IETF Logo Mail Archive

Re: RFC6724-bis?

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 11 October 2022 16:30 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F28C14F730 for <ipv6@ietfa.amsl.com>; Tue, 11 Oct 2022 09:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6QNIg3OXmGe for <ipv6@ietfa.amsl.com>; Tue, 11 Oct 2022 09:30:31 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4136C14F719 for <ipv6@ietf.org>; Tue, 11 Oct 2022 09:30:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 47F2E1800E; Tue, 11 Oct 2022 12:53:30 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ugybvGgEeTmK; Tue, 11 Oct 2022 12:53:25 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 82BB21800C; Tue, 11 Oct 2022 12:53:25 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1665507205; bh=D31M/LhxPr7iVHQ5pVjlA18jMfaAt2mxvJcNHo3Nmps=; h=From:To:Subject:In-Reply-To:References:Date:From; b=oOpGRSLABQ7NlQtQOGEXE6KARJdyiSwUDFcVVbDFTYTI2v/c6Ch03G40bQ2vl0Zxu CpCDSF3lwo6HXzN2QpxxOmLQHwcyNocV6nLfjt4xh6vbrKnZ6eww+KNPbpUp55ajwx HNrcSPV2eyDMUAJff0RTWYICyNWWzlsHCLSgpnJkRMxt9p+qefspTiTP2kc5IAd5Sf NQH/JCNuIKM3qUOhazh1vggNl0/rKdFhREOdFM+ET5Z4bWAAZjOxmRKzwLohnKYCIZ BKgHkVzoVIrq9mMExBkrLZO6hLT1XlhG/rHjFfHIKghd5FcQbPMrLQxZR/q921om8N gNq0mXIH3w0ig==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 95205D9; Tue, 11 Oct 2022 12:30:25 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Ted Lemon <mellon@fugue.com>, 6man WG <ipv6@ietf.org>
Subject: Re: RFC6724-bis?
In-Reply-To: <CAPt1N1=mac4Ditm_dik9TcUp6MrBQzx1W2-NcDhS+1QKm4K80Q@mail.gmail.com>
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAM5+tA9kttCKrZaoB7UzNdE6TU1qGNMaxDmWvFtRvpB4A8+WHA@mail.gmail.com> <8FE71499-D155-4853-A964-6617F6EA2069@gmail.com> <CAM5+tA9QuYxVs+NXBD3dAYr_Y=95bWt63WjmEMDOfegL0Z4otA@mail.gmail.com> <CAM5+tA_hg2sXXsYw6Tcx-ytRAMkKQcFw8a3N7SfEXwbuPm0LMw@mail.gmail.com> <00ea3b70-ba8e-b6ef-e1ce-fdd56828f506@gmail.com> <CAPt1N1=_9Rwj-HnUZKWfatARbHWptArmSAV-qdi8MKyoBf9R0A@mail.gmail.com> <CAO42Z2xZ_-mDh66A9DK+3ieEqGMqW0Pt+mZzVOmzz4cDRUTEXA@mail.gmail.com> <CAPt1N1nqwMvVHvEGAx0jxgWhbW9ZUQfAZSDn-qRYQ0CDy-EGKQ@mail.gmail.com> <17a28c173ed640e68b1cbf504bbeae49@huawei.com> <CAPt1N1=xR_2Xw+1KL6vbzZ69N+vonhcTNvO=DBceeApfoS2bMQ@mail.gmail.com> <e76267b6101146cf8a1bd6fa567c6b77@huawei.com> <CAN-Dau2QO5sxevJwUbOj+_wyiCdOjnPEZM14Jhevvkq4YZqU7Q@mail.gmail.com> <bc85e623-ef89-d2e2-4e33-b8ce0a4ec343@gmail.com> <CAN-Dau0Wbki6xwcEdy8ZK-pO9jeT6+8TKZgbmXWUgnkR+dRhBg@mail.gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d 8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com> <CAPt1N1=dC6U2_7YO9PVgVVbBqPa3B==viZ_eQvAVTp_8PB2XSQ@mail.gmail.com> <652f259172c1460e82484f4e55c3eb72@huawei.com> <CAPt1N1kG6wS0fj-qs1=ZWiACvt_w8-_ShPv_1sMUsn_sXZqEbw@mail.gmail.com> <1f4bc5f6874f441f983be6320c935b5a@huawei.com> <CAPt1N1=8yCRN6_UVBTpveKrq0QO5=JNSGoEu0JHqxjqquVw+Ug@mail.gmail.com> <47cf506519b74148b07b46aff4e584cc@huawei.com> <CAPt1N1=mac4Ditm_dik9TcUp6MrBQzx1W2-NcDhS+1QKm4K80Q@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 11 Oct 2022 12:30:25 -0400
Message-ID: <19490.1665505825@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DPj5LRKYufgDGdVmmWps1A_VlkI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 16:30:36 -0000

Ted Lemon <mellon@fugue.com> wrote:
    > To summarize, I think the disconnect we have here is over several
    > assumptions you are making that I do not think are widely accepted:

Thank you for this summary.

    > 1. That it's easy (or even possible) to change the configuration of all the
    > hosts in the network in order to address this problem.

I'm not a fan of gai.conf.  It's a configuration for a libc call getaddrinfo().
It's totally unclear to me that it should even be global for a host, and
there are no overrides (environment variables) that are standard.  It really
feels to me like it should have been done by a kernel setting, which the
kernel could be told to tune differently for different users/environments/etc.
I'm thinking NFS vs SMTP-Submit usage for instance.

    > 2. That a static configuration on a host is the right idea—that the host
    > never goes to another network.

On this we agree very strongly.
One of the complex examples is a laptop from org A, which is located on org
B's network, and has VPNs up to orgA *AND* orgC.  It's not fictional, and
it's not just me.   ULAs for VPNs is one of the killer-aspects for IPv6.
{This afternoon, I have to help some people at a TLA.GOV reach 192.168.1.x
network from their other 192.168.1.x network}

    > 3. That the address that we can't reach was published in the DNS.
    > 4. That the publisher of the address stands to lose if it is not reachable.

On this I totally agree.
I don't accept that ULA in DNS is a mistake.  I think it's why we have ULA,
and not a repeat of RFC1918.

    > I think that these assumptions, while they may be correct in some isolated
    > cases, are generally not correct, and this is why you think that editing
    > the gai.conf file (wihch I have never heard of before, by the way) is a

POSIX speaks of it, but I imagine Apple was smart enough not to have an
actual file.

    > solution to this problem, whereas other participants in the discussion are
    > dismissing this as a possible solution. Does that make sense (not asking
    > you to agree with me—just does it make sense that this is why we aren't
    > agreeing)?

I'm for inserting the /48 for any directly connected /64, and also having
some RIO/PIO L=0/A=0 extension that adds a second one.


    > On Sun, Oct 9, 2022 at 11:54 PM Vasilenko Eduard <vasilenko.eduard=
    > 40huawei.com@dmarc.ietf.org> wrote:

    >> I would like to say thanks to Michael Richardson who has shown me
    >> something relevant to the discussion.
    >>
    >> IMHO: it still does not discard my proposal but needs to be disclosed.
    >>
    >>
    >>
    >> Use case:
    >>
    >> A)      My proposal accepted: fc00::/7     45    13
    >>
    >> B)      Some company uses internally ULA and announced it to the global
    >> DNS (by mistake) for the webserver (together with GUA).
    >>
    >> C)      The second company (in a different part of the globe) uses ULA
    >> too (/48 prefix is different)
    >>
    >> D)     The second company host is trying to access the Webserver of the
    >> first company
    >>
    >> It looks like the company merge for the host: it has a local ULA prefix
    >> and DNS has shown different ULA prefixes.
    >>
    >> ULA_DA/ULA_SA have the same label (13) and precedence (45) above GUA (40).
    >>
    >> The host would fail to connect to the web server.
    >>
    >> IMHO: it is not a problem: the admin of the DNS in the first company is
    >> punished – his resources are not available because he has announced ULA to
    >> the Internet. Nobody else was hurt except the guilty one.
    >>
    >>
    >>
    >> But it is possible to change a little gai.conf to resolve this case:
    >> fc00::/7     37    13
    >>
    >> Precedence 37 is below 40. Hence, GUA/GUA would be chosen. The host would
    >> connect by GUA.
    >>
    >>
    >>
    >> I still believe that static “fc00::/7     45    13” is better.
    >>
    >>
    >>
    >> Eduard
    >>
    >> *From:* Vasilenko Eduard
    >> *Sent:* Monday, September 26, 2022 11:34 AM
    >> *To:* 'Ted Lemon' <mellon@fugue.com>
    >> *Cc:* David Farmer <farmer@umn.edu>; 6man WG <ipv6@ietf.org>
    >> *Subject:* RE: RFC6724-bis?
    >>
    >>
    >>
    >> Agree, RFC 6724 looks very complex but right anyway. That says something
    >> about authors.
    >>
    >>
    >>
    >> But I am proposing to keep it as it is. Just change one number in the
    >> configuration file (gai.conf).
    >>
    >> Other people propose to modify it more radically.
    >>
    >> Hence, I am more in line with the message “see how good is the document”.
    >>
    >>
    >>
    >> By the way, it is VERY bad that IPv6 needs such complex documents. KISS is
    >> completely broken.
    >>
    >> Ed/
    >>
    >> *From:* Ted Lemon [mailto:mellon@fugue.com <mellon@fugue.com>]
    >> *Sent:* Friday, September 23, 2022 10:15 PM
    >> *To:* Vasilenko Eduard <vasilenko.eduard@huawei.com>
    >> *Cc:* David Farmer <farmer@umn.edu>; 6man WG <ipv6@ietf.org>
    >> *Subject:* Re: RFC6724-bis?
    >>
    >>
    >>
    >> What I mean by saying the document is incredibly good is just that it
    >> anticipated every single issue I ran into while implementing the initial
    >> Thread Border Router work and had a correct solution for it, which worked.
    >> Except for the foreign ULA issue. Where I've run into problems, it's where
    >> the implementation did not follow the RFC.
    >>
    >>
    >>
    >> On Fri, Sep 23, 2022 at 2:02 PM Vasilenko Eduard <
    >> vasilenko.eduard@huawei.com> wrote:
    >>
    >> I missed the message when the consensus on “how to return ULA into active”
    >> has been achieved.
    >>
    >> If it is the case – then not many reasons to continue the discussion.
    >>
    >>
    >>
    >> But I hope that if consensus did happen then many people should understand
    >> the use case when
    >>
    >> fc00::/7     45    13
    >>
    >> does not work.
    >>
    >>
    >>
    >> IMHO: Refernece to “how genius some authors are” is not an answer to the
    >> technical question.
    >>
    >> By the way, I agree about “genius”.
    >>
    >>
    >>
    >> Eduard
    >>
    >> *From:* Ted Lemon [mailto:mellon@fugue.com]
    >> *Sent:* Friday, September 23, 2022 8:44 PM
    >> *To:* Vasilenko Eduard <vasilenko.eduard@huawei.com>
    >> *Cc:* David Farmer <farmer@umn.edu>; 6man WG <ipv6@ietf.org>
    >> *Subject:* Re: RFC6724-bis?
    >>
    >>
    >>
    >> You aren't required to be a developer with a million devices in the field.
    >> At all. I don't know if any of the authors of 6724 were in that situation
    >> when they worked on the document, and the document is incredibly good.
    >>
    >>
    >>
    >> However, you should have some reason for objecting to a solution that has
    >> rough consensus, if only for the practical reason that if you don't, there
    >> is no chance that what you say will have any bearing on the consensus. I
    >> mention my situation because it helps to explain why I think what I do
    >> about this problem. But be careful not to put words in my mouth. I'm not
    >> saying I don't think networks should be managed. I'm saying, realistically,
    >> we have to handle situations where the network may be in a somewhat
    >> ambiguous or incorrect state, and this is not fixable. Our protocols are
    >> not perfect, and our implementations are not perfect, and our operators
    >> don't always do the right thing.
    >>
    >>
    >>
    >> To put this in perspective, if "don't bother to address the uncommon
    >> situation" were a convincing argument, I could argue that ND should not
    >> retransmit. If there's no response to the original NS, then the neighbor is
    >> not present. This would definitely reduce the amount of useless multicast
    >> traffic sent. And in the common case, where the network is lightly
    >> utilized, we almost always get a response to the first NS. So
    >> retransmission is only for the uncommon case. I know you were not
    >> suggesting this, and I'm definitely using reductio ad absurdum here, but
    >> there's a reason why this is a useful tactic in a debate. :)
    >>
    >>
    >>
    >> On Fri, Sep 23, 2022 at 1:17 PM Vasilenko Eduard <
    >> vasilenko.eduard@huawei.com> wrote:
    >>
    >> Hi Ted,
    >>
    >> Thanks for the long message.
    >>
    >> Unfortunately, it is not an explanation what is the problem with a simple
    >> solution: fc00::/7     45    13
    >>
    >> Should be a use case that does not work. I do not see any. RFC 6724 has
    >> resolved RFC 5200 concerns, at least in respect of ULA.
    >>
    >> My motivation: it is a very simple solution and it should work now.
    >>
    >>
    >>
    >> About your case from IETF 113 that is related to ULA:
    >>
    >> You have presented a routed network (with many hops) where you do not want
    >> the complexity of routing.
    >>
    >> In a normal routing network, all routers know the best path to any
    >> particular prefix (especially routers on the default routing path).
    >>
    >> You would like to have a solution that would not need routing.
    >>
    >> As you said, “The product has to work in situations where the network
    >> administrators are completely nonexistent”.
    >>
    >> It is a perfectly good reason.
    >>
    >> Anyway, routers should converge somehow on the common view about available
    >> prefixes. Else they would forward not appropriate.
    >>
    >> Just I am not sure that it is possible to tweak on-link protocols to help
    >> with off-link information (especially multi-hop).
    >>
    >> Maybe https://datatracker.ietf.org/wg/anima/about/ would help.
    >>
    >> Maybe MLSN (multi-link subnet) would help ( integrate all links into one).
    >>
    >> Maybe something else is needed (HomeNet2?).
    >>
    >> Maybe ULA-specific prefixes (/48) would help somehow. I do not have enough
    >> imagination to understand why (and you are not ready to explain yet).
    >>
    >> Should Enterprise wait till you would develop and disclose the solution?
    >>
    >> Maybe. Because your task is very important (I am serious here!).
    >>
    >>
    >>
    >> IMHO: chances are good that even after you would find a solution for the
    >> problem,
    >>
    >> Just changing precedence “3” to “45” in gai.conf would be still the best
    >> for ULA.
    >>
    >> Then maybe you would permit to use ULA now while you are thinking over the
    >> big challenge.
    >>
    >> Modification for RFC 6724 may be done later if your solution would need it.
    >>
    >>
    >>
    >> > I'm looking at this as an implementer of a product of which millions of
    >> units will be sold.
    >>
    >> Is it mandatory to be equal for the discussion?
    >>
    >>
    >>
    >> > I don't actually know what your motivation is here. Are you a network
    >> administrator? An IPv6 stack implementer? Are you concerned about code
    >> complexity?
    >>
    >> I had an assumption that everybody here is thinking about “public good”,
    >> not a person's or company's interests.
    >>
    >> IMHO: It is the root cause.
    >>
    >>
    >>
    >> > "oh boy, I should change my product." So that's why I see you as being
    >> in the rough.
    >>
    >> Agree. It is better not to stress any point so tough – people do not like
    >> it.
    >>
    >> But I was asking only technical questions … nothing personal.
    >>
    >> My bad. Sorry. I need to do something about it.
    >>
    >>
    >>
    >> Eduard
    >>
    >> *From:* Ted Lemon [mailto:mellon@fugue.com]
    >> *Sent:* Friday, September 23, 2022 4:37 PM
    >> *To:* Vasilenko Eduard <vasilenko.eduard@huawei.com>
    >> *Cc:* David Farmer <farmer@umn.edu>; 6man WG <ipv6@ietf.org>
    >> *Subject:* Re: RFC6724-bis?
    >>
    >>
    >>
    >> Eduard, I think the first thing to say here is that you're pretty clearly
    >> in the rough. If you want to get your point across, you need to explain
    >> your objection in a way that sways the consensus, not simply insist that we
    >> explain ourselves better.
    >>
    >>
    >>
    >> That said, I think it's reasonable to ask for a better explanation,
    >> regardless, so let me see if I can do that. I'm looking at this as an
    >> implementer of a product of which millions of units will be sold. The
    >> product has to work in situations where the network administrators are
    >> completely nonexistent. So a "network misconfiguration" in this context is
    >> actually just the interaction of two different products the implementers of
    >> which made different base assumptions.
    >>
    >>
    >>
    >> What I want, in this situation, is for things to work in as many cases as
    >> possible. I don't want to be inundated with bug reports, simply put. Of
    >> course, it's possible that something will go wrong, but if we can
    >> anticipate a particular sort of dysfunction, and do something to address
    >> it, that's definitely going to make things better. And I have seen this
    >> particular dysfunction happen in bug reports, so it's not the case that I'm
    >> just theorizing here.
    >>
    >>
    >>
    >> Now, it's entirely possible that what I'm doing in the product I'm talking
    >> about is incorrect, and that you know why it's incorrect and can say so.
    >> But you haven't done that yet—you haven't said something that makes me
    >> think "oh boy, I should change my product." So that's why I see you as
    >> being in the rough.
    >>
    >>
    >>
    >> I don't actually know what your motivation is here. Are you a network
    >> administrator? An IPv6 stack implementer? Are you concerned about code
    >> complexity? It would help if you were to express an actual situation where
    >> the current consensus would affect a specific thing that you feel
    >> responsible for, whether that's an implementation, a network, or something
    >> else.
    >>
    >>
    >>
    >> On Fri, Sep 23, 2022 at 8:31 AM Vasilenko Eduard <vasilenko.eduard=
    >> 40huawei.com@dmarc.ietf.org> wrote:
    >>
    >> Hi David, thanks. But it is not enough for an explanation.
    >>
    >>
    >>
    >> Section 2.2.2 RFC 5200 example is just not relevant to the current
    >> situation, it was relevant to RFC 3484.
    >>
    >> It is solved by default because the separate label has been attached to
    >> ULA in RFC 6724.
    >>
    >> Now, IPv4_DA/IPv4_SA would be prioritized above GUA_DA/ULA_SA because of
    >> rule 5 (label match).
    >>
    >> No problem.
    >>
    >>
    >>
    >> If you have any other scenario that may affect static ULA prioritization
    >> above anything else – please show it.
    >>
    >>
    >>
    >> Why do you believe that address expansion above 2000::/3 would be affected?
    >>
    >> If people would continue to use ::/0 as the default and RFC6724 has it in
    >> the RC6724 table
    >>
    >> Then how the problem could happen?
    >>
    >> I do not understand this use case too.
    >>
    >>
    >>
    >> > Let’s only fix the problem and not make new problems for the next
    >> generation of network engineers and operators.
    >>
    >> I claim that the ULA problem is very small. It may be treated as a pure
    >> configuration problem. Just add static:
    >>
    >> fc00::/7               45    13
    >>
    >> to gai.conf. Hence, the draft in v6ops is enough.
    >>
    >>
    >>
    >> PS: it does not solve MHMP but it is a problem that possible to separate
    >>
    >>
    >>
    >> Eduard
    >>
    >> *From:* ipv6 [mailto:ipv6-bounces@ietf.org] *On Behalf Of *David Farmer
    >> *Sent:* Friday, September 23, 2022 2:17 PM
    >> *To:* Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
    >> *Cc:* 6man WG <ipv6@ietf.org>
    >> *Subject:* Re: RFC6724-bis?
    >>
    >>
    >>
    >> Please read the first paragraph of RFC6724 section 10.6 and all it’s
    >> references very carefully. In particular, read 2.2.2 of RFC 5220.
    >>
    >>
    >>
    >> Your argument contradicts the conclusions of 2.2.2 of RFC 5220. In short,
    >> your argument is only true today while we are using 2000::/3 for GUA. When
    >> that eventually changes, and it will some day, we would have to yet again
    >> rejigger the table.
    >>
    >>
    >>
    >> RFC 6724 is almost correct, the only thing it got wrong is that the
    >> section 10.6 modifications must be mandatory and automatic, and not
    >> optional, otherwise ULA is broken and dysfunctional.
    >>
    >>
    >>
    >> Let’s only fix the problem and not make new problems for the next
    >> generation of network engineers and operators.
    >>
    >>
    >>
    >> Thanks
    >>
    >>
    >>
    >> On Fri, Sep 23, 2022 at 02:27 Vasilenko Eduard <vasilenko.eduard=
    >> 40huawei.com@dmarc.ietf.org> wrote:
    >>
    >> I still do not understand why Ted and David care about "remote ULA".
    >> If this ULA has been delivered to the local host by
    >> Then it has been done intentionally.
    >> Such a type of misconfiguration does not make sense to optimize.
    >> Hence, it is possible to operate FC/7 as a whole, no need to split it for
    >> /48s.
    >>
    >> Hence, why not install permanent precedence to FC/7 in gai.conf?
    >> It would not play any role on the host till the local router would deliver
    >> ULA PIO.
    >> And even after this, it would not be used till DNS would show the ULA
    >> destination
    >> Because rule 5 (matching labels) would make GUA_DA/ULA_SA a low priority,
    >> GUA/GUA would be chosen.
    >>
    >> What is the problem with permanently changed FC/7 precedence even above
    >> GUA?
    >>
    >> Eduard
    >> -----Original Message-----
    >> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Brian E Carpenter
    >> Sent: Friday, September 23, 2022 4:47 AM
    >> To: Ted Lemon <mellon@fugue.com>; David Farmer <farmer=
    >> 40umn.edu@dmarc.ietf.org>
    >> Cc: 6man WG <ipv6@ietf.org>
    >> Subject: Re: RFC6724-bis?
    >>
    >> On 23-Sep-22 12:50, Ted Lemon wrote:
    >> > Op do 22 sep. 2022 om 20:40 schreef David Farmer <farmer=
    >> 40umn.edu@dmarc.ietf.org <mailto:40umn.edu@dmarc.ietf.org>>
    >> >
    >> >     I think leaving unknown, most likely remote, ULA at a lower priority
    >> and adding the /48 or other known local ULA to the table at a higher
    >> priority automatically should help mitigate ULA in the public DNS and the
    >> possible response of turning off IPv6.
    >> >
    >> >     In someways those that put ULA in the public DNS get what they
    >> deserve, I’m just worried about the remote user’s response to the
    >> brokenness, causing even more brokenness.
    >> >
    >> >
    >> > Hm, okay. I think we are all actually in agreement then, since I heard
    >> Brian admitting earlier that it might be better to dynamically update the
    >> table.
    >>
    >> Indeed, which was exactly why I wrote gai_wrap.py as a userland proxy for
    >> that approach.
    >>
    >> Brian
    >>
    >> > I must have misunderstood what you meant by optimizing for the uncommon
    >> case—sorry about that!
    >> >
    >> --------------------------------------------------------------------
    >> IETF IPv6 working group mailing list
    >> ipv6@ietf.org
    >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    >> --------------------------------------------------------------------
    >>
    >> --
    >>
    >> ===============================================
    >> David Farmer               Email:farmer@umn.edu
    >> Networking & Telecommunication Services
    >> Office of Information Technology
    >> University of Minnesota
    >> 2218 University Ave SE        Phone: 612-626-0815
    >> Minneapolis, MN 55414-3029   Cell: 612-812-9952
    >> ===============================================
    >>
    >> --------------------------------------------------------------------
    >> IETF IPv6 working group mailing list
    >> ipv6@ietf.org
    >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    >> --------------------------------------------------------------------
    >>
    >> --------------------------------------------------------------------
    >> IETF IPv6 working group mailing list
    >> ipv6@ietf.org
    >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    >> --------------------------------------------------------------------
    >>

    > ----------------------------------------------------
    > Alternatives:

    > ----------------------------------------------------
    > --------------------------------------------------------------------
    > IETF IPv6 working group mailing list
    > ipv6@ietf.org
    > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    > --------------------------------------------------------------------

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email