IETF Logo Mail Archive

Re: there should be a ULA prefix?? [was: A common problem with SLAAC in "renumbering" scenarios]

Mark Smith <markzzzsmith@gmail.com> Wed, 27 February 2019 00:28 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CA89130EE7 for <ipv6@ietfa.amsl.com>; Tue, 26 Feb 2019 16:28:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkEE5v5icg3W for <ipv6@ietfa.amsl.com>; Tue, 26 Feb 2019 16:28:36 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44E6C130ED7 for <ipv6@ietf.org>; Tue, 26 Feb 2019 16:28:36 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id v20so12843058otk.7 for <ipv6@ietf.org>; Tue, 26 Feb 2019 16:28:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZLxhcKoshdV9KrnHCufA3mxWpfQDATLbSrbrUcO32iE=; b=QEOjP/5P4AQZx/31CclvAdVagod/ULCcjgRXN+o1KXHnM3M1bcxJhF6i6N+fqnpFL5 /kkwfZ+ZTzGog5fsA+DGC+ZHhJNCe/2p309nbDyWRUbChuEeFbsu1RTQDuerbyxtJ4mH PUB3Z8Kyal8YDce9ioAR5ketBEvUMrX9gIvNt4WlxJXUeZeoIijcmxBey/CgWstKWyj5 13Ba8gVmEwMOd8yhQDf3aV1WhdHYxD4bv0Sa1cLzCqXWPzbwLpirPjrsynhkbk5BHU97 C0u2KcPAPo27M0CYs4je/47iyKjLiLoVfhwt2qEkKot1myHoga42RZgSLSMj1iWz7CTy kaPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZLxhcKoshdV9KrnHCufA3mxWpfQDATLbSrbrUcO32iE=; b=jLikXfIvE2k+pagAPKR4BETTuOTHPOE1KyCUaZjyBSZOzPMXe7tSL5zpp893GO70Zv OAufZxJfxQbjIfHgGOwfxe1yfK1opzZrf2T5mJxqr29dGtIdFIm353bEi4vLS0k/igpP POTnTzt1U7wQNsO5X7m+FYYyd94+ysxGJxgrfd4MKr4wuMs7xQvMOTZtfMccEwuVLhIP Yrvd2IjPoKp0uYVUn4qyhMz4crQLDNiYVRIdac3ActIvpxPCEMF6u0f87eQBrbeJYRrM vPEvmwyULNvOqIxXAxTyt1f42oSVpYnFVlP4pTOWqTVnRbGWhus3g/2l9za2JBGqXioM dLNA==
X-Gm-Message-State: AHQUAuYq/iyCph6oBPhNFsidFvXF9mis3gSUReDZcQgDuORy0ZJMF6kk qCyI+MaToXvtAC+oRFeKBthMzsxaKQaXKQdiRJo=
X-Google-Smtp-Source: APXvYqy98XTLJcbykhGh60RNwsxg0MSwIgR4/Z8/iGKwbfscqPKWWGTRNnmmiD6WMKSb+WcVmo5Qjm6Os11siEa4yOg=
X-Received: by 2002:a9d:6d98:: with SMTP id x24mr467267otp.318.1551227315321; Tue, 26 Feb 2019 16:28:35 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <1F07F2BB-2F37-4D12-9731-7892DF4E3D88@consulintel.es> <0a582916-af14-bd82-a4cd-002a36f8830b@huitema.net> <67515a73-26a5-3ed0-da88-1a4ce64550d3@foobar.org> <360afa02-cf23-375c-4876-780d3c2aa5ac@gont.com.ar> <CAHL_VyD34V=TRcsCp0DOO9HJNHyy5xkiMQ_cZoBa7zTE4fe5OA@mail.gmail.com> <ead01e0a-9211-7944-88d6-ae8d037c03a8@si6networks.com> <FB8B77EE-CC16-4418-BB5E-D44EE66D6B72@jisc.ac.uk> <899A1249-D3D9-4824-8B2E-7E950FBB316A@jisc.ac.uk> <m1gya2p-0000HVC@stereo.hq.phicoh.net> <9b7ba4df-41df-2c03-ddca-e15289075bff@gmail.com> <CAO42Z2xq1GNdkopJRwaq=V0UnVGzky7yfCuOy-8mQgHKUw=y1w@mail.gmail.com> <e44c03a5-64b7-973a-0c03-503f58bb122e@gmail.com>
In-Reply-To: <e44c03a5-64b7-973a-0c03-503f58bb122e@gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 27 Feb 2019 11:28:23 +1100
Message-ID: <CAO42Z2yu6cANMqJ-NnC0OwguVFizLVVz-oarfD88OwRL-+40JQ@mail.gmail.com>
Subject: Re: there should be a ULA prefix?? [was: A common problem with SLAAC in "renumbering" scenarios]
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001885430582d54189"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/pS9KHySXPY9nj4MOxJ5gQz9wa3M>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 00:28:39 -0000

On Wed., 27 Feb. 2019, 10:57 Brian E Carpenter, <brian.e.carpenter@gmail.com>
wrote:

> On 27-Feb-19 11:10, Mark Smith wrote:
> > On Wed., 27 Feb. 2019, 06:36 Brian E Carpenter, <
> brian.e.carpenter@gmail.com>
> > wrote:
> >
> >> Philip,
> >>
> >> On 26-Feb-19 23:33, Philip Homburg wrote:
> >>>> So given that document is 12 years old, with that default copied from
> >> one that
> >>>> is 21 years old, is an update required?
> >>>>
> >>>> And if so, to what?
> >>>
> >>> I think this should be updated.
> >>>
> >>> A long time ago, the model was that you would get a prefix from your
> ISP
> >>> and that was the only global prefix on the local network.
> >>>
> >>> So with short lifetimes, if the internet connection would go down for a
> >>> relatively long period, there would be no global prefix anymore and
> hosts
> >>> would have to resort to link local to communicate (which obviously
> fails
> >>> if there are multiple subnets).
> >>>
> >>> Some time in the past, the thinking changed and now there should be a
> ULA
> >>> prefix in addition to any global prefixes.
> >>
> >> Really? Where do you think that is stated?
> >>
> >> I happen to run my CPE with ULA enabled, but I'm not aware of any
> >> recommendation to do so.
> >>
> >
> > RFC7084. Was also in its ancestor.
>
> Not so. All it says is:
>
>    ULA-1:  The IPv6 CE router SHOULD be capable of generating a ULA
>            prefix [RFC4193].
>


That could be interpreted to mean if it is capable of generating a ULA then
it should generate and announce one. It's probably a bit of ambiguity in
what generate can mean - generate could mean generate without
using/announcing it, but what would be the point of doing so?

There is earlier text in that section such implies ULAs are to be used if
the device can  generate them - "will need".



   An IPv6 CE router is expected to support an IPv6 end-user network and
   IPv6 hosts that exhibit the following characteristics:

   1.  Link-local addresses may be insufficient for allowing IPv6
       applications to communicate with each other in the end-user
       network.  The IPv6 CE router will need to enable this
       communication by providing globally scoped unicast addresses or
       ULAs [RFC4193 <https://tools.ietf.org/html/rfc4193>], whether
or not WAN connectivity exists.






> Unless I've missed something, nowhere does it recommend that ULA
> should be enabled by default, and even though I'm a strong advocate
> of ULAs, it isn't obvious that they should be on by default as a
> general recommendation.
>
> > OpenWRT is enabling ULAs by default (although with infinite lifetimes
> which
> > is something that should be changed).
>
> And for homenets that is a reasonable default IMHO, and is advocated
> by RFC7368. However, https://tools.ietf.org/html/rfc7788#section-6.5
> doesn't make it mandatory.
>


The concern with infinite is that in theory they'll persist on a hosts
interface until the OS is rebooted. So a mobile laptop that is suspended
while moved around, and never rebooted could carry those addresses around
and possibly open sockets around for months.

Infinite LTs are implying the address is infinitely valid in any context.
It would be the most extreme case of the issue Fernando and Jan have raised.

I think the loopback address is the only address where infinite lifetimes
are valid. The Link-Local prefix has infinite lifetimes, however I think
there is a privacy case where link-local addresses shouldn't. (Which I'll
put in an email in the next day or so.)



> > Back in 2010 Fritzboxes were doing ULAs too, although badly. They had all
> > zeros random parts, and were trying to swap them in and out with the PD
> GUA
> > addresses as the WAN link went up or down. (It seemed they didn't
> > understand the fundamental idea that IPv6 supports multiaddressing.)
>
> My 2013-vintage FritzBox does better than that.
>

Good. I worked for the ISP who introduced them to Australia, and was doing
work with a number of IPv6 CPE vendors, however Fritz just seemed to be a
blackhole regarding working with us to improve their IPv6 implementation at
the time.

Regards,
Mark.




>    Brian>
> >>> So I think that with a ULA, it makes more sense for a CPE to limit
> >> lifetimes
> >>> to some multiple of the RA interval.
> >>
> >> Why? I don't expect my ULA prefix to change ever. Or do you mean the
> >> lifetimes
> >> for globally routeable prefixes?
> >
> >
> >>    Brian
> >>
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
> >>
> >
>

v2.23.0 | Report a Bug | By Email