IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Fernando Gont <fgont@si6networks.com> Sat, 23 March 2019 12:26 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 345F112788C for <ipv6@ietfa.amsl.com>; Sat, 23 Mar 2019 05:26:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XIpLBo50bjfH for <ipv6@ietfa.amsl.com>; Sat, 23 Mar 2019 05:26:13 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B2101274A1 for <ipv6@ietf.org>; Sat, 23 Mar 2019 05:26:13 -0700 (PDT)
Received: from [IPv6:2a02:8308:40:3000:608b:59b5:a365:14b] (unknown [IPv6:2a02:8308:40:3000:608b:59b5:a365:14b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 0432C83644; Sat, 23 Mar 2019 13:26:04 +0100 (CET)
From: Fernando Gont <fgont@si6networks.com>
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <1F07F2BB-2F37-4D12-9731-7892DF4E3D88@consulintel.es> <0a582916-af14-bd82-a4cd-002a36f8830b@huitema.net> <67515a73-26a5-3ed0-da88-1a4ce64550d3@foobar.org> <360afa02-cf23-375c-4876-780d3c2aa5ac@gont.com.ar> <CAHL_VyD34V=TRcsCp0DOO9HJNHyy5xkiMQ_cZoBa7zTE4fe5OA@mail.gmail.com> <ead01e0a-9211-7944-88d6-ae8d037c03a8@si6networks.com> <FB8B77EE-CC16-4418-BB5E-D44EE66D6B72@jisc.ac.uk> <29dcc6ed-03f6-3ead-6866-eecbefdf1483@si6networks.com> <F4F90B88-3EED-4AF2-82FE-5F1023A05605@employees.org> <c3562b5b-0eec-636b-3bb1-1b0381109542@si6networks.com> <CAJE_bqdttuCfqbjyVRiyZrUOvckLhWMNr21eMfeXBVmv+UbTkA@mail.gmail.com> <924e562a-82e8-e224-d5c3-859c493657e8@si6networks.com> <CAJE_bqfHcL202E+t+RdtdnFMdGNX7NbbFQ8v_rcc1u_gd4Yqog@mail.gmail.com> <81aa4ec3-82 77-794a-4da1-9855d2b6b97f@si6networks.com> <m1h6DxP-0000F3C@stereo.hq.phicoh.net>
Openpgp: preference=signencrypt
Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <8906689d-f9eb-ed74-ae4d-e72d51ed8866@si6networks.com>
Date: Sat, 23 Mar 2019 09:25:59 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <m1h6DxP-0000F3C@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/dVGgC37oTElw9SMsP4VsfWtl_u8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2019 12:26:17 -0000

Hello, Philip,

Thanks so much for your feedback! Comments in-line...

On 19/3/19 09:35, Philip Homburg wrote:
> I spent some time thinking about Section 5.1.3 of
> draft-gont-6man-slaac-renum-01. This the part where the host deals with
> stale prefixes.
> 
> I'm interested in the host part for two reasons:
> - Solving the issue at the CPE requires persistent storage of network state,
>   which may be hard to require from all devices.
> - It may take quite a long time before all CPEs are replaced.

100% agree. The solution to the problem is mainly 5.1.3. The other stuff
may be of help, though, when the host has not been updated.



> So for any host it is worth dealing with the problem locally instead of 
> relying on the network.

Exactly.



> I find the following issues in draft-gont-6man-slaac-renum-01:
> - In the notes it says "The aforementioned processing assumes that while
>   network configuration information might be split into multiple RAs, PIOs
>   will be spread among *at most* two RAs."
> 
>   I think it is bad to deploy something on hosts that would force all
>   routers to comply with this.

Note:
The same concept can be implemented as follows:
keep a counter of consecutive RAs with PIOs that have not advertised the
existing prefix. And trigger actions after some locally-defined value "n".




> - The draft proposes many changes to router behavior in particular 
>   increasing the frequency of RA multicasts.

It's not really a change in the behaviour. It is playing with the knobs
that the protocol has, within the acceptable boundaries.



>   One problem is that hosts will only benefit from those changes when new
>   CPEs are deployed. The draft doesn't describe what will happen in networks
>   with unmodified CPEs

5.1.3 makes hosts benefits without updated CPEs.

The other stuff makes hosts befefit when the CPEs are updated, but the
hosts are not.



> - Increased multicast rates may have a negative effect on battery lifetime.

Point taken. However, it would seem to me that if you care about battery
life, rather than banning what a protocol does, the strategy
would/should be different. You have lots of protocols,
HTTP-based applications, etc., etc. You cannot police all at the
protocol level to save battery life.



> - The algorithm has a tight coupling between modifying the preferred and
>   valid lifetimes of addresses. In most cases, accidentially marking an
>   address as deprecated has little effect on connectivity. Deleting an
>   addresses by setting the valid time to zero immediately disrupts all
>   communication that uses the address.

But if you don't, you cannot communicate with the new "owners" of your
stale prefixes.



>   What is worse, these changes to the valid time are not necessary do deal
>   with the problem at hand: flash renumbering situations.

Not sure what you mean.



>   With respect to valid lifetimes, if two hosts are communicating locally
>   using global addresses, is it worth breaking that communication just
>   because the router ceases to send RAs for the prefix (i.e. well before
>   the lifetime of the prefix or the onlink status expires)

OTOH, if you don't, you will not be able to communicate with the new
owner of the prefix.


> 
> So I was looking at a change to host processing of RAs such that:
> - The host will quickly (on a human time scale) stop using the old
>   prefix
> - Any mistakes because the algorithm gets confused are relatively benign
> - No changes to routers are required for the algorithm to work, though
>   some currently allowed router behavior may lead to sub-optimal results.
> 
> The basic concept that I came up with is the following:
> - I assume that for each addresses that is configured using SLAAC the host
>   already maintains an associated default router to deal with poor man's
>   multihoming setups.
> - Add to each address a timetamp value that records when the last time
>   a PIO (with A bit set) was seen that covers the prefix (last_time_seen).
> 
> For each RA that is received, if the RA contains any PIO with the A bit set,
> processes those PIOs and update the last_time_seen value for addresses
> covered. Update the default router as well.
> 
> For each PIO with A bit set and preferred lifetime non-zero, collect
> the label values (based on the policy table in RFC 6724 "Default Address
> Selection") in a set.

What do you mean by "label"?


> 
> After processing all PIOs in the RA go over all addresses:
> - Skip any addresses that have a different default router
> - Skip any addresses that have a label not in the set that resulted
>   from processing the PIOs
> - Skip any addresses that have a last_seen_value that was less than 60
>   seconds ago
> - If the address has a preferred lifetime of more than 60 seconds,
>   reduce the lifetime to 60 seconds.

Counting RAs or using timers is essentially the same...


> 
> I picked 60 seconds because it is a value that works well on a human
> time scale. At the same time, if a router announces PIOs in multiple RAs
> then they should be sent within 60 seconds to see no change in host behavior.

In timeframe of 60 seconds you'll get at most one RA. If it happens to
be lost, you will not get any.


> (I guess that for battery lifetime it is best to send all multicasts
> together). If a router would spread RAs out over a longer period, 
> hosts will follow the RAs causing load to be distributed over multiple
> prefixes in a predictable fashion.

>From the pov of the folk doing troubleshooting, this is not of much help.



> 
> In simple CPE situations, this will cause old addresses to be deprecated
> 60 seconds after the CPE first announces the new prefix (most of the time).
> In rare cases, where the CPE quickly reboots just after sending an RA,
> it may take one extra round of RAs (at the moment 10 minutes).
> 
> In cases where a router spreads PIOs over multiple RAs, if those are 
> sent within 60 seconds and there is no packet loss, all addresses remain
> preferred. If the RAs are spread over a longer interval or if there is
> packet loss, one or more addresses may get deprecated.

If you just play with the "preferred lifetime", then the host will not
be able to communicate with the new owner of the prefix...


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email