IETF Logo Mail Archive

Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>

Kyle Rose <krose@krose.org> Thu, 11 April 2024 00:25 UTC

Return-Path: <krose@krose.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9615AC14F694 for <ipv6@ietfa.amsl.com>; Wed, 10 Apr 2024 17:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3yjgnrbwGfO for <ipv6@ietfa.amsl.com>; Wed, 10 Apr 2024 17:25:18 -0700 (PDT)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 867B4C14F61A for <ipv6@ietf.org>; Wed, 10 Apr 2024 17:25:18 -0700 (PDT)
Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a521fd786beso12429366b.3 for <ipv6@ietf.org>; Wed, 10 Apr 2024 17:25:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; t=1712795116; x=1713399916; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=X/yRmcFckkTIgvmjUDjfmj+ZzGEIa0u/oDEDfdyxuV4=; b=UKBu9var0nW6m/fVaCqYWo3a2/B+Vfdp476qvWT3V4thapE9fRep1/YPTmqiRkgLXl Nk26VnaysYUcHyt1ORBU73Gs0k1PK13CqCZZmtFeC3nm7jhAD8lDe39Ae3cRevXcAnD5 YRwO8lhVH8tmTBVNx7S08Q4xZ+pdfsMrmOeLU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712795116; x=1713399916; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=X/yRmcFckkTIgvmjUDjfmj+ZzGEIa0u/oDEDfdyxuV4=; b=lO+mA9JZkviMpgnRItI+a8bj22+TKk7cQXutu1RLgmFESHYQ039lRo4pRlaBLulG6Q EHHySEHynFQyhOuaJ0/ZjYlahJKD3clo+Wm4vPi1qUZKMt627mDJ6Hem2/5ecYuOAHzg 3ID+/Ut/mjH+U8ztvM4UyrccoSXvKeL51I1Ln4ZTkL3fb4XVvC5Fu1dTAvqPgf5xbABG pitrbCiQKEmasMKE3z78W8088CuBAMDY7kKWFmY1izEwfcDxfIgu0PH6AnkuAzA4yPuD svPMRtfvsAMvEd3tTAD0VvaefSgIEr8RjXiKRWkPhnyw6B1vaObBqqgS2ThcrKzPHJxV nTlQ==
X-Forwarded-Encrypted: i=1; AJvYcCWUoRYtnxh65h4bOH7Mq11i/NbjPAKsaT4UKxeQfHDlyT8vjYqzjM417hhER9gfEKxOoC2OWWLRslkRCyvI
X-Gm-Message-State: AOJu0YzHBNfVhTueep7au3shf9/5p6YsI124kogat3g+49oJaDZwIREq F6FazxxZobqLAlr5BKDbXOBo/QMNDuaQjQi8l6rSEowoH/bqpDhAhgve/ItaDsRNNBCQZpJngcT 2SXQ9rAnwgf8iwxSf8ew3i7JslE5sbtt9cy+PEg==
X-Google-Smtp-Source: AGHT+IH5+hJCzIac7HpsvkT9iO29EJJAXSiPVAcyCFVfAzZnYovGkN1dM5n8HuzJpGLgwYqU/e23kpMCrPplNFlbw+g=
X-Received: by 2002:a17:906:2791:b0:a4e:2a5d:a06c with SMTP id j17-20020a170906279100b00a4e2a5da06cmr2489549ejc.73.1712795115689; Wed, 10 Apr 2024 17:25:15 -0700 (PDT)
MIME-Version: 1.0
References: <6A5E5F35-B35F-4358-8EE1-3BD82329141E@jisc.ac.uk> <6FBC1B5A-BF28-4B05-B2B2-A60DA4707755@gmail.com> <CAJU8_nUX3VFcRtFUoCy+Uxn6UQYsB-wo+64PSufBWxW67Y64bw@mail.gmail.com> <CAPt1N1nDUh=p5x8Kp_fkEYRf9ZktaRo73Hzc40qVQ11X-B-GYw@mail.gmail.com>
In-Reply-To: <CAPt1N1nDUh=p5x8Kp_fkEYRf9ZktaRo73Hzc40qVQ11X-B-GYw@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 10 Apr 2024 20:25:04 -0400
Message-ID: <CAJU8_nWN+R-bwRPhSpxYPB21qCyJNn6M4jAVtAfDTTYw7c1BGA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000071ad680615c730d3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/xLYaSBdMp50q36h1wEb19yVap54>
Subject: Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 00:25:22 -0000

On Wed, Apr 10, 2024 at 5:45 PM Ted Lemon <mellon@fugue.com> wrote:

> On Wed, Apr 10, 2024 at 12:11 PM Kyle Rose <krose=
> 40krose.org@dmarc.ietf.org> wrote:
>
>>  * At my sites I am fine with preferring GUA->GUA over ULA->ULA, in large
>> part because I don't have any names that map to both types of address.
>>
>
> It seems to be the case that your setup would work just fine with the new
> required behavior, if we required it, no?
>
Yes. It would make no difference to how my sites would operate. I am
concerned about complexity, however, and the more complex a change that is
required, the less widely implemented it is likely to be.

> The reason to prefer known ULA<->known ULA over GUA<->GUA is that it
> enables sites to reliably number internally with a ULA and for that ULA to
> then be used for internal communication in preference to GUAs, which may be
> renumbered arbitrarily as ISP contracts change or at the whim of the ISP,
> for that matter.
>
That's not the only way to enable this outcome. I solve this problem by
using different names internally. Split horizon would also work here, by
showing you only ULA internally and only GUA externally.

> So I'm curious whether your objection is because you don't care about the
> ULA-in-the-DNS case (I don't either!) or whether you knew about the
> benefits of enabling local ULAs to be preferred over GUAs
>
I mean, I *see* the advantages if you have DNS names that map to both, or
other static configuration that wants to be able to use one or the other
under a variety of network environments, where there is some policy,
routing, efficiency, performance, reliability, or other benefit to using
ULA where it is available. I'm not blind to that. I just haven't been
convinced that address selection is the best way to solve those problems.

> Or do you think we should just always prefer ULAs over GUAs (sounds like
> no)?
>
I am agnostic on this. AFAICT, this fails only when you encounter ULA that
you can't reach, otherwise known as a misconfiguration. That said, I
haven't spent a lot of time thinking about the implications here, and I'm
trying to get the minimal change to enable the behavior I want.

> I think it makes sense that you wouldn't care about this feature—I can't
> imagine it being useful for an ISP—but do you really care so much about
> /not/ requiring this that you'd take this capability away from sites that
> would benefit (greatly, IMHO) from it?
>
I want something published. What started as a very simple change to elevate
ULA->ULA over IPv4->IPv4 has turned into a major effort I mostly just don't
care about. I want the default policy table changed. That's the extent of
my interest here. So am I opposed to these other things? Only in the sense
that I want something published soon, so stacks will start implementing
changes in my lifetime. The simpler, the better from that perspective.

Kyle

v2.23.0 | Report a Bug | By Email