IETF Logo Mail Archive

RE: Network merge [Re: RFC6724-bis?]

Vasilenko Eduard <vasilenko.eduard@huawei.com> Tue, 27 September 2022 19:57 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18613C15C503 for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 12:57:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqzcDAfyAYkD for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 12:57:46 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F203FC15C502 for <ipv6@ietf.org>; Tue, 27 Sep 2022 12:57:45 -0700 (PDT)
Received: from fraeml739-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4McVln0v6lz67L71; Wed, 28 Sep 2022 03:57:41 +0800 (CST)
Received: from mscpeml100002.china.huawei.com (7.188.26.75) by fraeml739-chm.china.huawei.com (10.206.15.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 21:57:43 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100002.china.huawei.com (7.188.26.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 22:57:43 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.031; Tue, 27 Sep 2022 22:57:43 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Ole Troan <otroan@employees.org>
CC: Mark Smith <markzzzsmith@gmail.com>, Ted Lemon <mellon@fugue.com>, 6man WG <ipv6@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Subject: RE: Network merge [Re: RFC6724-bis?]
Thread-Topic: Network merge [Re: RFC6724-bis?]
Thread-Index: AQHY0FWzi1mPXFg/Y0GQt/hCVGqTN63wdgWAgADrAlD///YugIAAOJuQgACZh4CAAAf/AIAAR6eAgAAKRACAAGkksIAAkEiAgAACTACAAAI8AIAAM9QQ
Date: Tue, 27 Sep 2022 19:57:42 +0000
Message-ID: <9bed9e84b1114a5c8da026a4b3b26781@huawei.com>
References: <33031a7e-c099-e660-3575-12d45854604e@gmail.com> <66512E84-BF45-4A9E-93D3-5F7C4902CD63@employees.org> <a55ec35e-1e98-5447-09aa-cf03d98d6e44@gmail.com>
In-Reply-To: <a55ec35e-1e98-5447-09aa-cf03d98d6e44@gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.144.28]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/rMZr_nPl9dc5bIJq5dswDIs5JB0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 19:57:48 -0000

It still needs the code change on all OSes.
They should insert /48 policy into SASA after receiving /64 PIO with L=A=0.
Moreover, would be a problem with many VPN solutions that install prefixes not as a PIO.
Ed/
-----Original Message-----
From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] 
Sent: Tuesday, September 27, 2022 10:48 PM
To: Ole Troan <otroan@employees.org>
Cc: Vasilenko Eduard <vasilenko.eduard@huawei.com>; Mark Smith <markzzzsmith@gmail.com>; Ted Lemon <mellon@fugue.com>; 6man WG <ipv6@ietf.org>; Michael Richardson <mcr+ietf@sandelman.ca>
Subject: Re: Network merge [Re: RFC6724-bis?]

On 28-Sep-22 08:40, Ole Troan wrote:
> 
>> (It is the presence of a ULA /48 prefix in local routing that we care 
>> about. The PIO for a /64 within that /48 is the trigger that it needs 
>> high precedence.)
> 
> Extending and overloading existing protocol fields is problematic. The proponents of this need at least to consider the consequences for existing implementations and future extensibility of the protocol. As well as the deployability of this, compared to existing standardized solutions.

There isn't a standardized solution, since the mechanism for updating the RFC6724 table is not standardized. A=L=0 is already standardized to mean "I can route this prefix" and the proposal builds on that exact semantic.

     Brian

> 
> O.
> 
> 
>>
>>> On 27-Sep-22 21:02, Vasilenko Eduard wrote:
>>> I am not so scared "on every interface". It is not good too (no automation), but tolerable for the Enterprise environment, not tolerable for SMB/home.
>>> If I understand the context of this discussion (I am not sure) It is 
>>> proposed here to have hundreds of PIOs (A=L=0) on every interface! 
>>> (separate prefix announcement for every remote prefix on different links) It looks like the consequence of /64 ULA policy table modification instead of /48 (A=L=0 PIO looks for this, right?).
>>> If my guess is right - then it is terrible.
>>> Eduard
>>> -----Original Message-----
>>> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
>>> Sent: Tuesday, September 27, 2022 7:39 AM
>>> To: Mark Smith <markzzzsmith@gmail.com>; Ted Lemon 
>>> <mellon@fugue.com>
>>> Cc: 6man WG <ipv6@ietf.org>; Michael Richardson 
>>> <mcr+ietf@sandelman.ca>; Vasilenko Eduard 
>>> <vasilenko.eduard@huawei.com>
>>> Subject: Re: Network merge [Re: RFC6724-bis?]
>>>> On 27-Sep-22 17:02, Mark Smith wrote:
>>>>
>>>>
>>>>> On Tue, 27 Sept 2022, 09:46 Ted Lemon, <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:
>>>>
>>>>      The use case we are talking about here is a managed enterprise network. It should be no problem for the network operator to configure some local ra options.
>>>>
>>>>
>>>> On every existing and every new internal interface of every router in the network?
>>> Yes, but I assume that enterprises need ways to do network-wide config anyway. If not, that's why we're working on autonomic networking, to provide an ecosystem for smart enterprise-wide config.
>>>    
>>>> For many networks that's 100s if not 1000s of interfaces to configure with this parameter. That's a lot of work for *every* enterprise network to perform to work around somebody else's occasional error of putting ULA AAAAs in global DNS.
>>> I can't disagree (but it suggests a big gap in DNS tooling if that's even allowed except inside a split horizon DNS).
>>>      Brian
>>>>
>>>> This work around is going to be far more costly than teaching people not to put ULA AAAAs in global DNS.
>>>>
>>>> You don't teach people not to do something bad by hiding the consequences when they do, and placing the costs of tolerating that bad behaviour onto everybody else other than the person who created the problem.
>>>>
>>>> Regards,
>>>> Mark.
>>>>
>>>>
>>>>      Op ma 26 sep. 2022 om 19:17 schreef Mark Smith 
>>>> <markzzzsmith@gmail.com <mailto:markzzzsmith@gmail.com>>
>>>>
>>>>
>>>>
>>>>>          On Mon, 26 Sept 2022, 21:15 Vasilenko Eduard, <vasilenko.eduard=40huawei.com@dmarc.ietf.org <mailto:40huawei.com@dmarc.ietf.org>> wrote:
>>>>
>>>>               >    > But how remote ULA prefix would be known to the local router?  If
>>>>               >It can't, which is fine.
>>>>               >If there are multiple ULAs after a merger, then we do what Brian and David described and send RIOs or PIOs.
>>>>
>>>>              It is evident that A=0 is for something non-local.
>>>>
>>>>
>>>>          A=0 means the opposite of A=1, and A=1 has a specific meaning, nothing to do with non-local.
>>>>
>>>>          Define another flag if this is going to be the solution to the fault of putting ULA AAAAs in global DNS.
>>>>
>>>>          (Can it be adapted to the fault of putting link-local 
>>>> addresses in DNS?)
>>>>
>>>>
>>>>              It would be especially needed if /64 would be put into the SASA policy table (then the remote prefix would be /64 too).
>>>>              It may be needed for different /48 after the company merge.
>>>>
>>>>              How to know what to put in this special PIO (A=L=0)? It looks like not automated at all.
>>>>
>>>>
>>>>          A sign that it's not solving the problem where it exists.
>>>>
>>>>
>>>>
>>>>              Ed/
>>>>              -----Original Message-----
>>>>              From: Michael Richardson [mailto:mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>]
>>>>              Sent: Monday, September 26, 2022 1:45 PM
>>>>              To: Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>>; 6man WG <ipv6@ietf.org <mailto:ipv6@ietf.org>>
>>>>              Subject: Re: Network merge [Re: RFC6724-bis?]
>>>>
>>>>
>>>>              Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>> wrote:
>>>>                   >> Now as to how to fix this without a global precedence for ULAs, I am
>>>>                   >> wondering about a PIO with L=0 and A=0 (exactly as recommended in RFC
>>>>                   >> 8028, but for other reasons). If a host sees such a PIO for a ULA
>>>>                   >> prefix, it could serve as a signal that the prefix is to be given a
>>>>                   >> suitable precedence, even though it is not on-link and not used for
>>>>                   >> SLAAC.
>>>>
>>>>                   >> I really like this.  I think it is the best solution.
>>>>
>>>>                   > But how remote ULA prefix would be known to the 
>>>> local router?  If
>>>>
>>>>              It can't, which is fine.
>>>>
>>>>              If there are multiple ULAs after a merger, then we do what Brian and David described and send RIOs or PIOs.
>>>>
>>>>                   > proper routing is in place then no problem exists in the first place,
>>>>                   > the whole FC/7 could be prioritized.
>>>>
>>>>              I don't think that non-local ULAs *should* be prioritized.
>>>>              I think that it's actually a problem as more and more sites use ULA for significant internal things, and those addresses leak into other sites.
>>>>
>>>>
>>>>              --
>>>>              Michael Richardson <mcr+IETF@sandelman.ca 
>>>> <mailto:mcr%2BIETF@sandelman.ca>>, Sandelman Software Works  -= 
>>>> IPv6 IoT consulting =-
>>>>
>>>>
>>>>
>>>>              --------------------------------------------------------------------
>>>>              IETF IPv6 working group mailing list
>>>>              ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>>              Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>>>>              
>>>> -------------------------------------------------------------------
>>>> -
>>>>
>>>>          --------------------------------------------------------------------
>>>>          IETF IPv6 working group mailing list
>>>>          ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>>          Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>>>>          
>>>> -------------------------------------------------------------------
>>>> -
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> - IETF IPv6 working group mailing list ipv6@ietf.org Administrative 
>>>> Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> -------------------------------------------------------------------
>>>> -
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email