IETF Logo Mail Archive

Re: Why has RFC 4941 been designed in such a way, that it might cause address conflicts?

Markus Hanauska <hanauska@equinux.de> Wed, 16 March 2011 10:47 UTC

Return-Path: <hanauska@equinux.de>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2EBAA3A68C2 for <ipv6@core3.amsl.com>; Wed, 16 Mar 2011 03:47:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.422
X-Spam-Level:
X-Spam-Status: No, score=-2.422 tagged_above=-999 required=5 tests=[AWL=0.177, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBl2pGhFnzgf for <ipv6@core3.amsl.com>; Wed, 16 Mar 2011 03:47:30 -0700 (PDT)
Received: from mail.equinux.net (mail.equinux.net [194.145.236.10]) by core3.amsl.com (Postfix) with ESMTP id B9F6F3A690B for <ipv6@ietf.org>; Wed, 16 Mar 2011 03:47:29 -0700 (PDT)
Received: from mail.equinux.net (127.0.0.1) by mail.equinux.net (MlfMTA v3.2r9) id hg21tg0171sk for <ipv6@ietf.org>; Wed, 16 Mar 2011 10:33:11 +0100 (envelope-from <hanauska@equinux.de>)
Received: from mail.muc.equinux.net ([192.168.40.207]) by mail.equinux.net (equinux Secure Mail Relay) with ESMTP; Wed, 16 Mar 2011 10:33:11 +0100
Received: from anaheim.muc.equinux.net (anaheim.muc.equinux.net [192.168.40.40]) by mail.muc.equinux.net (Postfix) with ESMTPS id 9E0EE20F9590; Wed, 16 Mar 2011 11:48:55 +0100 (CET)
Subject: Re: Why has RFC 4941 been designed in such a way, that it might cause address conflicts?
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Markus Hanauska <hanauska@equinux.de>
In-Reply-To: <35A891E0-9BA1-4694-AFA3-C6C46C8F3625@apple.com>
Date: Wed, 16 Mar 2011 11:48:55 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <61640AE3-C0A9-4693-B3A6-4E675E15123C@equinux.de>
References: <C744C51B-F2B0-4137-B39F-54B8D62F1C97@equinux.de> <E7CFEDBC-5048-413E-93C9-DBF79B4FC238@apple.com> <E8CD61BF-827E-4A83-AA63-275D0CCB0B53@equinux.de> <35A891E0-9BA1-4694-AFA3-C6C46C8F3625@apple.com>
To: james woodyatt <jhw@apple.com>
X-Mailer: Apple Mail (2.1082)
X-Mlf-Version: 7.2.1.2841
X-Mlf-UniqueId: o201103160933110094729
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2011 10:47:31 -0000

On 2011-03-15, at 21:35 , james woodyatt wrote:

> Let me try again... there is no "tiny change" to existing RFCs that can make it *impossible* for address conflicts to arise.

This seems an rather odd reasoning to me; it's like saying "An algorithm, that solves only one specific problem, is bad because the world is full of so many other problems it doesn't solve". I'm not in particular worried about conflicts between two devices that use both some kind of stateless address configuration (by interface ID, privacy extension, or both), since those devices will only create stateless addresses while they are connected to the network and thus DAD will work to detect those conflicts and devices are able to do whatever they wish to resolve them; e.g. just picking another random address. Since it doesn't really matter for stateless devices which IP they'll have, picking one IP seems as good as picking any other IP IMO. My main concern always has been that stateless devices might conflict with IP ranges that are reserved by the network admin for DHCP clients and manually configured servers. And to avoid this scenario, a single sentence and at most 4 lines of code in implementations would be enough already. I cannot understand what would be so bad about limiting the address range of the privacy extension in such a way, that a *tiny* fraction of it is reserved to create a "safety-zone" which admins can use for static or DHCP pool addresses. After all RFC 4941 already does that:

"Compare the generated identifier against a list of reserved interface identifiers [...]"
	- RFC 4941 - 3.2.1

And as an example the reserved anycast addresses of RFC 2526 are explicitly mentioned. All that I was asking was why such a reserved address range has not been created for admins that need static addresses on the network (manually assigned or assigned by DHCPv6), however, the devices that will use them are not permanently connected to the network and thus DAD will simply *not work*. DAD can only prevent that there will ever be an address conflict, but it does not prevent a device from *accidentally* picking an address (and that is important, I'm not worried about intentionally picking one) that has been reserved for another device currently not connected to the network. It's great that I will get informed when such a conflict arises, but how should I resolve it? Assigning a different static IP to the device (again, manually or by DHCP) resolves the IP address conflict, but may still prevent proper operation of the network, since now the server or other device in question won't have the IP it is supposed to have and other devices may rely on that IP.

For EUI/MAC-48 such a safety zone exists implicitly, for EUI-64 addresses it only exists if the u bit is set (and is not set for the static or DHCP addresses), but that should almost always be the case; despite that this won't be an issue on most networks as long as network ethernet network adapters have 48-bit addresses and in networks where EUI-64 is already in use today neither DHCP nor manual assigned addresses are in use.

> EUI-48 and EUI-64 addresses with global uniqueness flags are not always globally unique because factories make errors.

Yes, I got that point, but this is nothing I'm worried about. These are conflicts that will prevent one device joining the network because another device with the same EUI is already on the network; an in that case assigning a different IP also won't resolve the conflict, since the devices would still conflict on layer 2, which is probably even worse than a conflict on layer 3. The tiny change I suggested would not solve this problem, well, but it will still solve the problem I'm worried about.

> manual configuration procedures are-- sing it with me-- prone to manual error

Yes, it certainly is. If I mess up the manual configuration, it's my fault and there is nobody to blame but myself. And it will also be me who has to fix the mess. However, if standards, that are supposed to cooperate and automatically work on my behalf, mess up the configuration, who can I blame then and who is going to fix it? Further saying "Don't do something that can go wrong if you make a mistake" seems another odd reasoning, since pretty much everything you do can go wrong if you make mistakes and by that reasoning I better stop touching my computer right away.

Best regards,
Markus

v2.23.0 | Report a Bug | By Email