IETF Logo Mail Archive

Re: [IPv6] Variable IIDs

Mark Smith <markzzzsmith@gmail.com> Sun, 05 November 2023 04:56 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE4FC09C20E for <ipv6@ietfa.amsl.com>; Sat, 4 Nov 2023 21:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.603
X-Spam-Level:
X-Spam-Status: No, score=-6.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11l7MTE8BD91 for <ipv6@ietfa.amsl.com>; Sat, 4 Nov 2023 21:56:30 -0700 (PDT)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2A72C09B5D1 for <ipv6@ietf.org>; Sat, 4 Nov 2023 21:56:30 -0700 (PDT)
Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-9d10f94f70bso489525966b.3 for <ipv6@ietf.org>; Sat, 04 Nov 2023 21:56:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699160189; x=1699764989; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eoukY8vaTS6AhEicfXjxP2TvYyBPgGBsFvUI/rfaB9M=; b=G/p3XximQtYq4gJ6uvM7oEIXdkI3VE1HBxHynPT3YJrfP/oqAesVVyuGucIIenD6jk HVLttj/x+CepDcqQNvHbR+rVLsH3taMBqbCfpA46wvJATAN+x0s2Qy+SizDtlDitL8jC 4r5WoVNoX9bxMQpeyihtNvS36HiNbnp5Vw445m1seUxAlO023uKtEmas/aqAW88Bj5l7 J1YiuYCCZ5hnUF2gjzOFPXVz++Tru8849xOl5wwxf/Z5+Jo2m6YiqkdYyt79r4LyvPlo bu2EZX0HN2CvpifDv4x+PG7EK4vU31/+XwGazdoDdOfCo8IzUnMhi7Nf+W+nReGq/T2U y/pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699160189; x=1699764989; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eoukY8vaTS6AhEicfXjxP2TvYyBPgGBsFvUI/rfaB9M=; b=aDBjzB903vjXi30afubxxbG+MeaC4rFaAnS71Zol1srv/r8cDE9pg0/5KXwI6mkk9C d2aKNM92ggw+yZmUE7UBVnrSKr29h8AxK7/GCyrQAQBJ0UenZTh4Mvxgz2+fzXMcWBzS 2w2ClHqDdeVd1QbBd5ljBHn2UU/+fLsaFVS7xnSu90/HAl40Nuzh4vlmTHZEzo8n4VFw aHrZEGJLXqtOB4LY476mvaqNIwXpaLEWJTbwRLZpKhr67Et43QC1HxZ/lVO4BL+C1/1W ur43L/xvGuWGqIoRbvPpQ3I4zZgJwdpVPam4eD7puoIVt1pud6C7Xhg0jQfsnh5WotGV 3n5g==
X-Gm-Message-State: AOJu0Yz8yfy3iu/zEUHdQPn9YIjCgWVoNvVgCDdRzsZBGKqQw40jWD7Y Zb4udWPrYmj/L+KgXFVdRW9TDDWUipFYJNsFfiOfQeVU
X-Google-Smtp-Source: AGHT+IFAiMjBlef+iXWX+fqTrTKmPPdG6N+vFK3w9FY+ueXp6PFKqkocBLncmrMsxxvi5z6zlgAZil8qpwiv5WPi+KU=
X-Received: by 2002:a17:907:934c:b0:9bf:b6f5:3a08 with SMTP id bv12-20020a170907934c00b009bfb6f53a08mr10676584ejc.52.1699160188863; Sat, 04 Nov 2023 21:56:28 -0700 (PDT)
MIME-Version: 1.0
References: <d935987f-7550-855a-c57f-7f8c2fc6e5cf@gmail.com> <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com>
In-Reply-To: <CAKD1Yr0ZBqdNnysBm3SmKRBjOZPM5totfzww_6mDdC94fDLx4A@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sun, 05 Nov 2023 15:56:17 +1100
Message-ID: <CAO42Z2zxLwtZNtuwBKDzCZZXp4tUNvmMoDCOu1XgjFPwXjKvYQ@mail.gmail.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6man <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007948790609608fbe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/nez2IJZ_fdycE3tv_Ok6OKSoBdo>
Subject: Re: [IPv6] Variable IIDs
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 04:56:34 -0000

On Sat, 4 Nov 2023, 23:00 Lorenzo Colitti, <lorenzo=
40google.com@dmarc.ietf.org> wrote:

> Brian,
>
> If we think /64 is too large, then I think it's OK to change 64 to
> something else. But making the IID length variable is the wrong solution.
> If we do that, we will create a race to the bottom that ends up at /128.
>

I think one of the incentives to do this will be RIR fees.

Internet service is obviously a commodity, which means there are strong
incentives to reduce costs if possible, in particular for residential
Internet services.

So if an ISP can get their minimum assignment of an /32, and then subdivide
with IIDs smaller than 64 bits to fit all of their customers within that
single /32, that's I'm confident that's what many will do to avoid paying
RIR fees for shorter prefixes to suit /64 subnets/64 bit IIDs for their
customer base.

The larger the ISP, the greater the incentive to do this, because the
savings from only using a /32 for all customers will be greater.

Regards,
Mark.





> Here's why. Today SLAAC only works on a /64, and a /64 guarantees that
> there will always be enough address space to number unlimited devices.
> Pretty much every network operator uses that because it's the only thing
> that works on all devices. Some operators insist on assigning only a /128
> to each device using DHCPv6. This is for various reasons, most notably
> consistency with IPv4, the fact that DHCP clients and servers by default
> only assign one address, scalability of network entities such as ND caches,
> desire to charge for more addresses (yes; as the lead of a major OS network
> stack, we get this depressingly often). It's pretty clear from any reading
> of RFC 7934 that that is harmful, but those operators don't know or want to
> do it anyway. Fortunately (well, unfortunately for those operators), this
> doesn't work on a substantial percentage of devices due to lack of support
> for DHCPv6, so it's not really a practical solution on most networks. Those
> operators occasionally complain about OSes that don't support DHCPv6, but
> on the whole we're generally in a situation where devices can get as many
> IP addresses as they need, within reason.
>
> However: if we define SLAAC to variable length, as you are proposing here
> then those operators will pick the minimum length accepted by
> implementations. Today that's /64. If implementations change to accept
> fewer addresses (say, /80), then those networks will move to providing the
> new minimum. And so on. This starts a race to the bottom that ends at /128.
> If you don't believe this, consider: many residential ISPs provide a
> reasonably-sized subnet to users, such as a /56. But some provide only a
> /60. Some - like mine! - only provide a /64. In my case I could only get a
> /56 by signing up for the business offering, which costs 3 times as much.
> Now, obviously this example is about prefix sizes, but if we make SLAAC
> variable, you can bet that operators will do this within subnets as well.
> Consider even during the v6ops discussion of
> draft-ietf-v6ops-dhcp-pd-per-device, some participants (Martin, I remember)
> asserted that the subnet must be made small enough to prohibit devices from
> extending the network.
>
> Note, I am not saying that most or even many networks will do this. But
> some will. The consequence of that is that OS vendors like ours will act in
> their users' interests, and allow those users to evade those restrictions
> by implementing NAT66. At that point everybody loses. The networks don't
> get paid more. App developers have to implement NAT traversal and
> keepalives. OS vendors have to implement hardware offload APIs for
> keepalives. Users have to deal with lower battery life and brittle apps due
> to NAT timeouts.
>
> Why do this? If we really think /64 is too wasteful, then we can change
> it, once. But we can't make it variable without creating a race to the
> bottom. The only way to do that is to pick one size.
>
> Cheers,
> Lorenzo
>
> On Sat, Nov 4, 2023 at 2:06 AM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
>
>> If anyone wants to turn this into an I-D, please feel free.
>>
>> title: Variable Length Interface Identifiers
>> abbrev: Variable IIDs
>> docname: draft-tbd-6man-variable-iids-00
>>
>> # Introduction
>>
>> The lowest common denominator method of configuration for IPv6 nodes is
>> SLAAC {{!RFC4862}}, which is carefully designed to allow any prefix length
>> and any interface identifier (IID) length, provided that they do not total
>> more than 128 bits. Until now, specifications of "IPv6 over foo" mappings,
>> starting with {{!RFC2464}}, have specified an IID length of 64 bits,
>> consistent with the value specified by {{!RFC4291}}.
>>
>> This document allows a router to announce an IID length other than 64 on
>> a given link, and updates RFC 4291, RFC 2464 (and numerous other "IPv6 over
>> foo" documents TBD), and RFC 4862 accordingly. It extends {{!RFC4861}} by
>> defining a new "IID length" mechanism in RA messages.
>>
>> Terminology: a "modified" host or router supports this spec. An
>> "unmodified" host or router supports RFC 4861 and 4862 precisely.
>>
>> # Modified procedures
>>
>> The predefined IID length specified by RFC 4291, RFC 2464, etc. is used
>> to configure the link-local IPv6 address of a node exactly as described in
>> RFC 4862.
>>
>> On a link where variable IID length is not supported, the predefined IID
>> length will continue to be used to configure all other addresses using
>> SLAAC.
>>
>> On a link where variable IID length is supported, each modified router
>> will include an "IID length" indication in every RA/PIO message with the A
>> bit set. This will override the value defined in RFC 2464 (etc.) and in RFC
>> 4291, for the prefix concerned.
>>
>> Suggestion: put the IID length in 6 bits of the Reserved2 field of the
>> PIO. 0b000000 would mean 64, i.e. no change and backwards compatible. Any
>> other value would define an IID length in bits. Values less than 48
>> (0b110000) are NOT RECOMMENDED. Values greater than 64 are impossible.
>>
>> (Note: Reserved1 is not available - see {{?RFC8425}}.)
>>
>> When a modified node receives an "IID length" less than 64, it will use
>> that value instead of the default for all unicast address autoconfiguration
>> under that prefix, except link-local.
>>
>> # Deployment issues
>>
>>   - Unmodified hosts and unmodified routers: no change, all use 64-bit
>> IIDs.
>>
>>   - Modified hosts and unmodified routers: no change, all use 64-bit IIDs.
>>
>>   - Modified hosts and modified routers: configure to use longer prefixes
>> and shorter IIDs if desired.
>>
>>   - Modified routers and mixture of modified and unmodified hosts on a
>> link:
>>
>>     - The modified hosts will use a shorter IID and longer prefix if that
>> is announced.
>>
>>     - The unmodified hosts, according to RFC 4861, MUST ignore the
>> Reserved1 field. So, according to section 5.5.3 clause d) of RFC 4862, they
>> will ignore any PIO advertising a shorter IID. Therefore, the operator has
>> two choices:
>>
>>       1. Decide that unmodified hosts will not be supported (i.e. will
>> not be able to configure an address using SLAAC).
>>
>>       2. Announce (at least) two prefixes on the link - a /64 and a
>> longer one, with a shorter IID. For that to make sense, we need an extra
>> rule for modified hosts: if a host receives several PIOs from the same
>> router, it prefers all those with the shortest IID and ignores the others.
>>
>>   - Mixture of modified and unmodified routers on a link: don't do that!
>>
>> # IANA Considerations
>>
>> Maybe a registry for the Reserved2 field, like RFC 8425?
>>
>> # Security Considerations
>>
>> Nothing new?
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email