Re: Upleveling discussion (was Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-prefix-per-host))
Fernando Gont <fgont@si6networks.com> Fri, 17 November 2017 07:46 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53AA8128C81; Thu, 16 Nov 2017 23:46:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UekRFtkjyWXH; Thu, 16 Nov 2017 23:46:37 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD95212741D; Thu, 16 Nov 2017 23:46:36 -0800 (PST)
Received: from [IPv6:2001:67c:1232:144:9ac:99fc:64d1:1909] (unknown [IPv6:2001:67c:1232:144:9ac:99fc:64d1:1909]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 4C27480C3F; Fri, 17 Nov 2017 08:46:32 +0100 (CET)
Subject: Re: Upleveling discussion (was Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-prefix-per-host))
To: Suresh Krishnan <suresh.krishnan@gmail.com>, "6man@ietf.org" <6man@ietf.org>, "v6ops@ietf.org WG" <v6ops@ietf.org>
Cc: Ted Lemon <mellon@fugue.com>, Mark Smith <markzzzsmith@gmail.com>, "Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>
References: <be9724f5-2ff5-d90c-2749-ecae2c628b78@si6networks.com> <ea772bfd-4004-7f94-8469-b50e3aff0f29@si6networks.com> <F2330138-6842-4C38-B5A0-FB40BFACD038@employees.org> <e40697ca-8017-c9d2-c25d-89087046c9cf@gmail.com> <207f040a-7fe2-9434-e7a5-f546b26fdf63@strayalpha.com> <CAKD1Yr26NK2osApYZBm8Yd=0X7xcetrxojp6=JHOEAu9BB0q8A@mail.gmail.com> <8ca59610-2d25-2be4-9d2c-9b1a75fd3ace@si6networks.com> <E67105A3-396B-403C-B741-E9E01CFB5CE7@employees.org> <862687c9-c107-53a8-288a-29049097b0e1@acm.org> <AM5PR0701MB2836C00EA1AAC73E7E63F583E02B0@AM5PR0701MB2836.eurprd07.prod.outlook.com> <CAO42Z2xacRco7ne7biQ93so0k-x4xSnM2jzoB13-sdVRLshQDQ@mail.gmail.com> <CAKD1Yr0Zz6Jxg_ZuEbBkMhBdEaZKOrtx-eUns7KWi9v-5PDBzg@mail.gmail.com> <CAO42Z2xqwRH94dw=XJf5mt3STdDcTYmB_i1NbXP46shdJQeaPA@mail.gmail.com> <E7F9E3EF-B5AA-4698-8BBC-772228129277@fugue.com> <AM5PR0701MB2836DB6E4A3E3F8FC6CA5FE0E0280@AM5PR0701MB2836.eurprd07.prod.outlook.com> <F762F88F-ABCE-4B91-BA75-66D464420AEE@gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <bff593fe-db26-46e8-c7dd-18203f9780f2@si6networks.com>
Date: Fri, 17 Nov 2017 15:44:57 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <F762F88F-ABCE-4B91-BA75-66D464420AEE@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zk2CjIbNH7hXAA9aqzdpsUQS_I4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 07:46:39 -0000
Hello, Suresh, On 11/14/2017 11:22 AM, Suresh Krishnan wrote: > Hi all, > I would like to summarize the issues that have been brought up, along > with my views (I apologize for the long mail but I think it is warranted > in this case) Thanks for the summary! > b) Mechanism does not work > > Given that the mechanism has been implemented and deployed by the > authors, I have a hard time taking this claim at face value. Providing > an unique prefix per host has been standard practice in 3GPP mobile > networks for the past *15 years*. based on recommendations from the IETF > back at that time. When a mobile attaches, there is state created on the > first hop router that does exactly what this draft wants to do. The only > issue I see is a lack of mechanism to clean up stale prefixes if the > hosts go away, but depending on the deployment this may or may not be an > issue. I don't think anyone has argued that the mechanism "does not work". The issue raised has had to do with two things: 1) Reduced resiliency of SLAAC as a result of the required (previously inexistent) state 2) The security implications associated with 1) This means that SLAAC can break in new ways, and also that attackers can attack SLAAC in new ways. FWIW, the motivation for raising this discussion was the reduced resiliency and reduced security of the corresponding deployment of SLAAC. Essentially, it was either "bad timing" (on my side, as it happened), or "worse timing" ( on my side, too -- i.e. not raise the issue at all, and then just see the aforementioned issues happen). The fact that the document is bcp made the above considerations even more of a concern, since we are telling all IPv6 deployments that this document is the way to go. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-pref… Fernando Gont
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… DY Kim
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Brian E Carpenter
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Lorenzo Colitti
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Erik Kline
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Erik Kline
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Warren Kumari
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fernando Gont
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fernando Gont
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Templin, Fred L
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Brian E Carpenter
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Mark Smith
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Lorenzo Colitti
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fred Baker
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Fred Baker
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… joel jaeggli
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Brian E Carpenter
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Joe Touch
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Warren Kumari
- Re: Stateful SLAAC (draft-ietf-v6ops-unique-ipv6-… Alexandre Petrescu
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Bob Hinden
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Erik Nordmark
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Bob Hinden
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Erik Nordmark
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DaeYoung KIM
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Brian E Carpenter
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Erik Nordmark
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Mark Smith
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Enno Rey
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Bernie Volz (volz)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fernando Gont
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Victor Kuarsingh
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Michael H Lambert
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Philip Homburg
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Nick Hilliard
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Templin, Fred L
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Mark Smith
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fred Baker
- DHCPv6 PD route injection (was: Re: [v6ops] State… Ole Troan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Ted Lemon
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… james woodyatt
- RE: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Suresh Krishnan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Warren Kumari
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Fred Baker
- Re: [v6ops] DHCPv6 PD route injection (was: Re: S… Brzozowski, John
- Upleveling discussion (was Re: [v6ops] Stateful S… Suresh Krishnan
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… Lorenzo Colitti
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… DY Kim
- Re: Upleveling discussion (was Re: [v6ops] Statef… Erik Nordmark
- Re: [v6ops] Upleveling discussion (was Re: Statef… Brian E Carpenter
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: [v6ops] Stateful SLAAC (draft-ietf-v6ops-uniq… David Farmer
- Re: Upleveling discussion (was Re: [v6ops] Statef… james woodyatt
- Re: [v6ops] Upleveling discussion (was Re: Statef… Gert Doering
- Re: Upleveling discussion (was Re: [v6ops] Statef… Fernando Gont