IETF Logo Mail Archive

Re: rfc4941bis: Invalid addresses used by ongoing sessions

Gyan Mishra <hayabusagsm@gmail.com> Tue, 11 February 2020 18:01 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CBF41209A9 for <ipv6@ietfa.amsl.com>; Tue, 11 Feb 2020 10:01:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IunUCMMRfwhx for <ipv6@ietfa.amsl.com>; Tue, 11 Feb 2020 10:01:55 -0800 (PST)
Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96BEC1209A6 for <6man@ietf.org>; Tue, 11 Feb 2020 10:01:54 -0800 (PST)
Received: by mail-il1-x12e.google.com with SMTP id f70so4228829ill.6 for <6man@ietf.org>; Tue, 11 Feb 2020 10:01:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hFsvrN9uQVPKuZfZn4crQAk1ojb9eHwC/K4XEgf5CBo=; b=TxVf17NjxrmMQ+Z8wYfH4Ypp+oB3l34H9lbAEKaL839isHP9iTSAvfX3Zu3w8/rJ0i Q5sbYMOuEG2uE/VZJCTlvz3bCAaAQshYpB+ozoffHw2fxj6ayePuAbDGVpW7oOQ+66rs Pt+gRrnp/h48Lfi44xdSo9ZdMpClmlSCI6yqi88W6vdDMQRDxGghgAwchES1JB+BSIUR 3Jn8tfrSsDNLZtbLUzIjzZV4EAs5ktcCthPNxKrUG5Z1WaY119HFMKYrpTQ0OfKaFwik H8RxO0y0PqgE27t6MYBfSRsD0G3lSLY2GtCe/05XopRqiKCubiMAgLqFvZzaVI3pJqAs CYLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hFsvrN9uQVPKuZfZn4crQAk1ojb9eHwC/K4XEgf5CBo=; b=gqiKFQ75uP3lUzoLlZv/Ucw+3ggJ6sYoI4WdPT/N+qNKihXG/lQPCQ424TjYB30bMf brYmtTIBAkZNGO93kOeEbVIzEQg9M0aGBeblGk0GSV3n/VryVduF0pSkhCps5d2FgBwx WNnn3OU9Imkybk5QQeSelkW6ddtrhAn5aGXo0rNIv3j3+j3NMdDqAdJsCOkw1EVnYhDh PU4HTb6NNCA81bLPkAKLyjAm3PXkoUQDUZzHmH3lUpMrLQ/YMufueqxDeEBXxal6dSyT Qaz3oY/GKNUoy9XrStfh+0lidZGLw1QVIpIljrpTJ5ceSTRJMFbu8StVfQygvcaSqWBf qY6Q==
X-Gm-Message-State: APjAAAUJ2ZmT5UTzUKTfekk9Ihmg5Jvdz8IuEYzP8UF692rrjkHmRCAU m/Li2Vz9GO/8Yxe5IPY2dv+kmiyZ1/6GVAaPfZUXZObr
X-Google-Smtp-Source: APXvYqwYQIn4R3o71LrB0zs3+1aFaJfm4Gs2XNBXyPjBFt15MYpFYG/Ik+aF/WXXMOFDvRJzL2EbRvBDVwk8+CI6vAg=
X-Received: by 2002:a92:1547:: with SMTP id v68mr7123637ilk.58.1581444113723; Tue, 11 Feb 2020 10:01:53 -0800 (PST)
MIME-Version: 1.0
References: <c6ba9a00-cb44-2022-5009-34211966518c@si6networks.com> <CABNhwV0mb8dL_4Ef5UxAbcRbP18nH9Ztvx8XHJ0Z0GM-NaCwgw@mail.gmail.com> <CAO42Z2zB6gpKwZ=DfRVEbURNyKPJWAOqLqrFvW8T_uc59=9tiw@mail.gmail.com> <675eba6f-942e-82d9-e28d-de960d36d3b2@si6networks.com>
In-Reply-To: <675eba6f-942e-82d9-e28d-de960d36d3b2@si6networks.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Tue, 11 Feb 2020 13:01:42 -0500
Message-ID: <CABNhwV3Zg5MOftYjC38dMzULt1fuzGRMQL5BT_5zVk1+WE4Uaw@mail.gmail.com>
Subject: Re: rfc4941bis: Invalid addresses used by ongoing sessions
To: Fernando Gont <fgont@si6networks.com>
Cc: 6MAN <6man@ietf.org>, Mark Smith <markzzzsmith@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a17599059e50a680"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/NNqytOZEEzQLqLUNDt-EROMUj7Y>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 18:01:58 -0000

On Tue, Feb 11, 2020 at 12:16 AM Fernando Gont <fgont@si6networks.com>
wrote:

> On 10/2/20 23:25, Mark Smith wrote:
> >
> >
> > On Tue, 11 Feb 2020, 13:13 Gyan Mishra, <hayabusagsm@gmail.com
> > <mailto:hayabusagsm@gmail.com>> wrote:
> >
> >
> >
> >
> >     On Mon, Feb 10, 2020 at 11:12 AM Fernando Gont
> >     <fgont@si6networks.com <mailto:fgont@si6networks.com>> wrote:
> >
> >         Folks,
> >
> >         As currently specified, temporary addresses are removed when
> >         they become
> >         invalid (i.e., the Valid Lifetime expires).
> >
> >         Section 6 ("6.  Future Work") of the draft
> >         (https://tools.ietf.org/id/draft-ietf-6man-rfc4941bis-06.txt)
> still
> >         keeps the following text from RFC4941.
> >
> >         6.  Future Work
> >
> >             An implementation might want to keep track of which
> >         addresses are
> >             being used by upper layers so as to be able to remove a
> >         deprecated
> >             temporary address from internal data structures once no
> >         upper layer
> >             protocols are using it (but not before).  This is in
> contrast to
> >             current approaches where addresses are removed from an
> >         interface when
> >             they become invalid [RFC4862], independent of whether or not
> >         upper
> >             layer protocols are still using them.  For TCP connections,
> such
> >             information is available in control blocks.  For UDP-based
> >             applications, it may be the case that only the applications
> have
> >             knowledge about what addresses are actually in use.
> >         Consequently, an
> >             implementation generally will need to use heuristics in
> >         deciding when
> >             an address is no longer in use.
> >
> >
> >         I wonder if this text should be:
> >
> >         1) moved more into the body of the document and made a "MAY"
> >         (which for
> >         TCP is very straightforward),
> >
> >         2) Be left "as is", or,
> >
> >         3) Removed from the document
> >
> >
> >         The implications of #1 above is that it can't prevent long-lived
> >         connections that employ temporary addresses from being torn
> >         down, at the
> >         expense of possibly increasing the number of concurrent IPv6
> >         addresses.
> >
> >
> >        Gyan> So for TCP apps it maybe easier to track via active TCB
> >     blocks so those long lived connections could be tracked.  So those
> >     long lived TCP connections would not be impacted and torn down.
> >     Other apps using UDP may not be as easily tracked and so maybe using
> >     the deprecated address, however due to difficulty of tracking maybe
> >     torn down as a side effect of option #1.
> >
> >
> >
> > Long lived connections using temporary addresses should not be a
> > consideration, because long lived connections should not be using
> > temporary addresses.
> >
> > "Temporary" and "long lived" (persistent, stable) are opposites that can
> > never be resolved.
>
> In that case, would you go for #2 above? And, what's your position
> regarding reducing the preferred and valid lifetimes?
>

   Gyan>. Yes to #2 and I am in favor of reducing the valid lifetime from 7
to 2 days.  That reduces the number of temporary addresses from 7 to 2.
It’s a win for operators with the reduction in addresses.

As far as the text I would modify or maybe clarify that by tracking the
address used by upper layer protocols the implications of doing so that you
increase the number of deprecated addresses.  By doing so tracking the
addresses, the valid lifetime expire timer is in essence not used and so
long lived connections using deprecated address in theory would never
become invalid and can live indefinitely.

We should some text as to severe consequences of long lived connections
with tracking usage.

The implications of #1 above is that it can't prevent long-lived
>         connections that employ temporary addresses from being torn
>         down, at the
>         expense of possibly increasing the number of concurrent IPv6
>         addresses.


> Thanks!
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> --

Gyan  Mishra

Network Engineering & Technology

Verizon

Silver Spring, MD 20904

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com

v2.23.0 | Report a Bug | By Email