IETF Logo Mail Archive

Re: [Snac] Router using Ipv6 prefix length = 67

Ted Lemon <mellon@fugue.com> Wed, 07 June 2023 13:07 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: snac@ietfa.amsl.com
Delivered-To: snac@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 861C0C1595FD for <snac@ietfa.amsl.com>; Wed, 7 Jun 2023 06:07:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GWFM7PEXdzIv for <snac@ietfa.amsl.com>; Wed, 7 Jun 2023 06:07:40 -0700 (PDT)
Received: from mail-vk1-xa31.google.com (mail-vk1-xa31.google.com [IPv6:2607:f8b0:4864:20::a31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99351C16B5D2 for <snac@ietf.org>; Wed, 7 Jun 2023 06:07:33 -0700 (PDT)
Received: by mail-vk1-xa31.google.com with SMTP id 71dfb90a1353d-45d96e87b3dso1722715e0c.2 for <snac@ietf.org>; Wed, 07 Jun 2023 06:07:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20221208.gappssmtp.com; s=20221208; t=1686143252; x=1688735252; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Dr26uvzaagU844Qx1dMD8REEf54p+yLSEg0x7XP4R40=; b=1gInIpzKyn2dCSLqtJgsOIkYRVYFUEfj1e34yX2GCIP5WrtkNi19RBLyWDtxUI3lt1 8/Kcs2BpffAlwUKJTgOKeRPF1tfJ6Xu5mgPXvownnVAKsXcGTLxcX074DidFhBAztnq2 hZ3XKSn3YVlGT3vSuqmszeFluoohsPv+Zl9NhPOHmi1swgtJ1Tc/1XHPp6vdIWIJj9I4 mlLmHPEGTuKOudIJNFibRBHE0ipn6JhRpOQ1Ed7pVwiOYXgeliePgVVjVQnITruzSiYW zyTs2guJRHOZq2t9TsKV0+wX0F8ie1TAwMw0Vc2GHrxRdxoDQeILrlZK/XkvDoUaXn7U I2Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686143252; x=1688735252; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Dr26uvzaagU844Qx1dMD8REEf54p+yLSEg0x7XP4R40=; b=HzesaLLTYhmGtdR2v4ndZyxj6qxYMCfcWXXN5H/SnjeuTJGMnObaIicgSqPmPjETvg MQjHIUUMTZFFFBSwqx072EPQPRQqNBMrGk3yLCkwuWtSkmxJec5sMgbzcnmT5PzwUcrV AQBrQdyp7/TTZ6qZxU2t2nU7tM7Hp47v1edjypV0V4b9FtbU71zIbEfIAcTlNrs4HkYZ D1GeSk6zQ1Ca89zE+l/mi6Q++elbn8GD29ZXNAvLcAqA+6kddwupFJlX8iBWYD9fpH3Y KrlqhDGeFJWJbUt8sPEgn/SjPTH/DCTVYjltindsTLYkqGETkGV0U+V6dyh4i92aYH8G wdzQ==
X-Gm-Message-State: AC+VfDxpbmVCAFU655yMDftWsAA4HcGtej5qmwUBuXstar1l9PjfewaV kTUmfjt7NAoO4+YG/aCeD3iE8rXUFDBT+n+f0JrViQ==
X-Google-Smtp-Source: ACHHUZ5lkiZaLWcSJhwd0bHVJqG4LKqUd6KStUpTJPsZzwX0c82T/+zsXd2AxLyg8R64pazvYEQjYitT7XSgIlgtKhE=
X-Received: by 2002:a67:f658:0:b0:43b:40ee:6cbc with SMTP id u24-20020a67f658000000b0043b40ee6cbcmr874020vso.21.1686143252212; Wed, 07 Jun 2023 06:07:32 -0700 (PDT)
MIME-Version: 1.0
References: <39BE8173-F4D2-4B8C-A136-A5A7F441B3BF@amazon.com> <10B44E76-01E1-4A09-881D-2228B4E07508@amazon.com> <CAGwZUDvWAnFJO4KJCyd0k_ydxzZaxEZ+D9-WXFCb_gfOHWOPwA@mail.gmail.com> <786.1686096218@localhost> <CAPt1N1mqY=Psp0NN2MRd-UA9rgECiN_y-+NVA_sq=AA6FFLzzw@mail.gmail.com> <0584129f-775d-0ff4-641c-813eca74e581@gmail.com>
In-Reply-To: <0584129f-775d-0ff4-641c-813eca74e581@gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 07 Jun 2023 09:06:56 -0400
Message-ID: <CAPt1N1nKj2sjvj7cOrUBvTsrnd9=g5Ct7mcCco4_HTHd1sEVFA@mail.gmail.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: snac@ietf.org
Content-Type: multipart/alternative; boundary="00000000000096c48605fd89d1f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/snac/D9knTuViKFneN4D-iVB1sadLs3g>
Subject: Re: [Snac] Router using Ipv6 prefix length = 67
X-BeenThere: snac@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Mailing list for discussing problems relating to the automatic connection of stub networks to existing infrastructure networks. " <snac.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/snac>, <mailto:snac-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/snac/>
List-Post: <mailto:snac@ietf.org>
List-Help: <mailto:snac-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/snac>, <mailto:snac-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2023 13:07:44 -0000

This is not the place to have a debate about whether longer-than-64
prefixes can be made to work. At the present time, if we advertise a /67, a
lot of hosts will simply not do SLAAC. The goal (at least in my mind) of
snac is to produce something that works. If/when the discussion in 6man
comes to some conclusion, and we start to see conforming deployments, then
we can revisit this, but at present I think suggesting that a /67 is usable
is, as a practical matter, simply not true. And that, IMHO, is what should
guide us in writing the current document.

On Wed, Jun 7, 2023 at 5:05 AM Alexandre Petrescu <
alexandre.petrescu@gmail.com> wrote:

>
>
> Le 07/06/2023 à 02:12, Ted Lemon a écrit :
> > I think it makes sense to have the definition of “usable prefix” specify
> > that the length needs to be 64 bits.
>
> I do not agree.
>
> A usable prefix is specified in the referred text as a prefix with a
> certain lifetime, not a certain length.
>
> If  one would like to specify a 'usable' prefix to be of length
> precisely 64 then there are potentially several RFCs that are impacted.
>
> That said, I generally agree with the WG consensus about the 64bit
> limits in IPv6 addressing, but these limits are rather more complex and
> they have a notion of time to it: today it is that way but we dont about
> know another day.
>
>  >> Otherwise this turns into a DoS
> > attack.
>
> I do not disagree that it can be interpreted that way.
>
> Put a router on a link sending a RA PIO plen 67 and so deny the service
> to the Non-Thread Matter Controller.  It's a DoS!
>
> The solution could be to secure that access to that link, i.e. have a
> key necessary before ability to send RAs.
>
> But I do not agree that because of that 67 there is DoS.
>
> Alex
>
> >
> > On Tue, 6 Jun 2023 at 20:03, Michael Richardson <mcr+ietf@sandelman.ca
> > <mailto:mcr%2Bietf@sandelman.ca>> wrote:
> >
> >
> >     I couldn't understand all of this thread.
> >     Is this WNP3000 receiving a plen=67 prefix from upstream and doing
> >     the wrong thing?
> >
> >     Or is this WNP3000 receiving a plen=64 prefix from upstream, and then
> >     splitting it up into 8 unuseable prefixes of len=67?
> >     Or ???
> >
> >     I agree that the SNAC Stub router needs to defend against unuseable
> >     prefixes.
> >     (It seems like it should be a call home and report situation, since
> >     nobody
> >     local will know what to do.  But that's not subject to
> standardization)
> >
> >     --
> >     Michael Richardson <mcr+IETF@sandelman.ca
> >     <mailto:mcr%2BIETF@sandelman.ca>>   . o O ( IPv6 IøT consulting )
> >                 Sandelman Software Works Inc, Ottawa and Worldwide
> >
> >
> >
> >
> >     --
> >     Snac mailing list
> >     Snac@ietf.org <mailto:Snac@ietf.org>
> >     https://www.ietf.org/mailman/listinfo/snac
> >     <https://www.ietf.org/mailman/listinfo/snac>
> >
> >
>
> --
> Snac mailing list
> Snac@ietf.org
> https://www.ietf.org/mailman/listinfo/snac
>

v2.23.0 | Report a Bug | By Email