IETF Logo Mail Archive

Re: [IPv6] Variable IIDs

Lorenzo Colitti <lorenzo@google.com> Sat, 04 November 2023 12:00 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CE6EC1519BF for <ipv6@ietfa.amsl.com>; Sat, 4 Nov 2023 05:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4nvlp8vWJcgm for <ipv6@ietfa.amsl.com>; Sat, 4 Nov 2023 05:00:28 -0700 (PDT)
Received: from mail-oo1-xc31.google.com (mail-oo1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 337F2C18E184 for <ipv6@ietf.org>; Sat, 4 Nov 2023 05:00:28 -0700 (PDT)
Received: by mail-oo1-xc31.google.com with SMTP id 006d021491bc7-5842a7fdc61so1466025eaf.3 for <ipv6@ietf.org>; Sat, 04 Nov 2023 05:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1699099227; x=1699704027; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XJwCZOakw1GihL8POa+0F8h/UO9zpwixoU46jUOgWek=; b=tZP2XhI5t/IAC4b7rznAnFER6wkohHFvTtlzOK3jtIxeYpJIemqt6UuJAgL51RjHLA 033a4bkIjNvIeJuxD1PxH4U2nTHj1e80kTOy9ZrB3TMCka5Wak+fY73zGakbD0sOXJlF QZ+4DAMMLVudv8mJWTShkrujs7aBNbKxNDn6BJU+bwZtiZtO1Q82zpeZq/bxmZQ8807G P42KNazTZoWK7pXVsvcunF8WwjOjMG2ZrFEiQvlSa0gNy7ovpiQgpcAOIaZjyB8sfUPR RQBz51S4bLI9i/WCcNS8K1wc2bMNnIch7LFlyhChqw9yEUOgKEMKJJZg0wIrulw1kiZU cF1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699099227; x=1699704027; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XJwCZOakw1GihL8POa+0F8h/UO9zpwixoU46jUOgWek=; b=SUC/58ps6rE5vy5V2FgNT/cJnFzhP/Z90MIj/0651/MuUPCbxV5XySj8wnSct/m+29 lWd1nKdxmWuBfkF52yfSYlypY7iezDHe3XUmrfZwC5s5JY/AVw2xjkXvS21I7rDLSCAr +COTWYUmf35IIS15CVMsTkNm0/kfte0wC1rJLk56r1NH7Udob7/WLfs3WyT7IyfiE63s W1dc/0OI/hFUIE8V3iVHH8ksaF5p2W8leJVs07ET9cgru3AEwNfA0E7AgYRzBXwE+x/d QnwDCs2gS4FLswQK+MavykXBNpC6/d45I0hPK7d/Ckc0EwlwkolUyeBj0BdwD6CF+Uyo 1BoA==
X-Gm-Message-State: AOJu0YxI//V4C2b2bE4hXjnduGY1J454A4GdPUgi0sX8TSqlUg9nf7kn KZ9xvT5Z2jdHiOOMLmffoaoHg3EMBVn5e/XfucFWh4OsOYj2iQ33E466Tlns
X-Google-Smtp-Source: AGHT+IEAjZ8PcZ89loWGLkObdvGM2X3vp4TdmCYgFvgxpPdIIYB/Gd/KC2jDGZVjnARUxB9J6dPh3x9N/54G4xadJFg=
X-Received: by 2002:a05:6359:6c87:b0:168:ea50:fcc6 with SMTP id td7-20020a0563596c8700b00168ea50fcc6mr19261164rwb.16.1699099226609; Sat, 04 Nov 2023 05:00:26 -0700 (PDT)
MIME-Version: 1.0
References: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com>
In-Reply-To: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Sat, 04 Nov 2023 12:00:10 +0000
Message-ID: <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: 6man <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d7e23a0609525de7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/NTaKULU6EAECdaR9UmDGnOtaBqQ>
Subject: Re: [IPv6] Variable IIDs
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2023 12:00:29 -0000

Brian,

If we think /64 is too large, then I think it's OK to change 64 to
something else. But making the IID length variable is the wrong solution.
If we do that, we will create a race to the bottom that ends up at /128.

Here's why. Today SLAAC only works on a /64, and a /64 guarantees that
there will always be enough address space to number unlimited devices.
Pretty much every network operator uses that because it's the only thing
that works on all devices. Some operators insist on assigning only a /128
to each device using DHCPv6. This is for various reasons, most notably
consistency with IPv4, the fact that DHCP clients and servers by default
only assign one address, scalability of network entities such as ND caches,
desire to charge for more addresses (yes; as the lead of a major OS network
stack, we get this depressingly often). It's pretty clear from any reading
of RFC 7934 that that is harmful, but those operators don't know or want to
do it anyway. Fortunately (well, unfortunately for those operators), this
doesn't work on a substantial percentage of devices due to lack of support
for DHCPv6, so it's not really a practical solution on most networks. Those
operators occasionally complain about OSes that don't support DHCPv6, but
on the whole we're generally in a situation where devices can get as many
IP addresses as they need, within reason.

However: if we define SLAAC to variable length, as you are proposing here
then those operators will pick the minimum length accepted by
implementations. Today that's /64. If implementations change to accept
fewer addresses (say, /80), then those networks will move to providing the
new minimum. And so on. This starts a race to the bottom that ends at /128.
If you don't believe this, consider: many residential ISPs provide a
reasonably-sized subnet to users, such as a /56. But some provide only a
/60. Some - like mine! - only provide a /64. In my case I could only get a
/56 by signing up for the business offering, which costs 3 times as much.
Now, obviously this example is about prefix sizes, but if we make SLAAC
variable, you can bet that operators will do this within subnets as well.
Consider even during the v6ops discussion of
draft-ietf-v6ops-dhcp-pd-per-device, some participants (Martin, I remember)
asserted that the subnet must be made small enough to prohibit devices from
extending the network.

Note, I am not saying that most or even many networks will do this. But
some will. The consequence of that is that OS vendors like ours will act in
their users' interests, and allow those users to evade those restrictions
by implementing NAT66. At that point everybody loses. The networks don't
get paid more. App developers have to implement NAT traversal and
keepalives. OS vendors have to implement hardware offload APIs for
keepalives. Users have to deal with lower battery life and brittle apps due
to NAT timeouts.

Why do this? If we really think /64 is too wasteful, then we can change it,
once. But we can't make it variable without creating a race to the bottom.
The only way to do that is to pick one size.

Cheers,
Lorenzo

On Sat, Nov 4, 2023 at 2:06 AM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> If anyone wants to turn this into an I-D, please feel free.
>
> title: Variable Length Interface Identifiers
> abbrev: Variable IIDs
> docname: draft-tbd-6man-variable-iids-00
>
> # Introduction
>
> The lowest common denominator method of configuration for IPv6 nodes is
> SLAAC {{!RFC4862}}, which is carefully designed to allow any prefix length
> and any interface identifier (IID) length, provided that they do not total
> more than 128 bits. Until now, specifications of "IPv6 over foo" mappings,
> starting with {{!RFC2464}}, have specified an IID length of 64 bits,
> consistent with the value specified by {{!RFC4291}}.
>
> This document allows a router to announce an IID length other than 64 on a
> given link, and updates RFC 4291, RFC 2464 (and numerous other "IPv6 over
> foo" documents TBD), and RFC 4862 accordingly. It extends {{!RFC4861}} by
> defining a new "IID length" mechanism in RA messages.
>
> Terminology: a "modified" host or router supports this spec. An
> "unmodified" host or router supports RFC 4861 and 4862 precisely.
>
> # Modified procedures
>
> The predefined IID length specified by RFC 4291, RFC 2464, etc. is used to
> configure the link-local IPv6 address of a node exactly as described in RFC
> 4862.
>
> On a link where variable IID length is not supported, the predefined IID
> length will continue to be used to configure all other addresses using
> SLAAC.
>
> On a link where variable IID length is supported, each modified router
> will include an "IID length" indication in every RA/PIO message with the A
> bit set. This will override the value defined in RFC 2464 (etc.) and in RFC
> 4291, for the prefix concerned.
>
> Suggestion: put the IID length in 6 bits of the Reserved2 field of the
> PIO. 0b000000 would mean 64, i.e. no change and backwards compatible. Any
> other value would define an IID length in bits. Values less than 48
> (0b110000) are NOT RECOMMENDED. Values greater than 64 are impossible.
>
> (Note: Reserved1 is not available - see {{?RFC8425}}.)
>
> When a modified node receives an "IID length" less than 64, it will use
> that value instead of the default for all unicast address autoconfiguration
> under that prefix, except link-local.
>
> # Deployment issues
>
>   - Unmodified hosts and unmodified routers: no change, all use 64-bit
> IIDs.
>
>   - Modified hosts and unmodified routers: no change, all use 64-bit IIDs.
>
>   - Modified hosts and modified routers: configure to use longer prefixes
> and shorter IIDs if desired.
>
>   - Modified routers and mixture of modified and unmodified hosts on a
> link:
>
>     - The modified hosts will use a shorter IID and longer prefix if that
> is announced.
>
>     - The unmodified hosts, according to RFC 4861, MUST ignore the
> Reserved1 field. So, according to section 5.5.3 clause d) of RFC 4862, they
> will ignore any PIO advertising a shorter IID. Therefore, the operator has
> two choices:
>
>       1. Decide that unmodified hosts will not be supported (i.e. will not
> be able to configure an address using SLAAC).
>
>       2. Announce (at least) two prefixes on the link - a /64 and a longer
> one, with a shorter IID. For that to make sense, we need an extra rule for
> modified hosts: if a host receives several PIOs from the same router, it
> prefers all those with the shortest IID and ignores the others.
>
>   - Mixture of modified and unmodified routers on a link: don't do that!
>
> # IANA Considerations
>
> Maybe a registry for the Reserved2 field, like RFC 8425?
>
> # Security Considerations
>
> Nothing new?
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email