Re: A common problem with SLAAC in "renumbering" scenarios

Mark Smith <markzzzsmith@gmail.com> Tue, 12 February 2019 00:42 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D22C71276D0 for <ipv6@ietfa.amsl.com>; Mon, 11 Feb 2019 16:42:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRLMgpvYVZgs for <ipv6@ietfa.amsl.com>; Mon, 11 Feb 2019 16:42:29 -0800 (PST)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9A3A124B0C for <ipv6@ietf.org>; Mon, 11 Feb 2019 16:42:29 -0800 (PST)
Received: by mail-ot1-x336.google.com with SMTP id 32so1419864ota.12 for <ipv6@ietf.org>; Mon, 11 Feb 2019 16:42:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=z7tvsCww7f8/Dzerns7cuXi4cACT5e5+NMl3wxOazfg=; b=e8S6jio1PZht8eZGCKGrqRmgQ8YFfI8AxWyLgvMAOlaLdAqZC26EdzYJdRm2on38af OcFLmANlvB99zDnQTGbUY2QRp1x7SMPy4CnZx1txWC5AV6QGYrAyPxFoT1k523PjEEJB fHy4fthHh9VoiGoFa3L4om8IGcoqMkZ4fJP+VB6zS18NmbURcWiTFbocVV/yX62Jtltz AJ/9yENfUZG9zQRluXtMx8nobleBdAkoYtfOuNFCOeB1LeZwVbafTSkVXxC5vvtTfevX 96bQvdN8ZMdAP/dQSEEhJjcqqNGuSp8oV+JgFqLdwC2WZrDAk+bitMZvh9otu2gRuib3 JxIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=z7tvsCww7f8/Dzerns7cuXi4cACT5e5+NMl3wxOazfg=; b=PDY8q4nyOLtXaM89kMyfGP/4EBltWfHRs5Hl5ItyW36HBZnyqW6M3Gx++vxOl1MvAj FB5mZ5WHpjaHBjFmkiqAsWkZnCSXFcqn4ryLbKvDb/7iX7knRkoBTBfROt1Nc4NJjiTq K4d2bEh5DMeUX2VmFzpRBZbr17ieu7el+wAEU4nFZvnaDO643fiuU6P6I3AUp7Zx5QLk 2wfgKYcO7/05e620bG65oyghQE9bcWR9UR22f0iwU992BCMgZEqA2Q2A3My/J4D/nuMG b7apzgBgeVamaZQAxb/KrcxxLmpsp6gLBTnktajorAYuB0fgp2jjYOrjoN6TI88ePr13 rm9g==
X-Gm-Message-State: AHQUAuaOyN6Kmc1QoInXpr6bzTTXWXfJsw9/FZBndb9smpj28j0ibN+t awlFZPU/pqCQN2vNn+vobnpXC4VpH28SIEC/dbg=
X-Google-Smtp-Source: AHgI3IbhEfNkY/qiXhXhWmRgDsR+HTy+BhfchiRc4UqadMGZChfmViyCWjvIFVtiRcYoH5yhdCZGCPGYGqrx8J9aI/0=
X-Received: by 2002:a9d:630f:: with SMTP id q15mr934092otk.187.1549932149007; Mon, 11 Feb 2019 16:42:29 -0800 (PST)
MIME-Version: 1.0
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <alpine.DEB.2.20.1901311236320.5601@uplift.swm.pp.se> <m1gpCcz-0000FlC@stereo.hq.phicoh.net> <ddd28787-8905-bafd-3546-2ceef436c8b0@si6networks.com> <m1gptWx-0000G3C@stereo.hq.phicoh.net> <69609C58-7205-4519-B17A-4FBC8AE2EA16@employees.org> <d40b41c3-ff1b-cab4-a8de-16692a78e8fd@go6.si> <D1E45CAD-08D0-43D4-90F7-C4DD44CB32C0@employees.org> <alpine.DEB.2.20.1902041330531.23912@uplift.swm.pp.se> <46B8DB92-DC81-4242-9780-0D00FB6BDB7A@employees.org> <1c7ebabb-d6f6-d877-d4aa-d6c0fc7d5c60@go6.si> <6278.1549471453@dooku.sandelman.ca> <CAO42Z2xdKtLJV11KXELBKca6CWn=B6Avz6bO_94kFFXaKiZ-pQ@mail.gmail.com> <4602.1549908472@localhost>
In-Reply-To: <4602.1549908472@localhost>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 12 Feb 2019 11:42:02 +1100
Message-ID: <CAO42Z2w1swQNuwnrOyTCEMXt0NSyrBx7Ww3kUN-7dfEV=fvk3A@mail.gmail.com>
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
To: Michael Richardson <mcr@sandelman.ca>
Cc: Jan Zorz - Go6 <jan@go6.si>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZihyzR53C3AnJ9ZYWZY3lSMIm-M>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 00:42:31 -0000

On Tue, 12 Feb 2019 at 05:07, Michael Richardson <mcr@sandelman.ca> wrote:
>
>
> Mark Smith <markzzzsmith@gmail.com> wrote:
>     >> Jan Zorz - Go6 <jan@go6.si> wrote:
>     >> > However, I always advocated ISPs to put static IPv6 PDs in Radius (or
>     >> > whichever AAA mechanism they use), so that the same user always gets
>     >> > the same PD.
>     >>
>     >> ....
>     >>
>     >> > My suggestion is to have separate dynamic /64 prefixes to number the
>     >> > WAN link (it works for multiple PPPoE sessions and also it gives IPv6
>     >> > access to a very simple PPPoE client that doesn't do a PD request, like
>     >> > end-host machine with Windows or something) and fixed PD that just the
>     >> > first PPPoE session is able to get. This usually covers most of the
>     >> > scenarios. For the corner cases then ISP needs to solve them case by
>     >> > case, but at least for majority of clients that's the solution.
>     >>
>     >> This creates two routes per customer.
>     >> That's why I advocate to use the prefix exclude option if you can,
>     >> or better, just don't number the WAN link.
>     >>
>
>     > There are some advantages to numbering the wan link with a GUA /64.
>
> I agree.
>
>     > For troubleshooting, customers' can plug a PC directly into the
>     > service to test it, isolating the CPE as a fault cause. This is a
>     > little bit more important in BYO CPE markets than it would be in ISP
>     > provided/managed CPE.
>
> This is a big one plus in my opinion.
>
>     > The decision on for the production residential IPv6 broadband
>     > deployment I worked on back in 2010 was to do dynamic GUA /64s on the
>     > PPPoE session/link, and a static/stable PD prefix provided via RADIUS.
>     > So outside the BNG, there was only 1 PD route per customer.
>
> Is there a document a RIPE or Broadband forum or ??? that details this decision?
>

I'm not aware of any, and it was back in 2010, so probably quite early
for residential IPv6 deployments.

I don't know the rational, I joined the project in after a trial had
been run (via a special RADIUS realm and L2TP hopping to trail IPv6
BNGs), and those decisions had already been made. I myself may have
suggested different ones if I'd been involved (for example, I'd do
/48s for literally everybody rather than /56s, because once there is a
single universal value for a parameter it is now a constant that can
only be wrong or right.)

I was thinking earlier today that dynamic /64s on the PPPoE virtual
link would also suffer from the same issues that dynamic PD prefixes
does, and therefore thinking that I'd do static /64s on the PPPoE link
too (and aggregate them upstream of the group of BNGs).

However, different prefixes across link disconnect/reconnect is
probably less of an issue when the device is a host itself - the
disconnect/reconnect is most likely going to be caused by the host
being rebooted/powered off/powered on, so the all of the transport
layer and application state that would be disrupted by a re-addressing
is discarded anyway.

Still, if the link is flakey or interrupted somehow, then a dynamic
/64 prefix on the host to BNG link would still be disruptive to the
host and its applications. For the best customer/end-user experience
it would be best to have stable/static /64 prefixes on the WAN link
too.

Regards,
Mark.