Re: [IPv6] Variable IIDs
Ted Lemon <mellon@fugue.com> Sun, 05 November 2023 10:02 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F67C08F9E6 for <ipv6@ietfa.amsl.com>; Sun, 5 Nov 2023 02:02:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzB4t0x9ZYST for <ipv6@ietfa.amsl.com>; Sun, 5 Nov 2023 02:02:45 -0800 (PST)
Received: from mail-vk1-xa31.google.com (mail-vk1-xa31.google.com [IPv6:2607:f8b0:4864:20::a31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D20C08F9E4 for <ipv6@ietf.org>; Sun, 5 Nov 2023 02:02:44 -0800 (PST)
Received: by mail-vk1-xa31.google.com with SMTP id 71dfb90a1353d-4a13374a1e8so1479006e0c.1 for <ipv6@ietf.org>; Sun, 05 Nov 2023 02:02:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1699178563; x=1699783363; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=z9Eb7GueUupfk5WX2B1lrfwyLRK6LJ+mh921ZTkSEFY=; b=dwiBwDYQ6CmP65Pl3QU5et/LksWSt67s6wE4Rh1Pq/ZjJinKy1maBfw/AP2ZXQbd+D ja9b0mFeeqZutEd7ioah/exUvMF4tQsISm+jK7KMy47wFW9FBz5C9vdtPZnbr8zLSfgk DybaqWK4ZjSR3hxPyaSatiyZ8luU2G2c6aPyU1PIY6b+c16WW6f/boicu5EbvrPfV9Jf 7banpOp9DSUOBd2I5kFYjtKV5PFk/uPWw9OOJ5t32OqG0jE0KaVNW8OqypG/FN0XEdKq ABSCNY4Yovy/uM4Zc54lW1rkBYnYQJ64KHFQVTuQOLtmvAqtqfl7nScZ41zmxVBgX3DV twJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699178563; x=1699783363; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=z9Eb7GueUupfk5WX2B1lrfwyLRK6LJ+mh921ZTkSEFY=; b=m8AWwS2xBJ1xAFmQYl6G68R0dfiLjp6LtcT5Ha3Xmt3dXbY3Lv8Echd39nmBm3bcwb THkR4ZTvhCRZoeHdQbjWKG3nEtQIFf8371UG8p1JiAXxbhR/GsWSTgW4K9me81PlJcha WEj2bfTkHvgIW3WLpi266cqstICxbemL5XN98FXcVncHx51A7GcVPqrLqYmWXYyZpoht JmcAINILBpzhrLfJGTkRg2kI+lmtiMHmpurC/rlACN6GcWKD8K58A1lxLLccGfe8TCb8 bFafEFx9EtKJvxuNL93IDiYnaXdff4xnw2nra76H5/GPoNlu5xK/ywqSa7SxqrnjOEyd k1EQ==
X-Gm-Message-State: AOJu0Yy2LhfGOIRU/oLaAs8q31VFL+h4cxXZ+wtDMQ5HaYuCLrmdiRJY j7WF79H460tMD2w3wIvSoLRlvCab3GmjczlUy0c96Q==
X-Google-Smtp-Source: AGHT+IEWKVAV8A36w4YVO+mLlVBDp9DYU5L6l3q1I4YI8uMt29eTTYJti1n6LMSnAfpL/Eey2aYD1fSL2ADTeur0iUU=
X-Received: by 2002:a1f:1942:0:b0:49d:723f:590b with SMTP id 63-20020a1f1942000000b0049d723f590bmr23589403vkz.7.1699178563557; Sun, 05 Nov 2023 02:02:43 -0800 (PST)
MIME-Version: 1.0
References: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com> <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com> <CAO42Z2zxLwtZNtuwBKDzCZZXp4tUNvmMoDCOu1XgjFPwXjKvYQ@mail.gmail.com> <CAPt1N1muMaRKjcTkSUKOGfzWF3wNc5TQ6K3_9=eKr6-8eNHYKw@mail.gmail.com> <CAKD1Yr3d+1c3JV7iL7-Cxv4JWMRk0yj-j8AmWTLDwy4WXufuug@mail.gmail.com>
In-Reply-To: <CAKD1Yr3d+1c3JV7iL7-Cxv4JWMRk0yj-j8AmWTLDwy4WXufuug@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sun, 05 Nov 2023 11:02:32 +0100
Message-ID: <CAPt1N1=U04xMWAKbszy9Bv0ZysiUA3sRkqB3BuvGVpUPc7Z3qw@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
Cc: 6man <ipv6@ietf.org>, Gert Doering <gert@space.net>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Mark Smith <markzzzsmith@gmail.com>, Martin Hunek <martin.hunek@tul.cz>
Content-Type: multipart/alternative; boundary="000000000000b103bf060964d6e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/iTwdpACSmxhH03d78Uun-ZMRjU8>
Subject: Re: [IPv6] Variable IIDs
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 10:02:46 -0000
There are a fair few home gateways that implement ipv6 badly, and that are provided by isps. We can’t assume that isps will behave sensibly: even if they mean well, which I suspect is the case in the situation I’m aware of, they can still misunderstand. We could, in 7084bis, say that a prefix delegation with a mask wider than some limit MUST NOT be used, or something, but I wonder how much arguing that would involve… Op zo 5 nov 2023 om 10:13 schreef Lorenzo Colitti <lorenzo@google.com> > But that won't happen. An ISP that gives home networks /64s is already > providing less address space than it should. IETF guidance is a /56, why > are they providing 256 times less? > > If we change the minimum prefix length to /80 and all home gateways start > accepting that, then this type of ISP or just start handing out /80s to > their customers. > > That's why I say - if we move away from /64, we can only do it once. We > need to pick one number (/80?) that we will never change, and say that > hosts MUST NOT accept anything other than /64 or whatever the new number > is. Let's see what +Gert Doering <gert@space.net> and +Martin Hunek > <martin.hunek@tul.cz> think about that, since they are the most vocal > opponents of the "must handout slaac-sized prefix" text in the PD-per > device draft. > > > On Sun, 5 Nov 2023, 08:57 Ted Lemon, <mellon@fugue.com> wrote: > >> Ironically, this is the best argument I’ve heard against. If isps use >> this to save on rir fees, their customers will get single /80 prefixes, and >> we won’t have gained anything. >> >> To my mind the benefit of a wider prefix is that it lets me take the /64 >> my isp gives me and subnet it 65536 times, as was originally intended when >> the recommendation for customer prefix widths was 48 bits. If we don’t get >> that, there is no point in doing this work. >> >> Op zo 5 nov 2023 om 05:56 schreef Mark Smith <markzzzsmith@gmail.com> >> >>> >>> On Sat, 4 Nov 2023, 23:00 Lorenzo Colitti, <lorenzo= >>> 40google.com@dmarc.ietf.org> wrote: >>> >>>> Brian, >>>> >>>> If we think /64 is too large, then I think it's OK to change 64 to >>>> something else. But making the IID length variable is the wrong solution. >>>> If we do that, we will create a race to the bottom that ends up at /128. >>>> >>> >>> I think one of the incentives to do this will be RIR fees. >>> >>> Internet service is obviously a commodity, which means there are strong >>> incentives to reduce costs if possible, in particular for residential >>> Internet services. >>> >>> So if an ISP can get their minimum assignment of an /32, and then >>> subdivide with IIDs smaller than 64 bits to fit all of their customers >>> within that single /32, that's I'm confident that's what many will do to >>> avoid paying RIR fees for shorter prefixes to suit /64 subnets/64 bit IIDs >>> for their customer base. >>> >>> The larger the ISP, the greater the incentive to do this, because the >>> savings from only using a /32 for all customers will be greater. >>> >>> Regards, >>> Mark. >>> >>> >>> >>> >>> >>>> Here's why. Today SLAAC only works on a /64, and a /64 guarantees that >>>> there will always be enough address space to number unlimited devices. >>>> Pretty much every network operator uses that because it's the only thing >>>> that works on all devices. Some operators insist on assigning only a /128 >>>> to each device using DHCPv6. This is for various reasons, most notably >>>> consistency with IPv4, the fact that DHCP clients and servers by default >>>> only assign one address, scalability of network entities such as ND caches, >>>> desire to charge for more addresses (yes; as the lead of a major OS network >>>> stack, we get this depressingly often). It's pretty clear from any reading >>>> of RFC 7934 that that is harmful, but those operators don't know or want to >>>> do it anyway. Fortunately (well, unfortunately for those operators), this >>>> doesn't work on a substantial percentage of devices due to lack of support >>>> for DHCPv6, so it's not really a practical solution on most networks. Those >>>> operators occasionally complain about OSes that don't support DHCPv6, but >>>> on the whole we're generally in a situation where devices can get as many >>>> IP addresses as they need, within reason. >>>> >>>> However: if we define SLAAC to variable length, as you are proposing >>>> here then those operators will pick the minimum length accepted by >>>> implementations. Today that's /64. If implementations change to accept >>>> fewer addresses (say, /80), then those networks will move to providing the >>>> new minimum. And so on. This starts a race to the bottom that ends at /128. >>>> If you don't believe this, consider: many residential ISPs provide a >>>> reasonably-sized subnet to users, such as a /56. But some provide only a >>>> /60. Some - like mine! - only provide a /64. In my case I could only get a >>>> /56 by signing up for the business offering, which costs 3 times as much. >>>> Now, obviously this example is about prefix sizes, but if we make SLAAC >>>> variable, you can bet that operators will do this within subnets as well. >>>> Consider even during the v6ops discussion of >>>> draft-ietf-v6ops-dhcp-pd-per-device, some participants (Martin, I remember) >>>> asserted that the subnet must be made small enough to prohibit devices from >>>> extending the network. >>>> >>>> Note, I am not saying that most or even many networks will do this. But >>>> some will. The consequence of that is that OS vendors like ours will act in >>>> their users' interests, and allow those users to evade those restrictions >>>> by implementing NAT66. At that point everybody loses. The networks don't >>>> get paid more. App developers have to implement NAT traversal and >>>> keepalives. OS vendors have to implement hardware offload APIs for >>>> keepalives. Users have to deal with lower battery life and brittle apps due >>>> to NAT timeouts. >>>> >>>> Why do this? If we really think /64 is too wasteful, then we can change >>>> it, once. But we can't make it variable without creating a race to the >>>> bottom. The only way to do that is to pick one size. >>>> >>>> Cheers, >>>> Lorenzo >>>> >>> >>>> On Sat, Nov 4, 2023 at 2:06 AM Brian E Carpenter < >>>> brian.e.carpenter@gmail.com> wrote: >>>> >>>>> If anyone wants to turn this into an I-D, please feel free. >>>>> >>>>> title: Variable Length Interface Identifiers >>>>> abbrev: Variable IIDs >>>>> docname: draft-tbd-6man-variable-iids-00 >>>>> >>>>> # Introduction >>>>> >>>>> The lowest common denominator method of configuration for IPv6 nodes >>>>> is SLAAC {{!RFC4862}}, which is carefully designed to allow any prefix >>>>> length and any interface identifier (IID) length, provided that they do not >>>>> total more than 128 bits. Until now, specifications of "IPv6 over foo" >>>>> mappings, starting with {{!RFC2464}}, have specified an IID length of 64 >>>>> bits, consistent with the value specified by {{!RFC4291}}. >>>>> >>>>> This document allows a router to announce an IID length other than 64 >>>>> on a given link, and updates RFC 4291, RFC 2464 (and numerous other "IPv6 >>>>> over foo" documents TBD), and RFC 4862 accordingly. It extends {{!RFC4861}} >>>>> by defining a new "IID length" mechanism in RA messages. >>>>> >>>>> Terminology: a "modified" host or router supports this spec. An >>>>> "unmodified" host or router supports RFC 4861 and 4862 precisely. >>>>> >>>>> # Modified procedures >>>>> >>>>> The predefined IID length specified by RFC 4291, RFC 2464, etc. is >>>>> used to configure the link-local IPv6 address of a node exactly as >>>>> described in RFC 4862. >>>>> >>>>> On a link where variable IID length is not supported, the predefined >>>>> IID length will continue to be used to configure all other addresses using >>>>> SLAAC. >>>>> >>>>> On a link where variable IID length is supported, each modified router >>>>> will include an "IID length" indication in every RA/PIO message with the A >>>>> bit set. This will override the value defined in RFC 2464 (etc.) and in RFC >>>>> 4291, for the prefix concerned. >>>>> >>>>> Suggestion: put the IID length in 6 bits of the Reserved2 field of the >>>>> PIO. 0b000000 would mean 64, i.e. no change and backwards compatible. Any >>>>> other value would define an IID length in bits. Values less than 48 >>>>> (0b110000) are NOT RECOMMENDED. Values greater than 64 are impossible. >>>>> >>>>> (Note: Reserved1 is not available - see {{?RFC8425}}.) >>>>> >>>>> When a modified node receives an "IID length" less than 64, it will >>>>> use that value instead of the default for all unicast address >>>>> autoconfiguration under that prefix, except link-local. >>>>> >>>>> # Deployment issues >>>>> >>>>> - Unmodified hosts and unmodified routers: no change, all use 64-bit >>>>> IIDs. >>>>> >>>>> - Modified hosts and unmodified routers: no change, all use 64-bit >>>>> IIDs. >>>>> >>>>> - Modified hosts and modified routers: configure to use longer >>>>> prefixes and shorter IIDs if desired. >>>>> >>>>> - Modified routers and mixture of modified and unmodified hosts on a >>>>> link: >>>>> >>>>> - The modified hosts will use a shorter IID and longer prefix if >>>>> that is announced. >>>>> >>>>> - The unmodified hosts, according to RFC 4861, MUST ignore the >>>>> Reserved1 field. So, according to section 5.5.3 clause d) of RFC 4862, they >>>>> will ignore any PIO advertising a shorter IID. Therefore, the operator has >>>>> two choices: >>>>> >>>>> 1. Decide that unmodified hosts will not be supported (i.e. will >>>>> not be able to configure an address using SLAAC). >>>>> >>>>> 2. Announce (at least) two prefixes on the link - a /64 and a >>>>> longer one, with a shorter IID. For that to make sense, we need an extra >>>>> rule for modified hosts: if a host receives several PIOs from the same >>>>> router, it prefers all those with the shortest IID and ignores the others. >>>>> >>>>> - Mixture of modified and unmodified routers on a link: don't do >>>>> that! >>>>> >>>>> # IANA Considerations >>>>> >>>>> Maybe a registry for the Reserved2 field, like RFC 8425? >>>>> >>>>> # Security Considerations >>>>> >>>>> Nothing new? >>>>> >>>>> >>>>> -------------------------------------------------------------------- >>>>> IETF IPv6 working group mailing list >>>>> ipv6@ietf.org >>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >>>>> -------------------------------------------------------------------- >>>>> >>>> -------------------------------------------------------------------- >>>> IETF IPv6 working group mailing list >>>> ipv6@ietf.org >>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >>>> -------------------------------------------------------------------- >>>> >>> -------------------------------------------------------------------- >>> IETF IPv6 working group mailing list >>> ipv6@ietf.org >>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >>> -------------------------------------------------------------------- >>> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >> >
- [IPv6] Variable IIDs Brian E Carpenter
- Re: [IPv6] Variable IIDs Lorenzo Colitti
- Re: [IPv6] Variable IIDs Michael Richardson
- Re: [IPv6] Variable IIDs Ole Troan
- Re: [IPv6] Variable IIDs Mark Smith
- Re: [IPv6] Variable IIDs Lorenzo Colitti
- Re: [IPv6] Variable IIDs Brian E Carpenter
- Re: [IPv6] Variable IIDs Kyle Rose
- Re: [IPv6] Variable IIDs Havard Eidnes
- Re: [IPv6] Variable IIDs Ole Trøan
- Re: [IPv6] Variable IIDs Nick Buraglio
- Re: [IPv6] Variable IIDs Ole Trøan
- Re: [IPv6] Variable IIDs Nick Buraglio
- Re: [IPv6] Variable IIDs Mark Smith
- Re: [IPv6] Variable IIDs Brian E Carpenter
- Re: [IPv6] Variable IIDs Brian E Carpenter
- Re: [IPv6] Variable IIDs Mark Smith
- Re: [IPv6] Variable IIDs Michael Richardson
- Re: [IPv6] Variable IIDs Bob Hinden
- Re: [IPv6] Variable IIDs Nick Buraglio
- Re: [IPv6] Variable IIDs Havard Eidnes
- Re: [IPv6] [EXTERNAL] Re: Variable IIDs Manfredi (US), Albert E
- Re: [IPv6] Variable IIDs Mark Smith
- Re: [IPv6] [EXTERNAL] Re: Variable IIDs Brian E Carpenter
- Re: [IPv6] Variable IIDs Martin Huněk
- Re: [IPv6] Variable IIDs jordi.palet@consulintel.es
- Re: [IPv6] [EXTERNAL] Re: Variable IIDs Manfredi (US), Albert E
- Re: [IPv6] Variable IIDs Michael Richardson
- Re: [IPv6] [EXTERNAL] Re: Variable IIDs Manfredi (US), Albert E
- Re: [IPv6] Variable IIDs Alexandre Petrescu
- Re: [IPv6] Variable IIDs Ted Lemon
- Re: [IPv6] Variable IIDs Ted Lemon
- Re: [IPv6] Variable IIDs Ted Lemon
- Re: [IPv6] Variable IIDs Alexandre Petrescu
- Re: [IPv6] Variable IIDs Alexandre Petrescu
- Re: [IPv6] Variable IIDs Ted Lemon
- Re: [IPv6] Variable IIDs Martin Huněk
- Re: [IPv6] Variable IIDs David Farmer
- Re: [IPv6] Variable IIDs Philipp S. Tiesel
- Re: [IPv6] Variable IIDs Vasilenko Eduard
- Re: [IPv6] Variable IIDs Ted Lemon
- Re: [IPv6] Variable IIDs David Farmer
- Re: [IPv6] Variable IIDs Ted Lemon
- Re: [IPv6] [EXTERNAL] Re: Variable IIDs Mark Smith
- Re: [IPv6] Variable IIDs Brian E Carpenter
- Re: [IPv6] Variable IIDs David Farmer
- Re: [IPv6] Variable IIDs David Farmer
- Re: [IPv6] Variable IIDs Mark Smith
- Re: [IPv6] Variable IIDs Philipp S. Tiesel
- Re: [IPv6] Variable IIDs Lorenzo Colitti
- Re: [IPv6] Variable IIDs Alexandre Petrescu
- Re: [IPv6] Variable IIDs Alexandre Petrescu
- Re: [IPv6] Variable IIDs jordi.palet@consulintel.es