IETF Logo Mail Archive

Re: [Snac] Router using Ipv6 prefix length = 67

"Collins, Alan" <alaclli@amazon.com> Thu, 08 June 2023 15:39 UTC

Return-Path: <prvs=516881429=alaclli@amazon.com>
X-Original-To: snac@ietfa.amsl.com
Delivered-To: snac@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3087AC151090 for <snac@ietfa.amsl.com>; Thu, 8 Jun 2023 08:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.594
X-Spam-Level:
X-Spam-Status: No, score=-4.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvUl2kp67oCT for <snac@ietfa.amsl.com>; Thu, 8 Jun 2023 08:39:30 -0700 (PDT)
Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 109C6C15108F for <snac@ietf.org>; Thu, 8 Jun 2023 08:39:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1686238771; x=1717774771; h=from:to:cc:subject:date:message-id:mime-version; bh=+WKLc5RUv1/bGgwNh93gYWK2SuCkTbNElrB0Oq0AG8g=; b=cCzPwpDfnqiV65t68Qg9SIxn/aibgiFSYStHHhkojACCi2SJlAFqvbj5 F1RLIEFE3nzUeKznh8W5SCMP2GLpR//QG9e5A2Gh1Bm/3A8tYFYTVmSzx Tr7libB18FBGU7oDZaoPc+TJoRep/sN4ajICMvhIylQOvBgy4+lNNObM+ E=;
X-Amazon-filename: image001.png, image002.png, image003.png, image004.png, image005.png
X-IronPort-AV: E=Sophos;i="6.00,227,1681171200"; d="png'150?scan'150,208,217,150";a="344523886"
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1a-m6i4x-366646a6.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-9102.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jun 2023 15:39:27 +0000
Received: from EX19MTAUWC001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1a-m6i4x-366646a6.us-east-1.amazon.com (Postfix) with ESMTPS id D3590A71AB; Thu, 8 Jun 2023 15:39:25 +0000 (UTC)
Received: from EX19D034UWB002.ant.amazon.com (10.13.138.7) by EX19MTAUWC001.ant.amazon.com (10.250.64.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Thu, 8 Jun 2023 15:38:55 +0000
Received: from EX19D034UWB003.ant.amazon.com (10.13.138.30) by EX19D034UWB002.ant.amazon.com (10.13.138.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Thu, 8 Jun 2023 15:38:54 +0000
Received: from EX19D034UWB003.ant.amazon.com ([fe80::9a47:296b:f13a:e721]) by EX19D034UWB003.ant.amazon.com ([fe80::9a47:296b:f13a:e721%6]) with mapi id 15.02.1118.026; Thu, 8 Jun 2023 15:38:54 +0000
From: "Collins, Alan" <alaclli@amazon.com>
To: "snac@ietf.org" <snac@ietf.org>
CC: Gabe Kassel <gabe@eero.com>
Thread-Topic: [Snac] Router using Ipv6 prefix length = 67
Thread-Index: AQHZmh9UQDhGvgBNIkmOPimRv/hhpQ==
Date: Thu, 08 Jun 2023 15:38:54 +0000
Message-ID: <6B9F7642-2FB0-420A-9ADA-59A3BDEF7276@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.7.149.87]
Content-Type: multipart/related; boundary="_008_6B9F76422FB0420A9ADA59A3BDEF7276amazoncom_"; type="multipart/alternative"
MIME-Version: 1.0
Precedence: Bulk
Archived-At: <https://mailarchive.ietf.org/arch/msg/snac/ltPGM_4e6pseFgrxfiCsteugN-4>
Subject: Re: [Snac] Router using Ipv6 prefix length = 67
X-BeenThere: snac@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "Mailing list for discussing problems relating to the automatic connection of stub networks to existing infrastructure networks. " <snac.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/snac>, <mailto:snac-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/snac/>
List-Post: <mailto:snac@ietf.org>
List-Help: <mailto:snac-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/snac>, <mailto:snac-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 15:39:34 -0000

Hello everyone.

                Thank you for looking into this. I agree with the defensive strategy to remove ambiguity on the “usable PIO”. FYI, we confirmed the RA with PIO /67 was coming from backend router.

There is another scenario from old models e.g. Arris TG1682 which enabling IPv6 support defaults an empty prefix, which waterfalls into getting OTA icmvp6 RAs with ::/64. Then, SLAAC comes back with: inet6 addr: ::f603:2aff:fe66:c090/64 Scope: Global ,  - snac could also include it in the upcoming improvement.


[cid:image001.png@01D999E4.A57260B0]  [cid:image002.png@01D999E4.A57260B0]  [cid:image003.png@01D999E4.A57260B0]

Cheers,
Alan Collins


From: Esko Dijk <esko.dijk@iotconsultancy.nl>
Date: Tuesday, June 6, 2023 at 4:09 AM
To: Jonathan Hui <jonhui@google.com>, "Collins, Alan" <alaclli@amazon.com>
Cc: "snac@ietf.org" <snac@ietf.org>, Gabe Kassel <gabe@eero.com>
Subject: [EXTERNAL] [UNVERIFIED SENDER] RE: [Snac] Router using Ipv6 prefix length = 67


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Hi,

On the requirements in RFC 7084 Section 4.3: specifically this is about requirements 2 and L-2 if I’m correct.

On RFC 2464: this has been obsoleted by RFC 4862. See Section 5.5.3 which has this requirement:

      If the sum of the prefix length and interface identifier length
      does not equal 128 bits, the Prefix Information option MUST be
      ignored.  An implementation MAY wish to log a system management
      error in this case.  The length of the interface identifier is
      defined in a separate link-type specific document, which should
      also be consistent with the address architecture [RFC4291<https://www.rfc-editor.org/rfc/rfc4291>] (see
      Section 2<https://www.rfc-editor.org/rfc/rfc4862.html#section-2>).

So per this requirement the host would ignore the PIO /67 and not use it for SLAAC on Wi-Fi.

Agree to clarify the usable PIO to include the prefix length. Maybe it could refer to RFC 4862 5.5.3 for the exact requirements because that has quite some detail.

Regards
Esko

From: Snac <snac-bounces@ietf.org> On Behalf Of Jonathan Hui
Sent: Tuesday, June 6, 2023 00:25
To: Collins, Alan <alaclli=40amazon.com@dmarc.ietf.org>
Cc: snac@ietf.org; Gabe Kassel <gabe@eero.com>
Subject: Re: [Snac] Router using Ipv6 prefix length = 67

Hi Alan,

Thanks for sharing this information.

It seems the Netgear WNP3000 is not conformant to RFC 7084 Section 4.3<https://datatracker.ietf.org/doc/html/rfc7084#section-4.3> and RFC 2464 Section 4<https://datatracker.ietf.org/doc/html/rfc2464#section-4>. That said, I think it makes sense for the stub router implementation to be defensive in these situations and include prefix length in the definition of a "usable prefix".

As for spec text, draft-ietf-snac-simple-01 Section 5.1.1 already states:

   IPv6 addressing is considered to be present on the link if a usable
   on-link prefix is advertised on the adjacent infrastructure link.  A
   usable on-link prefix is a prefix advertised on the link that has a
   preferred time of 30 minutes or more, is marked on-link and allows
   autonomous configuration.
One could argue that "allows autonomous configuration" already covers this requirement, given that RFC 2464 Section 4 states:

   An IPv6 address prefix used for stateless autoconfiguration [ACONF]
   of an Ethernet interface must have a length of 64 bits.

If we wanted to make a change, we could add some clarifying text like:

   A prefix that allows autonomous configuration includes having the PIO
   A-flag set to 1 and required prefix length for the given link.

Thoughts?

--
Jonathan Hui



On Sun, Jun 4, 2023 at 10:33 AM Collins, Alan <alaclli=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>> wrote:

Hello Ted, Jonathan.

                We have multiple test setups testing Matter over Thread back-to-back pairing while connected to infrastructure using different (hundreds) of Wifi AP with default settings. The setup:

[cid:image004.png@01D999E4.A57260B0]
Recently, while using Netgear WNP3000 , the Matter pairing failed. The non-thread matter controller is not getting an IPv6 global address, so even that the routing table contains the prefix to reach into the Thread BR, the IP stack does not allow it without a global IP of its own.

Thread BR is only sending icmpv6 RA with RIO. The PIO is not included because there is another router in the network already sending PIO.
However, since that PIO has length = 67, the non-Thread matter controller won’t use it to create a global IP. It’s not even sending NS for DAD.

[cid:image005.png@01D999E4.A57260B0]

We think the abnormal ipv6 PIO prefix RA is from the backend Cisco OUI MAC address. We are investigating.

However, this opens an opportunity to create a more robust behavior from Thread BR, to add more logic into processing the existing PIO before deciding not to send a PIO of its own.

Thank you in advance for looking into this.

Cheers,
Alan Collins



--
Snac mailing list
Snac@ietf.org<mailto:Snac@ietf.org>
https://www.ietf.org/mailman/listinfo/snac

v2.23.0 | Report a Bug | By Email