IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt

Vasilenko Eduard <vasilenko.eduard@huawei.com> Wed, 16 November 2022 16:12 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4001C14CEE7 for <v6ops@ietfa.amsl.com>; Wed, 16 Nov 2022 08:12:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.186
X-Spam-Level:
X-Spam-Status: No, score=-4.186 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqVhSxK37ez5 for <v6ops@ietfa.amsl.com>; Wed, 16 Nov 2022 08:12:48 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E590C1522AC for <v6ops@ietf.org>; Wed, 16 Nov 2022 08:12:31 -0800 (PST)
Received: from fraeml735-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4NC7L33P8bz6HJQD for <v6ops@ietf.org>; Thu, 17 Nov 2022 00:10:03 +0800 (CST)
Received: from mscpeml500002.china.huawei.com (7.188.26.138) by fraeml735-chm.china.huawei.com (10.206.15.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 16 Nov 2022 17:12:27 +0100
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml500002.china.huawei.com (7.188.26.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 16 Nov 2022 19:12:26 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.031; Wed, 16 Nov 2022 19:12:26 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Ole Troan <otroan=40employees.org@dmarc.ietf.org>, Jen Linkova <furry13@gmail.com>
CC: V6 Ops List <v6ops@ietf.org>
Thread-Topic: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
Thread-Index: AQHY82doJXH+mNcnv0GTzt+pTIp8Nq40wjyAgAAEyYCAAAgHgIAACCuAgACIxfCADGBWwA==
Date: Wed, 16 Nov 2022 16:12:26 +0000
Message-ID: <7b6ec6de0a3a4b3ead1e58cf87d5170f@huawei.com>
References: <CAFU7BASaPft9hio6ux7G_UYDgsFtkCFakf98P5HVKY62rorA_Q@mail.gmail.com> <37F02B2A-225D-44C5-9FF1-7ED68B67B460@employees.org>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.48.151.81]
Content-Type: multipart/alternative; boundary="_000_7b6ec6de0a3a4b3ead1e58cf87d5170fhuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/8DVxRCwvLf9yODgEqjxAdsKhCb8>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2022 16:12:52 -0000

How is it possible to argue against DHCP?



Of course, it is possible to reinvent the wheel,

And develop special patch for the particular problem (better the limit to be dynamic).



DHCP has 144 options: https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml.

Well, many represent some corner cases,

But a few dozen for sure would be needed in the Enterprise environment.

Patching all of them at SLAAC would take decades.

Just look at the list for those that are blocked:
DHCP for Prefix Delegation

DHCP Unique Identifier for log

(Server) Preference Option

Authentication Option

User Class Option

Vendor Class Option

Vendor-specific Information Option

Identity Association for Prefix Delegation Option

INTERFACE_ID

IP_SERVER

NIS_SERVERS

NIS_DOMAIN_NAME

REMOTE_ID

SUBSCRIBER_ID

CLIENT_FQDN

NEW_POSIX_TIMEZONE

CAPWAP_AC_V6

RELAY_ID

NTP_SERVER

V6_ACCESS_DOMAIN

BOOTFILE_URL

BOOTFILE_PARAM

CLIENT_ARCH_TYPE

GEOLOCATION

AFTR_NAME

RADIUS

V6_PCP_SERVER

Access-Network-Identifier Option

V6_PREFIX64

DNS_HOST_NAME

DNS_ZONE_NAME

Failover Protocol

Secure Zero Touch Provisioning

Link-Layer Address Assignment Mechanism for DHCPv6

MAC assignment

DDoS Open Threat Signaling (DOTS) Agent Discovery

Discovery of Network-designated Resolvers (DNR)




It is a good assurance for no-go in the Enterprise environment.

Eduard

-----Original Message-----
From: Vasilenko Eduard
Sent: Tuesday, November 8, 2022 9:55 PM
To: 'Ole Troan' <otroan=40employees.org@dmarc.ietf.org>; Jen Linkova <furry13@gmail.com>
Cc: V6 Ops List <v6ops@ietf.org>
Subject: RE: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt



+1

In the DHCP environment - it would not happen automatically, the DHCP would not permit stretching the limit.

Ed/

-----Original Message-----

From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Ole Troan

Sent: Tuesday, November 8, 2022 4:44 PM

To: Jen Linkova <furry13@gmail.com<mailto:furry13@gmail.com>>

Cc: V6 Ops List <v6ops@ietf.org<mailto:v6ops@ietf.org>>

Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt







> On 8 Nov 2022, at 14:15, Jen Linkova <furry13@gmail.com<mailto:furry13@gmail.com>> wrote:

>

> On Tue, Nov 8, 2022 at 11:46 PM Ole Troan <otroan@employees.org<mailto:otroan@employees.org>> wrote:

>>> It is not about address assignment mechanisms. You'd hit the same

>>> issue if you configure addresses statically.

>>

>>

>> You are pointing out fundamental issues with SLAAC.

>

> Wait. Before we burn any more energy, let me repeat what you've just

> said to make sure we are on the same page.

>

> You are saying that an issue which manifests itself even if I

> configure addresses manually, is a fundamental problem with SLAAC?

> Would you be able to elaborate on that statement a bit (if I

> understood correctly, indeed - my apologies if I didn't).



The fundamental issue with SLAAC, is the expectation in the protocol design that a host can configure as many addresses as it likes, with no limits applied by the network.



Manual configuration is not relevant here. In many networks manual configuration is prohibited by the network. Configuring more addresses than permitted is then a misconfiguration. Don’t do that.



Creating a decree for the minimum number of addresses per host is increasing the cost for everyone. Doesn’t solve the exhaustion and control issues.



An IPV6 TCAM entry is 4x as large as an IPv4 one. With 20 addresses per host, wouldn’t IPv6 consume 80x-ish the resources compared to IPv4?



O.



>> There is no negotiation with the network nor any signal available (apart from DAD) to tell the host that it has exhausted the number of addresses available.

>> This is better in DHCP.

>>

>> Also host implementations do not have a way to relinquish addresses, so resource management becomes unnecessarily complicated on the network side.

>

> It's not a ND-specific issue, and I'd expect LRU (or any other

> reasonable algorithm for cache entries replacement would help.



>> You can keep increasing limits on the state tables, but since this is

>> easily attackable (there are also software bugs where stacks

>> unwittingly gone wild in assigning addresses to themselves)

>

> I have a lot of BGP sessions on which max-prefix-limit is configured.

> In the past 15 years I had to increase those limits many times. I do

> not think the argument of "let's keep the same limit we hardcoded 20

> years ago, because keep increasing it impractical, and sometime people

> do leak full view to peers" would fly.

>

>> it is like peeing in your pants to keep warm.

>

> I'd refrain from comments on the applicability of this analogy ;)

>

> --

> SY, Jen Linkova aka Furry



_______________________________________________

v6ops mailing list

v6ops@ietf.org<mailto:v6ops@ietf.org>

https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email