Re: RFC4861 question - short prefixes in PIOs
Mark Smith <markzzzsmith@gmail.com> Fri, 28 June 2019 04:25 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7AA12013E; Thu, 27 Jun 2019 21:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.497
X-Spam-Level:
X-Spam-Status: No, score=-0.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zh-Q5L4_1Y1J; Thu, 27 Jun 2019 21:25:18 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 543D412004E; Thu, 27 Jun 2019 21:25:18 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id o101so4346338ota.8; Thu, 27 Jun 2019 21:25:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=g5eBJUOr/nR1sr5t2BOb2QQKWuSxF9SQOMTsmRJ3U+s=; b=kRDGxWW4P6ing9xuTQdnR6BcwMS4UAc6qiqARPl1ldiIMHq6oEARHKBtG+F5nuvAm6 lQHbqJhkUMfJkQtgF9OD+M4ZMFYVxQpQ8haoEZnC1OrbHiaWYDOro7SypVhCKtXMFKRv Z/6SwHlPkKek4a4cL/6cYKuzb3YtrU3V7AHOy5peHGd8D9osLOMQvOBVetnXyvP0PtXP WPfTyR6uLfaZ3AuMk4USD3aM044LHsMRWomDEdo0pJkQRpgmui59Bk2FQs6L7qFS/yks zz9CZdRSxUuRXixYUVlNK7tLRmLXgF7tIipfh9+Hrp9WIgU0E57aYB5AQmwwFzVT0osv N+5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g5eBJUOr/nR1sr5t2BOb2QQKWuSxF9SQOMTsmRJ3U+s=; b=rUC98KM3XJvuygZddiCLSMQiHU7OLBTEAeXu9uHtEXCjLsJfEP0ljmuEJM0fhCRJ1c 4s94JoCi4xwVdO5bOsUK+3Xq9OkS9phOfUebH9OAYjXVL8J4YZj7OmyavE4U+1+lynjH L7JdLZlnZOJ5igupoKcSapSgMMiiQF1Bi4NtMZBJR0efOEhZWE5tkqARQj/cd8bT/6xy Oy4f0wAjIrpouyTI6q9v4/vNQyKwGU4VRFWLgztTNZ+jvzpe7G1EgTmgEBILxygStilQ a7Zi4CczvFB/LQTqC6qa0GFecbSlIVPxXjO/Nuf/n0APl6Y7hWQzuNw885nGEq8jGyke OmiQ==
X-Gm-Message-State: APjAAAU13O0LPtIIOe0QGIEgPkq2epIRqO7DBZNYBVG0tcfOrJJMCcqw bXRzNNPGbHpqucR1d09d+VT/WybHSYyYzOvGo6c=
X-Google-Smtp-Source: APXvYqzhjHmcjlahEDOhMwJxo9N7pjxgPL+0la0Byt+C4RGCu/ND9S9RqIfsJFkcDxfpQF+AWoZbsXPlBIR+pGTXm9g=
X-Received: by 2002:a9d:65da:: with SMTP id z26mr6107471oth.257.1561695917649; Thu, 27 Jun 2019 21:25:17 -0700 (PDT)
MIME-Version: 1.0
References: <729f46ec4a8b419797e15bbdcac3e549@boeing.com> <4615.1561671634@localhost>
In-Reply-To: <4615.1561671634@localhost>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 28 Jun 2019 14:24:51 +1000
Message-ID: <CAO42Z2wawP4T23qY9haspxyE=RFEfruL6KUw1pcL7uLO3rGdVg@mail.gmail.com>
Subject: Re: RFC4861 question - short prefixes in PIOs
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "Templin, Fred L" <Fred.L.Templin@boeing.com>, v6ops list <v6ops@ietf.org>, 6man <6man@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b3316058c5aaa37"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/k-Qaosry5RhytFlIRByztmpzTb4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 04:25:21 -0000
On Fri., 28 Jun. 2019, 07:41 Michael Richardson, <mcr+ietf@sandelman.ca> wrote: > > Templin (US), Fred L <Fred.L.Templin@boeing.com> wrote: > > 3) If the PIO instead has L=0, does it mean that 2001:db8::/32 is > > “associated” with the link but not necessarily “on-link”? > > As others have said, and I find the RFC rather obtuse in this way, I think > that only thing one can say is that if L=1, then devices in that indicated > PIO can be found using ND (appropriately multicast). > > I think that when it is associated with the link, one can use SLAAC to > assign > interfaces, but can't use ND to find neighbours. > I see it as three separate things: 1. During IP address planning, assign a quantity of address space (prefix) to the link. 2. if SLAAC is to be used within that prefix, A=1 (the RFC 4861 default). 3. if hosts are to consider addresses within the link's address space/prefix to be directly reachable over the link, then L=1 (the RFC 4861 default). > > Hairpin'ing all traffic through the advertising router when L=0 seems like > the only general solution. You can't hairpin literally all traffic via a router using the PIO L=1 or 0 mechanism, because the Link-Local prefix has L=1 set in all hosts per RFC 5942, and it isn't currently possible to change it. This can cause problems as it conflicts with IPv6 address selection, which says LLs are preferred over GUA/ULA addresses. So if a host was presented with a set of DAs that includes LLs and GUA or ULAs, the LL would be preferred and fail, while if it chose a GUA or ULA DA it would work. Some might argue that's good for security, however I think LLs are more secure and reliable addresses for applications to use over GUAs and ULA addresses. I think that is why LLs are preferred in IPv6 default address selection. But, I can imagine many situations where if a > Neighbour Cache entry somehow existed, then it could be used. > > I think that hairpin'ing all traffic has many interesting uses when it > comes > to providing firewalling (such as RFC8520) between devices. > Per-device traffic accounting performed by a router could be another use case e.g. BRAS exporting that information via RADIUS accounting. > > 4) If yes to 3), does it mean that 2001:db8::/32 should be added to > the > > IPv6 forwarding table > > as a “route-to-interface” with the receiving interface as the next > hop? > > I don't think so. > That would imply it was on-link, and L=0 means it isn't. > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- RFC4861 question - short prefixes in PIOs Templin (US), Fred L
- Re: [v6ops] RFC4861 question - short prefixes in … 神明達哉
- RE: [v6ops] RFC4861 question - short prefixes in … Templin (US), Fred L
- RE: [v6ops] RFC4861 question - short prefixes in … Dave Thaler
- Re: [v6ops] RFC4861 question - short prefixes in … David Farmer
- RE: [v6ops] RFC4861 question - short prefixes in … Templin (US), Fred L
- RE: [v6ops] RFC4861 question - short prefixes in … Templin (US), Fred L
- RE: [v6ops] RFC4861 question - short prefixes in … Dave Thaler
- Re: [v6ops] RFC4861 question - short prefixes in … David Farmer
- Re: [v6ops] RFC4861 question - short prefixes in … Brian E Carpenter
- Re: [v6ops] RFC4861 question - short prefixes in … Mark Smith
- Re: [v6ops] RFC4861 question - short prefixes in … Alexandre Petrescu
- Re: [v6ops] RFC4861 question - short prefixes in … Mark Smith
- Re: RFC4861 question - short prefixes in PIOs Michael Richardson
- Re: RFC4861 question - short prefixes in PIOs Mark Smith
- Re: [v6ops] RFC4861 question - short prefixes in … Alexandre Petrescu
- Re: [v6ops] RFC4861 question - short prefixes in … Philip Homburg
- Re: [v6ops] RFC4861 question - short prefixes in … Mark Smith
- Re: [v6ops] RFC4861 question - short prefixes in … Pascal Thubert (pthubert)