IETF Logo Mail Archive

Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-00.txt

Nick Buraglio <buraglio@forwardingplane.net> Sat, 21 October 2023 15:45 UTC

Return-Path: <buraglio@forwardingplane.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19AABC15155B for <ipv6@ietfa.amsl.com>; Sat, 21 Oct 2023 08:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forwardingplane.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9tHfWrDjws4 for <ipv6@ietfa.amsl.com>; Sat, 21 Oct 2023 08:45:49 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D097EC14F6EC for <ipv6@ietf.org>; Sat, 21 Oct 2023 08:45:49 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-419b232fc99so9700141cf.1 for <ipv6@ietf.org>; Sat, 21 Oct 2023 08:45:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardingplane.net; s=google; t=1697903149; x=1698507949; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Btp9aL0rVxgIW8JxB1acKw9zUXr/cvAqmMA+mgrEpng=; b=mqy/Zk8rOJ0+2nbYR3kLqSnXkRU+UvHdz7NEbcHd8YwzpH2ggReSP/V88EuXdRJENF veivF25Cl3eNrYvT2KboxHUPlHsbxW6rSc/K3Cmt+hsJxTE0bydFe31ZOAEHO/4ZJK3n enEp1Gx6khHSbB2IKhDMTmUh3CXwDLnppMWhE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697903149; x=1698507949; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Btp9aL0rVxgIW8JxB1acKw9zUXr/cvAqmMA+mgrEpng=; b=lX7dJNVmyHzK7lvVNYk0dHl0iFYh0w5lSgOgLVLxFc943uYMmB9KwCLP69eMiZPbqr vYlpoRlF45r+Z3lJ7d+6GP4suQXKL17Aw/2agVHoTxa47uIIA1R1uNfA70SvpIwn+Pxm rUm+RW6RjQr6kQfdbcWYWbP7I5psuvym88vukVRPdX/45FxhIxfn7as/gGNeukhM7vK9 HvYLVA8A5vJIoJ0ULenLYQZdHR7Ni69hYq/yGg58zYjNIzsXBtQCRjie6MhntKlDelhD ZnmYVFDkWgl3Ugr3pjq7qWLDvKa5zG1zTLHV28WQbSUGX+CIPgtP/Fdqgct7A9AnO+QG FGgQ==
X-Gm-Message-State: AOJu0YzHtlaIbsh97JWng6rUjcrojW8F/nI1GrjUz0N4pXQSKwJfSN0K mwdKL8SuosWLiqfgnMeYQ7aNhMQH2T6r53EkdQ2LsA==
X-Google-Smtp-Source: AGHT+IFrthATjNjuT91SakiwIxjZnlPlC4fwtp/fNe26ysEzEa6OmBRI8JyaX/U+DPVqGNHnoVRxopTx2OBomewbj50=
X-Received: by 2002:a05:622a:15:b0:412:2dac:acb9 with SMTP id x21-20020a05622a001500b004122dacacb9mr5921032qtw.8.1697903148778; Sat, 21 Oct 2023 08:45:48 -0700 (PDT)
MIME-Version: 1.0
References: <169686229022.13380.1151518565582812589@ietfa.amsl.com> <b6e5c407-c50c-4834-b5df-d7362b764fe2@Spark> <PH0PR11MB4966868276813E0C8A1AACABA9D5A@PH0PR11MB4966.namprd11.prod.outlook.com> <CAN-Dau26C0dqXvr3i_VdZJtbkRes4APjXY1xHsbFw3zpWzj8Aw@mail.gmail.com> <92A814D5-FA86-4FAB-8843-7B3D7DDB23E8@employees.org> <CAN-Dau1=+hG-oK+cN49xJ2Ru+mm57Cfai3HNrLcO1fqEDaMarQ@mail.gmail.com> <c724c76c-0d01-43d9-a3df-6d1c8b21d3c6@gmail.com> <CAN-Dau3_vxcOckLC56GMHkddq2NteN=7oV68LmZf_TssQvxZjg@mail.gmail.com>
In-Reply-To: <CAN-Dau3_vxcOckLC56GMHkddq2NteN=7oV68LmZf_TssQvxZjg@mail.gmail.com>
From: Nick Buraglio <buraglio@forwardingplane.net>
Date: Sat, 21 Oct 2023 10:45:36 -0500
Message-ID: <CACMsEX9+P0mC7ozFL9w8rb_Swk7ufza8R-2obnhLhPismz5mSw@mail.gmail.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/nyoHx4KI39uRht7rnASz_S6MJK0>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-rfc6724-update-00.txt
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Oct 2023 15:45:55 -0000

On Fri, Oct 20, 2023 at 9:22 PM David Farmer
<farmer=40umn.edu@dmarc.ietf.org> wrote:
>
>
>
> On Fri, Oct 20, 2023 at 5:33 PM Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>
>> On 21-Oct-23 10:09, David Farmer wrote:
>> >
>> > On Wed, Oct 18, 2023 at 2:03 PM Ole Troan <otroan=40employees.org@dmarc.ietf.org <mailto:40employees.org@dmarc.ietf.org>> wrote:
>> >
>> >      > Therefore, the policy table, as proposed, discourages the use of ULA with NPTv6, NAT66, or NAPT66, which, if I'm understanding you correctly, is what you would like.
>> >
>> >     The behaviour _I_ would like is for RFC1918 and ULA sources to be treated equally for global DA.
>> >     Expecting HE / host heuristics would deprioritize one or the other as the host learns the SAs actual reachability.
>> >
>> >     I don’t think the answer to that problem is a separate block of IPv6 space for ULA with global reachability (how many address classes are we going to have) or to per-network modify the host SAS policy.
>> >     Operators are then instead solving it by using an address space that does behave that way. E.g. 2001:db8::/32.
>> >
>> >
>> > Using ULA for global communications and reachability conflicts with the very definition of ULA in RFC4193. From the Intro of RFC 4193, "This document defines an IPv6 unicast address format that is globally unique and is intended for local communications [IPV6]... They are not expected to be routable on the global Internet."
>>
>> That's true, but (Experimental) RFC 6296 explains how ULA<-->GUA can work. If a user chooses ULA<-->GUA and there is no NPTv6 or NAT66 present, the user loses. More rational address selection is possible if the host has access to a "NPTv6 (or NAT66) present" flag. (Actually, the same is true in IPv4 - if there was a "NAT44 present" flag, it could be tested before trying to use an RFC1918 source address. But it isn't needed in practice because NAT44 is so widespread.)
>
>
> Actually, that only works with the Default Address Selection policy table of RFC3484, which doesn't have a separate label for ULA. With the Default Address Selection policy table of RFC6724, IPv4 will always be selected over ULA. Even with this update, increasing the preference for ULA, as has been discussed, IPv4 will be selected over a ULA Source with a GUA Destination because of the separate ULA label. Further, as discussed in the draft, changing the policy table can be almost impossible in many situations.
>
> I believe Ole is instead suggesting removing the ULA label from the policy table restoring NPTv6, NAT66, or NAPT66 functionality with ULA by default. Preferring IPv6 GUA and ULA equally and over IPv4 and only relying on Happy Eyeballs (HE) to determine reachability between IPv6 and IPv4.
>
>> > As currently defined, if the host only has a ULA source address, the host can expect only to have local connectivity. If the host also has a GUA source address, the host can expect global connectivity. Just because we blurred this distinction in IPv4 doesn't mean we should also blur the distinction in IPv6. We have plenty of IPv6 addresses to have separate local and global address formats, and that is why ULA was defined as a separate address format.
>> >
>> > There is no good way to maintain the distinction between local names and global names in the DNS. If we can't maintain a clear distinction between local and global IPv6 addresses, then we are doomed to confuse the local and global domains forever. Let's not do that!
>>
>> I think we're pretty close to that abyss already, and we can't pull back from it without replacing getaddrinfo(). This fix to RFC6724 is the best we can for current running code, however.
>>
>> Also, it turns out that the IESG holdup on draft-ietf-6man-rfc6874bis-09 is closely related to this very question. Over in Webland, they really don't know how to handle the issue of locally scoped IP addresses. See https://wicg.github.io/private-network-access/
>
>
> In my opinion, removing the separate label for ULA pushes us into the abyss, and we will forever confuse the local and global domains. If we continue the local vs. global confusion we created in IPv4, in IPv6, there will be no hope for them to ever figure out how to handle the issue of locally scoped IP addresses.

I tend to agree with this, the label is an important part of the
deterministic process.
I would rather see some way, outside of the scope of this draft, to
signal to the host the presence of a NPTv6 service upstream. I've been
thinking about that quite a bit in the context of NPTv6, and more and
more I feel like that is a thought exercise worth going through.

>
> Thanks.
>
> --
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email