IETF Logo Mail Archive

RE: Network merge [Re: RFC6724-bis?]

Vasilenko Eduard <vasilenko.eduard@huawei.com> Tue, 27 September 2022 08:02 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA5F3C1524A2 for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 01:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3znpLgJVzMv for <ipv6@ietfa.amsl.com>; Tue, 27 Sep 2022 01:02:28 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DEB4C1524A1 for <ipv6@ietf.org>; Tue, 27 Sep 2022 01:02:28 -0700 (PDT)
Received: from fraeml739-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4McBtR51kbz687Sl; Tue, 27 Sep 2022 16:02:23 +0800 (CST)
Received: from mscpeml100002.china.huawei.com (7.188.26.75) by fraeml739-chm.china.huawei.com (10.206.15.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 10:02:25 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100002.china.huawei.com (7.188.26.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 27 Sep 2022 11:02:24 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.031; Tue, 27 Sep 2022 11:02:24 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Mark Smith <markzzzsmith@gmail.com>, Ted Lemon <mellon@fugue.com>
CC: 6man WG <ipv6@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Subject: RE: Network merge [Re: RFC6724-bis?]
Thread-Topic: Network merge [Re: RFC6724-bis?]
Thread-Index: AQHY0FWzi1mPXFg/Y0GQt/hCVGqTN63wdgWAgADrAlD///YugIAAOJuQgACZh4CAAAf/AIAAR6eAgAAKRACAAGkksA==
Date: Tue, 27 Sep 2022 08:02:24 +0000
Message-ID: <be14b944395c4dd694ded6c9033790ab@huawei.com>
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <CAPt1N1=OmC+HNVGWbgj9JtGbpcuzKOgjZ1KXJm5mXgpji-G4Mw@mail.gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com> <CAN-Dau0=LD9MTYKJQoSw=b9S25nmrNuqRSyLdsztFZscG8ZbUg@mail.gmail.com> <CAPt1N1kjOWh8R70pNO0eH9EJUH-v6HyxGMqxpy0N2hydHN33LQ@mail.gmail.com> <CAM5+tA9mqjrtq3pTggv1pA4fOYXUODkZHy74vs8cffVOrBefbQ@mail.gmail.com> <0b6886d3-5ea9-0a1d-8b16-4e17daeb6924@gmail.com> <CAM5+tA9dAjh0MTRG3922xTe3_aChHFa9AYCFCGmt395KwuvBYA@mail.gmail.com> <395554.1664189125@dooku> <56a897a426084f9381abaf770f1ea35e@huawei.com> <CAO42Z2xgMnVXeH9t0p_u7bg2fY-Gg+AagkFMMRJstX4E-f8FPQ@mail.gmail.com> <CAPt1N1m-1600rghA7mXNm1fvqOp23EOpYcS0E6xnJut+-t-9nQ@mail.gmail.com> <CAO42Z2wHZ2k+UwRdh8VH4xHav9HwT+6C-_up+6RXrce3vuVrmg@mail.gmail.com> <09adb05f-4c2b-1f76-fed7-58fbfa9c2f3f@gmail.com>
In-Reply-To: <09adb05f-4c2b-1f76-fed7-58fbfa9c2f3f@gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.144.28]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tlnY62nOebtJNvNRU3Mgy3HpSls>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 08:02:30 -0000

I am not so scared "on every interface". It is not good too (no automation), but tolerable for the Enterprise environment, not tolerable for SMB/home.

If I understand the context of this discussion (I am not sure)
It is proposed here to have hundreds of PIOs (A=L=0) on every interface! (separate prefix announcement for every remote prefix on different links)
It looks like the consequence of /64 ULA policy table modification instead of /48 (A=L=0 PIO looks for this, right?).
If my guess is right - then it is terrible.

Eduard
-----Original Message-----
From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] 
Sent: Tuesday, September 27, 2022 7:39 AM
To: Mark Smith <markzzzsmith@gmail.com>; Ted Lemon <mellon@fugue.com>
Cc: 6man WG <ipv6@ietf.org>; Michael Richardson <mcr+ietf@sandelman.ca>; Vasilenko Eduard <vasilenko.eduard@huawei.com>
Subject: Re: Network merge [Re: RFC6724-bis?]

On 27-Sep-22 17:02, Mark Smith wrote:
> 
> 
> On Tue, 27 Sept 2022, 09:46 Ted Lemon, <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:
> 
>     The use case we are talking about here is a managed enterprise network. It should be no problem for the network operator to configure some local ra options. 
> 
> 
> On every existing and every new internal interface of every router in the network?

Yes, but I assume that enterprises need ways to do network-wide config anyway. If not, that's why we're working on autonomic networking, to provide an ecosystem for smart enterprise-wide config.
  
> For many networks that's 100s if not 1000s of interfaces to configure with this parameter. That's a lot of work for *every* enterprise network to perform to work around somebody else's occasional error of putting ULA AAAAs in global DNS.

I can't disagree (but it suggests a big gap in DNS tooling if that's even allowed except inside a split horizon DNS).

    Brian

> 
> This work around is going to be far more costly than teaching people not to put ULA AAAAs in global DNS.
> 
> You don't teach people not to do something bad by hiding the consequences when they do, and placing the costs of tolerating that bad behaviour onto everybody else other than the person who created the problem.
> 
> Regards,
> Mark.
> 
> 
>     Op ma 26 sep. 2022 om 19:17 schreef Mark Smith <markzzzsmith@gmail.com <mailto:markzzzsmith@gmail.com>>
> 
> 
> 
>         On Mon, 26 Sept 2022, 21:15 Vasilenko Eduard, <vasilenko.eduard=40huawei.com@dmarc.ietf.org <mailto:40huawei.com@dmarc.ietf.org>> wrote:
> 
>              >    > But how remote ULA prefix would be known to the local router?  If
>              >It can't, which is fine.
>              >If there are multiple ULAs after a merger, then we do what Brian and David described and send RIOs or PIOs.
> 
>             It is evident that A=0 is for something non-local.
> 
> 
>         A=0 means the opposite of A=1, and A=1 has a specific meaning, nothing to do with non-local.
> 
>         Define another flag if this is going to be the solution to the fault of putting ULA AAAAs in global DNS.
> 
>         (Can it be adapted to the fault of putting link-local addresses in DNS?)
> 
> 
>             It would be especially needed if /64 would be put into the SASA policy table (then the remote prefix would be /64 too).
>             It may be needed for different /48 after the company merge.
> 
>             How to know what to put in this special PIO (A=L=0)? It looks like not automated at all.
> 
> 
>         A sign that it's not solving the problem where it exists.
> 
> 
> 
>             Ed/
>             -----Original Message-----
>             From: Michael Richardson [mailto:mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>]
>             Sent: Monday, September 26, 2022 1:45 PM
>             To: Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>>; 6man WG <ipv6@ietf.org <mailto:ipv6@ietf.org>>
>             Subject: Re: Network merge [Re: RFC6724-bis?]
> 
> 
>             Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>> wrote:
>                  >> Now as to how to fix this without a global precedence for ULAs, I am
>                  >> wondering about a PIO with L=0 and A=0 (exactly as recommended in RFC
>                  >> 8028, but for other reasons). If a host sees such a PIO for a ULA
>                  >> prefix, it could serve as a signal that the prefix is to be given a
>                  >> suitable precedence, even though it is not on-link and not used for
>                  >> SLAAC.
> 
>                  >> I really like this.  I think it is the best solution.
> 
>                  > But how remote ULA prefix would be known to the local router?  If
> 
>             It can't, which is fine.
> 
>             If there are multiple ULAs after a merger, then we do what Brian and David described and send RIOs or PIOs.
> 
>                  > proper routing is in place then no problem exists in the first place,
>                  > the whole FC/7 could be prioritized.
> 
>             I don't think that non-local ULAs *should* be prioritized.
>             I think that it's actually a problem as more and more sites use ULA for significant internal things, and those addresses leak into other sites.
> 
> 
>             --
>             Michael Richardson <mcr+IETF@sandelman.ca <mailto:mcr%2BIETF@sandelman.ca>>, Sandelman Software Works  -= IPv6 IoT consulting =-
> 
> 
> 
>             --------------------------------------------------------------------
>             IETF IPv6 working group mailing list
>             ipv6@ietf.org <mailto:ipv6@ietf.org>
>             Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>             --------------------------------------------------------------------
> 
>         --------------------------------------------------------------------
>         IETF IPv6 working group mailing list
>         ipv6@ietf.org <mailto:ipv6@ietf.org>
>         Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
>         --------------------------------------------------------------------
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email