Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Tom Herbert <tom@herbertland.com> Thu, 21 February 2019 23:04 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24A4312D4ED for <ipv6@ietfa.amsl.com>; Thu, 21 Feb 2019 15:04:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qg7Qu_4v9jgj for <ipv6@ietfa.amsl.com>; Thu, 21 Feb 2019 15:04:38 -0800 (PST)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1BFC128701 for <6man@ietf.org>; Thu, 21 Feb 2019 15:04:38 -0800 (PST)
Received: by mail-qt1-x829.google.com with SMTP id p48so441746qtk.2 for <6man@ietf.org>; Thu, 21 Feb 2019 15:04:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2CsenjAgXktK2dLwLpzCDv3w0ldn8pu8mK3DNPvDEBQ=; b=rfvA/Y32kg/MnMF0kVP4OLZraOjJC9aE1OP/R5Dmuh9dag7gjNVNlW11Tqccoq5OVd pXksiyKU/zx3krBcbhyS2XVDMnaqjhjs+/D+fr5GMpwwu6WbpiyZPcfNcogKtXRyoeUI k4YHVYBYlfVePaKzbXTLjjvTy2+Wve+YMsZZoK2+K6VHPDU1TaLrxJ6vCmEWjJ/UCOJm xZjYggc5QA687EOyJnzrLfnY/LesrsiZC5nRmdpk5hMsW4+UWEiQsO2p2iZf36RSmEx9 MO6D+Rbds0j1+9oXMAz9+uu97LBUYkCUbaVw1ThNb1lrgtt0RQ/5CC0BF6visJsPL8IK n54w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2CsenjAgXktK2dLwLpzCDv3w0ldn8pu8mK3DNPvDEBQ=; b=LO74DudYZtyh7BI+xKLvwBl9jnq8EbeknRY+0aSx0KDGBlQE+d59mf7CAtyon+oqWZ TQOss/prvLnWtpvV3dkdtYb349F1O4WNFErRjyt1wBSBOkc3KXz9/+7/OREAmrh6W0Sw pRMmod4zHCJx95w4j17IvuNfrJCXIsp1klEwDVV163EicrxN8vrf53Z9aQACx4wyE3ii 1wZwQ/sVg2eEhe/f+/0GoOdlhUYn27+VO3+lNlmk3UuoZ23ZkFpeulQuIzwVqeCxWGUs EBOxZ7UEyIvP0Fm2HhzReGJR8O+iXbKuqb01ZCGWb/QHJjVsS90npC8hK9KX2Uay9dCB N2iA==
X-Gm-Message-State: AHQUAubbKB92rf4fc+dQH0vbluYHuJfryN71MfKu5qYwpsBrj05t3MF2 mRB/S32D6NaR+d+tZuzASU4yfqTKxWR3fYpfbBwR3w==
X-Google-Smtp-Source: AHgI3IbyaAxvcLDj8GLeSQSwvd71mAbqvPHgAIfPmvQK3sraEEBMj7vTPt9GFfpWjefNTQyX2P/baK1mWX+3041NyWs=
X-Received: by 2002:a37:7885:: with SMTP id t127mr766167qkc.323.1550790277460; Thu, 21 Feb 2019 15:04:37 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com>
In-Reply-To: <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 21 Feb 2019 15:04:26 -0800
Message-ID: <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com>
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
To: Mark Smith <markzzzsmith@gmail.com>
Cc: "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/y61q8O2eNkdaiDxuP3sGa4ejqe8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 23:04:41 -0000

On Thu, Feb 21, 2019 at 2:46 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
> On Fri, 22 Feb 2019 at 08:53, Manfredi (US), Albert E
> <albert.e.manfredi@boeing.com> wrote:
> >
> > From: Mark Smith <markzzzsmith@gmail.com>
> >
> > > That's because applications that would be best performing, most robust and more secure with a peer-to-peer communications model are forced to adopt an absolute client-server model (where the server is a much more likely performance bottleneck, the server becomes a SPOF for all clients using it at the time, and the server is a natural interception point for a malicious server operator).
> >
> > Even if it's only the prefix that changes? I don’t get that. Peer to peer can be made to work there too.
>
> "made to work" implies work arounds. The IP layer has a peer to peer
> nature - any node should be able to directly send to any other node,
> just by having the other node's address. If a device has to send it's
> packets through a third party to reach the actual party it wishes to
> communicate with, it isn't a peer of the latter party. It is now a
> client of the middle relay party.
>
> This isn't the place to rehash the NAT discussion (because IPv6 + NAT
> doesn't provide any benefits over IPv4 + NAT, and that makes IPv6
> pretty much pointless.)
>
> Have a look at the following presentation on NAT from a few years ago,
> where I think I did something different to other NAT presentations - I
> compared NAT to what I describe as a network operator's "Network
> Critical Success Factors". Any questions/comments, we can discuss
> off-list.
>
> "The Trouble with NAT (Or why I care about IPv6)"
> https://www.ausnog.net/sites/default/files/ausnog-2016/presentations/1.2_Mark_Smith_AusNOG2016.pdf
>
> (APNIC asked me to write up a few blog articles on it if you want a
> longer read - https://blog.apnic.net/author/mark-smith/)
>
>
> > I agree if you're talking about NAPT, though. Those basic NAT firewalls I alluded to previously support peer-peer quite nicely.
> >
>
> So I think there's commonly a big different between works and works
> well. NAT may work, however compared to stateless IPv6 (and IPv4)
> forwarding, it doesn't work anywhere as near as well.
>
Mark,

I agreee with that with one exception. I believe that NAT/IPv4 can
offer better privacy in addressing than IPv6 given current addess
allocation methods.

Tom

> Regards,
> Mark.
>
>
>
> > Bert
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops