IETF Logo Mail Archive

Re: Network merge [Re: RFC6724-bis?]

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 27 September 2022 04:39 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DF5DC1526EA for <ipv6@ietfa.amsl.com>; Mon, 26 Sep 2022 21:39:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bu4wEFQuFVdO for <ipv6@ietfa.amsl.com>; Mon, 26 Sep 2022 21:39:27 -0700 (PDT)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FD0BC1522CB for <ipv6@ietf.org>; Mon, 26 Sep 2022 21:39:27 -0700 (PDT)
Received: by mail-pf1-x436.google.com with SMTP id a29so8649102pfk.5 for <ipv6@ietf.org>; Mon, 26 Sep 2022 21:39:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date; bh=X6CbT9q481LPAwg2cDfdM99FWxydW+lD+B7KNGPUz0k=; b=g12Ff0o9tiPLQoOZJPiMjG91KCZiyT6I3CcGpQKoWYtSbqs+jYJEKKttbQfLop54zC AYYjg2GLxaEkfRr84x9lwb7yVYsh/oOlLKO10TiWLKXnp/dn1YOVlU01VIX9mYuXV5z4 gM07i3ydK8fYzqm0cj+OYU1buYAEJdz0ChzL4LkjGX8ghmbceeozt3hUPzy1TgzG0G5K SCUKJiabK3J+CSBGfuX1fdYbcZV+E8gEY3/4pOkv7mByuvloMu6os7WRLXHIP/Ypo7Nz 3zBiYaYAjUdRfxRp6QWrVDW7KiccEG21ITRuLSwt5SAvXJs7pCXos2egcDbPkJ9fNV0v uFig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date; bh=X6CbT9q481LPAwg2cDfdM99FWxydW+lD+B7KNGPUz0k=; b=jIoqJPRRH+EfNC+UAeNOj7DQx2Pe3RZ1SnVVnCXUsG/mOuRaG2DURHgJ+Wd8bmyOor zKbs9Hf7W7YysmuDe78NW4bhDg8n8ZcpDRlZoDkpL+MnXejRjuWogfZO+FV25M8Jezqb VLBJ1Tq/tPhi1xqWa7HAOl4rJcvf2qLYXP6xcx1NTU2g910J6WB1oSSwcVgc9cgUnaa8 x0fh+9D7cJ+CMkljl3FSurFDwK2GBENgmNk+6G7y0QZD0WIasMFlpQdAFAmFQFoq5iZJ xs6E07R7FrMBgbyX4Se7REk5klBP3dhC/DomveBEXD1mDuwYUIy0sR8wYYQHQFpTYMb6 5PQA==
X-Gm-Message-State: ACrzQf22zbI9xf9XIp1sBUrpvtrdxUOJe4R5sxAVCblT8E+YVhXaxmfF CRvY9nBDNpvnz84+0QxR1eg=
X-Google-Smtp-Source: AMsMyM784HuaR06MJ0ytwfNww6fwuzLDywWUvC7vBIlmJUFjulxhs12T+dsBMFGqlGGqgqniIWOeaA==
X-Received: by 2002:a63:1f12:0:b0:438:fa5b:ff76 with SMTP id f18-20020a631f12000000b00438fa5bff76mr23144732pgf.390.1664253566909; Mon, 26 Sep 2022 21:39:26 -0700 (PDT)
Received: from ?IPV6:2406:e003:1124:9301:80b2:5c79:2266:e431? ([2406:e003:1124:9301:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id q6-20020a170902dac600b0016c50179b1esm329959plx.152.2022.09.26.21.39.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 26 Sep 2022 21:39:25 -0700 (PDT)
Message-ID: <09adb05f-4c2b-1f76-fed7-58fbfa9c2f3f@gmail.com>
Date: Tue, 27 Sep 2022 17:39:20 +1300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Subject: Re: Network merge [Re: RFC6724-bis?]
Content-Language: en-US
To: Mark Smith <markzzzsmith@gmail.com>, Ted Lemon <mellon@fugue.com>
Cc: 6man WG <ipv6@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com> <CAN-Dau0=LD9MTYKJQoSw=b9S25nmrNuqRSyLdsztFZscG8ZbUg@mail.gmail.com> <CAPt1N1kjOWh8R70pNO0eH9EJUH-v6HyxGMqxpy0N2hydHN33LQ@mail.gmail.com> <CAM5+tA9mqjrtq3pTggv1pA4fOYXUODkZHy74vs8cffVOrBefbQ@mail.gmail.com> <0b6886d3-5ea9-0a1d-8b16-4e17daeb6924@gmail.com> <CAM5+tA9dAjh0MTRG3922xTe3_aChHFa9AYCFCGmt395KwuvBYA@mail.gmail.com> <395554.1664189125@dooku> <56a897a426084f9381abaf770f1ea35e@huawei.com> <CAO42Z2xgMnVXeH9t0p_u7bg2fY-Gg+AagkFMMRJstX4E-f8FPQ@mail.gmail.com> <CAPt1N1m-1600rghA7mXNm1fvqOp23EOpYcS0E6xnJut+-t-9nQ@mail.gmail.com> <CAO42Z2wHZ2k+UwRdh8VH4xHav9HwT+6C-_up+6RXrce3vuVrmg@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAO42Z2wHZ2k+UwRdh8VH4xHav9HwT+6C-_up+6RXrce3vuVrmg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/j1KroVGZOzND8XPffDCk-LRVC3U>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 04:39:28 -0000

On 27-Sep-22 17:02, Mark Smith wrote:
> 
> 
> On Tue, 27 Sept 2022, 09:46 Ted Lemon, <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:
> 
>     The use case we are talking about here is a managed enterprise network. It should be no problem for the network operator to configure some local ra options. 
> 
> 
> On every existing and every new internal interface of every router in the network?

Yes, but I assume that enterprises need ways to do network-wide config anyway. If not, that's why we're working on autonomic networking, to provide an ecosystem for smart enterprise-wide config.
  
> For many networks that's 100s if not 1000s of interfaces to configure with this parameter. That's a lot of work for *every* enterprise network to perform to work around somebody else's occasional error of putting ULA AAAAs in global DNS.

I can't disagree (but it suggests a big gap in DNS tooling if that's even allowed except inside a split horizon DNS).

    Brian

> 
> This work around is going to be far more costly than teaching people not to put ULA AAAAs in global DNS.
> 
> You don't teach people not to do something bad by hiding the consequences when they do, and placing the costs of tolerating that bad behaviour onto everybody else other than the person who created the problem.
> 
> Regards,
> Mark.
> 
> 
>     Op ma 26 sep. 2022 om 19:17 schreef Mark Smith <markzzzsmith@gmail.com <mailto:markzzzsmith@gmail.com>>
> 
> 
> 
>         On Mon, 26 Sept 2022, 21:15 Vasilenko Eduard, <vasilenko.eduard=40huawei.com@dmarc.ietf.org <mailto:40huawei.com@dmarc.ietf.org>> wrote:
> 
>              >    > But how remote ULA prefix would be known to the local router?  If
>              >It can't, which is fine.
>              >If there are multiple ULAs after a merger, then we do what Brian and David described and send RIOs or PIOs.
> 
>             It is evident that A=0 is for something non-local.
> 
> 
>         A=0 means the opposite of A=1, and A=1 has a specific meaning, nothing to do with non-local.
> 
>         Define another flag if this is going to be the solution to the fault of putting ULA AAAAs in global DNS.
> 
>         (Can it be adapted to the fault of putting link-local addresses in DNS?)
> 
> 
>             It would be especially needed if /64 would be put into the SASA policy table (then the remote prefix would be /64 too).
>             It may be needed for different /48 after the company merge.
> 
>             How to know what to put in this special PIO (A=L=0)? It looks like not automated at all.
> 
> 
>         A sign that it's not solving the problem where it exists.
> 
> 
> 
>             Ed/
>             -----Original Message-----
>             From: Michael Richardson [mailto:mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>]
>             Sent: Monday, September 26, 2022 1:45 PM
>             To: Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>>; 6man WG <ipv6@ietf.org <mailto:ipv6@ietf.org>>
>             Subject: Re: Network merge [Re: RFC6724-bis?]
> 
> 
>             Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>> wrote:
>                  >> Now as to how to fix this without a global precedence for ULAs, I am
>                  >> wondering about a PIO with L=0 and A=0 (exactly as recommended in RFC
>                  >> 8028, but for other reasons). If a host sees such a PIO for a ULA
>                  >> prefix, it could serve as a signal that the prefix is to be given a
>                  >> suitable precedence, even though it is not on-link and not used for
>                  >> SLAAC.
> 
>                  >> I really like this.  I think it is the best solution.
> 
>                  > But how remote ULA prefix would be known to the local router?  If
> 
>             It can't, which is fine.
> 
>             If there are multiple ULAs after a merger, then we do what Brian and David described and send RIOs or PIOs.
> 
>                  > proper routing is in place then no problem exists in the first place,
>                  > the whole FC/7 could be prioritized.
> 
>             I don't think that non-local ULAs *should* be prioritized.
>             I think that it's actually a problem as more and more sites use ULA for significant internal things, and those addresses leak into other sites.
> 
> 
>             --
>             Michael Richardson <mcr+IETF@sandelman.ca <mailto:mcr%2BIETF@sandelman.ca>>, Sandelman Software Works  -= IPv6 IoT consulting =-
> 
> 
> 
>             --------------------------------------------------------------------
>             IETF IPv6 working group mailing list
>             ipv6@ietf.org <mailto:ipv6@ietf.org>
>             Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>             --------------------------------------------------------------------
> 
>         --------------------------------------------------------------------
>         IETF IPv6 working group mailing list
>         ipv6@ietf.org <mailto:ipv6@ietf.org>
>         Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>         --------------------------------------------------------------------
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email