IETF Logo Mail Archive

[IPv6]Re: I-D Action: draft-ietf-6man-rfc6724-update-21.txt

Nick Buraglio <buraglio@forwardingplane.net> Tue, 01 July 2025 16:47 UTC

Return-Path: <buraglio@forwardingplane.net>
X-Original-To: ipv6@mail2.ietf.org
Delivered-To: ipv6@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 01CB63C4656D for <ipv6@mail2.ietf.org>; Tue, 1 Jul 2025 09:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=forwardingplane.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HLVxdw_P5fxm for <ipv6@mail2.ietf.org>; Tue, 1 Jul 2025 09:47:14 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8CBB13C4655C for <ipv6@ietf.org>; Tue, 1 Jul 2025 09:47:14 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id d75a77b69052e-4a7a8c2b7b9so53931131cf.1 for <ipv6@ietf.org>; Tue, 01 Jul 2025 09:47:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardingplane.net; s=google; t=1751388434; x=1751993234; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Hg16RL7aewpgynZlrAzdzCSDh9mYcRdVfLR9dAZ3Mas=; b=REZ+d3uQhVPIEbUI/9oaK0dqh1Q8Q8T+gtwQ7UnO23lawuOWgb3HIFXEuOOb56Swni mEpG+qi0lflE6lwcb6zjugi365iFaj8tIeUP2YPtrxKhCbyvsZjtRoEZJbIUeq8I7r8O /iyPMeBJkmhUueT8hYjbQSuqgrGFfWjZkn+vU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751388434; x=1751993234; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Hg16RL7aewpgynZlrAzdzCSDh9mYcRdVfLR9dAZ3Mas=; b=CcC6ThCHEZsYVR8IbVxLjRz3tTV3BhT1VOIpZvdh0Aa8dCXuBeGp4BDaD9hAh58C1I ZqcWaLz2U4yvJYI7tvkrxXGbBJEYwlEI9pNM2MiYkV69iuw/Tz9ELKfusC0NYVMxKpdr g2nX5L4YZN6fv7FiK4dCsoAfvo9VaHAulTNzOYat/VG8Zve5x6mi73BM9ebbKOxpg/uE ZKZerclL2ip2Btx4Ah2CLazUzii8tq/54zkNyinnAYMqFo4rLMhZ2C4fMPriEelyuDH+ xOILlnW21vFbcWcL2tVErNVTL8NvtffTKALxq/wkRszdhtV/E2jlRaF5+qGuuVorjqGr p9aw==
X-Forwarded-Encrypted: i=1; AJvYcCXYPeNBECeJFe75DQePMAelZ5jWsKXjHSw+bAIkKf9PhsBggtfLiW+B8tppaLrxkw+h+xN8@ietf.org
X-Gm-Message-State: AOJu0YwTNr/LucJG8DmKw6b5p7vC+oNhyqrd0bzJYF7K/bBXKCpUNHTl XBjHqGjPcPBgH/O56LYi9R5Y6gCYpeKaXb3NL7bRK86CvWpmOTpJzO3QKl2vLdyD1M/6a3PnVVy PlWAwgw2hFhXdScHO9bxevjRSMvExlJCD1WAGVq61
X-Gm-Gg: ASbGncvVSO7Uh3RTAlQz0WGOpnA+skhukzJEA9z8xnF2g3tlraYdev83+2NWr9ISvv7 bLwCO4wReTbTqcDnNvFpIXyiHtof4UCSHLkeyz3JWlh9muwt2J0+CFBDzSH/1qOFmixEr9faEex TS/bUAETwEWXUbVq/yPyMXTbIREqVlbSWDGJ67xtLb+JAl/Z0BJVj2jEgFl2JUaGT+fiDNr8dhw bAz
X-Google-Smtp-Source: AGHT+IEuNnhIjKkFGb+rRVPTLYZ2BXD+kGWM/UxDZQ44ygAwvfjIl1KDFk9iljaXawe5ge56IwD6JPsdl6rJ6WplHdU=
X-Received: by 2002:a05:622a:181b:b0:4a6:f416:48c8 with SMTP id d75a77b69052e-4a7fca50055mr294109781cf.23.1751388433883; Tue, 01 Jul 2025 09:47:13 -0700 (PDT)
MIME-Version: 1.0
References: <175071730132.502784.5026151083314117768@dt-datatracker-6754d69b7c-p2xd7> <CAKD1Yr3zcThnQx2qE3xB3n+tmzgq7vAZ9nH4CcEVHHfp=AH44Q@mail.gmail.com> <CACMsEX8eUxE2c0HPBpRqziJ=mL=+ef1iNRxpqdjT7cDBG-3gVw@mail.gmail.com> <4AE1AC9E-5603-4EB2-AE40-F946AB60B1E9@gmail.com>
In-Reply-To: <4AE1AC9E-5603-4EB2-AE40-F946AB60B1E9@gmail.com>
From: Nick Buraglio <buraglio@forwardingplane.net>
Date: Tue, 01 Jul 2025 11:47:03 -0500
X-Gm-Features: Ac12FXyFHJzULvAvEKmaY0UW_hTAnsQ6YQmNvQeSmuuDfjtu1Dce2U8D59prNZE
Message-ID: <CACMsEX-M5u6gv0kaSxM0uezy8f==caUwUKudDE1d-Jrb1ADVZA@mail.gmail.com>
To: Bob Hinden <bob.hinden@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: ZGKRP732FAPRASP6HRZCWRGKRERUROVI
X-Message-ID-Hash: ZGKRP732FAPRASP6HRZCWRGKRERUROVI
X-MailFrom: buraglio@forwardingplane.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-6man-rfc6724-update.authors@ietf.org, 6man Chairs <6man-chairs@ietf.org>, "6man-ads@tools.ietf.org" <6man-ads@ietf.org>, IPv6 List <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPv6]Re: I-D Action: draft-ietf-6man-rfc6724-update-21.txt
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/TqQPM_7cWefIKhdFzA9mwwciYyY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

I went back through and it looks like this snuck back in between v20
and v21, an oversight on my part.

In section 5.3:

OLD:

5. ULA interface addresses from within fd00::/8, particularly ones not
created by SLAAC, and not already covered by the known-local ULA list
MUST be added to the list with an assumed prefix length of /48.
However, as with rule 1, if the ULA interface address was generated on
the basis of a PIO that has only been seen in RAs in which the SNAC
router flag bit is set, this ULA prefix MUST NOT be used as described
in this rule (rule 5). This prevents potential use of a non-routable
source address when communicating to a known-local ULA destination
address that is not on the local link, as SNAC-generated GUAs can only
work on a single link, and the only reason to ever choose them in
source address selection is that the only choice for a destination
address is the longest prefix match.

6. Regardless of their length or how the PIO flags are set, other PIOs
from within fd00::/8 that are not already covered by the known-local
ULA list MAY be added to the list, but only with the advertised prefix
length.

7. When inserting known-local ULA entries into the policy table, they
MUST have a label of 14 (rather than the default ULA label of 13) and
a precedence of 45.


NEW:


5. ULA interface addresses from within fd00::/8, particularly ones not
created by SLAAC, and not already covered by the known-local ULA list
MUST be added to the list with an assumed prefix length of /48.
However, as with rule 1, if the ULA interface address was generated on
the basis of a PIO that has only been seen in RAs in which the SNAC
router flag bit is set, this ULA prefix MUST NOT be used as described
in this rule (rule 5). This prevents potential use of a non-routable
source address when communicating to a known-local ULA destination
address that is not on the local link, as SNAC-generated GUAs can only
work on a single link, and the only reason to ever choose them in
source address selection is that the only choice for a destination
address is the longest prefix match.

6. When inserting known-local ULA entries into the policy table, they
MUST have a label of 14 (rather than the default ULA label of 13) and
a precedence of 45.


On Sun, Jun 29, 2025 at 5:35 PM Bob Hinden <bob.hinden@gmail.com> wrote:
>
> Nick,
>
> Please send the proposed change here clearly showing the change, like old text, new text, before publishing a new draft.  It needs review since this is happening after the IESG approval and I think it is more than can be done in AUTH48.
>
> Bob
>
>
>
>
> On Jun 29, 2025, at 10:23 AM, Nick Buraglio <buraglio@forwardingplane.net> wrote:
>
> Thanks for catching this, it definitely got missed in the IETG updates we made, and I agree that it should be specified more succinctly in accordance with what the WG agreed on. I can submit a new version fixing this, if that is the right path to go down.
>
> nb
>
>
> On Sat, Jun 28, 2025 at 10:12 PM Lorenzo Colitti <lorenzo@google.com> wrote:
>>
>> On Tue, Jun 24, 2025 at 7:22 AM <internet-drafts@ietf.org> wrote:
>>>
>>>    Title:   Prioritizing known-local IPv6 ULAs through address selection policy
>>>    Authors: Nick Buraglio
>>>             Tim Chown
>>>             Jeremy Duncan
>>>    Name:    draft-ietf-6man-rfc6724-update-21.txt
>>
>>
>> Authors, chairs, ADs (since this went to the IESG last week).
>>
>> I just took a look at the latest version and it looks like the following text went in to -21 just before the document was reviewed by the IESG:
>>
>> ====
>>    6.  Regardless of their length or how the PIO flags are set, other
>>        PIOs from within fd00::/8 that are not already covered by the
>>        known-local ULA list MAY be added to the list, but only with the
>>        advertised prefix length.
>> ====
>>
>> This text is problematic because it allows a host to consider, for example, a PIO for "fd00::/8" with L=0 and A=0 as known-local. Such behaviour would completely defeat the purpose of known-local ULAs, because it would treat all of ULA space as local. In the WG there was very substantial discussion on this point and that discussion ultimately led to the consensus text of saying that by default known-local ULAs are /48 and MUST NOT be shorter than /40. Allowing arbitrary prefix lengths, even as a MAY, undermines that consensus. Worse, by leaving it up to the implementation, it leads to fragmentation.
>>
>> I don't think this sort of substantial change should be made after WGLC. Can we remove this text?
>>
>> Or, if this text was added to solve a concrete problem, then can we limit this behaviour to prefix lengths between /40 and /48?
>>
>> Thanks,
>> Lorenzo
>
>

v2.45.0 | Report a Bug | By Email | System Status