Re: [irtf-discuss] Why do we need to go with 128 bits address space ?
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 16 August 2019 15:42 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: irtf-discuss@ietfa.amsl.com
Delivered-To: irtf-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 922D0120836 for <irtf-discuss@ietfa.amsl.com>; Fri, 16 Aug 2019 08:42:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tw64h38DLCDB for <irtf-discuss@ietfa.amsl.com>; Fri, 16 Aug 2019 08:42:43 -0700 (PDT)
Received: from mail-ot1-f66.google.com (mail-ot1-f66.google.com [209.85.210.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDC4C12080A for <irtf-discuss@irtf.org>; Fri, 16 Aug 2019 08:42:42 -0700 (PDT)
Received: by mail-ot1-f66.google.com with SMTP id e12so9916467otp.10 for <irtf-discuss@irtf.org>; Fri, 16 Aug 2019 08:42:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xECeXB0Z+ULBzFpxPLhONimktsN2+4hPJ1LedI3dwXs=; b=FQ3fes8Pa+gcPe6ZNgTs8mzQqjEgloWwE9ZjZTBzDJPdpCDZFBKknkBjMtWHFgGhDs mYChOOLf/YS9A5yRkfTCc3QxQNQ91x88Pu2QFE2Mh+4uJNV5R81120c5B0r5QIPLX78f qdnAxEqd4AiHp8MEBAt1qWUAkSya02LR+KN+YY5QZ16Yole38JJOQUrNUl91FsB4+r2g uDlnqkQA5R9pXdshwhZYlZIwZFUNjpPdaEcx4khJ+ly8Iw1z54HqYB8Gd65pGK+pHj3O e/nnnwmq1ubZgh1yiBwRRQXjzec+iPzRlhI9A1PIMHMZ0c2w3J+VIcjNpVcvWdM3VmQl x/ag==
X-Gm-Message-State: APjAAAUqC196g9hiGWrTIDXo17xvIi2SoKGmvQFeQbZHC1s4RuAQRl43 fjfWRYY/fmRkpc+V2mN8PkDmRJQRPCG2FNu+DDc=
X-Google-Smtp-Source: APXvYqzCmAy0W0U+ij3/Y2iBtNEw6K8wOHwjB5vMetfAOy/7jjCNDhUyqOJiIaVrlqxYckTX90ktYRlLbF4CUn1+zAA=
X-Received: by 2002:a9d:4a3:: with SMTP id 32mr8166155otm.37.1565970162163; Fri, 16 Aug 2019 08:42:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAPTMOt+cGhBqHmT3yZVChv-PCMqxT-WPDcDdM3RuTc1TMfFeVg@mail.gmail.com> <cd254463-43ba-2afd-5c3c-f462a74e5c30@kit.edu> <CANMZLAat4X+Eh+fgTrbikO6dusvcvvUr5foj=3OEnbRhQtOHSw@mail.gmail.com>
In-Reply-To: <CANMZLAat4X+Eh+fgTrbikO6dusvcvvUr5foj=3OEnbRhQtOHSw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 16 Aug 2019 11:42:32 -0400
Message-ID: <CAMm+Lwi9QsW=QXc0fK=u-+PfM7fOhCyX2FugPfqPzghiwHAFcA@mail.gmail.com>
To: Brian Carpenter <brian.e.carpenter@gmail.com>
Cc: Roland Bless <roland.bless@kit.edu>, irtf-discuss@irtf.org, 6man@ietf.org, IETF discussion list <ietf@ietf.org>, shyam bandyopadhyay <shyamb66@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000003ea83705903dd7df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/irtf-discuss/-2hOc411DDHM9ar0gxCUKarh3JQ>
Subject: Re: [irtf-discuss] Why do we need to go with 128 bits address space ?
X-BeenThere: irtf-discuss@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF general and new-work discussion list <irtf-discuss.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/irtf-discuss>, <mailto:irtf-discuss-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/irtf-discuss/>
List-Post: <mailto:irtf-discuss@irtf.org>
List-Help: <mailto:irtf-discuss-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/irtf-discuss>, <mailto:irtf-discuss-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 15:42:45 -0000
On Thu, Aug 15, 2019 at 6:31 AM Brian Carpenter <brian.e.carpenter@gmail.com> wrote: > e) 64 isn't enough to allow lots of bits for topology plus lots of bits > for privacy > f) in any case we can compress the headers in low power, low bandwidth > scenarios > g) it's 25 years too late for this discussion even if we were wrong > Perhaps. The reason we went to 128 bits was 64+64 = 128 It was assumed that networks would want to map MAC addresses onto the lower bits of the address and those were already in the process of expanding to 64 bits. This hasn't happened because it is nonsense. Disclosing the structure of your internal network to potential attackers is stupid. IPv6 to IPv6 NAT is going to be seen as an essential security control in future zero trust/zero knowledge networks. I don't want Mallet knowing if I have 4 hosts in my network or 400 and I am going to try to make it as difficult and expensive as possible for him to find out. So instead of allocating one IPv6 address to my hosts, I will allocate multiple addresses and apply encryption to obfuscate them at the network boundary. This approach can provide a lot of leverage against DoS attacks. The Mesh service protocols make it possible for a Mesh service to assign each account a separate IPv6 address for client access. That in turn makes it possible for border controls to drop packets that are from accounts that are flooding or not associated with an account at all. It is easier to find an encryption cipher with a 64 bit block size than 48. They are not going to be any use for general purpose encryption but they would serve this one. It was also assumed that there was a need for more routable IP addresses which was probably a mistake. In IPv4, every host has an Internet has a routable address. So if Google has 32,368 hosts at the same site, that means 32,368 routable addresses. The design for IPNG did not take account of the fact that if we append a non-routable portion, those hosts can all sit on the same routable address. So yes, one could argue that 32+32 would have been enough. Only there are more than 4 billion people on the planet. So you have to have at least 40 bits for the routable addresses and once you take account of inefficiency in the allocation process we need a minimum of 48 bits. Given the vast cost of the change, 64 bits looks like a reasonable choice to me.
- [irtf-discuss] Why do we need to go with 128 bits… shyam bandyopadhyay
- Re: [irtf-discuss] Why do we need to go with 128 … Mark Smith
- Re: [irtf-discuss] Why do we need to go with 128 … Roland Bless
- Re: [irtf-discuss] Why do we need to go with 128 … Brian Carpenter
- Re: [irtf-discuss] Why do we need to go with 128 … Roland Bless
- Re: [irtf-discuss] Why do we need to go with 128 … Sam Kerner
- Re: [irtf-discuss] Why do we need to go with 128 … Lixia Zhang
- Re: [irtf-discuss] Why do we need to go with 128 … Mark Allman
- Re: [irtf-discuss] Why do we need to go with 128 … Nico Williams
- Re: [irtf-discuss] Why do we need to go with 128 … Fernando Gont
- Re: [irtf-discuss] Why do we need to go with 128 … Tom Herbert
- Re: [irtf-discuss] Why do we need to go with 128 … Chengli (Cheng Li)
- Re: [irtf-discuss] Why do we need to go with 128 … Carsten Bormann
- Re: [irtf-discuss] Why do we need to go with 128 … Roland Bless
- Re: [irtf-discuss] Why do we need to go with 128 … Fernando Gont
- Re: [irtf-discuss] Why do we need to go with 128 … Mark Smith
- Re: [irtf-discuss] Why do we need to go with 128 … Musa Stephen Honlue
- Re: [irtf-discuss] Why do we need to go with 128 … Behcet Sarikaya
- Re: [irtf-discuss] Why do we need to go with 128 … Phillip Hallam-Baker
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Mark Smith
- Re: [irtf-discuss] Why do we need to go with 128 … Michael
- Re: [irtf-discuss] Why do we need to go with 128 … Phillip Hallam-Baker
- Re: [irtf-discuss] Why do we need to go with 128 … Pengshuping (Peng Shuping)
- Re: [irtf-discuss] Why do we need to go with 128 … John Levine
- Re: [irtf-discuss] Why do we need to go with 128 … Fernando Gont
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Robert Raszuk
- Re: [irtf-discuss] Why do we need to go with 128 … shyam bandyopadhyay
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Robert Raszuk
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Robert Raszuk
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Fred Baker
- Re: [irtf-discuss] Why do we need to go with 128 … John Wroclawski
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Fred Baker
- Re: [irtf-discuss] Why do we need to go with 128 … Robert Raszuk
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Masataka Ohta
- Re: [irtf-discuss] Why do we need to go with 128 … Fernando Gont