IETF Logo Mail Archive

Re: [v6ops] Thoughts on draft-ietf-v6ops-dhcp-pd-per-device

Lorenzo Colitti <lorenzo@google.com> Fri, 04 August 2023 02:51 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85F88C15198B for <v6ops@ietfa.amsl.com>; Thu, 3 Aug 2023 19:51:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.605
X-Spam-Level:
X-Spam-Status: No, score=-17.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9qe9hultznf for <v6ops@ietfa.amsl.com>; Thu, 3 Aug 2023 19:51:00 -0700 (PDT)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F7D3C151990 for <v6ops@ietf.org>; Thu, 3 Aug 2023 19:51:00 -0700 (PDT)
Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-63d30554eefso9696386d6.3 for <v6ops@ietf.org>; Thu, 03 Aug 2023 19:51:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691117459; x=1691722259; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nzSYWf1yL7sSJs4HKQjLwtwt1zX89ImR2QYIf9+nsBE=; b=yccamOsGQMHhMca3yhXV+HwOZ1yRHo6yemfDpr1pNyjeSj/eYqAYb8M2bbp5/zvdjS MN2lIDikNqRvpKb5wbT2n/wotDzFg7GvjZ1jYphKlmFgtWGcKnHS+tbSocKNpo9HELYD EDQSBCB1OyVfY7MzbTySDD1UVObPhXKIZ+P/RbIx1Z/b16JU0Zh2r5CAwLClO+f33cXT a1ZfbwX5Rtzxhk+hctLJiP8b+O23KiCE00TWkS1u8ABz6yzuXxI0AKiMTsqzIHjLXCSN HNy49Wa4uGncNkFO+Bkr62Gillgu6NKi4WyavelOUCa7f83Yp7J9nyM194410miU0Qt6 /d+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691117459; x=1691722259; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nzSYWf1yL7sSJs4HKQjLwtwt1zX89ImR2QYIf9+nsBE=; b=FOfBRKvQw/n/VQixnyUVRbh5Tcnv83EawoFzz5G8SovaKdi5cTY+r+4bF21ujM6tC4 x0sV7VBc+ztNrI0BE1b5d7asUUS+ovtgynBtH3ZU5bt8dumf0AdkqPysfKV2Zh4fCHW/ uODIS44R+hB2tn3MtIYoa4AgAZvr7BpCZ1WXyjJldQk5cArpVRBYkKX6bwk1v9k+2ntb l280vOHBp3h2BE4uOgb7B7HawY6zbF9amdYsbS3Ab+npm7rBJ0b8bxO+Q9q39+BsDgRo vCmXSGBfLEapn4NGTx8Y+9jUn+Iv6IZbXhuXjjd9uQ2Mb3cR9CjLKPsSPpGzhFSxLfym QI9g==
X-Gm-Message-State: AOJu0YwZTS1dFuFVYiXZeSPdPmzr4hDyQC9HQ8DN9xGVqyuyQZdiICoR bMdKTLxiPFztpe2+SWf0UXueRm/bmMGgfS+f/dyOTvBC1IoYM1jJ9F8=
X-Google-Smtp-Source: AGHT+IEPdSCiTbJye69J3IsW5cqIahBF1pV19sqDfhbiCvMz1fcvVeFCmZq8oWUN0LdKH8cWRPJdhJEGBNJg2lhxRNE=
X-Received: by 2002:a05:6214:580b:b0:63d:36ab:93e6 with SMTP id mk11-20020a056214580b00b0063d36ab93e6mr410183qvb.65.1691117458793; Thu, 03 Aug 2023 19:50:58 -0700 (PDT)
MIME-Version: 1.0
References: <CO1PR11MB4881747D07D7F1DED14C65E4D808A@CO1PR11MB4881.namprd11.prod.outlook.com> <F035E47E-56A4-46C1-B24B-FC19BF40774D@delong.com> <935b380f-157b-74c1-5844-d73eab2e9d81@gmail.com>
In-Reply-To: <935b380f-157b-74c1-5844-d73eab2e9d81@gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Fri, 04 Aug 2023 11:50:47 +0900
Message-ID: <CAKD1Yr2CgfXpcC=xmn5sKN7UZB64ztCuh+Q9De7gt5yG3ex0Uw@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Owen DeLong <owen@delong.com>, "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>, "v6ops@ietf.org list" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068029706020ff77a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/E2ToG7d88K9JGfqBINbXwr3mpXY>
Subject: Re: [v6ops] Thoughts on draft-ietf-v6ops-dhcp-pd-per-device
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2023 02:51:04 -0000

Let's not fall into another debate about the /64 boundary :-) The draft
does not have /64 hard coded anywhere in it, so if and when we change the
subnet size supported by SLAAC to something else, the document will not
need to be modified.

The draft does say that the server must hand out a prefix of sufficient
size to support SLAAC. There's a good reason for this: SLAAC is the only
address assignment mechanism that is mandatory to implement, and in large
numbers of hosts, it's the only one that is implemented.

Yes, this does mean that this draft is not applicable on all networks. But
to be realistically, I see no way that we could get consensus on *any*
method that would support end-to-end connectivity and permissionless
network extension on all networks. If anyone can think of one, please do
share and we'll go off and do that instead :-)

In the meantime, this draft is what comes closest to that goal. It
meaningfully increases the capabilities of large networks by allowing
unlimited end-to-end extension, and that's a huge improvement. Let's not be
the perfect be the enemy of the good.

Cheers,
Lorenzo

On Fri, 4 Aug 2023, 05:30 Brian E Carpenter, <brian.e.carpenter@gmail.com>
wrote:

> On 04-Aug-23 05:25, Owen DeLong wrote:
> > /64 also provides a sufficiently large space that the odds of a
> collision among randomly generated addresses are sufficiently small as to
> allow address autoconf to have a high success rate on the first attempt.
>
> There's that, and a similar argument about privacy/guessability of IIDs.
> When we looked at this for RFC7421, we concluded that 40 bits was enough,
> so /80 or even /88 subnets would be reasonable.
> (https://www.rfc-editor.org/rfc/rfc7421.html#page-16)
>
> >
> > Walking further right to work around stingy provider’s bad allocation
> policies is a step in the wrong direction, IMHO.
> >
> > That said, I do agree that /64 shouldn’t be hard coded anywhere and that
> prefix size should be an operator choice. I think it is useful for /64 to
> remain a strong recommendation.
>
> So perhaps 6man should adopt draft-bourbaki-6man-classless-ipv6?
>
>     Brian
>
> >
> > Owen
> >
> >
> >> On Aug 3, 2023, at 08:52, Pascal Thubert (pthubert) <pthubert=
> 40cisco.com@dmarc.ietf.org> wrote:
> >>
> >> +295147905179352825856
> >>
> >> I believe that neither any new spec nor any new implementation should
> have 64 hardcoded in it anymore. There should be a MUST in a BCP for that.
> >>
> >> There are some chains of inheritance that should be broken before they
> hurt too much, e.g.,
> https://garethdennis.medium.com/the-not-so-glamourous-origins-of-standard-track-gauge-2b5f1ae7e3bc
> .
> >>
> >> Though the horse tall tale might be overrated, I still believe in the
> one that says that the 64 value was not defined for the best of admins, but
> to allow SLAAC using the MAC address as IID even in L2 networks using the
> MAC-of-the-future, of 64 bits. Firewire is dead, and 15.4 is the only major
> L2 left with 8 bytes MACs. The IETF now discourages MAC for IID anyway.
> >>
> >> 64 is thus only useful because of some existing SLAAC implementations
> and should be considered as a special value only in that context, to be
> provisioned accordingly by the admin that really wants SLAAC and those
> devices (admittedly, my home gateway is like that).
> >>
> >> NetOps who are not in that context should be able to build the network
> they want with minimum constraints. There should not be constraints that
> are there only to fit the taste or the limitations of the protocol
> designers. A touch of humility and a good dose of separation of power &
> responsibility would serve us well here.
> >>
> >> All the best,
> >>
> >> Pascal
> >>
> >>
> >>> -----Original Message-----
> >>> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Brian E Carpenter
> >>> Sent: Wednesday, August 2, 2023 11:38 PM
> >>> To: Ole Trøan <otroan@employees.org>
> >>> Cc: v6ops@ietf.org list <v6ops@ietf.org>
> >>> Subject: Re: [v6ops] Thoughts on draft-ietf-v6ops-dhcp-pd-per-device
> >>>
> >>>> On 03-Aug-23 09:20, Ole Trøan wrote:
> >>>> Brian,
> >>>>
> >>>>> On 2 Aug 2023, at 23:10, Brian E Carpenter <
> brian.e.carpenter@gmail.com>
> >>> wrote:
> >>>>>
> >>>>> On 02-Aug-23 18:55, Ole Trøan wrote:
> >>>>>>> With all due respect, etc. etc., very few people on this list have
> a
> >>> typical home network. If we are talking about customers of an ISP that
> only
> >>> offers a /60, it's a different world to ours. I am *not* defending
> such ISPs,
> >>> far from it, but the CEs that they provide are highly unlikely to
> enable
> >>> dhcp-pd-per-device.
> >>>>>> If this proposal results in an address assignment approach that
> cannot
> >>> even number a home network that has been assigned 295147905179352825856
> >>> addresses, at least an outsider would start wondering what we were
> smoking.
> >>>>>
> >>>>> Well yes, but aren't you agreeing with me? A CE that only has a /60
> >>> probably shouldn't support a delegation method that assigns a whole
> /64 to a
> >>> single device. (Unless the CE also knows that the device is capable of
> >>> assigning longer prefixes to subsidiary devices, which is essentially
> what
> >>> Pascal was saying.)
> >>>>>
> >>>>> Or in other words, the dhcp-pd-per-device mechanism is only useful
> for
> >>> networks that know how to use it.
> >>>>
> >>>> Yes, that we agree on.
> >>>> DHCP PD as a delegation method supports any prefix length.
> >>>
> >>> So does RFC 8992, as it happens. I had fun in my toy implementation
> >>> supporting any prefix length.
> >>>
> >>>> The size of the assigned prefix should be an operational choice. I am
> not
> >>> sure this document needs to say more than if the prefix is longer than
> 64
> >>> then further sub-assignment to other hosts will not support SLAAC. If
> even
> >>> that.
> >>>
> >>> Yes.
> >>>     Brian
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >> _______________________________________________
> >> v6ops mailing list
> >> v6ops@ietf.org
> >> https://www.ietf.org/mailman/listinfo/v6ops
> >
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email