Re: Objection to draft-ietf-6man-rfc4291bis-07.txt - /63 and /65 RAs on linux

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 02 March 2017 12:36 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 689B31294F9 for <ipv6@ietfa.amsl.com>; Thu, 2 Mar 2017 04:36:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.333
X-Spam-Level:
X-Spam-Status: No, score=-0.333 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTWynaUzBT3W for <ipv6@ietfa.amsl.com>; Thu, 2 Mar 2017 04:36:41 -0800 (PST)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8B21129985 for <ipv6@ietf.org>; Thu, 2 Mar 2017 04:36:40 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id v22CadWj007799 for <ipv6@ietf.org>; Thu, 2 Mar 2017 13:36:39 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id F2550205268 for <ipv6@ietf.org>; Thu, 2 Mar 2017 13:36:38 +0100 (CET)
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (Postfix) with ESMTP id E8B052022C5 for <ipv6@ietf.org>; Thu, 2 Mar 2017 13:36:38 +0100 (CET)
Received: from [10.8.34.184] (is227335.intra.cea.fr [10.8.34.184]) by muguet2.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id v22Caccc013413 for <ipv6@ietf.org>; Thu, 2 Mar 2017 13:36:38 +0100
Subject: Re: Objection to draft-ietf-6man-rfc4291bis-07.txt - /63 and /65 RAs on linux
To: ipv6@ietf.org
References: <20170223134026.GI5069@gir.theapt.org> <CAL9jLaYO=uYgVfSZ0SoSe0SujJ1xgwEKE8WLzo_keJHywgXTtg@mail.gmail.com> <CAN-Dau1vJV5O_Ythp6THkAu4-YZXV82Upny1V+ybbjCVZQQX=A@mail.gmail.com> <27cce319-18ac-5c0e-3497-af92344f0062@gmail.com> <de4988be-6031-08d9-84ce-21c3fa4f9bc9@gmail.com> <98401ef7-cf41-b4a0-4d11-a7d840181bd0@gmail.com> <1047f5fc-ae40-be52-6bab-27f31fe5e045@gmail.com> <9a94feac-8d59-b153-d41c-04fc371e4db4@gmail.com> <CAO42Z2z7v4gDk91b6Of-1sczV88m3B9kzn0MeJU_VBJ416k6Ww@mail.gmail.com> <ae35b45a-0398-840f-fc0d-1f64dd2fcc58@gmail.com> <37851ee3-03be-8bee-6190-f4d28df86305@gmail.com> <alpine.DEB.2.02.1703012051590.30226@uplift.swm.pp.se> <b5784622-c24e-a531-4e68-249b03701941@gmail.com> <CAAedzxrSTFe0GgYuvtXPNE=R_ZCXotxL7HbKdj5A4-869rncmw@mail.gmail.com> <ba025be6-709d-87b4-f388-d6f143408277@gmail.com> <alpine.DEB.2.02.1703021029010.30226@uplift.swm.pp.se> <4e17a9f4-6daf-787f-0321-3327fe601d70@gmail.com> <bead3cd8-f7f9-37b3-66f9-e76ae94056d1@baanhofman.nl>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <63d98caf-ab70-088f-ff6b-ad27a11619e0@gmail.com>
Date: Thu, 2 Mar 2017 13:36:44 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <bead3cd8-f7f9-37b3-66f9-e76ae94056d1@baanhofman.nl>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Xwugz6qEKUmDOh8zafbDaH6mHyw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 12:36:42 -0000


Le 02/03/2017 à 12:37, Wilco Baan Hofman a écrit :
>
>
> On 02/03/17 12:06, Alexandre Petrescu wrote:
>> Le 02/03/2017 à 10:31, Mikael Abrahamsson a écrit :
>>> On Thu, 2 Mar 2017, Alexandre Petrescu wrote:
>>>
>>>> perfectly fine to use that plen==65 to have an entry in the rt
>>>>  table, and use a manually configured address in that plen.
>>>
>>> Linux does the right thing in not autoconfiguring itself
>>> address(es) when plen isn't 64.
>>
>> Whereas it is the right thing if on Ethernet (RFC2464) it is wrong
>> on cellular links for which we have no RFC IPv6-over-foo.  Same
>> with USB and to a certain extent on WiFi.
>>
> It is undefined on non-IEEE802 networks and /64 is the one thing that
> works for SLAAC, operationally.

I agree with you.  And this is a place where everything can be right or
wrong: there is no consistency.  Interop problems loom there.

The fact that we have IPv6 running ok over 4G ptp links, and over USBnet 
is a very encouraging sign that makes many happy: look, IPv6 even there! 
  But it does not mean it does not have problems.

>>> However, what does it do when it receives an PIO with plen of 65
>>> and M=1 and then it gets an IA_NA and configures that on the
>>> interface?
>>
>> I dont know.  But I guess it still calls that 65 plen "illegal".
>
> Which would be correct in the IEEE802 case, undefined in other cases,

Yes.  For more precision - correct _only_ for the 802.3 case (IPv6 over 
Ethernet).  Because we dont have an IPv6-over-WiFi either (802.11).

> still not incorrect behaviour from Linux in this case.

I think someone can call it correct or incorrect equally well.  Because
there is no consistent spec or set of specs.  I call it incorrect.

>>> Doesn't it install the /65 in the routing table?
>>
>> Dont know, but there is a need to check.
>>
>> How about the /63 case?  Do you think it is normal that linux
>> kernel does not configure an IP address on Ethernet when receiving
>> a plen==63?
>>
> I would actually consider that normal, because the standard basically
> mandates /64 and configuring on /63 is undefined at this time.

I would like to doubt your saying 'basically'.

Yes, the IP-over-Eth RFC2464 mandates "An IPv6 address prefix used for
stateless autoconfiguration [ACONF] of an Ethernet interface must have a
length of 64 bits".

It does not say which prefix of [ACONF/RFC2462] must be /64?  Is it a
global prefix in RA?  Or is it the link-local prefix?  Both these
prefixes are relevant for the above phrase, both are mentioned in ACONF,
yet only one is present in RA (the one linux complains about when at
65).  Is the mandate cited above applying to the prefix in RA?  Or to
the link-local prefix?  If the mandate applies to the prefix in RA then
linux is right to complain, on Ethernet.  If the mandate applies only to
the LL prefix, then linux is wrong to complain about 65 in RA.  If the
mandate applies to both then RFC4291 is wrong when it says fe80::/10.

RFC2464 does not say "the prefix in an RA on Ethernet MUST be 64".

It does not forbid that that 64bit prefix be formed by self-appending a
0 to a /63 from the RA, or other mechanism.

Besides, RFC4862 (successor to 2462) says "If the sum of the prefix
length and interface identifier length does not equal 128 bits, the
Prefix Information option MUST be ignored." And linux does _not_ ignore
a /63 in the RA: it adds a rt entry for that /63 prefix.  That's not
normal either.

You see what I mean?

> As implementer I would also reject such prefixes, because the code
> for generating the EUI-64 and the privacy extension address all
> (correctly) assume 64-bits of space, not 63, not 65.

Makes sense.

But linux does not simply reject a /63.

A linux kernel receiving a '/63' in RA will add a rt entry even though 
it does not configure an address.  So that's not really 'rejection' of 
the prefix (unless of course you define 'reject' to mean 'silently add a 
route and then drop the packet'.)

Do you agree with that?

Alex

[...]