IETF Logo Mail Archive

Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-02.txt

Vasilenko Eduard <vasilenko.eduard@huawei.com> Mon, 23 October 2023 09:15 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53AFFC1519BC for <ipv6@ietfa.amsl.com>; Mon, 23 Oct 2023 02:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrkCw9aHSMNo for <ipv6@ietfa.amsl.com>; Mon, 23 Oct 2023 02:15:31 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D42DC1519B6 for <ipv6@ietf.org>; Mon, 23 Oct 2023 02:15:31 -0700 (PDT)
Received: from mscpeml500002.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4SDTzW3TrWz6K98y; Mon, 23 Oct 2023 17:14:47 +0800 (CST)
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml500002.china.huawei.com (7.188.26.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Mon, 23 Oct 2023 12:15:25 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2507.031; Mon, 23 Oct 2023 12:15:25 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Mark Smith <markzzzsmith@gmail.com>
CC: Brian E Carpenter <brian.e.carpenter@gmail.com>, David Farmer <farmer@umn.edu>, 6man WG <ipv6@ietf.org>
Thread-Topic: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-02.txt
Thread-Index: AQHaA3NWhBz+D1CiK0+DiM9VqrhwXrBTWPyAgABlRQCAAIqqAIAALjkAgAKY1wD//9LggIAAM+VggAAEcJA=
Date: Mon, 23 Oct 2023 09:15:25 +0000
Message-ID: <c0f2858bcb8c40a4af99153f0f2c54e2@huawei.com>
References: <169781961210.44671.13303184783819856609@ietfa.amsl.com> <CAN-Dau1XHOac-HTuM43zo0wkpxfpdfvn189+qOzDvF_s7nVPXw@mail.gmail.com> <CAO42Z2zAcBEv5+p9M+70-fTi9N=Wo_xGMGJ8dWtizHJXNa5sTA@mail.gmail.com> <CAN-Dau3vBV+RqPCiDOpzAL8or2hBk1EFu_MK+aoN8cN=U04k6A@mail.gmail.com> <f7b6ee32-994f-fb21-15aa-076c313451e3@gmail.com> <c7ce3ba6a7d948edbbdd5b41d26dda22@huawei.com> <CAO42Z2zQUtKUnrarAi552j-TC-jOjA88dQCAL8KFuS=baZhVXA@mail.gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.199.56.242]
Content-Type: multipart/alternative; boundary="_000_c0f2858bcb8c40a4af99153f0f2c54e2huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/fE_mUTSqcVvRMajTPUQuC8Rke8Q>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-02.txt
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2023 09:15:35 -0000

Hi Mark,
Sorry, I made a mistake in the terminology in this message: “Next hop” instead of “destination address”.
The destination address is first, then should be the source address selection, and only then the next hop.
Now it is the wrong chain: destination -> next hop -> source.
Eduard
From: Vasilenko Eduard
Sent: Monday, October 23, 2023 11:59 AM
To: 'Mark Smith' <markzzzsmith@gmail.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>; David Farmer <farmer@umn.edu>; 6man WG <ipv6@ietf.org>
Subject: RE: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-02.txt

https://datatracker.ietf.org/doc/html/draft-vv-6man-nd-support-mhmp-02#page-8
Discusses 7 methods (numbered 1-7). Some historical and very bad. The list could be expanded.
Ed/
From: Mark Smith [mailto:markzzzsmith@gmail.com]
Sent: Monday, October 23, 2023 11:51 AM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>>; David Farmer <farmer@umn.edu<mailto:farmer@umn.edu>>; 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-02.txt


On Mon, 23 Oct 2023, 19:43 Vasilenko Eduard, <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>> wrote:
> Sorry to repeat myself, but IMHO we can *only* fix it by replacing the whole
> mechanism (RFC3485/6724 and getaddrinfo). The bug is trying to pick a
> destination address instead of picking an address pair. (Kudos to Eduard
> Vasilenko for pointing this out a few months ago.)

But my solution was different:
a) change the order of address choices: source address should be chosen first (destination later)

How can you choose a source address when you don't know what the destination is?

The only SA that *might* work in all cases without knowing a DA is a GUA, making LLAs and ULAs entirely useless.

b) then enjoy RFC 8028 which has enough corrections to get PA multi-homing to work.
Unfortunately, the above solution is only for multi-homing.
NAT presence/absence would still have challenges - it is a different problem.
Of course, it is possible to fix it by a separate flag (and PIO for this flag).

I do not have objections against Brian's proposal to scrape RFC 6724 completely and propose address pairs sorting.
However, only the second problem is in the discussion yet (how to understand when ULA is NATed or not).
The PA multi-homing for "address pairs sorting" is not discussed yet.
Eduard
> -----Original Message-----
> From: ipv6 [mailto:ipv6-bounces@ietf.org<mailto:ipv6-bounces@ietf.org>] On Behalf Of Brian E Carpenter
> Sent: Saturday, October 21, 2023 10:53 PM
> To: David Farmer <farmer@umn.edu<mailto:farmer@umn.edu>>; Mark Smith
> <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>>
> Cc: 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>
> Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-02.txt
>
> On 22-Oct-23 06:07, David Farmer wrote:
> >
> > On Sat, Oct 21, 2023 at 3:51 AM Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>
> <mailto:markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>>> wrote:
> >
> >
> >     On Sat, 21 Oct 2023, 13:49 David Farmer,
> <farmer=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org> <mailto:40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>>>
> wrote:
> >
> >
> >         4. I've been rethinking Section 7. Maybe it shouldn't refer to RFC5220
> and should focus the section simply on the problem of "ULA Source with GUA
> Destination."
> >
> >
> >             7. ULA Source with GUA Destination
> >
> >             A problematic situation exists when only a ULA source is available for
> communication with a GUA destination. Since only having a ULA source
> generally implies only local connectivity is available, with no connectivity to
> the IPv6 Internet.
> >
> >
> >     I don't agree with this. It means that all local network hosts must have
> ULA addresses to be reachable from other internal hosts over IPv6.
> >
> >     If an internal host has a GUA address and another host has a ULA
> address, and the local network's routing system/routes can provide a
> bidirectional path been them, why shouldn't it work?
> >
> >
> > Ok, I see what you are saying. But what is the remedy?
> >
> > Is the problem the Prefer Matching Label Rule altogether, or is it the
> separate label for ULA from GUA?
> >
> > Rule 5 of Section 6 isn't new; It goes back to RFC3484. Also, the separate
> label is new; At least for site-local, it goes back to RFC 3484 as well. There was
> the same situation between site-local and GUA, but it was created by Rule 2
> of Section 6, prefer matching scope since site-local was a separate
> scope. Anyway, IPv4 would have been preferred to a site-local source and a
> GUA destination, and vice versa.
> >
> >     This hasn't been the case with IPv4, so I think this would be unexpected
> behaviour in IPv6. RFC1918 addressed hosts have been able to reach
> internally publically addressed hosts as long as the routing system has the
> routes to provide the bidirectional path between them.
> >
> >
> > Actually, if there were only the IPv6 stack, the rules would provide the
> same behavior as IPv4. The problem is dual-stack, and that IPv4 provides
> another option. So, maybe the problem is mixing IPv6 and IPv4 and trying to
> choose between them in the policy table. Maybe the answer is to remove
> IPv4 (::ffff:0:0/96) from the IPv6 policy table and only use Happy Eyeballs to
> choose between IPv6 and IPv4.
> >
> >     Below seems to me to be another example of trying to build too much
> intelligence about dynamic network reachability into a static table starting
> point in hosts.
> >
> >     The only way to reliably determine if connectivity exists is to attempt it,
> which is why RFC3484/6724 say to attempt each DA provided by
> getaddrinfo() until one works or they've all failed.
> >
> >     There will never be a RFC6724 table that can ensure the first DA returned
> by getaddrinfo() is the one that always works.
> >
> >     (If there was then getaddrinfo() would only ever need to return one DA,
> and we wouldn't have dynamic routing, links would be 100% reliable, there
> would be no packet loss and no need to retransmissions to recover from
> them, nor any need for checksums because packets would never get
> corrupted.)
> >
> >     Regards,
> >     Mark.
> >
> >
> >             In such cases, it is likely better to use IPv4 if it is available. This
> section discusses several complementary mechanisms available to achieve
> this outcome.
> >
> >             7.1 Prefer Matching Label Rule
> >
> >             RFC 6724 added a separate label for ULA (fc00::/7), whose
> precedence is raised by this update. This separate label interacts with Rule 5
> of Section 6 of RFC 6724, which says;
> >
> >                 Rule 5: Prefer matching label.
> >
> >                 If Label(Source(DA)) = Label(DA) and Label(Source(DB)) <>
> Label(DB), then prefer DA.  Similarly, if Label(Source(DA)) <> Label(DA)
> and Label(Source(DB)) = Label(DB), then prefer DB.
> >
> >
> >             In this case, the ULA source label will not match the GUA destination
> label, and therefore, an IPv4 destination will be selected over a GUA
> destination with a ULA source, even though ULA has a higher precedence
> than IPv4 in the policy table.
> >
> >
> > So, how do we fix it?
>
> Sorry to repeat myself, but IMHO we can *only* fix it by replacing the whole
> mechanism (RFC3485/6724 and getaddrinfo). The bug is trying to pick a
> destination address instead of picking an address pair. (Kudos to Eduard
> Vasilenko for pointing this out a few months ago.)
>
> For the specific sub-problem of ULA<==>GUA, see the last line of Nick's latest
> message.
>
>     Brian
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org<mailto:ipv6@ietf.org>
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email