IETF Logo Mail Archive

Re: IPv6 prefix lengths - how long?

Nick Hilliard <nick@foobar.org> Fri, 07 June 2019 19:51 UTC

Return-Path: <nick@foobar.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B68120111 for <ipv6@ietfa.amsl.com>; Fri, 7 Jun 2019 12:51:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkFwU0eGZlPn for <ipv6@ietfa.amsl.com>; Fri, 7 Jun 2019 12:51:53 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41540120092 for <ipv6@ietf.org>; Fri, 7 Jun 2019 12:51:53 -0700 (PDT)
X-Envelope-To: ipv6@ietf.org
Received: from crumpet.local (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id x57JpoHS031466 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 7 Jun 2019 20:51:51 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.local
Subject: Re: IPv6 prefix lengths - how long?
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: 6man WG <ipv6@ietf.org>
References: <ee811897e2d2438e9c3592012b725ac3@boeing.com> <29585.1559935621@localhost>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <1db56815-a7dc-adf8-11ba-ab64d0219ea0@foobar.org>
Date: Fri, 07 Jun 2019 20:51:49 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/6.1.18
MIME-Version: 1.0
In-Reply-To: <29585.1559935621@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/iRhmW8ZXYWDox2j2bTmLHL3DE00>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 19:51:55 -0000

Michael Richardson wrote on 07/06/2019 20:27:
> This choice seems to be related to concerns about limitations on floods of ND
> and inability (in some equipment at some point in history) to lock down the
> IPv6 neighbor cache.
> 
> My feeling is that we should be able to use LL addresses only at IXs.
> I'm sure that there is something missing in some systems that prevents this,
> but maybe we should think about whether this should be documented as a
> requirement.

I'm not fully sure that there is a problem here that needs to be fixed, 
at least for IXs.  Just to clarify the problem statement I think you're 
talking about: IXs can benefit from an ARP sponge to dampen ARP chatter, 
but there are concerns that the large host address space associated with 
/64 could cause ND cache exhaustion on routers.  Both these issues are 
well known to IXPs.

Some AMS-IX people wrote a paper about 10y ago about this - "Effects of 
IPv4 and IPv6 address resolution on AMS-IX and the ARP Sponge".  Their 
analysis suggested that the best approach was to use an ARP sponge for 
ipv4, and to use l2 port ingress mcast rate limiters for ipv6, with no 
ND sponge.  Neither the ipv4 nor ipv6 cases provided compelling reasons 
to think that there were insurmountable operational barriers for 
handling the root problem.  In any event, no IXP that I know of has been 
taken out by ND cache exhaustion, and for sure, people on the Internet 
test that vector regularly enough.

Nick

v2.23.0 | Report a Bug | By Email