IETF Logo Mail Archive

Re: [v6ops] draft-buraglio-v6ops-ula discussion

Mark Smith <markzzzsmith@gmail.com> Fri, 05 August 2022 23:23 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90D1DC159486 for <v6ops@ietfa.amsl.com>; Fri, 5 Aug 2022 16:23:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.365
X-Spam-Level:
X-Spam-Status: No, score=-3.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.998, HK_RANDOM_FROM=0.998, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puILXkF_R_3V for <v6ops@ietfa.amsl.com>; Fri, 5 Aug 2022 16:23:57 -0700 (PDT)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4472C157B5D for <v6ops@ietf.org>; Fri, 5 Aug 2022 16:23:52 -0700 (PDT)
Received: by mail-pj1-x1033.google.com with SMTP id t22so4046610pjy.1 for <v6ops@ietf.org>; Fri, 05 Aug 2022 16:23:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=VZQ4gAgmu+75UZ4taYYjoL1ChmXwBubWEKKj88XHhO0=; b=To75RxKxKU85wJXTnjnX7pnE4j9ewjI91GAQ6CPirV7VMC3k3NT8jONR7g2GQ3BBm2 SIRTvx5Ieb0lEw5PrnkMHTWHApYdmXN4rZrdchDGFBR3KNVHwDLSzEU+ItfXSp9rgwXE BFD5VhcQMr614ErMkz3vpdReVEbuHb6Qc7ZsFbeHSrZLo5FcUa3ZvOj8R5cqF8AU6d+3 +4Y1FVQmeybsvoKmt2sfnP+rjPDloixnQBBZ1cslg9m/0viJiv2rUmRqs8xXjQoD7ibN knD6dDA7g6TDUFKn941uJ0li1CXA7XHgBt2kRCrbnWXtZt9j6KV0XPEZ0VNhUhbanwrY 7sYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=VZQ4gAgmu+75UZ4taYYjoL1ChmXwBubWEKKj88XHhO0=; b=WQOoHCwmaEpDkT/twFtnZ766yfqgzRCDauykED8pZu0MjEjQWBhNasaFjcdtgTlonm XB/oaAQ/p6mGJewquprEqcgxO3nK1MNqu5CWtrFYX5G8GJba8WUy/ppfxwo3T3MSJI90 RAL1SSPNxUDvlMtYhag8BE23ocnu2fDiN6MJFLbuUfNpIFryuMW/1MbM6McYBeZ/9Ods DwCuyOv0YH6dovWre4GpncXZG6n8NVBwSKvZDKd5m3ScFZdWiE+O0SbJNzO6JbNjgAgw FGiqzJkME449r5pQxqrWEnurw8cNrpBBtn+jTxbby1i0fecjDHCot6l3mZYXkcaQqTdP j/zg==
X-Gm-Message-State: ACgBeo2qNu/4j76GQFGB5/9E/OB6Fc8QjoXGUQjt9L8rpu7eZZ38YWa6 yvSgSWyeFdnqzFTXeERUyRJLbVL8gkvEvLIwBbU=
X-Google-Smtp-Source: AA6agR5jUvI/FhdYabe8zr+vYNwntYT5M34rVB9iyLFVw8aMckGKEEtDutGedlYosgPFbZMVFZ+4f85J+XoK9JbXE9w=
X-Received: by 2002:a17:902:7102:b0:16e:e49f:1329 with SMTP id a2-20020a170902710200b0016ee49f1329mr8914325pll.163.1659741832001; Fri, 05 Aug 2022 16:23:52 -0700 (PDT)
MIME-Version: 1.0
References: <CABKBHweedb9Cmefy3M+jBkX3P_ML++a2N7SpSKVcZ0gL2U5K8w@mail.gmail.com> <D28DC500-06C3-41EE-BB07-0B9DF630B288@cisco.com> <CAN-Dau2mc--CpTMkrAkBbPz3fX0SNG8D9iTU3q=gGaE--OaLew@mail.gmail.com> <EBF6BF82-A218-4AF0-89BB-E20A8ABCCE09@cisco.com> <f41e16cc-d04d-cfa9-7f42-6fc75d6c0948@gmail.com> <CAN-Dau2fUh1ABpyh4mYrOod31T5J2gU90b9WEiJ1jOvO+8TYoA@mail.gmail.com>
In-Reply-To: <CAN-Dau2fUh1ABpyh4mYrOod31T5J2gU90b9WEiJ1jOvO+8TYoA@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 06 Aug 2022 09:23:24 +1000
Message-ID: <CAO42Z2w=4LZO6pHSFtkcOdj82PaZdJDaLN8XAN0QjgvB6BOGNw@mail.gmail.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, v6ops list <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000050bfc405e586c20d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/CAnMo4T7gMT3KNZ7tELhSbQLoWM>
Subject: Re: [v6ops] draft-buraglio-v6ops-ula discussion
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2022 23:23:58 -0000

I've always seen the main themes of IPv6 default address selection to be:

- prefer IPv6 over IPv4 when there is a choice, as the main IPv6 transition
mechanism

- prefer likely most reliable and available, with smaller scoped addresses
being likely more reliable and available than greater ones.

For example, a ULA address is likely more reliable and available than a GUA
address, because a local network is likely more reliable than a global one.

Ultimately though, address selection is a best guess. The current state of
the network may make the default selection order at a particular time
incorrect.

So applications should walk through the set of DAs and try to connect to
them until one succeeds, as discussed in RFC6724

Looking at RFC 5220, used to justify IPv4 over ULAs, that point seems to
have been was missed. There were scenarios where IPv4 was more reliable
than ULAs, due to ULA's being put in global DNS, contrary to the advice in
ULA RFC4193. Rather than letting applications overcome this DNS
configuration error by attempting to connect to all addresses in the set
until successful, ULAs were instead put below IPv4, contrary to the main
intent of using IPv6 over IPv4 when available.

So the uncommon case of an error of putting ULAs in global DNS was
countered by making it the common case of preferring IPv4 over ULAs in RFC
6724 default address selection.

Regards,
Mark.


On Sat, 6 Aug 2022, 08:14 David Farmer, <farmer=40umn.edu@dmarc.ietf.org>
wrote:

>
>
> On Fri, Aug 5, 2022 at 4:04 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
>
>> Eric,
>>
>> On 06-Aug-22 08:13, Eric Vyncke (evyncke) wrote:
>> > David,
>> >
>> > You are correct. I think that the priority order should be (from most
>> suitable to least suitable):
>> >
>> >   * Global IPv6
>> >   * Global IPv4
>> >   * ULA
>> >   * RFC 1918
>>
>> That may be your opinion, but many people disagree and that is why the
>> consensus is otherwise.
>>
>> My own order of default preference for *destination* address selection
>> would be:
>>
>> ULA
>> Global IPv6
>> RFC 1918
>> Global IPv4
>>
>> The rationale is: Prefer IPv6 always. Prefer local addressing when
>> available.
>>
>> Obviously this requires similar rules in discovery (whether by DNS or
>> some other method). If you can't discover a ULA, you will never use a ULA.
>>
>> Source address selection is simple: longest match with the destination.
>>
>>      Brian
>>
>
> However, neither of those is what RFC6724 specifies. Currently, the order
> is;
>
> ULA Local /48 (if RFC6724, section 10.6, is implemented automatically or
> manually, which is generally not the case in the wild)
> Global IPv6
> Global IPv4/ RFC1918
> ULA /7
>
> Further, the table from RFC 3484 was;
>
> Global IPv6/ ULA
> Global IPv4/ RFC1918
>
> Personally, I think RFC6724 almost has it right; what it got wrong is that
> section 10.6 should be mandatory and automatic, implemented by the IP
> stack, and not effectively optional and left to manual implementation.
>
> As I see it, the problem with distinguishing global IPv4 addresses from
> local RFC1918 IPv4 addresses is that RFC1918 IPv4 addresses are most often
> used as global IPv4 source addresses through the use of NAT.
> Therefore, distinguishing global IPv4 addresses from local RFC1918 IPv4
> addresses isn't practical with today's highly NATed IPv4 Internet.
> Furthermore, adding RFC1918 IPv4 addresses to the table requires at least
> three entries, one for 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, and
> maybe 100.64.0.0/10 from RFC6598 should be included as well.
> So, distinguishing global IPv4 addresses from local RFC1918 IPv4 addresses
> will add a lot of cruft to the table.
>
> Thanks
>
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email