Re: [v6ops] Revision of the SLAAC/renum I-D (Fwd: New Version Notification for draft-gont-6man-slaac-renum-01.txt)

Fernando Gont <fgont@si6networks.com> Thu, 21 February 2019 07:22 UTC

Subject: Re: [v6ops] Revision of the SLAAC/renum I-D (Fwd: New Version Notification for draft-gont-6man-slaac-renum-01.txt)
To: Jen Linkova <furry13@gmail.com>
Cc: "6man@ietf.org" <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org>, "Jan Zorz @ go6.si" <jan@go6.si>
References: <155053352190.25856.12031845488827430669.idtracker@ietfa.amsl.com> <fe9eecc0-b41a-53c5-5e17-7f8d732cb7cf@si6networks.com> <CAFU7BARkjRQ3k1wE7SQysf8+_AageKYd9BxC9-J89UFrB2mGwg@mail.gmail.com> <f0d9e07d-b065-c300-cd44-9629ccd7dbb3@si6networks.com> <CAFU7BARCtboC1_sv-6=e=Hanzrrvmwg096ZFFp5t4exYSqhPLg@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <bdb60362-c19b-be78-4d41-4475c54b533a@si6networks.com>
Date: Thu, 21 Feb 2019 04:21:56 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CAFU7BARCtboC1_sv-6=e=Hanzrrvmwg096ZFFp5t4exYSqhPLg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LNvRdIHNKMxMUitVCT7236MoFIs>
Precedence: list

On 21/2/19 01:25, Jen Linkova wrote:
> On Wed, Feb 20, 2019 at 8:49 PM Fernando Gont <fgont@si6networks.com> wrote:
>>> - (sorry if I missed another thread on it - I'm catching up with
>>> emails slowly): any reason for setting Valid Lifetime to 0 as well? It
>>> looks to me that just deprecating the prefix would be enough..What
>>> would be a benefit of completely removing an address already
>>> deprecated?
>>
>> You mean in the host-side algorithm specified in Section 5.1.3? The
>> benefit would be garbage collection. -- another alternative would be,
>> instead removing the addresses, reduce the current Valid Lifetime -- say
>> to 10 minutes or whatever, so that the stale addresses do not stay
>> around forever. (if SLAAC was using sensible timer values, you wouldn't
>> need these... but you probably don't want stale addresses to stay around
>> for one months, as per the default "Valid Lifetime").
> 
> Do we have any data on how much pain this is causing? 

Not that I know of. Problem is: you still have v4, and if v6 fails, HE
makes it work over v4.


> I  mean those
> addresses are not staying forever,
> just one month  in the worst case scenario. So they will disappear eventually.

Many stacks limit the number of prefixes they will use for address
configuration. Some limit such number to 16. That means that if you
experience crash-and-reboot 16 during the same month, your host may fail
to configure addresses for the fresh prefix.



> On the other hand if I have an tcp session opened - why do we need to
> kill it in 10 mins?

Not sure what you mean....



> I agree that default times should be more reasonable, so I agree that
> defaults should be changed and depend on the
> AdvDefaultLifetime.
> 
> Speaking of exact numbers - how did you come up with values? Just
> curious if the is any background for choosing them...

The only one you really choose is MaxRtrAdvInterval. The rest are set as
a function of it.

For the most part, I picked MaxRtrAdvInterval such that there were more
ferquent RAs, but in the worst-case scenario, never more than 1 every
1.5-2 minutes. (trade-off beween responsiveness and not bothering the
network a lot, unnecessarily)



> 
>>> - "After normal processing of Router Advertisement messages, Router
>>>    Advertisements that contain at least one PIO MUST be processed as
>>>    follows" - I'd suggest you make it explicit that PIOs must of of
>>> the global scope. I did see CPEs including PIOs for fe80::/64 (and
>>> AFAIR such behavior is not explicitly prohibited);
>>
>> Item b) in Section 5.5.3 says:
>>     b)  If the prefix is the link-local prefix, silently ignore the
>>       Prefix Information option.
>>
>> albeit not with normative language. But, anyway, if you've seen CPEs
>> send them, we better make this explicit!
> 
> I must be blind, I can not see that sentence in the draft ;(


Sorry, that section is not in the draft, but in rfc4862.

Same text appears in Section 6.3.4 of RFC4861.



>> I've never seen a scenario where information actually needs to be split
>> among multiple RAs. I have a hard time thinking of filling up a whole RA.
> 
> Let's wait for the new shiny world of mPVD to come...

Same router, PIOs split over more than three RAs?




>>> -  as I've mentioned earlier, it would be nice not to break other
>>> scenarios while fixing DHCP-PD case. So what do you think about
>>> modifying the algorithm so the addresses are deprecated only if *all*
>>> routers the PIO has been received from stopped advertising it? Again,
>>> my point is that while proposed behavior *does* help in a single-homed
>>> residential case, it would be nice to keep in mind other cases and
>>> avoid breaking them;
>>
>> Yes, we should update the algorithm as you suggest.
>>
>> Thinking our loud: best thing would probably be that, in the case the
>> prefix has been advertised by multiple routers, it is dis-associated
>> with the prefix that ceased advertising it. Otherwise, you might end up
>> sending packets sourced from that prefix to the next-hop router that has
>> ceased advertising it.  That is, if multiple routers were advertising a
>> prefix, and one has ceased advertising it, you want packets sourced from
>> that prefix to use a next-hop router that keeps advertising the prefix.
> 
> So...it looks to me that the only change should be:
> - if a host supports prefix <> advertizing router mapping and supports
> the Rule 5.5:
>    --  deassociate prefix - next-hop if the given router stops advertizing it;
>    -- deprecate the prefix if there is no routers advertizing it;

In response to what?

I was thinking this would be an action by algorithm from 5.1.3 once the
prefix has been un-preferred.

If not, what would be the event that would trigger such dis-association?




> Then the default address selection takes care of selecting the right
> source address.
> No need for complex algorithm described in the draft (and potential
> implementation bugs).
> 
> If the host does not support Rule 5.5 + prefix<>next-hop mapping, this
> draft (PIO processing part) would not work for them anyway.
> 
> Combined with reduced default timers it should help significantly (at
> least for hosts and routers implementing this..)

With appropriate timers + modification to SAS you get the problem
solved. However, if you have multiple prefixes, and the source address
will flap among them. -- I'd try, to the extent that is possible, to
avoid that....


> 
>>> - the proposed changes say that PIOs MUST be processed as
>>> follows....and relies on hosts tracking prefix <> nexthop as per
>>> RFC8028...However RFC8028 (and RFC8504) uses  'SHOULD' ...so it seems
>>> to be inconsistency here..If a host does not implement RFC8029, all
>>> those MUST in the draft do not make much sense.
>>
>> That's a good point. I wonder if we should change the "MUST" to
>> "SHOULD", or whether we should stick to "MUST" with a rationale of "a
>> host that implements this standard MUST implement RFC8028 and MUST
>> process PIOs as follows..."
> 
> See above. All we need to do in terms of PIO processing by a host is
> to say 'host SHOULD refresh prefix-next-hop mapping while processing
> RAs' (which would mean 'remove all mappings for that next-hop if they
> are not in that RA you are processing') and 'host SHOULD deprecate
> addresses with no next-hops'.

This enforces a more strict requirement on RAs. i.e., PIOs can only be
sent in one RA. I'm not saying that's necessarily bad, but the reasons
for the algorithm in Section 5.1.3 is to allow PIOs to be split in at
most two RAs.



> Even if you say 'MUST' here (and explicitly state 'MUST implement
> RFC8028') it would only mean 'hosts MUST support a standard which says
> they SHOULD do smth' => effectively that requirement means 'SHOULD'.

Agreed.



-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Revision of the SLAAC/renum I-D (Fwd: New Version… Fernando Gont
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… JORDI PALET MARTINEZ
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… Jan Zorz - Go6
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… Alexandre Petrescu
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… Mikael Abrahamsson
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… Enno Rey
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… Jan Zorz - Go6
RE: Revision of the SLAAC/renum I-D (Fwd: New Ver… STARK, BARBARA H
RE: Revision of the SLAAC/renum I-D (Fwd: New Ver… STARK, BARBARA H
Re: Revision of the SLAAC/renum I-D (Fwd: New Ver… Jan Zorz - Go6
Re: [v6ops] Revision of the SLAAC/renum I-D (Fwd:… Jen Linkova
Re: [v6ops] Revision of the SLAAC/renum I-D (Fwd:… Fernando Gont
Re: [v6ops] Revision of the SLAAC/renum I-D (Fwd:… Jen Linkova
Re: [v6ops] Revision of the SLAAC/renum I-D (Fwd:… Fernando Gont