVkyCYa8 S2LTTNildVsk+p7hISERNHNXJfsP0JrIW16eVXpe/Ba8ZcVxM0DQzQe/WqZzKqLaevr5 vazg==
X-Gm-Message-State: ACrzQf2PQfemrkYWqeQEmSXKEGcurQmUmKKWOitwB/RBjeIpQQK59PNL WyYE0o7KmHMC0IfahSXBRDhK3gnldiVlrc2MpPEYjodRIcDegX9Hn9qGBdaEUd0+ItpS+p6OQwh qnZrEH94YidpH4udN7hvtwqNk
X-Received: by 2002:a17:906:ee8e:b0:730:4a24:f311 with SMTP id wt14-20020a170906ee8e00b007304a24f311mr8952320ejb.420.1663971030263; Fri, 23 Sep 2022 15:10:30 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7yA1KMEKXzMhTUxkIgS5BVg+LcYDGyTmUOLd3wP7a4HB10f3lQIdmmIrtPdAEKBq4UbCCE0Oe0DzOiu3KDSwc=
X-Received: by 2002:a17:906:ee8e:b0:730:4a24:f311 with SMTP id wt14-20020a170906ee8e00b007304a24f311mr8952299ejb.420.1663971029760; Fri, 23 Sep 2022 15:10:29 -0700 (PDT)
MIME-Version: 1.0
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAM5+tA9kttCKrZaoB7UzNdE6TU1qGNMaxDmWvFtRvpB4A8+WHA@mail.gmail.com> <8FE71499-D155-4853-A964-6617F6EA2069@gmail.com> <CAM5+tA9QuYxVs+NXBD3dAYr_Y=95bWt63WjmEMDOfegL0Z4otA@mail.gmail.com> <CAM5+tA_hg2sXXsYw6Tcx-ytRAMkKQcFw8a3N7SfEXwbuPm0LMw@mail.gmail.com> <00ea3b70-ba8e-b6ef-e1ce-fdd56828f506@gmail.com> <CAPt1N1=_9Rwj-HnUZKWfatARbHWptArmSAV-qdi8MKyoBf9R0A@mail.gmail.com> <CAO42Z2xZ_-mDh66A9DK+3ieEqGMqW0Pt+mZzVOmzz4cDRUTEXA@mail.gmail.com> <CAPt1N1nqwMvVHvEGAx0jxgWhbW9ZUQfAZSDn-qRYQ0CDy-EGKQ@mail.gmail.com> <17a28c173ed640e68b1cbf504bbeae49@huawei.com> <CAPt1N1=xR_2Xw+1KL6vbzZ69N+vonhcTNvO=DBceeApfoS2bMQ@mail.gmail.com> <e76267b6101146cf8a1bd6fa567c6b77@huawei.com> <CAN-Dau2QO5sxevJwUbOj+_wyiCdOjnPEZM14Jhevvkq4YZqU7Q@mail.gmail.com> <bc85e623-ef89-d2e2-4e33-b8ce0a4ec343@gmail.com> <CAN-Dau0Wbki6xwcEdy8ZK-pO9jeT6+8TKZgbmXWUgnkR+dRhBg@mail.gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com>
In-Reply-To: <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com>
From: David Farmer <farmer@umn.edu>
Date: Fri, 23 Sep 2022 17:10:13 -0500
Message-ID: <CAN-Dau0=LD9MTYKJQoSw=b9S25nmrNuqRSyLdsztFZscG8ZbUg@mail.gmail.com>
Subject: Re: RFC6724-bis?
To: Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002558a705e95f726c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/4yIbqyVPBzvftMoiyNihPyJy4X4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 22:10:37 -0000

To be honest, I don't understand the nuances of RFC 6724 well enough to
judge what may or may not break by changing the priority for the whole ULA
prefix (fc00::/7).

RFC 6724, section 10.6, states the following;

   By default, global IPv6 destinations are preferred over
   ULA destinations, since an arbitrary ULA is not necessarily
   reachable:

  .....

   Since ULAs are defined to have a /48 site prefix, an implementation
   might choose to add such a row automatically on a machine with a ULA.

I've been told that implementations that follow the suggestion quoted above
don't have the problem we are discussing. Therefore, I think the most
conservative change to RFC 6724 is to change the above from a suggestion to
a mandatory and automatic feature. This really doesn't change how RFC 6724
operates, and I feel this change is completely consistent with RFC 6724.
It's not likely to break anything, it is already part of RFC6724, and there
are successful implementations of it.

Whereas changing the priority for the whole ULA prefix (fc00::/7) seems
like a much larger change to me, fraught with much more uncertainty, and
I'm much more worried about unintended consequences. It's quite common to
fix one bug and create three others. However, if the authors of RFC 6724
are comfortable with changing the priority of the whole ULA prefix
(fc00::/7) and essentially eliminating the need for section 10.6. I guess
I'd be ok with that.

Nevertheless, the concern that "arbitrary ULA is not necessarily reachable"
stated in RFC 6724 or that I've been calling remote ULAs, still rings true
for me, and I need to understand why that isn't a problem if we change
the priority of the whole ULA prefix (fc00::/7), as you are suggesting.

Thanks

On Fri, Sep 23, 2022 at 7:31 AM Vasilenko Eduard <vasilenko.eduard=
40huawei.com@dmarc.ietf.org> wrote:

> Hi David, thanks. But it is not enough for an explanation.
>
>
>
> Section 2.2.2 RFC 5200 example is just not relevant to the current
> situation, it was relevant to RFC 3484.
>
> It is solved by default because the separate label has been attached to
> ULA in RFC 6724.
>
> Now, IPv4_DA/IPv4_SA would be prioritized above GUA_DA/ULA_SA because of
> rule 5 (label match).
>
> No problem.
>
>
>
> If you have any other scenario that may affect static ULA prioritization
> above anything else – please show it.
>
>
>
> Why do you believe that address expansion above 2000::/3 would be affected?
>
> If people would continue to use ::/0 as the default and RFC6724 has it in
> the RC6724 table
>
> Then how the problem could happen?
>
> I do not understand this use case too.
>
>
>
> > Let’s only fix the problem and not make new problems for the next
> generation of network engineers and operators.
>
> I claim that the ULA problem is very small. It may be treated as a pure
> configuration problem. Just add static:
>
>      fc00::/7               45    13
>
> to gai.conf. Hence, the draft in v6ops is enough.
>
>
>
> PS: it does not solve MHMP but it is a problem that possible to separate
>
>
>
> Eduard
>
> *From:* ipv6 [mailto:ipv6-bounces@ietf.org] *On Behalf Of *David Farmer
> *Sent:* Friday, September 23, 2022 2:17 PM
> *To:* Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
> *Cc:* 6man WG <ipv6@ietf.org>
> *Subject:* Re: RFC6724-bis?
>
>
>
> Please read the first paragraph of RFC6724 section 10.6 and all it’s
> references very carefully. In particular, read 2.2.2 of RFC 5220.
>
>
>
> Your argument contradicts the conclusions of 2.2.2 of RFC 5220. In short,
> your argument is only true today while we are using 2000::/3 for GUA. When
> that eventually changes, and it will some day, we would have to yet again
> rejigger the table.
>
>
>
> RFC 6724 is almost correct, the only thing it got wrong is that the
> section 10.6 modifications must be mandatory and automatic, and not
> optional, otherwise ULA is broken and dysfunctional.
>
>
>
> Let’s only fix the problem and not make new problems for the next
> generation of network engineers and operators.
>
>
>
> Thanks
>
>
>
> On Fri, Sep 23, 2022 at 02:27 Vasilenko Eduard <vasilenko.eduard=
> 40huawei.com@dmarc.ietf.org> wrote:
>
> I still do not understand why Ted and David care about "remote ULA".
> If this ULA has been delivered to the local host by
> Then it has been done intentionally.
> Such a type of misconfiguration does not make sense to optimize.
> Hence, it is possible to operate FC/7 as a whole, no need to split it for
> /48s.
>
> Hence, why not install permanent precedence to FC/7 in gai.conf?
> It would not play any role on the host till the local router would deliver
> ULA PIO.
> And even after this, it would not be used till DNS would show the ULA
> destination
> Because rule 5 (matching labels) would make GUA_DA/ULA_SA a low priority,
> GUA/GUA would be chosen.
>
> What is the problem with permanently changed FC/7 precedence even above
> GUA?
>
> Eduard
> -----Original Message-----
> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Brian E Carpenter
> Sent: Friday, September 23, 2022 4:47 AM
> To: Ted Lemon <mellon@fugue.com>; David Farmer <farmer=
> 40umn.edu@dmarc.ietf.org>
> Cc: 6man WG <ipv6@ietf.org>
> Subject: Re: RFC6724-bis?
>
> On 23-Sep-22 12:50, Ted Lemon wrote:
> > Op do 22 sep. 2022 om 20:40 schreef David Farmer <farmer=
> 40umn.edu@dmarc.ietf.org <mailto:40umn.edu@dmarc.ietf.org>>
> >
> >     I think leaving unknown, most likely remote, ULA at a lower priority
> and adding the /48 or other known local ULA to the table at a higher
> priority automatically should help mitigate ULA in the public DNS and the
> possible response of turning off IPv6.
> >
> >     In someways those that put ULA in the public DNS get what they
> deserve, I’m just worried about the remote user’s response to the
> brokenness, causing even more brokenness.
> >
> >
> > Hm, okay. I think we are all actually in agreement then, since I heard
> Brian admitting earlier that it might be better to dynamically update the
> table.
>
> Indeed, which was exactly why I wrote gai_wrap.py as a userland proxy for
> that approach.
>
>     Brian
>
> > I must have misunderstood what you meant by optimizing for the uncommon
> case—sorry about that!
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
> --
>
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
>


-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email