IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Mark Smith <markzzzsmith@gmail.com> Thu, 21 February 2019 22:46 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7882130E68; Thu, 21 Feb 2019 14:46:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAt7reX8iDwA; Thu, 21 Feb 2019 14:46:31 -0800 (PST)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CAE0129C6A; Thu, 21 Feb 2019 14:46:31 -0800 (PST)
Received: by mail-ot1-x333.google.com with SMTP id v20so249338otk.7; Thu, 21 Feb 2019 14:46:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=wYjo3Zm0XG2nzxHWBGVrjRQ2TKZeBO+OIHTsxTOxZCo=; b=n/OBIn6VfHeH+baC8DizNbaE9SsExuWvyfWUykCUlIsPPpDmSi+zrwMF9sNsXjx88N 47E39gS0h4YfHnO1dxzzNbbZ1Q89FhWKUYYX0NYXra2eG7Gxvhh3BdapcP2BaSLTFZ/n ewEjgZZIoEEHydIFefa0KjZmo6Y8fS9+/k9xb9x7FSffs48JFUyOcWLOi24K7T2V7ZoH IJIJFvo4tl9TXDCCzSY+J5HuJi1Qwx9qj6OAMoQP3VEb1AbYc5Dr89C34VU3x7dINODk CYoGwWJD+2K7SO1lGAIaZx349weYCugyl5PQkOBwP9D99lOljKaqqEGFotdp20n0tdsh XerA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=wYjo3Zm0XG2nzxHWBGVrjRQ2TKZeBO+OIHTsxTOxZCo=; b=Ixwse4F/PiP0pvCw6IbSt2PqstKXoyexd/wfQiB/FfqEWQCPjZqVB0Wxd3ZcQ/Ioll WaCMFU8btFy8CYDscDeCqnaXgwZ1Ntakzt+gL8WHJ/VTs0Zq+5PfKQxZuj92p//YpXwz qNwuPJcADl8Hh9PeJHUXIZxe4phYHlfQ0+HzasWyOF/F0zfsFXrGvoagA+Zixz27JbRL Eu0jjU0Xbi9NuMmJQ5D/Jp5xASazibGN0uzuBiQFsL6A2oWeRnv5xQD3UncoJbQ/9lcP Q1oMrPXiTOPzLGazndc/Xs8vx+YKHakCwwif8t/Z9XxDz+bhJwnbWBKcwZ0LkGGu937f cXsg==
X-Gm-Message-State: AHQUAuaRz/YhHbmPbshYE8BMcW6qPUs9cAkd4k4hI0huYxISmKzOyb6f AgtPASzZukHQJurmYYT0VEm/KtdwswNNGxPwsDQ=
X-Google-Smtp-Source: AHgI3IaKOEpLXRGRF+lj3FNe6G2nXPbJMfE1qqIHzrxco1C+atMS3DrK7iQYWFIVboCE4KK+Q1hMwNLK8Oe5nJEdb+E=
X-Received: by 2002:a9d:6d0c:: with SMTP id o12mr697714otp.256.1550789190272; Thu, 21 Feb 2019 14:46:30 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com>
In-Reply-To: <a73818d31db7422b99a524bc431b00ed@boeing.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 22 Feb 2019 09:46:03 +1100
Message-ID: <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com>
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
To: "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>
Cc: IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Ge_h3KQIrDXE6woyx9ojZdKxB5c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 22:46:33 -0000

On Fri, 22 Feb 2019 at 08:53, Manfredi (US), Albert E
<albert.e.manfredi@boeing.com> wrote:
>
> From: Mark Smith <markzzzsmith@gmail.com>
>
> > That's because applications that would be best performing, most robust and more secure with a peer-to-peer communications model are forced to adopt an absolute client-server model (where the server is a much more likely performance bottleneck, the server becomes a SPOF for all clients using it at the time, and the server is a natural interception point for a malicious server operator).
>
> Even if it's only the prefix that changes? I don’t get that. Peer to peer can be made to work there too.

"made to work" implies work arounds. The IP layer has a peer to peer
nature - any node should be able to directly send to any other node,
just by having the other node's address. If a device has to send it's
packets through a third party to reach the actual party it wishes to
communicate with, it isn't a peer of the latter party. It is now a
client of the middle relay party.

This isn't the place to rehash the NAT discussion (because IPv6 + NAT
doesn't provide any benefits over IPv4 + NAT, and that makes IPv6
pretty much pointless.)

Have a look at the following presentation on NAT from a few years ago,
where I think I did something different to other NAT presentations - I
compared NAT to what I describe as a network operator's "Network
Critical Success Factors". Any questions/comments, we can discuss
off-list.

"The Trouble with NAT (Or why I care about IPv6)"
https://www.ausnog.net/sites/default/files/ausnog-2016/presentations/1.2_Mark_Smith_AusNOG2016.pdf

(APNIC asked me to write up a few blog articles on it if you want a
longer read - https://blog.apnic.net/author/mark-smith/)


> I agree if you're talking about NAPT, though. Those basic NAT firewalls I alluded to previously support peer-peer quite nicely.
>

So I think there's commonly a big different between works and works
well. NAT may work, however compared to stateless IPv6 (and IPv4)
forwarding, it doesn't work anywhere as near as well.

Regards,
Mark.



> Bert

v2.23.0 | Report a Bug | By Email