IETF Logo Mail Archive

Re: [Stackevo] draft-thomson-use-it-or-lose-it

"Aaron Falk" <aaron.falk@gmail.com> Fri, 10 August 2018 15:32 UTC

Return-Path: <aaron.falk@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08292130DE2 for <stackevo@ietfa.amsl.com>; Fri, 10 Aug 2018 08:32:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8HDerL5ehAX for <stackevo@ietfa.amsl.com>; Fri, 10 Aug 2018 08:32:55 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B85012785F for <stackevo@iab.org>; Fri, 10 Aug 2018 08:32:55 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id 126-v6so6623714qke.5 for <stackevo@iab.org>; Fri, 10 Aug 2018 08:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:embedded-html; bh=hBxrrtMlFZz4SfXh+/yUYsrzd0jw4fKxEczNboN0lAw=; b=b/+3rdRlSVUwsIyziNJZXz+DqpawSFToGr7EgGT1XXgWAh++Gbd1OjA4YmJlb4bhhT 0JR1oebudh1FQGadecHhQdBc4mW+yIoDsAxTxJ/+vNx96ze9Ly6oiYV8jUWbubM7NRFG T5pQBcyo2u73rEJs+hNZjGCMz1deDzi5Uud3Tok4vqz6TN/GH4TzJveAYxHKo9U9d0Bw LP86Un1Rc9T5CH04GZJ1K3n57QhiZJHFIlUKn7exhYbumKYr3nwii4uJhi/iOaEuvq9V D9P+8FrqxbrdN99g36MYdwX0dFV6mKcwM9LdhlKaUN3lCe6rLEpwNexEbbiLfp9epKqp nkEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:embedded-html; bh=hBxrrtMlFZz4SfXh+/yUYsrzd0jw4fKxEczNboN0lAw=; b=HQKTsAd6n1hXHDDSGzubKZ+4azAhVgPFjp75vUMETJ821tr+ZrU0tk8wjkcqizPHk8 zeLi8/BwvUO24FgYSTWeoyXGe35sHNG0boXugCZahiqOc8QWs6akdt4W9464wLaRpJkZ wJC+aFYdROi+ee7t638F/HmNAlTMX8kt1hS6tH6EAoJY5SQjYuAr3ODcdQqQtzCmNKKz URfS/G4EBuGruXXtWrUxtzkfFUSELlQ/3HHnoAwrTV2qoQL5IGFhWoE9FwlwEx1y+wZL 5uPNk0OtiF3icwblaUMJ++P2mLR443vEAHeWIQIu8ywmEy0nsuQMZDn7uZ3ub5AMwOkM itVg==
X-Gm-Message-State: AOUpUlFr4EG0FKv9Kiyv3ek7PvK87QzQHqH3/GSIWU66jX8NPICIQK/v VboQWnzvYZkxcPUeWvDsr9k=
X-Google-Smtp-Source: AA+uWPwcEysBd+Kl5/lNBQME4FdJPbDP3GdGdOskPeH0DkC1TpJ0eDbBv+cWXiRdVAO7NJ2MCg3ZAg==
X-Received: by 2002:a37:4c85:: with SMTP id z127-v6mr6513717qka.302.1533915174070; Fri, 10 Aug 2018 08:32:54 -0700 (PDT)
Received: from [172.19.42.116] ([2601:184:4980:a321:8da6:d40b:9671:973]) by smtp.gmail.com with ESMTPSA id 192-v6sm5307092qkf.74.2018.08.10.08.32.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Aug 2018 08:32:53 -0700 (PDT)
From: Aaron Falk <aaron.falk@gmail.com>
To: Eliot Lear <elear@cisco.com>
Cc: Eliot Lear <lear@cisco.com>, Lee Howard <lee@asgard.org>, stackevo@iab.org
Date: Fri, 10 Aug 2018 11:32:51 -0400
X-Mailer: MailMate (1.11.3r5509)
Message-ID: <4B5F9F0A-9CDB-43BB-8BF3-3CFCD0EEE28A@gmail.com>
In-Reply-To: <88143B3D-2EC1-4E7D-96E2-5B7FA390131D@cisco.com>
References: <991AD90C-A84A-4302-BB25-C5FAB33C8E80@trammell.ch> <3C07107C-D373-4E4B-ABBA-B025AC3A7B2A@tik.ee.ethz.ch> <CABkgnnXyNAHHTCx_pWtuNdQmFkSjt2b+ytGr7G636-_VtG6mTA@mail.gmail.com> <4FD6FAB0-8C32-4FB8-8836-3538A6B463BF@tik.ee.ethz.ch> <CABkgnnVFZwvztZc9Qy=oJ0+pvchSoiVShKd1AhEJVD5G9UU_XA@mail.gmail.com> <2c74043e-ee37-694e-b850-ee52c9336453@cisco.com> <CABkgnnXHUEqVckcaHKSPEakdHSawUXW7XSSZ1Ah_9ReheH+Tcw@mail.gmail.com> <7e79337f-ab27-91b7-44c1-a836ef6dad43@cisco.com> <2394AB68-7548-4B8E-82C6-527E42B88121@trammell.ch> <696ed03c-7e33-47f3-3b1d-ddcfa9e793bb@asgard.org> <54006E7A-BC72-4ECC-9019-D223575EF844@gmail.com> <0019f38b-8909-205c-a9c2-022f4c99940a@cisco.com> <CAD62q9WqhCAKXzVAmwDgS6QKAEvjOMf0zuyffBzuA8rK5v9KpA@mail.gmail.com> <88143B3D-2EC1-4E7D-96E2-5B7FA390131D@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_D9413FDC-D677-4F32-9B93-EE063256F534_="
Embedded-HTML: [{"HTML":[596, 11807], "plain":[217, 8959], "uuid":"4BC8D75C-659B-4025-A886-8C457ABD3834"}]
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/d_8kpkG7-otCs1JPYbsHCRymwHs>
Subject: Re: [Stackevo] draft-thomson-use-it-or-lose-it
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2018 15:32:59 -0000

I can't tell from the descriptions whether anyone confirmed then or 
recently whether there's a problem there.  I'm thinking this might be a 
MAPRG topic.

--aaron

On 10 Aug 2018, at 0:52, Eliot Lear (elear) wrote:

> I know that 240/4 is not assigned to anyone still...
>
> Eliot
>
> On Aug 10, 2018, at 00:46, Aaron Falk 
> <aaron.falk@gmail.com<mailto:aaron.falk@gmail.com>> wrote:
>
> So it's been 10 years, that's a long time in Internet years. Think 
> anything has changed? Is anyone measuring the ground truth?
>
> On Thu, Aug 9, 2018 at 18:39 Eliot Lear 
> <lear@cisco.com<mailto:lear@cisco.com>> wrote:
>
> Hi Aaron,
>
> On 09.08.18 23:38, Aaron Falk wrote:
>
> I'm missing some context for this thread. Sounds like Class E isn't 
> routable because some routers don't expect it. Is this close? Can 
> someone provide a cite?
>
> This came up, I think, in the opsawg, almost a decade ago.  There was 
> a draft, and there were concerns both that routers wouldn't expect it, 
> and that some firewalls would not handle the behavior correctly.  Dave 
> Thaler made that point, as I recall.  The draft to open up that space 
> died pretty much on first presentation due to those concerns and the 
> time that would be needed to diffuse any changes such that people 
> could reliably use the space.
>
>
>
> Is it worth measuring? I understand the point that finding more IPv4 
> space is kind of irrelevant given the growth of the Internet but there 
> may be good reasons to have it and worth knowing how bad the problem 
> is and whether it is getting better.
>
> --aaron
>
> On 7 Aug 2018, at 11:51, Lee Howard wrote:
>
> Demand for IPv4 addresses in the years leading up to IANA and RIR 
> exhaustion rose to 15 /8s per year. (see, e.g., 
> https://www.nro.net/wp-content/uploads/NRO_Q4_2012.final_.pdf slide 
> "IPv4 Address Space Issued"). The effort required to make the 15 /8s 
> of Class E available didn't seem (to me) to be worth the effort, and 
> in fact risked worse Internet fragmentation since there would be no 
> way to know when "all" routers could route the space.
>
> Economically, losing Class E did not affect the IPv4 supply curve, 
> except by moving it sideways a year. $5 billion USD might seem like a 
> lot, but if the choice is Class E plus NAT (to reach things that don't 
> speak Class E; how would you know when to NAT?) or IPv6 plus NAT (to 
> reach things that don't speak IPv6), the latter leads to a less 
> fragmented Internet.
>
> 100.64/16 (rfc6598) probably could have come from Class E, though, 
> since all affected devices would be under single administrative 
> control.
>
> More specifically to the question:
> I think in the 1990s enough people thought there might still be 
> interesting experiments in Class E, and that IPv6 was still going to 
> be deployed before address family fragmentation, that we could not 
> have reached consensus on reclassifying. In the 2000s, it was too 
> late--we only had 12 years before we would need it.
>
> A final thought: I don't know if it would have messed up anyone's 
> architectures to have IPv4 unicast address space (Classes A, B, C, E) 
> split by IPv4 multicast address space (class D).
>
> Lee
>
> On 08/07/2018 04:26 AM, Brian Trammell (IETF) wrote:
>
> hi all,
>
> One thing that strikes me both about the 240/4 space (and, indeed, 
> other below-the-application examples like IP options and TCP options) 
> is that the ossification here took a *very* long time to happen. It 
> seems to me that this document should try to capture that somehow, but 
> I'm not sure how.
>
> Digging into this example:
>
> All that 791 (September 1981, 36+ years ago) says about Class D/E 
> space is:
>
> "The extended addressing mode is undefined.  Both of these features 
> are reserved for future use."
>
> 988 (July 1986, 32 years ago) updates this with the equally useful:
>
> "Class E IP addresses, i.e. those with "1111" as their high-order four 
> bits, are reserved for future addressing modes."
>
> Neither 1519 nor 4632 (CIDR) mention class E addresses at all.
>
> An open question here: at what point would it have been possible to 
> revise this "reserved for future use" in a meaningfully deployable 
> way? Much of the discussion on ossification and greasing in QUIC 
> assumes "never", essentially that undefined and unexercised bits (like 
> all 0xfXXXXXXX IPv4 addresses) are dangerously underspecified and will 
> accrue middleboxes (I still like that image) as quickly as an 
> unpatched Win98 machine would get owned on the open Internet during 
> the Age of the Great Worms.
>
> For class E, it seems to me that there was probably a window (before 
> most of the core routers were primarily ASIC-based) that a change in 
> use could have been rolled out in an uncoordinated way. And much of 
> the difficulty of doing anything with the space now is linked to the 
> fact that the implementations of packet forwarding that will choke on 
> class E addresses are (1) often implemented in hardware and (2) 
> replaced on a 10-year depreciation cycle, if (as is the case with lots 
> of end-network NAT boxes) ever.
>
> (An academic digression into economics: the current value of the class 
> E space at open market rates sold off in /24 blocks is on the order of 
> 3GUSD, ignoring the effects that releasing about a million /24s into 
> the market would have on the dynamics of the market. The unfixability 
> of the "class E problem" is therefore a matter of (1) the total 
> marginal cost of fixing implementations to the point that class E 
> becomes saleable being higher than three billion, which is almost 
> certainly the case and/or (2) an inability to allocate or distribute 
> the proceeds of an auction of said space to the entities that would 
> need to deploy the changes, which is definitely the case. It's a shame 
> that other "stuck migrations" don't map so neatly onto a market to 
> which codepoints can be assigned values, but I suspect the outcome 
> would largely be the same if they did...)
>
> In any case, shipping a protocol with underspecified bits is 
> definitely unsafe, and to be avoided, but we should probably explore 
> the dynamics of how this unsafety actually unfolds. Different layers 
> have different timescales and different amounts of reversibility.
>
> I might swing back around on this and send a PR with something 
> hopefully insightful after I burn down my queue...
>
> Cheers,
>
> Brian
>
>
>
>
> On 7 Aug 2018, at 08:18, Eliot Lear 
> <lear=40cisco.com@dmarc.ietf.org><mailto:lear=40cisco.com@dmarc.ietf.org> 
> wrote:
>
> Signed PGP part
> Hi Martin,
>
> I'm just delving into Radius and EAP, but what I like is how opacity 
> was
> used early on for privacy purposes.   So for instance, perhaps the
> largest federated network in the world is Eduroam, and it is built on
> Radius and EAP.  Proper layering has made it possible for there to be
> inner and outer identities that allow for IdPs to manage their user
> bases independently and to keep some amount of privacy.  Klaas 
> Wierenga
> at GEANT was the principal designer.
>
> We are trying to expand out AAA for IoT use cases, and in that 
> context.
> Some of that work was done with EAP-TEAP, but a little bit more is
> needed.  A key insight there is that it is sort of in between routing
> and application, in that it is multi-party, but not to the insane 
> extent
> of a routing system.
>
> At the Internet layer, of course, we have a big fat wasteland called
> 240/4, which is just sad.  Vince Fuller, Dave Meyer, and I wanted to
> free up that space, but there were serious concerns that using it 
> would
> cause harm to systems not expecting it to be used, or simply would be
> ineffective.  That was a while ago.
>
> Eliot
>
>
> On 07.08.18 02:24, Martin Thomson wrote:
>
>
> On Mon, Aug 6, 2018 at 11:22 PM Eliot Lear 
> <lear@cisco.com><mailto:lear@cisco.com> wrote:
>
>
> In short, my suggestion is to first decide on what applicability you
> want to have, and if broad, then let's explore some other cases.
>
>
> Brian made a similar comment.  I would really like to hear more about
> broader experience with this.  It seems like TLS is uniquely crappy
> when it comes to these issues (investigating why would be another
> valuable research subject...), but I can't believe for a moment that
> the implementation ecosystem of other protocols is pristine and
> blemish-free.
>
> If your experience with the AAA protocols reveals anything, I'd be
> very interested.  My understanding of RADIUS, having used it many
> years ago, was that it was a great example of the active use thing I
> advocate for.  That is, the mechanism you use to extend the protocol
> is so fundamental to the protocol that you cannot avoid correctness in
> extension handling.  Even having a stronger reaffirmation of that
> would be helpful.
>
>
>
>
>
> _______________________________________________
> Stackevo mailing list
> Stackevo@iab.org<mailto:Stackevo@iab.org>
> https://www.iab.org/mailman/listinfo/stackevo
>
>
>
> _______________________________________________
> Stackevo mailing list
> Stackevo@iab.org<mailto:Stackevo@iab.org>
> https://www.iab.org/mailman/listinfo/stackevo
>
>
>
> _______________________________________________
> Stackevo mailing list
> Stackevo@iab.org<mailto:Stackevo@iab.org>
> https://www.iab.org/mailman/listinfo/stackevo
>
>
> --
> -- aaron Sent from Gmail Mobile

v2.38.3 | Report a Bug | By Email | System Status