IETF Logo Mail Archive

[manet] Re: [IPv6]Re: IPv6 Address for Ad Hoc Networks

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 04 August 2024 18:33 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F690C14F5FE; Sun, 4 Aug 2024 11:33:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2MjzfD4UfcQ; Sun, 4 Aug 2024 11:33:21 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63AACC14F60B; Sun, 4 Aug 2024 11:33:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 077E23899A; Sun, 4 Aug 2024 14:33:18 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id Ni1aFvwgoa34; Sun, 4 Aug 2024 14:33:16 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1722796396; bh=F3q3JUuAo5Kj3EbXl9r6Mn2D+PWcgztfpTTqYs+9830=; h=From:To:Subject:In-Reply-To:References:Date:From; b=vs9keFQpqg+xECqk6DpDmW04dy/Zj59DWpJMB7U3x3ACUGZBYOuA4S8hzQhKeowPH xN1kQ78FG9R5YazhV7stLlqPZxB0RlNnvT/Q6QRVxDQ6dxr2rHkqgFaBWpKpX67jf5 ReOn4YzOObVr+KjveZWtuBp0WzoW+Fg8+AI5pSQ+UdEZiqLvFK2NYiN51j2L/3mdN7 VoiHmIeQnVAqcJ/8LYnCuuipGs7rlTFU7tZM2MLyQ8Nxh9r4FxYjHA/gU3UZ/p0Uq4 8OR6TUrItU7RHa/+zSy87QmGVXUoPoK5GDU9wVfN6ewbEAOOwkG37ZkhxFUwAGy1AU eQ2wAn1QwEAzg==
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 333EB38999; Sun, 4 Aug 2024 14:33:16 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 2E77C18B; Sun, 4 Aug 2024 14:33:16 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Templin (US), Fred L" <Fred.L.Templin=40boeing.com@dmarc.ietf.org>, IPv6 List <ipv6@ietf.org>, "manet@ietf.org" <manet@ietf.org>
In-Reply-To: <BN0P110MB14204C62A1B3694E056F74ABA3B3A@BN0P110MB1420.NAMP110.PROD.OUTLOOK.COM>
References: <172263317384.170476.12146036424663724301@dt-datatracker-6dd76c4557-2mkrj> <BN0P110MB14204C62A1B3694E056F74ABA3B3A@BN0P110MB1420.NAMP110.PROD.OUTLOOK.COM>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 04 Aug 2024 14:33:16 -0400
Message-ID: <6528.1722796396@obiwan.sandelman.ca>
Message-ID-Hash: AL75NSWMLPK4IVHHURGWLKMPLS66B4SP
X-Message-ID-Hash: AL75NSWMLPK4IVHHURGWLKMPLS66B4SP
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-manet.ietf.org-0; header-match-manet.ietf.org-1; header-match-manet.ietf.org-2; header-match-manet.ietf.org-3; header-match-manet.ietf.org-4; header-match-manet.ietf.org-5; header-match-manet.ietf.org-6; header-match-manet.ietf.org-7; header-match-manet.ietf.org-8; header-match-manet.ietf.org-9; header-match-manet.ietf.org-10; header-match-manet.ietf.org-11; header-match-manet.ietf.org-12; header-match-manet.ietf.org-13; header-match-manet.ietf.org-14; header-match-manet.ietf.org-15; header-match-manet.ietf.org-16; header-match-manet.ietf.org-17; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [manet] Re: [IPv6]Re: IPv6 Address for Ad Hoc Networks
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/_G6DrA0H0j8iWlUnR7IUATuNVZg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Owner: <mailto:manet-owner@ietf.org>
List-Post: <mailto:manet@ietf.org>
List-Subscribe: <mailto:manet-join@ietf.org>
List-Unsubscribe: <mailto:manet-leave@ietf.org>

Hi,
I have read mla-21.
I think the word "amorphously" in paragraph three is not the word you want.
(dictionary.com says "amorphous" means without form, denies existence of
adverb, but such a word ought to exist)

I think the word you want is autonomously, or autonomically.

I don't really understand section 4.
Does a node have an MLA for each network it joins?
Or for each interface on each network it joins?
I think MLAs should be added as loopback addresses on a single interface (lo,
or dummy or null).  Then the ad-hoc routing protocol should spread /128
routes for that MLA using the v6-LL of the device as the nexthop.

This is how RFC8994 works, and how most IGPs are configured.

About RFC8994: at first it seems a little less ad-hoc, but given the OMNI
context, I actually reconsider.  RFC8994 does allocation of /120 or /116
(from within the ACP's /48 ULA) prefixes via PKIX certificates.  (See below)

Yes, this is very very much centrally managed, but it's tied to the
onboarding of the device, and the provisioning of the security credential.
Surely in 2024 ADHOC networks need security, and that means some kind of
credential.

I'm generally skeptical that you need 116-bits of randomness.
I think 64-bits might enough.  I don't think you can/should squat on ORCHIDs
or HHITs; or rather, I think we have more than enough v6 space to set aside
some for OMNI.

"If the node becomes aware that the address is
   already in use by another node, it instead generates and assigns a
   new MLA."

without a mechanism for DAD, I don't see how this statement can ever be
enacted.

I think you should consider if you truly and really need/want such random
addresses.  I think you will ultimately need a secured identity.


i.e:
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                otherName:rfc8994+fd739fc23c3440112233445500000000+@acp.example.com

as per section 6.11.5 of RFC8994, I allocate "Vlong" style addresses so that
the nodes have not just a /128 for themselves, but also some additional
addresses for local VMs, containers or different (virtual) services.
(No, these prefixes are not for extending the network, but for network
management.  If a device needed a /64 for SLAAC, then it would get one via
DHCPv6 over the production network, not the ACP)

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.29.0 | Report a Bug | By Email | System Status