IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 23 January 2020 23:49 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC5FC12001A for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 15:49:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xstIceWhMM97 for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 15:49:50 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5668F120019 for <ipv6@ietf.org>; Thu, 23 Jan 2020 15:49:50 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 223EB38982 for <ipv6@ietf.org>; Thu, 23 Jan 2020 18:49:15 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 9CD899B0 for <ipv6@ietf.org>; Thu, 23 Jan 2020 18:49:48 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6man WG <ipv6@ietf.org>
Subject: Re: RFC4941bis: consequences of many addresses for the network
In-Reply-To: <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 23 Jan 2020 18:49:48 -0500
Message-ID: <1962.1579823388@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/sWEUZqoACM7Zsbwz2-vbVPPDICk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 23:49:53 -0000

Mark Smith <markzzzsmith@gmail.com> wrote:
    >> > On Jan 23, 2020, at 8:32 AM, Tim Chown <Tim.Chown@jisc.ac.uk> wrote:
    >> >
    >> > The problem statement section in 4941bis is all about user privacy, no
    >> mention of operational / management complexity, or other “general problems”
    >> that SLAAC has.  It seems there are unstated problems here :)
    >>
    >>
    >> I would +1 this here.
    >>
    >> I would also generally question if rotating IPs is a adequate privacy
    >> protector considering there are other ways to identify users that are being
    >> (broadly) employed today.
    >>

    > This is the common "it's not perfect, so let's do nothing." Nothing ever
    > improves if perfect is the only threshold of acceptance. (Nothing is ever
    > perfect, there are always trade-offs. If you don't think there are
    > trade-offs, it just means you haven't identified them.)

I also have doubts about whether the rotating temporary address mechanisms
that 4941 provides is useful privacy when the upper-64 bits are unchanging.
But, I agree with you, that it is an improvement... except when it causes
other issues.  So we should consider when and where it's more effort than
it's worth, and when it has benefit.  That requires information that is
presently not available to hosts.

I think that we will need to re-think the ND mechanism(s) and L2/L3 binding
process.  I think that this will cause redesign of hardware switching
fabrics, and I note that it was a good 15 years between IPv4 ARP being
designed and the first hardware switching fabrics, and that was during a time
of much stepper IPv4 deployment than I think IPv6 has had.

I believe that we need to find ways to SEND and SHIM6 (or equivalent)
deployable.

I also think that we need to recognize that we have a number of distinct
deployment environments, and I think that we should be explicit about them:
1) protected home environments
2) guest home environments
3) enteprise environments
4) conference/guest/coffee-shop environments
5)  >4< at ridiculous scale
6) segregated L2 environments with vertically integrated operators (aka
   "LTE", Fred's ATN work, possibly RAW).

I think that the hosts need to know which environment they are in, and need
to change their behaviour.  I think that the DHCP v6only document is the
first of these type of documents.

So I would welcome a document that informed a host system about how many
Temporary is should expect, and we need a to generalize the LLN-specific ND
registration system, so that hosts can get feedback if they use too many,
etc.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email