Re: slaac-renum: New rev of draft-gont-6man-slaac-renum (Fwd: New Version Notification for draft-gont-6man-slaac-renum-08.txt)
Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 20 May 2020 20:58 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D7493A003D for <ipv6@ietfa.amsl.com>; Wed, 20 May 2020 13:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmXDQVAIbB0y for <ipv6@ietfa.amsl.com>; Wed, 20 May 2020 13:58:00 -0700 (PDT)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB3FD3A0029 for <ipv6@ietf.org>; Wed, 20 May 2020 13:58:00 -0700 (PDT)
Received: by mail-pj1-x102f.google.com with SMTP id z15so354477pjb.0 for <ipv6@ietf.org>; Wed, 20 May 2020 13:58:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=TPjnDl+ddO6mvfUcgAG43oxZv+tpVoeiM/H00BjLGeI=; b=K0LkAYmpmsGIMu8Fh5hkjXp66y44qE+/k+rP3usLMKxVOery73hvjk70cRnsWxtIsa +MjenvLLT8WW71cD/2CgQIk9fjPhz19c8gruOKubmSbGkDRZ78svMrKKqOKzSivBoJwn SuiKBADBZlBGMfs+WR2hDMkpp9EC1akmzhLW4JFMksKrWZNSBKU3rrLgIGrxGyMB1l2q AQc9oX2wBzJY0cKY+97ddi951K7FEBwUDAW5t6aHK4gjO6DCbtoyz5au0xrkVxjtuovB S8UmVGMI3/lwT4ohWBwOv572wilx1Hd77nT4XOIQX1uuIgPU8bmQvGyUC0eCmDJwoFog AA3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=TPjnDl+ddO6mvfUcgAG43oxZv+tpVoeiM/H00BjLGeI=; b=umX6eK7LQO95updpYLSbX9eQYlvP/hu0tnH906zKyQZ6mQxruXnt1y+OwyRuCmBJOr vZy6HYPmE3DZmczMUHhDqMbpQf0Uq0JqTguVetZdx80zRlzaQDvyCs7prPQ81BZkWGSL qVwYU0g1yO0XE8hv0SE22IkhXshraOYKsU7y0KaU0T1HMB799bhlnb20baHkGIdsoYGj UQfQviXcVwTr4M/JT/SSzuZPpizZQapjDmbeydQhKqdLFvPFFJSTAdoB2Z/AFMsIwGW0 2DCm71gRAfBEFnb1RIuyDQD7gnGaPhaZp5hC+V0kotBAiz0EzbuxP0WHCIGQ7/qQzgte K9fQ==
X-Gm-Message-State: AOAM53340pkyvQdxQaOStCpS417RgxLUQy1xK1TvGWCnJ31eP12B2wef hwRNfE0+biflehmZUseDMq7XIU3y
X-Google-Smtp-Source: ABdhPJxZjsXPB8E4EJZD1U1XbYiitDXVE8tldwAYtoHVjAyAfD187dP08EkGUrIGhNzyb88v7FwD+w==
X-Received: by 2002:a17:902:a98c:: with SMTP id bh12mr5815057plb.253.1590008279931; Wed, 20 May 2020 13:57:59 -0700 (PDT)
Received: from [192.168.178.30] ([165.84.12.178]) by smtp.gmail.com with ESMTPSA id 1sm2803254pff.151.2020.05.20.13.57.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 May 2020 13:57:58 -0700 (PDT)
Subject: Re: slaac-renum: New rev of draft-gont-6man-slaac-renum (Fwd: New Version Notification for draft-gont-6man-slaac-renum-08.txt)
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
Cc: Fernando Gont <fgont@si6networks.com>
References: <158986953939.9945.6882780269741835824@ietfa.amsl.com> <8354111a-7d3f-ecfa-bcf1-baaae27209ee@si6networks.com> <m1jb46e-0000K4C@stereo.hq.phicoh.net> <04027980-51a1-a831-df0c-750c4194333e@si6networks.com> <m1jbRDw-0000IQC@stereo.hq.phicoh.net>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <c8cb21e1-ce96-8fe3-8be8-1be225c916a9@gmail.com>
Date: Thu, 21 May 2020 08:57:55 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <m1jbRDw-0000IQC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/sPWpZ9HYfe_WLsti4Y_O0b_KkbE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2020 20:58:03 -0000
In line...
On 21-May-20 04:05, Philip Homburg wrote:
> In your letter dated Tue, 19 May 2020 13:06:28 -0300 you wrote:
>>> In Section 4.5, I think it is bad to hardcode knowledge about ULAs
>>> in detecting stale prefixes. In my opinion that shows that the
>>> algorithm is fragile. And note that this applies to all hosts.
>>
>> Not sure what you mean. Could you please elaborate?
>> Unfolding th processing of ULA vs. non-ULA is simply
>> fine-tuning/optimization: So if, say, you had a globally-reachable
>> address, and now the router ceases to advertise the globally-reachable
>> addresses, but starts advertising the ULA, you keep both.
>>
>> One might was well not do this optimization, but it's certainly better
>> this way.
>>
>> WHy do you think about the algorithm being fragile?
>
> I don't think it an optimization. Without separate processing it will fail.
> That makes it fragile.
>
> We want something that quickly after the router reboots causes the
> old prefix to be dropped. Yet, the algorithm should not drop any prefixes
> due to modest packet loss. Currently, 2 out of 3 RAs can be lost without
> ill effects.
>
> Without the separately processing ULA from non-ULAs, if the router sends
> ULA and non-ULAs in separate packets, and some of non-ULAs get lost, then
> the host will drop the non-ULA prefixes (or the other way around).
>
> If an organisation has a third class of address, for example if a non-ULA
> prefix is used for internal addresses next to a separate prefix for
> external addresses. Or two different ULA prefixes with different semantics.
> Then this algorithm may drop some of the prefixes if prefixes are sent in
> separate RAs, as is currently allowed.
>
> So in my opinion, the algorithm has to work correctly without knowledge
> of ULA.
>
>> When a prefix is missing, that's an indication that the prefix has
>> become stale. Now, you might process the RAs irrelevant of ULA nad
>> non-ULA, and it would also be fine.
>>
>> But the logic here is that it is better to have one stale address of
>> each type, than no address of that type. If you want, this is the
>> algorithm being more conservative.
>
> Again, without special treatment of ULAs, the algorithm is dangerous. It can
> take an RA with a ULA to invalid all non-ULA prefixes.
I'm finding this hard to understand, since the text says:
"o Only RAs that advertise Global Unicast prefixes may deprecate
Global Unicast Addresses (GUAs), while only RAs that advertise
Unique Local prefixes may deprecate Unique Local Addresses (ULAs)."
Perhaps that should be reformulated with MUST NOT terminology to make it
clearer:
o RAs that advertise Global Unicast prefixes MUST NOT deprecate
Unique Local prefixes, and RAs that advertise Unique Local
prefixes MUST NOT deprecate Global Unicast prefixes.
> So, the ULAs need to be treated specially to make it to work at all.
Yes, of course. They *are* special. They work even if the WAN side drops
and even if the WAN prefix changes.
> This
> locks us into a situation where ULA, non-ULA is all that can exist.
> Introducing a third type of addresses would cause this algorithm to fail.
Yes. If there was a 4th type of address (we already have three, counting
link-local), every router in the universe would need a fix.
Regards
Brian
>> Two things:
>>
>> 1) network config split into multiple RAs do not happen in practice --
>> as reported by Time Winters
>
> We have a mature IPv6 standard. We should not modify hosts to deal with
> one corner case, and then break other things that are allowed by
> the standard.
>
> Note that even your proposed change to sending RAs still allows for the
> possibility to send split RAs.
>
>> 2) Irrelevant from #2, from a theoretical there's no way in which a host
>> can positively know whether information is split into multiple RAs or
>> not. You may try to "sample" the router. But if you don't get split
>> information that might simply be the result of packet loss.
>> Additionally, the fact that at time T information is sent in a single
>> RA, doesn't mean that that will be the case at time T+t.
>
> If have described my algorithm before. That finds splits RAs even in the
> presence of some packet loss (2 out of 3 packets getting lost).
>
> Dealing with the case where a router suddenly switches from a single
> RA to multiple RAs is tricky. My algorithm can handle that if the router
> sends all RAs in a short period and there is no packet loss.
>
> I assume that going from 1 to multiple RAs is a very rare event. If it
> isn't then my algorithm would need more work.
>
>> The point of the algorithm is simple:
>> The algorithm doesn't deprecate prefixes at once. So if information is
>> split into multiple RAs, then since you don't act on RAs at once, the
>> algorithm will handle the split information gracefully.
>
> Without the ULA, non-ULA split this algorithm is unsafe. Receiving a
> ULA in a single RA causes the hosts to deprecated other prefixes within
> 5 seconds, which causes new connections to use ULAs which fails.
>
> It is only by recognizing ULA as special that this algorithm works.
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
- slaac-renum: New rev of draft-gont-6man-slaac-ren… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Brian E Carpenter
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Philip Homburg
- Re: slaac-renum: New rev of draft-gont-6man-slaac… Fernando Gont