IETF Logo Mail Archive

Re: slaac-renum: Valid Lifetimes

Fernando Gont <fgont@si6networks.com> Sat, 04 April 2020 21:05 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B0FC3A0C02 for <ipv6@ietfa.amsl.com>; Sat, 4 Apr 2020 14:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z5Q1yREbqN11 for <ipv6@ietfa.amsl.com>; Sat, 4 Apr 2020 14:05:12 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D112A3A0C01 for <ipv6@ietf.org>; Sat, 4 Apr 2020 14:05:11 -0700 (PDT)
Received: from [192.168.0.10] (unknown [181.45.84.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 725878315F; Sat, 4 Apr 2020 23:05:06 +0200 (CEST)
Subject: Re: slaac-renum: Valid Lifetimes
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
References: <m1jKJ4m-0000HuC@stereo.hq.phicoh.net>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <e67ebd8e-9989-d762-0505-c983c1885dd5@si6networks.com>
Date: Sat, 04 Apr 2020 17:23:32 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <m1jKJ4m-0000HuC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/BaW1OviRnzIYBzhoQ3DZWn0vfgg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2020 21:05:14 -0000

Hello, Philip,

Thanks for your feedback! In-line...

On 3/4/20 06:57, Philip Homburg wrote:
>> However, after discussing this with a number of developers from
>> different OSes there seems to be agreement that this value Valid
>> Lifetime is still to large, and that it would be more sensible to use
>> something like: 2 * Router Lifetime  (which is still very conservative).
> 
> I think we should be extremely creaful with this. This a a host overriding
> parameters provided by the network. So we effectively limit how people
> can run their networks.

I disagree in this respect for two reasons:

1) The current default values in RFC4861 essentially mean that these two 
parameters are not used. A preferred lifetime of 1 week or a valid 
lifetime of one month is not meaningful at all.

2) I this particular case, we are simply implementing a host-side limit 
for the amount of time we'll use information provided by the network 
(unless it is refreshed). SLAAC hosts implement a bunch of other limits, 
such as maximum number of configured addresses, maximum number of 
routers, etc.

That said, indeed nobody is intending to be careless. That's why I'm 
raising the question in the first place.



> In particular, I can imagine that some people may want long lifetimes to
> make sure that if a router dies, local communication remains possible.

1) If you're thinking about a typical home/CPE scenario, the local 
router also happens to be the local switch. So if the router dies, 
you're toast, anyway.

2) That's what link-local addresses are for. IPv6 hosts typically 
configure many addresses of different properties. Therefore this 
increased flexibility should be leveraged, as opposed to applying the 
IPv4 model where hosts typically configure only one address for each 
network interface.



> So I think limiting the preferred lifetime is relatively safe. Maybe the
> valid lifetime can be reduced to one day, but shorter is probably a bad idea.

Can you think of a scenario where the Router Lifetime has expired 
because e.g. the router died, and it makes sense to keep addresses for 
such much longer extra time?




> That said, if we make valid lifetime a small multiple of router lifetime,
> then people who want a long valid lifetime can increase router lifetime.

Indeed.


> However, a long router lifetime may come back to bite us at other points.
> 
> So I would go for something like:
> the limit on valid lifetime = max(1 day, 2 * router lifetime).
> 
> I assume that in most cases, the algorithm ill agressively limit the valid
> lifetime of prefixes that are no longer announced. I.e., this blanked cap
> is only for the cases where the algorithm fails.

Yes, this limit is mostly aimed at dealing with routers that "disappear" 
(either because the router indeed disappeared, or because e.g. a 
switch-port was moved into a different VLAN and hence the router is not 
present in the local subnet anymore).

Thanks!

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email