IETF Logo Mail Archive

Re: Detailed review of Significance of IPv6 Interface Identifiers

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 01 October 2013 21:48 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B2A121E80C7 for <ipv6@ietfa.amsl.com>; Tue, 1 Oct 2013 14:48:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.3
X-Spam-Level:
X-Spam-Status: No, score=-101.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUqx8DPE7Bpf for <ipv6@ietfa.amsl.com>; Tue, 1 Oct 2013 14:48:27 -0700 (PDT)
Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 44DA021E81FA for <6man@ietf.org>; Tue, 1 Oct 2013 14:48:19 -0700 (PDT)
Received: by mail-pb0-f41.google.com with SMTP id rp2so7791682pbb.28 for <6man@ietf.org>; Tue, 01 Oct 2013 14:48:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=mvFqETJQTDVCKD6aUrE0T1jtQvNGH4ZomlKZbP5VfLA=; b=wuEjxboUYuWqai8x16pb0KHU3HOQZMHlt7PIM4Yv7VhBYv75InwNVVTq0zj7l+Qei7 PYGqiaaTBAG4lO1ylzPIZXlrBK+FDsMnYyQrWrOQ9WLSbJbL26Z4q6KYRseDkoQhCVsj qgE841p3EgkkbD2mFaN3F03yuPDYOLQLz/DlKnfuLY7uumJMBxll9Z2gL1oUP9ogy/SM iZKX5KMZ0NY41/kMKHPC1B5oGHvXfXiK/u/HmMMB3y5NP2BXSl1uCRkz0gwLW9ofzSW0 GqyHvxyCOS36NGA9jlQm4wROM/dFI84G4TUTOx3+JyUkvNTZ/7kIXmIudbCqk5T7bVPP OKXA==
X-Received: by 10.68.143.104 with SMTP id sd8mr31976343pbb.10.1380664099077; Tue, 01 Oct 2013 14:48:19 -0700 (PDT)
Received: from [172.24.31.170] (wireless-nat-1.auckland.ac.nz. [130.216.30.112]) by mx.google.com with ESMTPSA id zq10sm10599531pab.6.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 01 Oct 2013 14:48:17 -0700 (PDT)
Message-ID: <524B4321.30309@gmail.com>
Date: Wed, 02 Oct 2013 10:48:17 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Ray Hunter <v6ops@globis.net>
Subject: Re: Detailed review of Significance of IPv6 Interface Identifiers
References: <520B3529.80802@si6networks.com> <520BF653.8060603@gmail.com> <522309E1.7050806@globis.net> <5223EC0B.8080607@gmail.com> <5224284E.6020604@globis.net> <5224F28E.3040306@gmail.com> <5225D81F.6020009@globis.net>
In-Reply-To: <5225D81F.6020009@globis.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Fernando Gont <fgont@si6networks.com>, "6man@ietf.org" <6man@ietf.org>, draft-ietf-6man-ug@tools.ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2013 21:48:33 -0000

I know that a couple of people wanted the extra details suggested by Ray
below. However, the explanation that I got from the 802.1 liaison
(see my previous message) seems to me to make the details unimportant.

Regards
   Brian

On 04/09/2013 00:37, Ray Hunter wrote:
>> Brian E Carpenter <mailto:brian.e.carpenter@gmail.com>
>> 2 September 2013 22:18
>> On 02/09/2013 17:55, Ray Hunter wrote:
>>>> Brian E Carpenter <mailto:brian.e.carpenter@gmail.com>
>>>> 2 September 2013 03:38
>>>> Ray,
>>>>
>>>>> So AFAICS the u/l restriction and uniqueness restriction is only
>>>>> relevant when EUI64 is used in the context of specific LAN hardware, but
>>>>> perhaps not all router interface hardware.
>>>> The phrasing in the draft looks completely compatible with that to me.
>>> I'm not sure what the text is trying to say though.
>> Ray, are you asking for a change in the text? Please be specific.
>>
>> <snip>
>>
>>> So any IETF standard that assumes a 1:1 relationship between IID and
>>> IEEE LAN hardware is heading for trouble.
>> Agreed - in what way does the draft imply anything else?
> I agree on the conclusion and the meaning. But the reasoning is not
> clear to me, nor particularly correct.
>> (The words in RFC 4291 that we are obsoleting do seem to imply
>> a 1:1 relationship, but that's what the draft fixes.)
> Agreed
>>     Brian
>>
> Original text:
> 
> /However, this has not so far proved to be the case.  Also, there is
>    evidence from the field that despite the IEEE standard [IEEE802], MAC
>    addresses with universal scope are sometime incorrectly assigned to
>    multiple MAC interfaces.  Firstly, there are recurrent reports of
>    manufacturers assigning the same MAC address to multiple devices.
>    Secondly, significant re-use of the same virtual MAC address is
>    reported in virtual machine environments.  Once transformed into IID
>    format (with "u" = 1) these identifiers would purport to be
>    universally unique but would in fact be ambiguous.  This has no known
>    harmful effect as long as the replicated MAC addresses and IIDs are
>    used on different layer 2 links.  If they are used on the same link,
>    of course there will be a problem, very likely interfering with link-
>    layer transmission.  If not, the problem will be detected by
>    duplicate address detection [RFC4862] [RFC6775], but such an error
>    can usually only be resolved by human intervention./
> 
> Proposed text:
> 
> 
> /
> However, the expected advantages or application of interface identifiers
> with universal scope have not materialised.
> 
> There is also evidence from the field that MAC addresses are not as
> unique as one might expect, where for example manufacturers have
> erroneously allocated the same burned in address to multiple devices.
> 
> Furthermore, IEEE standards and operational practices have advanced
> significantly since RFC4291 was published.
> 
> There are at least three use cases in wide-spread production where a
> router or other operating system interface at layer 3 may not enjoy
> direct access to LAN hardware on a 1:1 relationship so that it can
> access a "burned in address" from the MAC layer to create a unique IID
> per interface with universal scope (which seemed to be an underlying
> assumption when RFC4291 was written):
> 
> - use of software drivers to spoof an operating system into thinking it
> is talking to hardware, when in fact no LAN hardware is present e.g. LAN
> interfaces on virtual machines. Significant re-use of the same virtual
> MAC address has been reported in virtual machine environments. 
> 
> - use of an intermediate NIC teaming layer or Link Aggregation Group
> that takes a number of underlying layer 2 links and presents them as a
> single MAC interface to the client operating systems (IEEE 802.3ad draft
> v1, IEEE 802.1ax LACP, proprietary). IEEE 802.1ax states that the MAC
> address of the LAG MAY be an address of one of the underlying links in
> the Link Aggregation Group, but this is not limited in any way in
> implementations. LACP may also add and delete links from the Link
> Aggregation Group dynamically, and it would seem counterintuitive that
> the associated IID, and thus the IPv6 address, had to change every time
> this happened, because the whole purpose of the LAG is to shield the OS
> from such low level changes.
> 
> - "Router on a stick", or "firewall on a stick", where a specialist
> device such as an inter-VLAN router or firewall is connected to a layer
> 2 switch fabric via a single high speed interface, and multiple sub
> interfaces are defined at Layer 3, all of which share a common layer 2
> MAC address. These sub interfaces may be transported as a VLAN trunk
> (e.g. 802.1Q) into the layer 2 switch fabric, where the individual VLANs
> may then be presented on different hardware interfaces, such that the
> device may appear to source traffic on multiple physical interfaces
> using the same layer 2 address.
> 
> Once transformed into IID
>    format (with "u" = 1) these identifiers would purport to be
>    universally unique but would in fact be ambiguous.  This has no known
>    harmful effect as long as the replicated MAC addresses and IIDs are
>    used on different layer 2 links.  If they are used on the same link,
>    of course there will be a problem, very likely interfering with link-
>    layer transmission.  If not, the problem will be detected by
>    duplicate address detection [RFC4862] [RFC6775], but such an error
>    can usually only be resolved by human intervention.
> /
> 
> 
> 
> 
> Does that help?
>> ------------------------------------------------------------------------
> 
>

v2.23.0 | Report a Bug | By Email