IETF Logo Mail Archive

Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard

Lorenzo Colitti <lorenzo@google.com> Thu, 10 September 2020 14:26 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B73653A0B89 for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 07:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktHykq3CCinL for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 07:26:40 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1021C3A0B88 for <ipv6@ietf.org>; Thu, 10 Sep 2020 07:26:39 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id h4so7280694ioe.5 for <ipv6@ietf.org>; Thu, 10 Sep 2020 07:26:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=k9uZfXZz5P5YTe009CNJFmTIkrmc4Eh/icdJMHoCwVY=; b=ljliqUiBDqHmGfX6SZA2/qXaqi8JxV8OLg4jmLX/zGBVd/OtS92Ij3CtpJT+asTQLm CvLAuFZfC5XQ9km4nzCxjsQKjIecXgHQ1rx3XnFjLuTTcYfA6CEyqBC/zWuYNNR6J5+M 1BM5BSTadfJ7lGep34Xowvc0NSVSqtJRvVaehibew8iM4PJzcWZi9FW38pfj2N1LlYFc p72tfuthmzsFbe4SAVJ+tnP+YljRAyUnszk7JhFlPUc+NgT21FVwFO+4B8R7JZ0N2+O5 JmWCvIlAG69rU3vCzfQ38JXPvT/xgtXuTzAf2gNOJDHtn1XNP9dx8Hu7pqITYFSpL5Ho cS9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=k9uZfXZz5P5YTe009CNJFmTIkrmc4Eh/icdJMHoCwVY=; b=caA8dqZL8/nZqlh+XjiezanhLf28vSOwsN+QHXxGhwKzW6sGOk55+D+Vvq8Of6TKJe fP+RWPvPLxHeb/tuW+4lBS0UjTXhpAYOAzZubFAEAUeZvncIZveuxjeDmuqeRfu5gW9g u8yWwnNXL3uwZl0sHp7mBvtzOQvI2K0m99bgW+Q634eI1QICY6Ts5AaCvPmT1gL/7BgG Yfsu3mBiU3oNWh3MPPH8XPln+qWyM+moAfplGsy/yfrOMPD8uvu4JfoTI9W1JH2Gni4R eDK+mUIauea8TEm7aai7BrEaIYlXhiDVKqJBQMmMdtYiarYzjAFeDLcwN+FsS/joTVeL +hwg==
X-Gm-Message-State: AOAM5304u/4WBZyTyVrKH3tkrBJPHBcscK1CfyjdoRrvRiIlB8i4oDgL cZ+25X/haijU0ozJjC1xGYI56dOct4EBylUjp6uUxA==
X-Google-Smtp-Source: ABdhPJxz8FBzdkPegRf3zIIREK6MpIJqxI73ibJVPiiAQsTkfShllohAiVCxh5CLKs3Q+6WIB/jL6Lu0Dm5NANVucHM=
X-Received: by 2002:a02:c506:: with SMTP id s6mr9012631jam.104.1599747998880; Thu, 10 Sep 2020 07:26:38 -0700 (PDT)
MIME-Version: 1.0
References: <159969199185.9541.8823907519726516405@ietfa.amsl.com> <CAKD1Yr1fVnhr3ZM64vLxtXg-9WAKemDuzW2gMupviv-i9V-GiA@mail.gmail.com> <39f91a88-c15d-88d2-5bf4-66168fd61a67@si6networks.com>
In-Reply-To: <39f91a88-c15d-88d2-5bf4-66168fd61a67@si6networks.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 10 Sep 2020 23:26:26 +0900
Message-ID: <CAKD1Yr3tKmjNSvTKH6Oq4A3pvBUMDLus_DQ1U8EXvZyUcSBg4A@mail.gmail.com>
Subject: Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard
To: Fernando Gont <fgont@si6networks.com>
Cc: last-call@ietf.org, draft-ietf-6man-rfc4941bis@ietf.org, IETF IPv6 Mailing List <ipv6@ietf.org>, 6man Chairs <6man-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000034898b05aef65b70"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/5iohWSz5Vslcnn3H-wNRPr0etPw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 14:26:42 -0000

On Thu, Sep 10, 2020 at 10:27 PM Fernando Gont <fgont@si6networks.com>
wrote:

> \> 2. I think the text mentioning shorter IID lengths (3.3.1 bullet #2) is
> > not useful to implementers, because all it says is that it is possible
> > to implement a behaviour that for in all practical cases is forbidden by
> > RFC 4291.
>
> Just double-checking: Are you arguing that this:
>
> "         We note that [RFC4291] requires that the Interface IDs of all
>            unicast addresses (except those that start with the binary
>            value 000) be 64 bits long.  However, the method discussed in
>            this document could be employed for generating Interface IDs
>            of any arbitrary length, albeit at the expense of reduced
>            entropy (when employing Interface IDs smaller than 64 bits)
>            and increased likelihood of collision.  The privacy
>            implications of the IID length are discussed in [RFC7421]."
>
> should be removed?
>

Yes.


> > 3. This normative text:
> >
> >     1.  Process the Prefix Information Option as defined in [RFC4862],
> >         adjusting the lifetimes of existing temporary addresses.  If a
> >         received option may extend the lifetimes of temporary addresses,
> >         with the overall constraint that no temporary addresses should
> >         ever remain "valid" or "preferred" for a time longer than
> >         (TEMP_VALID_LIFETIME) or (TEMP_PREFERRED_LIFETIME -
> >         DESYNC_FACTOR) respectively.
> >
> > does not seem to mean anything because the second sentence lacks a verb.
> > If a received option may extend the lifetime of temporary addressess...
> > then what should the implementation do? The text doesn't say.
>
> Good grief.
>
> Looks like the proper fix is to s/If a received/A received/
>
> Thoughts?
>

I think that might be interpreted as "A received option may extend
temporary addresses... or not, if the implementer doesn't feel like it",
which is not the intent. Maybe just "Process the Prefix Information Option
as defined in [RFC4862], adjusting the lifetimes of existing temporary
addresses, with the overall constraint that...".

> 4. This text:
> >
> >     Note that, except for the
> >     transient period when a temporary address is being regenerated, in
> >     normal operation at most one temporary address per prefix should be
> >     in a non-deprecated state at any given time on a given interface.
> >
> > seems excessive because it immediately makes all current implementations
> > non-compliant. It also does not seem like a good thing to limit the
> > number of temporary addresses in general.
>
> Not sure what you mean. This text is borrowed verbatim from Section 3.4
> of RFC4941.
>

Sorry, I was misreading. Ignore this comment.

> 5. Should this text:
> >
> >        The TEMP_PREFERRED_LIFETIME value MUST be less than the
> >        TEMP_VALID_LIFETIME value.
> >
> > really say "less than"? Shouldn't it say "less than or equal to"?
>
> Tricky question :-) I guess that, strictly speaking, you could argue
> that it should be "less than or equal to". Although that would assume
> that you could be in a situation where your communications need to
> succeed and complete in a time T anywhere  T <= 1 seconds & T > 0
> seconds.  (e.g., right before the VL is decremented to 0, an app
> establishes a new connection, employing the soon-to-be-invalidated
> address).  --- this would only be a problem if DESYNC_FACTOR just
> happens to be 0, though.
>

Ok, so maybe clarify to say "The TEMP_PREFERRED_LIFETIME value must be less
than the TEMP_VALID_LIFETIME value to avoid disrupting existing connections
when the TEMP_PREFERRED_LIFETIME expires"?

REGEN_ADVANCE is specified as "5 seconds" (this comes from RFC4941).
>
However, if DESYNC_FACTOR happens to be 0, and DupAddrDetectTransmits
> and RetransTimer are overriden, there could be "problematic" scenarios.
>
> e.g. consider the case where DupAddrDetectTransmits is set to 5, and
> RetransTimer is set to 1000 ms: DAD would take 10 seconds to complete.
> So if the node starts regenerating a temporary address 5 seconds before
> the current preferred address is deprecated, then there will be a period
> of 5 seconds with no temporary addresses.
>
> In that light, I wonder if one should specify REGEN_ADVANCE as something
> along the lines of:
>
> REGEN_ADVANCE = 4 + (DupAddrDetectTransmits * RetransTimer / 1000)
>

That seems better if the values are small, but if the operator does
something silly and sets DupAddrDetectTransmits to 1000 and
TEMP_PREFERRED_LIFETIME to 600 the algorithm will also not work. Maybe we
can just cap REGEN_ADVANCE to half of TEMP_PREFERRED_LIFETIME.

v2.23.0 | Report a Bug | By Email