IETF Logo Mail Archive

Re: [v6ops] draft-smith-v6ops-local-only-addressing

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 03 December 2019 00:42 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50A71200E9 for <v6ops@ietfa.amsl.com>; Mon, 2 Dec 2019 16:42:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W3GFICdUPkKJ for <v6ops@ietfa.amsl.com>; Mon, 2 Dec 2019 16:42:47 -0800 (PST)
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4AE312008F for <v6ops@ietf.org>; Mon, 2 Dec 2019 16:42:47 -0800 (PST)
Received: by mail-pf1-x42a.google.com with SMTP id s18so791390pfm.4 for <v6ops@ietf.org>; Mon, 02 Dec 2019 16:42:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:cc:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=My5gn/CLxKvBR/FIaL7u0yT2mlySX1fYvP/zF3o3FcM=; b=rrDBmqLAXP6mrafRfTfvyHSsOuYqzPMzl2JaBhkSrGhypUGuHmEVa1olTJ1nwAxvrA dVHUMJdc3N99VT0SPZq2tdmXDS/XeGa2YlgVOVmDtYVMpweCQouP9nuKqJWkZ0oci3qR 6OkxtmgjCai6nwgvRHmxW76eD8kcAsy2Eit+87UdeYakqIhZU/VlTS30mWvPNR5Mr9FL eY7xjP5Xr5m6PFEZVEYAcYpx1ZONzzkW1F9VmqbNznK6bR5mbA2wDE3Oi+USTrtl3AuP U9TCNEJ7blgoQVPwgVkSZI2v3Z2DvlJEh6/L736Bt8LigW/6IfwmgmYRQx2gPm+bGpbd Pibg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:cc:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=My5gn/CLxKvBR/FIaL7u0yT2mlySX1fYvP/zF3o3FcM=; b=f2yaWWd56+p+zF3XeJeYMMP88Tw7uU14IquzHn9k7zDcDdXxrYA0z8BPtneRnHcb/b Mp5A/pODzX4MDT7mZh/w9QH+H/8h360ljh46e5Bgfs1pzAZTy562cl5jSu63NKip952O Z7DqEYqj/ks3xomQnOOm0OmOkOuXCeReuH3UaLblbu2zOf7w8ZgUGTeFQLQizOZleJk7 sx1P0Hebq762q0hu7gNATpdrbSxyKHASqkbqUYZybEcEdy7sk7F32h+6icO5NufTk2nE 87U4gd+HGk4uyf3fdZH6v60NCMw6uE00BXTj6UNp/pKt7abi8SpKejv+RKkxMlizxUhy cAHw==
X-Gm-Message-State: APjAAAV3lNrtRvlrVRp6Y2RuSk89J6rNpmz7H3PIEU9mfN54jTckLJjs hzpgI0pO1MjYd7T0BmTfvILQ3hvV
X-Google-Smtp-Source: APXvYqx1DlAMoQqBr3lAYcgFzcEjk1GOlV2k5jnSTQu6py7u2DSWTbC3RK4Hd6KiyXQ8yWRKFdZhRg==
X-Received: by 2002:a65:55cc:: with SMTP id k12mr2326351pgs.184.1575333766857; Mon, 02 Dec 2019 16:42:46 -0800 (PST)
Received: from [130.216.37.136] (sc-cs-567-laptop.uoa.auckland.ac.nz. [130.216.37.136]) by smtp.gmail.com with ESMTPSA id w5sm766121pgb.78.2019.12.02.16.42.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Dec 2019 16:42:46 -0800 (PST)
To: Mark Smith <markzzzsmith@gmail.com>
References: <SN6PR05MB57109A5048345A6B2ECD6C5EAE410@SN6PR05MB5710.namprd05.prod.outlook.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Message-ID: <8c58a163-4b59-dd22-d742-360e681c0f66@gmail.com>
Date: Tue, 03 Dec 2019 13:42:42 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <SN6PR05MB57109A5048345A6B2ECD6C5EAE410@SN6PR05MB5710.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/-aNCJ0SuCVfFAtJ7CDTzfPELopo>
Subject: Re: [v6ops] draft-smith-v6ops-local-only-addressing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 00:42:49 -0000

A few somewhat random comments:

1. A nit, but a major nit: the use of the word "global".

Repeat after me: ULAs are global scope addresses. They are explicitly defined as having global scope in RFC4193.

Also repeat after me: ULAs are not globally reachable addresses. They are explicitly forbidden to be routed globally by RFC4193.

Yes, this could be confusing; that's why we have RFC8190. But each occurrence of "global" in the draft needs to be reviewed, and if appropriate, replaced by either "with global scope" or "globally reachable". For example, the last sentence of the Abstract should be: "This memo proposes that these types of devices refuse to configure and use globally reachable IPv6 Internet addresses by default."

2.

> 2.  Default Local Only Addresses
> 
>    By default, a Local Only Address device MUST only configure Link-
>    Local and non-global IPv6 addresses, currently Unique Local Addresses
>    [RFC4193], on its network interfaces.

That will fail if the router doesn't announce a ULA prefix. What do you want the default behaviour to be in that case?

OK, I see that you cover this point later under SLAAC but it seems to me that it is a general that point should be covered here. And I think your recommendation is broken from a practical point of view: if a device is installed on a routed network that does not announce a ULA prefix, limiting it to link-local is simply broken as it prevents the devices from being accessed by devices on other subnets.

So I think the only practical proposal is that if and only if both ULA and globally reachable prefixes are announced, the device should configure only a ULA.

> 5.  Permitted Incoming and Outgoing Connections
> 
>    By default, a Local Address Only device MUST NOT accept any upper
>    layer connections from any global IPv6 addresses.

This is a case where s/global/globally reachable/ is essential. I agree with it, although default settings in many CE routers will already do this.

You probably need to discuss "call home" scenarios, which many vendors want to include in their products and which clearly need globally reachable addresses.

Finally, I think there are points mentioned in https://tools.ietf.org/html/draft-ietf-v6ops-ula-usage-considerations-02#section-4.2 and even in RFC4864 that should be considered.

Regards
   Brian

v2.23.0 | Report a Bug | By Email