Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Fernando Gont <> Fri, 25 October 2019 17:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C26571200DB for <>; Fri, 25 Oct 2019 10:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gos-DXw369-4 for <>; Fri, 25 Oct 2019 10:45:24 -0700 (PDT)
Received: from ( [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 93263120088 for <>; Fri, 25 Oct 2019 10:45:24 -0700 (PDT)
Received: from [IPv6:2804:431:c7f3:bff2:b8b3:4400:3123:ecb7] (unknown [IPv6:2804:431:c7f3:bff2:b8b3:4400:3123:ecb7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id A17E88685E; Fri, 25 Oct 2019 19:45:21 +0200 (CEST)
To: Owen DeLong <>
Cc: Philip Homburg <>,
References: <> <> <>
From: Fernando Gont <>
Openpgp: preference=signencrypt
Message-ID: <>
Date: Fri, 25 Oct 2019 14:45:15 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Oct 2019 17:45:27 -0000

On 24/10/19 13:52, Owen DeLong wrote:
>>> I'm also not convinced
>>> that there are sensible values for these lifetimes that are robust
>>> enough 
>>> and at the same time responsive enough to deal with the issue at hand.
>>> Reducing the lifetimes would help against build up of stale prefixes. If
>>> they are set to a couple of hours.
>> I do agree that this is not a complete solution, but, as you correctly
>> note, would help against build up of stale prefixes.
> I do agree that 7 and 30 days, respectively are absurd timer default values.

Exactly. *That* is the point.

> I think we can take some lessons from IPv4 and DHCP here. A fairly common
> lease time in the DHCP world is 3600 seconds (1 hour). This seems like a
> reasonable default preferred lifetime and I would propose that 1 day (86400)
> seconds may well be a reasonable default valid lifetime.

That's certainly an improvement wrt what we have right now.

> It is worth noting that these values are tunable by the administrator
> and the
> RFC suggested defaults should never be a hard-coded value.
> With the following exception, I don’t advocate modifying this on the client
> side:
> +Section 5.5.3 of RFC4862 should be amended to specifically
> allow the immediate deprecation of a prefix by sending a valid
> lifetime of 0 seconds. Hosts should be required to honor
> this as a signal that the prefix is no longer valid.

Could you please elaborate on this one?

> I do think that generally speaking, your proposed modifications to CPE and
> router behavior should be standardized and implemented.
>> A better mitigation is to affect the preferred and possibly the valid
>> lifetimes in response to consecutive RAs from the same router that lack
>> the original (stale) prefix. e.g., after two consecutive RAs that do not
>> contain the existing prefix, reduce the preferred lifetime. After two
>> additional RAs, reduce the valid lifetime.
> In the crash scenarios you describe, you’re assuming a single router on
> the network or
> at least only one router announcing the prefix(es) in question with no
> persistent
> memory of the prefixes it was announcing across a reboot. In such a
> scenario,
> it seems to me that the following are also likely valid assumptions:
> +The network has significant excess bandwidth compared to demand.
> +The small overhead of frequent RAs and short lifetimes is probably
> an acceptable tradeoff in this environment.
> However, there are lots of other scenarios in the world where those
> assumptions
> won’t hold true and we should not seek to solve this problem (which is
> generally
> applicable to residential and SMB environments) at the expense of all of
> those
> other professionally administered environments.

Even with the default RA frequency, if you were to unprefer a prefix
upon, say, second RA that doesn't advertise it, and say, remove the
prefix after many other RAs are received, that would be a *big*
improvement to what we have now.

> For
> For the busy wifi scenario, the preferred lifetime of zero for the old
> PIO should be
> sent many times and should be maintained in the configuration for at least
> OldPreferredLifetime seconds. At the end of OldPreferredLifetime seconds,
> if a host hasn’t seen the new RA, it will no longer matter as the last
> RA it saw
> will have expired. It’s not ideal, but there really aren’t a lot of good
> options here
> other than getting WiFi vendors to improve multicast reliability.
> In your automated configuration management scenario, IMHO, the people
> driving the automation have erred. The related case is, IMHO, a variant
> of the exact same case and represents the same error. It is still operator
> error regardless of whether the operator is driving an automation system,
> or is directly configuring a router. At a certain point, we need to
> accept that
> there is a limit to the acceptable gymnastics for the prevention of operator
> error. The best colloquialism here is “If you make something completely
> idiot proof, the world will invent a better idiot.”
> In section 3.2.1, you advocate setting the A and L bits to their
> previous values
> for prefixes which are being deprecated. IMHO, this is incorrect and the
> announcements calling for immediate deprecation should also indicate that
> the prefix should no longer be auto-configured and should no longer be
> considered on-link.

Not sure I follow. Could you please elaborate?

> Is there some unfortunate widely deployed behavior that interacts poorly
> with setting A and L to 0 for these previously valid prefixes?
> Finally, An editorial note… In Section 3, you state “Finally, Section
> 2.5 analyzes…”
> I believe this is intended to be a reference to section 3.2.2.

Nope. Section 3.2.2 talks about the interaction between dhcpv6-pd and
slaac. BUt it is section 2.5 that discusses other considerations for
dynamic/stable prefixes. For example, stable prefixes are not nice for

Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492