Re: [irtf-discuss] Why do we need to go with 128 bits address space ?

Michael <mstjohns@comcast.net> Sun, 18 August 2019 00:29 UTC

Return-Path: <mstjohns@comcast.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E0711200C7 for <ipv6@ietfa.amsl.com>; Sat, 17 Aug 2019 17:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.697
X-Spam-Level:
X-Spam-Status: No, score=-2.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04cSMoqgDgGq for <ipv6@ietfa.amsl.com>; Sat, 17 Aug 2019 17:29:40 -0700 (PDT)
Received: from resqmta-ch2-09v.sys.comcast.net (resqmta-ch2-09v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C12C812007C for <6man@ietf.org>; Sat, 17 Aug 2019 17:29:40 -0700 (PDT)
Received: from resomta-ch2-05v.sys.comcast.net ([69.252.207.101]) by resqmta-ch2-09v.sys.comcast.net with ESMTP id z8uthfqlFSZzkz94mhGTfE; Sun, 18 Aug 2019 00:29:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=20190202a; t=1566088180; bh=3nMV5/ot/qXw6xMJCdC6nqZfd0tVsEHcX+7H0JPZvA8=; h=Received:Received:Date:From:To:Message-ID:Subject:MIME-Version: Content-Type; b=OoIi+MOb5A7f3TXzBxWsbI7W9NGOlXNtaLZcPso3WadPsQ9+zngZIh9MxMI40AqIu W3aIJknpinpyQgskM2SBLXXj42rO9uDmQaT6ssmZO3Zm3EqyrPKpPnQy9PlpmrRzyG pJVb6xZFtZLMR5W4woZZic298aCVVlyqD8ft2TbPe1NGoknKvV6Z6BcQ0zzjIB5nVS 4hmjB8s93P8TbRWkV+0nhJqZCZwZAVnfW5T7Zrswx+hnT63XQlY69XaFnX1efJmlxv +IXntfmskNmvLzGqAVAcv2jbJUF45zdJbfoVRBOPcDXmXWsnt4RrZOqzez34ghQfvx bZaGXiLcu68bA==
Received: from Mikes-IPhone ([IPv6:2607:fb90:643b:fde2:41f6:1a4f:6268:c08d]) by resomta-ch2-05v.sys.comcast.net with ESMTPA id z94LhHYTqw374z94RhKXLZ; Sun, 18 Aug 2019 00:29:37 +0000
X-Xfinity-VMeta: sc=-100;st=legit
Date: Sat, 17 Aug 2019 20:29:12 -0400
From: Michael <mstjohns@comcast.net>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Mark Smith <markzzzsmith@gmail.com>
Cc: irtf-discuss@irtf.org, 6man@ietf.org, shyam bandyopadhyay <shyamb66@gmail.com>, IETF discussion list <ietf@ietf.org>
Message-ID: <9b47a8e6-e2a0-49fe-99b8-201364bc40a7@Mikes-IPhone>
Subject: Re: [irtf-discuss] Why do we need to go with 128 bits address space ?
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5d589bd8_6b8b4567_1223"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/8vXHwq_8NjLUKKj6PnC1CJtziIQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 00:29:43 -0000

That was not very helpful useful informative responsive etc. how about identifying what you think is incorrect and why?

Sent from XFINITY Connect Mobile App

------ Original Message ------

From: Mark Smith
To: Phillip Hallam-Baker
Cc: irtf-discuss@irtf.org, 6man@ietf.org, shyam bandyopadhyay, IETF discussion list
Sent: August 16, 2019 at 7:32 PM
Subject: Re: [irtf-discuss] Why do we need to go with 128 bits address space ?

Incorrect.
On Sat., 17 Aug. 2019, 01:43 Phillip Hallam-Baker, <phill@hallambaker.com (mailto:phill@hallambaker.com)> wrote:
> On Thu, Aug 15, 2019 at 6:31 AM Brian Carpenter <brian.e.carpenter@gmail.com (mailto:brian.e.carpenter@gmail.com)> wrote:
> > e) 64 isn't enough to allow lots of bits for topology plus lots of bits for privacy
> > f) in any case we can compress the headers in low power, low bandwidth scenarios
> > g) it's 25 years too late for this discussion even if we were wrong
>
> Perhaps.
>
> The reason we went to 128 bits was 64+64 = 128
> It was assumed that networks would want to map MAC addresses onto the lower bits of the address and those were already in the process of expanding to 64 bits. This hasn't happened because it is nonsense. Disclosing the structure of your internal network to potential attackers is stupid.
>
> IPv6 to IPv6 NAT is going to be seen as an essential security control in future zero trust/zero knowledge networks. I don't want Mallet knowing if I have 4 hosts in my network or 400 and I am going to try to make it as difficult and expensive as possible for him to find out. So instead of allocating one IPv6 address to my hosts, I will allocate multiple addresses and apply encryption to obfuscate them at the network boundary.
>
> This approach can provide a lot of leverage against DoS attacks. The Mesh service protocols make it possible for a Mesh service to assign each account a separate IPv6 address for client access. That in turn makes it possible for border controls to drop packets that are from accounts that are flooding or not associated with an account at all.
>
> It is easier to find an encryption cipher with a 64 bit block size than 48. They are not going to be any use for general purpose encryption but they would serve this one.
>
>
> It was also assumed that there was a need for more routable IP addresses which was probably a mistake.
>
> In IPv4, every host has an Internet has a routable address. So if Google has 32,368 hosts at the same site, that means 32,368 routable addresses. The design for IPNG did not take account of the fact that if we append a non-routable portion, those hosts can all sit on the same routable address.
>
> So yes, one could argue that 32+32 would have been enough. Only there are more than 4 billion people on the planet. So you have to have at least 40 bits for the routable addresses and once you take account of inefficiency in the allocation process we need a minimum of 48 bits. Given the vast cost of the change, 64 bits looks like a reasonable choice to me.
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org (mailto:ipv6@ietf.org)
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------