Re: Disabling temporary addresses by default?

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 02 February 2020 22:40 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58F951200E7 for <ipv6@ietfa.amsl.com>; Sun, 2 Feb 2020 14:40:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.436
X-Spam-Level: *
X-Spam-Status: No, score=1.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHPOghrpOyFg for <ipv6@ietfa.amsl.com>; Sun, 2 Feb 2020 14:40:24 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E210F120045 for <ipv6@ietf.org>; Sun, 2 Feb 2020 14:40:23 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [46.183.103.8]) by relay.sandelman.ca (Postfix) with ESMTPS id 33AB31F45A; Sun, 2 Feb 2020 22:40:21 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id BA2441318; Sun, 2 Feb 2020 17:40:15 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Jared Mauch <jared@puck.nether.net>
cc: Gyan Mishra <hayabusagsm@gmail.com>, Christian Huitema <huitema@huitema.net>, 6man WG <ipv6@ietf.org>, Fernando Gont <fgont@si6networks.com>
Subject: Re: Disabling temporary addresses by default?
In-reply-to: <4FB732F8-069B-4B14-A310-133832B5F9BE@puck.nether.net>
References: <CABNhwV1vLM3LJnb=HSBtwoBz+4BtL9aYKmWpUqE4tGumKGhA3w@mail.gmail.com> <4FB732F8-069B-4B14-A310-133832B5F9BE@puck.nether.net>
Comments: In-reply-to Jared Mauch <jared@puck.nether.net> message dated "Sun, 02 Feb 2020 11:33:09 -0500."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.1.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sun, 02 Feb 2020 17:40:15 -0500
Message-ID: <26316.1580683215@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/fLcCNVLbr8ETh7xJwZ43oVBCT3U>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 22:40:25 -0000

Jared Mauch <jared@puck.nether.net> wrote:
    > I've experienced it on most, cisco, juniper and the BCM based silicon
    > as well.

    > Finding which port or LC is having issues without just playing a search
    > method of taking things out of service is always painful.

    > Hopefully there is a syslog or hardware counter that tells us what's
    > happening but that's not always the case.

I have been a user behind such ECMP (in v4-only era) systems where the flow
cache expiry has been "tuned" for port-80 HTTP/1.0 traffic, and things like an
SSH login that lasts more than ten minutes just stops getting forwarded.  
You don't want to know what happens to an rsync or Windows-Update download.

It's pretty much impossible to report such bugs to the ISP, because they
simply haven't enough clues to understand the problem.  I could, at least,
explain it to local IT, and one of the results was that we changed ISPs,
because it affected our ability to support customers.
(Back then 10Mb/s links were $$$/month).  

Temporary addresses aren't going to change in the order of minutes, nor are
OS stacks going to pick them in some round-robin situation.

So, I agree that the debug problem is hard, but I don't think that temporary
addresses will make it worse.
The hash is going to depend upon the port number too, right? And that changes
for every connection anyway.


-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-