IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 08 July 2018 21:43 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E49130EB0; Sun, 8 Jul 2018 14:43:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWZIMS7l6Bqe; Sun, 8 Jul 2018 14:43:09 -0700 (PDT)
Received: from mail-pl0-x22e.google.com (mail-pl0-x22e.google.com [IPv6:2607:f8b0:400e:c01::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67D16130EAC; Sun, 8 Jul 2018 14:43:06 -0700 (PDT)
Received: by mail-pl0-x22e.google.com with SMTP id f4-v6so890030plb.9; Sun, 08 Jul 2018 14:43:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:references:from:organization:to:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=c2Lm1bLTh6dWEm/5Yu9ydV62lsIF1XsCE+XTANoNVlg=; b=nxrNaRbEXREfA5tm+zpHySZwIRqp4Ih2JX6fuJvwb18iaxvRWtGnCaFfqGIE8YMzZc WVef+8CfXUy0nS/W8fsLOhddjpL78pe3vlornQDyTD/RnG+iCJh1zWmDfC1Z4XdDbPJV pfpXCmVyI4YSCmzqXMWIyzHn3OEMOSsx27G4oScUQLuccA2Pia+56KPXKJFQPkxivCi7 VJGqCq1m7DS5FV40esdZwbEbWnWUQtN2ta+k73U+k947LfDhSxPwSKfc1q4WHv9mTvzH HZ+IZdhY8mc49T78Wyp5lMYPhdx3Z5zthvvKNHliSIthrNffIKxjgztsp/3qgJQvwbxi PheQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:from:organization:to :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=c2Lm1bLTh6dWEm/5Yu9ydV62lsIF1XsCE+XTANoNVlg=; b=n9w5/o9XUebv6+XfzqRyYoHk0VlA1UzTdU6nIeF//tyY5qEyo5z/z2ZvORj9+nLG/A G4a/BE5sRDu0PxGIR5qYhTZEryBg/3VoO4YweMPvCiu32sSdaQiObyLpzbig9W2QFKqN ZFXMSdYGdkVrBE8W2MBb+dYx/31Bu5cM9O4S13UONP/OCWf36bsv8a0PkOvM9IxQT8+Y 3ViNY2LaCBz4sXc84a/99VFbG7qaghu5RxjNVVtZv6rMyCUkiHX9eD/JMvt1E4ueR46S QCW8vEyuddqWlzFYw8tvtdvjAHfD408g3yzzm9KDUizZ9KbfplzPZMac6bsLx3aZ8COO JQ3Q==
X-Gm-Message-State: APt69E3XQcEmK7IgpIuVUQwCJDWpAN0HBCCyyFNFeMYadfp6VEu4il75 iQYMQB8AvsnXcoXzl5eHpj0LVw==
X-Google-Smtp-Source: AAOMgpdzks9R+OqXtJkvNsHkppnZZO0rnowKE8S4c2alZf5TtcqPpdxusl6VaLOpqvbGhKEswYJfow==
X-Received: by 2002:a17:902:20ca:: with SMTP id v10-v6mr17877613plg.255.1531086185697; Sun, 08 Jul 2018 14:43:05 -0700 (PDT)
Received: from [192.168.178.38] ([118.148.121.80]) by smtp.gmail.com with ESMTPSA id 84-v6sm1814691pfj.33.2018.07.08.14.43.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Jul 2018 14:43:04 -0700 (PDT)
References: <153017691583.14743.17000446834856511528@ietfa.amsl.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
To: draft-palet-v6ops-rfc6177-bis@ietf.org, IPv6 Operations <v6ops@ietf.org>
Message-ID: <78a36a81-3bb3-9d47-aa06-8da8f7594677@gmail.com>
Date: Mon, 09 Jul 2018 09:43:00 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <153017691583.14743.17000446834856511528@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/1mLEnKAip8URNO3pCVnz3_S1Hv0>
Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jul 2018 21:43:12 -0000

Hi,

Thanks for this draft.

> Abstract

This needs to be shorter. Three paragraphs is too much.

> ... policy should reflect that assignment of a single subnet is
> no longer appropriate unless the recipient explicitly agrees to the
> limitations implied by such an assignment.

I *strongly* suggest deleting the "unless" clause. It leaves a
loophole, and it could easily be hidden in shrink-wrap terms
and conditions so that a subscriber would agree without even
knowing about it. Reduce this simply to:

   ... policy should reflect that assignment of a single subnet is
   never appropriate.

> 1.  Introduction
...
>    1.  It is extremely discouraged that /128s be given out.  While there
>        may be some cases where assigning only a single address may be
>        justified, a site, by definition, implies multiple subnets and
>        multiple devices.

I find this a bit weak. Try:

   1.  It is extremely discouraged that /128s be given out.  While there
       may be some applications where assigning only a single address may be
       tolerated, a site, by definition, implies multiple subnets and
       multiple devices. Also, a /128 prevents any form of privacy-based
       addressing.

>    4.  This revision has been created to more clearly assert the
>        requirement to ensure that address assignments to end-sites
>        provide a sufficiently big number of subnets (/64 on classic
>        networks) to each end-site, taking under consideration the end-
>        site's future expected needs, new deployment expectations and new
>        protocol requirements, among others.  Once all these are
>        considered, it seems unlikely that a single subnet (/64) or even
>        a small number of them should be assigned, unless very clearly
>        justified and agreed to by the end-site.

The "unless" clause is dangerous because of shrink-wrap terms and 
conditions. I suggest deleting it.

> 2.  Considerations Regarding the Prefix Length
...
>    This consideration should be noticed, across this document, in the
>    sense that end-sites usually have subnets that use, by default,
>    SLAAC, and consequently, the LAP is mandatorily a /64.  Other
>    technologies, may have a different LAP, which must be used
>    accordingly.

I suggest s/Other/Future/ since /64 prevails everywhere today.

> 3.  On /48 Assignments to End-Sites
...
>    An important
>    goal in IPv6 is to significantly change the default and minimal end
>    site assignment, from "a single address" to "multiple networks" and
>    to ensure that end-sites can easily obtain address space.

I suggest adding something like this:

As the operational costs of carrier-grade NAT and address+port sharing
have shown, availability of multiple addresses and prefixes to end sites
that need them will be a considerable saving to their ISPs.

>    It might be tempting to give home sites a single /64, since that is
>    already significantly more address space compared with today's IPv4
>    practice.  However, this precludes the expectation that even home
>    sites will grow to support multiple subnets going forward.  Hence, it

s/expectation/certainty/

...
>    A key goal of the recommendations in [RFC3177] is to
>    ensure that upon renumbering, one does not have to deal with
>    renumbering into a smaller subnet size.

Perhaps add:

In particular this would apply to any site that switches to
an ISP that provides a longer prefix.

>    It should be noted that similar arguments apply to the management of
>    zone files in the DNS.  In particular, managing the reverse
>    (ip6.arpa) tree is simplified when all links are numbered using the
>    same subnet ids

s/numbered/renumbered/

...
>    years, and we don't recover back the /48's, we will be able to use
>    IPv6 addressing space for over 100.000 years.

Perhaps add:

This document does not advocate careless use of address space, but
there is objectively no reason to be restrictve.

...
>    Today typically, a home has already a considerable number of possible
>    subnets (a common CE has 4 LAN ports, 2 WiFi radios which support
>    several SSIDs each one, VoIP subnet, IPTV subnet, additional VLANs) 
>    and if downstream routers are used, there is a need for further
>    subnets.  This means that in a short term, assigning a /60 (16
>    subnets), it is already a really bad decision, as it may enforce IPv6
>    NAT between the main CE and downstream routers.

I suggest deleting "as it may enforce IPv6 NAT between the main CE and
downstream routers". Firstly it puts NAT into the reader's mind. Secondly,
it isn't the only solution - IIDs shorter than 64 could also be implemented.

> 4.  Impact on IPv6 Standards

I propose to simply delete this section.

Firstly, RFC3056 is deprecated so it's irrelevant today.
Secondly, the argument about ULAs (RFC4193) doesn't hold up.
ULAs are like any other /48 prefix - if you are forced to
renumber into a longer prefix, you lose some subnet bits.
That is already covered in the middle of section 3 (the
"key goal" sentence quoted above).

> 6.  Security Considerations
> 
>    This document has no known security implications.

Really? More prefix space offers more potential for scanning
attacks. More prefix space also allows the use of slightly
randomized prefixes and/or prefix-per host.

Also of course, a /128 would prevent any form of privacy-based
addressing.

> 8.  Acknowledgements
> 
>    The authors of this document will like to acknowledge the authors of
>    previous versions (Thomas Narten and Geoff Huston)

RFC3177 was signed by the whole IAB and IESG seated in 2001, and its
Acknowledgements read:

>>    This document originated from the IETF IPv6 directorate, with much
>>    input from the IAB and IESG.  The original text forming the basis of
>>    this document was contributed by Fred Baker and Brian Carpenter.
>>    Allison Mankin and Thomas Narten merged the original contributions
>>    into a single document, and Alain Durand edited the document through
>>    its final stages.

Regards
    Brian

v2.23.0 | Report a Bug | By Email