IETF Logo Mail Archive

[IPv6]Re: [v6ops] Why not add loopback semantics to 2001:db8::/32?

Mark Smith <markzzzsmith@gmail.com> Thu, 04 December 2025 03:38 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@mail2.ietf.org
Delivered-To: ipv6@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 53BEA9508ED1 for <ipv6@mail2.ietf.org>; Wed, 3 Dec 2025 19:38:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.599
X-Spam-Level:
X-Spam-Status: No, score=-0.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daogNbVe4Opx for <ipv6@mail2.ietf.org>; Wed, 3 Dec 2025 19:38:21 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F32599508EBC for <ipv6@ietf.org>; Wed, 3 Dec 2025 19:38:20 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id d9443c01a7336-29844c68068so6327505ad.2 for <ipv6@ietf.org>; Wed, 03 Dec 2025 19:38:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764819494; x=1765424294; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=lEKDuBRu2sVoeVZyqMrB8w41SKNAJP702YdKKaSeH/E=; b=eufHNTP5M3SDqljq2YstOzbs0Z4rmbaQqwlG9nyzwniwli8Ofe+7Gm8XDJCPafW1RD adFqgrg0LlgY9NtpkGFPLTM2RarQtJP/4ftOgAIuUiDYS70qivAQBzrPFyLeu4gyK2Vm GFbkNbLx3EYHenFgis3RbCn+oO8L6EonQ1KqF/Tj0FFFfl6GtpBRRI8ArdeGcoB0w+9M wb4CQwgFrRH8G6p2/r3K0Pvtg+j7FgDTp9KJBY840twx5ZBqUfUKOM7oOPBTADND4LVe McuF91PZ2rJziPnER0aAxH8w9uctkYpkYDL5ThA5bW93aWt/X1cpb+t5q0NM73ie72lI LHQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764819494; x=1765424294; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=lEKDuBRu2sVoeVZyqMrB8w41SKNAJP702YdKKaSeH/E=; b=BX7gfoEy3/sUM4+HVwV31zd7Opfij0rzpetqRdJTiCs1NP36U1X3cuR/x/v0d3jOEt TxmIa9ydcriY+J2ceneEObersaaE+w7ZYvGHdi9GPpY0+KnXELdHtEt30YcYBuFrnT2D u9DMQMB1+XjZ98WedqVJUdc1RTv4ovS3MYOIttzTBhQdE6+NJWwX9d9nnwl91ziyNtzF kDq4x9wLdh72O9Rlu9S3NQP5JWiHn/MnsVCB36woW49Qt7IxrGRNPSHLprVpo/XLxwCm SDsfOlLmTIa0uf8Dy8Dr81xAWolvG7Cuq8ssfqjqs/afevxrXtjjTC0jarTvKFXwbPCR cdsg==
X-Gm-Message-State: AOJu0YyXHnXH3Kazmq0o+qUxeCBTxdBY/AR11OdvOqmHQPRFe//r8WEM LX+MlR+43RKz4FsitUyb/3z4/jr6YVFZZSywcYpq9hTuPkPM2RQqBvpxKVYyGC6jZ8lzJsyve7k trvGTpy9wC/sn9mE5dkCrRzX9l4cuuf7fjC0t
X-Gm-Gg: ASbGncu4dWLv6qCZyb18ee2aw6tNZrwTDvpyxtH72T12TlkNE/KD8wrEM86sHhFDHKP GiA4M5LLu8Uk/Jtlw4ulh+w4XuOjyXZeEGNokv9t7ZT3/IczxNsBFO8DUQkJr42J4JWGUHjnwuV zgcx4ZR3g2Fr5js2mcdBtNcj4Q9GvraF/KnZcA0dI0PB+p1K/DNA0UmbX9uPOEEs3P/RARC2HGx Q5AhCLoNqipFLh5WlUDbIERJJY0BNukHTUqtTGhcYJnwgQgCdwZOvjTRjJdhQ9T4YdazA==
X-Google-Smtp-Source: AGHT+IHV5myy6HksSf9RoASq3YISjDdrAr8AOtyk40vRd1ntB4M8KTUOvwXhou8lM8T3S2xezIBpVs3Im3A0zBgxzPg=
X-Received: by 2002:a05:7022:23a4:b0:11a:962:99c2 with SMTP id a92af1059eb24-11df0cd9026mr3799249c88.38.1764819493902; Wed, 03 Dec 2025 19:38:13 -0800 (PST)
MIME-Version: 1.0
References: <CAO42Z2wRTfcKkoG8z_5JZM0FMpWimkni9-uR6RToTeFD8P-HPg@mail.gmail.com> <629E38C1-9E5D-42D5-BF1C-45FBCBF08F9C@delong.com>
In-Reply-To: <629E38C1-9E5D-42D5-BF1C-45FBCBF08F9C@delong.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 04 Dec 2025 14:37:47 +1100
X-Gm-Features: AWmQ_bkRnkeG3uEQuw19zps8raVfzunOSB3xQr3zT9-3MYY-QRHCXQOgPO8o0AY
Message-ID: <CAO42Z2xds0PaB1CHNpaYQaX0eaLVx7Tju9kiZ_ZEw6u+bmAixg@mail.gmail.com>
To: Owen DeLong <owen@delong.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: HQNRRRORNS3QCMMLRHPVOF5X4FQXS22Z
X-Message-ID-Hash: HQNRRRORNS3QCMMLRHPVOF5X4FQXS22Z
X-MailFrom: markzzzsmith@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 6man WG <ipv6@ietf.org>, v6ops list <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPv6]Re: [v6ops] Why not add loopback semantics to 2001:db8::/32?
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HPTBslnjeyk3Icbc2FccBoIRqbg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

Hi,

On Thu, 4 Dec 2025 at 13:18, Owen DeLong <owen@delong.com> wrote:
>
>
>
> > On Dec 2, 2025, at 00:09, Mark Smith <markzzzsmith@gmail.com> wrote:
> >
> > Hi,
> >
> > So I proposed a /32 in
> > draft-smith-v6ops-larger-ipv6-loopback-prefix-04 (specifically 1::/32)
> > because it facilitates many if not all testing scenarios - support for
> > multiple loopback interfaces, with each having a /64 to be consistent
> > with /64 subnet convention, allowing e.g. RFC7217 / RFC8981 IIDs to be
> > used if useful, in addition to human convenient 1:0:0:<subnet>::1 /64
> > addresses.
>
> I’m still trying to comprehend a testing scenario that would require this where GUA or ULA wouldn’t be a better choice.

Which would you prefer to manually type say 100 times during testing:

1::1, 1:0:0:2::1, 1:0:0:34:a:b:c:d

or

fd17:bf60:0865::1, fd17:bf60:0865:2::1, fd17:bf60:0865:34:a:b:c:d

?

Entries in /etc/hosts would avoid that issue, however sometimes you
don't want name resolution involved in your testing or perhaps it
might not be available.


 Loopback semantics imply addresses that are identical across all
machines, quasi-automatically configured, and not routable outside of
host scope. This is not to be confused with virtual interface
semantics (which loopback interfaces iare frequently (ab)used for in
IPv4) where a routable address is assigned to non-physical interface
to facilitate reachability regardless of which subset of physical
interfaces remain up. (e.g. the use of configured routable “loopback”
addresses on routers to terminate iBGP sessions).
>

You're conflating the properties of a loopback IP prefix with the
possible use of a loopback interface. Loopback interfaces can be
assigned addresses from a loopback IP prefix (the use cases I'm
talking about), keeping that traffic local to the host, or they could
be assigned addresses from a GUA or ULA prefix (the latter case you're
describing) and announced into the IGP or BGP.

That's actually where I originally got the idea of using multiple
loopback interfaces from - on routers with different addresses
assigned to different loopback interfaces (Cisco support that, just
'int loopback<number>' to create, last I checked, Juniper don't
support it) - one for the iBGP sessions, one for RADIUS client, one
for L2TP tunnel end point, one to ssh to etc.

If I needed to move a function (say an L2TP tunnel end point) to a
different router I just picked up the address assigned to the function
and moved the address to a function specific loopback interface on a
different router, without disrupting any of the others e.g. iBGP
sessions etc.,  because they're using different addresses.

A unicast IP address per function or service is quite useful, and you
can easily make it an anycast function/service if you want to by
duplicating somewhere else in the network.

You can also assign DNS A, AAAA, PTR and TXT RRs to the
function/service specific addresses to document them and refer to
them.

> I remain confused as to how the former would be useful and/or how having a dedicated prefix or expanded loopback semantic addresses would facilitate the latter or, frankly, what combination of the two you’re seeking in your testing scenarios.
>
> > Geoff and Warren's alternative proposal is currently suggesting a /96.
> >
> > If a /96 ended up being the choice, then I've thought I'd use
> > 2001:db8::/32 for any host-local loopback testing, since it too would
> > satisfy the scenarios that 1::/32 would.
>
> You don’t need an RFC or an ID to do whatever you want on your own local hosts. I certainly think it would be ill advised to suggest that as common practice or condone doing so in any way, but your hosts are your hosts.
>
> > That's a questionable use of a documentation prefix, however if
> > packets too and from it didn't leak from the host, and with an
> > additional defence that they shouldn't leak from the network per the
> > filtering advice in RFC3849, then I don't think it would cause any
> > harm to use the documentation prefix this way. It would also mean that
> > any testing documentation would match what is configured on the host,
> > rather than the test prefix and documentation prefixes having to be
> > different.
>
> Isn’t the whole point of the documentation prefix to make sure that any instance where it appears in an actual machine configuration can be immediately and automatically assumed to be erroneous and should be corrected? It seems to me that you are intentionally changing that semantic in ways that I would, again, consider ill-advised.
>
> > Thinking about it a bit more, why not officially add loopback
> > semantics to the 2001:db8::/32 prefix?
>
> Because 2001:db8::/32 (and any expanded documentation prefixes) should already have “this won’t work in the wild” semantics associated with them and frankly, I’d argue that in an ideal world, machines should reject these prefixes out of hand unless overridden with some sort of “this configuration being used to produce documentation only” flag.
>
> In short, I think doing so would create unnecessary confusion while not offering any tangible benefit to the community at large.
>
> Can you elaborate on what kind of testing scenario would require 4 billion /64 loopback interfaces on a single machine?
>

I think that's basically IPv4 thinking.

IPv6 addressing is about convenience, not necessity (just like 48 bit
ethernet addresses - they too were sized for convenience, rather than
necessity, so that the factory assigned address was likely globally
unique and didn't need to be configured. See the paper "48-bit
Absolute Internet and Ethernet Host Numbers" by Yogan K. Dalal and
Robert S. Printis.)

A /48 would do. However, a /32 is 1 x 4 billionth of the IPv6 address
space. We've just allocated a /20 for documentation! Quite frankly I
think that's pretty excessive for documentation scenarios (unless you
want literal 1:1 addressing documentation for your entire network and
then 's/3fff/<GUA>/g' for deployment) but reality is there are 1
million /20s, so 1 x 1 millionth of the IPv6 address space for
documentation isn't objectively excessive.

No need to make loopback addressing any less convenient than 127/8
addressing has been for some of us who have found it useful, and the 1
x 4 billionth price is much lower than the 1 x 256th cost to IPv4 that
127/8 has eventually imposed.

Regards,
Mark.

> Owen
>

v2.37.1 | Report a Bug | By Email | System Status