IETF Logo Mail Archive

Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)

Mark Smith <markzzzsmith@gmail.com> Wed, 12 July 2017 07:48 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB21131467 for <ipv6@ietfa.amsl.com>; Wed, 12 Jul 2017 00:48:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zG3Rt-SX3rXz for <ipv6@ietfa.amsl.com>; Wed, 12 Jul 2017 00:48:05 -0700 (PDT)
Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B7E5131447 for <ipv6@ietf.org>; Wed, 12 Jul 2017 00:48:05 -0700 (PDT)
Received: by mail-ua0-x232.google.com with SMTP id g40so9312148uaa.3 for <ipv6@ietf.org>; Wed, 12 Jul 2017 00:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=m7pX7LSITvnmDpGlRn144CEOKN+AekyZtpopmMO5cDE=; b=MaFPlruo57pHTCq+3YumnvaclSXwGYE7bVWZTMPolP1qHW5cNQ7rHlYXjQfzfiQQKp hmedQodORYAbc/RGAsfZfwuo16x+o2KZBbEe0wrtz5ZksQ+Pa5UvBMUQY4vkDY9txTc0 S6xmb02FdarUbCsx/dwZrcX3kY1ilPCb+CogJ4E9qcbtfqsmw91DUibVWASizeWcpB9A o1ILcv/KnPeA/2fqUjWPJWKQDyijcBW5tvI6zLhkG6piHmMC2dzSITLFzGdxHZ4Z+ut1 sAdYRTQk/JMfBrs5rHte+zhJshMITOvErvt+xSvF8UncW9VkgbnJ7kflOCDMZAvZILgJ z7OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=m7pX7LSITvnmDpGlRn144CEOKN+AekyZtpopmMO5cDE=; b=Y0V3jdlbJWm0yEljWVeb+IMoo+2p1iB/LZhlCK8xuQNpD1LSvHI9tJMbtMJ5CjRKnI RfqxyECZpQzpcWbg1pfkKW3w25Qjp/Xrkk1WLGA6+JXbiOHrEf2qfA7rBjDktSNetB5U sMGdU22pDS3/z8i1zMN1aCIaNXAr4bDUwiDg2XUt2mKDqQQUCeLK/gLEobvaUe0M5HLz uOvD51m/e5kevRP7qtUbFGU2cbVU6yvKieWv4n1fkAoA6tUfu0AIMX2JEHjQSRm1xtSO YTQI7Wg0fvrch13DxLNCSiJrlqIfQGEhVbi86OlEDH3BcQSJSN6HjKTY8aFwdE3+b7ih b0+Q==
X-Gm-Message-State: AIVw113Xlv7Nvf0XIVBMI9HMfpTMzORLN4u5eyihuLlcZ31g7Vx+BUfl m7TKfrOC9u1bnlg44nA0YKQNAoG5+g==
X-Received: by 10.159.61.110 with SMTP id m46mr2556552uai.64.1499845684213; Wed, 12 Jul 2017 00:48:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.81.100 with HTTP; Wed, 12 Jul 2017 00:47:33 -0700 (PDT)
In-Reply-To: <40d757eb97564bc8bb0511063bd9d3f4@XCH15-06-11.nw.nos.boeing.com>
References: <CAN-Dau2zgthR2w9e5ZVUdGc-vm+YvK2uTUJ8O=vrcv0jNc58RA@mail.gmail.com> <CAKD1Yr2+Si_tzNF8p6ASf4=StgFSX9Gm3TEj9iiqdE2gHQaNmQ@mail.gmail.com> <CAN-Dau03r_CKW53kegaLa=F_R_RG4cWaCT1j6idrqPm9UuN03A@mail.gmail.com> <5963BF27.1050300@foobar.org> <ff09ffcd-df65-4033-8018-fbe7ae98cff8@gmail.com> <6bf7f3d0e9c047b1b86d4bcc220f8705@XCH15-06-11.nw.nos.boeing.com> <CAN-Dau1bxm5y0v_6kUBc_ym39bSSxepjdwrzcS7YHWD=CV9-bw@mail.gmail.com> <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com> <CAO42Z2x+282VK7nMFHjcCz9tBmJ_=d4OhkiRZFZDLcZhakGB1Q@mail.gmail.com> <30cb27b2-007a-2a39-803d-271297862cae@gmail.com> <40d757eb97564bc8bb0511063bd9d3f4@XCH15-06-11.nw.nos.boeing.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 12 Jul 2017 17:47:33 +1000
Message-ID: <CAO42Z2x7ER2fUietjT3Ns-jpCqscCmVDVubiM0Dgw1_L0bkw=A@mail.gmail.com>
Subject: Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
To: "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/XcO69ktJPpAVRCiDPCSO9JwJoiU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 07:48:07 -0000

On 12 July 2017 at 13:18, Manfredi, Albert E
<albert.e.manfredi@boeing.com> wrote:
> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
>
>> Very specifically, it would be irresponsible not to require
>> pseudo-random IIDs of at least N bits for automatically assigned
>> addresses. RFC7217 doesn't define N, but I assume it would be at
>> least 40 and probably more.
>
> Exactly. This is one example that should not mandate 64, but rather whatever is enough for all the considerations that have to be made. For collisions or security, 48 or 40 bits is probably plenty, depending also on the number of hosts expected in a subnet prefix. Within a homenet, I'd much rather depend on a firewall than an overabundance of IID bits, for instance.
>

How many are enough, and do you expect non-technical end-users to make
good decisions about how many bits they need for their privacy and
security?

RFC5505, "Principles of Internet Host Configuration"

"2.1.  Minimize Configuration

   Anything that can be configured can be misconfigured."

>> The advantage of requiring or recommending 64 bits is that it
>> avoids the debate about N.
>
> But it penalizes applications that would benefit from more flexibility. Much of the problem comes from our inability to even define what a "site" might be, to which a /48 might theoretically be assigned (if we even believe that's a realistic expectation anymore?).
>So, not knowing what constitutes "site," and not believing that all sites will get anything better than a /64,

/64 per-site looks to be proving to be the exception rather than the
rule. I've been casually observing what ISPs give out, because having
worked at residential ISPs (and one who provided the first production
IPv6 on residential broadband in Australia back in 2011), they've
tended to make static IPv4 addresses and routed subnets a premium or
business only product option with a corresponding price premium. I
expected that becoming a standard IPv6 feature may be resisted
significantly.

Most are giving out /56s. I know of one that is now giving out /60s,
and they originally gave out a single /64. I know of one that is
giving out a single /64 on their residential plans, and in the forum
that is being complained about, people are pointing out that other
ISPs are giving out /56s.

Here in Australia it is usual for our incumbent Telco to charge the
most, sometimes for the least, yet they too are giving out /56s
standard on residential plans.

In a market where there is choice, being miserly with assigned IPv6
address space won't persist for long if it causes trouble for
customers - the time and staff cost of dealing with their complaint
will outweigh any costs of giving them plenty of address space in the
first place.

> I think we need to avoid having device makers create hard 64-bit IID boundaries. It would be unfortunate if every thermometer and thermostat were required to have a 64-bit IID.


What are the specific drawbacks or advantages of thermometer and
thermostats not having 64 bit IIDs? I can't think of any. It doesn't
reduce the code in them, nor can I see how it somehow reduces the
number of packets they need to send, and I don't see how if they were
battery operated it would make a beneficial difference to their
battery life.

Being hidden in a 64 bit IID address space does make them a less
likely target for a DoS attack, assuming they've somehow been made
reachable by somebody who would benefit from them being DoS'd.

What are some applications that would benefit from more flexibility?
Are you talking about applications where the flexibility would be an
additional benefit to the application, or ones where the flexibility
would be required to work around not having a 64 bit IID available?


>*Or* were built that way, because someone read that 64-bit IIDs are "required."
>

64 bit IIDs have been written as required since July 1998 in RFC2373.
In some countries this requirement can drive, vote in elections and
drink alcohol.


"In a number of the format prefixes (see section 2.4) Interface IDs
   are required to be 64 bits long and to be constructed in IEEE EUI-64
   format [EUI64]."

...

"  The details of forming interface identifiers are defined in the
   appropriate "IPv6 over <link>" specification such as "IPv6 over
   Ethernet" [ETHER], "IPv6 over FDDI" [FDDI], etc."



Regards,
Mark.

v2.23.0 | Report a Bug | By Email