Re: Detailed review of Significance of IPv6 Interface Identifiers
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 01 October 2013 21:48 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B2A121E80C7 for <ipv6@ietfa.amsl.com>; Tue, 1 Oct 2013 14:48:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.3
X-Spam-Level:
X-Spam-Status: No, score=-101.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUqx8DPE7Bpf for <ipv6@ietfa.amsl.com>; Tue, 1 Oct 2013 14:48:27 -0700 (PDT)
Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 44DA021E81FA for <6man@ietf.org>; Tue, 1 Oct 2013 14:48:19 -0700 (PDT)
Received: by mail-pb0-f41.google.com with SMTP id rp2so7791682pbb.28 for <6man@ietf.org>; Tue, 01 Oct 2013 14:48:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=mvFqETJQTDVCKD6aUrE0T1jtQvNGH4ZomlKZbP5VfLA=; b=wuEjxboUYuWqai8x16pb0KHU3HOQZMHlt7PIM4Yv7VhBYv75InwNVVTq0zj7l+Qei7 PYGqiaaTBAG4lO1ylzPIZXlrBK+FDsMnYyQrWrOQ9WLSbJbL26Z4q6KYRseDkoQhCVsj qgE841p3EgkkbD2mFaN3F03yuPDYOLQLz/DlKnfuLY7uumJMBxll9Z2gL1oUP9ogy/SM iZKX5KMZ0NY41/kMKHPC1B5oGHvXfXiK/u/HmMMB3y5NP2BXSl1uCRkz0gwLW9ofzSW0 GqyHvxyCOS36NGA9jlQm4wROM/dFI84G4TUTOx3+JyUkvNTZ/7kIXmIudbCqk5T7bVPP OKXA==
X-Received: by 10.68.143.104 with SMTP id sd8mr31976343pbb.10.1380664099077; Tue, 01 Oct 2013 14:48:19 -0700 (PDT)
Received: from [172.24.31.170] (wireless-nat-1.auckland.ac.nz. [130.216.30.112]) by mx.google.com with ESMTPSA id zq10sm10599531pab.6.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 01 Oct 2013 14:48:17 -0700 (PDT)
Message-ID: <524B4321.30309@gmail.com>
Date: Wed, 02 Oct 2013 10:48:17 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Ray Hunter <v6ops@globis.net>
Subject: Re: Detailed review of Significance of IPv6 Interface Identifiers
References: <520B3529.80802@si6networks.com> <520BF653.8060603@gmail.com> <522309E1.7050806@globis.net> <5223EC0B.8080607@gmail.com> <5224284E.6020604@globis.net> <5224F28E.3040306@gmail.com> <5225D81F.6020009@globis.net>
In-Reply-To: <5225D81F.6020009@globis.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Fernando Gont <fgont@si6networks.com>, "6man@ietf.org" <6man@ietf.org>, draft-ietf-6man-ug@tools.ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2013 21:48:33 -0000
I know that a couple of people wanted the extra details suggested by Ray below. However, the explanation that I got from the 802.1 liaison (see my previous message) seems to me to make the details unimportant. Regards Brian On 04/09/2013 00:37, Ray Hunter wrote: >> Brian E Carpenter <mailto:brian.e.carpenter@gmail.com> >> 2 September 2013 22:18 >> On 02/09/2013 17:55, Ray Hunter wrote: >>>> Brian E Carpenter <mailto:brian.e.carpenter@gmail.com> >>>> 2 September 2013 03:38 >>>> Ray, >>>> >>>>> So AFAICS the u/l restriction and uniqueness restriction is only >>>>> relevant when EUI64 is used in the context of specific LAN hardware, but >>>>> perhaps not all router interface hardware. >>>> The phrasing in the draft looks completely compatible with that to me. >>> I'm not sure what the text is trying to say though. >> Ray, are you asking for a change in the text? Please be specific. >> >> <snip> >> >>> So any IETF standard that assumes a 1:1 relationship between IID and >>> IEEE LAN hardware is heading for trouble. >> Agreed - in what way does the draft imply anything else? > I agree on the conclusion and the meaning. But the reasoning is not > clear to me, nor particularly correct. >> (The words in RFC 4291 that we are obsoleting do seem to imply >> a 1:1 relationship, but that's what the draft fixes.) > Agreed >> Brian >> > Original text: > > /However, this has not so far proved to be the case. Also, there is > evidence from the field that despite the IEEE standard [IEEE802], MAC > addresses with universal scope are sometime incorrectly assigned to > multiple MAC interfaces. Firstly, there are recurrent reports of > manufacturers assigning the same MAC address to multiple devices. > Secondly, significant re-use of the same virtual MAC address is > reported in virtual machine environments. Once transformed into IID > format (with "u" = 1) these identifiers would purport to be > universally unique but would in fact be ambiguous. This has no known > harmful effect as long as the replicated MAC addresses and IIDs are > used on different layer 2 links. If they are used on the same link, > of course there will be a problem, very likely interfering with link- > layer transmission. If not, the problem will be detected by > duplicate address detection [RFC4862] [RFC6775], but such an error > can usually only be resolved by human intervention./ > > Proposed text: > > > / > However, the expected advantages or application of interface identifiers > with universal scope have not materialised. > > There is also evidence from the field that MAC addresses are not as > unique as one might expect, where for example manufacturers have > erroneously allocated the same burned in address to multiple devices. > > Furthermore, IEEE standards and operational practices have advanced > significantly since RFC4291 was published. > > There are at least three use cases in wide-spread production where a > router or other operating system interface at layer 3 may not enjoy > direct access to LAN hardware on a 1:1 relationship so that it can > access a "burned in address" from the MAC layer to create a unique IID > per interface with universal scope (which seemed to be an underlying > assumption when RFC4291 was written): > > - use of software drivers to spoof an operating system into thinking it > is talking to hardware, when in fact no LAN hardware is present e.g. LAN > interfaces on virtual machines. Significant re-use of the same virtual > MAC address has been reported in virtual machine environments. > > - use of an intermediate NIC teaming layer or Link Aggregation Group > that takes a number of underlying layer 2 links and presents them as a > single MAC interface to the client operating systems (IEEE 802.3ad draft > v1, IEEE 802.1ax LACP, proprietary). IEEE 802.1ax states that the MAC > address of the LAG MAY be an address of one of the underlying links in > the Link Aggregation Group, but this is not limited in any way in > implementations. LACP may also add and delete links from the Link > Aggregation Group dynamically, and it would seem counterintuitive that > the associated IID, and thus the IPv6 address, had to change every time > this happened, because the whole purpose of the LAG is to shield the OS > from such low level changes. > > - "Router on a stick", or "firewall on a stick", where a specialist > device such as an inter-VLAN router or firewall is connected to a layer > 2 switch fabric via a single high speed interface, and multiple sub > interfaces are defined at Layer 3, all of which share a common layer 2 > MAC address. These sub interfaces may be transported as a VLAN trunk > (e.g. 802.1Q) into the layer 2 switch fabric, where the individual VLANs > may then be presented on different hardware interfaces, such that the > device may appear to source traffic on multiple physical interfaces > using the same layer 2 address. > > Once transformed into IID > format (with "u" = 1) these identifiers would purport to be > universally unique but would in fact be ambiguous. This has no known > harmful effect as long as the replicated MAC addresses and IIDs are > used on different layer 2 links. If they are used on the same link, > of course there will be a problem, very likely interfering with link- > layer transmission. If not, the problem will be detected by > duplicate address detection [RFC4862] [RFC6775], but such an error > can usually only be resolved by human intervention. > / > > > > > Does that help? >> ------------------------------------------------------------------------ > >
- Detailed review of Significance of IPv6 Interface… Fernando Gont
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Fred Baker (fred)
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Randy Bush
- Re: Re: Detailed review of Significance of IPv6 I… Ray Hunter
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Ray Hunter
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Ray Hunter
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Ran Atkinson
- Re: Detailed review of Significance of IPv6 Inter… RJ Atkinson
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter
- Re: Detailed review of Significance of IPv6 Inter… Ray Hunter
- Re: Detailed review of Significance of IPv6 Inter… Brian E Carpenter