Re: Review of draft-ietf-6man-rfc4291bis-06

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 14 January 2017 19:20 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2299D129D01; Sat, 14 Jan 2017 11:20:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zp2DkomxkgHY; Sat, 14 Jan 2017 11:20:36 -0800 (PST)
Received: from mail-pg0-x241.google.com (mail-pg0-x241.google.com [IPv6:2607:f8b0:400e:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E3A6129D0E; Sat, 14 Jan 2017 11:20:35 -0800 (PST)
Received: by mail-pg0-x241.google.com with SMTP id 204so1525545pge.2; Sat, 14 Jan 2017 11:20:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=NRCqXv1xP56HflJNjeS79cTQwn6m5hhABqCGv4Po2/Q=; b=kh68UXW5ckzUhsSi7DEoJ7SMJWpZbBp0txCigz0kuZ79YjYuvvZ1I7XuivV7acOPYG iCpCcmOjwQfyLA8VRxezqA6+5Ea+r9wuNbc7Ue4KZsHXR65FKWigCwcDpWhtJOAv1B7W VR36hEIb7H9MWNyW7RMGsHFR9HeWRz3w6O99zx9s97kum6FMZJ4hA7/LVTy+oJZ6en7o RlDpeuhvHrCd3lm4n1YwM1D9H+pYrMfg0XK8uF5Jv8kYez79Fh6WquhJRYZjC0OG5nbF zziqCIfyMi//6mhMGqInfC05c+qotGKezBVk/s/DdUy22qZYB8Mpg4FYnhj8+Unmnlik cwGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=NRCqXv1xP56HflJNjeS79cTQwn6m5hhABqCGv4Po2/Q=; b=W2PQCEKNgO6yt2rlBe8+zVugqBXC/A+/mtR/2Du8fZctZX3FmHcJa5LD4TAVGpVBwx pUzkmrxqcQzfJftA0F4j7y4AdmR8v6APvFeFXw2L1qQ63TFz3CEVsfQ5lwztfF13iMEv bL/A8Dh5Bh4qpbUIpj0SN613eUHo5ohD8aQkpI/QUjULEjXryCQ6C23rkezc/ETJPu8U tV259dmmC4qATHikJH8sZ0N6obZOhunSL1RuPNF31L5Fk1fyMWPWXXkkVdiutCa2g4FW UM3or80s+TF9yN+lANhX9T97DYXEZHl5K+X8EN5t5hJGsGCFFQkOHjcJ/zRTy+1K9fBt 4kSg==
X-Gm-Message-State: AIkVDXLZbF4gWYYZSCWxGNW06e/ZHKQYqDA6LU7ad3o2PxNTeGd/PF20+0ISyvrxnH1wew==
X-Received: by 10.84.206.37 with SMTP id f34mr38600991ple.35.1484421635047; Sat, 14 Jan 2017 11:20:35 -0800 (PST)
Received: from [192.168.178.21] ([118.149.103.96]) by smtp.gmail.com with ESMTPSA id u14sm36905769pfg.18.2017.01.14.11.20.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Jan 2017 11:20:34 -0800 (PST)
Subject: Re: Review of draft-ietf-6man-rfc4291bis-06
To: Mark Smith <markzzzsmith@gmail.com>, David Farmer <farmer@umn.edu>
References: <148406593094.22166.2894840062954191477.idtracker@ietfa.amsl.com> <m2fukqbbwv.wl-randy@psg.com> <F6953234-3F85-4E28-9861-433ADD01A490@gmail.com> <m2wpdzhncn.wl-randy@psg.com> <82245ef2-cd34-9bd6-c04e-f262e285f983@gmail.com> <m2d1frhjfn.wl-randy@psg.com> <18e6e13c-e605-48ff-4906-2d5531624d64@gmail.com> <CAKD1Yr1cvZ8Y3+bHeML=Xwqr+YgDspZGnZi=jqQj4qe2kMc4zw@mail.gmail.com> <m2lguffnco.wl-randy@psg.com> <CAKD1Yr1TrTiPRdyutobmb_77XJ7guNzLrg=H_p7qi4BfQ8V=GA@mail.gmail.com> <m2d1frfm6m.wl-randy@psg.com> <CAKD1Yr2Njjd8_Mr+6TRFF6C5pdcX4yFgpFVyEkykDuytu2B8mg@mail.gmail.com> <2A5073777007277764473D78@PSB> <4596c3d4-a337-f08e-7909-f14270b7085f@gmail.com> <CAN-Dau06R3iYRpYLADhvHox4C9qdsJCuxFsJapRhOQcWT4qk_g@mail.gmail.com> <CAO42Z2weZcoHiBzN94QAQ9WGhWR16PmMMFNg=5YLmr_dhPjjpA@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <142f07db-e053-2cc3-ec67-72dd93483220@gmail.com>
Date: Sun, 15 Jan 2017 08:20:27 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <CAO42Z2weZcoHiBzN94QAQ9WGhWR16PmMMFNg=5YLmr_dhPjjpA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/K1jZThwuYfmkQMB0a07bkvrTf7s>
Cc: 6man WG <ipv6@ietf.org>, IETF <ietf@ietf.org>, int-dir@ietf.org, Bob Hinden <bob.hinden@gmail.com>, Randy Bush <randy@psg.com>, draft-ietf-6man-rfc4291bis.all@ietf.org, John C Klensin <john-ietf@jck.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jan 2017 19:20:38 -0000

Mark,

I think this thread has shown convincingly that there is a problem with
the current wording of 4291bis about the 64 bit IID length.

I suggest that we wordsmith it on the 6man list and come back to this
broader CC list when we have a proposal.

Regards
   Brian

On 14/01/2017 19:37, Mark Smith wrote:
> On 14 Jan. 2017 15:36, "David Farmer" <farmer@umn.edu> wrote:
> 
> 
> 
> On Fri, Jan 13, 2017 at 9:28 PM, Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> 
>> ....
>>
>>
>> Which is exactly why we have so far only delegated 1/8 of the
>> IPv6 address space for global unicast allocation, leaving a *lot*
>> of space for fixing our mistakes. Moving away from /64 as the
>> recommended subnet size might, or might not, prove to be necessary in
>> the long term future. That's why the point about routing being
>> classless is fundamental. I do think we need to be a bit more
>> precise on this point in 4291bis.
>>
>>     Brian
>>
> 
> Exactly, /64 is the RECOMMENDED subnet size, or a SHOULD from RFC2119, and
> I'm fine with that, but that's not what the following says.
> 
>    For all unicast addresses, except those that start with the binary
>    value 000, Interface IDs are required to be 64 bits long.  Background
>    on the 64 bit boundary in IPv6 addresses can be found in [RFC7421
> <https://tools.ietf.org/html/rfc7421>].
> 
> 
> It says REQUIRED, that is a MUST from RFC2119, and I believe it to be an
> Imperative as discussed in section 6 of RFC2119.
> 
> I'm fine with /64, /127 and /128 as the RECOMMENDED subnet sizes, I support
> that and believe it to be the consensus of the IETF. Maybe even explicitly
> noting /65 through /126 are NOT RECOMMENDED subnet sizes, and not support
> by SLACC.  But it is not correct to say the /64 is REQUIRED.
> 
> 
> I don't think /127s should really be recommended either.
> 
> They don't guarantee that the ping pong problem is solved, because it
> depends on both ends being configured with the /127 prefix length by the
> operator or operators at each end if the link. There is no protocol
> requirement that both ends of a link have the same prefix and prefix
> length, nor is there any protocol checking of that condition.
> 
> For example, if an ISP configures a /127 on their end of the customer's
> link, but the customer just configures a default route on their end over
> the link, it is a legitimate configuration by the protocols, Internet
> access will work (so the customer might assume the link is configured
> correctly), and yet the link is vulnerable to a ping pong attach despite it
> "having" a /127 prefix.
> 
> So it is a mitigation, however it relies on the operator or operators being
> disciplined about the configuration, and comes at the cost of other things
> that may be useful if a 64 bit IID was available e.g. protect against
> discovery of link addresses via unsolicited inbound probing if the IIDs are
> random (which may include static configuration of an offline generated
> random 64 bit IID).
> 
> Regards,
> Mark.
> 
> 
> I also believe RFC7608 supports this conclusion.
> 
> Thanks.
>