Re: Extending a /64
Mark Smith <markzzzsmith@gmail.com> Mon, 16 November 2020 19:17 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 691DA3A0779 for <ipv6@ietfa.amsl.com>; Mon, 16 Nov 2020 11:17:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ak3tagq4mLaT for <ipv6@ietfa.amsl.com>; Mon, 16 Nov 2020 11:17:13 -0800 (PST)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C9CB3A067A for <ipv6@ietf.org>; Mon, 16 Nov 2020 11:17:13 -0800 (PST)
Received: by mail-ot1-x32f.google.com with SMTP id f16so17061475otl.11 for <ipv6@ietf.org>; Mon, 16 Nov 2020 11:17:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SehbWTbWdle6Y3Ef80qfg0Nrsty069gC+vzn5e+ypH0=; b=ogpFkHcMSHQT3XXo2CbhcW6X9h1uhBYOc1AS6EQBd/dqf2TpkHirRe18Fdnhvse3wZ Lc9IJYlW+HF3lNLCxG26ni5gTh3bAfwrFcOnKpVt3J4ZX1l46iuD4/swmzh1Zrb2W4qu kjhCxmPr+tHDAi18cac8fKr3+buqx2HYoa669pnZpXi70kdY70Gqi1IAfSKPIGJIDbkr IWIPyeqqYs+ZS9tll459c6pfUt4195vWJrAe3+NOYzkh5ZFXmbMM1UDI290BhZ/AuLY5 zDa9mxzSSQx51t6lFSyAqRTPZsBPc6JS1NGw69nOfkgeJL3tYP4tEFkcjG+P5TDiGEZX jYrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SehbWTbWdle6Y3Ef80qfg0Nrsty069gC+vzn5e+ypH0=; b=lZBXJNsCDeqgM+JYnwSJ61NbtczeFRM6QyClYaAGD7RDP+bsVyHSs6sbGiSuiCXHPQ W6gYXktmXc1/kGN+fxaXvxAbSLccvzvYmm8RGI+Vznz9RSlHQnW8NWF48JOHNbTipIvy 8OGoVZJ5Q3Wvn8NnB3MhwqDhADUaaapP6YNAXf5WKU6YbOqiXXq4shsriJETU7mHYJzr 07LyzRTuCIOQpGD6w0BvcLphYXnoq+Ui1eJmxbMvoQ9WtScwozRaXPxn6GmJNwv+paup 0EqHVokWhZp1L35nM13mNG2wlpLcB5s3/fl7tdOCU1XcaJnPfcMO1TxBJwlwr7IMaDVd FQvw==
X-Gm-Message-State: AOAM530BQuhqk7k5jrbJzUityJRFue2s34e+4hMGaQMH+I+wFVP8diqM SUCVdXIT63U/n2GuqjamzJqlxpDWdqwJLPeqR+A=
X-Google-Smtp-Source: ABdhPJz33jLBCWlfh7FD97oOUC7vcGVVIo9akSI2HSOKlk2s5Tas/CZmYhfdKFkSVndwetgkAaA2vqGyGzsBRvPY3w4=
X-Received: by 2002:a9d:a0d:: with SMTP id 13mr539664otg.348.1605554232626; Mon, 16 Nov 2020 11:17:12 -0800 (PST)
MIME-Version: 1.0
References: <202011151920.0AFJKN9U003337@mail2.mwassocs.co.uk> <3d26bffe-b6c9-4ed7-6135-a515f9902fd7@gmail.com> <m1keOTi-0000EGC@stereo.hq.phicoh.net> <CAO42Z2wZkXryhw1u5WAFdtCvXHyyz1zeM22FP_gRxjurjsG-Jw@mail.gmail.com> <29299.1605477799@localhost>
In-Reply-To: <29299.1605477799@localhost>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 17 Nov 2020 06:17:00 +1100
Message-ID: <CAO42Z2yS9gL9wQcfPb7Bes+ao=an2Lp2r5eJo97kcb4y2si=gg@mail.gmail.com>
Subject: Re: Extending a /64
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b4111505b43e3927"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/o8orDH9_a_QmxkO_3CK1hXvIIPM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2020 19:17:15 -0000
On Mon, 16 Nov 2020, 09:03 Michael Richardson, <mcr+ietf@sandelman.ca> wrote: > > Mark Smith <markzzzsmith@gmail.com> wrote: > > On Mon, 16 Nov 2020, 07:19 Philip Homburg, < > pch-ipv6-ietf-6@u-1.phicoh.com> > > wrote: > > >> > Again, there are 35 trillion /48s in 2000::/3. How many would you > >> > need? > >> > >> It gets tight when you want the prefix to contain 39 bits to number > around > >> half a million planes. > >> > > > Why are half a million planes going to be on the Internet? > > No, not "Internet" > "internet" --- as in, uses IPv6. > Asking for GUA space implies attached to the big-I Internet when the ULA space exists for non-Internet connected devices. If a single /48 ULA isn't big enough, generate more. How and if it connects to the DFZ is not really any of our business. > It is when GUAs are being requested, and the RFC4291 address format is being ignored. It's not IPv6 and can't be called "IPv6" if it doesn't comply with the IPv6 specifications. GUAs have two properties: - globally unique address - provide potential global reachability to any and all global Internet destinations ULAs only have the first property. If a device doesn't need the second property, the device doesn't need a GUA. The security principle of least privilege demands that devices aren't given the second property when they don't need it. > Because thinking that you can put ALG gateways and NATs and other crap in > the > way to keep stuff off the internet is IPv4 think. A management platform or system that controls and aggregates data from ULA addressed devices is perfectly compliant with the IPv6 architecture, because the management system is built with hosts. No NAT, no ALGs, the transport connections are end host to end host within the distinct network. Outside access to that would be via multi-homing one or more of the hosts in the management system. Specifically, forwarding between the hosts' interfaces is not enabled. The multihomed host(s) are relaying data between these two networks at the application layer and as part of the application architecture. This is how the IPv6 smart meter network I've seen works - and actually, were IPv6 only on the meter side, and only IPv4 on the outside. The reason NATs and ALGs cause problems is they're not proper and distinct RFC8200 hosts or routers. They're a mutant half way between - do more than dumb packet forwarding (routing), but don't properly do all of what the host and application processing does. They "half" participate in the end to end protocols. If you can't or don't want to for security reasons provide direct host to host connectivity within a single network, you partition the network into two with a multihomed host or hosts and have an application architecture that suits that. Anything less than that i.e. NATs or ALGs, doesn't comply with the device roles in RFC8200, and suffers from the well known problems caused by "more than routers, but not full hosts". Regards, Mark. > If our answer to requests for IPv6 address space involves IPv4-style > justification, then we might as well give up and go for triple-NATed CGN. > > Now, I don't understand how 39bits are needed to number log_2(10^6) = > 20bits > of airplane. It seems to leave more than 16-bits for subnets on each > airplane, which is still a lot. > > Remember that it might be 2^19 concurrent airplanes, but the address plan > would be expected to last a hundred years or so. > > > > Supposedly only some drones needed (really?) to be on the Internet. > How did > > that turn into every plane? > > Because every plane has electronics that speak IPv6. > > > Can somebody post a link to the draft that tries to justify this > idea? > > Has a security threat model been done? > > Who cares? Firewalls work regardless of what address space is used. > I > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Extending a /64 otroan
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 otroan
- Re: Extending a /64 otroan
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Alexandre Petrescu
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Ca By
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 otroan
- Re: Extending a /64 JORDI PALET MARTINEZ
- RE: [EXTERNAL] Re: Extending a /64 Manfredi (US), Albert E
- Re: [EXTERNAL] Re: Extending a /64 Mark Smith
- RE: [EXTERNAL] Re: Extending a /64 Manfredi (US), Albert E
- Re: Extending a /64 Brian E Carpenter
- Re: [EXTERNAL] Re: Extending a /64 Gyan Mishra
- Re: [EXTERNAL] Re: Extending a /64 Mark Smith
- Re: Extending a /64 otroan
- Re: [EXTERNAL] Extending a /64 otroan
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 otroan
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 otroan
- Re: Extending a /64 Philip Homburg
- Re: [EXTERNAL] Extending a /64 Gyan Mishra
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 JORDI PALET MARTINEZ
- Re: Extending a /64 Pascal Thubert (pthubert)
- Re: Extending a /64 George Michaelson
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 Christopher Morrow
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 otroan
- Re: Extending a /64 Christopher Morrow
- Re: Extending a /64 Brian E Carpenter
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 Alexandre Petrescu
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Mikael Abrahamsson
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Mikael Abrahamsson
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 otroan
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 otroan
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 S Moonesamy
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Brian E Carpenter
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Brian E Carpenter
- Re: Extending a /64 Nick Hilliard
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Nick Hilliard
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 Brian E Carpenter
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Brian E Carpenter
- Re: Extending a /64 JORDI PALET MARTINEZ
- RE: [EXTERNAL] Re: Extending a /64 Manfredi (US), Albert E
- Re: Extending a /64 Gyan Mishra
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Nick Hilliard
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Nick Hilliard
- Re: Extending a /64 JORDI PALET MARTINEZ
- Re: Extending a /64 Simon Hobson
- Re: Extending a /64 Joel M. Halpern
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Joel M. Halpern
- Re: Extending a /64 Alexandre Petrescu
- Re: Extending a /64 Alexandre Petrescu
- RE: Extending a /64 Da Silva, Saulo
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Templin (US), Fred L
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Alexandre Petrescu
- Re: Extending a /64 Behcet Sarikaya
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Joel M. Halpern
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Templin (US), Fred L
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Templin (US), Fred L
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Tony Whyman
- RE: Extending a /64 Da Silva, Saulo
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Mark Smith
- Why this is broken [was Re: Extending a /64] Brian E Carpenter
- RE: [EXTERNAL] Why this is broken [was Re: Extend… Templin (US), Fred L
- Re: [EXTERNAL] Why this is broken [was Re: Extend… Matthew Petach
- Re: Why this is broken [was Re: Extending a /64] Tony Whyman
- RE: [EXTERNAL] Re: Extending a /64 Manfredi (US), Albert E
- Re: Why this is broken [was Re: Extending a /64] Brian E Carpenter
- Re: Extending a /64 David Farmer
- Re: Extending a /64 Brian E Carpenter
- Re: Extending a /64 (ATN/IPS worked example) Tony Whyman
- Re: Extending a /64 Tony Whyman
- Re: Why this is broken [was Re: Extending a /64] Tony Whyman
- Re: Extending a /64 (ATN/IPS worked example) Philip Homburg
- Re: Extending a /64 (ATN/IPS worked example) Tony Whyman
- Re: Extending a /64 David Farmer
- Re: Extending a /64 (ATN/IPS worked example) Philip Homburg
- Re: Extending a /64 Tony Whyman
- Re: [EXTERNAL] Why this is broken [was Re: Extend… Behcet Sarikaya
- Re: Extending a /64 Simon Hobson
- Re: Cellphones in aircraft [was: Why this is brok… Simon Hobson
- RE: [EXTERNAL] Why this is broken [was Re: Extend… Templin (US), Fred L
- Re: [EXTERNAL] Why this is broken [was Re: Extend… Behcet Sarikaya
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 (ATN/IPS worked example) Brian E Carpenter
- Re: Why this is broken [was Re: Extending a /64] Matthew Petach
- RE: [EXTERNAL] Re: Why this is broken [was Re: Ex… Templin (US), Fred L
- Re: Extending a /64 (ATN/IPS worked example) Templin (US), Fred L
- Re: Extending a /64 (ATN/IPS worked example) Brian E Carpenter
- Re: Extending a /64 (ATN/IPS worked example) Brian E Carpenter
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- Re: Extending a /64 (ATN/IPS worked example) Templin (US), Fred L
- Re: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Brian E Carpenter
- Re: Extending a /64 (ATN/IPS worked example) Brian E Carpenter
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Manfredi (US), Albert E
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- Re: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Philip Homburg
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Manfredi (US), Albert E
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- RE: [EXTERNAL] Re: Extending a /64 (ATN/IPS worke… Templin (US), Fred L
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 (ATN/IPS worked example) Michael Richardson
- Re: Extending a /64 (ATN/IPS worked example) Michael Richardson
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 (The most welcome comment) Tony Whyman
- Re: Why this is broken [was Re: Extending a /64] Behcet Sarikaya
- Re: Extending a /64 (The most welcome comment) Brian E Carpenter
- RE: [EXTERNAL] Re: Extending a /64 (The most welc… Manfredi (US), Albert E
- Re: Extending a /64 Michael Richardson
- Re: Extending a /64 (The most welcome comment) Templin (US), Fred L
- RE: Extending a /64 (The most welcome comment) Manfredi (US), Albert E
- Re: Extending a /64 (The most welcome comment) Brian E Carpenter
- RE: [EXTERNAL] Re: Extending a /64 (The most welc… Templin (US), Fred L
- Re: Extending a /64 (The most welcome comment) David Farmer
- Re: Extending a /64 Michael Richardson
- Re: Why this is broken [was Re: Extending a /64] Michael Richardson
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Mark Smith
- Re: [EXTERNAL] Re: Extending a /64 (The most welc… Tony Whyman
- RE: [EXTERNAL] Re: Extending a /64 (The most welc… Pascal Thubert (pthubert)
- Re: [EXTERNAL] Re: Extending a /64 (The most welc… Tony Whyman
- Re: Extending a /64 Nick Hilliard
- Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Tony Whyman
- Re: [**EXTERNAL**] Re: Extending a /64 Mudric, Dusan
- Re: [**EXTERNAL**] Re: Extending a /64 Tony Whyman
- Re: Extending a /64 Nick Hilliard
- Re: Extending a /64 (The most welcome comment) Templin (US), Fred L
- Re: [**EXTERNAL**] Re: Extending a /64 tom petch
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Nick Hilliard
- RE: [EXTERNAL] Re: Extending a /64 Manfredi (US), Albert E
- Re: Extending a /64 Mark Smith
- Re: Extending a /64 Philip Homburg
- Re: Extending a /64 Nick Hilliard