IETF Logo Mail Archive

Re: RFC4861 question - short prefixes in PIOs

Mark Smith <markzzzsmith@gmail.com> Fri, 28 June 2019 04:25 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7AA12013E; Thu, 27 Jun 2019 21:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.497
X-Spam-Level:
X-Spam-Status: No, score=-0.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zh-Q5L4_1Y1J; Thu, 27 Jun 2019 21:25:18 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 543D412004E; Thu, 27 Jun 2019 21:25:18 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id o101so4346338ota.8; Thu, 27 Jun 2019 21:25:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=g5eBJUOr/nR1sr5t2BOb2QQKWuSxF9SQOMTsmRJ3U+s=; b=kRDGxWW4P6ing9xuTQdnR6BcwMS4UAc6qiqARPl1ldiIMHq6oEARHKBtG+F5nuvAm6 lQHbqJhkUMfJkQtgF9OD+M4ZMFYVxQpQ8haoEZnC1OrbHiaWYDOro7SypVhCKtXMFKRv Z/6SwHlPkKek4a4cL/6cYKuzb3YtrU3V7AHOy5peHGd8D9osLOMQvOBVetnXyvP0PtXP WPfTyR6uLfaZ3AuMk4USD3aM044LHsMRWomDEdo0pJkQRpgmui59Bk2FQs6L7qFS/yks zz9CZdRSxUuRXixYUVlNK7tLRmLXgF7tIipfh9+Hrp9WIgU0E57aYB5AQmwwFzVT0osv N+5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g5eBJUOr/nR1sr5t2BOb2QQKWuSxF9SQOMTsmRJ3U+s=; b=rUC98KM3XJvuygZddiCLSMQiHU7OLBTEAeXu9uHtEXCjLsJfEP0ljmuEJM0fhCRJ1c 4s94JoCi4xwVdO5bOsUK+3Xq9OkS9phOfUebH9OAYjXVL8J4YZj7OmyavE4U+1+lynjH L7JdLZlnZOJ5igupoKcSapSgMMiiQF1Bi4NtMZBJR0efOEhZWE5tkqARQj/cd8bT/6xy Oy4f0wAjIrpouyTI6q9v4/vNQyKwGU4VRFWLgztTNZ+jvzpe7G1EgTmgEBILxygStilQ a7Zi4CczvFB/LQTqC6qa0GFecbSlIVPxXjO/Nuf/n0APl6Y7hWQzuNw885nGEq8jGyke OmiQ==
X-Gm-Message-State: APjAAAU13O0LPtIIOe0QGIEgPkq2epIRqO7DBZNYBVG0tcfOrJJMCcqw bXRzNNPGbHpqucR1d09d+VT/WybHSYyYzOvGo6c=
X-Google-Smtp-Source: APXvYqzhjHmcjlahEDOhMwJxo9N7pjxgPL+0la0Byt+C4RGCu/ND9S9RqIfsJFkcDxfpQF+AWoZbsXPlBIR+pGTXm9g=
X-Received: by 2002:a9d:65da:: with SMTP id z26mr6107471oth.257.1561695917649; Thu, 27 Jun 2019 21:25:17 -0700 (PDT)
MIME-Version: 1.0
References: <729f46ec4a8b419797e15bbdcac3e549@boeing.com> <4615.1561671634@localhost>
In-Reply-To: <4615.1561671634@localhost>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 28 Jun 2019 14:24:51 +1000
Message-ID: <CAO42Z2wawP4T23qY9haspxyE=RFEfruL6KUw1pcL7uLO3rGdVg@mail.gmail.com>
Subject: Re: RFC4861 question - short prefixes in PIOs
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "Templin, Fred L" <Fred.L.Templin@boeing.com>, v6ops list <v6ops@ietf.org>, 6man <6man@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b3316058c5aaa37"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/k-Qaosry5RhytFlIRByztmpzTb4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 04:25:21 -0000

On Fri., 28 Jun. 2019, 07:41 Michael Richardson, <mcr+ietf@sandelman.ca>
wrote:

>
> Templin (US), Fred L <Fred.L.Templin@boeing.com> wrote:
>     > 3) If the PIO instead has L=0, does it mean that 2001:db8::/32 is
>     > “associated” with the link but not necessarily “on-link”?
>
> As others have said, and I find the RFC rather obtuse in this way, I think
> that only thing one can say is that if L=1, then devices in that indicated
> PIO can be found using ND (appropriately multicast).
>
> I think that when it is associated with the link, one can use SLAAC to
> assign
> interfaces, but can't use ND to find neighbours.
>

I see it as three separate things:

1. During IP address planning, assign a quantity of address space (prefix)
to the link.

2. if SLAAC is to be used within that prefix, A=1 (the RFC 4861 default).

3. if hosts are to consider addresses within the link's address
space/prefix to be directly reachable over the link, then L=1 (the RFC 4861
default).



>
> Hairpin'ing all traffic through the advertising router when L=0 seems like
> the only general solution.


You can't hairpin literally all traffic via a router using the PIO L=1 or 0
mechanism, because the Link-Local prefix has L=1 set in all hosts per RFC
5942, and it isn't currently possible to change it.

This can cause problems as it conflicts with IPv6 address selection, which
says LLs are preferred over GUA/ULA addresses. So if a host was presented
with a set of DAs that includes LLs and GUA or ULAs, the LL would be
preferred and fail, while if it chose a GUA or ULA DA it would work.

Some might argue that's good for security, however I think LLs are more
secure and reliable addresses for applications to use over GUAs and ULA
addresses. I think that is why LLs are preferred in IPv6 default address
selection.


  But, I can imagine many situations where if a
> Neighbour Cache entry somehow existed, then it could be used.
>
> I think that hairpin'ing all traffic has many interesting uses when it
> comes
> to providing firewalling (such as RFC8520) between devices.
>

Per-device traffic accounting performed by a router could be another use
case e.g. BRAS exporting that information via RADIUS accounting.



>     > 4) If yes to 3), does it mean that 2001:db8::/32 should be added to
> the
>     > IPv6 forwarding table
>     > as a “route-to-interface” with the receiving interface as the next
> hop?
>
> I don't think so.
> That would imply it was on-link, and L=0 means it isn't.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email