IETF Logo Mail Archive

Re: [Pppext] new draft published: draft-vautrin-6man-ipv6-mlppp-id-00.txt

James Carlson <carlsonj@workingcode.com> Mon, 16 August 2010 19:59 UTC

Return-Path: <carlsonj@workingcode.com>
X-Original-To: pppext@core3.amsl.com
Delivered-To: pppext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 837E83A6A81 for <pppext@core3.amsl.com>; Mon, 16 Aug 2010 12:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIlc7wOUuUF5 for <pppext@core3.amsl.com>; Mon, 16 Aug 2010 12:59:14 -0700 (PDT)
Received: from carlson.workingcode.com (carlsonj-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1d9::2]) by core3.amsl.com (Postfix) with ESMTP id 4D2823A6A93 for <pppext@ietf.org>; Mon, 16 Aug 2010 12:59:14 -0700 (PDT)
Received: from [10.50.23.149] (gate.abinitio.com [65.170.40.132]) (authenticated bits=0) by carlson.workingcode.com (8.14.2+Sun/8.14.4) with ESMTP id o7GJxkP9015598 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 Aug 2010 15:59:46 -0400 (EDT)
Message-ID: <4C6998B1.5060908@workingcode.com>
Date: Mon, 16 Aug 2010 15:59:45 -0400
From: James Carlson <carlsonj@workingcode.com>
User-Agent: Thunderbird 2.0.0.22 (X11/20090605)
MIME-Version: 1.0
To: Olivier Vautrin <ovautrin@juniper.net>
References: <4C659616.3070304@workingcode.com> <4C659EB9.4050405@workingcode.com> <84600D05C20FF943918238042D7670FD36D7087F7A@EMBX01-HQ.jnpr.net>
In-Reply-To: <84600D05C20FF943918238042D7670FD36D7087F7A@EMBX01-HQ.jnpr.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-DCC-sonic.net-Metrics: carlson; whitelist
Cc: "pppext@ietf.org" <pppext@ietf.org>, "blourdel@cisco.com" <blourdel@cisco.com>
Subject: Re: [Pppext] new draft published: draft-vautrin-6man-ipv6-mlppp-id-00.txt
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pppext>, <mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>, <mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2010 19:59:15 -0000

Olivier Vautrin wrote:
> Hello James, thanks for your feedback please see below.
> 
> Yes, I think this document should be a WG document. I thought 6man WG would be the right place, but I guess PPPext WG makes more sense.

OK; thanks.  Consider it done.  You'd need our group's approval anyway
to modify the IANA registry for the new E-D Class value.

>> - Some IPv6 addresses are probably not as suitable for use as others.
>> In particular, using a link local is unlikely to be a good idea because
>> of the greater risk of duplication.  We glossed over this issue with
>> IPv4 in RFC 1990, mostly because link-locals are so 'rare' there, but
>> it
>> seems more important to call out in the context of IPv6.
> 
> [Olivier - ] Yes, a unique Ipv6 address should be used. But in the IPv6 case, the link-local is very rarely non-unique as it is supposed to use the Interface-ID which is usually a unique ID. Perhaps we could just say that it would be the responsibility of the operator to use unique Ipv6 address without more details?

For IPv6, the only operational uniqueness requirement is that the
address is unique on a given subnetwork.  Since one of the main things
we're trying to do here is distinguish unrelated remote systems -- ones
that may well be on completely different networks -- there's not as much
that guarantees it.

Yes, I agree that "most" link-locals are created using EUI64 values and
are thus guaranteed to be unique.  However, I do know of at least one
virtual server solution that conjures up link-locals out of thin air
(and that thus relies on DAD to do the rest).

Anyway, what I was suggesting here was text of the form:

  "Using a statically-assigned global IPv6 address to form this
identifier is RECOMMENDED."

>> - A "privacy" address, or any other "changes frequently" address, may
>> be
>> a problem operationally.  If a PPP system establishes one link, and
>> then
>> later (perhaps on demand) establishes another link that's intended as
>> part of a bundle, that second link will need to use the same endpoint
>> discriminator.  If the address has changed, the bundle will fail.
>> Implementations likely need to "sample" a locally-available IPv6
>> address, and then keep using that address for all future links until
>> the
>> bundle itself is terminated -- regardless of the current status of that
>> address on the system.
> 
> [Olivier - ] - I guess this issue exist also on IPv4. Do you think this draft is the right vehicle to clarify this for both IPv4 and IPv6?

The privacy extensions (RFC 4941) are a bit different, and don't appear
to apply to v4.  In the implementation I've used (Solaris), the v6
addresses with privacy enabled change fairly frequently, and would
represent a significant challenge to use with this mechanism.

There are two underlying suggestions here:

  1. If the address is known (for whatever reason) to be one that might
     vary over time, then it'd be less preferred for use here than one
     that doesn't (or isn't expected to) vary.  (This is the same issue
     as above; static global would be best.)  That's not to say "can't
     use" autoconf or some other address, but if you have something
     more stable, and you know the difference, it'd be good to choose
     that.

  2. Implementations that may see addresses come and go should consider
     choosing an address to be used when the bundle head is created,
     and continuing to use that same address until the bundle head is
     torn down.  They should do so regardless of the state of the
     address itself on the machine; if the address is deprecated and
     removed, that should not affect the bundle head using it for
     identity.

The same issue, more or less, could apply with IPv4, but in practice
does not.  The systems that use an IPv4 identifier are typically ones
that have a static IPv4 address.  There are just more viable options
with IPv6.

For others, where the address may end up wandering between systems
(e.g., DHCP), it would probably be unwise to use either feature, and the
existing magic number block or even opaque identifier might well be better.

As a deployment note, this draft relies for interoperability with
existing implementations on the idea that a well-designed RFC 1990
system will treat all classes (and associated data) as effectively
opaque and will not attempt to "validate" the peer's reported class
number, except in comparison to other E-D data during bundle formation.
 One benefit of adding and deploying this feature is that it may end up
identifying implementations that are not that robust.

Bottom line, though, is that I was asking you to consider adding some
advice for implementors, not insisting that you do.  If you feel it's
truly unnecessary to do that, I'll just shrug and go along, because I
don't think these are substantial issues.

-- 
James Carlson         42.703N 71.076W         <carlsonj@workingcode.com>

v2.8.7 | Report a Bug | By Email