RE: Network merge [Re: RFC6724-bis?]
Vasilenko Eduard <vasilenko.eduard@huawei.com> Tue, 27 September 2022 19:09 UTC
Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82AF6C15DD48 for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 12:09:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4GUjTv-nLQqu for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 12:09:15 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C969C1527A5 for <ipv6@ietf.org>; Tue, 27 Sep 2022 12:09:15 -0700 (PDT)
Received: from fraeml742-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4McTfR0NmJz686kk; Wed, 28 Sep 2022 03:07:59 +0800 (CST)
Received: from mscpeml500002.china.huawei.com (7.188.26.138) by fraeml742-chm.china.huawei.com (10.206.15.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 21:09:12 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml500002.china.huawei.com (7.188.26.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 22:09:11 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.031; Tue, 27 Sep 2022 22:09:11 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, 6man WG <ipv6@ietf.org>
Subject: RE: Network merge [Re: RFC6724-bis?]
Thread-Topic: Network merge [Re: RFC6724-bis?]
Thread-Index: AQHY0FWzi1mPXFg/Y0GQt/hCVGqTN63wdgWAgADrAlD///YugIAAOJuQgACZh4CAAA/1AIAAtQyggABxAACAADrlwP//2OoAgAAzw0A=
Date: Tue, 27 Sep 2022 19:09:11 +0000
Message-ID: <d4313cff1dab40c2a52f79e4ce1088a0@huawei.com>
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAPt1N1=xR_2Xw+1KL6vbzZ69N+vonhcTNvO=DBceeApfoS2bMQ@mail.gmail.com> <e76267b6101146cf8a1bd6fa567c6b77@huawei.com> <CAN-Dau2QO5sxevJwUbOj+_wyiCdOjnPEZM14Jhevvkq4YZqU7Q@mail.gmail.com> <bc85e623-ef89-d2e2-4e33-b8ce0a4ec343@gmail.com> <CAN-Dau0Wbki6xwcEdy8ZK-pO9jeT6+8TKZgbmXWUgnkR+dRhBg@mail.gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com> <CAN-Dau0=LD9MTYKJQoSw=b9S25nmrNuqRSyLdsztFZscG8ZbUg@mail.gmail.com> <CAPt1N1kjOWh8R70pNO0eH9EJUH-v6HyxGMqxpy0N2hydHN33LQ@mail.gmail.com> <CAM5+tA9mqjrtq3pTggv1pA4fOYXUODkZHy74vs8cffVOrBefbQ@mail.gmail.com> <0b6886d3-5ea9-0a1d-8b16-4e17daeb6924@gmail.com> <CAM5+tA9dAjh0MTRG3922xTe3_aChHFa9AYCFCGmt395KwuvBYA@mail.gmail.com> <395554.1664189125@dooku> <56a897a426084f9381abaf770f1ea35e@huawei.com> <CAO42Z2xgMnVXeH9t0p_u7bg2fY-Gg+AagkFMMRJstX4E-f8FPQ@mail.gmail.com> <CAN-Dau0i2kEUEd1ESVg0qT4rosPhjpaeYDoyrE5mzALXWTtJXQ@mail.gmail.com> <9d0f017050f942a8aa130db859be549f@huawei.com> <CAN-Dau385HKHJL=LZJzxnX1ujH3eM71chA8prGNSP1zQVCfGDA@mail.gmail.com> <81bbf91e188b4876aaf327294a7c8d52@huawei.com> <CAN-Dau3VSGiV_MfOdthQW3NUE+bEHi7PZa27OoU+VoYrvHR9xg@mail.gmail.com>
In-Reply-To: <CAN-Dau3VSGiV_MfOdthQW3NUE+bEHi7PZa27OoU+VoYrvHR9xg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.144.28]
Content-Type: multipart/alternative; boundary="_000_d4313cff1dab40c2a52f79e4ce1088a0huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Yz3BuUHzd5r86ImCgMs_S6rVGUY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 19:09:17 -0000
On the one side is something tangible and valuable right now On the other side “to leave that possibility open” (for something that we could not predict yet) It is what I call “evident choice”. I do not have a clue why RFC 6724 has left ULA below IPv4. As you see, not everybody is happy about it. Do you believe that so a complex document such as SASA may not be improved in any way? Never? Then 6man has concluded actually. Ed/ From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of David Farmer Sent: Tuesday, September 27, 2022 9:58 PM To: Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org> Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6man WG <ipv6@ietf.org> Subject: Re: Network merge [Re: RFC6724-bis?] On Tue, Sep 27, 2022 at 1:41 PM Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote: Does ULA in the global DNS make sense without ULA in the global routing table? What is the use case? OK. It is a ramification point. I think you are missing my point; the question is, could there be any situation where ULA in the global DNS makes sense? If such a situation exists, then we shouldn't preclude the possibility. RFC 4193 seems to leave that possibility open. One option is the prioritization of the whole fc/7 above GUA that: 1. Does not need to change code in all OSes, just configuration gai.conf is enough. 2. Automatically activate many ULA prefixes after companies merge. 3. Prioritize ULA above GUA as many expect for internal communication. 4. But the one who would leak ULA to the global DNS would be not reachable even if he properly resolve to the GUA too. The second option is the prioritization of the whole fc/7 above IPv4 but below GUA that: 1. Does not need to change code in all OSes, just configuration gai.conf is enough. 2. Automatically activate many ULA prefixes after companies merge. 3. But internally DNS should resolve only ULA because GUA would be preferred. No problem if somebody would leak ULA to the global DNS. The third option is the prioritization of the specific /48 that: 1. Tolerant to ULA leakage to the global DNS (what is the value without ULA leakage to the global RIB?). 2. Needs code change on all OSes. 3. Needs manual insertion of other /48 after companies merge. The choice looks evident. If the choice is so evident, then you need to explain to me why did the authors of RFC 6724 choose as they did, and not what you think is so evident. Thanks Eduard From: David Farmer [mailto:farmer<mailto:farmer>=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>] Sent: Tuesday, September 27, 2022 8:47 PM To: Vasilenko Eduard <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>> Cc: 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>; David Farmer <farmer@umn.edu<mailto:farmer@umn.edu>>; Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>>; Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>> Subject: Re: Network merge [Re: RFC6724-bis?] On Tue, Sep 27, 2022 at 03:06 Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote: I do not understand the concern about DNS leakage outside of the ULA domain. For sure, it would happen again and again. People are making mistakes. But why it is a problem? Only resources of this domain may lose reachability from the outside. The one who made a mistake would be contacted and fix it. Ed/ First, not prioritizing remote ULAs is consistent with section 6, Destination Address Selection, Rule 1: Avoid unusable destinations. Most ULAs will be unreachable and are therefore unusable, only the known local ULAs have any realistic chance of being reachable and therefore usable. Further, while ULAs in the global DNS are not recommended, they are not prohibited either, and the “not recommended” in the controlling sentence of section 4.4 of RFC4193 is explicitly not normative. The only normative statement in that section is that reverse queries (PTR queries) MUST NOT be sent to DNS Servers for the global DNS because of the excessive load they can create. However, the AS112 project, as described in RFC 7534, now handles this issue, so even that normative statement is probably obsolete, or at least no longer absolutely necessary. And even if it was normatively “NOT RECOMMENDED” to put ULAs in the global DNS, per RFC 2119, “there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful.” Therefore, there probably exist situations where ULAs in the global DNS could be acceptable, and it is therefore probably a good idea to at least account for this possibility when considering the appropriate priority for ULAs, and the current version of RFC 6724 does just that, Thanks. From: David Farmer [mailto:farmer<mailto:farmer>=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org> Sent: Tuesday, September 27, 2022 3:15 AM To: Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> Cc: 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>; Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>; Vasilenko Eduard <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>> Subject: Re: Network merge [Re: RFC6724-bis?] On Mon, Sep 26, 2022 at 18:17 Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> wrote: Define another flag if this is going to be the solution to the fault of putting ULA AAAAs in global DNS. (Can it be adapted to the fault of putting link-local addresses in DNS?) ULAs in the global DNS, are only one of several faults that is being worked around with this admitted hack. Another is the lose or even nonexistent boundary controls between the local and global domains in most networks, especially unmanaged networks, which can expose local information more widely than expected by most users. This is all further exasperated by the lack of any precise definition of what local means, and the very concept a globally scoped local address only adds to this confusion. A sign that it's not solving the problem where it exists. The problems exists in my places. -- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE<https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g> Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org<mailto:ipv6@ietf.org> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- -- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
- RFC6724-bis? Tim Chown
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Nick Buraglio
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Tim Chown
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Bob Hinden
- Re: RFC6724-bis? Brian E Carpenter
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Ted Lemon
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Mark Smith
- Re: RFC6724-bis? Ted Lemon
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Ted Lemon
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Michael Richardson
- Re: RFC6724-bis? David Farmer
- RE: RFC6724-bis? Vasilenko Eduard
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Michael Richardson
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? Mark Smith
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? David Farmer
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? Brian E Carpenter
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? David Farmer
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Ted Lemon
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Ted Lemon
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? David Farmer
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Brian E Carpenter
- Re: RFC6724-bis? Nick Buraglio
- Network merge [Re: RFC6724-bis?] Brian E Carpenter
- Re: Network merge [Re: RFC6724-bis?] David Farmer
- Re: Network merge [Re: RFC6724-bis?] Michael Richardson
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] Brian Carpenter
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- RE: RFC6724-bis? Vasilenko Eduard
- RE: RFC6724-bis? Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] Michael Richardson
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] Nick Buraglio
- Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
- Re: Network merge [Re: RFC6724-bis?] Mark Smith
- Re: Network merge [Re: RFC6724-bis?] Ted Lemon
- Re: Network merge [Re: RFC6724-bis?] David Farmer
- Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
- Re: Network merge [Re: RFC6724-bis?] Mark Smith
- Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] Michael Richardson
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] David Farmer
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] David Farmer
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
- Re: Network merge [Re: RFC6724-bis?] Ole Troan
- Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
- RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
- Re: Network merge [Re: RFC6724-bis?] Ole Troan
- Re: Network merge [Re: RFC6724-bis?] Timothy Winters
- Re: Network merge [Re: RFC6724-bis?] Nick Buraglio
- Re: Network merge [Re: RFC6724-bis?] Brian Carpenter
- Re: Network merge [Re: RFC6724-bis?] Ole Troan
- Re: Network merge [Re: RFC6724-bis?] Brian Carpenter
- Re: Network merge [Re: RFC6724-bis?] Ole Troan
- Re: Network merge [Re: RFC6724-bis?] David Farmer
- Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
- Re: Network merge [Re: RFC6724-bis?] Michael Richardson
- Re: Network merge [Re: RFC6724-bis?] Ted Lemon
- RE: RFC6724-bis? Vasilenko Eduard
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? Ted Lemon
- Re: RFC6724-bis? Nick Buraglio
- Re: RFC6724-bis? Michael Richardson