IETF Logo Mail Archive

Re: [IPv6] Variable IIDs

Alexandre Petrescu <alexandre.petrescu@gmail.com> Mon, 06 November 2023 12:02 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5151AC1FB89E for <ipv6@ietfa.amsl.com>; Mon, 6 Nov 2023 04:02:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.662
X-Spam-Level:
X-Spam-Status: No, score=0.662 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJCO-sxlONdj for <ipv6@ietfa.amsl.com>; Mon, 6 Nov 2023 04:02:26 -0800 (PST)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34C97C1FB897 for <ipv6@ietf.org>; Mon, 6 Nov 2023 04:02:26 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 3A6C2OQE032438 for <ipv6@ietf.org>; Mon, 6 Nov 2023 13:02:24 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 8EF74211AFE for <ipv6@ietf.org>; Mon, 6 Nov 2023 13:02:24 +0100 (CET)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 855502105A8 for <ipv6@ietf.org>; Mon, 6 Nov 2023 13:02:24 +0100 (CET)
Received: from [10.8.32.70] (is156570.intra.cea.fr [10.8.32.70]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 3A6C2Ojp022488 for <ipv6@ietf.org>; Mon, 6 Nov 2023 13:02:24 +0100
Message-ID: <7bc27a67-6a17-4331-b2c4-d00ff2dbdb52@gmail.com>
Date: Mon, 06 Nov 2023 13:02:24 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: fr
To: ipv6@ietf.org
References: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com> <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
In-Reply-To: <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CEA-Virus: SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/KtUxsIjnA37khShbdl5OZEGDNoU>
Subject: Re: [IPv6] Variable IIDs
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 12:02:27 -0000

Le 04/11/2023 à 13:00, Lorenzo Colitti a écrit :
> Brian,
>
> If we think /64 is too large, then I think it's OK to change 64 to 
> something else. But making the IID length variable is the wrong 
> solution. If we do that, we will create a race to the bottom that ends 
> up at /128.
>
> Here's why. Today SLAAC only works on a /64, and a /64 guarantees that 
> there will always be enough address space to number unlimited devices. 
> Pretty much every network operator uses that because it's the only 
> thing that works on all devices. Some operators insist on assigning 
> only a /128 to each device using DHCPv6. This is for various reasons, 
> most notably consistency with IPv4, the fact that DHCP clients and 
> servers by default only assign one address, scalability of network 
> entities such as ND caches, desire to charge for more addresses (yes; 
> as the lead of a major OS network stack, we get this depressingly 
> often). It's pretty clear from any reading of RFC 7934 that that is 
> harmful, but those operators don't know or want to do it anyway. 
> Fortunately (well, unfortunately for those operators), this doesn't 
> work on a substantial percentage of devices due to lack of support for 
> DHCPv6, so it's not really a practical solution on most networks. 
> Those operators occasionally complain about OSes that don't support 
> DHCPv6, but on the whole we're generally in a situation where devices 
> can get as many IP addresses as they need, within reason.
>
> However: if we define SLAAC to variable length, as you are proposing 
> here then those operators will pick the minimum length accepted by 
> implementations. Today that's /64. If implementations change to accept 
> fewer addresses (say, /80), then those networks will move to providing 
> the new minimum. And so on. This starts a race to the bottom that ends 
> at /128. If you don't believe this, consider: many residential ISPs 
> provide a reasonably-sized subnet to users, such as a /56. But some 
> provide only a /60. Some - like mine! - only provide a /64. In my case 
> I could only get a /56 by signing up for the business offering, which 
> costs 3 times as much. Now, obviously this example is about prefix 
> sizes, but if we make SLAAC variable, you can bet that operators will 
> do this within subnets as well. Consider even during the v6ops 
> discussion of draft-ietf-v6ops-dhcp-pd-per-device, some participants 
> (Martin, I remember) asserted that the subnet must be made small 
> enough to prohibit devices from extending the network.
>
> Note, I am not saying that most or even many networks will do this. 
> But some will.

Thanks for the description.

We (co-authors of an individual proposal draft) have tried to understand 
you and we agree with you at some points.

Further,  we tried to describe the problem like this:

>   The "race to the bottom problem" - is the problem where allowing
>     prefixes longer than 64 to be used in SLAAC will lead to 65, 66 and
>     so on, up to 127 and 128 allocations.  At that point the bottom would
>     be reached and thus impossible to extend the network further.

Hopefully it is a problem that can be described.

Alex


> The consequence of that is that OS vendors like ours will act in their 
> users' interests, and allow those users to evade those restrictions by 
> implementing NAT66. At that point everybody loses. The networks don't 
> get paid more. App developers have to implement NAT traversal and 
> keepalives. OS vendors have to implement hardware offload APIs for 
> keepalives. Users have to deal with lower battery life and brittle 
> apps due to NAT timeouts.
>
> Why do this? If we really think /64 is too wasteful, then we can 
> change it, once. But we can't make it variable without creating a race 
> to the bottom. The only way to do that is to pick one size.
>
> Cheers,
> Lorenzo
>
> On Sat, Nov 4, 2023 at 2:06 AM Brian E Carpenter 
> <brian.e.carpenter@gmail.com> wrote:
>
>     If anyone wants to turn this into an I-D, please feel free.
>
>     title: Variable Length Interface Identifiers
>     abbrev: Variable IIDs
>     docname: draft-tbd-6man-variable-iids-00
>
>     # Introduction
>
>     The lowest common denominator method of configuration for IPv6
>     nodes is SLAAC {{!RFC4862}}, which is carefully designed to allow
>     any prefix length and any interface identifier (IID) length,
>     provided that they do not total more than 128 bits. Until now,
>     specifications of "IPv6 over foo" mappings, starting with
>     {{!RFC2464}}, have specified an IID length of 64 bits, consistent
>     with the value specified by {{!RFC4291}}.
>
>     This document allows a router to announce an IID length other than
>     64 on a given link, and updates RFC 4291, RFC 2464 (and numerous
>     other "IPv6 over foo" documents TBD), and RFC 4862 accordingly. It
>     extends {{!RFC4861}} by defining a new "IID length" mechanism in
>     RA messages.
>
>     Terminology: a "modified" host or router supports this spec. An
>     "unmodified" host or router supports RFC 4861 and 4862 precisely.
>
>     # Modified procedures
>
>     The predefined IID length specified by RFC 4291, RFC 2464, etc. is
>     used to configure the link-local IPv6 address of a node exactly as
>     described in RFC 4862.
>
>     On a link where variable IID length is not supported, the
>     predefined IID length will continue to be used to configure all
>     other addresses using SLAAC.
>
>     On a link where variable IID length is supported, each modified
>     router will include an "IID length" indication in every RA/PIO
>     message with the A bit set. This will override the value defined
>     in RFC 2464 (etc.) and in RFC 4291, for the prefix concerned.
>
>     Suggestion: put the IID length in 6 bits of the Reserved2 field of
>     the PIO. 0b000000 would mean 64, i.e. no change and backwards
>     compatible. Any other value would define an IID length in bits.
>     Values less than 48 (0b110000) are NOT RECOMMENDED. Values greater
>     than 64 are impossible.
>
>     (Note: Reserved1 is not available - see {{?RFC8425}}.)
>
>     When a modified node receives an "IID length" less than 64, it
>     will use that value instead of the default for all unicast address
>     autoconfiguration under that prefix, except link-local.
>
>     # Deployment issues
>
>       - Unmodified hosts and unmodified routers: no change, all use
>     64-bit IIDs.
>
>       - Modified hosts and unmodified routers: no change, all use
>     64-bit IIDs.
>
>       - Modified hosts and modified routers: configure to use longer
>     prefixes and shorter IIDs if desired.
>
>       - Modified routers and mixture of modified and unmodified hosts
>     on a link:
>
>         - The modified hosts will use a shorter IID and longer prefix
>     if that is announced.
>
>         - The unmodified hosts, according to RFC 4861, MUST ignore the
>     Reserved1 field. So, according to section 5.5.3 clause d) of RFC
>     4862, they will ignore any PIO advertising a shorter IID.
>     Therefore, the operator has two choices:
>
>           1. Decide that unmodified hosts will not be supported (i.e.
>     will not be able to configure an address using SLAAC).
>
>           2. Announce (at least) two prefixes on the link - a /64 and
>     a longer one, with a shorter IID. For that to make sense, we need
>     an extra rule for modified hosts: if a host receives several PIOs
>     from the same router, it prefers all those with the shortest IID
>     and ignores the others.
>
>       - Mixture of modified and unmodified routers on a link: don't do
>     that!
>
>     # IANA Considerations
>
>     Maybe a registry for the Reserved2 field, like RFC 8425?
>
>     # Security Considerations
>
>     Nothing new?
>
>
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email