IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Fernando Gont <fgont@si6networks.com> Sat, 23 March 2019 15:29 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B092012716C for <ipv6@ietfa.amsl.com>; Sat, 23 Mar 2019 08:29:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qt5T0LdOBB4C for <ipv6@ietfa.amsl.com>; Sat, 23 Mar 2019 08:29:37 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3609126CAD for <ipv6@ietf.org>; Sat, 23 Mar 2019 08:29:36 -0700 (PDT)
Received: from [IPv6:2a02:8308:40:3000:608b:59b5:a365:14b] (unknown [IPv6:2a02:8308:40:3000:608b:59b5:a365:14b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 4C0ED8453B; Sat, 23 Mar 2019 16:29:34 +0100 (CET)
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <1F07F2BB-2F37-4D12-9731-7892DF4E3D88@consulintel.es> <0a582916-af14-bd82-a4cd-002a36f8830b@huitema.net> <67515a73-26a5-3ed0-da88-1a4ce64550d3@foobar.org> <360afa02-cf23-375c-4876-780d3c2aa5ac@gont.com.ar> <CAHL_VyD34V=TRcsCp0DOO9HJNHyy5xkiMQ_cZoBa7zTE4fe5OA@mail.gmail.com> <ead01e0a-9211-7944-88d6-ae8d037c03a8@si6networks.com> <FB8B77EE-CC16-4418-BB5E-D44EE66D6B72@jisc.ac.uk> <29dcc6ed-03f6-3ead-6866-eecbefdf1483@si6networks.com> <F4F90B88-3EED-4AF2-82FE-5F1023A05605@employees.org> <c3562b5b-0eec-636b-3bb1-1b0381109542@si6networks.com> <CAJE_bqdttuCfqbjyVRiyZrUOvckLhWMNr21eMfeXBVmv+UbTkA@mail.gmail.com> <924e562a-82e8-e224-d5c3-859c493657e8@si6networks.com> <CAJE_bqfHcL202E+t+RdtdnFMdGNX7NbbFQ8v_rcc1u_gd4Yqog@mail.gmail.com> <81aa4ec3-82 77-794a-4da1-9855d2b6b97f@si6networks.com> <m1h6DxP-0000F3C@stereo.hq.phicoh.net> <8906689d-f9eb-ed74-ae4d-e72d51e d8866@si6networks.com> <m1h7hgA-0000HfC@stereo.hq.phicoh.net>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <c0c1a784-4632-addf-20bf-eea955628c10@si6networks.com>
Date: Sat, 23 Mar 2019 12:14:24 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <m1h7hgA-0000HfC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/gf7VcC5w_BUBd4GZCIwbQm4-L2g>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2019 15:29:40 -0000

On 23/3/19 11:31, Philip Homburg wrote:
> In your letter dated Sat, 23 Mar 2019 09:25:59 -0300 you wrote:
>>> I find the following issues in draft-gont-6man-slaac-renum-01:
>>> - In the notes it says "The aforementioned processing assumes that while
>>>   network configuration information might be split into multiple RAs, PIOs
>>>   will be spread among *at most* two RAs."
>>>
>> Note:
>> The same concept can be implemented as follows:
>> keep a counter of consecutive RAs with PIOs that have not advertised the
>> existing prefix. And trigger actions after some locally-defined value "n".
> 
> I'm not sure that will work. If you set 'n' high to be safe, then it will
> take long time before the hosts takes action. If you set 'n' low, then you
> still have a risk that a particular network exceeds this value.

If you have another (working) address, then that's safe.



>>> - The draft proposes many changes to router behavior in particular 
>>>   increasing the frequency of RA multicasts.
>>
>> It's not really a change in the behaviour. It is playing with the knobs
>> that the protocol has, within the acceptable boundaries.
> 
> I think 'playing' with knobs should be left to operators. If we change 
> default values of timers, then effectively we are changing the protocol.

If one were to change the defaults, one would be changing the spec, but
not the protocol.

That said, even if one wasn't changing the defaults but rather
suggesting tweaking of the timers, advice is warranted: you cannot
expect the operator to figure out all the relevant details....



>>> - Increased multicast rates may have a negative effect on battery lifetime.
>>
>> Point taken. However, it would seem to me that if you care about battery
>> life, rather than banning what a protocol does, the strategy
>> would/should be different. You have lots of protocols,
>> HTTP-based applications, etc., etc. You cannot police all at the
>> protocol level to save battery life.
> 
> I think we should design protocols such that the use of periodic multicasts is
> minimized. A node receives these multicasts even if it is otherwise idle.

But, ironically, these multicast messages are easier to policy (e.g. at
an AP) than the unicast messages.




> Making these multicasts more frequent is a step in the wrong direction.
> 
>>> - The algorithm has a tight coupling between modifying the preferred and
>>>   valid lifetimes of addresses. In most cases, accidentially marking an
>>>   address as deprecated has little effect on connectivity. Deleting an
>>>   addresses by setting the valid time to zero immediately disrupts all
>>>   communication that uses the address.
>>
>> But if you don't, you cannot communicate with the new "owners" of your
>> stale prefixes.
> 
> I don't think that's true for two reasons:
> - If the ISP re-assigns the prefix within the valid-lifetime of the
>   IA_PD prefix option, then the ISP is violating the DHCPv6 RFC.

You may be right in "the ISP is violating the dhcpv6 rfc"... but this
doesn't make  what I describe an inexistent scenario.


> - The source address selection algorithm avoids deprecated addresses.
>   So the only way this can lead to trouble is if the a new node would
>   use the exact same address. With SLAAC that basically cannot happen.

That's not correct. Normally, when a PIO has A=1, it normally has L=1.
Therefore, that prefix will be considered on-link, and any packets meant
for it will be sent on the local link, as opposed to forwarded to the
local router...


>>> For each PIO with A bit set and preferred lifetime non-zero, collect
>>> the label values (based on the policy table in RFC 6724 "Default Address
>>> Selection") in a set.
>>
>> What do you mean by "label"?
> 
> See Section 2.1 in RFC 6724 (the 'Policy Table')
> 
>> Counting RAs or using timers is essentially the same...
> 
> It is not clear how to me could get the same effect using counters. Maybe
> you can give an example algorithm.

Yep:

1) c=0
2) Whenever you receive a PIO from the same router that does not include
the currently-configured prefix: c++;
3) if c >= N1 -> address deprecated
4) If c >= N2  (where N2>N1) -> address removed.




>>> (I guess that for battery lifetime it is best to send all multicasts
>>> together). If a router would spread RAs out over a longer period, 
>>> hosts will follow the RAs causing load to be distributed over multiple
>>> prefixes in a predictable fashion.
>>
>> >From the pov of the folk doing troubleshooting, this is not of much help.
> 
> You are right. I have an idea how to deal with this issue.

I'm listening ;-)


Thanks!

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email