IETF Logo Mail Archive

Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-07.txt

Ted Lemon <mellon@fugue.com> Fri, 05 April 2024 14:29 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0ECFC23C2E1 for <ipv6@ietfa.amsl.com>; Fri, 5 Apr 2024 07:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OQH4QJcQRWC for <ipv6@ietfa.amsl.com>; Fri, 5 Apr 2024 07:29:56 -0700 (PDT)
Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F7C0C23BCF3 for <ipv6@ietf.org>; Fri, 5 Apr 2024 07:29:55 -0700 (PDT)
Received: by mail-qv1-xf34.google.com with SMTP id 6a1803df08f44-6963cf14771so18041206d6.3 for <ipv6@ietf.org>; Fri, 05 Apr 2024 07:29:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1712327394; x=1712932194; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NORmGh6dc/pONK0sqw702lgcXT0RK0ctbFYNPdYjR3k=; b=0DoyR3D9kLRy07/2Yf5pXPHtC+NzsrHw2Je42opDLM87hYXTao+Wtg/G8Jl4JTiUWi GGkiS/vL96/FooM8G3MHGkIE/5ksWSLrVHnR8nVbjDNVCL0wq5ydoxFufJVvwmVhmk8d a/dBTaLZ4hLV78puXqSVZi642NssjByAMV9chTHC9MCSP6WTXMlR9Ek9KbeuPZ5YniaQ niQpM7RUsxZYGpSfHq+fuyPhWMb33LvRSmHV9sQhfQUpKDfMYFZR4kFu+l29e3NxmcgM sHLb1AxuwJnK2jHmp7Bthw2wz71LehvBmJ/QW4RF+sxh9hIwu9FVQJAiYCWibiMFw0P6 YZuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712327394; x=1712932194; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NORmGh6dc/pONK0sqw702lgcXT0RK0ctbFYNPdYjR3k=; b=ToUCT1NBtA+RkSs0T3qHlNtoXef2itmcyWBOxSqxx6sIbCqLK70Ax7M4LIooKvJDNF LY4Kj/C6P11ubC+vXBRaqN5RpfMxWeHC/aU9b/0H/O+UdVHgWz2LVvUzmCTxEQj46Kna Sbqi04VtzXO9kvGwzhtL5vI4wwic2hHF41kdsvJE+JHzIZ6E8qEs7+MrZNhxUii/lGDt R9FmSVAOeEgBZRsS/JARBhdt9TbVA+KsptwdPMGfLoBDdD4Suzvery555Lwi64WL4vQg gty5E6vLLTuDCGjBrxLwUmQh4mdLd8+vMgz2A12GWHEAD/pzh8nKkzFjRCWl4IpeUS3w JQKA==
X-Forwarded-Encrypted: i=1; AJvYcCWWJ1e32mAqMc2luZCHbC3sXriO0/o1IOfKOJqf7SYnkQv6fqOV3+qk+DLj13kpSHvyRxsYvls07aXxGQO1
X-Gm-Message-State: AOJu0YwuecP6hVvw1in+bMK6oEANXvVeAace2zaus6L+Gl16Hq757RwT OxD0aeEe6iHfxljtQlVcbb/bHucPE6J3FoGFC3vSzGp1R9kmzzpoafVL5QC+T2MJqVRIIxvg/7U 33zJbStqiiyyiTiyPKUYpGija3k/4LBfo1nDegw==
X-Google-Smtp-Source: AGHT+IF81021vYe/Q7bu8DOnIFUStjKGikGx4Wcd1Hy5PKpjmjx1sr9hBlWcjyRXNzsbJyOTilg4zeDBKogBvFJ9cuQ=
X-Received: by 2002:ad4:5c61:0:b0:699:26b2:31b3 with SMTP id i1-20020ad45c61000000b0069926b231b3mr1711734qvh.12.1712327394506; Fri, 05 Apr 2024 07:29:54 -0700 (PDT)
MIME-Version: 1.0
References: <171225751716.18509.12521562864612372012@ietfa.amsl.com> <a4063219-1cd5-4e06-bf42-b0ffebd2b419@gmail.com> <CAN-Dau3VrqfRR+4Eee7TOS1L2RAWbfWv87_QJH_u5gzVU1Av7g@mail.gmail.com>
In-Reply-To: <CAN-Dau3VrqfRR+4Eee7TOS1L2RAWbfWv87_QJH_u5gzVU1Av7g@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Fri, 05 Apr 2024 10:29:18 -0400
Message-ID: <CAPt1N1nq9V4H9kq+hf4YO-T6OUdYMv8Vmsd3Vpqf264Jm7mrKg@mail.gmail.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, ipv6@ietf.org
Content-Type: multipart/alternative; boundary="00000000000016d75c06155a4a1d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Gf7g6w1fMz_K7mPaPU0Tpl6Qh50>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-07.txt
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 14:30:00 -0000

It's not at all clear to me that the burden of implementation here is
sufficient to justify constrained devices not implementing the policy table
update. If we want to do that, I think we need to explain exactly what sort
of device we are talking about. Does the device not listen to RAs? Does it
always send packets to the default router? If not, it's probably already
doing things equivalently hard to maintaining a policy table.

Furthermore, what I originally proposed to address this was to simply
change the policy table without requiring it to be dynamically updated:
rather than having one type of ULA, have two: known and unknown ULAs. Known
ULAs have a higher priority than IPv6 GUAs and IPv4 addresses. Unknown ULAs
continue to be treated as before.

What then needs to be maintained is a list of known ULAs. I realize that
this isn't /that/ different from updating the policy table, but it is a bit
simpler in the sense that there's no complexity to it—you're just keeping
track of a list of ULAs, and when you do source/dest address selection each
ULA is checked against that table before checking against the policy table.

If constrained devices already support the policy table, I do not think
this additional work is onerous.

On Fri, Apr 5, 2024 at 2:45 AM David Farmer <farmer=40umn.edu@dmarc.ietf.org>
wrote:

>
> On Thu, Apr 4, 2024 at 2:52 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
>
>> All good changes, thanks.
>>
>
> +1
>
>
>> About this in section 3:
>>
>> "AUTHORS' NOTE: The authors have had feedback suggesting this requirement
>> should be a MUST, which would mean that "known-local" ULAs would take
>> precedence on compliant implementations over all IPv6 GUAs and all IPv4
>> addresses, but other general ULAs would not."
>>
>> I think the answer is clear, in section 8:
>>
>> "Receiving a DNS response for a ULA destination that is not attached to
>> the local network... will typically fail..."
>>
>> That justifies the MUST in my opinion. But I agree we need to hear from
>> kernel implementers.
>>
>
> Ideally, I'd like to see all IPv6 implementations automatically insert
> "known-local" ULAs into their policy table. From that point of view, I
> support MUST.
>
> However, should constrained devices be an exception? If so, are there any
> other exceptions? If there are exceptions, SHOULD might make more sense
> than MUST.
>
> Also, SHOULD allows for a two-phase implementation approach. Phase one is
> a mostly trivial change to the default policy table that can be implemented
> quickly and easily. Phase two is a fairly complicated addition of a new
> feature for inserting "known-local" ULAs into the policy table that
> probably needs quite a bit of testing before going into production.
>
> In the long run, MUST is the right answer. However, SHOULD could have some
> short-term advantages.
>
> In either case, since I'm not aware of any implementations of the current
> MAY, I'd like to see some proof-of-concept running code to make sure what
> we think we are saying is actually doable.
>
> Thanks.
>
> Nit: in the .txt version, there is a glitch in the rendering of Rule 5
>> at the beginning of section 8.1 - the newlines have been lost.
>>
>
> There are a number of rendering glitches that I mentioned previously.
>
>
>> Regards
>>     Brian Carpenter
>>
>> On 05-Apr-24 08:05, internet-drafts@ietf.org wrote:
>> > Internet-Draft draft-ietf-6man-rfc6724-update-07.txt is now available.
>> It is a
>> > work item of the IPv6 Maintenance (6MAN) WG of the IETF.
>> >
>> >     Title:   Preference for IPv6 ULAs over IPv4 addresses in RFC6724
>> >     Authors: Nick Buraglio
>> >              Tim Chown
>> >              Jeremy Duncan
>> >     Name:    draft-ietf-6man-rfc6724-update-07.txt
>> >     Pages:   15
>> >     Dates:   2024-04-04
>> >
>> > Abstract:
>> >
>> >     When RFC 6724 was published it defined an address selection
>> algorithm
>> >     along with a default policy table, and noted a number of examples
>> >     where that policy table might benefit from adjustment for specific
>> >     scenarios.  It also noted that it is important for implementations
>> to
>> >     provide a way to change the default policies as more experience is
>> >     gained.  This update draws on several years of operational
>> experience
>> >     to refine RFC 6724 further, with particular emphasis on preference
>> >     for the use of ULA addresses over IPv4 addresses and the addition of
>> >     mandatory support for Rule 5.5.  The update also demotes the
>> >     preference for 6to4 addresses.  The changes to default behavior
>> >     improve supportability of common use cases, including automatic /
>> >     unmanaged scenarios.  It is recognized that some less common
>> >     deployment scenarios may require explicit configuration or custom
>> >     changes to achieve desired operational parameters.
>> >
>> > The IETF datatracker status page for this Internet-Draft is:
>> > https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6724-update/
>> >
>> > There is also an HTMLized version available at:
>> > https://datatracker.ietf.org/doc/html/draft-ietf-6man-rfc6724-update-07
>> >
>> > A diff from the previous version is available at:
>> >
>> https://author-tools.ietf.org/iddiff?url2=draft-ietf-6man-rfc6724-update-07
>> >
>> > Internet-Drafts are also available by rsync at:
>> > rsync.ietf.org::internet-drafts
>> >
>> >
>> > _______________________________________________
>> > I-D-Announce mailing list
>> > I-D-Announce@ietf.org
>> > https://www.ietf.org/mailman/listinfo/i-d-announce
>> >
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
>
> --
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email