IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

otroan@employees.org Thu, 23 January 2020 14:11 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A1A12004D for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 06:11:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i5BeEkHeEaus for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 06:11:34 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E369112004A for <ipv6@ietf.org>; Thu, 23 Jan 2020 06:11:34 -0800 (PST)
Received: from astfgl.hanazo.no (unknown [IPv6:2001:420:c0c1:81:d856:5e4c:7c07:adf8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 147BA4E126F3; Thu, 23 Jan 2020 14:11:34 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id B250329517CB; Thu, 23 Jan 2020 15:11:31 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Subject: Re: RFC4941bis: consequences of many addresses for the network
From: otroan@employees.org
In-Reply-To: <e936078e-01f9-0254-a8d0-4095455154ac@si6networks.com>
Date: Thu, 23 Jan 2020 15:11:31 +0100
Cc: 6man WG <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D85412DF-4B03-4790-9E39-968D50ECF86B@employees.org>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <e936078e-01f9-0254-a8d0-4095455154ac@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/7NpwP2Pptz1oZdCiDcLotRjPZTk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 14:11:36 -0000

Fernando,

>> While reviewing RFC4941bis
>> (https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis) I think I
>> found one gap.
>> A discussion of the consequences of a host having many (active)
>> addresses on the network.
>> A 4941bis implementation following the defaults, would at the maximum
>> use 8 active addresses. (Valid lifetime of one week and one new
>> address per day.)
>> Shorter regeneration intervals or other approaches like a new address
>> per connection could lead to dramatic numbers.
> 
> I guess we could add a small note to e.g. Section 4, along
> the lines of:
> 
> "Use of an extremely large number of IPv6 addresses (as would result if
> an implementation were to override TEMP_PREFERRED_LIFETIME with a much
> shorter value) may have negative implications on some network devices,
> and/or may lead to traffic from the offending addresses being policed by
> devices enforcing port security (e.g. SAVI [REF]). A discussion on
> possible approaches to allow for unconstrained use of IPv6 addresses can
> be found in [RFC7934]"
> 
> 
> Note: RFC7934 is *Very* relevant to this discussion.

I don't think 7934 uses the words "unconstrained". There is always going to be a limit.
The network operator's response to this might 8273. In which case the privacy aspect changes quite a lot.

>> If we use Ethernet as an example, each new address requires state in
>> the network. In the ND cache in first-hop routers, and in SAVI
>> binding tables in bridges. Given ND's security properties these
>> tables must be policed by the network. A host with a very liberal
>> address regeneration policy might be viewed as performing an attack.
> 
> That's true, indeed. But isn't that sort of a design principle of SLAAC? -- i.e., kind of "anarchy" when it comes to host configuration?

Absolutely. Just that temporary addresses changes the equation quite a bit.
A network might be willing to serve a small set of addresses to a host, but with temporary addresses there are really no limit.
If you do an address per transport connection, would you expect the network to serve that?
And if it doesn't, how is the host supposed to detect it? An happy eyeballs approach?
Right now that is completely unspecified in 4941bis (and sure it also was in 4941).
Question is if we should (try to) fix that?


> SAVI with SLAAC is essentially telling nodes "do what you please", and then punishing nodes when they don't do what you *expect* or *wished*.


>> SLAAC is also missing a mechanism to release an address. Which leads
>> me to think that the address regeneration interval must not be
>> shorter than the ND cache scavenger timeout (which in many networks
>> is high to avoid cache churn and high level of address
>> re-resolutions).
> 
> Which probably begs the question as why we don't make DHCPv6 mandatory, and add fill the necessary gaps there, so that a network that is to be operated as a managed network can apply policy to hosts, as needed. (yes, I did mean what I've just said :-) )
> 
> Put another way: SLAAC doesn't enforce any sort of policy on the network. Even attempts to *suggest* policy (e.g. draft-gont-6man-managing-slaac-policy) were shot down.
> 
> We also published draft-gont-6man-address-usage-recommendations to discuss the topic in a more general way. The suggestion was to take it to TAPS, where it somehow vanished.
> 
> So my personal conclusion is that one could certainly add a note like the one I suggested above. But other than that, I think further discussion of the topic belongs to a different document. -- We could revive draft-gont-6man-address-usage-recommendations if desired. -- in fact, it's kind of a shame that there hasn't been further work in that area.

For the purpose of 4941bis I would also be fine with a more ellaborate note expanding on the issues.
And I would also prefer that we suggested some strategies hosts can use to deal with this. There is already text in 4941bis regarding DAD. But the recommended behaviour when receiving DAD "rejects" seems a little harsh currently.

Cheers,
Ole

v2.23.0 | Report a Bug | By Email