Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis

Philip Homburg <pch-ipv6-ietf-10@u-1.phicoh.com> Tue, 19 March 2024 14:15 UTC

Return-Path: <pch-b538D2F77@u-1.phicoh.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5B4C14F6E4 for <ipv6@ietfa.amsl.com>; Tue, 19 Mar 2024 07:15:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PS4i901K6f2D for <ipv6@ietfa.amsl.com>; Tue, 19 Mar 2024 07:15:05 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [IPv6:2a10:3781:2413:1:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27FDAC14CF12 for <ipv6@ietf.org>; Tue, 19 Mar 2024 07:14:57 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-RSA-CHACHA20-POLY1305) (Smail #158) id m1rmaEm-0000LbC; Tue, 19 Mar 2024 15:14:44 +0100
Message-Id: <m1rmaEm-0000LbC@stereo.hq.phicoh.net>
To: ipv6@ietf.org
From: Philip Homburg <pch-ipv6-ietf-10@u-1.phicoh.com>
Sender: pch-b538D2F77@u-1.phicoh.com
References: <df333346-f108-3782-0ff5-4bd85d7b49ac@gmail.com> <015F13BE-32F7-4C8B-8C86-C9153FE9C9E9@employees.org> <CAPt1N1mr+YLQjHf6wKK__-K1-Rywtg0K03DpwZZRz6USHOKfhA@mail.gmail.com> <39de45b5-eca1-d627-dac2-abe47f2e7bca@gmail.com> <CAPt1N1nwVSo=D9PXGAj9Hi5RUAK46aR_3P3kCLByDYXSN-UomA@mail.gmail.com> <645a37c1-6d3c-af54-e9ff-c743f07293b6@gmail.com> <CACMsEX-rXO6CWwmBy81AaAUBr7seZugVjVjUZSOxMia9VcnVpw@mail.gmail.com> <m1rmFZR-0000LeC@stereo.hq.phicoh.net> <CAKD1Yr1GGQtNrCKxswOMPP8kzwuiVdgNb9m2Buhv+Xrj1TtLBg@mail.gmail.com> <F3F5C9B3-FB67-43A2-B0E1-C1985C9D82BD@employees.org> <m1rmYbU-0000JNC@stereo.hq.phicoh.net> <32A17F84-8B8B-4401-B8DA-683D3EF42C2F@employees.org>
In-reply-to: Your message of "Tue, 19 Mar 2024 13:43:16 +0100 ." <32A17F84-8B8B-4401-B8DA-683D3EF42C2F@employees.org>
Date: Tue, 19 Mar 2024 15:14:42 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/QTOd2ezbRILKBsC6oykBdfBeMm0>
Subject: Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 14:15:07 -0000

> I have a network:
>  - multi-homed - offering external services from stable addresses
>  - have applications / host stacks that do not support MPMH nor
>  handle ephemeral addresses well
> 
> Whats the solution that is available for that network today? Stick
> to IPv4 because you Mr User isnt found worthy to use IPv6 is of
> course one answer.

In my limited experience, applications and hosts respond quite well to
deprecation and invalidation of prefixes. Of course, the 2 hour
minimum for invalidation is annoying in this context.

Deprecation is instant. So for new flows, a switch from one prefix to another
is instant. 

The tricky part is applications that use TCP connections but do not check if
the connection is life. This is sometimes a matter of configuration. For
example, openssh supports a keepalive mechanism that aborts the connection
if the connection fails for some period of time.

So by and large, the vaste majority of internet use works fine on todays hosts
and applications, assuming routers actively deprecate and invalidate unwanted
prefixes.

If we can assume a NPT implementation in the network, then we can also 
assume up-to-date prefix information from routers. It is the same source
address selection process.

There is one exception I can think of, if the NPT box would select different
source addresses based on the destination of a packet, then that is something
that currently hard support in a different way.