IETF Logo Mail Archive

Re: A common problem with SLAAC in "renumbering" scenarios

Jan Zorz - Go6 <jan@go6.si> Mon, 04 February 2019 16:33 UTC

Return-Path: <jan@go6.si>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E19E130E9C for <ipv6@ietfa.amsl.com>; Mon, 4 Feb 2019 08:33:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=go6.si
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2J9ci9bZcHm for <ipv6@ietfa.amsl.com>; Mon, 4 Feb 2019 08:33:49 -0800 (PST)
Received: from mx.go6lab.si (mx.go6lab.si [91.239.96.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E65781277BB for <ipv6@ietf.org>; Mon, 4 Feb 2019 08:33:48 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.go6lab.si (Postfix) with ESMTP id DAB246602B; Mon, 4 Feb 2019 17:33:46 +0100 (CET)
X-Virus-Scanned: amavisd-new at go6.si
Received: from mx.go6lab.si ([IPv6:::1]) by localhost (mx.go6lab.si [IPv6:::1]) (amavisd-new, port 10024) with LMTP id iQEiGsFIKiIP; Mon, 4 Feb 2019 17:33:45 +0100 (CET)
Received: from mail.go6.si (mail.go6.si [IPv6:2001:67c:27e4::61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.go6.si", Issuer "Let's Encrypt Authority X3" (not verified)) by mx.go6lab.si (Postfix) with ESMTPS id 8C9B565E65; Mon, 4 Feb 2019 17:33:45 +0100 (CET)
Received: from ISOC-BMDKQ4.local (unknown [91.239.97.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Jan Zorz", Issuer "COMODO RSA Client Authentication and Secure Email CA" (not verified)) (Authenticated sender: jan) by mail.go6.si (Postfix) with ESMTPSA id 91EDA804C1; Mon, 4 Feb 2019 17:33:44 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=go6.si; s=mail; t=1549298024; bh=iGgZ9lrHhKrqY6SC9qrJf7t2Mc9qVAWCZGTb/m9A060=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Zqybe5Bca1OwM+OQ7zsYbyK7vbaZB8qfcLhbBr06tjKoUpoBe1C3Zzw0WZ+eiJbDY wzjnmDWuzEPMX5cZ5TYUX8Xa2ar99oSs7EOdqjgMlh4Zn+N/8rFios6OHGEzIL5AZa /GotNpjgAl9f9BIAvrIAkkCHJr8RTXVp6RQDutN8=
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
To: Ole Troan <otroan@employees.org>, Mikael Abrahamsson <swmike@swm.pp.se>
Cc: 6man WG <ipv6@ietf.org>
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <alpine.DEB.2.20.1901311236320.5601@uplift.swm.pp.se> <m1gpCcz-0000FlC@stereo.hq.phicoh.net> <ddd28787-8905-bafd-3546-2ceef436c8b0@si6networks.com> <m1gptWx-0000G3C@stereo.hq.phicoh.net> <69609C58-7205-4519-B17A-4FBC8AE2EA16@employees.org> <d40b41c3-ff1b-cab4-a8de-16692a78e8fd@go6.si> <D1E45CAD-08D0-43D4-90F7-C4DD44CB32C0@employees.org> <alpine.DEB.2.20.1902041330531.23912@uplift.swm.pp.se> <46B8DB92-DC81-4242-9780-0D00FB6BDB7A@employees.org>
From: Jan Zorz - Go6 <jan@go6.si>
Message-ID: <1c7ebabb-d6f6-d877-d4aa-d6c0fc7d5c60@go6.si>
Date: Mon, 04 Feb 2019 17:33:44 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <46B8DB92-DC81-4242-9780-0D00FB6BDB7A@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cMVlOvccHUTE8cBg3R4I5kO-G-Y>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2019 16:33:51 -0000

On 04/02/2019 13:54, Ole Troan wrote:> “real life looks like”… Why 
wouldn’t it? If the ISP has a routed
> interface directly towards the customer, then having a fixed /56 PD
> configured on that customer facing interface, that sure looks like
> real life to me. Or a fixed mapping of remote-id to a /56 in a DHCP
> PD database…

This is rarely a real life scenario. More common is a PPPoE or one of 
the derivatives, where you create a virtual layer over the physical 
layer and the other endpoint can be terminated wherever ISP feels like 
on this particular day. Moving people around BRAS-es is not uncommon.

However, I always advocated ISPs to put static IPv6 PDs in Radius (or 
whichever AAA mechanism they use), so that the same user always gets the 
same PD.

This approach is good until you have a requirement to do multiple PPPoE 
sessions per username. Then things get messy and that's the reason why 
people think of dynamic PDs ;)

My suggestion is to have separate dynamic /64 prefixes to number the WAN 
link (it works for multiple PPPoE sessions and also it gives IPv6 access 
to a very simple PPPoE client that doesn't do a PD request, like 
end-host machine with Windows or something) and fixed PD that just the 
first PPPoE session is able to get. This usually covers most of the 
scenarios. For the corner cases then ISP needs to solve them case by 
case, but at least for majority of clients that's the solution.

> 
> Sure, there are ISPs that use DHCP PD servers that allocate from
> pools. But I have a hard time seeing why that should be easier,
> cheaper, more managable than a static mapping table.

ISPs actually thinks that.

<sarcasm>
It's easy to deploy, it works in lab scenario, dynamic worked for IPv4 
and hey, users will never notice it as in case of issues they fall-over 
to IPv4 anyway ;) #happyEyeballsToTheRescue
</sarcasm>

> 
> (and don’t get me wrong, I’m all in favour of making CPEs and hosts
> more robust. I’m just trying to emphasize the point, that you can
> hardly blame the CPEs not working well, in a network that’s by some
> definition misconfigured. 

It is misconfigured :) But stuff happens without you wanting it to 
happen and then you need the edge to react properly.

<analogy>
It's the same as if you would be walking down the street and all of a 
sudden there is a gunfire around you. Now you have two options:
- react and hide from the bullets
- continue walking, saying that this street was not supposed to be under 
fire, city is not treating you well and there were no bullets flying 
around a minute ago.
</analogy>

Now you pick what you would do ;)

I personally would react to the new situation regardless of what I think 
the situation would have to look like - and so I think that CPEs and 
end-hosts needs some mechanism to adopt if things go wrong...

> I am still on the fence if the way to
> achieve that is through an IETF document or something else though).

Any idea of what something else could be? IETF could be the right place 
to address that...

Cheers and thnx, Jan

v2.23.0 | Report a Bug | By Email