IETF Logo Mail Archive

Re: A common problem with SLAAC in "renumbering" scenarios

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 03 February 2019 19:01 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 392521277D2; Sun, 3 Feb 2019 11:01:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.4
X-Spam-Level:
X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhk0x_4Toyz9; Sun, 3 Feb 2019 11:01:51 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01BC1126BED; Sun, 3 Feb 2019 11:01:50 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [209.226.201.241]) by relay.sandelman.ca (Postfix) with ESMTPS id 70E2B1F8BE; Sun, 3 Feb 2019 19:01:48 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 6C9BCFF2; Sun, 3 Feb 2019 14:01:24 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
cc: Fernando Gont <fgont@si6networks.com>, Mikael Abrahamsson <swmike@swm.pp.se>, Mark Smith <markzzzsmith@gmail.com>, v6ops list <v6ops@ietf.org>, 6man WG <ipv6@ietf.org>
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
In-reply-to: <857eef9b-e37d-1e3e-cf7f-ce2122f4d645@joelhalpern.com>
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <alpine.DEB.2.20.1901311236320.5601@uplift.swm.pp.se> <m1gpCcz-0000FlC@stereo.hq.phicoh.net> <ddd28787-8905-bafd-3546-2ceef436c8b0@si6networks.com> <m1gptWx-0000G3C@stereo.hq.phicoh.net> <69609C58-7205-4519-B17A-4FBC8AE2EA16@employees.org> <ac773bb5-0da8-064b-d46b-3a218b8c9e7a@si6networks.com> <CFAEACC4-BA78-4DF9-AD8A-3EB0790B8000@employees.org> <a4f6742e-f18e-3384-d4cc-06bfab49101f@si6networks.com> <FEFA99C2-4F09-4D8F-8D51-C9D9D7090637@employees.org> <a484d5de-0dce-a41a-928e-785d8d80d05d@si6networks.com> <CAO42Z2xzYQESqqsz4AEE89vx=AhvBEf8Yzyae9o7z1U1XYyarw@mail.gmail.com> <alpine.DEB.2.20.1902031813310.23912@uplift.swm.pp.se> <23b3ffc3-7f01-6d15-ae93-c0e6932d53a6@si6networks.com> <857eef9b-e37d-1e3e-cf7f-ce2122f4d645@joelhalpern.com>
Comments: In-reply-to "Joel M. Halpern" <jmh@joelhalpern.com> message dated "Sun, 03 Feb 2019 13:30:08 -0500."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sun, 03 Feb 2019 14:01:24 -0500
Message-ID: <31780.1549220484@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/S8-jhFV46Ph6Fr9PQsJjVoBn0BE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Feb 2019 19:01:53 -0000

Joel M. Halpern <jmh@joelhalpern.com> wrote:
    > Given that if the CPE had stored the delegated prefix, it could have
    > continued to use it, one could equally (and arguably with more
    > justification) argue that the DHCP server violated its contract with
    > the CPE when it did not return the still-valid prefix (with a correct
    > lifetime).  After all, the server madea "contract" when it handed over
    > the address.

I mostly agree with your analysis.

There are some additional situations that make this a bit murkier:
1) The CPE died and was replaced, reflashed, upgraded, etc.  After which,
   it could well have a different DHCP DUID and the DHCP server thinks this
   is a different customer/device.  This is hard to get wrong with PPPoE
   if one links the prefixes to the customer login (via radius or other).
   On cable it's easier to get wrong, particularly if the CPE failure results
   in the new one having a different ethernet address (ethernet randomization not
   always good or useful)

2) The ISP died and the user connected to a different ISP!
   The prefix is legitimately quite different.

3) The customer was moved to a different CMTS, with the result that really
   needs to be renumbered.  I think that ISPs can do this correctly by
   setting correct lifetimes and doing some /60 routing until the lease
   expires, but...

    > Have I missed something in the "problem"?  Robustness is nice.  But
    > let's not bend over backwards trying to fix a problem of multiple
    > failures.

I think that the flash write issue is really not that big a deal.
It requires one write per renumber if done intelligently.  Perhaps one can
further enhance the heuristic to not bother if the lease time is less than a
few hours:  There are apparently jurisdictions where everyone gets renumbered
at 1am, but in those places the lifetimes should be very small.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email