Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Thu, 07 January 2021 04:01 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56793A14E8; Wed, 6 Jan 2021 20:01:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.161
X-Spam-Level:
X-Spam-Status: No, score=-2.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AsvTBPYXXi7U; Wed, 6 Jan 2021 20:00:58 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B75F3A14EC; Wed, 6 Jan 2021 20:00:49 -0800 (PST)
Received: from [10.0.0.129] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id A62272846D0; Thu, 7 Jan 2021 04:00:44 +0000 (UTC)
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Mark Smith <markzzzsmith@gmail.com>
Cc: IPv6 Operations <v6ops@ietf.org>, 6MAN <6man@ietf.org>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <CAO42Z2wR-3vbHi-NrBBMmCTNDq5fgqvSmBUbYK7P+63QTNfxkg@mail.gmail.com> <CAKD1Yr014PzVJj9Y6O=PBGc_QSVtur-0wMpaNkFA0dqr8FHGuA@mail.gmail.com> <44e7ac61-523a-d35e-9024-7e6df81e4226@gmail.com> <be92f523-eeaa-8ed4-afdf-4a537f53748c@si6networks.com> <7b3809f0-2db4-bcff-b669-66911ee9c087@gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <8345b02d-4c26-d5d8-7d85-1e85f3b15642@si6networks.com>
Date: Thu, 7 Jan 2021 01:00:29 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <7b3809f0-2db4-bcff-b669-66911ee9c087@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/1-A9YmMaFv0qrfcFJRfNXdMO0eI>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 04:01:01 -0000

Hi, Brian,

On 6/1/21 23:51, Brian E Carpenter wrote:
[...]
>>
>>> On 07-Jan-21 05:26, Gert Doering wrote: ...
>>>> Why should applications, or anything that is not an admin, care if
>>>> an address is a ULA or a GUA?
>>>
>>> It depends on what you mean by "application". I've written code that
>>> explicitly prefers a ULA, and I could imagine a security spec saying
>>> "prefer ULA". But anyway, it's not really a problem, is it? (It's
>>> annoying to me that in Python, a ULA has .is_global == False, but I
>>> managed to code round that error.)
>>
>> The question is: Is it an error?
> 
> According to the addressing architecture and the ULA definition, it's
> an error. 

But this is where we go back to the original question:
* RFC4007 says that global scope addresses are globally unique.

* RFC4193 aims to reduce the collision fo a number of ULA prefixes when 
grouped together, but certainly does *not* result in globally-unique 
prefixes. Still, RFC4193 claims that ULAs globals.


So from the pov of RFC4193, ULAs are globals. From the pov of RFC4007, 
they are not.

Which of the two (RFC4007 vs RFC4193) takes precedence?



> It's also a tricky one to fix, because who knows what running
> code might depend on it?
> 
> A test for ULA-ness in Python, using only the address properties that the
> ipaddress module already defines, is:
> 
> def is_ula(a):
>      """Test for ULA"""
>      return (a.is_private and not a.is_link_local
>               and not a.is_loopback
>               and not a.is_unspecified)
> 
> which also, not coincidentally, returns True for RFC1918 addresses.
> (Of course you could equally well do a bit-mask test.)
> 
>> I've just checked the most "up to date" textbook that I have at hand on
>> IPv6. Page 335 has a subsection entitled "Global addresses versus ULAs".
>> The discussion in the textbook is indeed fine.
>>
>> Could one actually make the case that e.g. Python's library should
>> change? If it did, it would be counter intuitive. It would match
>> RFC4193/4291, but not RFC4007, e.g. the textbook I've checked, and the
>> intuitive meaning of private/global.
> 
> That's of course exactly why the term "globally reachable" was added
> by RFC8190. My objection to the Python library is not that it provides
> the property .is_private, which is very clear, but that it asserts that
> ipaddress.IPv6Address("fd63:45eb:dc14:0:8546:6ab7:1529:b435").is_global
> is False. Because according to the Proposed Standard RFCs,
> ULAs are both private and global.

    [RFC4007] defines the scope of an address as:

       "[the] topological span within which the address may be used as a
       unique identifier for an interface or set of interfaces"

    And defines the "global scope" to be used for:

       "uniquely identifying interfaces anywhere in the Internet"

Given ~1.2M ULA prefixes, you have a probability P~1 that there's a 
collision.

In that light, it's hard to assert that they are globally unique, and 
hence that they have global scope....

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492