IETF Logo Mail Archive

RE: draft-ietf-6man-slaac-renum: Processing of PIO Lifetimes at Hosts

Vasilenko Eduard <vasilenko.eduard@huawei.com> Thu, 10 September 2020 14:07 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C5AB3A0AE6 for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 07:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcOBT1aVPi-W for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 07:07:13 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB94B3A0AE2 for <6man@ietf.org>; Thu, 10 Sep 2020 07:07:12 -0700 (PDT)
Received: from lhreml728-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 1F340CF6E126D2DBA581; Thu, 10 Sep 2020 15:07:11 +0100 (IST)
Received: from msceml702-chm.china.huawei.com (10.219.141.160) by lhreml728-chm.china.huawei.com (10.201.108.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 10 Sep 2020 15:07:10 +0100
Received: from msceml703-chm.china.huawei.com (10.219.141.161) by msceml702-chm.china.huawei.com (10.219.141.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 10 Sep 2020 17:07:10 +0300
Received: from msceml703-chm.china.huawei.com ([10.219.141.161]) by msceml703-chm.china.huawei.com ([10.219.141.161]) with mapi id 15.01.1913.007; Thu, 10 Sep 2020 17:07:10 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Fernando Gont <fgont@si6networks.com>
CC: "6man@ietf.org" <6man@ietf.org>
Subject: RE: draft-ietf-6man-slaac-renum: Processing of PIO Lifetimes at Hosts
Thread-Topic: draft-ietf-6man-slaac-renum: Processing of PIO Lifetimes at Hosts
Thread-Index: AQHWhE2+4s+FodsZHUaeFj8KFTRAUqlcUF+AgAWcM1A=
Date: Thu, 10 Sep 2020 14:07:09 +0000
Message-ID: <bb2fbd9911fb4edd9ac509a2af7cce32@huawei.com>
References: <865c454a-2795-213e-144e-768830b4c911@si6networks.com> <CAKD1Yr2YdRjr0A=adtRa+3g6FLhXFa+nxk_5vqGE7fSqMDnaNw@mail.gmail.com>
In-Reply-To: <CAKD1Yr2YdRjr0A=adtRa+3g6FLhXFa+nxk_5vqGE7fSqMDnaNw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.194.221]
Content-Type: multipart/alternative; boundary="_000_bb2fbd9911fb4edd9ac509a2af7cce32huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/7mq0B0JA3ocUjVi917v6NMoj_Sg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 14:07:17 -0000

Hi all,
I completely agree to this: I think you need to tweak source address selection, not lifetimes.
In fact I propose 2 solutions:

1.      Long term: solution that I have proposed in this alias before (see below – new flag in RA). As soon as ND would have major refreshment – it should be already in one of RFC updates ready for cut & paste.

2.      Short term: properly choose address on host side. I am not sure should it be update to HE or RFC 6724 (better last one, but HE is more popular). It is easy – just prefer the address that has longer preferred time (if scope and mask are the same).
Both solutions is better to documented in standards. I do not insist on my long-term solution to be properly documented (it is for future anyway – needs ND versioning), but I am sure that for short-term Lorenzo is right.


Long term clean fix:

> RA (section 4.2 RFC4861) has 2 flags and 6 bits reserved.

> I propose to use 1 bit from reserved for additional flag: "C"="Complete". It would mean that RA has all information in this packet, including all PIOs.

> If host have recorded before some other information from the *same router* (same LLA) - then absence of this information in last RA means that information should be deprecated, irrespective of timers.

> I propose to immediately put address from missing PIO into " deprecated " state up to the end of the life for this prefix.

Eduard
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Lorenzo Colitti
Sent: 7 сентября 2020 г. 6:19
To: Fernando Gont <fgont@si6networks.com>
Cc: 6man@ietf.org
Subject: Re: draft-ietf-6man-slaac-renum: Processing of PIO Lifetimes at Hosts

I disagree with this change because it reduces the expressiveness of SLAAC as a configuration protocol. It effectively turns a 32-bit field into a 16-bit field, and makes it no longer possible to have lifetimes that outlive the default router lifetime. This often is a valid configuration. In particular, it is a valid configuration when the IPv6 prefix is statically allocated. This is often the case in enterprise networks, but is also often the case in residential networks as well. My IPv6 prefix is static, for example.

It also complicated host implementations. If you want to make this more reliable, I think you need to tweak source address selection, not lifetimes.

On Sun, Sep 6, 2020 at 10:00 PM Fernando Gont <fgont@si6networks.com<mailto:fgont@si6networks.com>> wrote:
Folks,

We continue discussing each of the mitigation proposals that we had in
draft-gont-6man-slaac-renum.

The next one is about processing PIOs at hosts, such that hosts cap the
received values to the advertised Route Lifetime -- except when the
Router Lifetime is set to the special value 0 ("do not use this router
as a default router") or when the prefix lifetimes are set to the
special value 0xffffffff ("infinity").

This allows hosts to use more appropriate lifetimes even if routers are
employing the large default values from RFC4861.

The text is:

---- cut here ----
4.1.2.  Processing of PIO Lifetimes at Hosts

    Hosts SHOULD cap the "Preferred Lifetime" and "Valid Lifetime" of
    PIOs as follows:

    o  IF (Router Lifetime != 0) AND (Preferred Lifetime != 0xffffffff)
       AND (Valid Lifetime != 0xffffffff), then:

          Preferred Lifetime= MIN(Preferred Lifetime, "Router Lifetime")

          Valid Lifetime= MIN(Valid Lifetime, 2 * "Router Lifetime")

    RATIONALE:

       *  Capping the lifetimes in PIOs as suggested will not eliminate
          the problem discussed in this document, but will certainly
          reduce the amount of time it takes for hosts to converge to
          updated network configuration information, even when the SLAAC
          router advertises PIOs with the default values specified in
          [RFC4861] (as opposed to the new default values specified in
          Section 4.1.1) or when the corresponding router ceases to send
          RAs.

       *  A Router Lifetime of 0 has the special meaning of "this router
          is not to be employed as a default router", and may be employed
          only to advertise prefixes via SLAAC (but not as a default
          router).  As a result, PIO lifetimes are not capped when Router
          Lifetime == 0.

       *  A PIO lifetime of 0xffffffff has the special meaning of
          "infinity", which means that these prefixes (and their
          corresponding addresses) should never time out.  As a result,
          PIO lifetimes are not capped when the PIO Valid Lifetime ==
          0xffffffff or the PIO Preferred Lifetime == 0xffffffff.
---- cut here ----

The text has been slightly tweaked to reflect recent discussions.


Thoughts?

Thanks!

Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com<mailto:fgont@si6networks.com>
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email