Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-historic-10.txt
David Farmer <farmer@umn.edu> Fri, 09 January 2015 21:44 UTC
Return-Path: <farmer@umn.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132DC1A01FA for <v6ops@ietfa.amsl.com>; Fri, 9 Jan 2015 13:44:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SbybY2YOfava for <v6ops@ietfa.amsl.com>; Fri, 9 Jan 2015 13:44:50 -0800 (PST)
Received: from vs-m.tc.umn.edu (vs-m.tc.umn.edu [134.84.119.120]) by ietfa.amsl.com (Postfix) with ESMTP id C4EB21A044D for <v6ops@ietf.org>; Fri, 9 Jan 2015 13:44:49 -0800 (PST)
Received: from mail-ie0-f179.google.com (mail-ie0-f179.google.com [209.85.223.179]) by vs-m.tc.umn.edu (UMN smtpd) with ESMTP for <v6ops@ietf.org>; Fri, 9 Jan 2015 15:44:46 -0600 (CST)
X-Umn-Remote-Mta: [N] mail-ie0-f179.google.com [209.85.223.179] #+LO+TS+TR
X-Umn-Classification: local
Received: by mail-ie0-f179.google.com with SMTP id rp18so17291596iec.10 for <v6ops@ietf.org>; Fri, 09 Jan 2015 13:44:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=message-id:date:from:reply-to:organization:user-agent:mime-version :to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=KFdQRC0rfbF0Ulg89JBpSIN2pxvNnMZsH3aREE0o3og=; b=ZyHErSybCBNEOw1oZtK49FMcsd6yFSjM1SCTa9uCaZmAC0wcVM05N7/8Ux0ejUFvIv vjhwsXhahMKQz2uWwe894lEHamlBO/Y4niTQ/3DSRLvG4HEFOTrVxGBy+Ub67ERVibxa oYLOvOxnZn8Xx9uxiLlOy3a4Rt88IhEJyZ8Ac=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:reply-to:organization :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=KFdQRC0rfbF0Ulg89JBpSIN2pxvNnMZsH3aREE0o3og=; b=M1suQ8QfmPoAgIqwE4Mfb2vM+CEMMKWdicuEhb8BE0OtfYWQnP5IqaoIw2+Nz+tWAm sFFhd0iHE+E60QVytoAGWBNn2QmpqXPufnNDebNRwOXNx+f5UeFPmKgKZrBJw8rvRpxz W4Q6Tf7WDlpcJOcVp4IiosZEP3l0AdR29zh3GZAMwVWITHaN2ryOzVwLeciWqycxArNd 7qlYAok02oHdmkeGRvP/KPgBAmD23Lh5BovstH4yXRRerJClF2YwjTzy6lkdyq3aG37a /rJqkWLuTrobFhmxcGj2fWK2wxnLlRTnDRfysGqUTy9tH4E7unGe3rdaOQlvZR+XscIx nq6Q==
X-Gm-Message-State: ALoCoQkfmj/KXVDVt4hTvngZV1Cp4WUa9cyOvdMT+s1ACP22e/dnNARdgK3CvCW76JeSoe6XTulma9wBcs1KNbvF6nkgwxWTdEnj28Lo544ObJWOL6HZ+FZlk6Oh0kPFvB3Kgm/aWMGH
X-Received: by 10.42.25.12 with SMTP id y12mr14739182icb.74.1420839885976; Fri, 09 Jan 2015 13:44:45 -0800 (PST)
X-Received: by 10.42.25.12 with SMTP id y12mr14739168icb.74.1420839885787; Fri, 09 Jan 2015 13:44:45 -0800 (PST)
Received: from x-134-84-51-156.uofm-secure.wireless.umn.edu ([2607:ea00:104:2000:38be:79a0:c0b9:3c58]) by mx.google.com with ESMTPSA id hi15sm34201igb.19.2015.01.09.13.44.43 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Jan 2015 13:44:44 -0800 (PST)
Message-ID: <54B04BC8.1020902@umn.edu>
Date: Fri, 09 Jan 2015 15:44:40 -0600
From: David Farmer <farmer@umn.edu>
Organization: University of Minnesota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, v6ops@ietf.org
References: <20150104190416.29186.39009.idtracker@ietfa.amsl.com> <54A99025.4040506@gmail.com>
In-Reply-To: <54A99025.4040506@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/5ZD-Cr-gC3pQFzM0GfahGY-LUGo>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-historic-10.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Farmer <farmer@umn.edu>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 21:44:53 -0000
On 1/4/15, 13:10 , Brian E Carpenter wrote: > This version is intended to respond to Keith Moore's comments before > the holidays, with a number of clarifications and simplifications. > There is not intended to be any change to the actual recommendations. I think the new draft is an improvement, I did a detailed review and have a list of several items for you to consider; 1. In section 3, the second sentence of the first paragraph and the first sentence of the second paragraph seem to say virtually the same thing. I suggest leaving the first paragraph as-is, deleting the first sentence of the second paragraph, and slightly rewriting the remainder of the second paragraph, maybe as follows; In the forward direction a 6to4 node will send native IPv6 traffic to a 6to4 relay router, that is connected both to the 6to4 cloud and to native IPv6. In the reverse direction a 2002::/16 route is injected into the native IPv6 routing domain to attract traffic from native IPv6 nodes to a 6to4 relay router. It is expected that traffic will use different relays in the forward and reverse direction. 2. The last paragraph of section 3 says; Peer-to-peer usage of the 6to4 mechanism, not depending on the anycast mechanism, might exist in the Internet, largely unknown to operators. This is harmless to third parties and the current document is not intended to prevent such traffic continuing. This could be taken by some to imply that the document intends to prevent anycast 6to4 traffic from continuing, more than simply deprecating anycast 6to4, I'd suggest rewriting the paragraph, maybe as follows; Peer-to-peer usage of the 6to4 mechanism exists in the Internet, likely unknown to many operators. This usage is harmless to third parties and is not dependent on the anycast 6to4 mechanism that this document deprecates. 3. In section 4, first paragraph, I believe anycast 6to4 needs to be default disabled in any new 6to4 implementation. Maybe add the following to the paragraph; However, if included in any new implementations, the anycast 6to4 mechanism MUST NOT be enabled by default. 4. Section 4, fourth paragraph, is confusing me. It says; Implementations capable of acting as 6to4 routers MUST NOT enable 6to4 without explicit user configuration. In particular, enabling IPv6 forwarding on a device MUST NOT automatically enable 6to4. As written the first sentences seems to be repeating the last sentence of third paragraph, just above it. I think maybe it was meant to say; Implementations capable of acting as IPv6 routers MUST NOT enable... 5. In previous discussions of the text in section 4, sixth paragraph, the issue of uRPF came up. I think something about uRPF, BCP38, and BCP84 should get added to this paragraph. Maybe something like this; This includes ensuring that traffic from a local 6to4 return relay with a source address of 192.88.99.1 is allowed through Anti-spoofing filters such as those described in [BCP38] and [BCP84] or through Unicast Reverse-Path-Forwarding (uRPF) checks. 6. On the more general question of filtering and the intended affect of deprecation, I would like to see the issue more strongly addressed with something like the following added; This deprecation does not constitute a recommendation for the generalized filtering of traffic or routes for 6to4 or even anycast 6to4. Both the basic 6to4 and anycast 6to4 mechanisms remain valid traffic to be carried on the Internet. In general terms this document simply recommends against further deployment of the anycast 6to4 mechanism, calls for current 6to4 deployments to evaluate the efficacy of continued use of the anycast 6to4 mechanism, and makes recommendations intended to prevent any use of 6to4 from hampering broader deployment and use of native IPv6 on the Internet as a whole. 7. We should have recommendations applicable to operators of the hosts, something like the following; All hosts using 6to4 SHOULD support the IPv6 address selection policy described in [RFC6724] or be manually configured with an address selection policy preferring IPv4 over a 6to4 source address. Further, 6to4 hosts SHOULD support "Happy Eyeballs" [RFC6555] or use a browser supporting "Happy Eyeballs". Any hosts not meeting these requirements SHOULD NOT use, or continue to use, the deprecated anycast 6to4 mechanism. 9. On a higher level, section 4 seem to be a bit of a hodgepodge of issues and ideas; I'm thinking split out the recommendations into a separate section. Maybe even split the recommendations into separate operational and implementation sections or sub-sections if you prefer. Taking this into account, including the issues for section 4 from above and taking editorial license to rearrange and rewrite a few things, I suggest something like the following; --- 4. Deprecation This document formally deprecates the anycast 6to4 transition mechanism defined in [RFC3068] and the associated anycast IPv4 address 192.88.99.1. It is no longer considered to be a useful service of last resort. The prefix 192.88.99.0/24 MUST NOT be reassigned for other use except by a future IETF standards action. The guidelines in Section 4 of [RFC6343] remain valid for those who choose to continue operating Anycast 6to4 despite its deprecation. However, 6to4 Provider Managed Tunnels [RFC6732] will no longer be necessary, so they are also deprecated by this document. The basic unicast 6to4 mechanism defined in [RFC3056] and the associated 6to4 IPv6 prefix 2002::/16 are not deprecated. The default address selection rules specified in [RFC6724] are not modified. This deprecation does not constitute a recommendation for the generalized filtering of traffic or routes for 6to4 or even anycast 6to4. Both the basic 6to4 and anycast 6to4 mechanisms remain valid traffic to be carried on the Internet. In general terms this document simply recommends against further deployment of the anycast 6to4 mechanism, calls for current 6to4 deployments to evaluate the efficacy of continued use of the anycast 6to4 mechanism, and makes recommendations intended to prevent the use of 6to4 from hampering broader deployment and use of native IPv6 on the Internet as a whole. Incidental references to 6to4 should be reviewed and possibly removed from other IETF documents if and when they are updated. These documents include RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, RFC4389, RFC4779, RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, RFC5375, RFC5971, RFC6071 and RFC6890. 5. Implementation Recommendations Implementations MUST NOT enable the basic unicast 6to4 mechanism defined in [RFC3056] without explicit user configuration. Further, it is NOT RECOMMENDED to include the anycast 6to4 mechanism defined in [RFC3068] in any new implementations. However, if included in any new implementations, the anycast 6to4 mechanism MUST NOT be enabled by default. All implementations that include 6to4 SHOULD also include "Happy Eyeballs" [RFC6555] and the default address selection rules specified in [RFC6724]. Implementations capable of acting as IPv6 routers MUST NOT enable 6to4 without explicit user configuration. In particular, enabling IPv6 forwarding on any device MUST NOT automatically enable 6to4. 6. Operational Recommendations All hosts using 6to4 SHOULD support the default address selection rules specified in [RFC6724] or be manually configured with an address selection rule preferring IPv4 over a 6to4 source address. Further, 6to4 hosts SHOULD support "Happy Eyeballs" [RFC6555] or use a browser supporting "Happy Eyeballs". Any hosts not meeting these requirements SHOULD NOT use, or continue to use, the deprecated anycast 6to4 mechanism. Current operators of an anycast 6to4 relay with the IPv4 address 192.88.99.1 SHOULD review the information in [RFC6343] and the present document, and then consider carefully whether the anycast relay can be discontinued as traffic diminishes. Internet service providers that do not operate an anycast relay but do provide their customers with a route to 192.88.99.1 SHOULD verify that it does in fact lead to an operational anycast relay, as discussed in Section 4.2.1 of [RFC6343]. Furthermore, Internet service providers and other network providers MUST NOT originate a route to 192.88.99.1, unless they actively operate and monitor an anycast 6to4 relay service as detailed in Section 4.2.1 of [RFC6343]. Operators of a 6to4 return relay responding to the IPv6 prefix 2002::/16 SHOULD review the information in [RFC6343] and the present document, and then consider carefully whether the return relay can be discontinued as traffic diminishes. To avoid confusion, note that nothing in the design of 6to4 assumes or requires that return packets are handled by the same relay as outbound packets. As discussed in Section 4.5 of RFC 6343, content providers might choose to continue operating a return relay for the benefit of their own residual 6to4 clients. Internet service providers SHOULD announce the IPv6 prefix 2002::/16 to their own customers if and only if it leads to a correctly operating return relay as described in RFC 6343. IPv6-only service providers, including those operating a NAT64 service [RFC6146], are advised that their own customers need a route to such a relay in case a residual 6to4 user served by a different service provider attempts to communicate with them. Networks SHOULD NOT filter out packets whose source address is 192.88.99.1, because this is normal 6to4 traffic from a 6to4 return relay somewhere in the Internet. This includes ensuring that traffic from a local 6to4 return relay with a source address of 192.88.99.1 is allowed through Anti-spoofing filters such as those described in [BCP38] and [BCP84] or through Unicast Reverse-Path-Forwarding (uRPF) checks. Thanks -- ================================================ David Farmer Email: farmer@umn.edu Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 1-612-626-0815 Minneapolis, MN 55414-3029 Cell: 1-612-812-9952 ================================================
- [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-hist… internet-drafts
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Dale W. Carder
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… James Woodyatt
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… George Michaelson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Olaf.Bonness
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Tim Chown
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… James Woodyatt
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Keith Moore
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Mark Andrews
- [v6ops] source address selection [was I-D Action:… Brian E Carpenter
- Re: [v6ops] source address selection [was I-D Act… Mark Andrews
- Re: [v6ops] source address selection [was I-D Act… Keith Moore
- [v6ops] Src/Dst address selection (was: Re: I-D A… Fernando Gont
- Re: [v6ops] Src/Dst address selection (was: Re: I… Keith Moore
- Re: [v6ops] Src/Dst address selection (was: Re: I… Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Randy Bush
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Fred Baker (fred)