Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Sat, 13 February 2021 05:20 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9253A0DD4; Fri, 12 Feb 2021 21:20:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QxKOi2J1DPiQ; Fri, 12 Feb 2021 21:20:03 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B50993A0DD2; Fri, 12 Feb 2021 21:20:03 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:1c77:acfc:e6a8:1311] (unknown [IPv6:2800:810:464:2b9:1c77:acfc:e6a8:1311]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 1D084283E23; Sat, 13 Feb 2021 05:20:00 +0000 (UTC)
To: Michael Richardson <mcr+ietf@sandelman.ca>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <F4E00812-E366-4520-AE17-7BB46E28D575@gmail.com> <b2e51a89-e8a7-9ddb-643d-63a98569b03c@si6networks.com> <CB9EA5F4-A241-46A4-A371-B2A1BFB8C72F@fugue.com> <dff93a2e-f4f8-01c9-ce88-c2dbb20a04f1@si6networks.com> <759637FF-77C7-41EA-8671-73988AD48873@fugue.com> <9877D352-E9BB-453B-A676-D2B5C546C1C2@gmail.com> <11035C3E-BA75-4B9D-A047-B2AA1DE23BEA@fugue.com> <b3f1c53f-c22d-c9fb-6094-9a15d79fcd43@si6networks.com> <b9972eb4-b4db-e82d-12ec-1cfcc75a9e45@gmail.com> <6488.1613188541@localhost>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <684feac2-b5da-7fac-cdc2-b91ecc063b5b@si6networks.com>
Date: Sat, 13 Feb 2021 02:19:36 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <6488.1613188541@localhost>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/29uiTnRvw0VGo8IO-hoxdtK5bjU>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2021 05:20:07 -0000

On 13/2/21 00:55, Michael Richardson wrote:
> 
> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>      > ULAs SHOULD be treated exactly like GUAs for all practical purposes
>      > (including using a default router for them), with the exception that
>      > they MUST be filtered by border routers at a domain boundary that is
>      > defined administratively. The only extra requirement is that ULA
>      > prefixes MUST be unique within that domain boundary. That's all, I
>      > think.
> 
> But, that's pretty much always just BCP38, right?

Not really. BCP38 means that you don't allow packets to enter your 
network if they are employing the address space of your network (i.e., 
traffic that could only originate from your network). And you only allow 
packets out of your network if they are sourced from your own address space.

In the case of ULAs,  you'd probably want to drop incoming/outgoing 
packets that employ ULAs at e.g. your CPE router -- regardless of 
whether they employ your own ULA prefix or not (I consider my home 
network to be a different domain than, say, my ISP network). But that's 
certainly not BCP38.

OTOH, my ISP seems to employ ULAs in their infrastructure... so 
filtering ULAs at my CPE router would "break" traceroute.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492