IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

Fernando Gont <fgont@si6networks.com> Fri, 24 January 2020 05:45 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1CF7120041 for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 21:45:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efmoPoQmoYSQ for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 21:45:19 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D133120020 for <ipv6@ietf.org>; Thu, 23 Jan 2020 21:45:19 -0800 (PST)
Received: from [192.168.100.103] (unknown [186.183.3.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 9EE5E86256; Fri, 24 Jan 2020 06:45:16 +0100 (CET)
Subject: Re: RFC4941bis: consequences of many addresses for the network
To: Michael Richardson <mcr+ietf@sandelman.ca>, 6man WG <ipv6@ietf.org>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <d56939d6-d577-ced3-e1e7-a4713bc95cd9@si6networks.com>
Date: Fri, 24 Jan 2020 02:44:43 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <1962.1579823388@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/M0JKRiXb7VQQ6xoQ-TM7iOREfUM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 05:45:22 -0000

On 23/1/20 20:49, Michael Richardson wrote:
[....]
> 
> I also have doubts about whether the rotating temporary address mechanisms
> that 4941 provides is useful privacy when the upper-64 bits are unchanging.
> But, I agree with you, that it is an improvement... except when it causes
> other issues.  So we should consider when and where it's more effort than
> it's worth, and when it has benefit.  That requires information that is
> presently not available to hosts.

As noted by Bob, myself, and others, this is a slaac issue, and not 
something specifically related to 4942bis.

For instance, an ipv6-aware browser might e.g. decide to configure and 
employ different addresses for each tab, or for different apps. And 
you'll end up with way more addresses than those resulting from rfc4941.




> 
> I also think that we need to recognize that we have a number of distinct
> deployment environments, and I think that we should be explicit about them:
> 1) protected home environments
> 2) guest home environments
> 3) enteprise environments
> 4) conference/guest/coffee-shop environments
> 5)  >4< at ridiculous scale
> 6) segregated L2 environments with vertically integrated operators (aka
>     "LTE", Fred's ATN work, possibly RAW).

If you expect hosts to behave nicely with your network, then you should 
probably convey policy information in RAs (as we tried, to some extent, 
in draft-gont-6man-managing-privacy-extensions). At the time, there was 
pushback.

If slaac doesn't convey policy, then nodes do what they assume is in 
their best interest.

And if the network doesn't really like the possible chaos resulting from 
slaac, then it should probably be using dhcpv6.

The nice thing about us doing nothing about the automatic configuration 
mess, is that it typically gets worse: e.g. my CPE sets "M" and "O" in 
RAs, while advertising PIOs for autoconf. So my Ubuntu conf ends up with:
* slaac stable addresses (RFC7217)
* slaac temporary addresses (rfc4941)
* one dhcpv6-leased address


PLease let me reiterate: the problem being discussed in this thread is a 
shortcoming of slaac.

It's certainly fine to add a note along the lines of "hey! don't 
regenerate addresses too frequently (i.e., beware when overriding 
default falues(, or else you might end up screwing the network".

But other than that, 4941bis is not about addressing shortcomings of slaac.

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email