IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

otroan@employees.org Thu, 23 January 2020 12:16 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8E7D120071 for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 04:16:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edHIdq6NDhcU for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 04:16:20 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99A5412004C for <ipv6@ietf.org>; Thu, 23 Jan 2020 04:16:20 -0800 (PST)
Received: from astfgl.hanazo.no (76.84-234-131.customer.lyse.net [84.234.131.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 1B50F4E11AEE; Thu, 23 Jan 2020 12:16:19 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id 49A87294F2EF; Thu, 23 Jan 2020 13:16:16 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Subject: Re: RFC4941bis: consequences of many addresses for the network
From: otroan@employees.org
In-Reply-To: <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com>
Date: Thu, 23 Jan 2020 13:16:16 +0100
Cc: 6man WG <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZiZq9lJlwajlcVJkk5ozIFb8A6s>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 12:16:23 -0000

Pascal,

All good points!
Before this diverge too far though, can we try to focus on RFC4941bis text.
Is there anything that document can say or should say to alleviate some of these issues?
Does temporary addresses add to the more general problem that SLAAC has?

Cheers,
Ole


> On 23 Jan 2020, at 11:26, Pascal Thubert (pthubert) <pthubert@cisco.com> wrote:
> 
> Hello Ole
> 
> There are a number of cases where the address creates a state in the network:
> - in case there's routing taking place within the subnet (e.g., RPL in the an IOT LLN and RIFT or eVPN in a data center)
> - in case the network protects the address ownership since ND doesn't (SEND being what it is) and does minimal SAVI
> - in case the network tries to implement ND proxy which is mandated by IEEE std 802.11
> - in case Jen's draft is used to proactively assign ND state in the routers
> 
> In order to protect itself, the network blocks excessive amounts of addresses for a same device. It would serve this list to recognize it as a fact of life.
> 
> Sadly it is very hard with IPv6 ND alone to decide which address(es) to keep and which to remove. For the temporary addresses, LRU seems to work most of the time, with  a reasonable count of like 8 as suggested below. But some nodes like printers (silently) keep a permanent addresses that should survive the churn of other temporary addresses.
> 
> To serve the hosts correctly, the network is missing a classical but so useful information of lifetime that allows the state associated to the address to age out if not renewed. It is also classical in many IPv6-based standards (e.g., MIPv6, NEMO and RPL) that the nodes have  a chance to release a binding by indicating a lifetime of zero. The shortest path to get that is generalizing RFC 8505 to all MAC layers. *Is there any reason we do not?*
> 
> Conversely the network cannot signal how many addresses per node will be served properly in parallel. It cannot recommend lifetime values for temporary addresses and quasi-permanent addresses. It cannot signal that it rebooted and that all state need to be rebuilt. We need new RA information for that. I can write the draft within a few days if the group is willing to progress the work.
> 
> All the best,
> 
> Pascal
> 
>> -----Original Message-----
>> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of otroan@employees.org
>> Sent: jeudi 23 janvier 2020 09:59
>> To: 6man WG <ipv6@ietf.org>
>> Subject: RFC4941bis: consequences of many addresses for the network
>> 
>> While reviewing RFC4941bis (https://tools.ietf.org/html/draft-ietf-6man-
>> rfc4941bis) I think I found one gap.
>> 
>> A discussion of the consequences of a host having many (active) addresses on
>> the network.
>> 
>> A 4941bis implementation following the defaults, would at the maximum use
>> 8 active addresses.
>> (Valid lifetime of one week and one new address per day.)
>> 
>> Shorter regeneration intervals or other approaches like a new address per
>> connection could lead to dramatic numbers.
>> 
>> If we use Ethernet as an example, each new address requires state in the
>> network. In the ND cache in first-hop routers, and in SAVI binding tables in
>> bridges. Given ND's security properties these tables must be policed by the
>> network. A host with a very liberal address regeneration policy might be
>> viewed as performing an attack.
>> 
>> There is no signal available in SLAAC apart from DAD to reject an address. If
>> the network runs out of resources (or prohibits the additional address by
>> policy) the address will not be served. The host has to be deal with that
>> situation.
>> 
>> SLAAC is also missing a mechanism to release an address. Which leads me to
>> think that the address regeneration interval must not be shorter than the ND
>> cache scavenger timeout (which in many networks is high to avoid cache churn
>> and high level of address re-resolutions).
>> 
>> I would like to hear from other network-side implementors and operators.
>> Is there an issue here?
>> 
>> Best regards,
>> Ole
>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email