[IPv6]Re: Working Group Last Call for <draft-ietf-6man-pio-pflag>

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 12 June 2024 20:12 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BB43C151525 for <ipv6@ietfa.amsl.com>; Wed, 12 Jun 2024 13:12:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 65TIS6VHL_pI for <ipv6@ietfa.amsl.com>; Wed, 12 Jun 2024 13:12:28 -0700 (PDT)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8A0C2222F1 for <ipv6@ietf.org>; Wed, 12 Jun 2024 13:12:15 -0700 (PDT)
Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-705c7e2d31cso208135b3a.3 for <ipv6@ietf.org>; Wed, 12 Jun 2024 13:12:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718223135; x=1718827935; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=QRrqP9BGB9DlJ3UWfFi3AMyb/qF4Rh5/tbaeGFDVBAQ=; b=CeQgdyH0+/GD6erHW39d0VKKAR0Flman4h6CCdIg7Ij8cUMuZPuW7h82DGsppyB/6U cQlLlDrQH2dCgnl9xymHXEJOVJjxrbXIxR3Z1OvKCiILpIJeBucWxzKB38B3cTAJUwd7 Yrdnqeh+W6g81QB3xeTG781R6a2ML+Rl7lfm2NE9rVLAOllBvZvKV1TOoKOihqrzRz3z 2oy950IMLISFl7Ce0dsmqBSmXTSDrCQME9YQBiUcM3l1wMchJ1ScOLYXSihasKwkg0Ze hSo+a95yaYXFGh81mcBK1nQCYVuAh/A5UFLfUtUUbhcvSC34fZOlN1JVysVkAFjM7N/e d78w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718223135; x=1718827935; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QRrqP9BGB9DlJ3UWfFi3AMyb/qF4Rh5/tbaeGFDVBAQ=; b=CPsaYD5+QQknsnQC8mAMhl9KaQZJciW8InxHf9gGvXqd3TZayZa5FfWPOuSYE6IiXE 7ksvUN85dr66ESbGKrLNzyiFtWpr1G6Xi5A1wK2ejFvpFzSqoaLFn+WI40jo6wP+oHF7 sKfsey/6EIlSUXMlSSJtIBiqnn5UPVd6ALkbrJhpA60ms8fKzr6TxLip7hhqHnC7SMel 8LhJIdlDMKBeG4pFI8ahJphqwDofB8udXHE/ZjbWtzrBbNwupGl6ke9ze5EoL08nIYzx mAjzswuHcJ1kD4HJ3s1VOjVowU/RHv657uS7NLNRCT/+vkW5rhZXARsk8iZKgv8r2+Yt +NGA==
X-Gm-Message-State: AOJu0YzTMa6460WNMzgPhRp2R5cwn2bw/eEEj/NVQjYz2Zfnv8fEPUOq dOkBFyYeZE8vi19et+wGu35hts1ceBQQYXwQfll8TyvYTZgok38VocPbyMmp
X-Google-Smtp-Source: AGHT+IGZB/9EDLQoLTjar7GnzFKaQU/yNa9Hz0ZmBBwQLVVH/irDVRDjShfoAvtWUP/wuLfpGz0Udg==
X-Received: by 2002:a05:6a20:914d:b0:1b6:dd1e:da3c with SMTP id adf61e73a8af0-1b8a99a2ee7mr3307497637.0.1718223134764; Wed, 12 Jun 2024 13:12:14 -0700 (PDT)
Received: from ?IPV6:2404:4400:541d:a600:44b7:2c2e:2bc6:8707? ([2404:4400:541d:a600:44b7:2c2e:2bc6:8707]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7041e229f20sm8860046b3a.18.2024.06.12.13.12.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 12 Jun 2024 13:12:14 -0700 (PDT)
Message-ID: <6d210338-281e-4cb5-bdc6-45f69efb3de2@gmail.com>
Date: Thu, 13 Jun 2024 08:12:10 +1200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: David Farmer <farmer@umn.edu>
References: <18236.1717011844@obiwan.sandelman.ca> <4bcfcd71-d295-433d-813f-1183c7da3cf3@gmail.com> <CAKD1Yr1CL_Jw4O-iETF6T1v8EL_Lj-fMi6EV=3MgPhN+M2tc8w@mail.gmail.com> <84f6e699-5587-4407-a566-b031c31e2cd5@gmail.com> <CAMGpriWqD99OzdOaJU7_nQTwvD=o1wsVxOQrbMqy5sH7sX7gwA@mail.gmail.com> <95dfd2e9-25da-4449-b740-724804a34735@gmail.com> <CAKr6gn12Vq9xJWGH+Na6xhDXXsW2XSDCnLegjXMRLN8KJ2CEZQ@mail.gmail.com> <CAKD1Yr24RyW_oxhY3iz5nEdXd0EZENy9cZBo7tfxLqLLMHOX_g@mail.gmail.com> <e2e406e1-1231-4c28-8163-c0e220da7453@lear.ch> <b8f85b39-0167-4040-a5d4-3a97f8819b99@gmail.com> <E50531BE-5867-472A-91FE-739341545D62@employees.org> <CAFU7BAS5iRLhGBkbWnnpjz_3oJX+_mbjNUZhm8X=QRMJUUPPxg@mail.gmail.com> <C9B5D7FD-8E88-4CA6-86EF-A2753848F138@employees.org> <CAN-Dau3tNbG-yuKb=t7_ftxBrGXTjXw+A0rhi3wuHZPvg0FPwQ@mail.gmail.com> <CAKD1Yr13KV_gpHbc37SyPzN0QECupai6NyJrBMC-+5BFZD_3fQ@mail.gmail.com> <CAN-Dau255m+1F-DOpU+1J_Cuik_3MPkpqq=-pgeJfy7T9yWm4Q@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAN-Dau255m+1F-DOpU+1J_Cuik_3MPkpqq=-pgeJfy7T9yWm4Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Message-ID-Hash: CLYG5TJUNSXB7HC6ERWPE6Z2K7PPJYJQ
X-Message-ID-Hash: CLYG5TJUNSXB7HC6ERWPE6Z2K7PPJYJQ
X-MailFrom: brian.e.carpenter@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 6man WG <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [IPv6]Re: Working Group Last Call for <draft-ietf-6man-pio-pflag>
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hFmaP5B6wR8Cm1YnbWbmqBGvp9U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

Very much +1 to David's message. With only two choices, we've done all right with the rule that all hosts MUST support SLAAC and the rather vaguely defined M flag. With three choices, we need something better.

Regards
    Brian

On 13-Jun-24 03:22, David Farmer wrote:
> Maybe we can take another step back. We are talking about how networks and devices negotiate with each other about addressing. You seem to be expressing it only as an all-or-nothing question, "Can the network provide a /64 per host for every possible host on the network?" I think it is much more complicated than that.
> 
> I want to point out that we are creating a third host address allocation mechanism. I think we need a more sophisticated mechanism to express how networks would like hosts to address themselves. Some hosts will be able to use all three mechanisms. Which should they use first, second, and third? Other hosts can only use two of the three. Others will only have the legacy two options. Which should they use first and second? Different networks are going to want different orders. How does that get communicated to hosts?
> 
> Let's explore a few possible deployment scenarios;
> 
> First, a network that requires managed address assignment.
> 
>  1. Many hosts support DHCPv6 IA_NA and don't need to expand the network. If these hosts support IA_NA, that could greatly reduce the number of /64s a network might need
>  2. Then, the only devices that need a /64 are those that need to expand the network or don't support DHCPv6 IA_NA.
> 
> Second, a network is willing to provide SLAAC but also wants to allow on-demand expansion of the network.
> 
>  1. All hosts can do SLAAC
>  2. Only hosts that want to expand the network get a /64.
> 
> Third, a network has plenty of /64 and only uses SLAAC as a backup. This seems to be the only deployment scenario you are thinking of.
> 
>  1. Please use a /64 first
>  2. Then, fall back to SLAAC
> 
> For now, I will only mention the possibility of a fourth mechanism. There seems to be interest in DHCPv6 PD to a host without SLAAC, using longer than /64 prefixes. This will create even more permutations.
> 
> Right now, we have two very crude ways for networks to communicate with hosts: the M/O flags and the PIO A flag. I think the M-Flag is mostly irrelevant. If it weren't already defined, I wouldn't define or use it, but leaving it defined and using it or not doesn't hurt anything. However, there are no hints for the host as to which to do first. Currently, a network either has an A flag PIO or it doesn't. If it doesn't, it only supports DHCPv6 clients, and if it does, DHCPv6 clients have both DHCP and SLAAC addresses.
> 
> I've been thinking about this problem. We probably need to define multiple new PIO Flags or find a better mechanism.
> 
> Thanks
> 
> On Tue, Jun 11, 2024 at 10:38 AM Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
> 
>     David,
> 
>     I think you're missing an important point here: to make pd-per-device deployable, we don't need a way to signal that _PD is available_. We need a way to signal that it's _OK to ask for a /64***_. This is because:
> 
>      1. Many devices already ask for /64 (e.g., CPEs).
>      2. Many networks already provide a /64 when asked (e.g., home networks).
>      3. Many of these networks do not have enough space to provide a /64 to every client.
> 
>     I think we all agree that the desired outcome on these networks is: CPEs will continue to get /64s, and devices that can do pd-per-device do *not* get /64s, because if they did, the network would run out of space.
> 
>     Assuming we agree on this, then how do we achieve it?
> 
>       *
>         We can't do as you suggest and define a flag that says, "PD is available". By that definition, these networks should set the flag: after all, PD is available, and devices will even get a /64 if they ask. But that doesn't help, because if all clients ask for a /64, the network will run out of space. This is a bad outcome: devices that would be OK with SLAAC, like phones, might get a prefix, but devices that need a /64, like CPEs, might not.
>       * We cannot say "the networks should switch to handing out /123 or /99 or /80", because that will break devices that need a /64.
>       * We cannot say, "the network should give /64s only to devices that really need it", because there is no way for the network to know whether something is a CPE that needs a /64 or a phone that is OK with just SLAAC.
> 
>     That's why the draft is written the way it is. To be sure, it's probably not the only solution. But it's likely the simplest solution that solves the problem and is also per-prefix (which I think we agree is necessary).
> 
>     I agree that there are possible deployment models where devices get prefixes longer than /64. But because of the above, I don't think we can use the same flag to signal both pd-per-device and these other possible deployment models. And if we have to pick between solving for pd-per-device and solving for these other possible deployment models, then we should pick pd-per-device, because that's a deployment model that is defined and documented by the IETF. Additionally, because these other possible deployment models do not create any address space issues, they can simply be deployed without a flag to signal them.
> 
>     Cheers,
>     Lorenzo
> 
>     *** More precisely, "SLAAC-sized prefix". I'm just going to use "/64" for brevity.
> 
>     On Tue, Jun 11, 2024 at 10:06 PM David Farmer <farmer=40umn.edu@dmarc.ietf.org <mailto:40umn.edu@dmarc.ietf.org>> wrote:
> 
>         One argument for the second defintion below is if the network isn't willing to give out a /64, why bother with the DHCPv6 PD query?
> 
>         However, even if the network says it is willing to give out /64 or shorter prefixes, you still have to make the PD request to see if the DHCPv6 server has a prefix available for you. There is no guarantee a prefix will be available for you or that the DHCPv6 server will not limit prefix delegation to certain known devices, leaving unknown devices to use SLAAC.
> 
>         So, if the PIO tells you PD is available, regardless of whether /64 is part of the flag's definition, you still have to make the DHCPv6 request to determine whether you will get a prefix suitable for your purposes. "No, I don't have a /64 for you." Isn't that much different than, "Here is a /80 prefix you can't use." The result will be the same: Do SLAAC with the PIO prefix.
> 
>         Now, suppose we make /64 or shorter prefixes part of the flag's definition. Then do we burn a new flag for DHCPv6 PD for prefixes longer than /64?
> 
>         So, I support the first definition below.
> 
>         Thanks
> 
>         On Tue, Jun 11, 2024 at 7:02 AM Ole Troan <otroan=40employees.org@dmarc.ietf.org <mailto:40employees.org@dmarc.ietf.org>> wrote:
> 
>             Jen,
> 
>             I think it comes down to how you view the P-flag and how that should be specified.
>             That is up to this working group to determine.
> 
>             If the flag means:
>             - “If PD capable, use the delegated prefix to assign addresses instead of SLAAC for this PIO”
> 
>             or if it means:
>             - “If PD capable, use the delegated prefix to assign addresses to yourself, instead of SLAAC for this PIO,
>                 but only if the size of the prefix is /64 or bigger.
> 
>             Cheers,
>             Ole
> 
> 
>              > On 11 Jun 2024, at 10:39, Jen Linkova <furry13@gmail.com <mailto:furry13@gmail.com>> wrote:
>              >
>              > Hi Ole,
>              >
>              > Thanks for suggesting the text.
>              > A few comments:
>              >
>              > On Tue, Jun 4, 2024 at 5:09 PM Ole Troan
>              > <otroan=40employees.org@dmarc.ietf.org <mailto:40employees.org@dmarc.ietf.org>> wrote:
>              >> There is a simple fix to the document to achieve that I belive.
>              >> Simply remove the following:
>              >>
>              >> OLD:
>              >> "If the host does not obtain any suitable prefixes via DHCPv6 PD that
>              >> are suitable for SLAAC, it MAY choose to disable further processing
>              >> of the P flag on that interface, allowing the host to fall back to
>              >> other address assignment mechanisms, such as forming addresses via
>              >> SLAAC (if the PIO has the A flag set to 1) and/or requesting
>              >> individual addresses via DHCPv6.
>              >> “
>              >> NEW:
>              >> —
>              >
>              > So you are suggesting to remove 'MAY stop processing P flag'. I'm not
>              > sure it's a good idea: this text provides optional guidance for hosts
>              > on how to deal with DHCP-PD failures. Removing it would not prohibit
>              > such behaviour indeed, but IMHO it's still worth mentioning it
>              > explicitly.
>              >
>              >> OLD:
>              >> "If the delegated prefix is too long to be used for SLAAC, the host
>              >> MUST ignore it. If the prefix is shorter than required for SLAAC,
>              >> the host SHOULD accept it, allocate one or more longer prefix
>              >> suitable for SLAAC and use the prefixes as described below.”
>              >> --
>              >
>              > This specific draft focuses on providing a mechanism to enable
>              > pd-per-device. It doesn’t signal availability of DHCPv6 PD - the host
>              > can discover that by sending a PD request and seeing if it gets an
>              > answer. The flag is indicating that the network can provide a prefix
>              > suitable for SLAAC w/o running out of space and the device can use
>              > that prefix for SLAAC/sending downstream in PIOs etc.
>              > As David has pointed out, we shall make it much more clear in the
>              > abstract/introduction.
>              >
>              > If a device can use a long prefix (such as /120 or /80) it can just
>              > ask for it all the time, it doesn’t need the flag - at least *this*
>              > flag.
>              > Therefore if we delete this text, it would basically render the flag useless.
>              >
>              >> OLD:
>              >> "When a host requests a prefix via DHCPv6 PD, it MUST use the prefix
>              >> length hint Section 18.2.4 of [RFC8415] to request a prefix that is
>              >> short enough to form addresses via SLAAC.”
>              >>
>              >> NEW:
>              >> "The host MAY indicate as a hint to the delegating
>              >> router the size of the prefix it requires. If so, it MUST
>              >> ask for a prefix large enough to assign one /64 for each of
>              >> its interfaces, rounded up to the nearest nibble, and SHOULD
>              >> be configurable to ask for more."
>              >
>              > That makes sense but I'd suggest a few modifications:
>              > - replace '/64' with 'a prefix suitable for SLAAC' - we shall not be
>              > hardcoding 64 anywhere.
>              > - maybe we shall not be saying 'each interface' - my laptop has a
>              > number of interfaces which might not even have IPv6 enabled or there
>              > is no need to extend the network connectivity there (e.g. loopback).
>              > So maybe smtj like 'to assign a prefix suitable for SLAAC to each
>              > interface the host is extending the network connectivity to'?
>              >
>              > --
>              > Cheers, Jen Linkova
>              >
> 
> 
>             --------------------------------------------------------------------
>             IETF IPv6 working group mailing list
>             ipv6@ietf.org <mailto:ipv6@ietf.org>
>             Administrative Requests:
>             --------------------------------------------------------------------
> 
> 
> 
>         -- 
>         ===============================================
>         David Farmer Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
>         Networking & Telecommunication Services
>         Office of Information Technology
>         University of Minnesota
>         2218 University Ave SE        Phone: 612-626-0815
>         Minneapolis, MN 55414-3029   Cell: 612-812-9952
>         ===============================================
>         --------------------------------------------------------------------
>         IETF IPv6 working group mailing list
>         ipv6@ietf.org <mailto:ipv6@ietf.org>
>         Administrative Requests:
>         --------------------------------------------------------------------
> 
> 
> 
> -- 
> ===============================================
> David Farmer Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests:
> --------------------------------------------------------------------