IETF Logo Mail Archive

Re: Disabling temporary addresses by default?

Gyan Mishra <hayabusagsm@gmail.com> Sun, 02 February 2020 16:11 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0AA8120127 for <ipv6@ietfa.amsl.com>; Sun, 2 Feb 2020 08:11:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MdxQHwlKCWdL for <ipv6@ietfa.amsl.com>; Sun, 2 Feb 2020 08:11:57 -0800 (PST)
Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B2B5120125 for <ipv6@ietf.org>; Sun, 2 Feb 2020 08:11:57 -0800 (PST)
Received: by mail-il1-x12e.google.com with SMTP id o13so10509504ilg.10 for <ipv6@ietf.org>; Sun, 02 Feb 2020 08:11:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gZJ0LYkGlIJ9hpk38jogZfwFhOnNCzDBpl+uIPy9bBY=; b=Z/v+fKvjvLwhTyIOkyKIDMQ6xcQyNBKfv+rySJj9Rn7zk/Sl2qG7JR6ZVTIzyHK2ph zveCn7pkzlQsnNzsobGqnTkPQSllRODaQEt+/kINx8gCejR/Kr7CX0+rUnyI0WQ92IBU ZjdT69f+1gzBPT89Sq6xv72wYlkSGYnxod6/mBvgo+zvIAQRlywByKjVR4s0lsyP+F1m ocCYiMRsCrYd0FKJ4FEwa43UfSM6jWsLTFgNU7WKD2eHTZDzbhgDhUgSLZi9dd6i1ZLd hGOXzLBD3ieCFV/VcxxbbFbUYR+6I4BdOPsgPkuwdVIB6jXlICMoQaOv3Ssgi5jARhqN GJ2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gZJ0LYkGlIJ9hpk38jogZfwFhOnNCzDBpl+uIPy9bBY=; b=NE5tMm4ksPaTlRJeVPnRc5EB+MrTTCUopqoF81tWHapVDcJGyIkYYJOUNPgVW2UvNy lwl6zYJOKv7sikk2RLwfybPFYVpkcHewZqmSeponOcGrX5POBzf/+y+Mur9MmDO1Vyc3 kEcDeaMHjZHUExwAHJtMsRQd9oL1ERwJKnZrlOBncU2RoGntoZJiF9v0hQGRpEViF6d1 +6Z96Y/PNV3pz3gAve9YQ+SU99x+D8MoIaR0u+5OSyED4CF2o5Pw2xARLnDOXKqoiqFz Tqu0bsv33Fj2aaiCK504VxBDxkbpmnKb1TgE/6VE4ZmLpGM6o9zsQYBQcA/N0dBs/oTT MM3g==
X-Gm-Message-State: APjAAAVdYuyI+GfVrr8DogFzQ23WiZFWePvYbrhkZ5Ru+FEwR2bdibNG IBPWMfx2nu2eVz9cxawlf9G7zex2xv51uR3N+/s=
X-Google-Smtp-Source: APXvYqykl3u29yJBRJeZhoM26pjcgJYfUvRSvFW9km6e7mgN1gM4o8E6lbQqEcDpX/Q5+7GFXnvDQc4194CJei+WjyQ=
X-Received: by 2002:a92:d090:: with SMTP id h16mr12214867ilh.78.1580659916536; Sun, 02 Feb 2020 08:11:56 -0800 (PST)
MIME-Version: 1.0
References: <CAO42Z2we-rJTdou9pR8509J1wS95Hfz67+=ThxKJkEZpTe0H4Q@mail.gmail.com> <F29AC68B-6C69-4AEB-B0BA-7DE77281E431@puck.nether.net>
In-Reply-To: <F29AC68B-6C69-4AEB-B0BA-7DE77281E431@puck.nether.net>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Sun, 02 Feb 2020 11:11:18 -0500
Message-ID: <CABNhwV1vLM3LJnb=HSBtwoBz+4BtL9aYKmWpUqE4tGumKGhA3w@mail.gmail.com>
Subject: Re: Disabling temporary addresses by default?
To: Jared Mauch <jared@puck.nether.net>
Cc: Mark Smith <markzzzsmith@gmail.com>, 6man WG <ipv6@ietf.org>, Christian Huitema <huitema@huitema.net>, Fernando Gont <fgont@si6networks.com>
Content-Type: multipart/alternative; boundary="000000000000d60247059d9a1089"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/FF3Hk66Pm4bFH8peXwJ_wPUJN7E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 16:12:00 -0000

On Sun, Feb 2, 2020 at 8:16 AM Jared Mauch <jared@puck.nether.net> wrote:

>
>
> On Feb 2, 2020, at 3:53 AM, Mark Smith <markzzzsmith@gmail.com> wrote:
>
> 
>
>
> On Sun, 2 Feb 2020, 19:05 Jared Mauch, <jared@puck.nether.net> wrote:
>
>> They are also useful and needed when debugging hashing or 802.3ad related
>> issues. To debug the flow hash you often need stable addresses which are
>> not easily changed
>
>
> Can you explain how you do this troubleshooting? Do you spoof end users
> addresses?
>
>
> No you try to find a combination of source ip, dest ip, protocol and
> source plus dest ports that aren't working and debug from there.
>
> The routers/hardware compute a hash from these tuples plus some initial
> entropy to assign traffic to a specific link member. If you have 4 or 6x
> 100g links (for example) you may see one link member misbehaving from a
> software bug or programming issue. You have to debug these layers to find
> the bad link.
>
> Some of the vendors make seeing their hash calculation easier than others.
> If we want to fix the bug we have to leave it broken or reproduce it for
> the developers.
>
> You may see this as 1:16 flows behaves poorly or is dropped. Sometimes you
> are more unlucky than others.
>

   Gyan> The L2 or L3 hash algorithm in generating the hash is vendor
proprietary usually an XOR of the tuple.  For example, Cisco lb hash for
all of their IOS flavors is generated using source/destination by default,
however you can add port to the lb hash alg making it a tuple.

   The lb hash alg  feature is pretty basic and is standard operation for
most all vendors which have a  CLI show command to determine what member
ink of L2 bundle the src/dest flow is taking.  I am not aware of any Cisco
bugs.

    Which vendor are you referring to regarding software bug or programming
issue?

> or provided by the average user who just expects the technology to work.
>
>
> Temporary addresses have been the default on Apple OS X since Lion in 2011
> and Windows Vista in 2007. That doesn't seem to have prevented IPv6 working
> for the average user.
>
>
> HE may mask the issue so the end user isn't seeing issues but doesn't stop
> things from working.
>
> Day in the life of an operator perspective on making things too hard to
> debug automatically. We try but sometimes it takes that user report.
>
> This is aside from my concerns about the hyper privacy people blowing out
> ND.
>
> If you are spending all your time in software/centralized lookup platforms
> you are missing out on the joys of debugging networks based on ingress
> interface and these hash calculators
>


> Gyan> Most all newer platforms across all vendors are hardware based and
> of course the larger platforms have distributed LC FIB versus centralized
> processor.
>
>
>
>
>> Sent from my iCar
>>
>> > On Feb 1, 2020, at 4:24 PM, Gyan Mishra <hayabusagsm@gmail.com> wrote:
>> >
>> > Stable random IPv6 address works best to meet the objective of an
>> enterprise.
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>

-- 

Gyan  Mishra

Network Engineering & Technology

Verizon

Silver Spring, MD 20904

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com

v2.23.0 | Report a Bug | By Email