IETF Logo Mail Archive

[IPv6]Re: [Snac] Re: Re: I-D Action: draft-ietf-6man-rfc6724-update-21.txt

Timothy Winters <tim@qacafe.com> Thu, 24 July 2025 11:46 UTC

Return-Path: <tim@qacafe.com>
X-Original-To: ipv6@mail2.ietf.org
Delivered-To: ipv6@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0C9734A3C801 for <ipv6@mail2.ietf.org>; Thu, 24 Jul 2025 04:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=qacafe.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJ2z9Jx2bjE2 for <ipv6@mail2.ietf.org>; Thu, 24 Jul 2025 04:46:49 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 83EDC4A3C6BE for <ipv6@ietf.org>; Thu, 24 Jul 2025 04:46:39 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-ae6f8d3bcd4so164599366b.1 for <ipv6@ietf.org>; Thu, 24 Jul 2025 04:46:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qacafe.com; s=google; t=1753357598; x=1753962398; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/IRnd/LaoTf7zXOCg/fZSWxys4UC3GPhy2MIhGQXucA=; b=UnU+OSdtHNNW4383E3GaP2yS/7bwMoivaqkarUAVinoYvDuR2O7OvbCjJEEHbMxYIV U0hFRlrD3leBQYo8NQ9quLoieNsoTk9RGVEvpCJgOwdFqTzuKJ2vwAgZWe+48nj7aCZt T7T0Sx5CrxhCYHbs+tIZ7cRK8dkoWSnuNHUNU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753357598; x=1753962398; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/IRnd/LaoTf7zXOCg/fZSWxys4UC3GPhy2MIhGQXucA=; b=bgCpoDTiur/1KToa/WhSOBPW7FJ1j49wWycIwHKhnN0/0gvi7UEZBEkhO7FFROqbPa BksB+qXUlaJ8GRdEFy3R2CxLoMgQjZK+PKUAl1iQm+LZNNKGNBjDVDxMzw+z5XaZm4Bd CSAwnfBvjF1hH2WOSplZRnKDlbQIPHuuT3lcPTWFb1k2E1prZ8G9pWCT92WhwoLQDNS8 qKNYMGTWeX62A2IpqKNku5CNugOGyWvBt80MjEHqtzBQUxTTUsyQztADUMb5fwcJBEKB SrhiNSyDobJ6/oT8XCHOz8qalNbDh9CpFgoaQO3aCpSMEtO/mIczFj8rLom713JlQjnU rZBw==
X-Forwarded-Encrypted: i=1; AJvYcCXUomv8VFB9RiYPXbXbWJAQW70J2n0UbvZEJ+rAOJeZEOwgd5SRu7UL0HWEm4iqf4xiIl86@ietf.org
X-Gm-Message-State: AOJu0YwSdOQEsfusl5LTBydLB7nIa7P/Ho9lCcr5Ckm8XSGxpYuB09Y4 prxpAoMDVpaWech7jPe7+WBi3uF5CRxDLmsg33x+d7ynWVWXwXBfV8zrpGjcvu4In7E7BBvIGJH rroehKMS73t56dBRiDkxTplaLk5VCfIl9cMze2Ei6WQ==
X-Gm-Gg: ASbGncvnioU0UAhuauU7K5laxP8YDGFRrzouz4dkACYqbYAmJ7Cgx39FIDaHY/C7ssh zJdrKeasH58ps78DR4FP3RuflwLobnYmG9DtaYUk8nqYOq1SiJqc8W8nAnc4cjJfLoomVlGDkd7 gkEG8fGKfJq0tYBbBpSXMnspYyV/oje1luq6mrGbm2/Nm5AYuJ/g3De06eZz4ZY8AKgj3ZctozY f/D3+p+8Ioy4iexKLtccERUdTeiQbNPkw0EdTX/B0cEBKK7NQ==
X-Google-Smtp-Source: AGHT+IE5Axa5O4yNmCcltBOxBQFV8q5WS9yTCjijpAKRd3R8wgzPdZP2rfhAA2oS5517tck+Nv3h5lK0VguMNFx2mHY=
X-Received: by 2002:a17:906:d54d:b0:ae3:bd92:e69b with SMTP id a640c23a62f3a-af2f64c03e9mr700288266b.7.1753357598244; Thu, 24 Jul 2025 04:46:38 -0700 (PDT)
MIME-Version: 1.0
References: <175071730132.502784.5026151083314117768@dt-datatracker-6754d69b7c-p2xd7> <CAKD1Yr3zcThnQx2qE3xB3n+tmzgq7vAZ9nH4CcEVHHfp=AH44Q@mail.gmail.com> <CACMsEX8eUxE2c0HPBpRqziJ=mL=+ef1iNRxpqdjT7cDBG-3gVw@mail.gmail.com> <4AE1AC9E-5603-4EB2-AE40-F946AB60B1E9@gmail.com> <CACMsEX-M5u6gv0kaSxM0uezy8f==caUwUKudDE1d-Jrb1ADVZA@mail.gmail.com> <16856.1751464682@obiwan.sandelman.ca> <1D359801-41B8-410F-9AFE-9FFA92A69941@fugue.com> <32467.1751482387@obiwan.sandelman.ca> <62c4ec95-c647-474f-b2a6-1fcc6ab67193@app.fastmail.com> <CACMsEX-Vbd=XkQzEEN3jn9Oez1RQ5QpqrWcXibHCFfqK+OO_Ww@mail.gmail.com> <e16baa49-9e68-4867-9b00-892eec67ebb5@app.fastmail.com> <CAKD1Yr2jv6eE7UMCfq=4ePpt6omkeD6GG=PC7=M7R-AV_-pWew@mail.gmail.com> <CACMsEX_71gbWnJYUg17gABBo0dUR+4LFaBWdH2twSNB0xgYmAA@mail.gmail.com>
In-Reply-To: <CACMsEX_71gbWnJYUg17gABBo0dUR+4LFaBWdH2twSNB0xgYmAA@mail.gmail.com>
From: Timothy Winters <tim@qacafe.com>
Date: Thu, 24 Jul 2025 13:46:27 +0200
X-Gm-Features: Ac12FXxEOJkaHD4igj4gNWdRipb3NB_O5PJWDQVW7G1ZvbEIWCghOJUxs1FOOSQ
Message-ID: <CAJgLMKuZHTrG9c1u-EUL1bE0JUUfAVUb-7Nj-xFgZvrWgVkRoA@mail.gmail.com>
To: Nick Buraglio <buraglio@forwardingplane.net>
Content-Type: multipart/alternative; boundary="000000000000cedfb9063aab608a"
Message-ID-Hash: OY56YMRWJ3LBNKTF5XOGZAVM46RRUWLB
X-Message-ID-Hash: OY56YMRWJ3LBNKTF5XOGZAVM46RRUWLB
X-MailFrom: tim@qacafe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-6man-rfc6724-update.authors@ietf.org, 6man Chairs <6man-chairs@ietf.org>, "6man-ads@tools.ietf.org" <6man-ads@ietf.org>, 6man WG <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPv6]Re: [Snac] Re: Re: I-D Action: draft-ietf-6man-rfc6724-update-21.txt
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/NyPPbMaNslEcww_A07G_qfQHDlc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

Hi Nick,

Thanks for the rapid response, this addresses all my comments.

~Tim

On Thu, Jul 24, 2025 at 1:03 PM Nick Buraglio <buraglio@forwardingplane.net>
wrote:

> I believe I have addressed the comments in the INTDIR review as well as
> the issues that Lorenzo has brought up. A diff of the changes can be found
> here:
> https://github.com/buraglio/draft-buraglio-6man-rfc6724-update/pull/55/files
>
> If we are happy with this, I will merge the changes and we can submit
> (hopefully) the final version for release to the RFC Editor. If there are
> further changes requested or if I have missed something let me know and I
> will get it addressed prior to the submission.
>
> nb
>
> On Tue, Jul 22, 2025 at 3:31 PM Lorenzo Colitti <lorenzo@google.com>
> wrote:
>
>> Nick,
>>
>> Thanks for making the changes.
>>
>> I reviewed the whole document again and have the suggestions below. They
>> are all minor and likely optional, with the exception of the "are
>> deprecated" -> "become invalid" change which I think is important, but
>> perhaps something that should be discussed in the WG.
>>
>> Cheers,
>> Lorenzo
>>
>> Abstract:
>> OLD:
>> It further clarifies the unconditional requirement for implementing Rule
>> 5.5 of RFC 6724
>>
>> NEW:
>> It makes introduces a requirement to implement Rule 5.5 of RFC 6724
>>
>> ====
>>
>> Section 1.1:
>> OLD:
>> This document therefore introduces two changes to RFC6724 to support a
>> node implementing elevated or differential precedence for known-local ULAs
>>
>> NEW:
>> This document therefore introduces two changes to RFC6724 to require that
>> nores implement elevated or differential precedence for known-local ULAs
>>
>> ====
>>
>> Section 2
>> OLD:
>> Known-local ULA: A ULA prefix that an individual organization/site has
>> determined to be local to a given node/network/administrative domain
>>
>> NEW:
>> Known-local ULA: A ULA prefix that a node has determined to be local to a
>> given node/network/administrative domain
>>
>> (Rationale: the thing that needs to "know" whether the ULA is local or
>> not is the host.)
>>
>> ====
>>
>> Section 3
>> OLD:
>> second to change Rule 5.5 adjusts precedence of addresses in a prefix
>> advertised by the next-hop to a requirement
>>
>> NEW:
>> second to change Rule 5.5, which adjusts precedence of addresses in a
>> prefix advertised by the next-hop, to a requirement
>>
>> ====
>>
>> Section 3.1
>> OLD:
>> $known_local/48       45    14 (**)
>>
>> NEW:
>> $known_local/4x       45    14 (**)
>>
>> OLD:
>> (**) $known_local = the ULA Known-Local /48 IPv6 prefix(es) (if any)
>>
>> NEW:
>> (**) $known_local = the ULA Known-Local IPv6 prefix(es), with lengths
>> between /40 and /48 (if any)
>>
>> (Rationale: the document is very clear that known locals are not exactly
>> /48 but are between /40 and /48)
>>
>> ===
>>
>> Section 3.3
>> OLD:
>> These known-local ULA prefixes are inferred from ULA addresses assigned
>> to interfaces or learned from Prefix Information Options (PIOs) in Router
>> Advertisements (RAs) [RFC4861] received on any interface regardless of how
>> the PIO flags are set. Further, they are learned from Route Information
>> Options (RIOs) in RAs received on any interface by Type C hosts that
>> process RIOs, as defined in [RFC4191].
>>
>> NEW:
>> These known-local ULA prefixes are inferred from ULA addresses assigned
>> to interfaces or learned from Prefix Information Options (PIOs) in Router
>> Advertisements (RAs) [RFC4861] received, regardless of how the PIO flags
>> are set. Further, they are learned from Route Information Options (RIOs) in
>> RAs received by Type C hosts that process RIOs, as defined in [RFC4191].
>>
>> (Rationale: saying that the RIO can be received "on any interface" could
>> suggest that hosts connected to multiple provisioning domains would merge
>> known-local ULAs from different interfaces.)
>>
>> OLD:
>> when the announced RIOs or PIOs are deprecated
>>
>> NEW:
>> when the announced RIOs or PIOs become invalid
>>
>> (Rationale: a local ULA is still local even if it's deprecated.)
>>
>> ===
>>
>> Section 5.4
>> OLD:
>> Known-local ULA-ULA preferred over IPv4-IPv4
>>
>> NEW:
>> Known-local ULA-known-local ULA preferred over IPv4-IPv4
>>
>> (Rationale: the last sentence in the section makes it clear that this is
>> for pairs where both source ULA and destination ULA are local.)
>>
>> ===
>>
>> Section 5.5
>> OLD:
>> An IPv6 ULA address will only be preferred over an IPv4 address
>>
>> NEW:
>> An IPv6 ULA source address will only be preferred over an IPv4 address
>>
>> ===
>>
>> Section 7.2
>> OLD:
>> are not recommended being installed in the global DNS
>>
>> NEW:
>> not recommended to be installed in the global DNS
>>
>> (Rationale: the text should match what RFC 4193 actually says)
>>
>> On Fri, Jul 4, 2025 at 6:27 PM Ted Lemon <mellon@fugue.com> wrote:
>>
>>> LGTM. Thanks, Nick!
>>>
>>> On Fri, Jul 4, 2025, at 6:06 PM, Nick Buraglio wrote:
>>>
>>> Before I submit a new draft, can folks take a look at the diff to
>>> confirm that these are what we want? The changes are in section 3.3 and
>>> address:
>>>
>>> Erroneous re-import of rule 6 (now removed)
>>> SNAC generated GUA changed to ULA in rule 5 per Ted.
>>>
>>>
>>> https://github.com/buraglio/draft-buraglio-6man-rfc6724-update/pull/52/files
>>>
>>> On Wed, Jul 2, 2025 at 2:41 PM Ted Lemon <mellon@fugue.com> wrote:
>>>
>>>
>>> A network can have more than one non-SNAC subnet. On such a network, if
>>> a device on an infrastructure link adjacent to the SNAC link treats the
>>> SNAC-advertised ULA prefix as known-local, it might attempt to use it as a
>>> source address when communicating with a device on a non-SNAC-adjacent
>>> link. This would fail because the SNAC ULA prefix can’t be routed. Hence
>>> the prohibition on using SNAC router RAs when identifying ULAs as known
>>> local.
>>>
>>> Regarding ULAs and PD on the local link, it is expected that CE routers
>>> will generate a ULA prefix, and that they will delegate /64s from it. These
>>> /can/ and /should/ be treated as known-local. But since  /64s from this
>>> prefix will be advertised on non-SNAC links in the home network, the ULA
>>> /64 prefix allocated to the SNAC router should also be treated as
>>> known-local, even if the SNAC router’s RA is ignored for the purposes of
>>> deciding which ULA prefixes are known-local.
>>>
>>> On Wed, Jul 2, 2025, at 8:53 PM, Michael Richardson wrote:
>>>
>>>
>>> Ted Lemon <mellon@fugue.com> wrote:
>>>     > The fix is to just change SNAC-generated GUAs to SNAC-generated
>>> ULAs.
>>>
>>> Glad to know I didn't get something wrong here.
>>> I was like... wait... did I mis-understand SNAC in some fundamental way?
>>> Yes, change it to "SNAC-generated ULAs"
>>>
>>> But, I'm still surprised any text needs to mention SNAC and the S-bit.
>>>
>>>     > That said, it's also true that if a SNAC router gets a ULA from a
>>> DHCP
>>>     > prefix delegation, that _is_ provided by infrastructure, and
>>> _could_ be
>>>     > treated as known-local. Hopefully infrastructure is advertising a
>>>     > prefix in infrastructure-provided RAs that covers the delegated
>>> /64. I
>>>     > don't think we can really solve this problem in some other way,
>>> but in
>>>     > practice I think it's unlikely to be a problem.
>>>
>>> A home router could generate a RIO for the entire (GUA) prefix delegated
>>> by
>>> the ISP.   I've never seen that done.  More and more pubs in Ottawa seem
>>> to
>>> have v6 with PD.  They likely don't have a stub network (yet).
>>>
>>> I think that source address selection works fine when going to a GUA
>>> prefix
>>> not on the infrastructure link.   The rules pick the GUA, and assuming
>>> the
>>> home router is doing the right hair-pin routing to get packets there,
>>> there
>>> should be no issue.
>>>
>>> Now, you actually wrote, above, that the SNAC router gets a **ULA** from
>>> DHCPv6.
>>> This would be in the ULA that the home router has randomly allocated to
>>> be
>>> local. (as per 7804, etc.)
>>>
>>> But, then you wrote "delegated /64", and I was confused, because the ISP
>>> didn't delegate a ULA, but you mean the /64 that the home router
>>> delegated to
>>> the SNAC Stub Router.
>>>
>>> My understanding is that the overall effect of all this work is that
>>> we'll
>>> mark the entire /48 as local and higher priority than NAT44, so
>>> everything
>>> should just work even if there were v4-addresses for the STUB network,
>>> which
>>> there ought not to be.  Again, I'm not sure why we had to exclude S-bit
>>> RAs.
>>> If a host (ignorant of these changes) picks its GUA to talk to the SNAC
>>> delegated ULA, then that also ought to work.
>>>
>>> --
>>> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT
>>> consulting )
>>>            Sandelman Software Works Inc, Ottawa and Worldwide
>>>
>>>
>>> *Attachments:*
>>>
>>>    - signature.asc
>>>
>>>
>>>
>>> --
>>> Snac mailing list -- snac@ietf.org
>>> To unsubscribe send an email to snac-leave@ietf.org
>>>
>>

v2.45.0 | Report a Bug | By Email | System Status