IETF Logo Mail Archive

Re: A common problem with SLAAC in "renumbering" scenarios

Jan Zorz - Go6 <jan@go6.si> Wed, 13 February 2019 16:38 UTC

Return-Path: <jan@go6.si>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9551271FF for <ipv6@ietfa.amsl.com>; Wed, 13 Feb 2019 08:38:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=go6.si
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbK_HkKuAEx5 for <ipv6@ietfa.amsl.com>; Wed, 13 Feb 2019 08:38:19 -0800 (PST)
Received: from mx.go6lab.si (mx.go6lab.si [IPv6:2001:67c:27e4::23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E61EF1200B3 for <ipv6@ietf.org>; Wed, 13 Feb 2019 08:38:18 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.go6lab.si (Postfix) with ESMTP id 1C8816602B for <ipv6@ietf.org>; Wed, 13 Feb 2019 17:38:15 +0100 (CET)
X-Virus-Scanned: amavisd-new at go6.si
Received: from mx.go6lab.si ([IPv6:::1]) by localhost (mx.go6lab.si [IPv6:::1]) (amavisd-new, port 10024) with LMTP id QJIoq1ZK4zX4 for <ipv6@ietf.org>; Wed, 13 Feb 2019 17:38:14 +0100 (CET)
Received: from mail.go6.si (mail.go6.si [IPv6:2001:67c:27e4::61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.go6.si", Issuer "Let's Encrypt Authority X3" (not verified)) by mx.go6lab.si (Postfix) with ESMTPS id DE582603E3 for <ipv6@ietf.org>; Wed, 13 Feb 2019 17:38:13 +0100 (CET)
Received: from ISOC-BMDKQ4.local (unknown [IPv6:2001:67c:27e4:102:182a:e622:682:93c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Jan Zorz", Issuer "COMODO RSA Client Authentication and Secure Email CA" (not verified)) (Authenticated sender: jan) by mail.go6.si (Postfix) with ESMTPSA id 934558054D for <ipv6@ietf.org>; Wed, 13 Feb 2019 17:38:13 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=go6.si; s=mail; t=1550075893; bh=PEdyCWAv+CHS+2U/0DzAk40dxQtDC3svQ+rrrI2N3KU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=p2Hv722KUhHfltlhfpMtHs4rkLFp9EOaqr8ZRDNY1+sxXuqbOdJJdLxhfhkCfb3qp tSKQYpm/XRAzuqyvoe+aUW3XMM9cUw/CGYbSYKAppWddpN3Qmp93HLu4q0DzWFqPL8 gqmVm2vT3InYIzAKfl1dlGPeFpu0vpfD4zJe9JWE=
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
To: ipv6@ietf.org
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <alpine.DEB.2.20.1901311236320.5601@uplift.swm.pp.se> <m1gpCcz-0000FlC@stereo.hq.phicoh.net> <ddd28787-8905-bafd-3546-2ceef436c8b0@si6networks.com> <m1gptWx-0000G3C@stereo.hq.phicoh.net> <69609C58-7205-4519-B17A-4FBC8AE2EA16@employees.org> <d40b41c3-ff1b-cab4-a8de-16692a78e8fd@go6.si> <D1E45CAD-08D0-43D4-90F7-C4DD44CB32C0@employees.org> <alpine.DEB.2.20.1902041330531.23912@uplift.swm.pp.se> <77ecf321-b46e-4f25-7f68-05b15714a99e@si6networks.com> <CAHL_VyDdHuEAc9UdeiRp9f+c0tdzyoLwPY1rJbZmbWAuq96Uuw@mail.gmail.com> <alpine.DEB.2.20.1902051127510.23912@uplift.swm.pp.se> <7a401098-ef51-86d4-064b-056e061a4472@gmail.com> <CAHL_VyDACS172yQoSiz7s+FvrQWchesGXNx73FkA2T057q0YPQ@mail.gmail.com> <2ab6bda2-1a8f-47d9-17c1-bd82343e86c5@si6networks.com>
From: Jan Zorz - Go6 <jan@go6.si>
Message-ID: <682ab369-3c61-3c63-32be-d59ff445101b@go6.si>
Date: Wed, 13 Feb 2019 17:38:12 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <2ab6bda2-1a8f-47d9-17c1-bd82343e86c5@si6networks.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/o4t40TMbEuDyEi5qEbyukID8lE8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 16:38:22 -0000

On 13/02/2019 16:38, Fernando Gont wrote:
>> It could also just include it as a hint in the first SOLICIT.
>>
>> Storing the old lease to persistent storage also gives the CPE
>> visibility if the prefix does change.  If it does, it can then send
>> RAs with lifetime 0 to deprecate the old prefix on the LAN side.  This
>> seems to have resolve all of the issues for us, as far as we can tell.
> 
> It may solve the issues when/if implemented. For obvious reasons, you
> cannot rely on this functionality being deployed -- hence it does nto
> relieve us from improving the robustness of hosts.

Correct, I see the benefit in making host more robust and resilient - 
and making this a standard can only and just improve things, can't make 
them any worse.

However, CPE is also an important part of the game here. As said before 
and as heard from Richard, some huge operators are already deploying 
this "hack" where they write a PD to persistent storage and compare 
prefixes after reboots and this solves a lot of problems. Why not making 
this easy fix a recommended thing to do for everyone?

When talking about the provisioning part - IETF can't tell operators how 
to run networks (obviously), but what we can do here is to say "when 
assigning IPv6 prefix to a customer, identified by the same DUID, we 
must not assign a different prefix to the same DUID before the lifetime 
of PD that we set doesn't expire, otherwise you are breaking the 
protocol standards."

If somebody decides (for some bizzare reason) that it's a good idea to 
make CPEs with randomized DUID after every reboot, then they shall 
implement memorizing PDs in persistent storage across reboots and send 
ICMP packets after reboot to deprecate old prefix(es)

I think that extending a scope of our I-D to this three "advices" would 
bring at least some hope for improvement, as currently it can't be 
worse. Of course, things are easy for huge operators with home-brew CPEs 
and a lot of knowledge, but there are other, smaller and less deep-tech 
educated ISPs that could benefit from improved defaults.

Cheers, Jan

v2.23.0 | Report a Bug | By Email