[v6ops] A few thoughts on draft-smith-v6ops-local-only-addressing
Fred Baker <fredbaker.ietf@gmail.com> Thu, 05 December 2019 23:39 UTC
Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430A312004E for <v6ops@ietfa.amsl.com>; Thu, 5 Dec 2019 15:39:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0wBpmN3smyLT for <v6ops@ietfa.amsl.com>; Thu, 5 Dec 2019 15:39:57 -0800 (PST)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54FB9120033 for <v6ops@ietf.org>; Thu, 5 Dec 2019 15:39:57 -0800 (PST)
Received: by mail-pg1-x530.google.com with SMTP id b137so2324466pga.6 for <v6ops@ietf.org>; Thu, 05 Dec 2019 15:39:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=gyN1/gKC1e1AUkHfNYiDRYG3RYU6vrecgKGKjSewCtY=; b=JGWIQT1bwj7bbbXsSLMWGROPJu6bbqvm8dMkM7Gu53C5q4e6bJSqDut2NbrNxJxfIB cRQ1Kp2Ftb3RlJX4Rp5xNoF3VGl4OC+0z5VVwSX1a4RR6jhRl4whg/xgNfts8E91uD+b 5Wi2tLgCBUGxUnkrrSifqvgDXtNfVlWH+h1WrxlQ9GJQWRH7EGoCZF2sK3ofXM5XtuY8 71VecdR0b9X0EqPrIlipb8TQD+9bZmH8GKNYIIrgMiUfPdyOolv6X97uFjs0xKyGACq8 rS40o0qYPq6ZdTqlCV4id0Jl6I+XUQqQq6jmFPCBR/Dg1lLqSFhSabslX0/7IQrUg1YN EbAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=gyN1/gKC1e1AUkHfNYiDRYG3RYU6vrecgKGKjSewCtY=; b=Qn+tOwc414gwCQy7Hvd0Dlr2rgdCdG0zdAptEiib3opcJC7ZjdavTaxKeztenc19to 1vsKLOMsX7GqooE3M4taYNmPxIZrVEU2PYFdI1voUX7UHluPBrkdFDzssyF0IWidWJM1 1KhTf+pjzsWTRqD9a6uN84Ou1Xii3XHnHfCQrugbiPiDxCOLvRIYrHyrYEaqZpls/vnY tF9s1QJUQ++gpKfQParC4xG/DOkd5Q+98s5Dm/gRngpesdA+yB/cO2RuLZf2X+2iIlUE xQ9APbMwxz4LbRJRc0h9kB1IurU3d/4eeQRWoNcuO80lhz0P0EdaKtzyeJ5iTT9s6Fq2 RfQg==
X-Gm-Message-State: APjAAAUWXlfGE1JB+cO5kE3G0TlGI/h2F217kOkYRYcesoLp5ppnmKzL f3KQVtAzQQ18h/nQ31liXGnnu6gx
X-Google-Smtp-Source: APXvYqySsXxCOhKn+xqke0gLN9pOcrM9xql/QFxTL2FT+APy3uO+eXtbhYRFcZEUhIxglcJDIhWlcA==
X-Received: by 2002:aa7:9198:: with SMTP id x24mr11966822pfa.203.1575589196619; Thu, 05 Dec 2019 15:39:56 -0800 (PST)
Received: from ?IPv6:2600:8802:5900:13c4::100c? ([2600:8802:5900:13c4::100c]) by smtp.gmail.com with ESMTPSA id r193sm8305372pfr.100.2019.12.05.15.39.55 for <v6ops@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Dec 2019 15:39:55 -0800 (PST)
From: Fred Baker <fredbaker.ietf@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Message-Id: <CB306B8F-6DB5-4E5B-B38E-B23FF96DAEE6@gmail.com>
Date: Thu, 05 Dec 2019 15:39:52 -0800
To: V6 Ops List <v6ops@ietf.org>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Dd2SEscD1YWU_ihHEXXyZQqVJks>
Subject: [v6ops] A few thoughts on draft-smith-v6ops-local-only-addressing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2019 23:39:59 -0000
I'm passing along some thoughts on the draft. I speak as a random individual, nothing more. I'll identify the sections I am commenting on. Introduction The statement in the draft, in the abstract and in the introduction, is that certain types of devices (and, I would argue, more accurately applications) are only appropriately reachable from localized locations, and therefore only using ULA addresses. This troubles me on a couple of counts. I would agree that there are a number of classes of Internet devices and applications that should be reachable only by their operators. But I question whether they are necessarily in their operators' local domains (how about outsourced datacenter etc?), or whether their operators might have operating contracts with others that muddy those waters? In general - and I have said this multiple times - if a device is intended to be reachable only by systems within its local domain, a local address (one not advertised in BGP) make sense. That said, I seriously dispute that this is a result of the nature of the device or its application; it is a policy decision on the part of those who operate it. I don't think I could pass on the draft with this confusion between nature and policy in it. For the record, I would add that folks in v6ops have commented in the past that using ULA and GUA prefixes within an enterprise network entails the possibility of doubling the address announcement volume - if a given LAN has two subnets and therefore two prefixes, it would have that result. I would therefore expect that networks using this model would be likely to have some LANs with a GUA subnet and some LANs with a ULA subnet, but few if any with both. There is in my view a minor increase in complexity with this model - LANs have, if you will, an additional attribute, which is whether its subnets are local-only or global in nature. Default Local Only Addresses Point of definition: a ULA addresses is global in scope, but may not be advertised globally. They may, if appropriate and agreed between ASNs, be advertised between "consenting adults". There is actually a reasonably common use case, discussed in draft-baker-v6ops-b2b-private-routing. I would prefer that the draft accurately describe a ULA if it wants to talk about them. Permitted Incoming and Outgoing Connections In excluding GUA-source sessions, I think this creates unnecessary complexity. First, if a device is using a GUA, one of two situations exists: it is within the network and managed to select the wrong source address, or it is outside the network, has no routing advertisement with which to read the ULA prefix, and can't get there. Anything else (such as the network erroneously advertised the ULA prefix and the neighboring network failed to filter it out) is an error. My Real Concern: If I were to read this as an enterprise network operator, I think my first reaction would be to say "I recognize this; a ULA is a private address, and if I choose to I can translate it at the network edge". As such, if we proceed with this, it needs to be with large health warnings about not using translation (cf RFC 2993).