Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-historic-10.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 09 January 2015 22:04 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BB291A034F for <v6ops@ietfa.amsl.com>; Fri, 9 Jan 2015 14:04:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZjTGjSitrYP for <v6ops@ietfa.amsl.com>; Fri, 9 Jan 2015 14:04:10 -0800 (PST)
Received: from mail-pd0-x229.google.com (mail-pd0-x229.google.com [IPv6:2607:f8b0:400e:c02::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A0CA1A0018 for <v6ops@ietf.org>; Fri, 9 Jan 2015 14:04:10 -0800 (PST)
Received: by mail-pd0-f169.google.com with SMTP id z10so19737265pdj.0 for <v6ops@ietf.org>; Fri, 09 Jan 2015 14:04:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=uNArNzWXD/BkwTEvD2rwpKOtlPk7D0wavNsyGatqI6E=; b=l8OkjkYYqGIvR9z+sa0lmSPSb4gHEjY05XtS7EF5Xhcirp4hK0iS6FfJGNAODqVT/+ KxTATvrqiAwX/vczuM8flmTf7UCX3VZAUWD+3f1usg7LM+FIJmDuTsDCyv5W9ydt8zHI N/XAMX9I4mjLO500jhmlLoZeWBCU8t38Rzj/661Q3DQpc2ArERQS74VbVY/wpd8qIJMw LzYghy1h0GnmprBGHUJxWHhae1QBkg0Zu1S82W2qTZ+iaiGrO8gKnyXGLly14ZqUo5FX Szxt0DkRfD20PHMCbYEzHo9Z0MGtU3VO4hrvSfR9IGSEPHUgzcShrMPvtMQHdHjuIuLJ fAnw==
X-Received: by 10.70.35.7 with SMTP id d7mr26469611pdj.41.1420841049635; Fri, 09 Jan 2015 14:04:09 -0800 (PST)
Received: from ?IPv6:2406:e007:5167:1:28cc:dc4c:9703:6781? ([2406:e007:5167:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id bk8sm8067719pad.28.2015.01.09.14.04.06 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Jan 2015 14:04:08 -0800 (PST)
Message-ID: <54B05072.8020805@gmail.com>
Date: Sat, 10 Jan 2015 11:04:34 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: David Farmer <farmer@umn.edu>, v6ops@ietf.org
References: <20150104190416.29186.39009.idtracker@ietfa.amsl.com> <54A99025.4040506@gmail.com> <54B04BC8.1020902@umn.edu>
In-Reply-To: <54B04BC8.1020902@umn.edu>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/7Ues85RDleb8e3kgw1KzMbhPdQE>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-historic-10.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 22:04:14 -0000
Hi, Since we are already post-WG Last Call, the authors will wait for direction from the WG Chairs before making any further changes. Regards Brian On 10/01/2015 10:44, David Farmer wrote: > On 1/4/15, 13:10 , Brian E Carpenter wrote: >> This version is intended to respond to Keith Moore's comments before >> the holidays, with a number of clarifications and simplifications. >> There is not intended to be any change to the actual recommendations. > > I think the new draft is an improvement, I did a detailed review and have a list of several items for you to consider; > > 1. In section 3, the second sentence of the first paragraph and the first sentence of the second paragraph seem to say virtually > the same thing. > > I suggest leaving the first paragraph as-is, deleting the first sentence of the second paragraph, and slightly rewriting the > remainder of the second paragraph, maybe as follows; > > In the forward direction a 6to4 node will send native IPv6 traffic > to a 6to4 relay router, that is connected both to the 6to4 cloud and > to native IPv6. In the reverse direction a 2002::/16 route is > injected into the native IPv6 routing domain to attract traffic from > native IPv6 nodes to a 6to4 relay router. It is expected that > traffic will use different relays in the forward and reverse > direction. > > 2. The last paragraph of section 3 says; > > Peer-to-peer usage of the 6to4 mechanism, not depending on the > anycast mechanism, might exist in the Internet, largely unknown to > operators. This is harmless to third parties and the current > document is not intended to prevent such traffic continuing. > > This could be taken by some to imply that the document intends to prevent anycast 6to4 traffic from continuing, more than simply > deprecating anycast 6to4, I'd suggest rewriting the paragraph, maybe as follows; > > Peer-to-peer usage of the 6to4 mechanism exists in the Internet, > likely unknown to many operators. This usage is harmless to third > parties and is not dependent on the anycast 6to4 mechanism that this > document deprecates. > > 3. In section 4, first paragraph, I believe anycast 6to4 needs to be default disabled in any new 6to4 implementation. Maybe add > the following to the paragraph; > > However, if included in any new implementations, the anycast 6to4 > mechanism MUST NOT be enabled by default. > > 4. Section 4, fourth paragraph, is confusing me. It says; > > Implementations capable of acting as 6to4 routers MUST NOT enable > 6to4 without explicit user configuration. In particular, enabling > IPv6 forwarding on a device MUST NOT automatically enable 6to4. > > As written the first sentences seems to be repeating the last sentence of third paragraph, just above it. I think maybe it was > meant to say; > > Implementations capable of acting as IPv6 routers MUST NOT enable... > > 5. In previous discussions of the text in section 4, sixth paragraph, the issue of uRPF came up. I think something about uRPF, > BCP38, and BCP84 should get added to this paragraph. Maybe something like this; > > This includes ensuring that traffic from a local 6to4 return relay > with a source address of 192.88.99.1 is allowed through > Anti-spoofing filters such as those described in [BCP38] and [BCP84] > or through Unicast Reverse-Path-Forwarding (uRPF) checks. > > 6. On the more general question of filtering and the intended affect of deprecation, I would like to see the issue more strongly > addressed with something like the following added; > > This deprecation does not constitute a recommendation for the > generalized filtering of traffic or routes for 6to4 or even anycast > 6to4. Both the basic 6to4 and anycast 6to4 mechanisms remain valid > traffic to be carried on the Internet. In general terms this > document simply recommends against further deployment of the anycast > 6to4 mechanism, calls for current 6to4 deployments to evaluate the > efficacy of continued use of the anycast 6to4 mechanism, and makes > recommendations intended to prevent any use of 6to4 from hampering > broader deployment and use of native IPv6 on the Internet as a > whole. > > 7. We should have recommendations applicable to operators of the hosts, something like the following; > > All hosts using 6to4 SHOULD support the IPv6 address selection > policy described in [RFC6724] or be manually configured with an > address selection policy preferring IPv4 over a 6to4 source > address. Further, 6to4 hosts SHOULD support "Happy Eyeballs" > [RFC6555] or use a browser supporting "Happy Eyeballs". Any hosts > not meeting these requirements SHOULD NOT use, or continue to use, > the deprecated anycast 6to4 mechanism. > > 9. On a higher level, section 4 seem to be a bit of a hodgepodge of issues and ideas; I'm thinking split out the > recommendations into a separate section. Maybe even split the recommendations into separate operational and implementation > sections or sub-sections if you prefer. > > Taking this into account, including the issues for section 4 from above and taking editorial license to rearrange and rewrite a > few things, I suggest something like the following; > > --- > > 4. Deprecation > > This document formally deprecates the anycast 6to4 transition > mechanism defined in [RFC3068] and the associated anycast IPv4 > address 192.88.99.1. It is no longer considered to be a useful > service of last resort. > > The prefix 192.88.99.0/24 MUST NOT be reassigned for other use except > by a future IETF standards action. > > The guidelines in Section 4 of [RFC6343] remain valid for those who > choose to continue operating Anycast 6to4 despite its deprecation. > However, 6to4 Provider Managed Tunnels [RFC6732] will no longer be > necessary, so they are also deprecated by this document. > > The basic unicast 6to4 mechanism defined in [RFC3056] and the > associated 6to4 IPv6 prefix 2002::/16 are not deprecated. The > default address selection rules specified in [RFC6724] are not > modified. > > This deprecation does not constitute a recommendation for the > generalized filtering of traffic or routes for 6to4 or even anycast > 6to4. Both the basic 6to4 and anycast 6to4 mechanisms remain valid > traffic to be carried on the Internet. In general terms this > document simply recommends against further deployment of the anycast > 6to4 mechanism, calls for current 6to4 deployments to evaluate the > efficacy of continued use of the anycast 6to4 mechanism, and makes > recommendations intended to prevent the use of 6to4 from hampering > broader deployment and use of native IPv6 on the Internet as a > whole. > > Incidental references to 6to4 should be reviewed and possibly removed > from other IETF documents if and when they are updated. These > documents include RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, > RFC4389, RFC4779, RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, > RFC5375, RFC5971, RFC6071 and RFC6890. > > 5. Implementation Recommendations > > Implementations MUST NOT enable the basic unicast 6to4 mechanism > defined in [RFC3056] without explicit user configuration. Further, > it is NOT RECOMMENDED to include the anycast 6to4 mechanism defined > in [RFC3068] in any new implementations. However, if included in > any new implementations, the anycast 6to4 mechanism MUST NOT be > enabled by default. > > All implementations that include 6to4 SHOULD also include "Happy > Eyeballs" [RFC6555] and the default address selection rules > specified in [RFC6724]. > > Implementations capable of acting as IPv6 routers MUST NOT enable > 6to4 without explicit user configuration. In particular, enabling > IPv6 forwarding on any device MUST NOT automatically enable 6to4. > > 6. Operational Recommendations > > All hosts using 6to4 SHOULD support the default address selection > rules specified in [RFC6724] or be manually configured with an > address selection rule preferring IPv4 over a 6to4 source > address. Further, 6to4 hosts SHOULD support "Happy Eyeballs" > [RFC6555] or use a browser supporting "Happy Eyeballs". Any hosts > not meeting these requirements SHOULD NOT use, or continue to use, > the deprecated anycast 6to4 mechanism. > > Current operators of an anycast 6to4 relay with the IPv4 address > 192.88.99.1 SHOULD review the information in [RFC6343] and the > present document, and then consider carefully whether the anycast > relay can be discontinued as traffic diminishes. Internet service > providers that do not operate an anycast relay but do provide their > customers with a route to 192.88.99.1 SHOULD verify that it does in > fact lead to an operational anycast relay, as discussed in > Section 4.2.1 of [RFC6343]. Furthermore, Internet service providers > and other network providers MUST NOT originate a route to > 192.88.99.1, unless they actively operate and monitor an anycast 6to4 > relay service as detailed in Section 4.2.1 of [RFC6343]. > > Operators of a 6to4 return relay responding to the IPv6 prefix > 2002::/16 SHOULD review the information in [RFC6343] and the present > document, and then consider carefully whether the return relay can be > discontinued as traffic diminishes. To avoid confusion, note that > nothing in the design of 6to4 assumes or requires that return packets > are handled by the same relay as outbound packets. As discussed in > Section 4.5 of RFC 6343, content providers might choose to continue > operating a return relay for the benefit of their own residual 6to4 > clients. Internet service providers SHOULD announce the IPv6 prefix > 2002::/16 to their own customers if and only if it leads to a > correctly operating return relay as described in RFC 6343. IPv6-only > service providers, including those operating a NAT64 service > [RFC6146], are advised that their own customers need a route to such > a relay in case a residual 6to4 user served by a different service > provider attempts to communicate with them. > > Networks SHOULD NOT filter out packets whose source address is > 192.88.99.1, because this is normal 6to4 traffic from a 6to4 return > relay somewhere in the Internet. This includes ensuring that traffic > from a local 6to4 return relay with a source address of 192.88.99.1 > is allowed through Anti-spoofing filters such as those described in > [BCP38] and [BCP84] or through Unicast Reverse-Path-Forwarding > (uRPF) checks. > > Thanks >
- [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-hist… internet-drafts
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Dale W. Carder
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… James Woodyatt
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… George Michaelson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Olaf.Bonness
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Tim Chown
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… James Woodyatt
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Keith Moore
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Mark Andrews
- [v6ops] source address selection [was I-D Action:… Brian E Carpenter
- Re: [v6ops] source address selection [was I-D Act… Mark Andrews
- Re: [v6ops] source address selection [was I-D Act… Keith Moore
- [v6ops] Src/Dst address selection (was: Re: I-D A… Fernando Gont
- Re: [v6ops] Src/Dst address selection (was: Re: I… Keith Moore
- Re: [v6ops] Src/Dst address selection (was: Re: I… Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Randy Bush
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-… Fred Baker (fred)