Re: IPv6 address assignment for strictly point-to-point links and Device Loopbacks

Usman Latif <osmankh@yahoo.com> Wed, 26 September 2012 04:00 UTC

Return-Path: <osmankh@yahoo.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 576501F0CE5 for <ipv6@ietfa.amsl.com>; Tue, 25 Sep 2012 21:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[AWL=-0.030, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uz3pFSEMbMXo for <ipv6@ietfa.amsl.com>; Tue, 25 Sep 2012 21:00:37 -0700 (PDT)
Received: from nm12-vm1.bullet.mail.ne1.yahoo.com (nm12-vm1.bullet.mail.ne1.yahoo.com [98.138.91.41]) by ietfa.amsl.com (Postfix) with SMTP id B31E91F0CD3 for <ipv6@ietf.org>; Tue, 25 Sep 2012 21:00:36 -0700 (PDT)
Received: from [98.138.226.177] by nm12.bullet.mail.ne1.yahoo.com with NNFMP; 26 Sep 2012 04:00:32 -0000
Received: from [98.138.89.163] by tm12.bullet.mail.ne1.yahoo.com with NNFMP; 26 Sep 2012 04:00:32 -0000
Received: from [127.0.0.1] by omp1019.mail.ne1.yahoo.com with NNFMP; 26 Sep 2012 04:00:32 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 735534.10397.bm@omp1019.mail.ne1.yahoo.com
Received: (qmail 46989 invoked by uid 60001); 26 Sep 2012 04:00:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1348632032; bh=mw+qW6RiwdBlYO8oFCfrnqD4WBJt0J+Wf3RESwZ63Yc=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=1De5OIzX/ybLwGkAxtKueoKjFNGVNbSSWVOJJ7sMJ4zY65dRv/E00uOPuD9oGxmHrdLVowix+9jzSwcn7isLtB82OfXMXBPaRYJ5R6yoFFz1lQBPyBZQXIRvJp+mgOYZdDJt8M9C7YgaJo2Cm+PkauVxNnFtrfaqCcHoOWaoj+E=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=Dy8WzFy6DYyFaMIJqKbOqtKyyUy2FIBI/txEfHaIZw02BYjWln9WE69gVWauF5h4IJO82wlnATZ4kBt+q8Xs877Cgt4x34uzZZgRWMUDcHch2qi/YktMwI5Ws0e+V7Jvh3cag8NcAlQWxhK0SPD7wPsUjCpzjPvRI+GuePrk1PA=;
X-YMail-OSG: svZTmmcVM1msVaUli9UBN_2DpjJLUpLaehHvFJJ.F9W7Ju1 q7eTbbIAeQKHo4dcj6PX32kZhm_oNycIvdngtAL5cqconJgjCr7TiI5M8cv7 assjAPq.GK8dUkmEj54gW3AevZOyRIQV4EtUQ5SqpsqeJJl2182k9hO8G2y4 wZPubRzR8OIfGsIG4e5P4UM3NIUnDTZ3ZxPSZM9ZrA03DNjbyAx9SALa12_p I0Js7KLpAwReBRochMD1ddlaH0VXQOzds6nNKbUdij4r3hsco.ZZ6ZmZQK__ aa1Ytt52yIOb4I7N6lFUGCQxySOXce2QlxQPjp9_YU5kePGrcFoKC3idocnK 6_LZFLijGp3lTJ1NTOodB_Rr.NyBaFduPtTN1aNReqZYPah4f0V6JhR8AaOt 287AMi3zVMn.ic2b4jy6CnGdwESyuqXH_YAYuXQx8n96wdlDmxoRfugA50y. LWZU.sddfiOmlys8ZIBn5_A2wK9xLzaX3zNyGGEqPm3zb7psQUu7oQIJC53P TBiP.NUmdwLbQDWRI6kkyueIFNeSqlXmR5Q279GcWJw5mO1grHwWEZ51wgFs 1DUbL9gUuvo0QbghwIi9w0M8BOiHYPI.Fjw0ujD_ahvwRq6V7c0C4
Received: from [203.94.155.226] by web126005.mail.ne1.yahoo.com via HTTP; Tue, 25 Sep 2012 21:00:32 PDT
X-Mailer: YahooMailClassic/15.0.8 YahooMailWebService/0.8.121.434
Message-ID: <1348632032.36928.YahooMailClassic@web126005.mail.ne1.yahoo.com>
Date: Tue, 25 Sep 2012 21:00:32 -0700 (PDT)
From: Usman Latif <osmankh@yahoo.com>
Subject: Re: IPv6 address assignment for strictly point-to-point links and Device Loopbacks
To: Randy Bush <randy@psg.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1833503604-1481248262-1348632032=:36928"
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2012 04:00:38 -0000









Hi,


Based on the response i have received so far it appears that there are still gaps in our approach towards IPv6 addressing (maybe the original way the stack was written also is not ideal - but lets not go there and try to find the best way out with what we've got)


IMO RFC 6164 although being very authoritative and direct about use of /127 (from the same /64) on each p2p link is not giving us any insight into other current (or future) reserved addresses that were explained in more detail in RFC 5375 so in doing that RFC 6164 is raising doubts in our minds about using /127 (from the same /64) for p2p router links and also there is no talk in RFC 6164 about use of /128 loopbacks and what cautions are needed there - whereas we saw that in RFC 5375 (although informational only) there was a more comprehensive discussion around use of shorter length prefixes for p2p links and loopbacks


The motivations for RFC 6164 can also be debated here e.g:


Ping-Pong issue is dealt with RFC 4443


Neighbor Cache exhaustion on p2p links can be controlled if we use filters to restrict a router to perform ND for only the known IP on the far-end of the p2p link or a similar mechanism that provides control over creating neighbor cache only for the known IP on the farend (although this would require some additional config overhead but is worth considering)


Also there are so many other scenarios where this would still pose an issue wherever we have /64 assigned so better to provide a more holistic solution than to only consider router p2p links only.


Also its a good idea to encompass recommendations for p2p and loopbacks (and for that matter any assignment where prefix length is going beyond /64 into smaller subnets) into one standard track because the cautions and potential overlap issues that may exist for a /127 would pretty much be similar for /128 or any prefix that goes into the lower-64 bit territory...
 
One major concern I have with using /127 and /128 on p2p and loopbacks respectively is that we need to be careful that there are existing (ISATAP etc) and potentially future implementations that would use/reserve bits in the lower 64 bits -so unless we set aside bit boundaries in the lower 64 bits, we are likely to overlap with these... which is why if we use /127 with a whole /64 reserved for the p2p subnet, then it should be okay but if /127 or /128s are numbered from the same /64 consecutively, then obviously its likely that the reserved bits used by other implementations would overlap. When this happens, any scenario where the router (which has this overlap) is SRC/DST of packets would be confused whether to interpret those lower-64 bits as simple global unicast prefix or try to treat the lower-64 bits in a different way (according to the protocol implementation which is using that bit pattern).


Pls let me know if there is work being done in this space...


Regards
Usman
 



On 26/09/2012, at 2:52 AM, Randy Bush <randy@psg.com> wrote:




perhaps we learned some things over time?

randy





From: Usman Latif <osmankh@yahoo.com>
Date: 25 September 2012 11:30:09 AM AEST
To: ipv6@ietf.org
Subject: Re: IPv6 address assignment for strictly point-to-point links and Device Loopbacks














To summarize the whole discussion and clarify the last points:

RFC 3627 discouraged use of /127 and most RFCs up until RFC 5375 recommended using /64 even on p2p inter-router links.

RFC 6164 recommends using /127 on p2p links - however there is no explicit recommendation for /128 on device Loopbacks (e.g. for peering establishment etc)

The specific statement in RFC 6164 states that while using /127, care should be taken not to use following reserved address:

(a) Addresses with all zeros in the rightmost 64 bits SHOULD NOT be assigned 
as unicast addresses, to avoid colliding with the Subnet-Router anycast address 
(b) Addresses in which the rightmost 64 bits are assigned the highest 128 values 
(i.e., ffff:ffff:ffff:ff7f to ffff:ffff:ffff: ffff) SHOULD NOT be used as unicast addresses, 
to avoid colliding with reserved subnet anycast addresses

Whereas the RFC 5375 recommended not to use the following:


it is recommended to take the 'u' and 'g' bits into consideration and to make sure that there is no overlap with any of the following well-known addresses:
   o  Subnet Router Anycast Address
   o  Reserved Subnet Anycast Address
   o  Addresses used by Embedded-RP
   o  ISATAP Addresses
 
So the questions that come out of the above discussion are:

- What are the recommendations for device Loopbacks and what reserved address ranges need to be considered by network operators while using /128s for Loopbacks (should these be followed based on RFC 5357?)

- Which recommendations out of RFC 5375 and RFC 6164 should be followed by network operators while using /127s for inter-router point-to-point links
 
 
I (like many other engineers) would be looking for some feedback on the above two points to get a clear guideline for p2p and loopback addressing
 
 
Regards
Usman
 


--- On Sat, 22/9/12, Usman Latif <osmankh@yahoo.com> wrote:


From: Usman Latif <osmankh@yahoo.com>
Subject: Re: IPv6 address assignment for strictly point-to-point links and Device Loopbacks
To: "ipv6@ietf.org" <ipv6@ietf.org>
Cc: "Brian E Carpenter" <brian.e.carpenter@gmail.com>
Received: Saturday, 22 September, 2012, 6:07 PM





Forgot to include IPv6 group email in my last email (below)
Further to that, RFC 6164 states in the same statement that:


"When assigning and using any /127 prefixes, the following considerations 
apply. Some addresses have special meanings, in particular addresses 
corresponding to reserved anycast addresses. When assigning prefixes 
(and addresses) to links, care should be taken to ensure that addresses 
reserved for such purposes aren't inadvertently assigned and used as 
unicast addresses. Otherwise, nodes may receive packets that they are 
not intended to receive. Specifically, assuming that a number of point-to-point 
links will be numbered out of a single /64 prefix: 
 (a) Addresses with all zeros in the rightmost 64 bits SHOULD NOT be assigned 
as unicast addresses, to avoid colliding with the Subnet-Router anycast address 
(b) Addresses in which the rightmost 64 bits are assigned the highest 128 values 
(i.e., ffff:ffff:ffff:ff7f to ffff:ffff:ffff: ffff) SHOULD NOT be used as unicast addresses, 
to avoid colliding with reserved subnet anycast addresses"


One question that comes up here is that why did RFC 6164 exclude
additional recommendations that were stated in RFC 5375 which stated:


"it is recommended to take the 'u' and 'g' bits into consideration and to make sure that there is no overlap with any of the following well-known addresses:
   o  Subnet Router Anycast Address
   o  Reserved Subnet Anycast Address
   o  Addresses used by Embedded-RP
   o  ISATAP Addresses"


So should one only care about excluding reserved addresses as per RFC 6164 or should we also care about reserving addresses as per RFC 5375?


5375 seems to have more special addresses covered and is also a hint that in the hindsight there could be more special addresses in future using bits in lower 64-bit portion of v6 address(?)


I wonder if it's possible to leave portions of lower 64 bits in v6 address for special purposes (both EUI-64 and non EUI-64) so that we get best of both worlds i.e. leave room open for future development and assignment of special addresses using portions in lower 64 bits reserved for this purpose and at the same time allowing users to tap into the lower 64 bit address space for general address assignment purposes using portions that are not reserved for this purposes...


Regards,
Usman


Sent from my iPhone

On 22/09/2012, at 12:35 PM, Usman Latif <osmankh@yahoo.com> wrote:





On 22/09/2012, at 9:06 AM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:


On 21/09/2012 22:35, Usman Latif wrote:


Thanks Wes for the feedback.



...





Without this stated clearly there is likely to be some instances where readers interpret it the wrong way and end up assigning multiple p2p links with /127 subnets from a single given /64 and end up having to re-address their network in future when/if future standards use lower order 64 bits for special purposes.



[WEG] Given the fact that there is a standard that documents the use of a /127 for P2P links (6164), 



Wes, I think that statement is even a bit weak, since 6164 actually says:



"assuming that a number of point-to-point links will be numbered out of a single /64 prefix:"



so it is very clear: it is allowed by the standard to share a /64 among

however many pt2pt links the operator cares to. This is *not* a wrong

interpretation.



As you say, any future work will need to take account of this.



Brian