Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-12.txt

Lorenzo Colitti <lorenzo@google.com> Mon, 02 October 2017 02:47 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B44201320D9 for <v6ops@ietfa.amsl.com>; Sun, 1 Oct 2017 19:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O79BL_n0YxHH for <v6ops@ietfa.amsl.com>; Sun, 1 Oct 2017 19:47:52 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB5CA134C45 for <v6ops@ietf.org>; Sun, 1 Oct 2017 19:47:51 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id k101so3727069iod.0 for <v6ops@ietf.org>; Sun, 01 Oct 2017 19:47:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=4mXnvgu1Vwr+SoATOlTxKmQ2xhG/deuCsCsUsH0vtAg=; b=ZylXoQ19fGnN7eOSnIwLuh8yfPcRs2VuvGelZqu8hPWss/TIlTUMM51iqHeC+6giYb XoDF1tn/ieG0pA5JRAm7kWlSGgh/OaqBXrMcn+MmgBnkBl9c4LqXzEVOWVIgJriz1i/s LNR6VtwSFcfEn1jbxSPxf6PqYaviJmjLB8IpyqQegmV8ZcXUqZEON8H6dSqKlXUn/jQB xbjF6oQEABl38eJnoz6V5joAMiIm7rUouth+2xOHbNpopBdHl6sFYF+q7x2UKXpmu5+d eRDNg7ugCPSuao38ypflow5dKZefw63u3zFoIhNsoWJdoHi4QMjhuwRylhyacxkabhHS xnjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=4mXnvgu1Vwr+SoATOlTxKmQ2xhG/deuCsCsUsH0vtAg=; b=Z1QnOIT82e74iL1+lcIuLz4fo5Gb2h9s4K/vtvMTdMCHZjbOzejtKBzPIL97LTBR/3 CdjachfKh5k4HGXJLK5llXatdnhzyqzMUeW9pwi2Yq1vXJDoZea/mp8F4Ev7CRPSRjcu NnayNi9/CiHACkUPUnN6p5mVfoU5BDItNv7MwNLx7BeoggtimwyKLqgoNp+nWgZjOv7s 0jySPXdMkzLiEnHWPX/fu28EVTjRTAgWsvg0tFaeOMUoYgNPsXVkVa8hYNIcrVqCdT6g egHf+s29N32o62eBXuTQOkmkHsqHLJ7IRAg9nzWnoKvKo0MY+Flbil4aehfHpa32DU5Z DREw==
X-Gm-Message-State: AMCzsaVsl9J/wQMz67WgnZbupi9x9FghQYY/DfLbP8oHxgGpm1asfRUR iLPT/hZXvmx67Iw97z5RT/mk3nJ5C3uhqIL+5WCigpIyKWQ=
X-Google-Smtp-Source: AOwi7QDMj1EfA3Z0f8UIewBgb03qNsNLvLzd91YCpOOMOXUgZtYBsl8rE5WMFUg/VxNRVHNJlGAXh7GdMDqcClDXyrI=
X-Received: by 10.107.88.22 with SMTP id m22mr21589264iob.284.1506912469980; Sun, 01 Oct 2017 19:47:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.51.142 with HTTP; Sun, 1 Oct 2017 19:47:26 -0700 (PDT)
In-Reply-To: <150667982622.13933.4662167540602943664@ietfa.amsl.com>
References: <150667982622.13933.4662167540602943664@ietfa.amsl.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 2 Oct 2017 11:47:26 +0900
Message-ID: <CAKD1Yr2vEqBxUzMv2K4r89dE3GK-UqLVpgX1Bam=c-c32CMujQ@mail.gmail.com>
To: "v6ops@ietf.org WG" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="f403043d12987b98b9055a87668f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/EbF-7q17N9qy8N4KV2mOMuMY9YY>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-12.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2017 02:47:54 -0000

On Fri, Sep 29, 2017 at 7:10 PM, <internet-drafts@ietf.org> wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the IPv6 Operations WG of the IETF.
>
>         Title           : Unique IPv6 Prefix Per Host
>         Authors         : John Jason Brzozowski
>                           Gunter Van De Velde
>         Filename        : draft-ietf-v6ops-unique-ipv6-p
> refix-per-host-12.txt
>

LGTM. Thanks for continuing to iterate on feedback. I think this document
is very important, as it is the only  currently-deployable way to provide
users with multiple IP addresses (and thus follow RFC 7934) on public
networks where there is the possibility of devices attacking each other or
attacking the network.

A couple of minor suggestions for improvements.

1. Since most devices have privacy addresses on by default these days, I
would suggest the following tweaks:

   1. "Each host can consequently use SLAAC or any other method of choice
   to select its /128 unique address." should instead read "Each host can
   consequently use SLAAC or any other method of choice to select IPv6
   addresses in the prefix."
   2. "After the subscriber received the RA, and the associated flags, it
   will assign itself a 128 bit IPv6 address using SLAAC." should read "After
   the subscriber received the RA, and the associated flags, it will assign
   itself one or more 128-bit IPv6 addresses using SLAAC."

2. Thanks for adding text to section 5 addressing the concern about RAs
expiring. One thing I think is not covered is: current Android devices will
actually disconnect when their IPv6 address becomes deprecated. So you
might want to set the preferred lifetime to 3600s as well.

I would also suggest: given that 514 and 686 look like strange numbers,
just mention that these numbers result in an average RA interval of 600s.
:-)

Cheers,
Lorenzo