IETF Logo Mail Archive

RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 18 June 2020 07:39 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9033A0EF3 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 00:39:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VhMy4Kub; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ciJnWnuC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCbe9YpVK_Bj for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 00:39:12 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 692163A0EF2 for <ipv6@ietf.org>; Thu, 18 Jun 2020 00:39:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5268; q=dns/txt; s=iport; t=1592465947; x=1593675547; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DQGbuvgBZk3Cm5xrm52EvIIJ+Aeu/ock+vwsAAzFkJs=; b=VhMy4KubMStfNYDiALHaI+GHTap/FKhNmBQ7sUgG9ceHibwr0/9/z2n+ OMtXwkLJtTmNkmMunzgHi6WZd9MOWcOXXSf/4xaniUV67fk1nHnkBD6Tu kPJ4FheBz/ouDS6gt++cTpAlro/BsOpNWw1ynhEUpd+OZ1pfkNcekNvkU M=;
IronPort-PHdr: 9a23:nV39RhAFlNTtX+ddrX7tUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qw00g3DWoja7f0CgO3T4OjsWm0FtJCGtn1KMJlBTAQMhshemQs8SNWEBkv2IL+PDWQ6Ec1OWUUj8yS9Nk5YS8z5alzUrTu56jtBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mRY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DbAQCyGete/5hdJa1mGwEBAQEBAQEBBQEBARIBAQEDAwEBAUCBSoFSUQdvWC8sh2oDjT+Jf45TgUKBEANVCwEBAQwBARgLCgIEAQGERAKCJQIkOBMCAwEBCwEBBQEBAQIBBgRthVsMhXIBAQEBAwEBEC4BASwLAQsEAgEIEQQBAQEnByEGCxQDAQUIAgQBDQUIGoMFgksDLgEOrAkCgTmILDV0gTSDAQEBBYUwDQuCDgMGgTiCZ4l4GoFBP4FUgk0+ghpCAQEDgR1Bg0WCLY8Zin2Za0wKglqIQIYhhViFCIJwiRuOO4QojH2EJooQglaRUwIEAgQFAg4BAQWBaiKBVnAVO4JpUBcCDY4eDBeDToUUhUJ0NwIGAQcBAQMJfJADAQE
X-IronPort-AV: E=Sophos;i="5.73,525,1583193600"; d="scan'208";a="498368295"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Jun 2020 07:39:06 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 05I7d5Ub011185 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 18 Jun 2020 07:39:06 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 18 Jun 2020 02:39:05 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 18 Jun 2020 03:39:04 -0400
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 18 Jun 2020 02:39:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d1J6j9aEsdVNm0BnpYoTR/rZhjHFnxpaatHC8YqUSwD/Z6w1VV/svNfdx/J9Qcggi4CGBipGqli4dq6BvPdnmphyqrmpLfqsOCL9AkOlLyq371jEd3oq/FvYJfxjQwv5SYZSdTSW7246bb3FuKoJhZJToOfC0h3yVyITCEQTVK7Srogk78bc2B2ZbDeV//ZH/0sWrD0KRfBXnvLPnXPv++SO0sQIiPphnE3MoPQZVYf3KKxNG0HTb6JzfC+mWsh9o8fGE5S2SKxuabrDIgRLHhOfkTS1VqaeU50FrWLrHtJOnppOf7BDdNqcZYKSjACNBk36YnrBawOF6DJREy52fg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DQGbuvgBZk3Cm5xrm52EvIIJ+Aeu/ock+vwsAAzFkJs=; b=BkogLj3MNUKTcANizXvHU9nGcP7zaZn2SI7bh2PFecGuJ7mdQSj/AZk/yBEgkWDWtCw6TtWFDBrJm/UpAZbWG9Ez9QtEW5lJxSDeFATbINGChttQpKNEX464FPvu7GyTLyvDBk9EtGDTXq2tevod9VaNv8gJ5bfKWrXqqyhn0Ik7QUjvrxv4Ky7g0dhEoAn/mcQuihGAF+GQP4YvdeRDZWMuafYFhIZHTSeg/0wPgo5p+DvuddBo4m7ivFuwvF6MnWRAlMXtm31ULkFg3+zQ/kIo8+7FwpSWLY6tgXbB5M+4siIiKhtzdMmguGNRwnAtYWbEZ6R0VV13i/b+jLL1ug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DQGbuvgBZk3Cm5xrm52EvIIJ+Aeu/ock+vwsAAzFkJs=; b=ciJnWnuC08KLOY5qDNWgLCsdVVQdOS5+1DNDGILRQ4EribRz+oca9gmNF+g8VCJX5KFBE8gwzdNh0bJv6Wrc2nMxmt0rBN4ap8EsloB3YiF+Lc3jvqR8IbqHCulhAHgTjWjFwpcRk4EjC/YiFXLx5F9IlND7YIo1eNh02UNj4D4=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3789.namprd11.prod.outlook.com (2603:10b6:208:f2::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Thu, 18 Jun 2020 07:39:04 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::55bb:b065:86c1:1108]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::55bb:b065:86c1:1108%6]) with mapi id 15.20.3088.028; Thu, 18 Jun 2020 07:39:04 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>, Kerry Lynn <kerlyn@ieee.org>
CC: IPv6 List <ipv6@ietf.org>
Subject: RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC
Thread-Topic: [EXTERNAL] Re: 64bit MAC addresses and SLAAC
Thread-Index: AQHWQ1Nk/Wm1QKfgRUa8EREqh7bvtKjaKcSAgAKHaYCAAD3hAIAAD/cAgAD3E7A=
Date: Thu, 18 Jun 2020 07:38:46 +0000
Deferred-Delivery: Thu, 18 Jun 2020 07:38:06 +0000
Message-ID: <MN2PR11MB35654EDB29696C2C33412691D89B0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <7a3b839f-099e-8fd3-35a2-4625df3c369e@gmail.com> <76e8bd7a-4333-480f-de0f-dcc775418739@si6networks.com> <79d494caa7874696b787aadb80cc322b@boeing.com>
In-Reply-To: <79d494caa7874696b787aadb80cc322b@boeing.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: boeing.com; dkim=none (message not signed) header.d=none;boeing.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:d927:957:9af0:65ce]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9cb092c0-59b0-4906-adc7-08d8135aacd6
x-ms-traffictypediagnostic: MN2PR11MB3789:
x-microsoft-antispam-prvs: <MN2PR11MB37896756CF849BDA9372B3AFD89B0@MN2PR11MB3789.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0438F90F17
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nufEuQ7nN0qewQWzclD4td9G113W/sbgOZif+Ui+Nn3HxK1GD+s4nhuNnZNp6UU5LI29FtGYWgax4xnv2LTRggXXyuy2vP7E+iDBscV48sb5y6yfNCwNOSlZQXbMljxtDtj09oiHPPSXuZbIrdYF2l0zvWnkAqbu367Bri56YJ5GXzMN+rmedlOB4Jlc+JOpNEMf7V6DAUugoimZMzaWh0L6dgXKAutCXmJXU1+naTtb/0Eiww3aLq/YYszg6kHuP7R6dCuobjt/mTrNo3hJ+qsizOeh3AwAs9dBo0Ju1eDjp7kSGurKIvjUQGC3IoMcko5k2pPzLGTWvdKefnH4JmVVJOCdynAgBkbkR0RO6Mc3HhZzPSeyrPQQ6yo6MBV1PjYML2c/c7oVmVgD1uYaoQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(136003)(346002)(376002)(396003)(39860400002)(110136005)(8676002)(2906002)(5660300002)(6666004)(8936002)(71200400001)(52536014)(966005)(478600001)(4326008)(9686003)(55016002)(83380400001)(316002)(66946007)(66476007)(66556008)(64756008)(66446008)(76116006)(7696005)(186003)(33656002)(53546011)(6506007)(86362001)(66574015); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: rCNBDhQLv51agzBXSZDSwiilO9jJMKOYkLYj6DGVEFjbIzfX2Xsu1nuJ+DCxhGw4EJct014xYcjnlblPSew6tKytoTw8eXt994ZycW3481FHYUaW+INx97h6nBFfrphrg/VPuD5RjRzoM1nYjgWKvASF14Bv+d+k9pPl/KIhNTH5djR73YskVLKZM/WvH7Sh3K5M1SnQb9NLTfQIyD6uCuKi/HzE/c20iz+S/jVxgaVCz3akdbjyo3b3dKXi3g6Kx1TEBST8BiG/UNkguzfiDPaqmIFrIU9WGus1spnmBYSCXIb0BK1liBY/nWEBAMuJVA6umusMiompBY756jj0TIn6WrCe/YVEv7hP+LRLo+hwdCWLvmo6VhaZ46gV+xnVNMrZn3ZX1m0ht71zDdbdC3lATyRC2+xuvocArzhDceuzrTPI30CFW+qr7U41gYNvTvoKdRUzkGXQTFS5cKpyRZHQtP01y110E2gkzRRmpHceaFzOefjt4WpFIwb2B/L4WWh9/ZIeyC24nTjrXqLyUUdtu4kAUEQc0rnGR2PFhGs=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9cb092c0-59b0-4906-adc7-08d8135aacd6
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2020 07:39:03.9100 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iA78Oi7B1oHnz/CO6oZ3Gq3aWpdkv8ZmYRhz8H1a0h7RlIWwTVy0J1yeHjUwck+ltZTQ6HlWFzy3Ke7N/MDp1Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3789
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.12, xch-rcd-002.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/6f1FHyMWEd5M3W7KOZsQfV1Cycs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 07:39:14 -0000

Spot on, Fred.

There are cases where anonymity is entirely undesirable. 

E.g., machines do not have complexes but may be complex to locate and manage. Whether we at 6MAN like it or not, some standards out there tie the role of a device to its IPv6 address, so you can replace the device with a spare, give it the same IPv6 address / keys and keep using it/managing it as you did. Look at ISA100.11a for an example. Note on the side that Internet connectivity is the least of the concerns of a control network. In fact the risk of being connected unknowingly to the Internet is a deterrent for IPv6 adoption (vs. mission - specific and proprietary protocols). 

Also +1 to Kerry. Some standards (including ours) can do a preferred treatment if the IPv6 address derives from the MAC. Note that this looks antinomic with the spare part goal above; that would indeed be antinomic for burn-in MAC addresses; but there are also standards out there that use a shorter assigned MAC address, e.g., to reduce the frame size and save energy and bandwidth; in that case you can have both properties of deriving the IPv6 address from the MAC and replacing a failing device by a virtually identical one.

I support documenting pro/cons of address allocation behaviors, but I object constraining how people use IPv6, be it flow label, address format, routing headers and all, because of one's use case or religion. There are others.

Keep safe;

Pascal
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Templin (US), Fred L
> Sent: mercredi 17 juin 2020 18:18
> To: Fernando Gont <fgont@si6networks.com>; Alexandre Petrescu
> <alexandre.petrescu@gmail.com>; Bob Hinden <bob.hinden@gmail.com>
> Cc: IPv6 List <ipv6@ietf.org>
> Subject: RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC
> 
> Fernando, I think an unspoken assumption in these past several messages is
> that privacy is ALWAYS a required property. However, there are cases where
> address privacy is not only not required, but it is also desirable and useful to be
> able to track a node by a stable and unchanging IP address or prefix.
> 
> This is not intended to challenge the non-use of MAC addresses in Interface
> Identifiers per your documents, but just to say that in some environments the
> randomization and constant changing of IP addresses may actual run counter
> to operational objectives.
> 
> Thanks - Fred
> 
> > -----Original Message-----
> > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Fernando Gont
> > Sent: Wednesday, June 17, 2020 8:21 AM
> > To: Alexandre Petrescu <alexandre.petrescu@gmail.com>; Bob Hinden
> > <bob.hinden@gmail.com>
> > Cc: IPv6 List <ipv6@ietf.org>
> > Subject: [EXTERNAL] Re: 64bit MAC addresses and SLAAC
> >
> > This message was sent from outside of Boeing. Please do not click
> > links or open attachments unless you recognize the sender and know that the
> content is safe.
> > On 17/6/20 08:39, Alexandre Petrescu wrote:
> > > Le 15/06/2020 à 23:01, Bob Hinden a écrit :
> > >> Alexandre,
> > >>
> > >>> On Jun 15, 2020, at 1:23 PM, Alexandre Petrescu
> > >>> <alexandre.petrescu@gmail.com> wrote:
> > >>>
> > >>> Hi,
> > >>>
> > >>> Before the sanitary situation I was studying an issue at ISO.
> > >>>
> > >>> The issue is about 64bit MAC addresses and SLAAC.
> > >>>
> > >>> SLAAC needs a 48bit MAC addresses in order to work, and it can not
> > >>> work with a 64bit MAC address; (but yes, it can with 64bit IIDs).
> > >>
> > >> SLACC does not specify the length of the Interface ID, it does not
> > >> require require 48-bit MAC addresses, and the reason for Modified
> > >> EUI-64 Format Interface Identifiers in RFC4291 was to support 64bit
> > >> EUI-64 Identifiers.   We have since moved away from using MAC
> > >> addresses as Interface IDs.  See RFC 8064.
> > >
> > > Bob,
> > >
> > > RFC8064 says "this document [...] recommends against embedding
> > > stable link-layer addresses in IPv6 Interface Identifiers".
> > >
> > > But a 64bit MAC address could be a random number as well, not
> > > necessarily stable.  Windows randomizes some of its MAC addresses.
> >
> > Reusing IDs in multiple contexts is known to be a bad idea. See e.g.:
> > https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-generation
> > and
> > https://tools.ietf.org/html/draft-gont-numeric-ids-sec-considerations
> >
> > Thanks,
> > --
> > Fernando Gont
> > SI6 Networks
> > e-mail: fgont@si6networks.com
> > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> >
> >
> >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email