Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-prefix-per-host)
Fernando Gont <fgont@si6networks.com> Thu, 09 November 2017 17:47 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA521276AF; Thu, 9 Nov 2017 09:47:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XmhqdWy9pBzs; Thu, 9 Nov 2017 09:47:10 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D54D5124239; Thu, 9 Nov 2017 09:47:09 -0800 (PST)
Received: from [192.168.3.83] (unknown [181.165.119.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id DC05F8062B; Thu, 9 Nov 2017 18:47:04 +0100 (CET)
From: Fernando Gont <fgont@si6networks.com>
Subject: Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-prefix-per-host)
To: Lorenzo Colitti <lorenzo@google.com>
Cc: IPv6 Operations <v6ops@ietf.org>, "6man-ads@tools.ietf.org" <6man-ads@ietf.org>, "v6ops-ads@ietf.org" <v6ops-ads@ietf.org>, "6man@ietf.org" <6man@ietf.org>, draft-ietf-v6ops-unique-ipv6-prefix-per-host@tools.ietf.org
References: <be9724f5-2ff5-d90c-2749-ecae2c628b78@si6networks.com> <CAKD1Yr0_a2Qm8U4oK+BQU57DeDUD9i-o_+G+YhnH4pVXRxmxxQ@mail.gmail.com>
Message-ID: <9d154133-a1de-7774-1589-c7069bf279ee@si6networks.com>
Date: Thu, 09 Nov 2017 14:48:55 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr0_a2Qm8U4oK+BQU57DeDUD9i-o_+G+YhnH4pVXRxmxxQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/PB9qEJSM8uaUTj0YNrk-9ZCgnqk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2017 17:47:12 -0000
On 11/08/2017 11:58 PM, Lorenzo Colitti wrote: > On Tue, Nov 7, 2017 at 6:13 AM, Fernando Gont <fgont@si6networks.com > <mailto:fgont@si6networks.com>> wrote: > > While reviewing this document a few days ago, I found that Section 4 > (page 5) contains what is a protocol spec, rather than an operational > BCP. It contains rules regarding how to set the link-layer address (to a > unicast address) for IPv6 multicasted RAs, and how a SLAAC router should > now remember which prefix has been "leased" to which node -- something > that seems to be way outside of the v6ops charter, and that should have > been done in 6man, instead. > > > I don't see how this is a protocol change. Sending RAs unicast is > already allowed by RFC 4861, so this is just an operational practice. That's incorrect. We are talking about sending multicasted internetlayer packets to a unicast link-layer address. There's nothing in RFC4861 that suggests you should do that. RFC6085 says "you shouldn't drop packets if they are internet-layer multicast but link-layer unicast". But certainly, unless a protocol spec says otherwise, the normal mapping applies. There's nothing in RFC4862 that may suggest "leasing one prefix per node". In fact, all nodes share all the prefixes being announced. And when you don't want multiple nodes to share them, you just segment the network one way or another. From the point of view of SLAAC, there's no "one prefix per node". If it happens, it's because you segmented the network, not because SLAAC is meant for that. > Looking at diffs, it seems this additional text was incorporated very > recently, in version -09 of the I-D, published in mid September > (<https://tools.ietf.org/rfcdiff?url2=draft-ietf-v6ops-unique-ipv6-prefix-per-host-09.txt > <https://tools.ietf.org/rfcdiff?url2=draft-ietf-v6ops-unique-ipv6-prefix-per-host-09.txt>>). > It seems to be that this change is way beyond what the authors > originally proposed > > The additional text did not actually change this practice at all.> It > simply clarified what has always been a fundamental premise of this > operational practice: if you want to give each host its own prefix, you > need to ensure that the RA with that prefix is only received by that host. If you want to give each host it's own prefix, you do prefix delegation. So far, SLAAC doesn't do prefix delegation. If you want to do prefix delegation in slaac, write a std track document in 6man, not a BCP in v6ops. > 1) The protocol spec specified in this document requires the SLAAC > router to keep state of the "leased" prefixes -- what seems a major > change to SLAAC, which now would be kind of as stateful as DHCPv6. > > This is a bizarre claim. The first-hop router must always have fully > up-to-date state on all the prefixes it is sending RAs for, otherwise it > cannot fulfill its fundamental purpose of forwarding traffic to those > prefixes. The word "stateless" in SLAAC applies to addresses configured > to the host, not how routers route traffic. A SLAAC router need not maintain any sort of dynamic mapping. It's static configuration information of the sort "I'm announcing this prefix on this interface".. If you think otherwise, please point me the section in RFC4862 where this conceptual data structure is mentioned. (Note: Neighbor Cache, Destination Cache, etc. are all mentioned in RFC4861). > 2) There are scenarios in which multiple nodes might receive the same > packet -- say a NIC let's the packet through because it is in > promiscuous mode -- wich could possibly lead to two nodes configuring > the same prefix. > > Why do you say promiscuous mode is a problem? Even in promiscuous mode, > network stacks already understand which packets are being send to the > host network stack and which are not. For example, in the linux > networking stack, well before the packet ever gets to the ICMPv6 > protocol handlers that would process incoming RAs, ipv6_rcv does: > > if (skb->pkt_type == PACKET_OTHERHOST) { > kfree_skb(skb); > return NET_RX_DROP; > } Great that Linux double-checks this. But it need not. Linux is just one implementation. A very popular one. But one implementation. > 3) What happens if the SLAAC router crashes and reboots, loosing state > of the "leased" prefixes? > > You seem to be assuming that the router does not store the prefixes in > stable storage. Routers store configuration info, not dynamic mappings. Simple scenario: With slaac, the network is 100% resilient if a rotuer crashes and reboots (because, as the name implies, it is stateless). With this protocol you are specifying in this document, if the router crashes and reboots, the network may just break -- same prefix may be reassigned to different nodes, etc. > It's certainly the case that if you want this scheme to > work across router crashes, then you need to ensure that the prefixes > are stored somewhere. That sort of seems self-evident, but we could add > it to the text. SLAAC stores *configuration information*. This protocol that you are specifying requires SLAAC to store the *dynamic mappings* of which prefix was "leased" to which host. And the fact that you need this for this mechanism to work is an indication that you are specifying a protocol. (Call it Stateful SLAAC, or AAC ;-) ) An operational practice is when you fiddle with the knobs that a protocol gives you. Here you are introducing a state machine into SLAAC. That's certainly not an operational practice, but rather a fundamental change to SLAAC that makes it a stateful protocol > 4) How are prefixes selected? And, what's the minimum size of the pool > of prefixes for the selection algorithm not to break due two "prefix > collisions"? Does the selection algorithm have any specific properties? > > I see no reason why this should be in scope for this document. Actually, what's not in the scope of this document, and not within v6ops charter, is the protocol you are specifying to handle prefixes with SLAAC. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-pref… Fernando Gont
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… DY Kim
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Brian E Carpenter
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Lorenzo Colitti
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Erik Kline
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Erik Kline
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Warren Kumari
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fernando Gont
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fernando Gont
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Templin, Fred L
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Brian E Carpenter
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Mark Smith
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Lorenzo Colitti
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fred Baker
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fred Baker
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… joel jaeggli
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Brian E Carpenter
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Warren Kumari
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Alexandre Petrescu
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Bob Hinden
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Erik Nordmark
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Bob Hinden
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Erik Nordmark
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DaeYoung KIM
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Brian E Carpenter
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Erik Nordmark
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Mark Smith
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Enno Rey
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Bernie Volz (volz)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Michael H Lambert
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Philip Homburg
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Templin, Fred L
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Mark Smith
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fred Baker
- DHCPv6 PD route injection (was: Re: [v6ops] State… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Suresh Krishnan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Warren Kumari
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fred Baker
- Re: [v6ops] DHCPv6 PD route injection (was: Re: S… Brzozowski, John
- Upleveling discussion (was Re: [v6ops] Stateful S… Suresh Krishnan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: Upleveling discussion (was Re: [v6ops] Statef… Erik Nordmark
- Re: [v6ops] Upleveling discussion (was Re: Statef… Brian E Carpenter
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: Upleveling discussion (was Re: [v6ops] Statef… james woodyatt
- Re: [v6ops] Upleveling discussion (was Re: Statef… Gert Doering
- Re: Upleveling discussion (was Re: [v6ops] Statef… Fernando Gont