IETF Logo Mail Archive

Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)

Mark Smith <markzzzsmith@gmail.com> Sun, 16 July 2017 07:59 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9307E1275AB for <ipv6@ietfa.amsl.com>; Sun, 16 Jul 2017 00:59:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.198
X-Spam-Level:
X-Spam-Status: No, score=-2.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yl9lKOSuvesz for <ipv6@ietfa.amsl.com>; Sun, 16 Jul 2017 00:59:15 -0700 (PDT)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F34F1127180 for <ipv6@ietf.org>; Sun, 16 Jul 2017 00:59:14 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id f68so60301223vkg.2 for <ipv6@ietf.org>; Sun, 16 Jul 2017 00:59:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ek7ogEO4E+gsDpM2jNG0EMOFY4Za7M0od99ZXp6iyKU=; b=ZOg1oHiQ/WsgHG8KZ/f/6dB4yDCdV/LYXGM2kxrKCPcOEtjJj43yehKKJ3uTUN5kYY ENp4I2pHY5lIXgAMKMmwN7RCbBPwyz+gmYl7USfm8N4hXvrgDetZ/yzlIlRRhX2s6RAZ usNdV8lQ8GoMswjtN4PQ50I6SIddyp4+qhLj2Fug1aA887PSrxeNWd/iIEXCQzvgUpQA P8puCmBpMz3DK5/DtsYpy34UBiKSVGN/79IIgrkiTpdfesqW7fmS95Kantyjcr/isTYi hcxr1Rjzm5o+4TDlyPbuHCP0YEMDw1b3bmP1j2CvoF/k+8W+OAJRzQvlHbc/I+LZ8fHB FwJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ek7ogEO4E+gsDpM2jNG0EMOFY4Za7M0od99ZXp6iyKU=; b=o7LBzfV+8pt9/caHEO4IJVifbzxmQKs9WT8mrZEMim6SeDdADQwSR0acEhJ+3J28He dtivfv56spHoJ/tfDNu2qDhARJafX+eD5mcEu6HQNQ2zLSkdM3A81gMfApSiCylRWUnp p+CiEOfNGgOhxHqKCQOf+JuUXpx+A4IIKAzNlWg/11EcF7BaJkIsaa/nKcaBVPc5xIFc kZ0cVb7lOoeJqLpwKKgFTeXzK/3WAFAAc954rO0VQlnBjoYShCLVfqGqTyTvNBavu0vn KoyUU1oxONdzZuWbjzRY6raMcFAWTv+moZ9qQsGyl8w7vD4+9MU7dABv650oZr+IVd64 R4RA==
X-Gm-Message-State: AIVw1123EBihyySHni1A1QnLCtZHpHljDL1vxH38tYrDlLbVZSpbGK0b X6DD9GFF+NnRa3W4SZ2EBRk7g+TcAA==
X-Received: by 10.31.109.133 with SMTP id i127mr9703234vkc.0.1500191953982; Sun, 16 Jul 2017 00:59:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.18.105 with HTTP; Sun, 16 Jul 2017 00:58:43 -0700 (PDT)
In-Reply-To: <E09CB996-1191-4700-9123-92BD31FD7A20@cisco.com>
References: <CAN-Dau2zgthR2w9e5ZVUdGc-vm+YvK2uTUJ8O=vrcv0jNc58RA@mail.gmail.com> <CAN-Dau03r_CKW53kegaLa=F_R_RG4cWaCT1j6idrqPm9UuN03A@mail.gmail.com> <5963BF27.1050300@foobar.org> <ff09ffcd-df65-4033-8018-fbe7ae98cff8@gmail.com> <6bf7f3d0e9c047b1b86d4bcc220f8705@XCH15-06-11.nw.nos.boeing.com> <CAN-Dau1bxm5y0v_6kUBc_ym39bSSxepjdwrzcS7YHWD=CV9-bw@mail.gmail.com> <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com> <CAO42Z2x+282VK7nMFHjcCz9tBmJ_=d4OhkiRZFZDLcZhakGB1Q@mail.gmail.com> <30cb27b2-007a-2a39-803d-271297862cae@gmail.com> <40d757eb97564bc8bb0511063bd9d3f4@XCH15-06-11.nw.nos.boeing.com> <CAO42Z2x7ER2fUietjT3Ns-jpCqscCmVDVubiM0Dgw1_L0bkw=A@mail.gmail.com> <c7b140bf69104cd3877a7da03fbf17e7@XCH15-06-11.nw.nos.boeing.com> <32924d19-e5ce-7606-77f4-925b682065f5@gmail.com> <745583ab45bb407a9a210020a96773c5@XCH15-06-11.nw.nos.boeing.com> <m1dVbRc-0000GQC@stereo.hq.phicoh.net> <b6da9e67-1f4e-8900-5a3b-575d0c6fd2fd@gmail.com> <m1dWNIL-0000FpC@stereo.hq.phicoh.net> <3d2f1182-ec19-959e-a63f-ad0d316bbacf@gmail.com> <E09CB996-1191-4700-9123-92BD31FD7A20@cisco.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sun, 16 Jul 2017 17:58:43 +1000
Message-ID: <CAO42Z2zmd+2M8XYzWW2aAEwhOgc-eDD7jiwbF8fckqKLqLrkBA@mail.gmail.com>
Subject: Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/aNb4jNa2cDJXZXFFoL2x5r0EnTw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jul 2017 07:59:18 -0000

On 16 July 2017 at 16:41, Pascal Thubert (pthubert) <pthubert@cisco.com> wrote:
> Hello Brian:
>
> I'd say that DAD detecting a duplication is not a failure; just doing its job right.
>
> The DAD failure that hurts is DAD false negative like can be easily obtained on wireless  because the reliability of the multicast is largely different from that of wire.
>
> Are we ready to say that addresses that are generated with enough randomness in them do not need DAD?
>

I looked up RFC4862 to find out how many DAD attempts there were,
because I'd assumed 3 to 4, and if so, then if that many attempts
failed, I'd say the link is well beyond its capacity. Something would
need to be done to remedy a link capacity problem in that case.

I was surprised to find, as Ole mentioned, the number of attempts was
only 1 rather than 3 or 4.

One thing it does say about that value is:

Default: 1, but may be overridden by a link-type specific value in
      the document that covers issues related to the transmission of IP
      over a particular link type (e.g., [RFC2464]).

Although Wifi is emulating Ethernet at the IPv6 interface layer, it
doesn't have the same multicast characteristics, so perhaps there
should be an IPv6 over Wifi RFC that specifies IPv6's parameters to
suit.




> Pascal
>
>> Le 15 juil. 2017 à 23:01, Brian E Carpenter <brian.e.carpenter@gmail.com> a écrit :
>>
>> On 16/07/2017 01:39, Philip Homburg wrote:
>>>> This is backwards. The goals of pseudo-random IIDs are to reduce the
>>>> probability that scanning attacks find hosts, and to reduce the risk
>>>> of IIDs being used to breach privacy.
>>>>
>>>> If these goals are met, the collision probability will in any case
>>>> be low, so DAD failure will be exceedingly rare.
>>>
>>> I completely disagree. A collision is fatal. We are nowhere near transparently
>>> handling all collisions. At best we can hope that DAD can make one node
>>> continue unaffected.
>>
>> I'm confused.
>>
>> Firstly, do we have any experimental evidence that collisions
>> are a real operational problem? (Obviously, MAC address collisions are
>> disastrous at layer 2 anyway, so although IPv6+(Modified EUI-64) needs to
>> detect them, they are irrelevant to the current discussion.)
>>
>> Secondly, if a collision does occur with IPv6+(pseudo-random IID),
>> recovery is obvious: after DAD failure, generate a new pseudo-random
>> IID and try again. This is perfectly compatible with RFC4862 section 5.5
>> and is specfied in RFC7217 for stable IIDs and in RFC4941 for privacy
>> addresses.
>>
>>    Brian
>>
>>>
>>> In contrast, people have been scanning my IPv4 ranges for the past 20 years
>>> or so. That may be annoying. That may amplify attacks opportunities. But
>>> in it self it is not fatal.
>>>
>>>
>>> .
>>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email