Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>
Kyle Rose <krose@krose.org> Mon, 15 April 2024 18:00 UTC
Return-Path: <krose@krose.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08BBC14CEFD for <ipv6@ietfa.amsl.com>; Mon, 15 Apr 2024 11:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5hBnk-YAiJ6 for <ipv6@ietfa.amsl.com>; Mon, 15 Apr 2024 11:00:24 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB0FAC14F60D for <ipv6@ietf.org>; Mon, 15 Apr 2024 11:00:24 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-56e48d0a632so5662098a12.2 for <ipv6@ietf.org>; Mon, 15 Apr 2024 11:00:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; t=1713204023; x=1713808823; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=86OPoKjkK9LILYGWuyjWT2lqs6twg1KgQRz9TIoAlK8=; b=SObjzSv1zZ/VQ5vb95pMM1VqZmrw3vpcqGEUrSh7L1m37hplr/HEBfhQlXveL4Bhty hEqqDMHB8F7nOjjr2KGBoH9NU2+qgnYFiXYXv5xbY82lcj1U8BANI0Eu+q3GxhZsFECs 8TvyzJx1yyj4GvThMyvbao7qbdqEpdw81t3dU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713204023; x=1713808823; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=86OPoKjkK9LILYGWuyjWT2lqs6twg1KgQRz9TIoAlK8=; b=juj6np3XqZHNUGxk5qy2kmZOMPJRgzUIhBS14kMx3rQMuf1x5QlPqZM8wq6Nl/+Ez7 hTcVt3A9Jqg3utHdatZM2HXwGI1oBpK53p2kjnQkiNfaDFVYCbO06FEA8XY/NeK3fgMf D6P7LBsRFqg4hR6bZWt9k12SURE7evzS5yiY6I2Fd7/mwweW+MrmFKknqGxotud96Wdg 2cfrpsLHlB3SZk5TbrrIeCis2KlPADjlnM1C0YvxPepT6ZmQCpuayiA3e+7/yHfJTU2z xoYjXjyxuqJ6ygqheJ4B+2z4UktGgmnPqxa09gCMVXwiXX+4bRSR1dQu1Jp84ESljd+V /c3w==
X-Forwarded-Encrypted: i=1; AJvYcCVxJszDpBSaV2OeFeApqQAdAzoAdUi0GNs/M9y+4yBgwsVVYei08BUqAObCBN2lgoWmIaeTJcfNPT61Hgqu
X-Gm-Message-State: AOJu0YwfDv9T3IeIUKaWYylU28wyaR/nN6zhvpRKjcednyVbhSBSyp+x pbSI2kFD3fKvl/Yxjp5ZJl8dBEs/j3sm3wJym/z6b7oVxYo0Zf4hhs555ATSG+CsvN2rxcRxhx5 tz1jAdhIfhoPTbuKspwpeaa/yNBADabc7+UNwq8lSItfh4qjuJYI=
X-Google-Smtp-Source: AGHT+IHwYJCZOXRbqiAMoHue0c2zIPynduqiCDaN9/l62K5c5cs/Y3r8KFazS860GLKCNQ+ogApgQ53lJs8ut44KMkw=
X-Received: by 2002:a17:907:9288:b0:a52:55b2:90c0 with SMTP id bw8-20020a170907928800b00a5255b290c0mr6347289ejc.69.1713204022692; Mon, 15 Apr 2024 11:00:22 -0700 (PDT)
MIME-Version: 1.0
References: <6A5E5F35-B35F-4358-8EE1-3BD82329141E@jisc.ac.uk> <6FBC1B5A-BF28-4B05-B2B2-A60DA4707755@gmail.com> <CAPt1N1m-Ye8vfOVnsPesFshLMV5QuVoxWqM=HVZiJ37zaBg6AA@mail.gmail.com> <CAKD1Yr1NTvFj0zB0=+nnUKck7TBtwHFz2XoFkD1smx4yCuZohQ@mail.gmail.com> <1EFB11CD-544F-4AD7-B414-6A626075975D@employees.org> <CAPt1N1kJFgu6FhFaVhhkPnEY2dofcLF2ZuKDBHJFF5UU6R+x2g@mail.gmail.com> <F301BC19-2D6D-42F5-9C94-0516A765B97C@jisc.ac.uk> <CAPt1N1k4FGbTVVk1QTw0-or0PxkhSPqGda8fHrJKb2t4shNGkw@mail.gmail.com> <CFFA3926-583D-4DA0-B981-3D58048DE894@jisc.ac.uk> <CAJU8_nXpC4ZmcbpuVoTxykf2KEO1zpdThA=VQKM8iXRjTAgHiQ@mail.gmail.com> <CAPt1N1mGn2E2-d9PkvTWePSPUkVik7UO-75ryTa2EkjfR_4ZmQ@mail.gmail.com> <CAJU8_nXXSsJa6ycMZuSmTeNoma1HrBdQ5bD1feb7DDDK5b_dVA@mail.gmail.com> <CAPt1N1mESFzHsK3XyE8DD_mhZjWvMuh=pf9RMmT6BgyO6LryWQ@mail.gmail.com>
In-Reply-To: <CAPt1N1mESFzHsK3XyE8DD_mhZjWvMuh=pf9RMmT6BgyO6LryWQ@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
Date: Mon, 15 Apr 2024 14:00:10 -0400
Message-ID: <CAJU8_nU=pV7L8nFTMMf2nC-koXftLmQEOLnGAv+2MkOT+KHwoA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Tim Chown <Tim.Chown=40jisc.ac.uk@dmarc.ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000033672206162665ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/_yogbyGs0TaTSk56hjZyYoDXOgQ>
Subject: Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 18:00:30 -0000
On Mon, Apr 15, 2024 at 1:33 PM Ted Lemon <mellon@fugue.com> wrote: > First of all, remember that the point of this is to improve the behavior > of the stack. What we have works now, but has some issues we want to > resolve. We do not need to achieve perfection here—we just need to make > things better than they were. > > Regarding your VPN setup, I would expect one of two things to be true: > either the VPN is giving the device connecting through it a prefix on the > known ULA, or it doesn't expect the device to try to use the ULA, and hence > it should not be treated as known. > Neither. Each site has its own prefix, and the routers hosting the VPN at each site route packets over the VPN to the proper site based on the destination prefix. Only the site routers are aware of all three prefixes. As for the table size question, your VPN setup seems unusual and extreme. Is > this a real use case, or something you pulled out of your hat? > My setup is not at all contrived or especially complex. The fact that a VPN is involved is somewhat extraneous. So, replace "VPN" with "backbone", and imagine that krose.net has acquired a few other companies (example1.com through example9.com), each with their own ULA prefixes, that it wants to attach to the krose.net backbone to save on transit costs. Are you contending that all ten sites need to have every one of their ULA prefixes distributed and configured statically on every other site in order to achieve the objective of routing traffic over the backbone via an internal addressing scheme rather than falling back to the public internet? (Presumably the backbone could have higher-preference backbone routes for known GUAs, but you quickly run into policy management complexity if you want internal traffic to be treated differently, and then need to apply different policy to the same address pairs depending on which link a packet comes in over, an unsafe network segmentation practice.) I think it's perfectly reasonable to have three /48s in your known-ULA > table, but I agree that hosts shouldn't have to support arbitrarily large > ULAs. > It turns out there's already a solution to routing packets from a device with a single uplink: a default route. If ULA is preferred to IPv4, the packets get where they're supposed to go by going from the client, to the default gateway (which happens to be the router), over the VPN to the other site, and from there to the destination. All without the clients needing to know who owns the destination ULA prefix or how it's managed. I'm contending mine is a very simple, natural, and *basic* use case that should be supported. It in fact works today with the hybrid glibc policy table. The proposal to require known-local with reduced preference for not-known-local ULA implies that every device, not even every router, needs to have what amounts to an enterprise-wide ULA DFZ FIB. That seems absurd and unnecessary. Kyle
- [IPv6] I-D Action: draft-ietf-6man-rfc6724-update… internet-drafts
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Nick Buraglio
- Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-up… Tim Chown
- [IPv6] Second Working Group Last Call for <draft-… Bob Hinden
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Bob Hinden
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Lorenzo Colitti
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… Vasilenko Eduard
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… Tim Chown
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Lorenzo Colitti
- Re: [IPv6] Second Working Group Last Call for <dr… Vasilenko Eduard
- Re: [IPv6] Second Working Group Last Call for <dr… Ole Troan
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ole Troan
- Re: [IPv6] Second Working Group Last Call for <dr… Jeremy Duncan
- Re: [IPv6] Second Working Group Last Call for <dr… Jeremy Duncan
- Re: [IPv6] Second Working Group Last Call for <dr… Lorenzo Colitti
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Tim Chown
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Jeremy Duncan
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Michael Richardson
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… Tim Chown
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Jared Mauch
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Jeremy Duncan
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Jeremy Duncan
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Vasilenko Eduard
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Tim Chown
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Ole Trøan
- Re: [IPv6] Second Working Group Last Call for <dr… Tim Chown
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Brian Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ole Trøan
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Jared Mauch
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Ole Troan
- Re: [IPv6] Second Working Group Last Call for <dr… David Farmer
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Tim Chown
- Re: [IPv6] Second Working Group Last Call for <dr… Brian E Carpenter
- Re: [IPv6] Second Working Group Last Call for <dr… Ted Lemon
- Re: [IPv6] Second Working Group Last Call for <dr… Mark Smith
- Re: [IPv6] Second Working Group Last Call for <dr… Jared Mauch
- Re: [IPv6] Second Working Group Last Call for <dr… Kyle Rose