Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Fernando Gont <fgont@si6networks.com> Fri, 25 October 2019 17:45 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C26571200DB for <v6ops@ietfa.amsl.com>; Fri, 25 Oct 2019 10:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gos-DXw369-4 for <v6ops@ietfa.amsl.com>; Fri, 25 Oct 2019 10:45:24 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93263120088 for <v6ops@ietf.org>; Fri, 25 Oct 2019 10:45:24 -0700 (PDT)
Received: from [IPv6:2804:431:c7f3:bff2:b8b3:4400:3123:ecb7] (unknown [IPv6:2804:431:c7f3:bff2:b8b3:4400:3123:ecb7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id A17E88685E; Fri, 25 Oct 2019 19:45:21 +0200 (CEST)
To: Owen DeLong <owen@delong.com>
Cc: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>, v6ops@ietf.org
References: <m1iNIFE-0000IwC@stereo.hq.phicoh.net> <d1b6855d-bde9-7b53-4809-0846bb9772e4@si6networks.com> <7C913CC2-938F-449C-9750-85C36EC05E38@delong.com>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Message-ID: <48c864c7-589d-23cf-417e-6f4ec012a76a@si6networks.com>
Date: Fri, 25 Oct 2019 14:45:15 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <7C913CC2-938F-449C-9750-85C36EC05E38@delong.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/EN-uvy_xSfAU3HUCiMQT8PU9ikU>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 17:45:27 -0000

On 24/10/19 13:52, Owen DeLong wrote:
>>> I'm also not convinced
>>> that there are sensible values for these lifetimes that are robust
>>> enough 
>>> and at the same time responsive enough to deal with the issue at hand.
>>>
>>> Reducing the lifetimes would help against build up of stale prefixes. If
>>> they are set to a couple of hours.
>>
>> I do agree that this is not a complete solution, but, as you correctly
>> note, would help against build up of stale prefixes.
> 
> I do agree that 7 and 30 days, respectively are absurd timer default values.

Exactly. *That* is the point.



> I think we can take some lessons from IPv4 and DHCP here. A fairly common
> lease time in the DHCP world is 3600 seconds (1 hour). This seems like a
> reasonable default preferred lifetime and I would propose that 1 day (86400)
> seconds may well be a reasonable default valid lifetime.

That's certainly an improvement wrt what we have right now.



> 
> It is worth noting that these values are tunable by the administrator
> and the
> RFC suggested defaults should never be a hard-coded value.
> 
> With the following exception, I don’t advocate modifying this on the client
> side:
> +Section 5.5.3 of RFC4862 should be amended to specifically
> allow the immediate deprecation of a prefix by sending a valid
> lifetime of 0 seconds. Hosts should be required to honor
> this as a signal that the prefix is no longer valid.

Could you please elaborate on this one?



> I do think that generally speaking, your proposed modifications to CPE and
> router behavior should be standardized and implemented.
> 
>> A better mitigation is to affect the preferred and possibly the valid
>> lifetimes in response to consecutive RAs from the same router that lack
>> the original (stale) prefix. e.g., after two consecutive RAs that do not
>> contain the existing prefix, reduce the preferred lifetime. After two
>> additional RAs, reduce the valid lifetime.
> 
> In the crash scenarios you describe, you’re assuming a single router on
> the network or
> at least only one router announcing the prefix(es) in question with no
> persistent
> memory of the prefixes it was announcing across a reboot. In such a
> scenario,
> it seems to me that the following are also likely valid assumptions:
> 
> +The network has significant excess bandwidth compared to demand.
> +The small overhead of frequent RAs and short lifetimes is probably
> an acceptable tradeoff in this environment.
> 
> However, there are lots of other scenarios in the world where those
> assumptions
> won’t hold true and we should not seek to solve this problem (which is
> generally
> applicable to residential and SMB environments) at the expense of all of
> those
> other professionally administered environments.

Even with the default RA frequency, if you were to unprefer a prefix
upon, say, second RA that doesn't advertise it, and say, remove the
prefix after many other RAs are received, that would be a *big*
improvement to what we have now.



> 
> For
> 
> For the busy wifi scenario, the preferred lifetime of zero for the old
> PIO should be
> sent many times and should be maintained in the configuration for at least
> OldPreferredLifetime seconds. At the end of OldPreferredLifetime seconds,
> if a host hasn’t seen the new RA, it will no longer matter as the last
> RA it saw
> will have expired. It’s not ideal, but there really aren’t a lot of good
> options here
> other than getting WiFi vendors to improve multicast reliability.
> 
> In your automated configuration management scenario, IMHO, the people
> driving the automation have erred. The related case is, IMHO, a variant
> of the exact same case and represents the same error. It is still operator
> error regardless of whether the operator is driving an automation system,
> or is directly configuring a router. At a certain point, we need to
> accept that
> there is a limit to the acceptable gymnastics for the prevention of operator
> error. The best colloquialism here is “If you make something completely
> idiot proof, the world will invent a better idiot.”
> 
> In section 3.2.1, you advocate setting the A and L bits to their
> previous values
> for prefixes which are being deprecated. IMHO, this is incorrect and the
> announcements calling for immediate deprecation should also indicate that
> the prefix should no longer be auto-configured and should no longer be
> considered on-link.

Not sure I follow. Could you please elaborate?



> Is there some unfortunate widely deployed behavior that interacts poorly
> with setting A and L to 0 for these previously valid prefixes?
> 
> Finally, An editorial note… In Section 3, you state “Finally, Section
> 2.5 analyzes…”
> I believe this is intended to be a reference to section 3.2.2.

Nope. Section 3.2.2 talks about the interaction between dhcpv6-pd and
slaac. BUt it is section 2.5 that discusses other considerations for
dynamic/stable prefixes. For example, stable prefixes are not nice for
privacy.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492