IETF Logo Mail Archive

Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>

Jared Mauch <jared@puck.nether.net> Mon, 15 April 2024 18:44 UTC

Return-Path: <jared@puck.nether.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D8EC151075 for <ipv6@ietfa.amsl.com>; Mon, 15 Apr 2024 11:44:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.995
X-Spam-Level:
X-Spam-Status: No, score=-6.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=puck.nether.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IT4l6EcZoxvX for <ipv6@ietfa.amsl.com>; Mon, 15 Apr 2024 11:44:25 -0700 (PDT)
Received: from puck.nether.net (puck.nether.net [204.42.254.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD910C151063 for <ipv6@ietf.org>; Mon, 15 Apr 2024 11:43:59 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2602:fe55:64:0:14d4:597b:ccf8:c95c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: jared) by puck.nether.net (Postfix) with ESMTPSA id 9CC7454017B; Mon, 15 Apr 2024 14:43:06 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 puck.nether.net 9CC7454017B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=puck.nether.net; s=default; t=1713206586; bh=UlF7AIaDzCYOyoin0jgJsbjuUMZXec/PPfwXGWzCJ9I=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=jycljHTxi8ifCfz0HRt8Aa343AWcrZGxTbhqf0qgcKZbbGrbRRWinK3Xygh/UqOCb 6gkVgccG3dBO1TdatLv53fSWQvBuoM1MsouCRlIxoGnPKyFB1Hpd5aVvpy9iBcX26g 9OQKzz+h7inGS1daJR5CvP9wkxM8w/7ZkdHrNi5t4QmoCUSWczIJnWMGhrMVBVxHJf dtsn2QFwz4ye/hOWlOymXHrch+QfcTf1tUEo5AHBR+kwVjqPs+qvbRsrQzNnuKqNvD 0xs1SvXNKvSyupoDHUzseW3EKoxgYDOeY81kIKjKuh4VpZZ56mAwrZgv7WwXTRu2AN uCxMIsbjGcb5g==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CAJU8_nXwXPEcPrMnt4vRDO++LkqT=QOsizB7n4od9JaFc83F3Q@mail.gmail.com>
Date: Mon, 15 Apr 2024 14:43:45 -0400
Cc: Ted Lemon <mellon@fugue.com>, Tim Chown <Tim.Chown=40jisc.ac.uk@dmarc.ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8235C07A-E833-4F83-8EF8-8B1CC69CF760@puck.nether.net>
References: <6A5E5F35-B35F-4358-8EE1-3BD82329141E@jisc.ac.uk> <6FBC1B5A-BF28-4B05-B2B2-A60DA4707755@gmail.com> <CAPt1N1m-Ye8vfOVnsPesFshLMV5QuVoxWqM=HVZiJ37zaBg6AA@mail.gmail.com> <CAKD1Yr1NTvFj0zB0=+nnUKck7TBtwHFz2XoFkD1smx4yCuZohQ@mail.gmail.com> <1EFB11CD-544F-4AD7-B414-6A626075975D@employees.org> <CAPt1N1kJFgu6FhFaVhhkPnEY2dofcLF2ZuKDBHJFF5UU6R+x2g@mail.gmail.com> <F301BC19-2D6D-42F5-9C94-0516A765B97C@jisc.ac.uk> <CAPt1N1k4FGbTVVk1QTw0-or0PxkhSPqGda8fHrJKb2t4shNGkw@mail.gmail.com> <CFFA3926-583D-4DA0-B981-3D58048DE894@jisc.ac.uk> <CAJU8_nXpC4ZmcbpuVoTxykf2KEO1zpdThA=VQKM8iXRjTAgHiQ@mail.gmail.com> <CAPt1N1mGn2E2-d9PkvTWePSPUkVik7UO-75ryTa2EkjfR_4ZmQ@mail.gmail.com> <CAJU8_nXXSsJa6ycMZuSmTeNoma1HrBdQ5bD1feb7DDDK5b_dVA@mail.gmail.com> <CAPt1N1mESFzHsK3XyE8DD_mhZjWvMuh=pf9RMmT6BgyO6LryWQ@mail.gmail.com> <CAJU8_nU=pV7L8nFTMMf2nC-koXftLmQEOLnGAv+2MkOT+KHwoA@mail.gmail.com> <CAPt1N1mo8N28YMdVY-BV0pT6mW0bs_Oq5tMY+TRXu1PzjaUKwg@mail.gmail.com> <CAJU8_nXwXPEcPrMnt4vRDO++LkqT=QOsizB7n4od9JaFc83F3Q@mail.gmail.com>
To: Kyle Rose <krose=40krose.org@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cqfAtlDBEB6HD66HPDD2rkhwOzo>
Subject: Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 18:44:29 -0000


> On Apr 15, 2024, at 2:32 PM, Kyle Rose <krose=40krose.org@dmarc.ietf.org> wrote:
> 
> On Mon, Apr 15, 2024 at 2:25 PM Ted Lemon <mellon@fugue.com> wrote:
> Okay, let's say your case is "natural." In your setup, you'd need to make fc00::/6 a "known-local" ULA, and then you would get the behavior you want, right? And you could do this by always publishing an fc00::/6 route in all your default routers (or a subset, if that makes more sense).fc00::/6 is not a "ULA prefix" in the strict sense implied by the generation procedure, which has them at 48 bits with 40 bits of entropy. If the proposal is for known-local to support arbitrary prefixes within the ULA address space, then yes, I think that would work. It's viscerally unsatisfying to treat them so differently from GUA (i.e., requiring an extra route in addition to the default route that should cover it) simply because we want the shoehorn reachability into address selection, but as long as I can achieve what I want with O(1) work, I'm not going to complain too much.

Yes, this is similar to creating what we in the operator space might call a hold-down route, eg: trying to make one for each rfc1918 type space, including the lab, docs space, etc to prevent traffic, so while a ::/0 or 0/0 would cover all that space, one can create a number of hold-down routes to prevent traffic from leaking but folks often forget to do this.

- Jared

v2.23.0 | Report a Bug | By Email