IETF Logo Mail Archive

Re: 6MAN Adoption call on raft-chakrabarti-nordmark-6man-efficient-nd-04

Lorenzo Colitti <lorenzo@google.com> Wed, 20 November 2013 05:50 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 940F41AE327 for <ipv6@ietfa.amsl.com>; Tue, 19 Nov 2013 21:50:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SXdwwSxqCEDI for <ipv6@ietfa.amsl.com>; Tue, 19 Nov 2013 21:50:16 -0800 (PST)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id B80491AE325 for <ipv6@ietf.org>; Tue, 19 Nov 2013 21:50:16 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id qd12so3657017ieb.31 for <ipv6@ietf.org>; Tue, 19 Nov 2013 21:50:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=E74vRJJIDq2Zdu3qHysLb7SLnpJvYXtR2MKq76fbizs=; b=CrB4+DiHuT4vYgpc3/9rDqU8O5x/RcQYSHAwi8YrqPUH3zJiK5krSAfNTZgGViyiKV sNfyqYkjKgNge5y9qnOBQz9j+OzIs+60FbTw+obFTPHBzdE0QdqYKVTlso1r4ML7b1H2 DPa5FW/ox6FdgYX3jJTBNHuNv8c8QWVdEc6QeQ/jaLvJyD19rNwf/PRv/RnrdIV/pSV+ fb0QPdUV2yI4irwR7dKa6xY5EIX3ehrouirPN+tsUkhQ0mXxmtf6scE0gu1IHQbxPiwV f2uZfdoDltlHZ+GYd37e/XECoIL5e4yYP/28bvpXAMej5PQA6bnOfyX/adF0E+Wk/Oip qV4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=E74vRJJIDq2Zdu3qHysLb7SLnpJvYXtR2MKq76fbizs=; b=J56GMYux/nSLwwE/ED73SfrbI+eydPuMtZ1fGvxoJKwvkP/4U9lXUkwwTPCsDRiB1b Ts3+l7paeSvyNdMAs7TGCOf9JH73SnFlJBlG4N7ZW0ubJbyEMJ5NjYoFZWIp/jZt34bI /rNgcDQAmfyWzk5KjJAx8AvQnVs/rkapHwUSrATuDNmBdcj8GaQHdurqIx0XwJMp2E0C fw0d2mLJCCS116EE8eApBus6aEwukg8C6DG3S6J2OElL9AP/BBPHY/jQYix+R1swvCOv AOsHI78Goudu7edjhbJQOpj4qgvDyO5E9CKl6RGiai6ygw3nc7meqPEq6FevhHHvPgnU c4bQ==
X-Gm-Message-State: ALoCoQk/D46t9dorxO6nqd1sMtGd9cI50bPcyVmyd/tThS4K9EHivBUVoAb2sTtPCAEwQXCOqsLpjIVseWvJnwOFOJDCIsrlJyF3j++EXXYRWL+QtOmS+kyLu6GgRJamURoLZJVrMac9+5/SFpjCIu98pSNwPpYOOfbq8Ktlwjt0mbje7XnIiEL4KFfIIKaowBoYISBrfK+4
X-Received: by 10.50.66.163 with SMTP id g3mr22272151igt.20.1384926610106; Tue, 19 Nov 2013 21:50:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.86.106 with HTTP; Tue, 19 Nov 2013 21:49:49 -0800 (PST)
In-Reply-To: <1384888993.47068.YahooMailNeo@web142506.mail.bf1.yahoo.com>
References: <1F653502-AD41-4EB6-A43D-541356810DF2@employees.org> <CAAfuxnL3q+udqFafgm9QXrY2Fsh+R=Ku7yEzbr0Wbox8xkK8hA@mail.gmail.com> <528BB522.3090808@acm.org> <1384888993.47068.YahooMailNeo@web142506.mail.bf1.yahoo.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Wed, 20 Nov 2013 14:49:49 +0900
Message-ID: <CAKD1Yr3nb13Mkxxx7Bfud89ZpD4bF3i2LXHzyqBpuouBkevdcQ@mail.gmail.com>
Subject: Re: 6MAN Adoption call on raft-chakrabarti-nordmark-6man-efficient-nd-04
To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
Content-Type: multipart/alternative; boundary="047d7bdca31ca2c7cd04eb955ae0"
Cc: Dan Luedtke <maildanrl@gmail.com>, Erik Nordmark <nordmark@acm.org>, 6man WG <ipv6@ietf.org>, 6man Chairs <6man-chairs@tools.ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 05:50:18 -0000

On Wed, Nov 20, 2013 at 4:23 AM, Mark ZZZ Smith
<markzzzsmith@yahoo.com.au>wrote:

> It is also a method of preventing source address spoofing towards off-link
> victims. The router could refuse to forward packets for which the source
> address isn't registered and therefore validated as present.
>

More in general, it's a way for the router to control what the host can do
on the link, and what addresses it can assume. We never had that in the
IPv6 architecture. Why do we need it?

And, yes, I am well aware that "we can already do this today stuff". The
problem is that that argument isn't really true. Sure, a wifi AP can
already decide to accept packets only if your IID is prime and the
 immediately-highest on-link is a perfect square. And sure, a wifi AP can
already deny the capability to use more than one address - hell, it can
simply dropping all the sent by all addresses except one. And sure, an
operator can already decide not to let you onto the network if you don't do
DHCPv6.

But we *don't do* this today. Why? Because it breaks compliant host
implementations, and when hosts break users complain, and when users
complain it creates pressure on the network operator and the network
designer to fix the problem.

For example: today, if you only accept packets from two IPv6 addresses per
MAC address, then implementations break. Privacy addresses don't work, the
host has no way of knowing that its packets are being dropped, and things
generally don't work that well. At best, HE implementations will use IPv4
and possibly cause scaling issues on NATs and latency issues for users.
This suboptimal operation causes operators to modify their configurations
in order to provide working service to clients. This is very different from
making registraion a supported mode of operation.

What this draft proposes is to place the control of what happens on link in
the hands of the registering router, and make this a *supported mode of
operation*. Yes, this is possible today, but *not without application
breakage*. There is a huge difference; in fact, it's quite a fundamental
change in the architecture to have a limited set of layer 3 devices be
gatekeepers for all on-link communication.

v2.23.0 | Report a Bug | By Email