Re: [Snac] Should a stub router learn RA header parameters from other routers?
Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 08 September 2023 12:02 UTC
Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: snac@ietfa.amsl.com
Delivered-To: snac@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AC2C151064 for <snac@ietfa.amsl.com>; Fri, 8 Sep 2023 05:02:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12qovhxZiFow for <snac@ietfa.amsl.com>; Fri, 8 Sep 2023 05:02:14 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2100.outbound.protection.outlook.com [40.107.7.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F4C7C151062 for <snac@ietf.org>; Fri, 8 Sep 2023 05:02:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fPf9giYdaDSJ4lcOu6m/AxySKN6YX7VOjEeWP3cAXRrN8peTnYM5Rkr8/nDfRpmleF5t0NFrj8TQGOTSavPGrsXtF85xS7HxqJYIhtpzsWe2VXahfNyE9Bed6DwnUC3lwHwHkAX+v3/8iQhoSXVotuzgnqM0hCwb5ylfCXYQ0XzZ3nsQ0yq8qs7K2cqsPYyv/+A6xIvNW+G0TdlvlemZPlFUL4WtWKYXlzcW1NnuQQQJWDnBVhw1unUeXYW25cYfCjKdyqfR/8rUMukh12TE/anc6NbkXMxLIka6Tc3fWfp+nJAL/oeJYHG7HHzoqt8RWjXqUFXCdwFyqBObgUuN6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0JUN0P0MUBnOLaymMP0XLXNrMocm9JEuEuHxTJ26sKM=; b=cU1ATIZu5dblvEtle7P4Y/ah+GYJPvg8Wj9jWBQnHUdD1xR3vaJEY5ke2rdzuQeQk2hH4CX7kbIbfbjJERYKJrg0YGFrE8Rje/B0bZ1MR6jLY2BwccCMkar+WkZcVMq+EC2UTf6AaCM9ngM4eDvY/roBF4r3qtPBXzq4k2CTVdcd8EqzoZ66vR+Teom37NXnGYwH8I5vUBi55MrVvqxRuIkppJ2E9HnxViMXlo0T9f+CUwikjKaxVlKwX5iJ29RJ9KDDikUn0JVkB3cXZEPqx605LRm/udXK5hmIhPZcdN5414f+UbzpqdAeI7O267PUHW36mWNeRCEc6UKKUJFkKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0JUN0P0MUBnOLaymMP0XLXNrMocm9JEuEuHxTJ26sKM=; b=lhqBo3ovq7tKVbyU3jeclio1CtUt+OFmVPJz0jaKVpL3TMPRSq7qyuH/SJwOD+3RaLWQaQM0lpO3SmtIMFvB1zfsTLQJE9I6F5O159xkKWIN+69QFhD08StEBq+UBWU45lXEsBzBwflzlmo6HKo3vRieQC540Wbh4zA9DaxakPw=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by PAXP190MB1471.EURP190.PROD.OUTLOOK.COM (2603:10a6:102:1c7::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6768.30; Fri, 8 Sep 2023 12:02:08 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::6cab:dca2:fbc5:20d9]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::6cab:dca2:fbc5:20d9%3]) with mapi id 15.20.6768.029; Fri, 8 Sep 2023 12:02:08 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Lorenzo Colitti <lorenzo@google.com>, Ole Trøan <otroan@employees.org>
CC: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Ted Lemon <mellon@fugue.com>, Juliusz Chroboczek <jch@irif.fr>, Michael Richardson <mcr+ietf@sandelman.ca>, Handa Wang <handaw@google.com>, "snac@ietf.org" <snac@ietf.org>
Thread-Topic: [Snac] Should a stub router learn RA header parameters from other routers?
Thread-Index: AQHZ1xWC0tY0qgFCHkCUs7uR8hT5X6/823IAgAI1ooCAASbCAIAAHj4AgACDOICAAKj6gIAMRPwggAARBgCAAAqwgIAADlOAgAAIowCAAAwvAIAAA80AgAABXYCAAAWdAIABpuIAgAALNoCAAAgHgIAAfh6AgAA1G4CAABOYgIAAA/QAgAADWACAABV3gIAAE6AAgAAjcAA=
Date: Fri, 08 Sep 2023 12:02:08 +0000
Message-ID: <DU0P190MB197862806587636C334E4582FDEDA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <CAKD1Yr13yWJC+rcihxCeyvX+eWc41gomY=ribqDnEPZwEOkvpg@mail.gmail.com> <1FE18755-2B37-4183-9D76-3F1E607FEB6B@employees.org> <CAKD1Yr20a_hoO8mpB8Eba4i8oW9Q_V9-sRUm=gCAfycV472wgw@mail.gmail.com>
In-Reply-To: <CAKD1Yr20a_hoO8mpB8Eba4i8oW9Q_V9-sRUm=gCAfycV472wgw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|PAXP190MB1471:EE_
x-ms-office365-filtering-correlation-id: 9e2ffa26-5320-4db6-f68c-08dbb0636d29
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: S2ylDjchwuXWv6PMtfbSfP4KQHsWzlIA8ka8cBfTiXduBhMoP9LkFI03pMGX/wvRQWGzMK0ZYIE2KmdENH7GOWmRw2pAt1oKsYAcVxJ9JmyFLF+N6AGC9fqqzTT2YGpc9u6PoK2vDOZcwOf9ksWVkIJLGrBIjTMHHjOq6xX7sGGcOiYdHGAjEINqqEM4iU9CfUgDkAuB+HZrPO7g8uvYY1EMnI7FxVH7VQK9ODqLFkAIhbyNGDCCGNTfk/SHYhDJ5IGjerDG7EWEjIBp4UZ/zadtPRTrfqR+BzitH8NzHXdSyR0ijds0EaN9C2bun+hJCD1yDjua3DKfHQhXayShxFlYeHdDtkeFWhzWqLKiVjjggaWgfqJiW9v+AodK7ll+zrFBMwNITekQAm8qIVhGABiIrs/bDIBaLMNl36Udn6a5EtwcPwux5KXeWTAp6TNQX0nDeAd3vBhW5kYXJLHRW1YlSJho11qkxfR8P1KwLaKP9ABiqaWtoywEAJBvbjfsq6TaPdbQl8N2JEmG6uWM1da+epnBII2earYFAwqkrVVziJ6bj+dBLjyUMFIr+SoHAh7Jy5jQ62rl5A4XRCrcroJUsnmbdhEFgIudfPyTr5Bm2SotwT72pWpEht3eX6jd
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(39830400003)(366004)(346002)(376002)(396003)(136003)(1800799009)(451199024)(186009)(71200400001)(7696005)(6506007)(53546011)(9686003)(478600001)(41300700001)(83380400001)(66574015)(26005)(2906002)(44832011)(66946007)(66476007)(54906003)(316002)(64756008)(66446008)(66556008)(4326008)(76116006)(52536014)(110136005)(5660300002)(8936002)(8676002)(86362001)(33656002)(55016003)(38100700002)(38070700005)(122000001)(66899024); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4+BYimv5zm4rX62Hu9u/lR+X9rgakT9sMUPK71n8+bFF4QxmT5WZf0Vv12YzCw9MZYf961O2NUHgUB4OlSC+tyQRO5dGZyDwtIFshA5dS58caKcfL58tkus9zUn/reZlhcWEt3GZeEBy/NO7fY1zkLpfrUhRWewxZ8ATJIY8gktvbEr/CQy3TCCVID1duJQR0cuaGMiftjekKLmWHpqXX+ovmfVlbQwFjaEbFicNK1ymjJ/BXFt6nbeQb7UHHD9n7uckRwt1OuOa5FAlWJt5OQ/KvwREW2YaeOGSTwrshbMCuppOVcvqsLPaRS95n8GXWJNlZiX91BqeW5HTyS15ljL0zZtnevLl/Sk9fDFxVQ54v70cK3X3DomHZToLX6gKAUJV741zJqS9+JAyYlAym3A7eX+CnJgMNnaZlJCZUUYgSiX3f5Hk6VUO6vsE9hgmBa5zW5ze3Khv++LYVpjqoz6WnLfAZsGgCr+8n1yoek1NTFl9HwXz9pp6g7gcDvNk2KNciTdYuY4eNzCHdO89E84P0hE4f1HhilS0za/VcIEUi36QkaN6NxZtfwkusKxSeNRCmJjCxM2w3ZUTaHUoJMbITgQdcOPUo6NsKRhulTB0z6BwwZfkRmZ0wxRLHT9BH4AMfwdzmh0GMNgUrRxuPmcjYYthLHiasVOLr0Dcy6RfbuIh4PdQPC53lLOFxDRyd0eWC0H//pT+SnAIfd3VdV3NUv/O05EdsFW5jvuqWjsOP//A57eGNxDu5Vpqji8COOzUVby9bwbP8LlhAwpEOMrFWEjTR8f+ZNJPVwJTxGjxaUcNiAkSpZ5pqu8it83OIs0b3IkF5kia5jX9vF0YsLQy1EadWw3a2JhoQK4vGkYr1MRwev2Zn4ZNJkDtyH+t9rkVHWDTskceNKkjeEOpGoTejZXMjzJ+pvI5XcaAyeVqXu/V7xHPFzmUIGjHRu3w5m8btTuzxjlEKve7XXbkXLKVXgW5rL7jK4578zWo9jnOVPRsDKsGKrnggV9drSxpUgus4nodBPTb1t2Z/l9BHRfDfGbJSmUVPL8woPQxKhxevECbRHdScSUzwBjX8iTf0OzXkV/kM4VhQJEXH3HFXiw5tuRjEUEZK/z9zLcNvUiAFhYa4yrsh4lbmOJE/8I6tg0+RDkP/QBFVSjkc7OJ739IE9u6ogQWK+P1nodKClnulW3NMPT1wciG/6EO/AJkTXvB+qmUBTg9K1oVukIs51xN5IkKbUFQrUh9nQgbQXjEXL2CDJqTE4YgLd5F0iIXPMiRFunPrhgLuF7jEfbQuYp3AZbYN38UYUJbhC8L16n978KTXnP7cieWLeCImxIksLK6RX3zoNZfsQ99Fkgz1YpbbWS78GaHMbItKDfm0vieyGU01b7Zz464cRB00G8Z1jJAXq/CPA4JRA9GkxWVl8JtnK9PtBrSTUT2jrG219dqIFgiZRyuFgATFvFjxRlKUg0XUwubVRN0l93WA/jbAF5dVfp/UgYEwgeZJilHS+JPp2fXtFlTU64Si2NHcxAt86vL7/p6QeKOsQAz8jRmceygMg//1OPGyzZdiUGYX1jP1pepT/DXKOs8axK+O3Hk
Content-Type: multipart/alternative; boundary="_000_DU0P190MB197862806587636C334E4582FDEDADU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e2ffa26-5320-4db6-f68c-08dbb0636d29
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2023 12:02:08.2759 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: o29dybCe1nXbUHZgg0mndEkn8nEGE8z43QVRxAibI0wJocv4tnGPDXfNM2ZnBU9hW6+TwbhDtCtCD8sQjdS+COGeAxhNbIypxs/yjWOE8MQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP190MB1471
Archived-At: <https://mailarchive.ietf.org/arch/msg/snac/q5hZdvzX_s4iCjoKjgg2B0eD8MQ>
Subject: Re: [Snac] Should a stub router learn RA header parameters from other routers?
X-BeenThere: snac@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Mailing list for discussing problems relating to the automatic connection of stub networks to existing infrastructure networks. " <snac.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/snac>, <mailto:snac-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/snac/>
List-Post: <mailto:snac@ietf.org>
List-Help: <mailto:snac-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/snac>, <mailto:snac-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 12:02:19 -0000
Taking one step back – I just tried to summarize SNAC stub router scenario archetypes; both good and bad. Of the below it seems that only scenario 4 is now discussed as having a risk of breaking the network, correct? 1) Non-expert home user connects stub router to own unmanaged home network; it magically works and provides IPv6 stub/AIL routing – no matter whether user’s ISP offers IPv6 or not. 2) Ignorant employee brings stub router to work and plugs it into well-managed network; companies’ IT network magically protects the network from ill effects (RA guard, and/or port-based access control, … ) 3) Ignorant employee brings stub router to work and plugs it into unmanaged (IPv6) network; nothing bad happens - there’s already a PIO prefix with ‘A’ on the AIL 4) Ignorant employee brings stub router to work and plugs it into not-so-well managed DHCPv6-only network; stub router sends RA PIO; many hosts on the link now autoconfigure a ULA which somehow breaks connectivity for these existing hosts. 5) Ignorant network admin connects stub router to company network without changing the default settings; then it becomes similar to 4. This case is btw probably out of our scope to solve and could be solved by the mantra “don’t do that then”. (The stub router is only intended for case 1, but of course the stub router cannot tell apart cases 1,4,5.) +1 on clearly defining the possible breakage scenarios. E.g. some devices may not configure multiple addresses and get stuck with a ULA only? Or known issues with source address selection; IPv4 interactions, etc. in presence of ULAs. When doing this the Type A, B and C IPv6 hosts may also be considered. If we find no issues then we may also state this in the draft in an Appendix – what was considered, and why it isn’t a problem. Esko From: Lorenzo Colitti <lorenzo@google.com> Sent: Friday, September 8, 2023 11:38 To: Ole Trøan <otroan@employees.org> Cc: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>; Ted Lemon <mellon@fugue.com>; Juliusz Chroboczek <jch@irif.fr>; Esko Dijk <esko.dijk@iotconsultancy.nl>; Michael Richardson <mcr+ietf@sandelman.ca>; Handa Wang <handaw@google.com>; snac@ietf.org Subject: Re: [Snac] Should a stub router learn RA header parameters from other routers? On Fri, Sep 8, 2023 at 5:28 PM Ole Trøan <otroan@employees.org<mailto:otroan@employees.org>> wrote: I am not OK with a SNAC router connecting to an existing IPv6 network and breaking it. If you can elaborate on the type of breakage you are concerned about, then we can discuss it and possibly design for it. FWIW, just the fact of the hosts getting new addresses does not qualify as breakage IMO. All IPv6 hosts have multiple addresses and source address selection generally gets hosts to do the right thing.
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- [Snac] Should a stub router learn RA header param… Handa Wang
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Juliusz Chroboczek
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Juliusz Chroboczek
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Juliusz Chroboczek
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Juliusz Chroboczek
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Ole Trøan
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Ole Troan
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Ole Trøan
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Juliusz Chroboczek
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon
- Re: [Snac] Should a stub router learn RA header p… Michael Richardson
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Juliusz Chroboczek
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Lorenzo Colitti
- Re: [Snac] Should a stub router learn RA header p… Esko Dijk
- Re: [Snac] Should a stub router learn RA header p… Ted Lemon