IETF Logo Mail Archive

Re: IPv6 Link Local Addresses [was Re: Is 1111 1110 10 equal to 0xfe80 or 0x3fa?]

Mark Smith <markzzzsmith@gmail.com> Thu, 13 June 2019 04:58 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE463120074 for <ipv6@ietfa.amsl.com>; Wed, 12 Jun 2019 21:58:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.497
X-Spam-Level:
X-Spam-Status: No, score=-0.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BKjQcUWXX_U4 for <ipv6@ietfa.amsl.com>; Wed, 12 Jun 2019 21:58:10 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0184C12002F for <ipv6@ietf.org>; Wed, 12 Jun 2019 21:58:09 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id e189so13437106oib.11 for <ipv6@ietf.org>; Wed, 12 Jun 2019 21:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rcX1T7NJ4kVSpCWNoV8TWs/7jjlq3uh3P6F9SB573Uo=; b=DNy3FC3hHlAqmI+kpCMPYrMej9vzdrw1ihnD2Akz+lvM47Zbu0n9CtICf1tR3M6qta O2F0Qm+bjnTOPQ8u2c0sdBpPnpgcW90zcy+PbU5/tP3t5XQr0iqn0ZTYSX2J901mTFN3 Xf6JitaNqE6ZgeFzX8LvwEYwwyFsGR8Z1+2eL6d0oeUgTXDuH0LsNZ8/vsslv7C29+SP 2VROHYThTNkvFRNjq8l678s7MYrmR66R/EZLAJCfj+e3HtRveOS3IkbzgUOUft2sqrks HehbMLlE0+D7fO3kS3bjLO84gXV6wVFzRKQbUFGGVtOBKCn7+QFTsgVD6Yeffep20/3G Y0QA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rcX1T7NJ4kVSpCWNoV8TWs/7jjlq3uh3P6F9SB573Uo=; b=HPEX8dOsj1Q0FS8Q7ovgrdLOeHk/ASXYS9imWy/+Zk/E98WhDIdLUzOxHuJRAcsyza rihBevyxDaPk+T175Lgo4nys1D9XSSKoZsrJSOromyUHLWrLMxf5+u4/JBpvE0RSgXsF 2DGnQ/tKnLRBzPRSXw+YRyiRkz8cSsWfeA+y0JW4o4H+pKKPV75aIK+Bh52fBnQnx0r1 SMXTRgaVxGaRMe4cvMqHIUiKByj8U2BacF3PiYfwCq1jI1n7Tw6+XvPQgs726KJ06D7E QSUgqil3yc23PieIs9GCB0zAzW/Vd1iSwbn7dAgzXZDYzEYQvjTCtIOqzcFdeZWXactj Az6g==
X-Gm-Message-State: APjAAAXw5vbLOLPwAyD7hCyJ+rh6gc7SnAU0bOq1Yi2OCD8dzgohJoMP ugFKotAxasDtcoDihTmVlkQvJdxWomiP8SuOENI=
X-Google-Smtp-Source: APXvYqxm7H6D9cSeH00TIIisqbpQVrLh96Vm2BXpOIj4IvzLQmZcAEz2pY06jPrDc5F7SfBE3mwP27rpbu+bKo6oAc4=
X-Received: by 2002:aca:ba56:: with SMTP id k83mr1763263oif.7.1560401889196; Wed, 12 Jun 2019 21:58:09 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR15MB2506E62560613C85F74A1FF8BB100@DM6PR15MB2506.namprd15.prod.outlook.com> <CALx6S36vVpD9bAPSBQmhV+daR0Yr4heQ-LaiB4hABAs8ofVfNQ@mail.gmail.com> <DM6PR15MB25063BAF058C1825E2B63E30BB130@DM6PR15MB2506.namprd15.prod.outlook.com> <CAKQ4NaW-QRZDO52zDZTSqz_MsfrS1uQHdz6zFjo+gXvtYVnFxA@mail.gmail.com> <DM6PR15MB2506E06165EA22E66BBB9524BB130@DM6PR15MB2506.namprd15.prod.outlook.com> <7E03089C-8429-4B56-96D6-441490C850B2@gmail.com> <B3D43A45-5E90-4D04-BA64-17150EE6D2AA@gmail.com> <0138C92A-A95A-488D-8851-9F3227D2B8B8@employees.org> <CABNhwV1hy5S-GUK-MY7OcudaYJB0j1PVgF1CG6cGa7s7Qez63w@mail.gmail.com>
In-Reply-To: <CABNhwV1hy5S-GUK-MY7OcudaYJB0j1PVgF1CG6cGa7s7Qez63w@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 13 Jun 2019 14:57:57 +1000
Message-ID: <CAO42Z2y5070apC6kmwk4q7-45N_YgcLb4a51TwpffDkF_cFc5w@mail.gmail.com>
Subject: Re: IPv6 Link Local Addresses [was Re: Is 1111 1110 10 equal to 0xfe80 or 0x3fa?]
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: Ole Troan <otroan@employees.org>, Alexandre Petrescu <alexandre.petrescu@gmail.com>, Bob Hinden <bob.hinden@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005000f8058b2d6019"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZasR4KTxxUquub6iMGob5cUWmiM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 04:58:14 -0000

On Thu., 13 Jun. 2019, 00:54 Gyan Mishra, <hayabusagsm@gmail.com> wrote:

>
> 6MAN,
>
> I went through this test in the lab a few months ago about verifying
> across all Cisco platforms if you can specify non zero values in the all
> 0's field in the Link Local prefix hardcoding the prefix and if the OSPF
> neighbor would come up and it did come up in an all Cisco environment.
>
> So the main thing this draft accomplishes in my opinion and I think is
> necessary gap that it is fixing is interoperability between vendors for the
> use case of making the link local intuitive for the next hop by embedding
> the entire global unicast address into the iid & 54 bit 0s field.
>
> Cisco happens to all the Link Local to be set and set all the 0s in the
> prefix fe80::/10 up to 64 which is a violation of the RFC but it does allow
> on all platforms and all codes.  I think we found that some unix flavors
> allow the same.
>
> So now the change to the RFC 4291 is making it official that it now can be
> allowed across all platforms to help with mixed vendor environments where
> you can now embedd the entire global unicast address into the station id
> making the default EUI64 station-id now intuitive.
>

IPv6 has worked with link locals this way for more than 20 years.

There have been many deployments in that time (as an example, I've had IPv6
at home on ordinary production residential ADSL broadband for the past near
8 years). If there was a significant problem to solve with Link Local
addressing, we'd have seen it in this working group by now and solved it by
now.

IPv6 is a much more "plug-and-play" protocol than IPv4 was ever designed to
be (and inspired by the much more plug-and-play late 1980s protocols of
Appletalk and Novell's/Xerox's IPX/XNS).

That is why, for example, Link Local addresses are required on all
interfaces, are automatically generated, and are used automatically by
protocols such as OSPF and IS-IS as their next hop values. The manual
configuration of addresses on an interface to bootstrap routing is
unnecessary when it is easy to have a computer do it automatically.

We could actually make IPv4 operate that way if we wanted to.

"A dirty trick to save a couple of IPv4
addresses on a LAN link"
https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.2_Mark_Smith_AusNOG2018_Lightning.pdf

Learn the IPv6 way rather than spending effort trying to change it into the
way IPv4 works.

Regards,
Mark.


> https://datatracker.ietf.org/doc/html/draft-petrescu-6man-ll-prefix-len
>
> **This is a copy/paste from a test I did in the lab a few months ago to
> prove my point**
>
>
> I did a test in the lab for that one use case of making the default link
> local EUI64 more intuitive in the lab and Id id a worst case scenario test
> populating all the 16 bit nibbles and all hex digits within each nibble so
> no :: 0's compression on a Cisco IOS XE router running 16.x code and
> confirmed the OSPF neighbor still comes up even though the entire 54 bit
> all 0's field per the RFC is populated in effect violating the current RFC
> but because its like-like intra-vendor the OSPF adjacency forms.
>
>
>
> So I have tested this concept and it works across all Cisco platforms IOS,
> XE, XR, NXOS that you can populate the entire 54 bit all 0's field.
>
>
>
> So the big caveat with this and justification for this draft is "mix
> vendor" environment inter-operability" which is one of the reasons for the
> IETF and to have RFC's and standards that allows any device from any vendor
> to communicate that supports the RFC.     I think that is a MAJOR point to
> add to the justification behind the draft in the use cases where on a
> managed IPv6 network that the administrator can now hardcode the IPv6
> address fully populating entire 54 bit subnet-id & station-id and routing
> protocols will now work and OSPF, ISIS, EIGRP adjacency can now work in a
> mix vendor environment.
>
>
>
> R1
>
> ipv6 addr fe80:1111:1111:1111:1111:1111:1111:1111 link-local
>
>
>
> R2
>
> ipv6 addr fe80:1111:1111:1111:1111:1111:1111:2222 link-local
>
>
>
> R1#sh ipv6 ospf nei
>
>
>
>             OSPFv3 Router with ID (1.1.1.1) (Process ID 6000)
>
>
>
> Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
>
> 2.2.2.2      1   FULL/DR         00:00:35    18
> GigabitEthernet1/0/2
>
>
>
> R1#sh ipv6 ospf int g1/0/2
>
> GigabitEthernet1/0/2 is up, line protocol is up
>
>   Link Local Address FE80:1111:1111:1111:1111:1111:1111:1111, Interface ID
> 18
>
>   Area 2.2.2.2, Process ID 6000, Instance ID 0, Router ID 1.1.1.1
>
>   Network Type BROADCAST, Cost: 1
>
>   SHA-1 authentication SPI 666661, secure socket UP (errors: 0)
>
>   Transmit Delay is 1 sec, State BDR, Priority 1
>
>   Designated Router (ID) 2.2.2.2, local address
> FE80:1111:1111:1111:1111:1111:1111:2222
>
>   Backup Designated router (ID) 1.1.1.1, local address
> FE80:1111:1111:1111:1111:1111:1111:1111
>
>   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>
>     Hello due in 00:00:03
>
>   Graceful restart helper support enabled
>
>   Index 1/5/14, flood queue length 0
>
>   Next 0x0(0)/0x0(0)/0x0(0)
>
>   Last flood scan length is 2, maximum is 9
>
>   Last flood scan time is 0 msec, maximum is 1 msec
>
>   Neighbor Count is 1, Adjacent neighbor count is 1
>
>     Adjacent with neighbor 2.2.2.2  (Designated Router)
>
>   Suppress hello for 0 neighbor(s)
>
>
>
> R2#sh ipv6 ospf nei
>
>
>
>             OSPFv3 Router with ID (2.2.2.2) (Process ID 6000)
>
>
>
> Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
>
> 1.1.1.1   1   FULL/BDR        00:00:37    18
> GigabitEthernet1/0/2
>
>
>
> R2#sh ipv6 ospf int g1/0/2
>
> GigabitEthernet1/0/2 is up, line protocol is up
>
>   Link Local Address FE80:1111:1111:1111:1111:1111:1111:2222, Interface ID
> 18
>
>   Area 2.2.2.2, Process ID 6000, Instance ID 0, Router ID 104.255.32.2
>
>   Network Type BROADCAST, Cost: 1
>
>   SHA-1 authentication SPI 666661, secure socket UP (errors: 0)
>
>   Transmit Delay is 1 sec, State DR, Priority 1
>
>   Designated Router (ID) 2.2.2.2, local address
> FE80:1111:1111:1111:1111:1111:1111:2222
>
>   Backup Designated router (ID) 1.1.1.1, local address
> FE80:1111:1111:1111:1111:1111:1111:1111
>
>   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>
>     Hello due in 00:00:05
>
>   Graceful restart helper support enabled
>
>   Index 1/5/14, flood queue length 0
>
>   Next 0x0(0)/0x0(0)/0x0(0)
>
>   Last flood scan length is 0, maximum is 7
>
>   Last flood scan time is 0 msec, maximum is 1 msec
>
>   Neighbor Count is 1, Adjacent neighbor count is 1
>
>     Adjacent with neighbor 1.1.1.1  (Backup Designated Router)
>
>   Suppress hello for 0 neighbor(s)
>
> On Tue, Jun 11, 2019 at 4:44 AM Ole Troan <otroan@employees.org> wrote:
>
>> >> This means that link local addresses have a 10 bit prefix (1111111010)
>> followed by 54 bits of zeros.  That is it, nothing more.   Address with
>> different prefixes or with a 1111111010 prefix followed by non-zero 54 bits
>> are not link local addresses.
>> >>
>> >> This is not ambiguous.
>> >
>> > So if an application asks my implementation to send a packet addressed
>> to fe80:1::1 out a particular link what should the implementation do with
>> it? It seems like there are only 3 choices:
>> >
>> >   1. Run ND on that link to see if it can find a neighbor there with
>> that address to send the packet to.
>> >
>> >   2. Send the packet to the current default router.
>> >
>> >   3. Something else (what?).
>> >
>> > I had though 1. was the answer since that is what is done with packets
>> addressed to link-local unicast destinations (which is what that address is
>> according to RFC4191 section 2.4), but that now seems to be ambiguous.
>>
>> Let me illustrate with a typical per-interface FIB:
>>
>>  fe80::/10 -> drop
>>  fe80::/64 -> glean
>>  fe80::abcd -> neighbor abcd
>>
>> Cheers,
>> Ole
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
>
> --
>
> Gyan S. Mishra
>
> IT Network Engineering & Technology
>
> Verizon Communications Inc. (VZ)
>
> 13101 Columbia Pike FDC1 3rd Floor
>
> Silver Spring, MD 20904
>
> United States
>
> Phone: 301 502-1347
>
> Email: gyan.s.mishra@verizon.com
>
> www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email