IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

Mark Smith <markzzzsmith@gmail.com> Fri, 24 January 2020 11:50 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61CCC1200F6 for <ipv6@ietfa.amsl.com>; Fri, 24 Jan 2020 03:50:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.496
X-Spam-Level:
X-Spam-Status: No, score=-0.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaNg7AU8mnIQ for <ipv6@ietfa.amsl.com>; Fri, 24 Jan 2020 03:50:23 -0800 (PST)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA4F71200EC for <ipv6@ietf.org>; Fri, 24 Jan 2020 03:50:22 -0800 (PST)
Received: by mail-oi1-x22e.google.com with SMTP id l7so1533709oil.12 for <ipv6@ietf.org>; Fri, 24 Jan 2020 03:50:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qPN5cveYhDIqigZwjRAcCU7ngdMKcqlLwQmfiyVuc9g=; b=S221+kKpbtseormRoCyn46xS0FyouLqx/mRWm97Prh9O+q1TZv5N8AQdUs5nhhl/VP NFx2CJBD6XouhhCQ0JtumG0ku/oHucVwVKYRE8hYzRzqIOL0SauCa5a20ATmCXVty+Ba ZuZhUcxdLLp85Hn8BeJlyIrRtAiWKh4P97f8Tmoh7+SWOxT/OfoDhJQE5ReyXlggUVmN TbywlWXuE3hfIbyBKe/HV+HamsrhKPeB8WXI5OSGSu6sIqhIiDzQtzHiFEUUJsatMkrW m4OHo9Zml4iSNcieS2c1IsEX7sEstzSGrauIWlpbVkH4kRuANitKGQi2RmXQqEwhgQxR TyGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qPN5cveYhDIqigZwjRAcCU7ngdMKcqlLwQmfiyVuc9g=; b=h24zMivafv9QjXWmJ04ad19TkUgl/Rb2zQk4PhR/TUsUprjUP40Q1DSIXWahmUj0ov Pta8qcR0P9bTl0nOJouRB6TjuZcj++qDpHqEed7+hu0kToJWFsQHG5DSkEurvnf6t8py 1CokahIY0Xwd7nxBkXCNby4o8sDg0ojH/mRxuUgQ/W+2yCGZSCD5s04Mrq2o7u+HlbO8 KgF3zESwsTxVATkDk8GbJvU3NMg8aGNURkLHw2hPs+d+oZyG6u5hCG1N5RRYXIA2J20O mwYa6PV9CbRqbheGjEQzzT/kOKzLS4VCIYdUxaUfdk7OwTytQ8V3ih6NV8i99XcxB3bK 83SQ==
X-Gm-Message-State: APjAAAUyCJ9BdpnilLbqLwik/xfc7DvscJRuU3y6TK4Miti22hFewNPI NwPnEh+ajcLuZhE3riVWkT6/W24qNsy5T1R1q3uO1g==
X-Google-Smtp-Source: APXvYqycAosODGJ+sUB5411ASUFt8ovz2fEM4WDT5wqB+mCIYAwju1Oy0lT0Po2AiJRedZQYtVspSdLC3pqFAgP6OTU=
X-Received: by 2002:aca:f44a:: with SMTP id s71mr15417oih.7.1579866621836; Fri, 24 Jan 2020 03:50:21 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <e936078e-01f9-0254-a8d0-4095455154ac@si6networks.com> <D85412DF-4B03-4790-9E39-968D50ECF86B@employees.org> <m1iuwJV-0000MAC@stereo.hq.phicoh.net>
In-Reply-To: <m1iuwJV-0000MAC@stereo.hq.phicoh.net>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 24 Jan 2020 22:50:09 +1100
Message-ID: <CAO42Z2yVGCenXOCNqTQTEuOv5yMt46BMyGRozW9Tjy8Ds4YynA@mail.gmail.com>
Subject: Re: RFC4941bis: consequences of many addresses for the network
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c98359059ce15c5c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/jVsPjc28j97MHFebrqc_WfDuWe0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 11:50:25 -0000

On Fri, 24 Jan 2020, 21:36 Philip Homburg, <pch-ipv6-ietf-6@u-1.phicoh.com>
wrote:

> >Absolutely. Just that temporary addresses changes the equation quite a
> bit.
> >A network might be willing to serve a small set of addresses to a host,
> but wi
> >th temporary addresses there are really no limit.
> >If you do an address per transport connection, would you expect the
> network to
> > serve that?
> >And if it doesn't, how is the host supposed to detect it? An happy
> eyeballs ap
> >proach?
> >Right now that is completely unspecified in 4941bis (and sure it also was
> in 4
> >941).
> >Question is if we should (try to) fix that?
>
> I'd say that if a network wants to have control over how addresses are
> allocated it should use DHCPv6. Certainly if we are talking about
> relatively
> low limited on the number of addresses per host.
>
> However, given the desire to fit everything in SLAAC, what is missing at
> the moment is a way for the network to express intent.
>
> The most basic way would be for a flag that disables temporary addresses.
>
> A more adavanced option would be specify limits on the number of temporary
> addresses and possibly ways to register/deregister an address. For example,
> nodes can keep addresses alive be periodically generating a NA for the
> address.
>
> The question of an address per transport connection is why would you do
> that?
>

(Sorry for the size, this is how it copy-and-pasted)
Transient Addressing for Related Processes: Improved Firewalling by Using
IPV6 and Multiple Addresses per Host

https://www.cs.columbia.edu/~smb/papers/tarp/tarp.html
Many Addr

In many IPv4 installations, the NAT box has state per flow. So having an
> IPv6
> address per transport connection doesn't seem beyond what we can do.
>
> The question is what the benefits are. I don't see a lot of privacy
> benefits
> for lots of addresses.
>


Hiding in the crowd.



> Note that a single network port may still end up with losts of addresses:
> - users may use bridges to extend the network and connect more than one
> host
>   to a single port
> - users may run virtual machines (or containers) in bridged mode and end up
>   with multiple virtual hosts by behind a single port
> - having an IPv6 address per process on a host may have benefits in
> particular
>   if many processes would like to use the same port for some reason
>
> Typically, even very small network switches support many thousand MAC
> addresses. I think that network devices should support similar numbers of
> IPv6 addresses per /64.


>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email