IETF Logo Mail Archive

RE: Network merge [Re: RFC6724-bis?]

Vasilenko Eduard <vasilenko.eduard@huawei.com> Tue, 27 September 2022 19:09 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82AF6C15DD48 for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 12:09:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4GUjTv-nLQqu for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 12:09:15 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C969C1527A5 for <ipv6@ietf.org>; Tue, 27 Sep 2022 12:09:15 -0700 (PDT)
Received: from fraeml742-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4McTfR0NmJz686kk; Wed, 28 Sep 2022 03:07:59 +0800 (CST)
Received: from mscpeml500002.china.huawei.com (7.188.26.138) by fraeml742-chm.china.huawei.com (10.206.15.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 21:09:12 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml500002.china.huawei.com (7.188.26.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 22:09:11 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.031; Tue, 27 Sep 2022 22:09:11 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, 6man WG <ipv6@ietf.org>
Subject: RE: Network merge [Re: RFC6724-bis?]
Thread-Topic: Network merge [Re: RFC6724-bis?]
Thread-Index: AQHY0FWzi1mPXFg/Y0GQt/hCVGqTN63wdgWAgADrAlD///YugIAAOJuQgACZh4CAAA/1AIAAtQyggABxAACAADrlwP//2OoAgAAzw0A=
Date: Tue, 27 Sep 2022 19:09:11 +0000
Message-ID: <d4313cff1dab40c2a52f79e4ce1088a0@huawei.com>
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAPt1N1=xR_2Xw+1KL6vbzZ69N+vonhcTNvO=DBceeApfoS2bMQ@mail.gmail.com> <e76267b6101146cf8a1bd6fa567c6b77@huawei.com> <CAN-Dau2QO5sxevJwUbOj+_wyiCdOjnPEZM14Jhevvkq4YZqU7Q@mail.gmail.com> <bc85e623-ef89-d2e2-4e33-b8ce0a4ec343@gmail.com> <CAN-Dau0Wbki6xwcEdy8ZK-pO9jeT6+8TKZgbmXWUgnkR+dRhBg@mail.gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com> <CAN-Dau0=LD9MTYKJQoSw=b9S25nmrNuqRSyLdsztFZscG8ZbUg@mail.gmail.com> <CAPt1N1kjOWh8R70pNO0eH9EJUH-v6HyxGMqxpy0N2hydHN33LQ@mail.gmail.com> <CAM5+tA9mqjrtq3pTggv1pA4fOYXUODkZHy74vs8cffVOrBefbQ@mail.gmail.com> <0b6886d3-5ea9-0a1d-8b16-4e17daeb6924@gmail.com> <CAM5+tA9dAjh0MTRG3922xTe3_aChHFa9AYCFCGmt395KwuvBYA@mail.gmail.com> <395554.1664189125@dooku> <56a897a426084f9381abaf770f1ea35e@huawei.com> <CAO42Z2xgMnVXeH9t0p_u7bg2fY-Gg+AagkFMMRJstX4E-f8FPQ@mail.gmail.com> <CAN-Dau0i2kEUEd1ESVg0qT4rosPhjpaeYDoyrE5mzALXWTtJXQ@mail.gmail.com> <9d0f017050f942a8aa130db859be549f@huawei.com> <CAN-Dau385HKHJL=LZJzxnX1ujH3eM71chA8prGNSP1zQVCfGDA@mail.gmail.com> <81bbf91e188b4876aaf327294a7c8d52@huawei.com> <CAN-Dau3VSGiV_MfOdthQW3NUE+bEHi7PZa27OoU+VoYrvHR9xg@mail.gmail.com>
In-Reply-To: <CAN-Dau3VSGiV_MfOdthQW3NUE+bEHi7PZa27OoU+VoYrvHR9xg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.144.28]
Content-Type: multipart/alternative; boundary="_000_d4313cff1dab40c2a52f79e4ce1088a0huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Yz3BuUHzd5r86ImCgMs_S6rVGUY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 19:09:17 -0000

On the one side is something tangible and valuable right now
On the other side “to leave that possibility open” (for something that we could not predict yet)
It is what I call “evident choice”.

I do not have a clue why RFC 6724 has left ULA below IPv4.
As you see, not everybody is happy about it.
Do you believe that so a complex document such as SASA may not be improved in any way? Never?
Then 6man has concluded actually.
Ed/
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of David Farmer
Sent: Tuesday, September 27, 2022 9:58 PM
To: Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6man WG <ipv6@ietf.org>
Subject: Re: Network merge [Re: RFC6724-bis?]



On Tue, Sep 27, 2022 at 1:41 PM Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:
Does ULA in the global DNS make sense without ULA in the global routing table?
What is the use case?

OK. It is a ramification point.

I think you are missing my point; the question is, could there be any situation where ULA in the global DNS makes sense? If such a situation exists, then we shouldn't preclude the possibility. RFC 4193 seems to leave that possibility open.

One option is the prioritization of the whole fc/7 above GUA that:

1.       Does not need to change code in all OSes, just configuration gai.conf is enough.

2.       Automatically activate many ULA prefixes after companies merge.

3.       Prioritize ULA above GUA as many expect for internal communication.

4.       But the one who would leak ULA to the global DNS would be not reachable even if he properly resolve to the GUA too.

The second option is the prioritization of the whole fc/7 above IPv4 but below GUA that:

1.       Does not need to change code in all OSes, just configuration gai.conf is enough.

2.       Automatically activate many ULA prefixes after companies merge.

3.       But internally DNS should resolve only ULA because GUA would be preferred.
No problem if somebody would leak ULA to the global DNS.

The third option is the prioritization of the specific /48 that:

1.       Tolerant to ULA leakage to the global DNS (what is the value without ULA leakage to the global RIB?).

2.       Needs code change on all OSes.

3.       Needs manual insertion of other /48 after companies merge.

The choice looks evident.

If the choice is so evident, then you need to explain to me why did the authors of RFC 6724 choose as they did, and not what you think is so evident.

Thanks

Eduard
From: David Farmer [mailto:farmer<mailto:farmer>=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>]
Sent: Tuesday, September 27, 2022 8:47 PM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>>
Cc: 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>; David Farmer <farmer@umn.edu<mailto:farmer@umn.edu>>; Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>>; Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>
Subject: Re: Network merge [Re: RFC6724-bis?]



On Tue, Sep 27, 2022 at 03:06 Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:
I do not understand the concern about DNS leakage outside of the ULA domain.
For sure, it would happen again and again. People are making mistakes.
But why it is a problem?
Only resources of this domain may lose reachability from the outside.
The one who made a mistake would be contacted and fix it.
Ed/

First, not prioritizing remote ULAs is consistent with section 6, Destination Address Selection, Rule 1: Avoid unusable destinations.  Most ULAs will be unreachable and are therefore unusable, only the known local ULAs have any realistic chance of being reachable and therefore usable.

Further, while ULAs in the global DNS are not recommended, they are not prohibited either, and the “not recommended” in the controlling sentence of section 4.4 of RFC4193 is explicitly not normative. The only normative statement in that section is that reverse queries (PTR queries) MUST NOT be sent to DNS Servers for the global DNS because of the excessive load they can create. However, the AS112 project, as described in RFC 7534, now handles this issue, so even that normative statement is probably obsolete, or at least no longer absolutely necessary.

And even if it was normatively “NOT RECOMMENDED” to put ULAs in the global DNS, per RFC 2119, “there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful.”

Therefore, there probably exist situations where ULAs in the global DNS could be acceptable, and it is therefore probably a good idea to at least account for this possibility when considering the appropriate priority for ULAs, and the current version of RFC 6724 does just that,

Thanks.

From: David Farmer [mailto:farmer<mailto:farmer>=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>
Sent: Tuesday, September 27, 2022 3:15 AM
To: Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>>
Cc: 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>; Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>; Vasilenko Eduard <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>>
Subject: Re: Network merge [Re: RFC6724-bis?]



On Mon, Sep 26, 2022 at 18:17 Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> wrote:

Define another flag if this is going to be the solution to the fault of putting ULA AAAAs in global DNS.

(Can it be adapted to the fault of putting link-local addresses in DNS?)

ULAs in the global DNS, are only one of several faults that is being worked around with this admitted hack.  Another is the lose or even nonexistent boundary controls between the local and global domains in most networks, especially unmanaged networks, which can expose local information more widely than expected by most users. This is all further exasperated by the lack of any precise definition of what local means, and the very concept a globally scoped local address only adds to this confusion.

A sign that it's not solving the problem where it exists.

The problems exists in my places.



--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE<https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email