Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 08 July 2018 21:43 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E49130EB0; Sun, 8 Jul 2018 14:43:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWZIMS7l6Bqe; Sun, 8 Jul 2018 14:43:09 -0700 (PDT)
Received: from mail-pl0-x22e.google.com (mail-pl0-x22e.google.com [IPv6:2607:f8b0:400e:c01::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67D16130EAC; Sun, 8 Jul 2018 14:43:06 -0700 (PDT)
Received: by mail-pl0-x22e.google.com with SMTP id f4-v6so890030plb.9; Sun, 08 Jul 2018 14:43:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:references:from:organization:to:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=c2Lm1bLTh6dWEm/5Yu9ydV62lsIF1XsCE+XTANoNVlg=; b=nxrNaRbEXREfA5tm+zpHySZwIRqp4Ih2JX6fuJvwb18iaxvRWtGnCaFfqGIE8YMzZc WVef+8CfXUy0nS/W8fsLOhddjpL78pe3vlornQDyTD/RnG+iCJh1zWmDfC1Z4XdDbPJV pfpXCmVyI4YSCmzqXMWIyzHn3OEMOSsx27G4oScUQLuccA2Pia+56KPXKJFQPkxivCi7 VJGqCq1m7DS5FV40esdZwbEbWnWUQtN2ta+k73U+k947LfDhSxPwSKfc1q4WHv9mTvzH HZ+IZdhY8mc49T78Wyp5lMYPhdx3Z5zthvvKNHliSIthrNffIKxjgztsp/3qgJQvwbxi PheQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:from:organization:to :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=c2Lm1bLTh6dWEm/5Yu9ydV62lsIF1XsCE+XTANoNVlg=; b=n9w5/o9XUebv6+XfzqRyYoHk0VlA1UzTdU6nIeF//tyY5qEyo5z/z2ZvORj9+nLG/A G4a/BE5sRDu0PxGIR5qYhTZEryBg/3VoO4YweMPvCiu32sSdaQiObyLpzbig9W2QFKqN ZFXMSdYGdkVrBE8W2MBb+dYx/31Bu5cM9O4S13UONP/OCWf36bsv8a0PkOvM9IxQT8+Y 3ViNY2LaCBz4sXc84a/99VFbG7qaghu5RxjNVVtZv6rMyCUkiHX9eD/JMvt1E4ueR46S QCW8vEyuddqWlzFYw8tvtdvjAHfD408g3yzzm9KDUizZ9KbfplzPZMac6bsLx3aZ8COO JQ3Q==
X-Gm-Message-State: APt69E3XQcEmK7IgpIuVUQwCJDWpAN0HBCCyyFNFeMYadfp6VEu4il75 iQYMQB8AvsnXcoXzl5eHpj0LVw==
X-Google-Smtp-Source: AAOMgpdzks9R+OqXtJkvNsHkppnZZO0rnowKE8S4c2alZf5TtcqPpdxusl6VaLOpqvbGhKEswYJfow==
X-Received: by 2002:a17:902:20ca:: with SMTP id v10-v6mr17877613plg.255.1531086185697; Sun, 08 Jul 2018 14:43:05 -0700 (PDT)
Received: from [192.168.178.38] ([118.148.121.80]) by smtp.gmail.com with ESMTPSA id 84-v6sm1814691pfj.33.2018.07.08.14.43.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Jul 2018 14:43:04 -0700 (PDT)
References: <153017691583.14743.17000446834856511528@ietfa.amsl.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
To: draft-palet-v6ops-rfc6177-bis@ietf.org, IPv6 Operations <v6ops@ietf.org>
Message-ID: <78a36a81-3bb3-9d47-aa06-8da8f7594677@gmail.com>
Date: Mon, 09 Jul 2018 09:43:00 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <153017691583.14743.17000446834856511528@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/1mLEnKAip8URNO3pCVnz3_S1Hv0>
Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jul 2018 21:43:12 -0000
Hi, Thanks for this draft. > Abstract This needs to be shorter. Three paragraphs is too much. > ... policy should reflect that assignment of a single subnet is > no longer appropriate unless the recipient explicitly agrees to the > limitations implied by such an assignment. I *strongly* suggest deleting the "unless" clause. It leaves a loophole, and it could easily be hidden in shrink-wrap terms and conditions so that a subscriber would agree without even knowing about it. Reduce this simply to: ... policy should reflect that assignment of a single subnet is never appropriate. > 1. Introduction ... > 1. It is extremely discouraged that /128s be given out. While there > may be some cases where assigning only a single address may be > justified, a site, by definition, implies multiple subnets and > multiple devices. I find this a bit weak. Try: 1. It is extremely discouraged that /128s be given out. While there may be some applications where assigning only a single address may be tolerated, a site, by definition, implies multiple subnets and multiple devices. Also, a /128 prevents any form of privacy-based addressing. > 4. This revision has been created to more clearly assert the > requirement to ensure that address assignments to end-sites > provide a sufficiently big number of subnets (/64 on classic > networks) to each end-site, taking under consideration the end- > site's future expected needs, new deployment expectations and new > protocol requirements, among others. Once all these are > considered, it seems unlikely that a single subnet (/64) or even > a small number of them should be assigned, unless very clearly > justified and agreed to by the end-site. The "unless" clause is dangerous because of shrink-wrap terms and conditions. I suggest deleting it. > 2. Considerations Regarding the Prefix Length ... > This consideration should be noticed, across this document, in the > sense that end-sites usually have subnets that use, by default, > SLAAC, and consequently, the LAP is mandatorily a /64. Other > technologies, may have a different LAP, which must be used > accordingly. I suggest s/Other/Future/ since /64 prevails everywhere today. > 3. On /48 Assignments to End-Sites ... > An important > goal in IPv6 is to significantly change the default and minimal end > site assignment, from "a single address" to "multiple networks" and > to ensure that end-sites can easily obtain address space. I suggest adding something like this: As the operational costs of carrier-grade NAT and address+port sharing have shown, availability of multiple addresses and prefixes to end sites that need them will be a considerable saving to their ISPs. > It might be tempting to give home sites a single /64, since that is > already significantly more address space compared with today's IPv4 > practice. However, this precludes the expectation that even home > sites will grow to support multiple subnets going forward. Hence, it s/expectation/certainty/ ... > A key goal of the recommendations in [RFC3177] is to > ensure that upon renumbering, one does not have to deal with > renumbering into a smaller subnet size. Perhaps add: In particular this would apply to any site that switches to an ISP that provides a longer prefix. > It should be noted that similar arguments apply to the management of > zone files in the DNS. In particular, managing the reverse > (ip6.arpa) tree is simplified when all links are numbered using the > same subnet ids s/numbered/renumbered/ ... > years, and we don't recover back the /48's, we will be able to use > IPv6 addressing space for over 100.000 years. Perhaps add: This document does not advocate careless use of address space, but there is objectively no reason to be restrictve. ... > Today typically, a home has already a considerable number of possible > subnets (a common CE has 4 LAN ports, 2 WiFi radios which support > several SSIDs each one, VoIP subnet, IPTV subnet, additional VLANs) > and if downstream routers are used, there is a need for further > subnets. This means that in a short term, assigning a /60 (16 > subnets), it is already a really bad decision, as it may enforce IPv6 > NAT between the main CE and downstream routers. I suggest deleting "as it may enforce IPv6 NAT between the main CE and downstream routers". Firstly it puts NAT into the reader's mind. Secondly, it isn't the only solution - IIDs shorter than 64 could also be implemented. > 4. Impact on IPv6 Standards I propose to simply delete this section. Firstly, RFC3056 is deprecated so it's irrelevant today. Secondly, the argument about ULAs (RFC4193) doesn't hold up. ULAs are like any other /48 prefix - if you are forced to renumber into a longer prefix, you lose some subnet bits. That is already covered in the middle of section 3 (the "key goal" sentence quoted above). > 6. Security Considerations > > This document has no known security implications. Really? More prefix space offers more potential for scanning attacks. More prefix space also allows the use of slightly randomized prefixes and/or prefix-per host. Also of course, a /128 would prevent any form of privacy-based addressing. > 8. Acknowledgements > > The authors of this document will like to acknowledge the authors of > previous versions (Thomas Narten and Geoff Huston) RFC3177 was signed by the whole IAB and IESG seated in 2001, and its Acknowledgements read: >> This document originated from the IETF IPv6 directorate, with much >> input from the IAB and IESG. The original text forming the basis of >> this document was contributed by Fred Baker and Brian Carpenter. >> Allison Mankin and Thomas Narten merged the original contributions >> into a single document, and Alain Durand edited the document through >> its final stages. Regards Brian
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Lea Roberts
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… David Farmer
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Fred Baker
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… David Farmer
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… STARK, BARBARA H
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Owen DeLong
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter