IETF Logo Mail Archive

Re: [IPv6] ULA vs. 1918

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 16 June 2023 18:11 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6D54C14CF17 for <ipv6@ietfa.amsl.com>; Fri, 16 Jun 2023 11:11:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.592
X-Spam-Level:
X-Spam-Status: No, score=-14.592 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="LrvGOBnn"; dkim=pass (1024-bit key) header.d=cisco.com header.b="fGpyhose"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9PbAf8eAnLCq for <ipv6@ietfa.amsl.com>; Fri, 16 Jun 2023 11:11:04 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E338C14CF09 for <ipv6@ietf.org>; Fri, 16 Jun 2023 11:11:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=40851; q=dns/txt; s=iport; t=1686939064; x=1688148664; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=pVQ+/lreIZVdDD8AboKHDQeptJSL3cTLgcab5OofMPg=; b=LrvGOBnni53p6nxCLwjjhrb8OXJcxjjp2/Jysc8D89bCs8fZGbAWa3hI baiH48mPD7olK+Mck1yumCfa5EQzEddIYltfNNX3F/RQxiITS3ahJe3iG qtqqn9BkISa4HIAhoZUE+yG/rRXgQWuSzxJAAw/oAEOjN2IjSJfbSvBl0 M=;
X-IPAS-Result: A0ADAADEpIxkmIkNJK1XAxkBAQEBAQEBAQEBAQEBAQEBAQESAQEBAQEBAQEBAQEBZYEWBAEBAQEBCwGBKwEwKihzAlkqEkeEUYNMA4ROX4hVA4tVjAOBOIRfFIERA0IUDwEBAQ0BAS4BCgsEAQGFBgIWhWcCJTQJDgECAgIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUQDieFaA2GBAEBAQECAQEBEBEdAQEsBgUBBAkCAgEIDgogBwMCAgIZBgYLFBECBA4FGweCXAGCFRMDDiMDARCkDAGBQAKKJXqBMoEBgggBAQYEBYFOQZpBDYJJAwYFgT0Bh1UEfGIBAYFYhBuCMycbgUlEgRUnHIFmgQI+giBCAQECAYEoARIBAwYeAg8IAgYFAQkRgxQ5gi6MAoE2eIUnPostgShvgR6BIn8CCQIRZ4EICGCBcEACDVULC2OBHIJUAgIRKRMUUnkdAwcDgQUQLwcEMh4JBgkYGBclBlEHLSQJExVBBINYCoENPxUOEYJaJAIHNj8bU4FoBzYDRB1AAwtwPTUUHwYmAUiBVzCBSAokJJ9ZLAM/E4FPEB0+Bj4qFC8QIDALKgUOLRlJAQQLBzmSFiYIOYJZSIplohdwCoQIiheBZY8ThgsEL4QBk1mRG2KYF41ag3OQeiuFHAIEAgQFAg4BAQaBYzprcHAVOyoBgjxSGQ9WjUoMDQmBBgEJgkKFFIpldQI2BQEGAQuIeyyCLgEB
IronPort-PHdr: A9a23:A+sTwRcHD3cc1M50SeUjfR+ilGM/fYqcDmcuAtIPgrZKdOGk55v9e RCZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NBsdA97wMmXbuWb69jsOAlP6PAtxKP7yH9vKk8Sq3e2o57XYYh5Dg3y2ZrYhZ BmzpB/a49EfmpAqar5k0wbAuHJOZ+VQyCtkJEnGmRH664b48Mto8j9bvLQq8MsobA==
IronPort-Data: A9a23:U12cfa3FZFZSnGxYpfbD5atxkn2cJEfYwER7XKvMYLTBsI5bpzxUy WpMDTzQM/ncZmD0KNtwaI2wp0gBucWAxtRlHARr3Hw8FHgiRegpqji6wuYcGwvIc6UvmWo+t 512huHodZxyFjmGzvuUGuCJQUNUjclkfZKiTracUsxNbVU8Enx510s9w7VRbrNA2LBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2yxH5OKkiyZSZdBMUdGX78tmSH I4vxJnhlo/QEoxE5tmNyt4XeWVSKlLe0JTnZnd+A8CfbhZ+SiMa+bhmG8ABTltuixashdoh4 uxUpLeSVlJ8VkHMsLx1vxhwGiV6O+hN/6XKZCT5us2IxEqAeHzpqxlsJBhpZstDpKAuWicXr qNwxDMlNnhvg8qu3LKmQOR2muwoLdLgO8UUvXQIITTxUq12HMGZGf+iCdlw43Ayjc4RId3nP /EJQARGVQrtTgBSNQJCYH45tL742iagG9FCk3qUvbRpy2ne0AI316LiWOc5YfSDQcFT202fv G+DoyLyAwoRM5qUzj/tHm+QavHntj2md7gPM6GB9t1PmlfD7FUKGTY0Sg7uyRWmsXKWV9VaI k0S3yMhq6ku6UCmJuURuTXl/RZoWTZBBrJt//0GBBKlkfCEvlrFboQQZnsQNoF35ZdeqSkCi wfhoj//OdB4XFR5o1qy/62QpDW+UcT+BTBfPXNfJefpDiWKnW3ephvLStAmG6mvg5ipXzrx2 DuN6iM5gt3/bPLnNY3mojgrYBr1+fAlqzLZAC2MAQpJCSsiNOaYi3SAswSz0Bq5BN/xoqO9l HYFgdOCy+sFEIuAkieAKM1UQuH3t6vfa22G2Q81d3XEy9hL0yPyFWy3yG8mTHqFzu5fEdMUS BaJ4FgItMM70IWCNPUqPepd9PjGPYC5RYi6CZg4n/JFY4N6c0ec7TpyaEuLt10BY2By+ZzTz ayzKJ72ZV5DUPwP5GPvF481j+Rxrghgnjy7eHwO50n9uVZoTCTLGe5t3ZrnRr1R0Z5oVy2Po osPZpfRmk8EOAA8CwGOmbMuwZkxBSFTLbj9qtdccaiIJQ8OJY3rI6W5LW8JE2C9o5loqw==
IronPort-HdrOrdr: A9a23:sbcvw6m+1yO9Bd/dMQShSOuJpc7pDfOeimdD5ihNYBxZY6Wkfp +V/cjzhCWbtN9OYh4dcIi7Sda9qBPnn6Kc4eEqTNCftXrdyRWVxeBZnMbfKljbexEWmdQtrp uIH5IObeEYSGIK8foSgzPIX+rIouP3ipxA7N22pxwAPGIaCZ2IrT0JdzpzeXcGIjWucKBJbK Z0kfA33gZIF05nCvhTAENpY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC b4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKvy/VXEO0aGSAWQR4Z vxSiQbToFOArTqDyWISC7WqkrdOfAVmjjfIBGj8D3eSIfCNUMH4oJ69PJkm13imgUdVBUW6t MS44pf3KAnVC/ojWDz4cPFWAptkVfxqX0+kfQLh3gaSocGbqRNxLZvtH+9Pa1wah4S0rpXWd VGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFojvA3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki94KLf8fEw/qWnaZYIxJw9lN DIV05Zr3c7fwb0BciHzPRwg2fwqaWGLEDQI+1llu1EU+fHNcnW2AW4OSITr/c=
X-Talos-CUID: 9a23:py6QfW2JmLnTNUp3CNV5BrxfMd54XUfA62vpI2ydE2w5YoSMWHSy5/Yx
X-Talos-MUID: 9a23:31gQzAV51wcHIqTq/ACrhjpsa/tD2vyVGGkzuKwYluSZKCMlbg==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Jun 2023 18:11:03 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 35GIB2x3025673 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <ipv6@ietf.org>; Fri, 16 Jun 2023 18:11:02 GMT
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=pthubert@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.00,248,1681171200"; d="scan'208,217";a="3106446"
Received: from mail-mw2nam12lp2047.outbound.protection.outlook.com (HELO NAM12-MW2-obe.outbound.protection.outlook.com) ([104.47.66.47]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2023 18:11:02 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TiEXJfr+ZzfcxTO+8S/FXXqeenzmz4VgTWqBBlmXO0a5TLq2GL5WHq1yFuXmEqWlM79sfn22DkePjvh72DKD+lstZiDWgCzAt3PZ6fQlh4cxEyPjNic8x/F+FT10U79MbpE9/RV2NaLBlm2ABQN4zYfNJQSahd4FlAU12Zr+QRf0vm5zxZ56/BFiRbRwaYNR6wmZOdQ7j/pJcmfGtBr1UskNqoUroU5ubmr9405M8W9yBlpK8aXQMFA6rcddI+sQAvsYCdloD8xrt2d3R0qxTx9gywVzuHEWO26KgmBUuq632fVv86weOt9vc3ibL2tQ55g49c89w5GZq47w97BY9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pVQ+/lreIZVdDD8AboKHDQeptJSL3cTLgcab5OofMPg=; b=G34L/IeUR5Otf8J0sVCvBv2eBCO7P3UOdNUKiN9/FPM0PbYQ9VIe8nII1OABXgIFNMRG7jQ/dlnc3FvQ9ITQ+4t0yAvUq/GfNJtFtUc43ygXuH/1NrSY8+uYeIUCY0ttbrZ6pmP9vQVsOz8olR3S7wfD1U1Z34X/KTF4YQILZrRr2Bvie0rIMaO+oQ2ZM+bG45GmbMZsyXY9V20T9VVQauukJF8RqgnThW0aLpiNLaMlYyqSNJX020ub678tLSnFPJxq3WttK1tmJWXX+74B0dovdKg4k7YS8Ej82M/x92Bj9RU9idZeOlmtJWufSN0mU6EmvYmsLDta2UwWbeKU5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pVQ+/lreIZVdDD8AboKHDQeptJSL3cTLgcab5OofMPg=; b=fGpyhosekpSbkyCDwe+2IpqJ0m7EjkRrnGLaxVddmS0wuh9SXtDyiKqKZGIPytcqAstqLwSn1z32I4+QrunzF/E/LGU4uazvwlvNKBsxBucya/xlkEkSgghW9JGSAxYt+tdYK876PCuZDCsjmd4Afof8DjTUXXBNuBQfddOvwqc=
Received: from CO1PR11MB4881.namprd11.prod.outlook.com (2603:10b6:303:91::20) by CH0PR11MB5459.namprd11.prod.outlook.com (2603:10b6:610:d2::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 18:11:00 +0000
Received: from CO1PR11MB4881.namprd11.prod.outlook.com ([fe80::140c:d7a2:4d4c:8739]) by CO1PR11MB4881.namprd11.prod.outlook.com ([fe80::140c:d7a2:4d4c:8739%7]) with mapi id 15.20.6477.037; Fri, 16 Jun 2023 18:10:59 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Ted Lemon <mellon@fugue.com>
CC: Brian E Carpenter <brian.e.carpenter@gmail.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Thread-Topic: [IPv6] ULA vs. 1918
Thread-Index: AQHZnh6QpEvEDttOvkqs/AsdkMKBiq+J1sSAgAAcISWAABI1AIAAAOPqgACAIICAAFUigIAACPAAgAAFHwCAAJMaFYAA2pUAgACtyUSAAIOwAIAABH7egAAjNACAAAIZZYAAAn2AgAAK04k=
Date: Fri, 16 Jun 2023 18:10:59 +0000
Message-ID: <C0A33B04-AA2F-40C1-9B4F-63AC93F84D0C@cisco.com>
References: <CAJU8_nW36iEWvYHu6qAGvnEKeJ1P1w4BLov+VdSeZ06XLFXDRA@mail.gmail.com> <252E7296-D071-4E2C-971C-63E18694ADB8@isc.org> <CO1PR11MB488198C7174F42A6027656B4D85AA@CO1PR11MB4881.namprd11.prod.outlook.com> <2727C342-C0C4-42E5-B75D-51174FB7F59E@isc.org> <CO1PR11MB488139AB1EC0F8D15184F6D0D85AA@CO1PR11MB4881.namprd11.prod.outlook.com> <CAN-Dau2zjmU0TXEDJyc52W=TiHXAhjnzwAqtEcpE469buH7prQ@mail.gmail.com> <24af315f-f096-cbc5-82e3-984070825541@gmail.com> <CAN-Dau3745bRSQS_Bgsb9yp0M-GK8wjToQLN9qf9PpiA=quBmQ@mail.gmail.com> <54d56b6a-1934-33fe-a8b5-e2b5408abf19@gmail.com> <DAFB73BA-D993-4957-A5A5-0B9D53E89AED@cisco.com> <99c35b98-71e3-f304-02df-0ba849220392@gmail.com> <FE8A0C37-0480-4D68-8343-B05C859BC2F9@cisco.com> <CAPt1N1=TYVbaYk1T-3RzVp+n-Uqmtmvkr=SxG=E-QbOuaEaOHA@mail.gmail.com> <CO1PR11MB48812878301CDDC2CA8D277DD858A@CO1PR11MB4881.namprd11.prod.outlook.com> <CAPt1N1=xgewgdMVLqgiYSPWR=htBYaWLS41vJfdxFLYmEwEd1g@mail.gmail.com> <02B40094-A14F-47E3-911F-9A314A5978A2@cisco.com> <CAPt1N1mWpweM-dKdtHK5jiCVb024s6nQ17PKDLNX+MBxSX5PJg@mail.gmail.com>
In-Reply-To: <CAPt1N1mWpweM-dKdtHK5jiCVb024s6nQ17PKDLNX+MBxSX5PJg@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB4881:EE_|CH0PR11MB5459:EE_
x-ms-office365-filtering-correlation-id: 24b1fe9d-77cb-4290-5901-08db6e9509f2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XSEsLP5YgQKYo0VzY68Owc3j7ph0VWlEDqzy9HYGSc59itiiS2ndQD0snA0NT5CQNyk+wDRpFNhI1pPl7sy5WYQQlDKFhhqANzPQpr1oGJNc13WfSghosRu9QmZYawgboES5o0k5gj2oGFdKWV9USmy8X4ncncnLbrjnl5CIugzkcsxWa5izVpdyx8UZMwMb0Qdv7e2n/iiDJrxGZBkYGJapZjE8m6bsh1KWSO99vUnEbSbGw6nYqvAhS00rcyRgyTBaLrkNsoJWHVOXDO+2NypsEGvgoeoZFe1vdRmKMARVG5SaAI+kTXT7OY/mD7pSTBvawOgqmZ/Q3cWq9urE1U5mxIGEJxozvWVn7aNisv0DHMWf9A0hKDoFf0U9kZvQCYfo7EXu3jqOGcyWwtBE7n4ydkGop84UQ65GD5d7IxQ/mFGqLT8T0QKWlN6Ztj8FOH4yv92KKgWZO3VumPwT5cJtSfwOPomEg3geqOhlNtw2/p83hLEeCanDyErSdAolganfaqQ3hvIB3EiKH2q2VsbCEdsh4oBQe9RSBLZsdJwkADajVDm7EpEq2kUhR2NfRwZbnrAobXwrbdIALMnN+o9UC1Wu/HWPAlQgWJkc/i3kfooF14KbBr85gT4tSIFZXwlDk4kzfYCuiyN/t9vj7ECsx35DYJpYGOGOYr6s17UPSGFpc8GpPjieR+kHT6bC5VJvV+omFK3AeFbtKpz9oQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB4881.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(136003)(366004)(396003)(39860400002)(376002)(346002)(451199021)(71200400001)(53546011)(6512007)(6506007)(6916009)(66946007)(4326008)(316002)(66446008)(66476007)(66556008)(64756008)(76116006)(91956017)(2616005)(66574015)(186003)(83380400001)(122000001)(6486002)(966005)(478600001)(54906003)(38100700002)(8676002)(41300700001)(8936002)(5660300002)(86362001)(38070700005)(40140700001)(33656002)(2906002)(36756003)(166002)(45980500001)(244885003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: R1MS9I0o3J8WVHXjYLLcUyA5A3mP+oirCrC8mIFigglX8Vsm1fOvW2Q/PaW13XZ5zjxXGRdleXZ3GdTjmNGrVV6LP6IlmAlRY9BzhPETb6kijC3t74sTgPIcbCiGg6iKUVEcuAdgYkcIeVCh8apTX0r6csvMKrW9bvZPlFCQnq6bZN0ToBZMnQjzes22Nm6wVmlRhdLSLeu3JW6wDTGfkXjf+Kp3ayJwbbIDKYA5hgKQ9u79Ba3+owtZuJyCvK4MUtlPKxf7+i1DU0hk4VXujHn/O3M9pGgB/ii2m7Fgti5n54Zw2m65KYU3M3f2IdLI1der6VCExidxiAlY/FAiiI4ls/Jw4SKFCB6xEth+OVi4GhQ5zIpvGOBZOkB1m2+DgT+WTRklbLxgDfVpYKXicCVWNiTK3zbW/NpDTbOkHp7QTUAYytYJrwZTBEcbT3iRoobvJXa36Hlz06ziqveuJvm/qT377UxX+lW6ewV9Jxp76dWQ1AY11l0ePlNDDRpPXdKbKbh1snRVDoml2kqyNuG7ab+MERdalG14jrBSiogl0UTV17NwMOt5R7uyPVqAW0RF/abFYSzhPl43rbj9MDmh/Oj7Iia2Uz1rR7qsHVcSzyEdusY/SiCilemzAXDRSbBYTN8YiCujzQXkmk4Yw6SrjnzC4rmMhBQOX6h24yXcHVAoLjhhVtC54AWQyNSmALrdvLT0p6WbLzVbD9gGdYTj7wPOVrk2W+0TNd1L7fh/iQkvQh9JdxKa6X8gbDBhHHiFFJwpcU7lnsAQ9FA9UQWvFblmWsDqw4+ujVJAN7tE+X3Z37GsxYa8nCzHZWRxEPNIPdCBuMXEH+M8oFC5vsnDVhiVzG3ErpW/459QpXokIlTwW6uytOL8pFDTsN78rv9L7k44Azyu0xb9/kIOJDJ95ba0tPS9tfcyCvn1wJiHNfRHC7bDTtdeICnGGKZGWdYhSSHH6wlT2i/NOlbkhHNLgnU2s/flwCWZlWzMnqjTEejXBl1MaJoWxXD1Z5xp111NCbn/4YoWuxM/7DTuHC/iqy0MZR9NDYs8KMH1QBKpsfRktS8HTKvA5k9WfQTr4LKD/xtPdue1hCNbmvcWxzD+dLT2IUqKg9THyelE6rExuP64xY1qkdQZreibl/VpyR4Y/nxwkJOe0J4x9UoVE+JeUv5U4/C77pt1/D8E+itp2JkqBi3txataGNXd9UQp+Hi7SGn4VYu5Lbjj6RW7ALWc4pT/cFtQGz5tjjEPWRmNlJZYiHvR4kZDvIZHGjD9uWAVxWXN57Y4WF+j29xUby57L7QS5748W+LdMJf5GuL7reL2Swlvy/jlVz6dTJ+o0pjsfnUr3fcR+DAg4UkwVLEKl6gSwPf5v0OcQIJmTZ1FMdXoDjL6F7SY4LMVRc7tyKBB4/GwBtSoKQmbXCJSY5ff8QykFY6lIfcH5futEJbAapiCJdueojSThsedWSlkRAqSFIund0FHytBzEG41HOEVCqHqaV4ARx9oKTyRXsFqDTDT8XN2huWu3awfbx9fMEumd5NNbL+MGjNEMadV1FSpuOYk37ZnjMF2RtTWZYx3w/f2wvW2zpvXelw5n5DWZFAkYYRRzLRPjUXmIhV1KEbsckRCw+pX0aUtKEQtA+wRMiGg66CcfHVDQhsSACME
Content-Type: multipart/alternative; boundary="_000_C0A33B04AA2F40C19B4F63AC93F84D0Cciscocom_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4881.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 24b1fe9d-77cb-4290-5901-08db6e9509f2
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jun 2023 18:10:59.8969 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KnLlYl2kn+0mVXxQw31O7D3y7yAroxLPWgkbaY9uDH9fU1IjiR+KNk9KUduX31S0or41MOfnxIj6O87OYDjrIQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5459
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/y5ub-7D-5LfcVJ1PcQTcArd7TX8>
Subject: Re: [IPv6] ULA vs. 1918
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2023 18:11:09 -0000

Oh you’re right, my logic is flawed there. I was expressing a real property but not applicable there as you point out.

Step back:

Say the stack has all addresses but knows that it can reach a server GUA with a ULA. The server that replies will know that the client is local and that can change the security posture of the connection. This is for the original case. In that regard ULA is better than GUA.

And a node with only ULA as you point out can control its external reachability eg by obtaining temporary GUAs from a home agent at the border of the domain, using the ULA as CoA and the GUA as home address as in section 4.4 of RFC 4864. Compared to rfc 1918 and NAT this places the control in the host as opposed to the NAT box. In that regard ULA is better than rfc 1918.

But it only works if the host knows that ULA will work proactively or very quickly on demand…

Regards,

Pascal

Le 16 juin 2023 à 19:33, Ted Lemon <mellon@fugue.com> a écrit :


The message I was replying to said:
packets to/from the ULA can only be injected within the ULA domain of routability. This creates an isolation against external attackers which have to be inside or use a trojan to attack an ULA only node.
So that means that the node is ULA-only, and is not reachable via GUA or 1918. If the node has all three, then isn't it the case that it's attackable using the GUA, and hence the security concern doesn't apply? And if it only has ULA, it's only attackable from within the routing domain of the ULA, and hence there's no security issue? Sorry to belabor the point, but if you think there's a security issue here it would be good to characterize it clearly.

On Fri, Jun 16, 2023 at 1:23 PM Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:
Ok we’re not on the same case that’s why.
I was discussing the preference between GUA ULA and 1918. When a node has them all. Saying that actually ULA when done well could have the best properties while the state of the art makes it least preferred…


Regards,

Pascal

Le 16 juin 2023 à 19:16, Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> a écrit :


Okay, but it seems like there's no problem then, since the node is ULA-only. It's only when you number the node with a GUA and publish it that it becomes reachable. So, from an operational perspective, what is the use case you are thinking of where this is a problem in a practical sense?

On Fri, Jun 16, 2023 at 11:12 AM Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:
Hello Ted

packets to/from the ULA can only be injected within the ULA domain of routability.
This creates an isolation against external attackers which have to be inside or use a trojan to attack an ULA only node.

regards,

Pascal
________________________________
De : Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Envoyé : vendredi 16 juin 2023 16:53
À : Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
Cc : Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>>; ipv6@ietf.org<mailto:ipv6@ietf.org> <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Objet : Re: [IPv6] ULA vs. 1918

What do you mean by “secure” here!

Op vr 16 jun 2023 om 03:02 schreef Pascal Thubert (pthubert) <pthubert=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>>
Hello Brian

If I have a ULA and my destination has a ULA and routing enables connectivity between the 2, ULA to ULA seems to be the most secured choice (because there’s some control on the diameter where an attacker can operate).

But then how does my stack know? Sure, routing does to a point (default routes obfuscate). So I could leave it to trial and error / eyeballs. But isn’t that a demonstration that the information available at the stack is lacking?

What we want is the stack to know which prefixes a ULA can reach from the routing standpoint, and if an ULA can reach a prefix, allow to prefer a ULA.

The ULA to ULA routability could be expected / inferred within a 48, but my point above is that it’s doubly a mistake to resort on that.

I’ll add that outside the 48 boundary, ULA longest match is not your friend. If you have 2 ULAs a and b and a destination c outside a’s and b’s 48s, but a longer bitwise match with b, does that mean anything about which of a or b can be routed to c? Ne.

This is why for each PIO of an ULA there should be a train of prefixes that an address formed from the address in that PIO can reach, with a preference (vs other PiOs) That’s the only way to unleash the power of ULAs.

Note along that vein: there’s no point making GUA prefixes special in that logic. If the ULA can reach a GUA, then the ULA is still a more secure source address. Placing a GUA in the train with a preference should be acceptable. For the return path, the GUA should assume symmetrical routability: if the ULA packet reaches me I can reach it back (because it is hopefully filtered at the site boundary).

IOW we could consider RIO as the router-level “the originating router can reach this destination prefix with this preference “ and a RIO-prime attached to a PIO would be the source address-level “a source address formed from the prefix in the PIO above can reach this destination prefix with this preference “. This destination prefix being a global address, ULA or GUA.

Note that RPL use that sort of semantics very successfully. More so with upcoming signaling in https://datatracker.ietf.org/doc/draft-ietf-roll-dao-projection/. I’m not asking you to read the draft but it’s a good hint at how powerful the concept of AGP can become.

Take care,

Pascal

Le 15 juin 2023 à 22:40, Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>> a écrit :

On 15-Jun-23 19:38, Pascal Thubert (pthubert) wrote:
Hello Brian
Today the only reachability that is assumed seems to be the /64. Based on the current standards one could assume that /48 is reachable as well but I’d not like to case that in stone in the stacks. The /64 experience with SLAAC should have taught us a thing or 2.

Routing will determine whether the whole /48 is reachable. There's not too much we can do about that at the address selection stage. This is more a matter of scope; and as things have evolved, the nearest thing we still have to site-local scope is a ULA /48. I completely agree that this is classful addressing (even link-local is classful). However, it would not be cast in stone in the code, since it would be in a configuration table. Do we have a better solution for the *default* behaviour?

(There is an argument for the default table being defined by v6ops, not by 6man.)

   Brian

This is why I jumped in the thread. The ULA may reach a shorter aggregation (even if to Lorenzo’s point that is not fully legal with the current text), and it may reach other ULA prefixes. So hardcoding the /48 is not only repeating an error of the past but also not sufficient to avoid the need of DHCP, as soon as the network gets fancier.
And it will. SNAC is just one example.
I’m looking forward to seeing what the new draft proposes. I hope for a per PIO option inspired by RIO. Basically for ULA all the access le prefixes would be listed with a preference.
Along the same vein I hope for another per PIO option, also inspired by RIO, that indicates the router preference for a source address derived from that prefix.
Regards,
Pascal
Le 15 juin 2023 à 00:52, Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>> a écrit :

On 15-Jun-23 10:33, David Farmer wrote:
On Wed, Jun 14, 2023 at 17:01 Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com> <mailto:brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>>> wrote:
   On 15-Jun-23 04:56, David Farmer wrote:
    > I've been thinking we should extend RFC 8028's use of a PIO with A=0 and L=0 for choosing the first-hop router. By adding to that, if the prefix is from the ULA range, then the host should also treat the prefix as a Local ULA prefix from an RFC 6472 section 10.3 perspective and add it to the table as a local ULA prefix.
   What is specific about A=L=0 in this case? Why wouldn't this apply to any PIO in the ULA range?
If A=1 and the prefix length isn’t 64, some people are going to have words with you, I’m fine with it, but I’m not really looking to pick a fight today, and those seem to be fighting words.

I was assuming the PIO would be for a prefix of whatever length happens to be in use on the subnet in question (which would be indeed be 64 today). But one can legitimately assume that if fdxx:xxxx:xxxx:yyyy::/64 is announced, the applicable ULA prefix is fdxx:xxxx:xxxx::/48.

  Brian

Also, L=1 is making a different statement about the prefix. A=L=0 isn’t making any other statement about the prefix than it might be a ULA that the host should treat as local and the router announcing the RA knows how to route for.
But it doesn’t specifically have to be A=L=0, but that is probably the safest statement to make.
Thanks
--
===============================================
David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> <mailto:Email%3Afarmer@umn.edu<mailto:Email%253Afarmer@umn.edu>>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email