IETF Logo Mail Archive

[IPv6]Re: Working Group Last Call for <draft-ietf-6man-pio-pflag>

Ole Troan <otroan@employees.org> Tue, 11 June 2024 07:54 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C477FC14F6E2 for <ipv6@ietfa.amsl.com>; Tue, 11 Jun 2024 00:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Q_ggk9rgdiT for <ipv6@ietfa.amsl.com>; Tue, 11 Jun 2024 00:54:55 -0700 (PDT)
Received: from proxmox01.kjsl.com (proxmox01.kjsl.com [IPv6:2607:7c80:54:6::6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1A32C1519A6 for <ipv6@ietf.org>; Tue, 11 Jun 2024 00:54:55 -0700 (PDT)
Received: from proxmox01.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox01.kjsl.com (Proxmox) with ESMTP id 58675E2A67; Tue, 11 Jun 2024 07:54:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=GEwTS2u82w+TPR0d 0CPluBmvWEfkWpt9bjeBQdK4Uds=; b=KnaKZhzq9upiIPbUs1+CajP5N2EmNX88 DjKXJRfgbn7YK58+NSikR9H6Ul19K5DJP5ixQ2gao0cxhTCaQzMoaQBakBUDJ1PY 5MWQjkSH4yIG8FlT27AgBDSeTg8eFR5YlKuRlxL6NIR0t/oUzFw6GBZqG91eqPLg 8ET3HLRi/JT9m7SnYd8evzZM41rW/U/6x3txwARteU4WIl/FNqEVtbcvF41a3kY9 nZj0A344NhddRxxUiRvJl7atcof02CbJvitoILTUPdZmsypgtjkDHOBw8wO2bI2n cd8ZF4hkz9NwFb3aRNt0U9mhY6MmisRl11m7hDig25sLes6CX2hJXQ==
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox01.kjsl.com (Proxmox) with ESMTPS id 3482DE2A52; Tue, 11 Jun 2024 07:54:55 +0000 (UTC)
Received: from smtpclient.apple (ti0389q160-2783.bb.online.no [46.9.227.254]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 8329C4E11C45; Tue, 11 Jun 2024 07:54:54 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <CAKD1Yr17hdHhr9ZYsXHMc0pXX3z1n68u5qXwegBYadqWQ6rT5Q@mail.gmail.com>
Date: Tue, 11 Jun 2024 09:54:42 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <4BF00C4F-D635-4464-8272-86EB853BE616@employees.org>
References: <18236.1717011844@obiwan.sandelman.ca> <2AD87DE1-075E-45E7-A682-8042F04EF59A@employees.org> <89dbde8c-82c9-4a2e-9cff-8d4fd2d8fbe6@gmail.com> <9E7BEA1C-4597-4142-A3AB-57211C436197@employees.org> <CAKD1Yr0iR+RZHvuquCGYfntiD+K7-PdkvGJzHLx1PLrFqJ=Z4Q@mail.gmail.com> <47BF97B8-2BEE-47CC-A965-C6BB112990AB@employees.org> <4bcfcd71-d295-433d-813f-1183c7da3cf3@gmail.com> <CAKD1Yr1CL_Jw4O-iETF6T1v8EL_Lj-fMi6EV=3MgPhN+M2tc8w@mail.gmail.com> <84f6e699-5587-4407-a566-b031c31e2cd5@gmail.com> <CAMGpriWqD99OzdOaJU7_nQTwvD=o1wsVxOQrbMqy5sH7sX7gwA@mail.gmail.com> <95dfd2e9-25da-4449-b740-724804a34735@gmail.com> <CAKr6gn12Vq9xJWGH+Na6xhDXXsW2XSDCnLegjXMRLN8KJ2CEZQ@mail.gmail.com> <CAKD1Yr24RyW_oxhY3iz5nEdXd0EZENy9cZBo7tfxLqLLMHOX_g@mail.gmail.com> <e2e406e1-1231-4c28-8163-c0e220da7453@lear.ch> <b8f85b39-0167-4040-a5d4-3a97f8819b99@gmail.com> <E50531BE-5867-472A-91FE-739341545D62@employees.org> <CAKD1Yr3uHmaSZ7A74X8TJrx6z39ed6DAbOgEXXnOkBiZtQ=WEw@mail.gmail.com> <CAN-Dau1hhR-nHGoR5KzHgwxyF-S5Q=VwnFmhJzeJDQfuaOUe+Q@mail.gmail.com> <CAKD1Yr34jwMdY=A+PCpjkMKb9v-bT9dr9TThv415tnka3MKeFg@mail.gmail.com> <5842F536-C44C-4B2B-9AB7-3FB057D88759@employees.org> <CAKD1Yr3X0qn-TnRKsCzAXMsBLrTYxXWexwdM6qV_+pmSEfjY-g@mail.gmail.com> <3E76AB46-3805-4CFA-81FD-6EAECD3640CE@employees.org> <CAKD1Yr17hdHhr9ZYsXHMc0pXX3z1n68u5qXwegBYadqWQ6rT5Q@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: RIEVBCCZH5RSODP6JOEXLSG3MBOL2FNL
X-Message-ID-Hash: RIEVBCCZH5RSODP6JOEXLSG3MBOL2FNL
X-MailFrom: otroan@employees.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Farmer <farmer=40umn.edu@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [IPv6]Re: Working Group Last Call for <draft-ietf-6man-pio-pflag>
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/kqMz-GCIVcnlQOt-J5zD6_Sb7fc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

Hi Lorenzo,

Regarding use case. There are certainly networks today that run with empty PIOs, typically connecting CPEs in an ISP access network.
One could imagine if one knew that all devices supported PD to the host, that one would also run without an onlink prefix.
But that’s mostly speculation. Independently of that I think we need to cover this case in the document to avoid ambiguity.

Let’s see if we can enumerate the solution space for when to try PD:

I think I have come around to the arguments you gave below.

Expected PD node behaviour:

- If no PIO, always try IA_PD/IA_NA. (Or require M-flag to be set?)
- If PIO and a PIO with P-flag. Try IA_PD

So basically use the lack of PIO as an indication to try PD.
I can craft a paragraph stating that if you like.

It would also be good in the text to make it clear that the function of the P-flag is to negate the A-flag (disable SLAAC) for PD capable hosts.
With the purpose of separating the two functions. 1. when to try PD vs 2. when to not do SLAAC.

Any corner case we’ve forgotten then?

Cheers,
Ole


> On 10 Jun 2024, at 12:26, Lorenzo Colitti <lorenzo@google.com> wrote:
> 
> On Fri, Jun 7, 2024 at 6:32 PM Ole Troan <otroan@employees.org> wrote:
> > If that's correct, then it looks like adding a new flag would allow us to communicate just one extra configuration: "PD is available, but don't use it to replace SLAAC on any prefixes". Do you think this is useful?
> 
> In the empty PIO case it definitely would be.
> 
> How important do you think that case is? Today I'd guess that most networks that serve client devices have prefixes assigned to them. Anything using SLAAC obviously has to have a PIO. But even for DHCPv6-only networks, I think networks generally assign a shared link prefix and then assign individual /128s from the pool. Such networks can send a PIO with A=0 (and L=0 or L=1 depending on topology) and set the P bit in there. I guess if you want to do a PD-only deployment then you might not have a PIO at all, but hosts today would not understand that. CPEs would work, but CPEs don't look at the P bit anyway, they always do PD.
>  But yeah, I see your point that you would have to have both enabled for it to make sense.
> Unless we went back to only in RA and if the P-flag is set any PD willing host should not do SLAAC on any prefix in the RA…
> Perhaps we don’t have to support filtering out which prefixes a host should do SLAAC on. The RFC7084 compliant CPEs would regardlessly not handle that.
> 
> I think that has problems though. In particular, it will break if there are multiple upstreams and not all of them support prefix delegation. One example might be a small enterprise network that has a /48 but only backup through a 5G router that only provides a /64. This situation will mostly work today if the hosts support rule 5.5, as long as the enterprise router sends its RA with high priority. With the P flag as currently defined in the draft, things will also work: the enterprise router would set P=1 A=0 and the 5G router would set P=0 A=1 and things would work. But if the P flag is per-network and not per-PIO, then as soon as the enterprise router sets P=1, the hosts would no longer have any addresses from the 5G network. So a per-network P flag would not be usable in that environment.
> 
> It would also break SNAC in the case where the client gets a prefix from the network, but somehow the stub network doesn't - the stub network would send an RA with an RIO to the stub network prefix and a PIO for the on-link prefix, but if P=1 then clients wouldn't accept the stub network's prefix.
> 
> I guess we could try to fix these problems by saying that the P bit applies only "to prefixes in this RA", but what about prefixes that are announced by multiple routers, or prefixes that have since been withdrawn?
>  
> > I'm not sure it's worth adding a new flag just to address the no PIO case. With this draft as currently written, the network can just send a PIO with L=0, A=0, P=1. Whatever the PIO is (it could even be ::/0 or ::/128), this will only have the effect of setting P to 1 and no other effect.
> 
> That would be awfully confusing.
> Could of course have flags both in RA and in PIO and either one set should trigger PD… but I’m the one worried about address configuration complexity…
> 
> Duplicate flags for the same behaviour? We could do that, but it's definitely messy.
> 
> What use case are you thinking of that has no PIO? Maybe we can solve for that separately?

v2.40.4 | Report a Bug | By Email | System Status