Re: rfc4941bis: On the use of multiple addresses
Lorenzo Colitti <lorenzo@google.com> Fri, 31 January 2020 06:50 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A41120639 for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 22:50:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qkey7Lc6ejuM for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 22:50:03 -0800 (PST)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C92AD12008A for <6man@ietf.org>; Thu, 30 Jan 2020 22:50:03 -0800 (PST)
Received: by mail-io1-xd36.google.com with SMTP id n21so6958734ioo.10 for <6man@ietf.org>; Thu, 30 Jan 2020 22:50:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rQ+DcRDIH5T80mEv6BMJOCJy7W8zkepgVf0j9mA5Sew=; b=o2agteLsiqv0LrHaEwT/GR9DlTBb2aHaSJVYzetmnvBgQvfBe8AS89u/zejhj65vSy Nmz23feRhjBlndBKrnLoFD2tHboO7tUfkMfluFNTRxBYDI39tfmt+gH3vPqF9JbvKKs6 +NUolE2YHafXOqQZfxlwFdHWnFOR+cggmSCL0zTERYPJDvo+w7Em5JUZv0n174V73ILM WNGIWor3sWvyGqI8yf/XrEd1XVJRXKNzSiiJo5hnIl7w8IjZN2cqJ6Uc/Z4mlJ94KgrK XbAtO3n1IE6QtlnpdyEREjKou7iObNNsTEZHjf3ey4vboq0k1oNR5swZdeI9jUCaMvIP oJ7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rQ+DcRDIH5T80mEv6BMJOCJy7W8zkepgVf0j9mA5Sew=; b=nAgTgHa7VbydV9ixXQZ8+4P4sNuc4RoI3/N/F4Qo/p7bTcl7n2HjRfEgwjcG+hTujP INgcVzbqGsUvpuvjP6NJR9QdZuUNuaoSx+tdXBQLbJJx57VUxlHIQjTps6gnwCeSms1m y6BGOnkTqO5mTig63Qp5qRDTybwap5ACMrf01Sv3W7jMbGDVrqyl5jLGcgs9pZFsNmS6 vjN4AGpuvlERuKWIyW45MlEgZJQJ5a0CJH4zX8P+WrlHQi7cIlB/mTGv9f4hJbrDbJqs JH24mX8Wk6nio3mbHbhg58r63z7rVVUh5EdIG9smjnrdodJZC52D00c3gVkPDgJr0A6+ 0ggg==
X-Gm-Message-State: APjAAAVbb6vc928AAtkRHaT5pDRR/P0ldp39xGkhf0Ja/lg5BcmYbnnk JC65tVZTYo8TvH6gkYVbhNKmjbCXHIHqx5VE6lSjzA==
X-Google-Smtp-Source: APXvYqztBl4P9jXCQKkz6jw0YU4C0jMbdtxb2u6kHVDA9a6JDXgJMjiB8rd0YB/82iXBbQeG93vItC5Q7AE2ETWTclY=
X-Received: by 2002:a6b:700e:: with SMTP id l14mr7902267ioc.170.1580453402763; Thu, 30 Jan 2020 22:50:02 -0800 (PST)
MIME-Version: 1.0
References: <4c7c16fd-ddef-eec0-d34e-29e91df6ce25@si6networks.com> <CAKD1Yr1-xNPPs9obsGnn28fU15NQ85NuXwTppCkF60twdKGMgw@mail.gmail.com> <4C2E5A52-3D97-4445-B5E1-69703D402E49@cisco.com>
In-Reply-To: <4C2E5A52-3D97-4445-B5E1-69703D402E49@cisco.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Fri, 31 Jan 2020 15:49:50 +0900
Message-ID: <CAKD1Yr1nRK7=Bm2N+Ya5kiZg17nas1YXzaZmS_36=kyY1EgqVQ@mail.gmail.com>
Subject: Re: rfc4941bis: On the use of multiple addresses
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: Fernando Gont <fgont@si6networks.com>, "6man@ietf.org" <6man@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a857c0059d69fb76"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/gvVI6u3mT6oc7diNhb_frw5-xiA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 06:50:06 -0000
On Fri, Jan 31, 2020 at 3:06 PM Pascal Thubert (pthubert) < pthubert@cisco.com> wrote: > Limiting the amount of addresses is an obvious implication of SAVI in a > managed network. When we did RFC 8505 the Sec-Dir review insisted to have > text to protect against DOS attacks. The SAVI draft did not go through > that full cycle and is not complete to that regard. So I think the original > text was a lot better. > The fact remains that if the SAVI RFC contains no text in support of a statement, it should not be cited in support of the statement. Maybe we can say that if address tracking technologies are in use, and network devices run out of memory to store address mappings, then creating further addresses will result in some of them not being usable. This is not a policy issue, it's a scaling issue. And the size of the cache is mostly irrelevant to the ND churn these days. > When addresses are dropping for the lack of rmemory there’s really an > issue. What’s relevant is the amount of new addresses joining the network, > the number of nodes in the network that need to resolve it, and what nodes > do when they sleep cycle or roam. > Ok, but that text is too vague. What specific problems would you like to mention here? From the two lines you just wrote it sounds like when nodes create many addresses, there is lots of ND traffic, and: 1. Networks that inspect all ND (e.g., if SAVI in use) can run out of CPU cycles because there is too much ND traffic. 2. If there are very battery-constrained devices on the network, the power used to listen to ND packets can meaningfully impact battery life. (In the real world, this does not happen to laptop or phone class devices, but it can probably happen to lower-power devices.) We measured (on the wire) several hundred multicast per second in average > over 90 minutes during a keynote with a large audience. /64 per host is > indeed tempting in such environment. But it boils down to IPv4 with 8 bytes > addresses. We can do better. > 500 pps of multicast sounds like a lot, but if the network is very large, well, ND scales linearly with the size of the network (assuming L=0 which for a network with thousands of hosts it pretty much has to be). The only meaningful measurement here is what percentage of airtime was used by ND, and that shouldn't vary too much from network to network. As for better, well, it depends. From a host perspective, being able to create addresses without having to ask the network is desirable.
- rfc4941bis: On the use of multiple addresses Fernando Gont
- Re: rfc4941bis: On the use of multiple addresses David Farmer
- Re: rfc4941bis: On the use of multiple addresses Fernando Gont
- Re: rfc4941bis: On the use of multiple addresses Lorenzo Colitti
- Re: rfc4941bis: On the use of multiple addresses Pascal Thubert (pthubert)
- Re: rfc4941bis: On the use of multiple addresses Lorenzo Colitti
- RE: rfc4941bis: On the use of multiple addresses Pascal Thubert (pthubert)
- Re: rfc4941bis: On the use of multiple addresses Fernando Gont