Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-addressing-considerations-00.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 26 December 2020 01:04 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88B503A0E80; Fri, 25 Dec 2020 17:04:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBXrSySyDKeB; Fri, 25 Dec 2020 17:04:12 -0800 (PST)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BA6E3A0E7F; Fri, 25 Dec 2020 17:04:12 -0800 (PST)
Received: by mail-pj1-x102b.google.com with SMTP id v1so2902110pjr.2; Fri, 25 Dec 2020 17:04:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=qH6mWCVJrnq22fnVP6E2yAexeZQDiUlLQrAT3e0ybNY=; b=WdRHyp+2rs6i9jIPy7YgnF5R/5gBsHw3D5DTpz/DLvNGY+ayNzSHe+2ZVNamj4Ye+v hyxzVs8GjRMzqWSmV26JsGmgPjDbT6pSx5gaOpoaJfWdO6ordk8YSjQpWuoOX416WeYX s3ZDuOqs56vGjhWbNWjGcJnYDhYvxsxT7iD+T582kZubEORQZpanxJBDEw8YbrJyeQXg bG8mrB9kFcJ7zmGRYwLiJ3MgYOwRgFUlljrugzrj51WiK5onRqrdAnJ5jRhI6W70Cmus avl6CnF5R4IUvIV+DwNVtl3x5qSD6AnohtbljGBWBWgjN3xEGHBEAkYVwJRovWbhtuod n0mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=qH6mWCVJrnq22fnVP6E2yAexeZQDiUlLQrAT3e0ybNY=; b=ctFKkIV2rsUmO7Q8kDlVKLc2+fgBq8cFq/0Y6wgxxAWw4eXNykAD6GsXJ7Qzzt/xy8 LXyIu9dQe86NuXmNrus2ZL34I4Ie4/QZCM8NbnJN8fMwC6ZEGIgXqo07Mw//oinR5MxY PIpzRqBUn61MIN5SQj84X6F9G8ByESK1A5y2S8TjFyEUTkMwu/+2idQ+3m8k/C3p0q2E i31YwpiI1VIX3q7hIuIYIfCsS8EtNiJhS8+s+GHDHu1KzUDkUt+h2ceYSRVfUzrAXXZ7 p+yoZiRg/b3HsFj6ql9g6ZcMWKwdt5dmHzdOGxv9lrXG8pGc9uslOY6CV4crrPlmA4cg M06w==
X-Gm-Message-State: AOAM530fSlzsFwQb9dbpY9PlGF+elJPallf79NxBMXdNVnPTCes7gzk/ ilDuXM8WUSK6cCF20NaSvtYCRFHVdRlBkg==
X-Google-Smtp-Source: ABdhPJyRJ/3PgYTaoAsPJxHAi79lU7cT0BIKFp0ScJyuEb/t6UO0Xy1S3ReCEMbMvjtX5N/lPuqBkQ==
X-Received: by 2002:a17:902:ee02:b029:db:c0d6:57f9 with SMTP id z2-20020a170902ee02b02900dbc0d657f9mr35544207plb.65.1608944651114; Fri, 25 Dec 2020 17:04:11 -0800 (PST)
Received: from [192.168.178.20] ([151.210.131.28]) by smtp.gmail.com with ESMTPSA id 6sm15814181pgo.17.2020.12.25.17.04.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Dec 2020 17:04:10 -0800 (PST)
To: Fernando Gont <fgont@si6networks.com>, IPv6 Operations <v6ops@ietf.org>, draft-gont-v6ops-ipv6-addressing-considerations@ietf.org
References: <160770241261.18071.12524922630334294118@ietfa.amsl.com> <fb832698-039e-baa5-ed6f-4d5a97e7b354@gmail.com> <299f492f-4cb7-fa9d-967f-b2a5df49034e@si6networks.com> <759efdb1-a59c-788c-0c7a-5a8ca2ced904@gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <870d8c92-0aab-6fcd-a945-401293b7af28@gmail.com>
Date: Sat, 26 Dec 2020 14:04:05 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <759efdb1-a59c-788c-0c7a-5a8ca2ced904@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/1erTcN7uERUCeOCkAz0HN1heEUU>
Subject: Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-addressing-considerations-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Dec 2020 01:04:15 -0000
There's now a better version of my diagrams at https://www.cs.auckland.ac.nz/~brian/scope6.pdf Regards Brian On 25-Dec-20 11:15, Brian E Carpenter wrote: > Hi Fernando, > > On 24-Dec-20 18:50, Fernando Gont wrote: >> Hello, Brian, >> >> Thanks for your comments! In-line.... >> >> On 20/12/20 01:44, Brian E Carpenter wrote: >> [....] >>> >>>> 3.1. Legacy Specifications and Schemes >>> >>> I don't think that section is complete without mentioning site-local >>> and why it was scrapped (RFC3879). >> >> Will do. >> >> Comment/question (since I wasn't participating in 6man when RFC3879 was >> published, and I've never used site-locals myself): >> >> >> There seem to be two main issues with site-locals: >> >> 1) use of the zone index ("%___") >> >> 2) "ambiguitiy" of the addresses. >> >> >> Regarding #1: >> My understanding is that site-locals where expected to be used with a >> zone index (as we normally do for e.g. link-locals) in the case the same >> prefix is employed on two different networks. >> >> Now, my question is: why do this in the first place? What I would expect >> is that you simply use the address. Then, if the same node attaches to >> two networks that employ the same prefix, that's a configuration >> problem. Period. *If* in such scenario, *and for debugging purposes* you >> want to be able to specify which interface to use to send packets to a >> site-local address (that looks like "on-link" on two different >> interfaces), then you use the zone index -- but that's for *debugging* >> purposes, since having two subnets employ the same site-local prefix >> would be an error. > > If you read RFC4007 you will *not* find that a zone index is formally > equated to an interface index. The "zone" terminology is confusing since > it did originally assume a nested scope model, link-local inside site-local > inside global. By some magic the host was supposed to understand enough > of the network topology to use a single value "zone index" to capture > the topology and tell the drivers which interface to use. See diagrams > at https://sites.google.com/site/bcabrc/miscellany . > Slides 3 and 4 show scenarios that simply can't be captured > by a one-dimensional zone index. In practice, of course, the zone index > is only meaningful within the host. So the whole concept of a zone > index for nested scopes was a mistake. With hindsight, we should > have cleaned that up more definitively in RFC4007. > > (And this problem is still a problem: > https://bugzilla.mozilla.org/show_bug.cgi?id=700999 was opened > 9 years ago and still gets traffic despite being formally "closed" > 5 years ago.) > >> Regarding #2: >> Modulo the above, for the most part non-global addresses *are* >> ambiguous. So this is kind of a feature. > > Yes, but not a *good* feature since it leads to the problems > in my slides 3 and 4. > >> With the minor consideration in #1, site-locals do not seem to be a lot >> different than ULAs. -- Yes, you are supposed to randomize the ULA >> prefix ( which I don't when using them in labs, since I don't want >> ugly-looking addresses :-) ).. but you might also argue than when using >> site-locals you better made sure that you didn't employ the same >> site-local prefix in to interconnected networks, anyway. > > But the design didn't provide for that, whereas the ULA design does > (and no, using pretty ULA prefixes is not OK). > > RFC3513 was seriously broken, because it suggests using "the same > subnet IDs for site-local and global prefixes", which doesn't > make much sense and certainly doesn't provide a high probability > of uniqueness. > >> >> Am I missing something? >> >> >> >> >>>> 3.2. Unique Local IPv6 Unicast Addresses (ULAs) >>> ... >>>> However, the only reasons for which these addresses are considered >>>> to have "global scope" are: >>>> >>>> o given two different networks that employ ULAs, it's unlikely >>>> that they will employ the same ULA prefix >>> >>> Not at all. The reason they formally have global scope is because >>> when site-local was scrapped (as being meaningless and unenforcable, >>> see RFC3879), only two scopes were left: link-local and global. >>> There was no other choice. >> >> Why not, say, "IPv6 Private Address Space"? -- Yes, in the light of >> "ipv6 is all about the global addresses", mimicking IPv4's private >> addresses probably wasn't "sexy", but IMO the concept is useful, and >> well understood. > > I think that adds confusion. They are only private because of the > requirement to block them in border routers; it's not a property > of the address itself. (Thumbs down to the Python ipaddress module > by the way, which has invented an "is_private" property and gets > "is_global" wrong for ULAs.) > >>> What that means is that protocols treat >>> them *exactly the same* as RIR-assigned prefixes. That applies to >>> all protocols: ND, RA, DHCPv6, and every routing protocol. They are >>> only treated differently by policy, such as address selection policy >>> or boundary router policy. >> >> Wouldn't this also be the case if they were redefined as "IPv6 private >> address space"? i.e., from the point of routing, modulo the link-local >> prefixes, you simply have prefixes that you distribute information >> about. i.e. "Private address space" (i.e., non-global) shouldn't be >> treated differently by routing protocols. > > It's true, but that's what the "global" property means, and it's different > from "globally reachable". It's not ideal terminology, of course, since the > design process had a false start with "site-local". > > Happy holidays! > > Brian >> >> >> >>> And, if you like, the pseudo-random >>> prefix assignment mechanism is also a policy, by making prefix >>> collision highly unlikely. ULA-C would be a different policy, by >>> making prefix registration compulsory. >> >> Comment/question (rather than "objection"): since the "scope" is >> essentially defined as the region of the network topology where an >> address is meaningful, it would seem to me that claiming "ULAs" are >> global-scope is at odds with the fact that ULAs prefixes are >> locally-generated. >> >> Put another way: when you analyze what "scope" means, ULAs really have >> nothing of "global scope". ULAs are not centrally managed, and as such >> are ambiguous. >> >> (I guess you could argue that ULA-C could be global for some meaning of >> the concept. But then I don't see much of a point for such a thing. -- >> just use global addresses, and filter where appropriate.) >> >> >> >>>> o the ULA address block formally belongs to the Global Unicast >>>> Address (GUA) address block >>> ... >>>> The ULA address block has been carved out of the GUA address >>>> block, >>> >>> This statement seems misleading to me. GUA is not actually defined >>> very well in RFC4291. True, the table in section 2.4 says "Global >>> Unicast (everything else)" and none of the formal updates to RFC4291 >>> change that. >> >> Yes, that was my rationale. >> >> >> >>> But the choice of fc00::/7 by RFC4193 makes it clear >>> that these are not normal GUAs; by definition they are not assigned >>> by the RIRs or announced on the public Internet. They are listed in >>> the IANA Special-Purpose IP Address registry and discussed >>> explicitly in RFC8190, so the claim that they are part of the GUA >>> block seems very dubious. >> >> FWIW, I think that RFC4193 should have formally updated RFC4291 (or, >> well, since probably they were published together, RFC4291 could have >> marked the ULA space in the addressing architecture, and point to >> RFC4193 for further details). >> >> BTW, there are no macros that would distinguish ULAs them from regular >> global addresses: https://tools.ietf.org/html/rfc2553#section-6.7 >> >> >> >> >>> (I think it's a bug in RFC4193 that it didn't make an update to >>> RFC3513, the predecessor of RFC4291, which actually foresaw such a >>> case: "Future specifications may redefine one or more sub-ranges of >>> the global unicast space for other purposes, but unless and until >>> that happens, implementations must treat all addresses that do not >>> start with any of the above-listed prefixes as global unicast >>> addresses.") >> >> Ok, it looks like we are on the same page. :-) >> >> >> >> >>>> Therefore, ULAs are not globally meaningful and thus, for most (if >>>> not all) practical purposes, ULAs can be considered to have non- >>>> global scope. For this reason, ULAs are treated as non-global >>>> scope addresses, even when from a specifications point of view >>>> they have global scope. >>> >>> I don't accept that. I believe we've had that discussion and the >>> consensus is in RFC8190 and the IANA registry already. >> >> Sorry: what we *meant* here is that, throughout our document, when we >> refer to "non-global addresses" we are also thinking about ULAs. >> >> (e.g., the "possible isolation provided by the address scope" applies >> (to different degrees) to both e.g. link-locals and ULAs...) >> >> >> >> >>> Later in the draft you say: >>> >>>> In the same light, a ULA prefix generated by a local router will >>>> be, by definition, provider independent. However, a router might >>>> also be leased an ULA sub- prefix from its upstream, in which case >>>> this prefix would be "provider dependent". >>> >>> Exactly. This illustrates that as far as protocols go, ULA prefixes >>> behave exactly like RIR-assigned prefixes. >> >> Couldn't one also argue that ULAs are, e.g., "IPv6 private address >> space" and that, as with the RFC1918 space, no special provisions are >> needed in routing protocols -- other than one filtering prefixes >> when/where deemed appropriate? >> >> >> >>> They are global in >>> protocol terms, but not globally routed in operational terms. These >>> are orthogonal properties. >> >> Sorry for insisting on this one -- I'm bringing up this issues because I >> found myself trying to provide an explanation for "global in protocol >> terms", without a lot of success. :-) >> >> It would seem to me that virtually every use of "global" for ULAs >> (modulo ULA-C, I guess) is, conceptually speaking, kind of cumbersome >> and incorrect. -- and creates expectations that, at the end of the day, >> are probably not going to be fulfilled. >> >> Wouldn't the most natural thing be to flag ULAs as "IPv6 Private Address >> Space", where e.g. from the point of view of protocols, the same >> considerations as for RFC1918 apply (no, I wouldn't *say* this in a >> spec), and we simply have the additional feature in the spec that we >> recommend how to generate the ULAs prefixes to avoid possible hassles >> when merging two different networks? >> >> Or, to put in a different way: RFC1918 is private address space, and we >> don't need to call it "global" in any way to flag the fact that >> addresses from that private address space are not treated in any special >> way by e.g. routing protocols -- for instance, why should they? >> >> >> Thanks! >> >> Regards, and Merry Christmas! >>
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Fernando Gont
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Fernando Gont
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Gert Doering
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Eduard Metz
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Gert Doering
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Fernando Gont
- Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-add… Eduard Metz