IETF Logo Mail Archive

Re: “DHCPv6, SLAAC, Static Day X - 17 year interoperability issue” 2nd issue

Gyan Mishra <hayabusagsm@gmail.com> Tue, 10 November 2020 02:35 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 920D83A15A5; Mon, 9 Nov 2020 18:35:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSrSRE_zeS6Y; Mon, 9 Nov 2020 18:35:16 -0800 (PST)
Received: from mail-vk1-xa31.google.com (mail-vk1-xa31.google.com [IPv6:2607:f8b0:4864:20::a31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 782FF3A1086; Mon, 9 Nov 2020 18:35:16 -0800 (PST)
Received: by mail-vk1-xa31.google.com with SMTP id s135so2386933vkh.6; Mon, 09 Nov 2020 18:35:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dp3WpGpMn9ejBPwBy0pWwaZFS5VikDWNz/BvAVJawpI=; b=hVmzTDS+yUpWTGh6eVQmaTU51qH2b7+pSEqFff8zNtW3EYldBuwbXE6QlxBCfF2ca7 LD1Ic4XHFLMqOPEHUP9vaRBpQUy0dy4BnncO8E9FdtYzDORiCnD9UUw8vN/pA+OFoV3g 0pW4R3rIGaWRmuqqIuy0xXC/b/X8SbfSr5TmGnpYPYIbR+SZ7SmECpRvPBbCow5A2tY8 m+K9/Z9JNlR/H49QCbXy3zu0bLud8NyECudDk7ld3ownkrZKqug7yCKQM1KQxvsi4VR1 BNDnOzkBkY+odP4RDisf79uRn2HysapBRXnOOJdxa2qSb+dDwCNe6iz896VrGO9r/bRF qqTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dp3WpGpMn9ejBPwBy0pWwaZFS5VikDWNz/BvAVJawpI=; b=Ih6CqYx91Tp4ys1akgKn0Q8Ogrodi/JKVREYrcDt5HSPExbM3dBMzB0I4RiHjHjQr1 qbsQdfO4TzRgZNWWP355Ukbb62B+0lW2ja+++d01xL0ibCjn3jozM5MNoaqP++gS9Eoz PKbbvkr+YTHJUJyTqZVU+LP23nJaaL0e2IdQBmk08hcmFgW+x9EaL2hsZPazz3dwcIQy RRT9h0UZhBfpdR6rN8uSr6sYULf+Xul568vl4iP1tb36mTxxfDcpscSl7/kSIXEVsE8A znU1kvqIeRN2M1hpvenPM6+1YD4C0y5M4d4Mapi72hdCw+JlBGUJeMhzFghhlyr9+kvY 8hWw==
X-Gm-Message-State: AOAM5339B9na0WjsIda061td+O9ckkmGK9KKBtjpQ0IMEHZFKVMT9qP/ uTbmniaG6YSXhBdAyHYeEjAdkoyTYUjADURYTT7roDJ9SrOLLQ==
X-Google-Smtp-Source: ABdhPJzeW+SZxjRroFUpDdDVpTbHBWMe8obZguXxcaA9UiW0LSQ5PKWmKPp9WETbEDm2w6+DcfAQYKkytNTeKExu+iE=
X-Received: by 2002:a1f:1647:: with SMTP id 68mr8663005vkw.5.1604975715381; Mon, 09 Nov 2020 18:35:15 -0800 (PST)
MIME-Version: 1.0
References: <3A94E3B6-EA5A-453A-8CB1-C11BBDF88B53@gmail.com> <0b83b083-7179-0277-d32e-ac48d9d6fe24@joelhalpern.com> <CABNhwV3HxouhWtWWihLBo7JOjKhOos-AZotGNtkUA5e5jgihiQ@mail.gmail.com> <3132990a-efaa-8582-4d7e-37edd3a70f41@joelhalpern.com>
In-Reply-To: <3132990a-efaa-8582-4d7e-37edd3a70f41@joelhalpern.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 09 Nov 2020 21:29:43 -0500
Message-ID: <CABNhwV255GiswknJCfWr+jxhsYiTLujTaP4Kq9LZVRxLztNR-w@mail.gmail.com>
Subject: Re: “DHCPv6, SLAAC, Static Day X - 17 year interoperability issue” 2nd issue
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: 6man WG <ipv6@ietf.org>, draft-mishra-6man-variable-slaac@ietf.org
Content-Type: multipart/alternative; boundary="000000000000637b5e05b3b78789"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/TgGit3mB7vqBtkGRFcKAd7wQLPo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 02:35:20 -0000

I was just giving an example of mixed hosts on the same subnet using
different IPv6 addresses methods.  So it can be any network or any scenario
where you have mix of addressing methods with longer prefixes.

The problem is that SLAAC does not support >64 prefixes due to IID 64 bit
limitation and that prevents use of DHCPv6 stateful or static with >64
prefix subnets.


On Mon, Nov 9, 2020 at 9:19 PM Joel M. Halpern <jmh@joelhalpern.com> wrote:

> Gyan, I apparently was not unclear.
> I was not asking who needs to use longer prefixes.  I was asking why.
> Telling me that some data enters want them does not tell me what problem
> the data center needs to solve.
>
> Can you explain what problem needs to be solved, for whichever community
> it is that needs to deploy these longer prefixes?
>
> I presume there is a real problem.  But I can not tell from your
> description what it is.
>
> Thank you,
> Joel
>
> On 11/9/2020 8:37 PM, Gyan Mishra wrote:
> > This is a separate issue from 3GPP PDP handset segmentation issue to
> > downstream devices.
> >
> > This issue exists with any deployments where the operator would like to
> > deploy >64 prefix length host subnets at data center or access layer and
> > this could be an enterprise or service provider use case where the
> > router infrastructure is statically configured so no PD here.
> >
> > So in this case the operator would like to deploy >64 prefixes and has
> > let’s say all servers are configured with static and all access hosts
> > are configured with dhcpv6 stateful RFC 8415.  No  PD here.   So we have
> > both static and stateful hosts on the same subnet.
> >
> > So now you have SLAAC hosts that get added to that same subnet  that now
> > don’t support static or DHCPv6 stateful let’s say Chromebook or could be
> > any device type for example and now your are in trouble.
> >
> > So now due to SLAAC not supporting longer prefixes that very real fear
> > of host operating systems that may only support slaac you and up in an
> > terrible interoperability situation that you have to change your prefix
> > length for all devices back to /64 so that all devices types with the 3
> > different IPv6 address allocation scheme can operate on the same subnet.
> >
> > So due to this major 17 year issue operators have not been able to
> > deploy longer prefix lengths to host subnets.
> >
> > This is a MAJOR problem for all operators.
> >
> >
> > Hope that helps clarify the interoperability issue.
> >
> >
> > Gyan
> >
> > On Mon, Nov 9, 2020 at 8:06 PM Joel M. Halpern <jmh@joelhalpern.com
> > <mailto:jmh@joelhalpern.com>> wrote:
> >
> >     You say "In deployment cases where you would like to deploy longer
> >     prefix length subnets".
> >     What problem are you facing that requires longer subnets?  I
> understand
> >     that problems that have been raised that require delegation.  That is
> >     not tied to longer or shorter, and I think is better addressed by
> >     shorter prefix lengths.
> >
> >     Is there some other problem you face that leads to needing longer
> >     prefix
> >     lengths?
> >
> >     Yours,
> >     Joel
> >
> >     On 11/9/2020 7:35 PM, Gyan Mishra wrote:
> >      >
> >      > This may have gotten lost in all the threads so starting a new
> >     thread.
> >      >   The issue is interoperability related issue between the 3 IPv6
> >      > addressing options that had been broken for 17 years.
> >      >
> >      > Problem Statement:
> >      >
> >      > The main point I am trying to make is that static address
> >     configuration
> >      > and DHCPV6 stateful RFC 8415, you can have any prefix length
> prefix.
> >      > SLAAC with A flag set requires a  64 bit IID and that stems from
> RFC
> >      > 4291 modified EUI64 mac based IID generation.  However, now with
> >     random
> >      > IID generation schemes with RFC 4941 privacy extension and RFC
> 7217
> >      > stable IID you can generate any length IID.
> >      >
> >      > The operational issue with SLAAC not supporting any prefix length
> >     in PIO
> >      > and requirement for the 64 bit boundary is that in a deployment
> >     scenario
> >      > where you would like to deploy longer prefix length subnets with
> >     a mix
> >      > of server hosts with static address and mix of client hosts with
> >     managed
> >      > address M=1 that get their 128 bit address from the DHCPv6 server
> >     pool,
> >      > the fear has always been that if a device came up on the subnet
> that
> >      > only supports SLAAC it would not work due to the SLAAC A flag set
> >     and 64
> >      > bit IID requirement.  In that case the SLAAC host would not be
> >     able to
> >      > communicate with any of the devices with a longer prefix
> >     including the
> >      > router.
> >      >
> >      > So that fear of interoperability of SLAAC hosts not being able to
> >      > support longer prefix lengths has prevented operators from being
> >     able to
> >      > deploy subnets with longer prefix lengths, as it’s hard to
> >     predict that
> >      > all hosts will be able to support static or stateful and so you
> >     may end
> >      > up in a situation where a device type may only support SLAAC so
> >     then you
> >      > are in trouble deploying longer prefix lengths.
> >      >
> >      > Due to the SLAAC 64 bit IID restrictions it has prevented
> >     operators from
> >      > deploying “host” subnets with >64 bit prefix lengths.
> >      >
> >      > f you go to the “root” of the problem the root is the original
> IPv6
> >      > specification RFC 1884 dated 1995, RFC 2373 dated 1998, RFC 3513
> >     dated
> >      > 2003 and now the present RFC 4291 dated 2006.  As soon EUI64 mac
> >     based
> >      > IID become not recommendedR and obsolete the standard should have
> >      > immediately updated RFC 4291 as the dependency on fixed IID is no
> >     longer
> >      > as now random IID generation schema starting with RFC 4941 privacy
> >      > extension dated 2007 soon became standard for all OS vendors and
> >     later
> >      > RFC 7217 stable IID became an alternative option to provide a
> >     “random” IID.
> >      >
> >      > Once random IID became mainstream in all Host Operating Systems
> >     it was
> >      > at that moment that the standard should have changed to update
> >     RFC 4291
> >      > to permanently remove in all RFCs any mention of 64 bit boundary.
> >      >
> >      > So this change if I do the math is now 13 years past due.  Even
> >     if you
> >      > gave a few years for host operating systems to adopt the new
> >     standard
> >      > which I believe back then was fairly quickly the standard should
> >     have
> >      > changed eliminating the 64 bit boundary.
> >      >
> >      > Think of all the problems “Day 17 years” this has caused and even
> >     now
> >      > all of these threads.
> >      >
> >      > This is clearly an IETF standards issue and needs to be fixed.
> >      >
> >      > We can’t pass the blame to operators to dole out shorter prefixes
> or
> >      > support PD.  The IETF really needs to take onus end fix the
> >     broken standard.
> >      >
> >      > Not going to happen for PDP as their are technical issue related
> >     to the
> >      > Mobile Network Gateway to support PD.   I will try to dig up the
> >     exact
> >      > reason but the network element is very different then a BNG
> >     broadband
> >      > gateway which supports most all L3 features.
> >      >
> >      > As far as 3GPP operators they are following the well documented
> >     RIPE-690
> >      > which only requires allocation of /64.  The main reason mobile
> >     operators
> >      > are not making shorter prefix a standard is that is overkill from
> >     their
> >      > perspective as you may have many mobile handsets in a household
> and
> >      > there  is no reason for everyone at a single location to have
> >     shorter
> >      > prefixes per PDP.  When you are at honme you use your wired
> >     broadband
> >      > and when are away from home on the road on 3GPP on PDP is when the
> >      > segmentation comes into play to subdivide the /64 prefix to
> >     downstream
> >      > devices but in a household is only needed to be provided by one
> >     of the
> >      > devices.
> >      > Bottom line is from a 3GPP provider standpoint it does not make
> >     sense to
> >      > provide a shorter prefix and I don’t think that will ever change
> >     even
> >      > with 5G PDP.
> >      >
> >      > Fixed 5G broadband which is a wired broadband replacement will
> >     follow
> >      > RIPE-690 guidelines and will allocation much shorter prefixes as
> >     with
> >      > network slicing and other capabilities with 5G offers the
> >     requirements
> >      > exist for shorter prefixes.  Not so much for PDP.
> >      >
> >      >
> >      >
> >      >
> >      >
> >
> https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators
> >     <
> https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators
> >
> >
> >      >
> >     <
> https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators
> >     <
> https://www.ripe.net/publications/docs/ripe-690#4-2-4--considerations-for-cellular-operators
> >>
> >      >
> >      >
> >      >         4.2.4. Considerations for Cellular Operators
> >      >
> >      > There is a clear exception to the rule described above when
> >     assigning
> >      > prefixes in a cellular network. In this case, a /64 will need to
> be
> >      > provided for each PDP context for cellular phones, whereas for LTE
> >      > modems/routers, i.e. in the case of broadband by means of cellular
> >      > access, it will still be necessary to choose a /48 or /56 in
> >     accordance
> >      > with the aforementioned considerations.
> >      >
> >      >
> >      > RFC 3177 for a default /48 allocation which is obsoleted by 6177
> >     which
> >      > takes a step back and is now not making any recommendations and is
> >      > putting the onus on operators to figure it out and do what they
> >     feel is
> >      > best which would definitely not be one size fits all approach.
> >      >
> >      > Please read the summary section in RFC 6177 below
> >      >
> >      >
> >      >     5 <https://tools.ietf.org/html/rfc6177#section-5
> >     <https://tools.ietf.org/html/rfc6177#section-5>>. Summary
> >      >
> >      >
> >      >
> >      >     The exact choice of how much address space to assign end
> >     sites is an
> >      >     issue for the operational community.  The recommendation
> >     inRFC 3177  <https://tools.ietf.org/html/rfc3177
> >     <https://tools.ietf.org/html/rfc3177>>
> >      >     [RFC3177  <https://tools.ietf.org/html/rfc3177
> >     <https://tools.ietf.org/html/rfc3177>>] to assign /48s as a default
> >     is not a requirement of the
> >      >     IPv6 architecture; anything of length /64 or shorter works
> from a
> >      >     standards perspective.  However, there are important
> operational
> >      >     considerations as well, some of which are important if users
> >     are to
> >      >     share in the key benefit of IPv6: expanding the usable
> >     address space
> >      >     of the Internet.  The IETF recommends that any policy on IPv6
> >     address
> >      >     assignment policy to end sites take into consideration the
> >     following:
> >      >
> >      >
> >      > Thanks
> >      >
> >      > Gyan
> >      >
> >      >
> >      > Sent from my iPhone
> >      >
> >      >
> --------------------------------------------------------------------
> >      > IETF IPv6 working group mailing list
> >      > ipv6@ietf.org <mailto:ipv6@ietf.org>
> >      > Administrative Requests:
> >     https://www.ietf.org/mailman/listinfo/ipv6
> >     <https://www.ietf.org/mailman/listinfo/ipv6>
> >      >
> --------------------------------------------------------------------
> >      >
> >
> > --
> >
> > <http://www.verizon.com/>
> >
> > *Gyan Mishra*
> >
> > /Network Solutions A//rchitect /
> >
> > /M 301 502-1347
> > 13101 Columbia Pike
> > /Silver Spring, MD
> >
> >
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD

v2.23.0 | Report a Bug | By Email