Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-01.txt
Nick Buraglio <buraglio@es.net> Wed, 22 June 2022 16:10 UTC
Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87A18C157B35 for <v6ops@ietfa.amsl.com>; Wed, 22 Jun 2022 09:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.864
X-Spam-Level:
X-Spam-Status: No, score=-0.864 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KkZJHLrqt0Eo for <v6ops@ietfa.amsl.com>; Wed, 22 Jun 2022 09:10:08 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 652F7C14F749 for <v6ops@ietf.org>; Wed, 22 Jun 2022 09:10:08 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id h23so35256596ejj.12 for <v6ops@ietf.org>; Wed, 22 Jun 2022 09:10:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=Vu8e39QKNmFOS1EwY8IHEOr08VtRlmnrPJCKxCsx7cM=; b=oGSwn4epMxA3ze7GznABS0tYqu20AbPzB5TOh2ql7lf04MpigDGfNasxNvHpQHCwr2 zw+LtdlQA2EyjOgU2+MUnfgFrlrp9EqcqnPDxb1NMOBxk9Yp23gbZQAmzNvCvq7/QlZ9 QJKH6psW2B8yV0GqEU1kKlSIRId+QwptC28BXqTg09v3ecBKrrXkI9ZqCR8yxxwmfZ5L GzcDoUblHZu0hmMKsRhqJeMRMPq9Fon1mSJ2dDDgm7UfLRhH4G/uyFGx4tPu+6JonNGe I6HXjPyiAzv00HnzPvuB4/AMmnmvfNK/bYydaXe23mj6Upi3TZAg9kVjQFibhfED3lUw nkKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=Vu8e39QKNmFOS1EwY8IHEOr08VtRlmnrPJCKxCsx7cM=; b=UD5zITzHzWrh4/27qoXBzHvvpW7yy7L9rjF5p21LW/SNBQ/nIJmVyzjJo7sX2WC1sH oTDGzIQwA50E37l+Kyp3BBKXPnqn/BTFohbVQhaaG/DeaXLVgdt2QvLloJT91QlYfRpJ 2Mjwn35viL8PdqrGYvCCvfJaXM2V6AgBxgGJJlV930UeMS5q0K4ioKhMIH4If9iMGy0v HdPZHyh5aKvrU3K+Ogu3UK6fa2sq7qQaMOMCmt4gJkPxRLjMyx0x27LyYC6JuwG3lAD1 EE+Pu7vUPMiTQjcwK3AI/UDgeoG21tm4VcVweJR1/mF2RgqPv5A8/WzmC7+x9Z64iKTD ejmQ==
X-Gm-Message-State: AJIora9MdnngzbbGU0OgsiE5nbFthUc+OStMVNrNYHnZulmuaCx9y1D4 01b8IM9q04MWOqYS2g5jfcQkN8sC5PoNvAiswq6ZxiilD7VYs8TSIS6vapGNjjb5NlOwzRKFlVw nykPMBtSwkgFWXkNPYNwic7HoyC/rsl6zKwAyKUssHfV9/LnUtu0uQv2DW+PIGc7vDzGlwmnALI 2Fmw/RDCs=
X-Google-Smtp-Source: AGRyM1tQYgdd5J+1+AnEAf2nlzNvft4fO2sTOisyq60kLwCjretX4hNnLXXrdPaL5i4L9tIFGLfUSIZD3y8XtBGQqXA=
X-Received: by 2002:a17:907:6d8b:b0:71d:9537:38f8 with SMTP id sb11-20020a1709076d8b00b0071d953738f8mr3850482ejc.72.1655914206333; Wed, 22 Jun 2022 09:10:06 -0700 (PDT)
MIME-Version: 1.0
References: <165064500009.9969.16134230557484818454@ietfa.amsl.com> <87aa5bcf-05cf-d170-1efb-d9caa6b48e6c@gmail.com> <CAM5+tA8P1iSwYArY_Qch=AiA4kw7m=ajHjKjeB5KmHgbeU8MHg@mail.gmail.com> <CAE=N4xecVTZL5dGwn4pQNtkubE_Y4a6dFdD4Wx5MCYX7yWUA8A@mail.gmail.com> <cfb9bf48-4d8e-0549-bc7b-dabd46f34b95@gmail.com> <CAE=N4xf-j1gtuWJqsytBmgtgyS8FX-0=ux3_ZAMF+XtBAo9gUQ@mail.gmail.com> <CAM5+tA81zmFeD9s90exDUzi080AFvLv3P-4sTjWvOcG478PS6A@mail.gmail.com> <CAM5+tA8XjujZdR1SUgDEOuCCLM=6cm2yoMtbiwt5P-G9pY_eeA@mail.gmail.com> <6211e9f5-8592-5ec9-a01b-7642a68f7338@gmail.com> <CAM5+tA9AASO=s=rxWbX9g7+QG12JV1icme-+rh-CYEO6FFsTiw@mail.gmail.com>
In-Reply-To: <CAM5+tA9AASO=s=rxWbX9g7+QG12JV1icme-+rh-CYEO6FFsTiw@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Wed, 22 Jun 2022 11:09:54 -0500
Message-ID: <CAM5+tA_H2sKREO_=N=WhkxL_sjznp+kD3OZt7r6L8kKJ7a8O4Q@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Ed Horley <ed@hexabuild.io>, IPv6 Operations <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000ce4c605e20b9288"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/1u68wbhskpkiB3_mSjEyiav6RhI>
Subject: Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2022 16:10:13 -0000
Updates made to https://datatracker.ietf.org/doc/draft-buraglio-v6ops-ula/ Comments hereby solicited. ᐧ On Wed, Jun 22, 2022 at 10:43 AM Nick Buraglio <buraglio@es.net> wrote: > Been traveling and missed this. I'll get this addressed prior to IETF 114, > is there anything else necessary to get on the agenda? I will need to get > travel sorted ASAP. > > nb > > > > ᐧ > > On Sat, Jun 4, 2022 at 3:58 PM Brian E Carpenter < > brian.e.carpenter@gmail.com> wrote: > >> Nick, >> >> I think you should point out that RFC6724 also purports to define the >> solution in section 10.6, and that this actually works, except that the >> mechanism is o/s dependent and is not, as far as I know, supported by an >> RA-based signal from the router, a DHCPv6 option, or a NETCONF mechanism. >> The >> only mechanisms available appear to be local config on the host [1]. >> >> If a host was required to configure a policy entry as per section 10.6 >> whenever a new ULA prefix was announced by an RA, I think we would get the >> required behaviour. (There could be a config option to disable that, >> although it's hard to imagine it ever being the wrong thing to do.) >> >> The only alternative to that seems to be a wrapper for getaddrinfo() like >> I prototyped [2]. >> >> Regards >> Brian >> >> [1] >> https://mailarchive.ietf.org/arch/msg/v6ops/3MVHjxnvbNd5tOqyzIOzTrBKzVk/ >> [2] >> https://mailarchive.ietf.org/arch/msg/v6ops/W1-I0RDb3F2F5B8CEx_bpYsXdRk/ >> >> On 03-Jun-22 08:38, Nick Buraglio wrote: >> > Circling back around to re-ignite some discussions about this draft. I >> am planning to be at the next IETF, is there anything else folks would like >> addressed in this current document? Other details to discuss? >> https://datatracker.ietf.org/doc/draft-buraglio-v6ops-ula/ < >> https://datatracker.ietf.org/doc/draft-buraglio-v6ops-ula/> >> > >> > nb >> > >> > >> > ᐧ >> > >> > On Tue, May 17, 2022 at 9:39 AM Nick Buraglio <buraglio@es.net <mailto: >> buraglio@es.net>> wrote: >> > >> > I am definitely available to help this along. I incorporated the >> last suggested changes a week or so ago. >> > nb >> > >> > >> > >> > ᐧ >> > >> > On Tue, May 17, 2022 at 9:36 AM Ed Horley <ed@hexabuild.io <mailto: >> ed@hexabuild.io>> wrote: >> > >> > Thanks, Brian, anything specific Nick, myself, and others can >> do around helping to document the problem space better? Maybe jump on a >> working call/session to chat through it? >> > >> > On Mon, May 16, 2022 at 10:47 PM Brian E Carpenter < >> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote: >> > >> > Ed, >> > >> > This is a topic where the WG basically failed some years >> ago, by being unable to reach a consensus around >> draft-ietf-v6ops-ula-usage-recommendations. I still think that is >> unfortunate, but at least we need >> to agree on the problem space and what needs to be fixed. Whether Nick's >> draft needs to be either adopted or published as an RFC isn't clear yet, >> but I think it's very important to document the problem space first. So I'd >> say we should encourage the draft & its author for a little longer, before >> deciding >> > about adoption. >> > >> > Regards >> > Brian >> > >> > On 17-May-22 07:01, Ed Horley wrote: >> > > I was curious what the process is for moving this >> to v6ops WG draft? I know several folks have requested this, sorry for my >> ignorance on the matter. I feel it wouldn't it make sense to get that done >> given that Brian and others are working on issues for RFC 6724 and there >> seems to be more discussion around the ULA topic in general. Thoughts? >> > > - Ed >> > > >> > > On Tue, May 10, 2022 at 9:01 AM Nick Buraglio < >> buraglio@es.net <mailto:buraglio@es.net> <mailto:buraglio@es.net <mailto: >> buraglio@es.net>>> wrote: >> > > >> > > I added some additional verbiage based on your >> suggestions and addressed the NIT. >> > > >> > > nb >> > > >> > > On Sun, May 8, 2022 at 6:23 PM Brian E Carpenter < >> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com> <mailto: >> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>>> wrote: >> > > >> > > Hi, >> > > >> > > Thanks for this draft. I have a few comments >> (and a tiny nit at >> > the end). >> > > >> > > > The core issue >> is the stated interpretation from gai.conf that has the following default: >> > > > >> > > > #scopev4 <mask> <value> >> > > > # Add another rule to the RFC 6724 scope >> table for IPv4 addresses. >> > > >> > > >> > > I'm not sure why this matters. RFC6724 is quite >> correct to indicate that >> > > most IPv4 unicast addresses formally have global >> scope, but auto-config >> > > and loopback addresses have link-local scope. >> IPv6 is pretty much the >> > > same, and in particular >> ULAs have *global scope* even though they are >> > > not globally reachable. >> RFC1918 addresses are identical to ULAs >> > in >> > > that respect. >> > > >> > > Citing RFC4291 and >> https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1 < >> https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1> < >> https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1 < >> https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1>> >> > > would clarify the difference between global >> scope (architectural) and >> > > globally reachable (practical). What we care >> about here is whether an >> > > address is globally reachable ("no" for both >> RFC1918 and ULA, although >> > > they are both architecturally global). >> Unfortunately this distinction is >> > > lacking in the description of gai.conf and, I >> suspect, in the code of >> > > Linux getaddrinfo(). >> > > >> > > >> > > What I think is lacking >> in the draft is an explanation of how >> > > getaddrinfo() works and >> why it matters. Here's a walkthrough that >> > > I hope will help clarify what I mean: >> > > >> > > Consider an end-user network with the following >> properties: >> > > >> > > It is dual stacked. >> > > It uses 10.1.0.0/16 <http://10.1.0.0/16> < >> https://streaklinks.com/BCrgR95yMi36cGo4vgrfW-nn/http%3A%2F%2F10.1.0.0%2F16 >> < >> https://streaklinks.com/BCrgR95yMi36cGo4vgrfW-nn/http%3A%2F%2F10.1.0.0%2F16>> >> (NATted to the Internet). >> > > It uses (or wants to use) fdee:face:fade::/48 >> for internal IPv6. >> > > It uses 2001:db8:fade::/48 for external IPv6 >> > > >> > > We'll neglect for now whether it has a subnet >> structure. It shouldn't >> > > matter. >> > > >> > > Consider a host user.mynet.example.com < >> http://user.mynet.example.com> <http://user.mynet.example.com < >> http://user.mynet.example.com>>, a local server printer.mynet.example.com >> <http://printer.mynet.example.com> <http://printer.mynet.example.com < >> http://printer.mynet.example.com>>, >> > > and a remote server www.theirnet.example.com < >> http://www.theirnet.example.com> <http://www.theirnet.example.com < >> http://www.theirnet.example.com>>. Assume they have these various >> > > addresses: >> > > >> > > user.mynet.example.com <http://user.mynet.example.com> < >> http://user.mynet.example.com <http://user.mynet.example.com>> has: >> > > >> > > 10.1.0.1 >> > > fdee:face:fade::1 >> > > 2001:db8:fade::1 >> > > >> > > printer.mynet.example.com < >> http://printer.mynet.example.com> <http://printer.mynet.example.com < >> http://printer.mynet.example.com>> has: >> > > >> > > 10.1.0.10 (A record in local DNS) >> > > fdee:face:fade::a >> (AAAA record in local DNS) >> > > >> > > www.theirnet.example.com < >> http://www.theirnet.example.com> <http://www.theirnet.example.com < >> http://www.theirnet.example.com>> has: >> > > >> > > 192.0.2.15 (A record in global DNS) >> > > 2001:db8:cafe::f (AAAA record in global DNS) >> > > >> > > What do we *want* to happen? >> > > >> > > If user opens a connection to printer, we want >> it to choose >> > > SA = fdee:face:fade::1 >> > > DA = fdee:face:fade::a >> > > >> > > If user opens a connection to www, we want it to >> choose >> > > SA = 2001:db8:fade::1 >> > > DA = 2001:db8:cafe::f >> > > >> > > Now, if user does a DNS >> lookup, via getaddrinfo(), the results >> > > will look like this (in >> the Python universe): >> > > >> > > For printer: >> > > >> > > (<AddressFamily.AF_INET: 2>, 0, 0, '', >> ('10.1.0.10', 0)) >> > > (<AddressFamily.AF_INET6: 23>, 0, 0, '', >> ('fdee:face:fade::a', 0, 0, 0)) >> > > >> > > For www: >> > > >> > > (<AddressFamily.AF_INET6: 23>, 0, 0, '', >> ('2001:db8:cafe::f', 0, 0, 0)) >> > > (<AddressFamily.AF_INET: 2>, 0, 0, '', >> ('192.0.2.15', 0)) >> > > >> > > At this point, consider >> what RFC6724 says: >> > > >> > > As a consequence, we intend that >> implementations >> > of APIs such as >> > > getaddrinfo() will use the destination >> address selection algorithm >> > > specified here to sort the list of IPv6 and >> IPv4 >> > addresses that they >> > > return. Separately, the IPv6 network layer >> > will use the source >> > > address selection algorithm when an >> application or upper layer has >> > > not specified a source address. >> > > >> > > Thus, to get the desired behaviour, what matters >> is destination >> > > address selection: if we select DA = >> fdee:face:fade::a, then the >> > > ULA source address will >> follow. >> > > >> > > Of course this is a small matter of programming, >> and most programmers >> > > just pick the first address. That's why we need >> the Section 10.6 >> > > mechanism of RFC6724, to insert an appropriate >> precedence like >> > > >> > > fdee:face:fade::/48 45 14 >> > > >> > > which will prioritize local use of ULAs but will >> change nothing >> > > for off-site access. >> > > >> > > At that point in my thinking, I started coding >> the program that >> > > I posted yesterday. >> > > >> > > Nit: >> > > >> > > s/gai.cnf/gai.conf/ >> > > >> > > Regards >> > > Brian >> > > >> > > _______________________________________________ >> > > v6ops mailing list >> > > v6ops@ietf.org <mailto:v6ops@ietf.org> <mailto: >> v6ops@ietf.org <mailto:v6ops@ietf.org>> >> > > https://www.ietf.org/mailman/listinfo/v6ops < >> https://www.ietf.org/mailman/listinfo/v6ops> < >> https://www.ietf.org/mailman/listinfo/v6ops < >> https://www.ietf.org/mailman/listinfo/v6ops>> >> > > >> > > ᐧ >> > > _______________________________________________ >> > > v6ops mailing list >> > > v6ops@ietf.org <mailto:v6ops@ietf.org> <mailto: >> v6ops@ietf.org <mailto:v6ops@ietf.org>> >> > > https://www.ietf.org/mailman/listinfo/v6ops < >> https://www.ietf.org/mailman/listinfo/v6ops> < >> https://www.ietf.org/mailman/listinfo/v6ops < >> https://www.ietf.org/mailman/listinfo/v6ops>> >> > > >> > > >> > > >> > > -- >> > > Ed Horley >> > > ed@hexabuild.io <mailto:ed@hexabuild.io> <mailto: >> ed@hexabuild.io <mailto:ed@hexabuild.io>>| (925) 876-6604 >> > > Advancing Cloud, IoT, and Security with IPv6 >> > > https://hexabuild.io <https://hexabuild.io> < >> https://hexabuild.io/ <https://hexabuild.io/>> >> > > And check out the IPv6 Buzz Podcast at >> https://packetpushers.net/series/ipv6-buzz/ < >> https://packetpushers.net/series/ipv6-buzz/> < >> https://packetpushers.net/series/ipv6-buzz/ < >> https://packetpushers.net/series/ipv6-buzz/>> >> > >> > >> > >> > -- >> > Ed Horley >> > ed@hexabuild.io <mailto:ed@hexabuild.io>| (925) 876-6604 >> > Advancing Cloud, IoT, and Security with IPv6 >> > https://hexabuild.io <https://hexabuild.io/> >> > And check out the IPv6 Buzz Podcast at >> https://packetpushers.net/series/ipv6-buzz/ < >> https://packetpushers.net/series/ipv6-buzz/> >> > >> >>
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… otroan
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Ed Horley
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Fred Baker
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Ed Horley
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… David Farmer