[v6ops] Re: Dynamic addresses

Daryll Swer <contact@daryllswer.com> Sat, 10 August 2024 15:14 UTC

Return-Path: <contact@daryllswer.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A783FC14F6FC for <v6ops@ietfa.amsl.com>; Sat, 10 Aug 2024 08:14:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=daryllswer.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OgaC9Cus1aUE for <v6ops@ietfa.amsl.com>; Sat, 10 Aug 2024 08:14:01 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65241C14F615 for <v6ops@ietf.org>; Sat, 10 Aug 2024 08:14:01 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-2cb55ff1007so2404474a91.0 for <v6ops@ietf.org>; Sat, 10 Aug 2024 08:14:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daryllswer.com; s=google; t=1723302841; x=1723907641; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qNSAH+nSW6Xpv9ClcF9i+Z3GEvdj4br+YG+PKDt2Pbo=; b=U1cy1jiTKlZiJVml4U4KwWX8XDwszN/gj4qilWPB2GNdvyr0E8mQ+I/1NEASSmZazF Px7vy1aIBoF4/D49e/jgIE9Jm0P7fBlLphIOES77lwYs6Th5Rkfw8WIVKWxvdyKVrqs7 vmOhx/5EDl2baMLWZgVyJDSyqUQJZ18tNIiyNor6HUgKb0lz1Wzv9bDIjHW+vF11PNeC 1+anXzEUgNPtNVTzJwnjcqrIH66uWEzFUKzWMmcaZXcsBX4wl/+uFUsk30ojuciSHj21 625kOuirv8UBVdBHzfmC93xcXj5BAgWVCDgk1s7eMh1UnzWTuDJlRstKPKl4sH3lP7nP D/3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723302841; x=1723907641; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qNSAH+nSW6Xpv9ClcF9i+Z3GEvdj4br+YG+PKDt2Pbo=; b=SLSHqcCL+uaifbNDIVpz8lCClRq1fM4eLa7KYVnQEwbgbLMYWktoOvQyTdGJRL7O7E mvrmxNxsjjHI8LoQT+NontjVYkEVkju+Nw6BGeslhsrVpdSVO59lCPLFOCYh5vAoewai NgwblGF8SRiZ1XPOK2pWg47OqlDJdWH2urRiTAuSCmyiUC8z8Ll1FBu/br+VmnfK5kXp YKQkAaZ1Poe7rhez5mTCgpIISYKH5K633rsXqQekwlIwh+1LUx0jkLJWYy3x8ccgq57v WdBApaBXK4mGXjEkm9mi8WBRoCFj04x7RfZX5hWCdjHOMNgy+B+1oGhxHo+W2OtrcdTa srXw==
X-Forwarded-Encrypted: i=1; AJvYcCV9OVEmPpTMGfLf8+7qCUeqkkZtIUiakBNSTx4wLt2h/uMfck8a4NAknndNgobTSICUUo4fDDm01jBRmzvm4Q==
X-Gm-Message-State: AOJu0YxkhKvmL/KwbU7vDN1XXCOHjzdGWBcqiG4XDyHtmoDRCxHMU3Cp YB9iiFa65pNMwDA2WrPJraCU3Nk6rtrgLBcDTXZNsFVraNWgJjz6EVIqUq5dQe8CdvjTW62SnGO i3Ws=
X-Google-Smtp-Source: AGHT+IFIsQVcWN2SmcQ5OQJK1/RyUZliDm75AeDL7ZEaYjc62nTeiP0aMQppvZj9wo2CIYTWm7P5Qg==
X-Received: by 2002:a17:90a:b113:b0:2cd:b915:c80b with SMTP id 98e67ed59e1d1-2d1e8082b97mr4571266a91.27.1723302840348; Sat, 10 Aug 2024 08:14:00 -0700 (PDT)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com. [209.85.216.49]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d1fcfe4e70sm1698886a91.40.2024.08.10.08.13.59 for <v6ops@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 10 Aug 2024 08:14:00 -0700 (PDT)
Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-2caff99b1c9so2383002a91.3 for <v6ops@ietf.org>; Sat, 10 Aug 2024 08:13:59 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCXKIvcc3Q48zwIKDyCyWRJIVKgfuD4i2V8q2/tWrd1P8tVKVqDilDLMvTCE49zifV8DZKOtjEixoIaDqpu46Q==
X-Received: by 2002:a17:90b:1909:b0:2c9:81d3:65d5 with SMTP id 98e67ed59e1d1-2d1e8000d85mr4933577a91.24.1723302839614; Sat, 10 Aug 2024 08:13:59 -0700 (PDT)
MIME-Version: 1.0
References: <df01e0f8-1b0d-4792-be2c-89a59da7de49.ref@swbell.net> <df01e0f8-1b0d-4792-be2c-89a59da7de49@swbell.net> <CAJgLMKte1H3FaoQOhc7_No=SNdczQFo2_mp2c1FvTOqLCRFm2g@mail.gmail.com> <6e70bed7-6f84-4a4a-90f8-fec1d10a599b@swbell.net> <CAJgLMKsXHcxzu8Kbrg1pu9SDkGDH0b1bWzW__CrfpDaSv3Joog@mail.gmail.com> <CACyFTPFakaDLdTJVc6d1HiR_oaedNOV76MRQxJp=+z95uQFVZQ@mail.gmail.com> <CAPt1N1=rQp5U4_X=2WvCV358S9Qm+E+_+gs_mgUJHP_68dYLmg@mail.gmail.com> <d16406c6-e5d9-4aa4-a16e-7513d04d6b07@gmail.com> <CACyFTPEdh_SL3BJ6WcD18tpYzH=Q6gxYnXanTsHZxF4xQm7LuA@mail.gmail.com> <19b076c0-ff57-471a-8f66-6ad47d7169f4@gmail.com> <f469fd02-f67e-4aa3-80e1-e055e63fadd2@swbell.net> <CACyFTPGNUvKkF+hxg1xJPSRNWo4aZN+jtwO3GeMLmQ1pTY8x3g@mail.gmail.com> <CAPt1N1kLTuKjtvsJ5qGd_kjnc8K2HDc7OemMqtaSavGH6kAqJA@mail.gmail.com>
In-Reply-To: <CAPt1N1kLTuKjtvsJ5qGd_kjnc8K2HDc7OemMqtaSavGH6kAqJA@mail.gmail.com>
From: Daryll Swer <contact@daryllswer.com>
Date: Sat, 10 Aug 2024 20:43:14 +0530
X-Gmail-Original-Message-ID: <CACyFTPEjAq0kGHFwiNnqsmyhxavu6HhEBu6X7OQXAgaKpPqa1g@mail.gmail.com>
Message-ID: <CACyFTPEjAq0kGHFwiNnqsmyhxavu6HhEBu6X7OQXAgaKpPqa1g@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Content-Type: multipart/alternative; boundary="0000000000009889f1061f55b598"
Message-ID-Hash: P6ISZ3N3PV2MX4VRGITSX4V5OW2R3XMW
X-Message-ID-Hash: P6ISZ3N3PV2MX4VRGITSX4V5OW2R3XMW
X-MailFrom: contact@daryllswer.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The Multach's <jmultach@swbell.net>, v6ops@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Dynamic addresses
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/C8wtrbUXzVggx-Xj6H8mWKOFFik>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

Ted

> It sounds like the isps who you know of who are doing this are not
following the rfcs. That makes it cheaper, and makes it break IPv6 for the
end user.

*Most*, ISPs don't conform to RFCs, BCPs and BCOPs. As a consultant, I get
exposed (They email me their diagrams and configs for review) to tens of
networks every year, and I can count on one hand, how many networks conform
to the minimum for networking in general (IPv4 vs IPv6 aside).

That's why I think the "draft-ietf-v6ops-cpe-lan-pd" should potentially,
have something to give to end-users for them to use against such ISPs, in
order for these users to get a permenaent ia_pd (/56 minimum or /48
maximum) via support tickets, asking the ISP to conform.

*--*
Best Regards
Daryll Swer
Website: daryllswer.com
<https://mailtrack.io/l/713f3f681113f0bfb34c34bcf30460679e5a5347?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=fe00cdb4ee3ab02c>


On Sat, 10 Aug 2024 at 19:53, Ted Lemon <mellon@fugue.com> wrote:

> At least in Germany the address shifting was a regulatory thing—the isp I
> was working with on it didn’t want to do it—it was expensive and
> inconvenient.
>
> It sounds like the isps who you know of who are doing this are not
> following the rfcs. That makes it cheaper, and makes it break IPv6 for the
> end user.
>
> Op za 10 aug 2024 om 10:10 schreef Daryll Swer <contact@daryllswer.com>
>
>> > Then again, there is a claim that on those you may not get a prefix at
>> all (just a single IP6 address), and if you do, often its a /64 with no PD.
>>
>> IIRC, US Telcos even have separate billing for mobile
>> tethering/hotspot, right? And IPv6 doesn't always work over that ways?
>>
>> Over here, it appears the tethering interface just bridges with the PDP
>> interface, and the “clients” that connects gets a /128 GUA, shared with a
>> single /64 with the SIM.
>>
>> > For security reasons, one of them has a rule to change the assigned
>> IPv6 address space at least once every 4 hours.
>>
>> You mean conspiracy theories about big bro and “privacy”… It's not
>> “security”.
>>
>> iPhones have built-in security, Ted Lemon can probably elaborate on that.
>> Android, too, has built-in security, the Google folks here can probably
>> elaborate on that.
>>
>> Nope, I am completely against conspiracy theories about “dynamic IP stops
>> big bro from spying on you”. If big bro wants to “spy” on you, no amount of
>> “dynamic IPs” is stopping that.
>>
>> *--*
>> Best Regards
>> Daryll Swer
>> Website: daryllswer.com
>> <https://mailtrack.io/l/ba62818f368e4ab91c6676b1a01e6088ea674e45?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=b8dfc4abc306b3d8>
>>
>>
>> On Sat, 10 Aug 2024 at 19:29, The Multach's <jmultach@swbell.net> wrote:
>>
>>> That triggered a memory about addressing on US cellular carriers, at
>>> least one of which does this.
>>>
>>> Then again, there is a claim that on those you may not get a prefix at
>>> all (just a single IP6 address), and if you do, often its a /64 with no PD.
>>>
>>> For security reasons, one of them has a rule to change the assigned IPv6
>>> address space at least once every 4 hours.
>>>
>>>
>>> On 8/9/2024 9:33 PM, Brian E Carpenter wrote:
>>>
>>> On 10-Aug-24 11:34, Daryll Swer wrote:
>>>
>>>  > But I don't understand the statement "breaks SLAAC on the LAN". A
>>> change of prefix renumbers the LAN, but that doesn't break SLAAC, it just
>>> causes SLAAC to renumber everything. It will only break active sessions.
>>>
>>> It will break, on the host side, because they won't know to use the new
>>> prefix, until the pref/valid values expire.
>>>
>>>
>>> https://www.6connect.com/blog/is-your-isp-constantly-changing-the-delegated-ipv6-prefix-on-your-cpe-router/
>>>
>>>
>>> Thanks, yes, I knew that of course but the description of that as
>>> breaking SLAAC confused me. (When my ISP was changing prefixes after a CE
>>> power cut and reboot, the issue was masked by other effects of the power
>>> cut.)
>>>
>>> There's no reason to be promoting dynamic v6 prefixes, in addition to
>>> the SLAAC context, this makes it painful, for end-users to host anything at
>>> home, even basic SSH.
>>>
>>>
>>> I completely agree.
>>>
>>>    Brian
>>>
>>>
>>> *--*
>>> Best Regards
>>> Daryll Swer
>>> Website: daryllswer.com
>>> <https://mailtrack.io/l/8b190af15371d42cba28cde7db9581f1c207dde9?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=0564b87de4f69994>
>>> <https://mailtrack.io/l/8b190af15371d42cba28cde7db9581f1c207dde9?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=0564b87de4f69994>
>>>
>>>
>>> On Sat, 10 Aug 2024 at 04:56, Brian E Carpenter <
>>> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>
>>> <brian.e.carpenter@gmail.com>> wrote:
>>>
>>>     [Public service announcement: as of now, I'm spam-filtering messages
>>> with 'Digest' subject headers.]
>>>
>>>     My ISP used to change my prefix whenever there was a power cut and
>>> the modem restarted. Now, it appears to be stable.
>>>
>>>     But I don't understand the statement "breaks SLAAC on the LAN". A
>>> change of prefix renumbers the LAN, but that doesn't break SLAAC, it just
>>> causes SLAAC to renumber everything. It will only break active sessions.
>>>
>>>     Regards
>>>          Brian
>>>
>>>     On 10-Aug-24 10:13, Ted Lemon wrote:
>>>      > In order to do this, they would have to not renew a previously
>>> assigned prefix. I think some German telecoms used to do this as a privacy
>>> message, but it was operationally very difficult because it doubled demand
>>> for prefixes.
>>>      >
>>>      > Where are you seeing this irl, and how does it happen?
>>>      >
>>>      > Op vr 9 aug 2024 om 15:08 schreef Daryll Swer <
>>> contact=40daryllswer.com@dmarc.ietf.org
>>> <mailto:40daryllswer.com@dmarc.ietf.org>
>>> <40daryllswer.com@dmarc.ietf.org> <
>>> mailto:40daryllswer.com@dmarc.ietf.org <40daryllswer.com@dmarc.ietf.org>
>>> <mailto:40daryllswer.com@dmarc.ietf.org>
>>> <40daryllswer.com@dmarc.ietf.org>>>
>>>      >
>>>      >     Tim, is there something we can do to encourage not only "more
>>> than a /64", but also encourage "static ia_pd to ensure the customer will
>>> not experience broken IPv6 connectivity due to ever changing prefixes".
>>>      >
>>>      >     Too many ISPs out there do dynamic IPs and breaks SLAAC on
>>> the LAN.
>>>      >
>>>      >     I feel this draft could be a powerful tool, in the hands of
>>> the end user to get these ISPs doing the right way of IPv6 more often.
>>>      >
>>>      >     --
>>>      >     Sent from my iPhone
>>>      >
>>>      >
>>>      >     On Fri, 9 Aug 2024 at 7:37 PM, Timothy Winters <
>>> tim@qacafe.com <mailto:tim@qacafe.com> <tim@qacafe.com> <
>>> mailto:tim@qacafe.com <tim@qacafe.com> <mailto:tim@qacafe.com>
>>> <tim@qacafe.com>>> wrote:
>>>      >
>>>      >         Yes.  I've seen several instances of /64 being used for
>>> container networks on CPEs.
>>>      >
>>>      >         ~Tim
>>>      >
>>>      >         On Fri, Aug 9, 2024 at 9:38 AM The Multach's <
>>> jmultach@swbell.net <mailto:jmultach@swbell.net> <jmultach@swbell.net> <
>>> mailto:jmultach@swbell.net <jmultach@swbell.net>
>>> <mailto:jmultach@swbell.net> <jmultach@swbell.net>>> wrote:
>>>      >
>>>      >             So are these considered a LAN link prefix assignment
>>> under 7084 L2:
>>>      >
>>>      >             - Assignment of a /64 prefix for internal IPv6
>>> communication between a
>>>      >             primary SoC and a secondary chip (e.g., a Wi-Fi chip
>>> which uses IPv6).
>>>      >
>>>      >             - Assignment of a /64 prefix for usage by an internal
>>> container or VM.
>>>      >
>>>      >
>>>      >             On 8/9/2024 7:56 AM, Timothy Winters wrote:
>>>      >              >
>>>      >              >
>>>      >              > On Thu, Aug 8, 2024 at 10:58 PM The Multach's <
>>> jmultach@swbell.net <mailto:jmultach@swbell.net> <jmultach@swbell.net> <
>>> mailto:jmultach@swbell.net <jmultach@swbell.net>
>>> <mailto:jmultach@swbell.net> <jmultach@swbell.net>>> wrote:
>>>      >              >
>>>      >              >     The following, while being user focused, fails
>>> to take into
>>>      >              >     account that
>>>      >              >     some of those prefixes may be used internally
>>> (or reserved for
>>>      >              >     internal
>>>      >              >     use) by the CPE or for ISP purposes and not
>>> assignable:
>>>      >              >
>>>      >              >     "SHOULD" (or an elongated exception for the
>>> above) would be more
>>>      >              >     appropriate.
>>>      >              >
>>>      >              >     LPD-4: After LAN link prefix assignment the
>>> IPv6 CE Router MUST
>>>      >              >     make the
>>>      >              >     remaining IPv6 prefixes available to other
>>> routers via Prefix
>>>      >              >     Delegation.
>>>      >              >
>>>      >              > I think this covers that case.   After local
>>> assignment, unused
>>>      >              > prefixes MUST be made available.
>>>      >              > LPD-2:  The IPv6 CE Router MUST assign a prefix
>>> from the delegated
>>>      >              >            prefix as specified by L-2 [RFC7084].
>>>      >              >
>>>      >              > 7084
>>>      >              >    L-2:   The IPv6 CE router MUST assign a
>>> separate /64 from its
>>>      >              >           delegated prefix(es) (and ULA prefix if
>>> configured to provide
>>>      >              >           ULA addressing) for each of its LAN
>>> interfaces.
>>>      >              >
>>>      >              >
>>>      >              >
>>>  _______________________________________________
>>>      >              >     v6ops mailing list -- v6ops@ietf.org
>>> <mailto:v6ops@ietf.org> <v6ops@ietf.org> <mailto:v6ops@ietf.org
>>> <v6ops@ietf.org> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>>>      >              >     To unsubscribe send an email to
>>> v6ops-leave@ietf.org <mailto:v6ops-leave@ietf.org>
>>> <v6ops-leave@ietf.org> <mailto:v6ops-leave@ietf.org
>>> <v6ops-leave@ietf.org> <mailto:v6ops-leave@ietf.org>
>>> <v6ops-leave@ietf.org>>
>>>      >              >
>>>      >
>>>      >         _______________________________________________
>>>      >         v6ops mailing list -- v6ops@ietf.org
>>> <mailto:v6ops@ietf.org> <v6ops@ietf.org> <mailto:v6ops@ietf.org
>>> <v6ops@ietf.org> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>>>      >         To unsubscribe send an email to v6ops-leave@ietf.org
>>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org> <
>>> mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
>>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>>>      >
>>>      >     45efe8dfc775213ded0fc41c7d84ccccb0d6aa20
>>> _______________________________________________
>>>      >     v6ops mailing list -- v6ops@ietf.org <mailto:v6ops@ietf.org>
>>> <v6ops@ietf.org> <mailto:v6ops@ietf.org <v6ops@ietf.org>
>>> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>>>      >     To unsubscribe send an email to v6ops-leave@ietf.org
>>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org> <
>>> mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
>>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>>>      >
>>>      >
>>>      > _______________________________________________
>>>      > v6ops mailing list -- v6ops@ietf.org <mailto:v6ops@ietf.org>
>>> <v6ops@ietf.org>
>>>      > To unsubscribe send an email to v6ops-leave@ietf.org
>>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>
>>>
>>>