IETF Logo Mail Archive

Re: RFC6724-bis?

Ted Lemon <mellon@fugue.com> Fri, 23 September 2022 13:37 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44FBAC1524C0 for <ipv6@ietfa.amsl.com>; Fri, 23 Sep 2022 06:37:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VLSpfNOERiU6 for <ipv6@ietfa.amsl.com>; Fri, 23 Sep 2022 06:37:17 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CF86C1524C2 for <ipv6@ietf.org>; Fri, 23 Sep 2022 06:37:17 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id f20so254141edf.6 for <ipv6@ietf.org>; Fri, 23 Sep 2022 06:37:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=05WnVFxEmlA8Hfw6CDjSKc2snrojbSNVOBljSZjQW1U=; b=Pv3XxcNaGYq3P+56AF6xHuJqd2bKQQPJerkMpc5Ia/XzGgD9Z88Ieaz/fx/nX1f0iD mVg9aJiPRDrt7RCrB1+yZmUAFbP+/MbCFGwASBa1qrXkgCSK5uTK/gmZUcSmKdFsoHXT U/eH+nwlqYABetJ7TtpqB4xlirn8FD0pqcngmM0XnDPE7Z3SsdOY3i7zZqyq5EJ5kVw3 inddYdotp15NLDAY3wcrUoaaYscpITtLmi5eEkYfnjJoSbdIsj722veLpSo4mX2nI4Fb 6Tcfsj9iWfxg9mrozBvQPkgKf+6QUD2EF6EapPju2nl1+ZZAXYyb6/V7Kfmgbvccb8x/ NlJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=05WnVFxEmlA8Hfw6CDjSKc2snrojbSNVOBljSZjQW1U=; b=kRCKN92UccnSW+W8pAjQ4l474L+zqTBLuMQvcepj6SY5bz7O0zyUJdwa9v3RAzPI9g YaBv6UQX0X7Iie2nna+Y6PwjXFCp5UebeJUuWzPZSrWjUmneVwCj+iiQw6+j5kbWtIt4 /g0epw+ppV/0bxr4WIr8VgnUCnFR7Kc4Nsk1RcYyM+NxqhODrt6ycPIulQWb9fza7bRM dUAd7l+X0SzBaFzNYCGPohDiQ99SlCBnM2n8RXJMDyT61Mi3DA4Tky9NqXnZ57GYfabV SxvAzXWsA4bd+26xq21pHzyzLP+CqJiWr6g6vv4xMnoOyYIDmFCnuVnQPhtfzz/Uichs Lv+Q==
X-Gm-Message-State: ACrzQf0P3uy+Nfp1mKtr94E4DaHob7kr08HQSdjrEhS3J0+tUQ4IDw5C upshB5NLV1auIHHQYd0z9dx1kVuwhCrgwbCrqEAErTmy6BQ=
X-Google-Smtp-Source: AMsMyM5AfjobwUUKWtsFtJAQ1GAWmbKH5qKLGmB25Y0n//K1tlzQ52x5cctkWsIf9Q1jn1MRzdZhpiMeMbC4LiTZEFE=
X-Received: by 2002:a50:fa99:0:b0:44e:9e71:4899 with SMTP id w25-20020a50fa99000000b0044e9e714899mr8495369edr.197.1663940234501; Fri, 23 Sep 2022 06:37:14 -0700 (PDT)
MIME-Version: 1.0
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAM5+tA9kttCKrZaoB7UzNdE6TU1qGNMaxDmWvFtRvpB4A8+WHA@mail.gmail.com> <8FE71499-D155-4853-A964-6617F6EA2069@gmail.com> <CAM5+tA9QuYxVs+NXBD3dAYr_Y=95bWt63WjmEMDOfegL0Z4otA@mail.gmail.com> <CAM5+tA_hg2sXXsYw6Tcx-ytRAMkKQcFw8a3N7SfEXwbuPm0LMw@mail.gmail.com> <00ea3b70-ba8e-b6ef-e1ce-fdd56828f506@gmail.com> <CAPt1N1=_9Rwj-HnUZKWfatARbHWptArmSAV-qdi8MKyoBf9R0A@mail.gmail.com> <CAO42Z2xZ_-mDh66A9DK+3ieEqGMqW0Pt+mZzVOmzz4cDRUTEXA@mail.gmail.com> <CAPt1N1nqwMvVHvEGAx0jxgWhbW9ZUQfAZSDn-qRYQ0CDy-EGKQ@mail.gmail.com> <17a28c173ed640e68b1cbf504bbeae49@huawei.com> <CAPt1N1=xR_2Xw+1KL6vbzZ69N+vonhcTNvO=DBceeApfoS2bMQ@mail.gmail.com> <e76267b6101146cf8a1bd6fa567c6b77@huawei.com> <CAN-Dau2QO5sxevJwUbOj+_wyiCdOjnPEZM14Jhevvkq4YZqU7Q@mail.gmail.com> <bc85e623-ef89-d2e2-4e33-b8ce0a4ec343@gmail.com> <CAN-Dau0Wbki6xwcEdy8ZK-pO9jeT6+8TKZgbmXWUgnkR+dRhBg@mail.gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com>
In-Reply-To: <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com>
From: Ted Lemon <mellon@fugue.com>
Date: Fri, 23 Sep 2022 09:36:38 -0400
Message-ID: <CAPt1N1=dC6U2_7YO9PVgVVbBqPa3B==viZ_eQvAVTp_8PB2XSQ@mail.gmail.com>
Subject: Re: RFC6724-bis?
To: Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
Cc: David Farmer <farmer=40umn.edu@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009afdc005e95846a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/sj-5rUJf0hhrNCuLdySZqdSzC04>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 13:37:21 -0000

Eduard, I think the first thing to say here is that you're pretty clearly
in the rough. If you want to get your point across, you need to explain
your objection in a way that sways the consensus, not simply insist that we
explain ourselves better.

That said, I think it's reasonable to ask for a better explanation,
regardless, so let me see if I can do that. I'm looking at this as an
implementer of a product of which millions of units will be sold. The
product has to work in situations where the network administrators are
completely nonexistent. So a "network misconfiguration" in this context is
actually just the interaction of two different products the implementers of
which made different base assumptions.

What I want, in this situation, is for things to work in as many cases as
possible. I don't want to be inundated with bug reports, simply put. Of
course, it's possible that something will go wrong, but if we can
anticipate a particular sort of dysfunction, and do something to address
it, that's definitely going to make things better. And I have seen this
particular dysfunction happen in bug reports, so it's not the case that I'm
just theorizing here.

Now, it's entirely possible that what I'm doing in the product I'm talking
about is incorrect, and that you know why it's incorrect and can say so.
But you haven't done that yet—you haven't said something that makes me
think "oh boy, I should change my product." So that's why I see you as
being in the rough.

I don't actually know what your motivation is here. Are you a network
administrator? An IPv6 stack implementer? Are you concerned about code
complexity? It would help if you were to express an actual situation where
the current consensus would affect a specific thing that you feel
responsible for, whether that's an implementation, a network, or something
else.

On Fri, Sep 23, 2022 at 8:31 AM Vasilenko Eduard <vasilenko.eduard=
40huawei.com@dmarc.ietf.org> wrote:

> Hi David, thanks. But it is not enough for an explanation.
>
>
>
> Section 2.2.2 RFC 5200 example is just not relevant to the current
> situation, it was relevant to RFC 3484.
>
> It is solved by default because the separate label has been attached to
> ULA in RFC 6724.
>
> Now, IPv4_DA/IPv4_SA would be prioritized above GUA_DA/ULA_SA because of
> rule 5 (label match).
>
> No problem.
>
>
>
> If you have any other scenario that may affect static ULA prioritization
> above anything else – please show it.
>
>
>
> Why do you believe that address expansion above 2000::/3 would be affected?
>
> If people would continue to use ::/0 as the default and RFC6724 has it in
> the RC6724 table
>
> Then how the problem could happen?
>
> I do not understand this use case too.
>
>
>
> > Let’s only fix the problem and not make new problems for the next
> generation of network engineers and operators.
>
> I claim that the ULA problem is very small. It may be treated as a pure
> configuration problem. Just add static:
>
>      fc00::/7               45    13
>
> to gai.conf. Hence, the draft in v6ops is enough.
>
>
>
> PS: it does not solve MHMP but it is a problem that possible to separate
>
>
>
> Eduard
>
> *From:* ipv6 [mailto:ipv6-bounces@ietf.org] *On Behalf Of *David Farmer
> *Sent:* Friday, September 23, 2022 2:17 PM
> *To:* Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
> *Cc:* 6man WG <ipv6@ietf.org>
> *Subject:* Re: RFC6724-bis?
>
>
>
> Please read the first paragraph of RFC6724 section 10.6 and all it’s
> references very carefully. In particular, read 2.2.2 of RFC 5220.
>
>
>
> Your argument contradicts the conclusions of 2.2.2 of RFC 5220. In short,
> your argument is only true today while we are using 2000::/3 for GUA. When
> that eventually changes, and it will some day, we would have to yet again
> rejigger the table.
>
>
>
> RFC 6724 is almost correct, the only thing it got wrong is that the
> section 10.6 modifications must be mandatory and automatic, and not
> optional, otherwise ULA is broken and dysfunctional.
>
>
>
> Let’s only fix the problem and not make new problems for the next
> generation of network engineers and operators.
>
>
>
> Thanks
>
>
>
> On Fri, Sep 23, 2022 at 02:27 Vasilenko Eduard <vasilenko.eduard=
> 40huawei.com@dmarc.ietf.org> wrote:
>
> I still do not understand why Ted and David care about "remote ULA".
> If this ULA has been delivered to the local host by
> Then it has been done intentionally.
> Such a type of misconfiguration does not make sense to optimize.
> Hence, it is possible to operate FC/7 as a whole, no need to split it for
> /48s.
>
> Hence, why not install permanent precedence to FC/7 in gai.conf?
> It would not play any role on the host till the local router would deliver
> ULA PIO.
> And even after this, it would not be used till DNS would show the ULA
> destination
> Because rule 5 (matching labels) would make GUA_DA/ULA_SA a low priority,
> GUA/GUA would be chosen.
>
> What is the problem with permanently changed FC/7 precedence even above
> GUA?
>
> Eduard
> -----Original Message-----
> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Brian E Carpenter
> Sent: Friday, September 23, 2022 4:47 AM
> To: Ted Lemon <mellon@fugue.com>; David Farmer <farmer=
> 40umn.edu@dmarc.ietf.org>
> Cc: 6man WG <ipv6@ietf.org>
> Subject: Re: RFC6724-bis?
>
> On 23-Sep-22 12:50, Ted Lemon wrote:
> > Op do 22 sep. 2022 om 20:40 schreef David Farmer <farmer=
> 40umn.edu@dmarc.ietf.org <mailto:40umn.edu@dmarc.ietf.org>>
> >
> >     I think leaving unknown, most likely remote, ULA at a lower priority
> and adding the /48 or other known local ULA to the table at a higher
> priority automatically should help mitigate ULA in the public DNS and the
> possible response of turning off IPv6.
> >
> >     In someways those that put ULA in the public DNS get what they
> deserve, I’m just worried about the remote user’s response to the
> brokenness, causing even more brokenness.
> >
> >
> > Hm, okay. I think we are all actually in agreement then, since I heard
> Brian admitting earlier that it might be better to dynamically update the
> table.
>
> Indeed, which was exactly why I wrote gai_wrap.py as a userland proxy for
> that approach.
>
>     Brian
>
> > I must have misunderstood what you meant by optimizing for the uncommon
> case—sorry about that!
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
> --
>
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email