WGLC comments about scoping-arch
Pekka Savola <pekkas@netcore.fi> Mon, 03 November 2003 09:29 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24919 for <ipv6-archive@odin.ietf.org>; Mon, 3 Nov 2003 04:29:21 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AGb19-0000ew-J8 for ipv6-archive@odin.ietf.org; Mon, 03 Nov 2003 04:29:01 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hA39SxeS002534 for ipv6-archive@odin.ietf.org; Mon, 3 Nov 2003 04:28:59 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AGb19-0000en-9u for ipv6-web-archive@optimus.ietf.org; Mon, 03 Nov 2003 04:28:59 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24852 for <ipv6-web-archive@ietf.org>; Mon, 3 Nov 2003 04:28:48 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AGb16-0002Xl-00 for ipv6-web-archive@ietf.org; Mon, 03 Nov 2003 04:28:56 -0500
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AGb16-0002Xi-00 for ipv6-web-archive@ietf.org; Mon, 03 Nov 2003 04:28:56 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AGb0E-0000Qq-P0; Mon, 03 Nov 2003 04:28:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AGazi-0000PC-S1 for ipv6@optimus.ietf.org; Mon, 03 Nov 2003 04:27:30 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24792 for <ipv6@ietf.org>; Mon, 3 Nov 2003 04:27:20 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AGazf-0002WM-00 for ipv6@ietf.org; Mon, 03 Nov 2003 04:27:27 -0500
Received: from netcore.fi ([193.94.160.1]) by ietf-mx with esmtp (Exim 4.12) id 1AGaze-0002Vz-00 for ipv6@ietf.org; Mon, 03 Nov 2003 04:27:26 -0500
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id hA39Qub29362 for <ipv6@ietf.org>; Mon, 3 Nov 2003 11:26:56 +0200
Date: Mon, 03 Nov 2003 11:26:55 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: ipv6@ietf.org
Subject: WGLC comments about scoping-arch
Message-ID: <Pine.LNX.4.44.0311031123110.29313-100000@netcore.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Hi, Below are my LC comments on the scoping-arch document. In general, I think the document is in a pretty good shape, but can be improved slightly. I think it should be possible to send the document to the IESG after a revision. Two major points to note: - the ICMPv6-bis document is stalled and blocks the progress of this work as its currently written, and - in the usage examples section, we should be double careful not to give an impression that the applications should need to deal with scope indexes, etc. stuff beyond the address itself. There may be some disagreement about this in the WG, but getting a neutral rewording for "application assumptions" seems to be necessary. substantial ----------- 1) the number of authors is too many (6). No more than 5 is allowed. I'd suggest removing one, or putting everyone except the current document editor as only authors and list only one editor of the document. 2) there is some really, really weird text in section 4 about address scopes: [1] defines IPv6 addresses with embedded IPv4 addresses as part of global addresses. Thus, those addresses have global scope, with regards to the IPv6 scoped address architecture. However, an implementation may use those addresses as if they had other type of scopes for convenience. For instance, [7] assigns link-local scope to IPv4 auto-configuration addresses, and converts those addresses into IPv4-mapped IPv6 addresses in order for destination address selection among IPv4 and IPv6 addresses. This would implicitly mean IPv4-mapped addresses correspondent to IPv4 auto-configuration addresses have link-local scope. This document does not preclude such a usage, as long as it is limited within the implementation. ==> that is, there are no "IPv4 auto-configuration" addresses. This probably tries to refer to DHCP link-local addresses / zeroconf addresses, but those are actually *very* far from the intent here. Further, note that the second-last paragraph is not suitably clear about the connection of the link-local mapped addresses and the equivalent IPv4 addresses. Also note "in order for destination ...", should be "in order to perform destination...". This section is probably a result of getting rid of RFC1918 + site-local scoping, but failing to reword it appropriately. I'd suggest e.g. something like: [1] defines IPv6 addresses with embedded IPv4 addresses as part of global addresses. Thus, those addresses have global scope, with regards to the IPv6 scoped address architecture. However, an implementation may use those addresses as if they had other type of scopes for convenience. For instance, [7] assigns link-local scope to IPv4 auto-configured link-local addresses (the addresses from the prefix 169.254/16 [X]), and converts those addresses into IPv4-mapped IPv6 addresses in order to perform destination address selection among IPv4 and IPv6 addresses. This would implicitly mean the IPv4-mapped IPv6 addresses equivalent to the IPv4 link-local auto-configuration addresses have link-local scope. This document does not preclude such a usage, as long as it is limited within the implementation. .. where [X] is informational reference to: [9] S. Cheshire, B. Aboba, "Dynamic Configuration of IPv4 Link-local Addresses", Work in Progress. 3) I think this statement in section 5 needs to be spelled out a bit more: Each interface belongs to exactly one zone of each possible scope. .. that is, this could be read either as it's probably intended ("no interface must belong to more than one zone"), or as "each interface must be in a zone of each scope, even if it would have no addresses etc. from that scope". If the intent is the latter, this needs to be spelled out a bit more, if the former, a different wording should be used. 4) I'm not sure whether I see the immediate need for the unique subnet multicast scope assignment, as below: Furthermore, to avoid the need to perform manual configuration in most cases, an implementation should, by default, initially assign zone indices as follows, and only as follows: [...] o A unique subnet (multicast "scop" value 3) index for each interface ==> this seems mostly like a flawed concept anyway, because you don't really don't have a multicast "subnet" to begin with, because you don't assign multicast addresses on interfaces anyway. So, I'd consider removing this automatic default and requiring the subnet scope be configured manually. 5) In the section 7, "sending packets", IMHO it would be useful to actually describe the process of how the outgoing interface is identified, or refer to a section describing this (if it's in the default zone, no problem, but if you have e.g. two link-local interfaces....): Although identification of an outgoing interface is sufficient to identify an intended zone (because each interface is attached to no more than one zone of each scope), that is more specific than desired in many cases. 6) In the section 9, "Forwarding", I think the text about picking the destination address zone could be enhanced a bit: o The zone of the destination address is determined by the scope of the address and arrival interface of the packet. The next-hop interface is chosen by looking up the destination address in a (conceptual) routing table specific to that zone. That routing table is restricted to refer only to interfaces belonging to that zone. ==> that is, this does not seem to spell out whether the routing table could include more than just the interfaces of destination address zone -- i.e., in the case of a global destination address, the "interfaces belonging to that zone" is a bit confusing :-) 7) In the section 9, "Forwarding", the second rule about sending an ICMP DU is specified. Has it already been considered whether this applies to multicast destination addresses as well? In the past, we've been a bit more hesitant to send replies to the source of multicast packets (e.g. consider an almost-global multicast scope that leaks and the source would get e.g. thousands of "beyond the scope" packets..) ? o After the next-hop interface is chosen, the zone of the source address is considered. As with the destination address, the zone of the source address is determined by the scope of the address and arrival interface of the packet. If transmitting the packet on the chosen next-hop interface would cause the packet to leave the zone of the source address, i.e., cross a zone boundary of the scope of the source address, then the packet is discarded and an ICMP Destination Unreachable message [4] with Code 2 ("beyond scope of source address") is sent to the source of the packet. 8) multicast routing in section 10 is rather weak. This is a direct resolution of switching from unicast site-locals to multicast organization-local addresses. However, with multicast addresses, it is appropriate to use the terms "prefixes" to refer to multicast traffic. The multicast routing is so different from unicast, and the term is not qualified to convey the intended message here. Some rewording is needed, maybe express this using (*,G) or (S,G) state creation where the limits are placed on the group G. [...] information on five interfaces. The information exchanged is as follows (for simplicity, multicast scopes smaller or larger than organization except global are not considered here): o Interface 1 * All global prefixes * All organization prefixes learned from Interfaces 1, 2, and 3 9) I think the EBGP peering example should be removed from section 11.4. It seems just an incredibly bad idea to use just link-locals in an IX. This would cause serious problems e.g. if someone didn't include "next-hop-self" in their config. Further, this particular problem has already been solved by making IX-based addressing available through RIR's. So, IMHO, the paragraph should be removed: Another example is an EBGP peering. When two IPv6 ISPs establish an EBGP peering, using a particular ISP's global addresses for the peer would be unfair, and using their link-local addresses would be better in a neutral IX. In such a case, link-local addresses should be specified in a router's configuration file and the link for the addresses should be disambiguated, since a router usually connects to multiple links. 10) Similar bad ideas are described in section 11.7, about how to use IPv6 addresses in URL's. The text seems to say that the apps should then strip the zone index and be able to parse it.. This would imply that apps handling URL's should be made aware of link-local addresses and the zone index parsing. This seems like a very, very wrong way to go: The preferred format for literal IPv6 addresses in URL's are also defined [9]. When a user types the preferred format for an IPv6 non- global address whose zone should be explicitly specified, the user could use the format for the non-global address combined with the preferred format. However, the typed URL is often sent on a wire, and it would cause confusion if an application did not strip the <zone_id> portion before sending. Also, the format for non-global addresses might conflict with the URI syntax [10], since the syntax defines the delimiter character (%') as the escape character. Hence, this document does not specify how the format for non-global addresses should be combined with the preferred format for literal IPv6 addresses. As for the conflict issue with the URI format, it would be better to wait until the relationship between the preferred format and the URI syntax is clarified. In fact, the preferred format for IPv6 literal addresses itself has same kind of conflict. In any case, it is recommended to use an FQDN instead of a literal IPv6 address in a URL, whenever an FQDN is available. ==> suggestion either revise the text significantly or add reword the middle sentence: However, the typed URL is often sent on a wire, and it would cause confusion if an application did not strip the <zone_id> portion before sending. Note that the applications should not need to care about which kind of addresses they're using, much less parse or strip out the <zone_id> portion of the address. Also, the format for non-global addresses might conflict with the URI syntax [10], since the syntax defines the delimiter character (%') as the escape character. 11) Note that there is a normative reference to the ICMPv6-bis document, which has been pretty much stalled for the last 2 years or so. This document cannot be published before ICMPv6-bis is also published. The ICMPv6-bis seems integral to this specification, so I think the options are either to revise the text about sending ICMP DU "beyond the scope of source address" messages (removing it), or kicking off the effort for getting ICMPv6-bis out of the door: [4] Conta, A. and S. Deering, "Internet Control Message (ICMPv6) for the Internet Protocol Version 6 (IPv6)", Internet Draft draft- ietf-ipngwg-icmp-v3-02.txt, November 2001. editorial --------- Though the current specification [1] defines unicast site-local addresses, the IPv6 working group decided to deprecate the syntax and ==> s/current/current address architecture/ (to be clear not to confuse with this spec :-) The terms link, interface, node, host, and router are defined in [3]. The definitions of unicast address scopes (link-local and global) and multicast address scopes (interface-local, link-local, etc.) are contained in [1]. ==> I'd try to find a different word than "contained", but that's ~OK as well. Two interfaces to the same Ethernet, ==> s/Ethernet/Ethernet link/ o The zone of the new destination address is determined by the scope of the next address in the Routing Header and arrival interface of the packet. The next-hop interface is chosen just like the first bullet of the rules above. ==> reword to something like below, to spell out what the next address was: (also, add "the" before arrival): o The zone of the new destination address is determined by the scope of the next address in the Routing Header (the original destination address of the received packet) and the arrival interface of the packet. The next-hop interface is chosen just like the first bullet of the rules above. ... Note that it is possible, though generally inadvisable, to use a Routing Header to convey a non-global address across its associated zone boundary. ==> I'd be a bit more explicit than this.. the convey in this case means that a link-local address is encapsulated in the "next address" field but is not going to be used. Try e.g.: Note that it is possible, though generally inadvisable, to use a Routing Header to convey a non-global address across its associated zone boundary in the previously-used next address field, similar as one can convey the information in the protocol payloads as well. (could also omit from "similar.." not sure if that's good..) ... For example, consider a case where a link-border node (e.g., a router) receives a packet with the destination being a link- local address. ==> continute the last sentence like: local address, and the source address a global address. Note: since unicast site-local addresses are deprecated, and link- local addresses does not need routing, the discussion in this section ==> s/does/do/ o Interface 3 * All global prefixes * All organization prefixes learned from Interface 1, 2, and 3 ==> s/Interface/Interfaces/ identify a particular zone of the address' scope. Although a zone ==> s/address'/address's/ When an implementation interprets the format, it should construct the "full" zone ID, which contains the scope type, from the <zone_id> part and the scope type specified by the <address> part. ==> unless I have completely misunderstood the spec, the first "scope type" should actually be "scope zone" :-) Here is a concrete example. Consider a multi-linked router, called "R1", that has at least two point-to-point interfaces (links). Each of the interfaces is connected to another router, called "R2" and "R3", respectively. Also assume that the point-to-point interfaces are "unnumbered", that is, they have link-local addresses only. ==> this is an "ipv6-centric" definition of unnumbered. Classically, unnumbered interfaces have no addresses *at all*. So, I'd use a different wording than "unnumbered", or maybe "globally unnumbered" would be good enough even though it sounds odd.. here, since R1 has more than one link and hence the telnet command cannot detect which link it should try to connect. Instead, we should type the link-local address with the link index as follows: ==> s/try to connect/try to use for connecting/ !! (one doesn't connect to a link.. :-) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- WGLC comments about scoping-arch Pekka Savola
- Re: WGLC comments about scoping-arch Markku Savela
- Re: WGLC comments about scoping-arch Pekka Savola
- Re: WGLC comments about scoping-arch JINMEI Tatuya / 神明達哉
- Re: WGLC comments about scoping-arch JINMEI Tatuya / 神明達哉
- Re: WGLC comments about scoping-arch Pekka Savola
- Re: WGLC comments about scoping-arch Atsushi Onoe
- Re: WGLC comments about scoping-arch JINMEI Tatuya / 神明達哉