Re: “DHCPv6, SLAAC, Static Day X - 17 year interoperability issue” 2nd issue
"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 10 November 2020 02:38 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC1F73A15B3; Mon, 9 Nov 2020 18:38:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-QZ2b58vBas; Mon, 9 Nov 2020 18:38:10 -0800 (PST)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA3633A15B2; Mon, 9 Nov 2020 18:38:09 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4CVX8x5tvbz1ntWY; Mon, 9 Nov 2020 18:38:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1604975889; bh=tH/f2FmUn/lMht18s0H8xhqssyZ3HQnaoMgQOsXP+Z4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=cXeQ6myu16uzKFhFMD8MH4gAo48EM0sXcdeeTkZkGUqZaHkTufsF6GbprjsQBAQGm 7DhpnDBc8/OF0KtwdXMfk+K0bjuWOehiqL8B+oAJMhNQrZD3SQLLLLvmU4uf4TRXZD xAWda414OokLl5xfW21rY7g/crXjswj/UG6C+BWw=
X-Quarantine-ID: <8SuyGG-Ixqlr>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.128.43] (unknown [50.225.209.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4CVX8x1F4Fz1ntWT; Mon, 9 Nov 2020 18:38:09 -0800 (PST)
Subject: Re: “DHCPv6, SLAAC, Static Day X - 17 year interoperability issue” 2nd issue
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: 6man WG <ipv6@ietf.org>, draft-mishra-6man-variable-slaac@ietf.org
References: <3A94E3B6-EA5A-453A-8CB1-C11BBDF88B53@gmail.com> <0b83b083-7179-0277-d32e-ac48d9d6fe24@joelhalpern.com> <CABNhwV3HxouhWtWWihLBo7JOjKhOos-AZotGNtkUA5e5jgihiQ@mail.gmail.com> <3132990a-efaa-8582-4d7e-37edd3a70f41@joelhalpern.com> <CABNhwV255GiswknJCfWr+jxhsYiTLujTaP4Kq9LZVRxLztNR-w@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <27733d58-4a23-bc33-d87b-3318690e827f@joelhalpern.com>
Date: Mon, 09 Nov 2020 21:38:08 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.1
MIME-Version: 1.0
In-Reply-To: <CABNhwV255GiswknJCfWr+jxhsYiTLujTaP4Kq9LZVRxLztNR-w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/EQC8nE38FEU2DPtdQh6YepgFxKA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 02:38:12 -0000
Let me try again. What you describe below is a case where if you were giving out longer prefixes, SLAAC would have problems. That much I get. What I still do not understand (and I will grant that maybe I am just dense and missing the obvious; please explain) is why you need prefixes longer than /64 at all. Yours, Joel On 11/9/2020 9:29 PM, Gyan Mishra wrote: > > > I was just giving an example of mixed hosts on the same subnet using > different IPv6 addresses methods. So it can be any network or any > scenario where you have mix of addressing methods with longer prefixes. > > The problem is that SLAAC does not support >64 prefixes due to IID 64 > bit limitation and that prevents use of DHCPv6 stateful or static with > >64 prefix subnets. > > > On Mon, Nov 9, 2020 at 9:19 PM Joel M. Halpern <jmh@joelhalpern.com > <mailto:jmh@joelhalpern.com>> wrote: > > Gyan, I apparently was not unclear. > I was not asking who needs to use longer prefixes. I was asking why. > Telling me that some data enters want them does not tell me what > problem > the data center needs to solve. > > Can you explain what problem needs to be solved, for whichever > community > it is that needs to deploy these longer prefixes? > > I presume there is a real problem. But I can not tell from your > description what it is. > > Thank you, > Joel > > On 11/9/2020 8:37 PM, Gyan Mishra wrote: > > This is a separate issue from 3GPP PDP handset segmentation issue to > > downstream devices. > > > > This issue exists with any deployments where the operator would > like to > > deploy >64 prefix length host subnets at data center or access > layer and > > this could be an enterprise or service provider use case where the > > router infrastructure is statically configured so no PD here. > > > > So in this case the operator would like to deploy >64 prefixes > and has > > let’s say all servers are configured with static and all access > hosts > > are configured with dhcpv6 stateful RFC 8415. No PD here. So > we have > > both static and stateful hosts on the same subnet. > > > > So now you have SLAAC hosts that get added to that same subnet > that now > > don’t support static or DHCPv6 stateful let’s say Chromebook or > could be > > any device type for example and now your are in trouble. > > > > So now due to SLAAC not supporting longer prefixes that very real > fear > > of host operating systems that may only support slaac you and up > in an > > terrible interoperability situation that you have to change your > prefix > > length for all devices back to /64 so that all devices types with > the 3 > > different IPv6 address allocation scheme can operate on the same > subnet. > > > > So due to this major 17 year issue operators have not been able to > > deploy longer prefix lengths to host subnets. > > > > This is a MAJOR problem for all operators. > > > > > > Hope that helps clarify the interoperability issue. > > > > > > Gyan > > > > On Mon, Nov 9, 2020 at 8:06 PM Joel M. Halpern > <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com> > > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>> wrote: > > > > You say "In deployment cases where you would like to deploy > longer > > prefix length subnets". > > What problem are you facing that requires longer subnets? I > understand > > that problems that have been raised that require delegation. > That is > > not tied to longer or shorter, and I think is better addressed by > > shorter prefix lengths. > > > > Is there some other problem you face that leads to needing longer > > prefix > > lengths? > > > > Yours, > > Joel > > > > On 11/9/2020 7:35 PM, Gyan Mishra wrote: > > > > > > This may have gotten lost in all the threads so starting a new > > thread. > > > The issue is interoperability related issue between the > 3 IPv6 > > > addressing options that had been broken for 17 years. > > > > > > Problem Statement: > > > > > > The main point I am trying to make is that static address > > configuration > > > and DHCPV6 stateful RFC 8415, you can have any prefix > length prefix. > > > SLAAC with A flag set requires a 64 bit IID and that > stems from RFC > > > 4291 modified EUI64 mac based IID generation. However, > now with > > random > > > IID generation schemes with RFC 4941 privacy extension and > RFC 7217 > > > stable IID you can generate any length IID. > > > > > > The operational issue with SLAAC not supporting any prefix > length > > in PIO > > > and requirement for the 64 bit boundary is that in a > deployment > > scenario > > > where you would like to deploy longer prefix length > subnets with > > a mix > > > of server hosts with static address and mix of client > hosts with > > managed > > > address M=1 that get their 128 bit address from the DHCPv6 > server > > pool, > > > the fear has always been that if a device came up on the > subnet that > > > only supports SLAAC it would not work due to the SLAAC A > flag set > > and 64 > > > bit IID requirement. In that case the SLAAC host would not be > > able to > > > communicate with any of the devices with a longer prefix > > including the > > > router. > > > > > > So that fear of interoperability of SLAAC hosts not being > able to > > > support longer prefix lengths has prevented operators from > being > > able to > > > deploy subnets with longer prefix lengths, as it’s hard to > > predict that > > > all hosts will be able to support static or stateful and > so you > > may end > > > up in a situation where a device type may only support > SLAAC so > > then you > > > are in trouble deploying longer prefix lengths. > > > > > > Due to the SLAAC 64 bit IID restrictions it has prevented > > operators from > > > deploying “host” subnets with >64 bit prefix lengths. > > > > > > f you go to the “root” of the problem the root is the > original IPv6 > > > specification RFC 1884 dated 1995, RFC 2373 dated 1998, > RFC 3513 > > dated > > > 2003 and now the present RFC 4291 dated 2006. As soon > EUI64 mac > > based > > > IID become not recommendedR and obsolete the standard > should have > > > immediately updated RFC 4291 as the dependency on fixed > IID is no > > longer > > > as now random IID generation schema starting with RFC 4941 > privacy > > > extension dated 2007 soon became standard for all OS > vendors and > > later > > > RFC 7217 stable IID became an alternative option to provide a > > “random” IID. > > > > > > Once random IID became mainstream in all Host Operating > Systems > > it was > > > at that moment that the standard should have changed to update > > RFC 4291 > > > to permanently remove in all RFCs any mention of 64 bit > boundary. > > > > > > So this change if I do the math is now 13 years past due. > Even > > if you > > > gave a few years for host operating systems to adopt the new > > standard > > > which I believe back then was fairly quickly the standard > should > > have > > > changed eliminating the 64 bit boundary. > > > > > > Think of all the problems “Day 17 years” this has caused > and even > > now > > > all of these threads. > > > > > > This is clearly an IETF standards issue and needs to be fixed. > > > > > > We can’t pass the blame to operators to dole out shorter > prefixes or > > > support PD. The IETF really needs to take onus end fix the > > broken standard. > > > > > > Not going to happen for PDP as their are technical issue > related > > to the > > > Mobile Network Gateway to support PD. I will try to dig > up the > > exact > > > reason but the network element is very different then a BNG > > broadband > > > gateway which supports most all L3 features. > > > > > > As far as 3GPP operators they are following the well > documented > > RIPE-690 > > > which only requires allocation of /64. The main reason mobile > > operators > > > are not making shorter prefix a standard is that is > overkill from > > their > > > perspective as you may have many mobile handsets in a > household and > > > there is no reason for everyone at a single location to have > > shorter > > > prefixes per PDP. When you are at honme you use your wired > > broadband > > > and when are away from home on the road on 3GPP on PDP is > when the > > > segmentation comes into play to subdivide the /64 prefix to > > downstream > > > devices but in a household is only needed to be provided > by one > > of the > > > devices. > > > Bottom line is from a 3GPP provider standpoint it does not > make > > sense to > > > provide a shorter prefix and I don’t think that will ever > change > > even > > > with 5G PDP. > > > > > > Fixed 5G broadband which is a wired broadband replacement will > > follow > > > RIPE-690 guidelines and will allocation much shorter > prefixes as > > with > > > network slicing and other capabilities with 5G offers the > > requirements > > > exist for shorter prefixes. Not so much for PDP. > > > > > > > > > > > > > > > > > > https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators > <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators> > > > <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators>> > > > > > > > > <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators> > > > <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators <https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators>>> > > > > > > > > > 4.2.4. Considerations for Cellular Operators > > > > > > There is a clear exception to the rule described above when > > assigning > > > prefixes in a cellular network. In this case, a /64 will > need to be > > > provided for each PDP context for cellular phones, whereas > for LTE > > > modems/routers, i.e. in the case of broadband by means of > cellular > > > access, it will still be necessary to choose a /48 or /56 in > > accordance > > > with the aforementioned considerations. > > > > > > > > > RFC 3177 for a default /48 allocation which is obsoleted > by 6177 > > which > > > takes a step back and is now not making any > recommendations and is > > > putting the onus on operators to figure it out and do what > they > > feel is > > > best which would definitely not be one size fits all approach. > > > > > > Please read the summary section in RFC 6177 below > > > > > > > > > 5 <https://tools.ietf.org/html/rfc6177#section-5 > <https://tools.ietf.org/html/rfc6177#section-5> > > <https://tools.ietf.org/html/rfc6177#section-5 > <https://tools.ietf.org/html/rfc6177#section-5>>>. Summary > > > > > > > > > > > > The exact choice of how much address space to assign end > > sites is an > > > issue for the operational community. The recommendation > > inRFC 3177 <https://tools.ietf.org/html/rfc3177 > <https://tools.ietf.org/html/rfc3177> > > <https://tools.ietf.org/html/rfc3177 > <https://tools.ietf.org/html/rfc3177>>> > > > [RFC3177 <https://tools.ietf.org/html/rfc3177 > <https://tools.ietf.org/html/rfc3177> > > <https://tools.ietf.org/html/rfc3177 > <https://tools.ietf.org/html/rfc3177>>>] to assign /48s as a default > > is not a requirement of the > > > IPv6 architecture; anything of length /64 or shorter > works from a > > > standards perspective. However, there are important > operational > > > considerations as well, some of which are important if > users > > are to > > > share in the key benefit of IPv6: expanding the usable > > address space > > > of the Internet. The IETF recommends that any policy > on IPv6 > > address > > > assignment policy to end sites take into consideration the > > following: > > > > > > > > > Thanks > > > > > > Gyan > > > > > > > > > Sent from my iPhone > > > > > > > -------------------------------------------------------------------- > > > IETF IPv6 working group mailing list > > > ipv6@ietf.org <mailto:ipv6@ietf.org> <mailto:ipv6@ietf.org > <mailto:ipv6@ietf.org>> > > > Administrative Requests: > > https://www.ietf.org/mailman/listinfo/ipv6 > <https://www.ietf.org/mailman/listinfo/ipv6> > > <https://www.ietf.org/mailman/listinfo/ipv6 > <https://www.ietf.org/mailman/listinfo/ipv6>> > > > > -------------------------------------------------------------------- > > > > > > > -- > > > > <http://www.verizon.com/ <http://www.verizon.com/>> > > > > *Gyan Mishra* > > > > /Network Solutions A//rchitect / > > > > /M 301 502-1347 > > 13101 Columbia Pike > > /Silver Spring, MD > > > > > > -- > > <http://www.verizon.com/> > > *Gyan Mishra* > > /Network Solutions A//rchitect / > > /M 301 502-1347 > 13101 Columbia Pike > /Silver Spring, MD > >
- “DHCPv6, SLAAC, Static Day X - 17 year interopera… Gyan Mishra
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Joel M. Halpern
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Gyan Mishra
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Ca By
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Mark Andrews
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Joel M. Halpern
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Gyan Mishra
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Gyan Mishra
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Joel M. Halpern
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Mark Andrews
- Re: Re: “DHCPv6, SLAAC, Static Day X - 17 year in… Michael Richardson
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Ca By
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Mark Andrews
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Ted Lemon
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Joel M. Halpern
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Gyan Mishra
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Mark Andrews
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… JORDI PALET MARTINEZ
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Mikael Abrahamsson
- Re: [**EXTERNAL**] Re: “DHCPv6, SLAAC, Static Day… Mudric, Dusan
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Alexandre Petrescu
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Joel M. Halpern
- Re: Re: “DHCPv6, SLAAC, Static Day X - 17 year in… Gyan Mishra
- Re: “DHCPv6, SLAAC, Static Day X - 17 year intero… Alexandre Petrescu