IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Fernando Gont <fgont@si6networks.com> Wed, 17 June 2020 18:43 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 166163A0AFF for <ipv6@ietfa.amsl.com>; Wed, 17 Jun 2020 11:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdVc3IWmfUoz for <ipv6@ietfa.amsl.com>; Wed, 17 Jun 2020 11:43:53 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A3B23A0AE7 for <ipv6@ietf.org>; Wed, 17 Jun 2020 11:43:53 -0700 (PDT)
Received: from [IPv6:2800:810:464:1f7:59f5:79ee:c876:5454] (unknown [IPv6:2800:810:464:1f7:59f5:79ee:c876:5454]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id C5E71280BEF; Wed, 17 Jun 2020 18:43:49 +0000 (UTC)
Subject: Re: 64bit MAC addresses and SLAAC
To: otroan@employees.org, "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
Cc: 6man WG <ipv6@ietf.org>
References: <e716dc36b56f4806b4c4dbfbf1ab852a@boeing.com> <04B8995F-7BF9-4DB0-826C-9E4BF95FD169@employees.org>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <202fef9d-3c6b-c527-80d2-ea2aaea49a48@si6networks.com>
Date: Wed, 17 Jun 2020 15:43:28 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <04B8995F-7BF9-4DB0-826C-9E4BF95FD169@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/_3Y7rwLykGPVvnrBH8xWVIEE-ys>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 18:43:59 -0000

On 17/6/20 14:52, otroan@employees.org wrote:
> Fred,
> 
>>>> Fernando, I think an unspoken assumption in these past several messages is that
>>>> privacy is ALWAYS a required property. However, there are cases where address
>>>> privacy is not only not required, but it is also desirable and useful to be able to
>>>> track a node by a stable and unchanging IP address or prefix.
>>>>
>>>> This is not intended to challenge the non-use of MAC addresses in Interface
>>>> Identifiers per your documents, but just to say that in some environments the
>>>> randomization and constant changing of IP addresses may actual run counter to
>>>> operational objectives.
>>>
>>> Implementations and operational deployments or other link-types are of course free to choose whatever recommendation (or none)
>>> for default IID generation.
>>> IID mechanisms are not protocol specifications. They are recommendations taking various parameters into account (stability, tracking
>>> etc).
>>> These are not required for interoperability.
>>> Configure IIDs manually if you like.
>>
>> You seem to be acknowledging my point that privacy is not always a required property,
>> and that in some environments stability, tracking, etc. are desirable. And, for those types
>> of environments, placing a constant-value token somewhere in the address (whether it
>> came from a hardware code, administrative setting or algorithmic generation) should be
>> fine. Did I understand correctly?
> 
> Yes, largely.
> Strictly speaking, standardizing mechanisms for generating IIDs is in the grey area of over-specifying.

In a way, *the RFCs updated by RFC8064* were the ones specifying IID 
generation algorithms. In a way, RFC8064 relaxes such specs, and 
replacing a hard-coded algorithm (embedding MAC addresses) with actual 
requirements for the IIDs, and recommends an algorithm (RFC7217), so 
that you don't need to figure out how to comply to the aforementioned 
requirements by yourself.

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email