IETF Logo Mail Archive

Re: [OPSEC] [v6ops] ULAs [was WGLC for draft-ietf-opsec-v6]

Ted Lemon <mellon@fugue.com> Wed, 19 April 2017 22:47 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC474129B63 for <opsec@ietfa.amsl.com>; Wed, 19 Apr 2017 15:47:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bE4f-RO1zUBr for <opsec@ietfa.amsl.com>; Wed, 19 Apr 2017 15:47:24 -0700 (PDT)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 681F9127337 for <opsec@ietf.org>; Wed, 19 Apr 2017 15:47:22 -0700 (PDT)
Received: by mail-qt0-x236.google.com with SMTP id g60so32203354qtd.3 for <opsec@ietf.org>; Wed, 19 Apr 2017 15:47:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=E2woGOgy8yWSa+a4aikB5m5Bjiz8XnZVhJsGSL/Rw4o=; b=LWo5QvaqyWu9LCNeu0Zx9M0gJTBuszzn38sRM82eo8brayV3j9xSpaoOeRF7fgZrtK hDU/miiOTrleinmc/Gj3SLGWO1tRwmx/a/bd6AO7TlsFhr/gYr3yCxs3188DBDhvkwU4 UOkB/D1mz3cALI88oGesjbRrrRaCMX+h/5wtcAUa6zu32Df/0Duysb/NGJ8yf8LEfxvx m334B/u89yFyfrhF2KCftQCfctNQw38kt5Noixc5pH8KJVyrBXLYTKm/tlQMdantmMPh 7PNYkL7nADOm46vCxQvpbV4G3s+4h47hw+eHLWl8jbCxaA1jJtaeErgm60XZUj1IOHZB NGLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=E2woGOgy8yWSa+a4aikB5m5Bjiz8XnZVhJsGSL/Rw4o=; b=eGJ3/jPb59RE8AWUoVcLlecpuEXB9n5jm2xoSzqDy+HICux8M3keOgw11kEmTBlXvK +rXHXIk+9WJGaY9Cnq56eGCmSryyLa6CEghPNVvXx19H/hxZPXvoT15me+vFAYSlkHLP 5EkxsEcOH83YgTJRyrn4BSmIfPaRAfXGglHt/8oyNr+D9+iSMhQl90umI3VtWI6KR7DE yF9irfK5hYmUZ/iLFnPbJCss/cp2Z0k5NfOmi/CDS5RvUNC8odcm2UKlwz2nWHlyXXwY H3X9bjP6k8AM8wswUgHWIKrKidQ4jpH911XF2hlwh8lPjyWWFZgWXjMT7A4SCcf5klxA yRLw==
X-Gm-Message-State: AN3rC/6GEOdJqg6lNmy1iXUiYnCcMjF9pFrKCEaPq4fhr1rCizW+VuEb YJJaYeYkrH6N5Q==
X-Received: by 10.200.37.136 with SMTP id e8mr5154297qte.30.1492642041608; Wed, 19 Apr 2017 15:47:21 -0700 (PDT)
Received: from [10.0.20.202] (c-73-167-64-188.hsd1.nh.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id 144sm2900007qkj.35.2017.04.19.15.47.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Apr 2017 15:47:20 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <32929141-250E-44FC-BC67-2B97B373872E@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BD63AD1E-19BD-4A8D-9935-CF2D37FB4045"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 19 Apr 2017 18:47:19 -0400
In-Reply-To: <4E19A596-5B69-4535-A29A-D08874DDC365@google.com>
Cc: "opsec@ietf.org" <opsec@ietf.org>, "v6ops@ietf.org WG" <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
To: james woodyatt <jhw@google.com>
References: <55cb757e-ee2d-4818-9fc2-67d559006f34@me.com> <3E179F05-ACCD-4290-A65F-57E4202FAA15@icloud.com> <CAKD1Yr019Ga4jg6gVUHnTwh89hWArXKdAcAYEcW0m4gskrO7Ow@mail.gmail.com> <098b84a4-80d4-2404-72a1-5d1cd32a9968@gmail.com> <4E19A596-5B69-4535-A29A-D08874DDC365@google.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/UFc5bUwKEI_GjKW61ntqWOA-iO4>
Subject: Re: [OPSEC] [v6ops] ULAs [was WGLC for draft-ietf-opsec-v6]
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 22:47:26 -0000

On Apr 19, 2017, at 5:15 PM, james woodyatt <jhw@google.com> wrote:
>>> Unique Local Addresses (ULA) [RFC4193] are intended for scenarios where IP addresses are not publicly reachable, despite their global address scope. They MUST NOT appear in the default-free routing domain of the public Internet, and gateways at the boundaries of private routing domains SHOULD NOT forward packets from or to ULA addresses where multilateral transit agreements do not explicitly recognize them.

Changing the first "globally" to "publicly" isn't necessary.  Actually, I think this whole change just makes things less clear.   Publicly and globally mean the same thing.   ULAs are never globally reachable.   If you have more than one site, and route ULAs between them, the ULAs have to be routed over your private links, not over the public internet.   I get that in principle it may be possible to route your ULAs over a link that also carries global traffic and that is not "your link," but it would be better to clarify this in an additional paragraph; by adding the text where you have, you are going to confuse the heck out of any reader who doesn't know what a "multilateral link" is.

v2.23.0 | Report a Bug | By Email