IETF Logo Mail Archive

Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-07.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 05 April 2024 19:37 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7C42C14F6AA for <ipv6@ietfa.amsl.com>; Fri, 5 Apr 2024 12:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6soEFb36R18 for <ipv6@ietfa.amsl.com>; Fri, 5 Apr 2024 12:37:03 -0700 (PDT)
Received: from mail-oo1-xc32.google.com (mail-oo1-xc32.google.com [IPv6:2607:f8b0:4864:20::c32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CC34C14F5EE for <ipv6@ietf.org>; Fri, 5 Apr 2024 12:37:03 -0700 (PDT)
Received: by mail-oo1-xc32.google.com with SMTP id 006d021491bc7-5a9c875ceecso1341537eaf.2 for <ipv6@ietf.org>; Fri, 05 Apr 2024 12:37:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712345822; x=1712950622; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=fMPWuOD4ntZhB3UiZUHi7WACFnVvOxXLOic3RPGMuwE=; b=GkrpEUmPR/PfUE9CdER66W1CvJ1arH6JjFrRuCzCow2jGjmm8Rkh0RF6WOuZTk+rYB pisPrjJb25buM8EDRraAJqXIyhpAfVQ7hlHbmDxO3J64hCP9ROwWnvjMFK+YR33whabD Ms6LgT4cpjgt+FIiJ/ccw24VDSqgoXY9qW6iqsx18p/1yiYdXLRgQxxZXw1F/TJlOYBv 4dNp/J6PpJPCsjskg6UVPk0CCctcV0QicvC2j/br1qf9vI0zbiAwcfCmX1yp7nixYG/I ANfDx/FJIJS/KZ3Wm+Mbs7DkTpVlhbu5jHy+KKlwY1gw4AdudEtaOtHBOYhE5ldMtyg9 PuJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712345822; x=1712950622; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fMPWuOD4ntZhB3UiZUHi7WACFnVvOxXLOic3RPGMuwE=; b=rqoF0rgpVYCjRu5/ve5p+7fhBfkOTBheKqJhofmSk4olgmrLMfLDZRUHXg0xQ8q+ra D/BE63GNqGBXRKzwq8o/8RKF6g+vddIxUKGndrnvwBJhbUlH85OH+/PbNUPbyFxdsHPe cQ7+MeGrFMGEHfyCPtLZIhe6PPtDLSb4a+j4e9mZcv1oPG6CDYWRFieEt0DBTSJ18z3z tUYusqwLjbZRPSn5E/zc9aZug2J8lIn883tbDiM6wlG+/W8c7rrpiX+vm8wFvsz2gPSU AgYWBlPHdfA09vXnSlij8oIGXPLjo6OH1ZZ5zTYVoik4mBmT9oYU+b4JYNNNtPuVutwq RmGg==
X-Gm-Message-State: AOJu0YykjENYCC5dlalQM1WKjStVfB25gT/q42fYe3KR2BNlk2uAqR8Z 7d/miIL9sU7xGkFmsdB7bEhjksUK106hv1AEf/5G91+a7ssvU5i+
X-Google-Smtp-Source: AGHT+IHAq3kmS966JN3XK/pzLWdExgOulFEtQ9L7jQA6t+9ifLcJVZsA1QWK6uGT/CxeckCTH7391g==
X-Received: by 2002:a05:6358:928d:b0:183:4d1d:dcae with SMTP id m13-20020a056358928d00b001834d1ddcaemr3377827rwa.28.1712345822161; Fri, 05 Apr 2024 12:37:02 -0700 (PDT)
Received: from ?IPV6:2404:4400:541d:a600:44b7:2c2e:2bc6:8707? ([2404:4400:541d:a600:44b7:2c2e:2bc6:8707]) by smtp.gmail.com with ESMTPSA id m22-20020a63f616000000b005e857bba96csm1812956pgh.10.2024.04.05.12.37.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Apr 2024 12:37:01 -0700 (PDT)
Message-ID: <a1a1d964-949c-48e4-bb6c-462a81402871@gmail.com>
Date: Sat, 06 Apr 2024 08:36:56 +1300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: David Farmer <farmer@umn.edu>, Ted Lemon <mellon@fugue.com>
Cc: ipv6@ietf.org
References: <171225751716.18509.12521562864612372012@ietfa.amsl.com> <a4063219-1cd5-4e06-bf42-b0ffebd2b419@gmail.com> <CAN-Dau3VrqfRR+4Eee7TOS1L2RAWbfWv87_QJH_u5gzVU1Av7g@mail.gmail.com> <CAPt1N1nq9V4H9kq+hf4YO-T6OUdYMv8Vmsd3Vpqf264Jm7mrKg@mail.gmail.com> <CAN-Dau3nh50j6qB2WryL1tM2ktwSntDKX72v8O-_fzNRnu_C4Q@mail.gmail.com>
Content-Language: en-US
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAN-Dau3nh50j6qB2WryL1tM2ktwSntDKX72v8O-_fzNRnu_C4Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/5-rAijz_eXdkSqKPvK4JmDTfQ3o>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-07.txt
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 19:37:07 -0000

On 06-Apr-24 07:15, David Farmer wrote:
> 
> 
> On Fri, Apr 5, 2024 at 9:30 AM Ted Lemon <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:
> 
>     It's not at all clear to me that the burden of implementation here is sufficient to justify constrained devices not implementing the policy table update. If we want to do that, I think we need to explain exactly what sort of device we are talking about. Does the device not listen to RAs? Does it always send packets to the default router? If not, it's probably already doing things equivalently hard to maintaining a policy table.
> 
> 
> I think we are good as long as the constrained device meets the host type C specification in RFC4191.
> 
>     Furthermore, what I originally proposed to address this was to simply change the policy table without requiring it to be dynamically updated: rather than having one type of ULA, have two: known and unknown ULAs. Known ULAs have a higher priority than IPv6 GUAs and IPv4 addresses. Unknown ULAs continue to be treated as before.
> 
>     What then needs to be maintained is a list of known ULAs. I realize that this isn't /that/ different from updating the policy table, but it is a bit simpler in the sense that there's no complexity to it—you're just keeping track of a list of ULAs, and when you do source/dest address selection each ULA is checked against that table before checking against the policy table.
> 
>     If constrained devices already support the policy table, I do not think this additional work is onerous.
> 
> 
> How would the "known-local" ULA prefixes be populated if not dynamically updated from PIOs and RIOs?

By the simple fact that a host actually has a ULA. This is the approach I used in three different userland hacks:

https://github.com/becarpenter/misc/blob/main/enable_ula.py
https://github.com/becarpenter/misc/blob/main/gai_wrap.py
https://github.com/becarpenter/getapr/

    Brian

> 
> My worry wasn't about constrained devices not supporting the policy table; my worry is whether there are any constrained devices of Type A or B from RFC4191 that don't support RIOs.
> 
>     On Fri, Apr 5, 2024 at 2:45 AM David Farmer <farmer=40umn.edu@dmarc.ietf.org <mailto:40umn.edu@dmarc.ietf.org>> wrote:
> 
> 
>         On Thu, Apr 4, 2024 at 2:52 PM Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> 
>             All good changes, thanks.
> 
> 
>         +1
> 
>             About this in section 3:
> 
>             "AUTHORS' NOTE: The authors have had feedback suggesting this requirement should be a MUST, which would mean that "known-local" ULAs would take precedence on compliant implementations over all IPv6 GUAs and all IPv4 addresses, but other general ULAs would not."
> 
>             I think the answer is clear, in section 8:
> 
>             "Receiving a DNS response for a ULA destination that is not attached to the local network... will typically fail..."
> 
>             That justifies the MUST in my opinion. But I agree we need to hear from kernel implementers.
> 
> 
>         Ideally, I'd like to see all IPv6 implementations automatically insert "known-local" ULAs into their policy table. From that point of view, I support MUST.
> 
>         However, should constrained devices be an exception? If so, are there any other exceptions? If there are exceptions, SHOULD might make more sense than MUST.
> 
>         Also, SHOULD allows for a two-phase implementation approach. Phase one is a mostly trivial change to the default policy table that can be implemented quickly and easily. Phase two is a fairly complicated addition of a new feature for inserting "known-local" ULAs into the policy table that probably needs quite a bit of testing before going into production.
> 
>         In the long run, MUST is the right answer. However, SHOULD could have some short-term advantages.
> 
>         In either case, since I'm not aware of any implementations of the current MAY, I'd like to see some proof-of-concept running code to make sure what we think we are saying is actually doable.
>         Thanks.
> 
>             Nit: in the .txt version, there is a glitch in the rendering of Rule 5
>             at the beginning of section 8.1 - the newlines have been lost.
> 
> 
>         There are a number of rendering glitches that I mentioned previously.
> 
>             Regards
>                  Brian Carpenter
> 
>             On 05-Apr-24 08:05, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> wrote:
>              > Internet-Draft draft-ietf-6man-rfc6724-update-07.txt is now available. It is a
>              > work item of the IPv6 Maintenance (6MAN) WG of the IETF.
>              >
>              >     Title:   Preference for IPv6 ULAs over IPv4 addresses in RFC6724
>              >     Authors: Nick Buraglio
>              >              Tim Chown
>              >              Jeremy Duncan
>              >     Name:    draft-ietf-6man-rfc6724-update-07.txt
>              >     Pages:   15
>              >     Dates:   2024-04-04
>              >
>              > Abstract:
>              >
>              >     When RFC 6724 was published it defined an address selection algorithm
>              >     along with a default policy table, and noted a number of examples
>              >     where that policy table might benefit from adjustment for specific
>              >     scenarios.  It also noted that it is important for implementations to
>              >     provide a way to change the default policies as more experience is
>              >     gained.  This update draws on several years of operational experience
>              >     to refine RFC 6724 further, with particular emphasis on preference
>              >     for the use of ULA addresses over IPv4 addresses and the addition of
>              >     mandatory support for Rule 5.5.  The update also demotes the
>              >     preference for 6to4 addresses.  The changes to default behavior
>              >     improve supportability of common use cases, including automatic /
>              >     unmanaged scenarios.  It is recognized that some less common
>              >     deployment scenarios may require explicit configuration or custom
>              >     changes to achieve desired operational parameters.
>              >
>              > The IETF datatracker status page for this Internet-Draft is:
>              > https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6724-update/ <https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6724-update/>
>              >
>              > There is also an HTMLized version available at:
>              > https://datatracker.ietf.org/doc/html/draft-ietf-6man-rfc6724-update-07 <https://datatracker.ietf.org/doc/html/draft-ietf-6man-rfc6724-update-07>
>              >
>              > A diff from the previous version is available at:
>              > https://author-tools.ietf.org/iddiff?url2=draft-ietf-6man-rfc6724-update-07 <https://author-tools.ietf.org/iddiff?url2=draft-ietf-6man-rfc6724-update-07>
>              >
>              > Internet-Drafts are also available by rsync at:
>              > rsync.ietf.org::internet-drafts
>              >
>              >
>              > _______________________________________________
>              > I-D-Announce mailing list
>              > I-D-Announce@ietf.org <mailto:I-D-Announce@ietf.org>
>              > https://www.ietf.org/mailman/listinfo/i-d-announce <https://www.ietf.org/mailman/listinfo/i-d-announce>
>              >
> 
>             --------------------------------------------------------------------
>             IETF IPv6 working group mailing list
>             ipv6@ietf.org <mailto:ipv6@ietf.org>
>             Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>             --------------------------------------------------------------------
> 
> 
> 
>         -- 
>         ===============================================
>         David Farmer Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
>         Networking & Telecommunication Services
>         Office of Information Technology
>         University of Minnesota
>         2218 University Ave SE        Phone: 612-626-0815
>         Minneapolis, MN 55414-3029   Cell: 612-812-9952
>         ===============================================
>         --------------------------------------------------------------------
>         IETF IPv6 working group mailing list
>         ipv6@ietf.org <mailto:ipv6@ietf.org>
>         Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>         --------------------------------------------------------------------
> 
> 
> 
> -- 
> ===============================================
> David Farmer Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================

v2.23.0 | Report a Bug | By Email