IETF Logo Mail Archive

Re: IPv6 prefix lengths - how long?

Gyan Mishra <hayabusagsm@gmail.com> Mon, 10 June 2019 05:41 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E606B120071 for <ipv6@ietfa.amsl.com>; Sun, 9 Jun 2019 22:41:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FegJlgi9E85y for <ipv6@ietfa.amsl.com>; Sun, 9 Jun 2019 22:41:50 -0700 (PDT)
Received: from mail-it1-x130.google.com (mail-it1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 763A012000E for <ipv6@ietf.org>; Sun, 9 Jun 2019 22:41:50 -0700 (PDT)
Received: by mail-it1-x130.google.com with SMTP id v193so9653938itc.0 for <ipv6@ietf.org>; Sun, 09 Jun 2019 22:41:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DRpYZQnnacTRpui8Q1xocMxFwJkc45hWgoampEdrOnQ=; b=E78p3Cyr6DOW0kAymqOfjyYhi/sxxLZNJyCuyFREcgbO9SWoFz9u9ZcX5s3Z9IrLWx cGTLni+bhvJva7k44agqmtMLOh/INgBgCBvt6h6saiMuNbQpoxY1IJNy/ueloPXhP0sS pHStvHkR/QZ2Dk843jr9JxUiMQmigabRgCaFCm0Ve8SRiUnb2as57TAu7+H4SIT63IFY Y4vROpiep7xuENxG51vBbP+RXRhF188GdA70r1ZnIRUSYZTY1pzzqaqZE/6krMs3T1j2 vCMw+xvBrxWM5K3QKCT+4QGdKTOEPmZFIsh9tpHwKP+Xb6jyWNgY05vEV7nJlopQqFWG Zp/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DRpYZQnnacTRpui8Q1xocMxFwJkc45hWgoampEdrOnQ=; b=M0CBMqLrQXChLfJn2m4hbRjjKw5G0uVQLXNFXl5XVmQTi9X6+mEZXm33gsgUSu0zpr HoKVQzKTX+tR0+OhiZPgPj94u4kHuduEmdC3jNp9elms3r33g7l7/TT8yAByDXPFGTbS B0rXreKFC07jTBCM7p3iIwvfYABeOraMDh5VwkGrv5IfPx/c1HTStT+Ehetx8Me4SQuW G7tAU9RluDkDmXkkgP9V+PCecwzxupiAyGXp4I/74NdqVbNkJgkAz1Qf3q/BB8RA7bpm DiYwI8nBzSW8zHZmpsDWu+ZyjXttcySF7qN136cHF3zORIHYZklbbViDV8Lt64kEAOd0 hPhA==
X-Gm-Message-State: APjAAAUgSAqdMsSD4rKlghqamzGfDe5uHc0Lh93sqcakgOl9HtNq3hgl wLLSEDrHKePbOZ6ZUcCj5EZY1FYBKrGEQS2InZA=
X-Google-Smtp-Source: APXvYqxcpRM+Y6i6FmZs+euRISqs5Q/6O5q/m6wCKqjU367QwgMiivGbK63P5ADoMIk0dwT4+UQ3goon4AzdwbvHNtU=
X-Received: by 2002:a05:660c:1cf:: with SMTP id s15mr12508491itk.78.1560145309509; Sun, 09 Jun 2019 22:41:49 -0700 (PDT)
MIME-Version: 1.0
References: <ee811897e2d2438e9c3592012b725ac3@boeing.com> <CAO42Z2xyenxV+z58VW_h4skbWz14hyVt2pUd32tLZ826UoZKZA@mail.gmail.com> <9826C993-3670-4D7B-8709-B3FDE2A79359@gmail.com> <EEBC9697-18A1-41DF-95FB-33D0F5098620@consultant.com> <CABNhwV2fX9LrwzuJX297CoF1XNNM2U=m22QSVWEtaS9PQkM3Dg@mail.gmail.com> <CABNhwV3hA27hmdi4+WfK5ZhNPvta_d9anZA0+TJ2Uuj78kx4Cg@mail.gmail.com>
In-Reply-To: <CABNhwV3hA27hmdi4+WfK5ZhNPvta_d9anZA0+TJ2Uuj78kx4Cg@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 10 Jun 2019 01:41:37 -0400
Message-ID: <CABNhwV0rOT461e2Oc0S6e_fK_2zaLQ7Wk5sCFJCFO3xqeH2a9g@mail.gmail.com>
Subject: Re: IPv6 prefix lengths - how long?
To: James R Cutler <james.cutler@consultant.com>, Bob Hinden <bob.hinden@gmail.com>, Ole Troan <otroan@employees.org>
Cc: Mark Smith <markzzzsmith@gmail.com>, IPv6 IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f8ae0b058af1a2f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/M6yA7IKofnXo0ansuvlFblrDQmQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2019 05:41:55 -0000

Sorry my math was off on the bit offset for /82 should be /80

So if this bit is set then the /82 /96 /112 prefix advertised on the router
would get advertised down to the host in the RA advertisement below:
EUI64 - Default -
Router sets bit 7 - EUI48 format - /112 SLAAC prefix sent to host
Router sets bit 7 - EUI32 format - /96 SLAAC prefix sent to host
Router sets bit 7 - EUI16 format - /80 SLAAC prefix sent to host

/96 Default Customer allocation = 64k /112's  = Equivalent to the number
of  /64 subnets in a /48  ==========> Instead of  SP's allocating /48's to
customers  would be able to allocate /96 to customers
/80 Default Customer allocation = 64k /96's = Equivalent to the number of
/64 subnets in a /48 ==========> Instead of  SP's allocating /48's to
customers  would be able to allocate /82 to customers
/80 Default Customer allocation = 4.2 Billion  /112's =  SP allocation /32
4.2 billion /64 subnets  ==========> Instead of the RIR allocating /32's to
ISP's would be able to allocate /82's to ISP's

Thank you

Gyan S. Mishra

IT Network Engineering & Technology

Verizon Communications Inc. (VZ)

13101 Columbia Pike FDC1 3rd Floor

Silver Spring, MD 20904

United States

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com

www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT


On Mon, Jun 10, 2019 at 1:34 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:

> 6MAN chairs - Ole & Bob
>
> I would like to volunteer in writing the draft to increase the prefix
> length.  Please let me know if you agree with the basic content and premise
> of what I have stated below so I can get started on the draft.
>
> One of the technical justifications behind this MAJOR change in IPv6
> addressing architecture RFC 4291 is that the current 64 bit iid is very
> wasteful and that many bits should be reallocated for the prefix reducing
> the size of the iid.
>
> The only justification that did exist for the 64 bit iid but I don't think
> is valid is with RFC 4941 SLAAC privacy extensions which given the issue
> with network administrators being able to track malicious hosts now with
> RFC4941 ends up protecting the end user with the pseudo random station id
> but at the same time protects the attacker as well.  So in my opinion
> network administrators and for that matter law inforcement has a critical
> security requirement to track all addresses allocated and with address
> changing makes that impossible to track thus creating an attack vector for
> malicious activity.  Not good at all for IPv6 security.
>
> RFC 7217  Semantically Opaque Interface Identifiers addresses this
> concern by making the SLAAC address stable so it does not change when on
> the same network and only changes when the host moves between networks.
> This RFC eliminates the major security hole created by RFC 4941 privacy
> extension with the changing pseudo random iid.
>
> The proposed iid size /82=48 bit iid  /96= 32 bit iid /112-16 bit iid
> would use the RFC7217 Semantically Opaque Interface Identifiers  - random
> but stable IPv6 address that does not change unless the prefix changes
> (Host moves to a different network)
>
> We have the option to increase on any nibble boundary  /64, /68, /72, /76,
> /80, /84, /88, /92, /96, /100, /104, /108, /112, /116, /120, /124.  I
> propose in the draft that this is done on any of the three 16 bit
> boundaries /82 /96 /112 to have a clear delineation between prefix & iid
> and that we would make this backwards compatible and would be disabled by
> default similar to the ipv6-only flag per OS vendor implementation and
> enabled only through  RFC 5175 Reserved flag bit when the router sets the
> flag it would be cached by the host similar to the other RFC 5175 flags.
>
>   Current Router Advertisement Flags Currently, the NDP Router
> Advertisement message contains the following one-bit flags defined in
> published RFCs:
> 0 1 2 3 4 5 6 7
>  +-+-+-+-+-+-+-+-+
> |M|O|H|Prf|P|R|R|
>  +-+-+-+-+-+-+-+-+
> Figure 1: Router Advertisement Flags
>  o M - Managed Address Configuration Flag [RFC4861]
>  o O - Other Configuration Flag [RFC4861]
>  o H - Mobile IPv6 Home Agent Flag [RFC3775]
>  o Prf - Router Selection Preferences [RFC4191]
>  o P - Neighbor Discovery Proxy Flag [RFC4389]
>  o R - Reserved - bit 6 - IPv6 only flag
> - draft-ietf-6man-ipv6only-flag-05
>  o R - Reserved - bit 7 - Prefix length flag ===========> New option =
> Gyan draft
>
> So if this bit is set then the /82 /96 /112 prefix advertised on the
> router would get advertised down to the host in the RA advertisement below:
> EUI64 - Default -
> Router sets bit 7 - EUI48 format - /112 SLAAC prefix sent to host
> Router sets bit 7 - EUI32 format - /96 SLAAC prefix sent to host
> Router sets bit 7 - EUI16 format - /82 SLAAC prefix sent to host
>
> No change to LL format which would be still default /64 EUI64 iid.
>
> The IANA RIR's would not change what they are doing for now with the
> standard allocations to Service Providers.
>
> Service Providers would start advocating to customers to start using the
> new IPv6 addressing format at a major cost savings which would push them to
> migrate towards the new standard.
> /48.
>
> *How the new numbering schema stacks up as far ad space savings:  (Pretty
> amazing when you look at the numbers below)*
>
> /48 Default Customer allocation = 64k /64's = Default /64 EUI64 / Privacy
> Ext = 64 bit ssid
>
> /96 Default Customer allocation = 64k /112's  = Equivalent to the number
> of  /64 subnets in a /48  ==========> Instead of  SP's allocating /48's to
> customers  would be able to allocate /96 to customers
> /82 Default Customer allocation = 64k /96's = Equivalent to the number of
> /64 subnets in a /48 ==========> Instead of  SP's allocating /48's to
> customers  would be able to allocate /82 to customers
> /82 Default Customer allocation = 4.2 Billion  /112's =  SP allocation
> /32  4.2 billion /64 subnets  ==========> Instead of the RIR allocating
> /32's to ISP's would be able to allocate /82's to ISP's
>
> So this would be for the future for future SP's and Enterprises migrating
> to IPv6 now have the option of getting smaller registered blocks.
>
> Also existing SP's & Enterprises also have the opportunity to switch gears
> and change to the new addressing schema to save on address space.
>
> This would be a MAJOR game changer for IPv6 and really would ensure that
> IoT and other devices as we proliferate dolling out /48's and /32s as if
> the their is no end in sight given the massive size of the IPv6 space that
> at least we know that we are not being wasteful in our addressing
> architecture.
>
>
> Thank you
>
> Gyan S. Mishra
>
> IT Network Engineering & Technology
>
> Verizon Communications Inc. (VZ)
>
> 13101 Columbia Pike FDC1 3rd Floor
>
> Silver Spring, MD 20904
>
> United States
>
> Phone: 301 502-1347
>
> Email: gyan.s.mishra@verizon.com
>
> www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT
>
>
>
> On Sun, Jun 9, 2019 at 9:25 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>
>>
>> I concur with you on the cost benefit trade off.
>>
>> However I would like to state that there have been many tweaks to RFCs
>> written  across the board across all IETF workgroups and cost has nevet
>> been a factor in the consideration since when you add a new feature or
>> change its really the developers doing the coding to determine feasablility
>> and cost as every draft proposed is new or change that is Depricates an old
>> RFC and there is always cost involved no matter how minor the change is but
>> just because there is cost involved does not mean you don't move forward
>> with the change or move forward with the change.
>>
>> If what you are staying that the cost would out weight the benefit we
>> would have to truly do a cost benefit analysis on every draft that is
>> approved and I don't think the IETF had the man power to do so.
>>
>> Of all the IETF WGs that I have been part of for many years cost had not
>> been the factor for that reason that determines wheathet the change is
>> approved or not.
>>
>> The major factor is if the change  makes sense and if their is a problem
>> or gap or issue or problem or defect we are trying to solve and if we are
>> able to get consensus by the WG and chairs and ISG for approval.
>>
>> Gyan
>>
>>
>> On Sun, Jun 9, 2019, 11:54 AM James R Cutler <james.cutler@consultant.com>
>> wrote:
>>
>>> On Jun 9, 2019, at 10:07 AM, Gyan Mishra <hayabusagsm@gmail.com> wrote:
>>>
>>>
>>> All your concerns are duly noted.
>>>
>>> As far as changing the prefix length I understand that with IPV6 it
>>> seems and maybe true that IPv6 exhaustion is not possible but that is what
>>> we said about IPv4 but that does not give reason to be wasteful.  I believe
>>> 64 bits iid is wasteful.
>>>
>>> From many views, I must agree with you about “wasteful”.
>>>
>>> Where we part company is that the costs involved in changing away from
>>> 64 bits is more wasteful than your proposal. The especially applies to time
>>> (labor) costs, both for new RFPs, design and prototyping, and deployment
>>> costs. It has take around two decades to get this far with IPv6. Adding yet
>>> another detour to this journey is not an improvement.
>>>
>>> James R. Cutler
>>> James.cutler@consultant.com
>>> GPG keys: hkps://hkps.pool.sks-keyservers.net
>>>
>>>
>>>
>>>
>
> --
>
> Gyan S. Mishra
>
> IT Network Engineering & Technology
>
> Verizon Communications Inc. (VZ)
>
> 13101 Columbia Pike FDC1 3rd Floor
>
> Silver Spring, MD 20904
>
> United States
>
> Phone: 301 502-1347
>
> Email: gyan.s.mishra@verizon.com
>
> www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT
>
>

-- 

Gyan S. Mishra

IT Network Engineering & Technology

Verizon Communications Inc. (VZ)

13101 Columbia Pike FDC1 3rd Floor

Silver Spring, MD 20904

United States

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com

www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT

v2.23.0 | Report a Bug | By Email