IETF Logo Mail Archive

Re: Why has RFC 4941 been designed in such a way, that it might causeaddress conflicts?

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 20 March 2011 22:47 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56BA928C0FD for <ipv6@core3.amsl.com>; Sun, 20 Mar 2011 15:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.451
X-Spam-Level:
X-Spam-Status: No, score=-103.451 tagged_above=-999 required=5 tests=[AWL=0.148, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sUJAXWj1NvD8 for <ipv6@core3.amsl.com>; Sun, 20 Mar 2011 15:47:27 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id 657D528B23E for <ipv6@ietf.org>; Sun, 20 Mar 2011 15:47:27 -0700 (PDT)
Received: by yxk30 with SMTP id 30so2603265yxk.31 for <ipv6@ietf.org>; Sun, 20 Mar 2011 15:48:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=8a/NuPb1m3JMptgbqHLtUwSwTLyYvyNLJ4tkUbdecAk=; b=D8QVOQCMRSQBPWSp0UBPv0xe3j/qshzqOU8p6Xnb/9Aeet4rJKdHrjMUu21MaRBVuG aDEwxCXstCZYii3s/vOsIaerHESQBZ72wz+f5OfpqWT0xBSzx2jsfZusXtcyHXePvUxQ T8ZHHoqZpMMy8zb6JQ7REJpDyu7MtlUnd0dgM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=O5Ysg2qhB2fvoRqzxroca8o5jA+YWPVT+6npvBhGQ/z7q3boCiYrB/XHYJARxuXnzn CSb3cC4uH3fJI5HcIdsi++kyg7fy778hgDjZ7MGoJHWgDgedJsquvlTVuvXHgBlPgNYX LMQAXp8/esdmED8Bi1lmb/4QgqAPERnq2lx3E=
Received: by 10.91.84.7 with SMTP id m7mr3195078agl.125.1300661339202; Sun, 20 Mar 2011 15:48:59 -0700 (PDT)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz [130.216.38.124]) by mx.google.com with ESMTPS id c4sm371121ana.23.2011.03.20.15.48.57 (version=SSLv3 cipher=OTHER); Sun, 20 Mar 2011 15:48:58 -0700 (PDT)
Message-ID: <4D868457.5060504@gmail.com>
Date: Mon, 21 Mar 2011 11:48:55 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Hemant Singh (shemant)" <shemant@cisco.com>
Subject: Re: Why has RFC 4941 been designed in such a way, that it might causeaddress conflicts?
References: <C744C51B-F2B0-4137-B39F-54B8D62F1C97@equinux.de> <E7CFEDBC-5048-413E-93C9-DBF79B4FC238@apple.com> <E8CD61BF-827E-4A83-AA63-275D0CCB0B53@equinux.de><35A891E0-9BA1-4694-AFA3-C6C46C8F3625@apple.com> <4D7FEE26.9060502@gmail.com> <5B6B2B64C9FE2A489045EEEADDAFF2C3010D2B1F@XMB-RCD-109.cisco.com>
In-Reply-To: <5B6B2B64C9FE2A489045EEEADDAFF2C3010D2B1F@XMB-RCD-109.cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2011 22:47:28 -0000

On 2011-03-21 11:00, Hemant Singh (shemant) wrote:
> -----Original Message-----
> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of
> Brian E Carpenter
> Sent: Tuesday, March 15, 2011 6:55 PM
> To: james woodyatt
> Cc: ipv6@ietf.org
> Subject: Re: Why has RFC 4941 been designed in such a way, that it might
> causeaddress conflicts?
> 
> 
>> If you'll excuse an anecdote, while I was living in Geneva I was
> regularly
>> amused when the shiny new information screens in the shiny new buses
>> would display the Windows IPv4 duplicate address warning instead of
>> the next bus stop. Even so, the Geneva bus service hasn't come to an
> end.
> 
>> My point? The probability of a duplicate address in an IPv6 subnet is
>> many orders of magnitude less than it is in IPv4. Like 1 in 2^63
>> instead of 1 in 2^8.
> 
>> This is just too remote a probability to worry about.
> 
> In a recent IPv6 CE Router Interop in the U.S. during mid-February 2011
> where such home routers were tested in a cable broadband network IPv6
> link-local addresses were found to be duplicate.  My guess is that the
> Interop network had 2-30 IPv6 nodes.  Two different CE routers with
> different mac-addresses created the same IPv6 link-local address.  I
> don't have logs from the problem but the problem can only be one of two
> things.  Either the CE did not generate its IPv6 link-local address
> using EUI-64 or the CE did but the CE has a bug in the code to generate
> an IPv6 link-local address using the EUI-64 format that uses the
> mac-address of the CE.  The CE routers are consumer devices that will
> deploy with no console.  So what admin of the network will see the CE
> reporting to the CE console a DAD failure for the IPv6 link-local
> address?   The SP serving this home is also clueless as to what
> happened!  
> 
> Stuff happens.  

Yes, and paradoxically this illustrates my point. Passing a law that
addresses shall not conflict, or shall only conflict with a probability
of 1 in 2^63, is beside the point.

Others on this thread have reported they want to secure
> their IPv6 networks.  We should collect a list of all issues operators
> of networks and other folks are reporting and see if the existing
> protocols are not able to help, let's see what else we can do.

Good idea, where's the wiki?

    Brian

v2.23.0 | Report a Bug | By Email