IETF Logo Mail Archive

Re: [IPv6] Variable IIDs

Ted Lemon <mellon@fugue.com> Sun, 05 November 2023 07:57 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38B86C232057 for <ipv6@ietfa.amsl.com>; Sun, 5 Nov 2023 00:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1pIpaUOzh5yP for <ipv6@ietfa.amsl.com>; Sun, 5 Nov 2023 00:57:20 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA161C232076 for <ipv6@ietf.org>; Sun, 5 Nov 2023 00:57:16 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id d75a77b69052e-41cc7379b23so21778551cf.3 for <ipv6@ietf.org>; Sun, 05 Nov 2023 00:57:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1699171035; x=1699775835; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YT3/DVca005+MIepPP3hvA6TlPOYA2Mv3z+Jo26/vmY=; b=mJ4cQUu7TPHCdQeN2VIwA/4uAXlNf6C3UGbgEMStSiYBGTmkLbQ5xqfRuuXR2NWONp jp4fG74QXKwEskzFIJkZQxWOhwTpBME+wm5lAsY/nkE0mQPNjHwezKL7d37sJ9/6B/pr 0nFU4OqluMOlwMz22Maxt94L48ScxhMhKPOa8b6EZ3jZhZLzwAjJOCNr/XFJbxCAYS11 agiVu5FRJvGbKGpX59PqhhMyTthUQSz0WWryrMXw+eTbyuceLb2Yy/IVTaQwOrYH3j/s K1cQQiE9yY17MQ2BuiPBuccFP3Iy2Tc3sXrwG/qRsMjrK/eDJuMtjBii9LLQLqgQfmWj jyew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699171035; x=1699775835; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YT3/DVca005+MIepPP3hvA6TlPOYA2Mv3z+Jo26/vmY=; b=o4r+IM5D4OHRFNUMHcGdDf9YHF6j/LnfqrPFwwDet3XjXIuwCBHmVPlBvRgUonS5WJ b3k8h7rAOPszh5xBgNlKUfdSoNyiQ6YHzkGvgYO1TdlKl1TauwSX2U8L0a239wHU3afU ZzBoICMofcNYJAofSeHsPJo4pL8WGb3CnXbo4MzoH8XFP5SAxSBA754rWRZYffHW45ba kvra6FclMolcszrVUTtT+/qZn2f9UTSxfpUWh8eP4VFEyQPAgCuwkAx4PgxXiKfIMJeU PeRrWIVLdcG89rFbqQHu63a9aKCbmEPApYbuuKx5+xYgqD46bkC3K7Ida77zl8BDHL7s pvgw==
X-Gm-Message-State: AOJu0YyYSie0NExc3nhXcj/UghT0FDE4L6TCZxKtAwIxCsDNOjsaNFqk E1qrkrqgHngsL1KKMfeChcS2joVg1/PJj8qSVTIwXoaCO2TxnIKB
X-Google-Smtp-Source: AGHT+IFed4pzhPNLDT9KS/0InUAy7r64Ba6f7NoKHxEVlr1UccZlX8eBff9aVg38vCVeQwPXvoC5C6WclBKTp7bmB48=
X-Received: by 2002:a05:6214:c25:b0:66d:9d5c:9a97 with SMTP id a5-20020a0562140c2500b0066d9d5c9a97mr35417720qvd.1.1699171035553; Sun, 05 Nov 2023 00:57:15 -0700 (PDT)
MIME-Version: 1.0
References: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com> <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com> <CAO42Z2zxLwtZNtuwBKDzCZZXp4tUNvmMoDCOu1XgjFPwXjKvYQ@mail.gmail.com>
In-Reply-To: <CAO42Z2zxLwtZNtuwBKDzCZZXp4tUNvmMoDCOu1XgjFPwXjKvYQ@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sun, 05 Nov 2023 08:57:04 +0100
Message-ID: <CAPt1N1muMaRKjcTkSUKOGfzWF3wNc5TQ6K3_9=eKr6-8eNHYKw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: 6man <ipv6@ietf.org>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fcb59e06096315a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Du6hSwAspWWvasZerLvDH9RXvsY>
Subject: Re: [IPv6] Variable IIDs
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 07:57:22 -0000

Ironically, this is the best argument I’ve heard against. If isps use this
to save on rir fees, their customers will get single /80 prefixes, and we
won’t have gained anything.

To my mind the benefit of a wider prefix is that it lets me take the /64 my
isp gives me and subnet it 65536 times, as was originally intended when the
recommendation for customer prefix widths was 48 bits. If we don’t get
that, there is no point in doing this work.

Op zo 5 nov 2023 om 05:56 schreef Mark Smith <markzzzsmith@gmail.com>

>
> On Sat, 4 Nov 2023, 23:00 Lorenzo Colitti, <lorenzo=
> 40google.com@dmarc.ietf.org> wrote:
>
>> Brian,
>>
>> If we think /64 is too large, then I think it's OK to change 64 to
>> something else. But making the IID length variable is the wrong solution.
>> If we do that, we will create a race to the bottom that ends up at /128.
>>
>
> I think one of the incentives to do this will be RIR fees.
>
> Internet service is obviously a commodity, which means there are strong
> incentives to reduce costs if possible, in particular for residential
> Internet services.
>
> So if an ISP can get their minimum assignment of an /32, and then
> subdivide with IIDs smaller than 64 bits to fit all of their customers
> within that single /32, that's I'm confident that's what many will do to
> avoid paying RIR fees for shorter prefixes to suit /64 subnets/64 bit IIDs
> for their customer base.
>
> The larger the ISP, the greater the incentive to do this, because the
> savings from only using a /32 for all customers will be greater.
>
> Regards,
> Mark.
>
>
>
>
>
>> Here's why. Today SLAAC only works on a /64, and a /64 guarantees that
>> there will always be enough address space to number unlimited devices.
>> Pretty much every network operator uses that because it's the only thing
>> that works on all devices. Some operators insist on assigning only a /128
>> to each device using DHCPv6. This is for various reasons, most notably
>> consistency with IPv4, the fact that DHCP clients and servers by default
>> only assign one address, scalability of network entities such as ND caches,
>> desire to charge for more addresses (yes; as the lead of a major OS network
>> stack, we get this depressingly often). It's pretty clear from any reading
>> of RFC 7934 that that is harmful, but those operators don't know or want to
>> do it anyway. Fortunately (well, unfortunately for those operators), this
>> doesn't work on a substantial percentage of devices due to lack of support
>> for DHCPv6, so it's not really a practical solution on most networks. Those
>> operators occasionally complain about OSes that don't support DHCPv6, but
>> on the whole we're generally in a situation where devices can get as many
>> IP addresses as they need, within reason.
>>
>> However: if we define SLAAC to variable length, as you are proposing here
>> then those operators will pick the minimum length accepted by
>> implementations. Today that's /64. If implementations change to accept
>> fewer addresses (say, /80), then those networks will move to providing the
>> new minimum. And so on. This starts a race to the bottom that ends at /128.
>> If you don't believe this, consider: many residential ISPs provide a
>> reasonably-sized subnet to users, such as a /56. But some provide only a
>> /60. Some - like mine! - only provide a /64. In my case I could only get a
>> /56 by signing up for the business offering, which costs 3 times as much.
>> Now, obviously this example is about prefix sizes, but if we make SLAAC
>> variable, you can bet that operators will do this within subnets as well.
>> Consider even during the v6ops discussion of
>> draft-ietf-v6ops-dhcp-pd-per-device, some participants (Martin, I remember)
>> asserted that the subnet must be made small enough to prohibit devices from
>> extending the network.
>>
>> Note, I am not saying that most or even many networks will do this. But
>> some will. The consequence of that is that OS vendors like ours will act in
>> their users' interests, and allow those users to evade those restrictions
>> by implementing NAT66. At that point everybody loses. The networks don't
>> get paid more. App developers have to implement NAT traversal and
>> keepalives. OS vendors have to implement hardware offload APIs for
>> keepalives. Users have to deal with lower battery life and brittle apps due
>> to NAT timeouts.
>>
>> Why do this? If we really think /64 is too wasteful, then we can change
>> it, once. But we can't make it variable without creating a race to the
>> bottom. The only way to do that is to pick one size.
>>
>> Cheers,
>> Lorenzo
>>
>
>> On Sat, Nov 4, 2023 at 2:06 AM Brian E Carpenter <
>> brian.e.carpenter@gmail.com> wrote:
>>
>>> If anyone wants to turn this into an I-D, please feel free.
>>>
>>> title: Variable Length Interface Identifiers
>>> abbrev: Variable IIDs
>>> docname: draft-tbd-6man-variable-iids-00
>>>
>>> # Introduction
>>>
>>> The lowest common denominator method of configuration for IPv6 nodes is
>>> SLAAC {{!RFC4862}}, which is carefully designed to allow any prefix length
>>> and any interface identifier (IID) length, provided that they do not total
>>> more than 128 bits. Until now, specifications of "IPv6 over foo" mappings,
>>> starting with {{!RFC2464}}, have specified an IID length of 64 bits,
>>> consistent with the value specified by {{!RFC4291}}.
>>>
>>> This document allows a router to announce an IID length other than 64 on
>>> a given link, and updates RFC 4291, RFC 2464 (and numerous other "IPv6 over
>>> foo" documents TBD), and RFC 4862 accordingly. It extends {{!RFC4861}} by
>>> defining a new "IID length" mechanism in RA messages.
>>>
>>> Terminology: a "modified" host or router supports this spec. An
>>> "unmodified" host or router supports RFC 4861 and 4862 precisely.
>>>
>>> # Modified procedures
>>>
>>> The predefined IID length specified by RFC 4291, RFC 2464, etc. is used
>>> to configure the link-local IPv6 address of a node exactly as described in
>>> RFC 4862.
>>>
>>> On a link where variable IID length is not supported, the predefined IID
>>> length will continue to be used to configure all other addresses using
>>> SLAAC.
>>>
>>> On a link where variable IID length is supported, each modified router
>>> will include an "IID length" indication in every RA/PIO message with the A
>>> bit set. This will override the value defined in RFC 2464 (etc.) and in RFC
>>> 4291, for the prefix concerned.
>>>
>>> Suggestion: put the IID length in 6 bits of the Reserved2 field of the
>>> PIO. 0b000000 would mean 64, i.e. no change and backwards compatible. Any
>>> other value would define an IID length in bits. Values less than 48
>>> (0b110000) are NOT RECOMMENDED. Values greater than 64 are impossible.
>>>
>>> (Note: Reserved1 is not available - see {{?RFC8425}}.)
>>>
>>> When a modified node receives an "IID length" less than 64, it will use
>>> that value instead of the default for all unicast address autoconfiguration
>>> under that prefix, except link-local.
>>>
>>> # Deployment issues
>>>
>>>   - Unmodified hosts and unmodified routers: no change, all use 64-bit
>>> IIDs.
>>>
>>>   - Modified hosts and unmodified routers: no change, all use 64-bit
>>> IIDs.
>>>
>>>   - Modified hosts and modified routers: configure to use longer
>>> prefixes and shorter IIDs if desired.
>>>
>>>   - Modified routers and mixture of modified and unmodified hosts on a
>>> link:
>>>
>>>     - The modified hosts will use a shorter IID and longer prefix if
>>> that is announced.
>>>
>>>     - The unmodified hosts, according to RFC 4861, MUST ignore the
>>> Reserved1 field. So, according to section 5.5.3 clause d) of RFC 4862, they
>>> will ignore any PIO advertising a shorter IID. Therefore, the operator has
>>> two choices:
>>>
>>>       1. Decide that unmodified hosts will not be supported (i.e. will
>>> not be able to configure an address using SLAAC).
>>>
>>>       2. Announce (at least) two prefixes on the link - a /64 and a
>>> longer one, with a shorter IID. For that to make sense, we need an extra
>>> rule for modified hosts: if a host receives several PIOs from the same
>>> router, it prefers all those with the shortest IID and ignores the others.
>>>
>>>   - Mixture of modified and unmodified routers on a link: don't do that!
>>>
>>> # IANA Considerations
>>>
>>> Maybe a registry for the Reserved2 field, like RFC 8425?
>>>
>>> # Security Considerations
>>>
>>> Nothing new?
>>>
>>>
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email