Re: slaac-renum: New rev of draft-gont-6man-slaac-renum (Fwd: New Version Notification for draft-gont-6man-slaac-renum-08.txt)

Fernando Gont <fgont@si6networks.com> Thu, 28 May 2020 14:02 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024EC3A0EEE for <ipv6@ietfa.amsl.com>; Thu, 28 May 2020 07:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JCjBudrr9STW for <ipv6@ietfa.amsl.com>; Thu, 28 May 2020 07:02:27 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F33E3A0EEA for <ipv6@ietf.org>; Thu, 28 May 2020 07:02:27 -0700 (PDT)
Received: from [IPv6:2800:810:464:8801:f802:117c:8c81:54c7] (unknown [IPv6:2800:810:464:8801:f802:117c:8c81:54c7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 860E22838AB; Thu, 28 May 2020 14:02:20 +0000 (UTC)
Subject: Re: slaac-renum: New rev of draft-gont-6man-slaac-renum (Fwd: New Version Notification for draft-gont-6man-slaac-renum-08.txt)
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
References: <158986953939.9945.6882780269741835824@ietfa.amsl.com> <8354111a-7d3f-ecfa-bcf1-baaae27209ee@si6networks.com> <m1jb46e-0000K4C@stereo.hq.phicoh.net> <04027980-51a1-a831-df0c-750c4194333e@si6networks.com> <m1jbRDw-0000IQC@stereo.hq.phicoh.net> <a2710dfc-ec66-9e9f-8a2b-0fa0ad7e2b32@si6networks.com> <m1jc9hu-0000K8C@stereo.hq.phicoh.net> <772d4a92-9a4d-ef71-dac5-cb944acba925@si6networks.com> <m1jdEpw-0000IEC@stereo.hq.phicoh.net> <3da7df4d-a191-d9d9-6d00-b9c30d7b03d1@si6networks.com> <m1jdcCQ-0000IUC@stereo.hq.phicoh.net> <6c96a3a5-d7fd-c5bc-6f37-2dd142a7037b@si6networks.com> <m1jeGe7-0000LPC@stereo.hq.phicoh.net>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <07402d21-c3a4-a2c4-0506-1c9916acf7b8@si6networks.com>
Date: Thu, 28 May 2020 10:55:21 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <m1jeGe7-0000LPC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YpgL2tnsBMHbHvoio4ilNoLKgJ8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 14:02:30 -0000

On 28/5/20 08:24, Philip Homburg wrote:
>>> I'm saying it is fragile, because it will fail if a third type of address
>>> is in use.
>>
>> That's an overstatement. Firstly, it's impossible to tell what may be
>> specified in the future, and how (whatever is specified) may work with
>> existing standards. For example, it is impossible to tell how a new
>> address type may work (or break) with source address selection (RFC6724).
>>
>> Unless you can't predict the future, you can't say "it will fail"
>> (modulo the fact that, failing requires a bunch of other conditions).
> 
> I described how ULAs essentially require no host changes (i.e., it would
> work fine with the old policy table). I can think if one corner case where
> the policy table would make a difference.

The current SAS spec is RFC6724.

ULAs are handled by a policy table, that essentially also enforces rules 
based on "cope" (besides the explicit rule #2). ULAs are explicitly 
coded in the policy table.



> So to be specific, I expect that in the future, some organisations with
> either use public IPv6 address as if they were ULAs, or use two different
> ULA prefixes for different perposes.

While possible, that doesn't seem in-line with RFC4193. And depending on 
how you do it, it may certainly break (e.g, site uses multiple ula 
prefixes, and none of them are reachable with the others.. so when a 
node selects ULAs as a dst/src address involving different prefixes, 
communications just fail).




> These two use cases can be analysed in the context of your proposal.
> 
>>> Packets gets lost all the time. It is very fragile if we have one part
>>> of a standard that says that you can split RAs and then another where hosts
>>> will fail in unexpected ways if you do that. In my book that's just a bad
>>> standard.
>>
>> This document says "SHOULD NOT". That means "don't, unless you really
>> know what you are doing".
> 
> This is why I call it fragile. We have SHOULD NOT, and then operators have
> to be aware of obscure corner cases of host behavior to evaluate the
> SHOULD NOT.

There's no obscure cases. An unless you're advertising 1000 SLAAC 
prefixes via RAs, you don't have a valid reason to split the PIOs among RAs.

Note: the same document saying "SHOULD NOT" is the same document that 
specifies the algorithm. So a folk that just happens to go against the 
SHOULD NOT, with no reason, and without reading the document is simply 
not doing due diligence.



>> We have kept it as "SHOULD" because it doesn't warrant a MUST. As noted:
>> worst case scenario you unprefer an address.
> 
> Which as I described before, in the case an organisation has three different
> type of addresses will lead to failure. So it is not a benign as you make
> it out to be.

As noted above: if one ever went to specify another address type, nodes, 
most likely, need to be made aware about them in a lot of places (as 
shown for source address selection).

You can't claim that an algorithm is fragile to something that doesn't 
exist, and that you don't even know if it will ever exist -- besides the 
fact that, as noted, the stack needs to be aware about the address type, 
to do whatever special processing is intended.



>> Please see the rules in RFC6724: "longest match" is Rule #8 -- the
>> *last* one. And it is Rule #2 (which needs to be ULA-aware) that
>> guarantees that ULA will be used for ULA.
>>
>> So your statement is certainly incorrect.
> 
> Rule #2 says 'Prefer appropriate scope', however ULAs have global scope
> (see Section 3.1). So it is not clear to me what you are try to say here.

Yup, my bad. But the same holds true: ULAs are *not* handled by 
longest-prefix match. The policy table is employed by Rule #6 of SAS, 
which comes before Rule #8 (longest matching prefix). i.e., use of ULAs 
for the source addresse is *not* taken care by the longest-matching 
prefix rule.

Without Rule #6, a node that employs temporary addresses for GUAs but 
not for ULAs (what you'd probably want to do in most scenarios) would 
prefer GUAs when communicating with a ULAs (via Rule #7).

It should be clear that address types are well intertwined in source and 
destination address selection. The policy table makes it quite evident 
that address types are pretty well hard coded.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492