IETF Logo Mail Archive

[v6ops] Re: Fwd: [E] New Version Notification for draft-mishra-v6ops-variable-iids-problem-statement-01.txt

Daryll Swer <contact@daryllswer.com> Wed, 18 September 2024 02:29 UTC

Return-Path: <contact@daryllswer.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0B4C15155F for <v6ops@ietfa.amsl.com>; Tue, 17 Sep 2024 19:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=daryllswer.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0K-pbhwatPHz for <v6ops@ietfa.amsl.com>; Tue, 17 Sep 2024 19:29:39 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CDD5C15152C for <v6ops@ietf.org>; Tue, 17 Sep 2024 19:29:37 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-20573eb852aso2091035ad.1 for <v6ops@ietf.org>; Tue, 17 Sep 2024 19:29:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daryllswer.com; s=google; t=1726626577; x=1727231377; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Jg36xc5tjvA3NjNhNYqcj/rbuUAZS013CwginMeSBqY=; b=I0SOBELYfpKj1L+kavRP8GBCGoSLgnrf846p5zaa1wnhddwC/Bjf1vYHE7QP5bNYbr WMpX4S9j2RPUrYDi6ZAmmOYGHjcrlRL/AI/Fsj3dwzVyLLYL4oDd1bps6TVhfZ77Jx1P E/nioIkA6arrT6J6/rZvSEMH0oLbPKY2nwKjBOgdXgugV0NBe1geOST+zd3MpYFPSjlt 7YGPu00YwQUKdBCZ0LdUXO77+APbf65GvqnQVT3T9cqT53Vcu/MhX9IWCXhB1cGV8jYo OpU2lKyxqkAAMqID+ifE4O4cNMAzjFLkc0fuElN9nXkZwFbyI8RAos5L7pkXwZ1UC2lB 1B2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726626577; x=1727231377; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Jg36xc5tjvA3NjNhNYqcj/rbuUAZS013CwginMeSBqY=; b=b1TUrFp6FZfUi5hRBwGW0bnh1gG8soBYcqTMarW3RU/Ioj5JF7kEkwQ6lZFGKFHSm0 2Uw1Ezj0w2DvEImVi/lFqK91wlnvjgLKNZFXrD2+b/rP6jaoxFu+ZFeoRtbv6SZTVSRT VBjYQSqZE30XeZdZw+Cp1iWaxNMppbFCEpz+y0tCdIupFZzWNTgNBOyu/+VpHm1OE6jm ZR2cCH6JP0k+2WdRP3h03+Sm3OnSUXFxMEaEXvy2rZelTKZBC69D0iVJRUAdFIHT69fd u3hQiPImyMaJXxwBAawaEIj5zuOhqKntOMOayBKOAXGV3pSiIVWqi17XotWowIELJlM6 TFrQ==
X-Gm-Message-State: AOJu0Yw/syhRsMlvDaOiWsP9hW98LnCxCaIzwPk2qh17X8Xek6hsgYNS ivZNGe0Sm5piWPJn4OD4PGoAjnX7KyeKjJp1i/BtdZk4Gk8/GCjiQA87Xs1c+32uTe++esImLbp aVXk=
X-Google-Smtp-Source: AGHT+IFAqMrvG/HTUKu4g26vkotwFOnUBn86QxWhbQrpHuofIRZ7iiVPfP+lQHqZBF9BJnbFqofpew==
X-Received: by 2002:a17:903:18b:b0:205:753e:e2e6 with SMTP id d9443c01a7336-2076e592a0amr301607995ad.16.1726626576409; Tue, 17 Sep 2024 19:29:36 -0700 (PDT)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com. [209.85.216.42]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-207945dc51esm55659525ad.52.2024.09.17.19.29.35 for <v6ops@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Sep 2024 19:29:36 -0700 (PDT)
Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-2db85775c43so249438a91.0 for <v6ops@ietf.org>; Tue, 17 Sep 2024 19:29:35 -0700 (PDT)
X-Received: by 2002:a17:90a:bb83:b0:2c9:6abd:ca64 with SMTP id 98e67ed59e1d1-2db9fc67477mr32538764a91.9.1726626575322; Tue, 17 Sep 2024 19:29:35 -0700 (PDT)
MIME-Version: 1.0
References: <172176385611.611136.3361111887074779612@dt-datatracker-659f84ff76-9wqgv> <CAJhXr986yXVysGf6QQLvWYudQMYf+zMQ3BJrrNaj7L6hfu1xjg@mail.gmail.com> <CABNhwV1dspJRUZ15eX0sWupEAg+pLAp-3GMA5dEKF-X04MwQRw@mail.gmail.com> <CABNhwV0zP5C2uCcki=g7WDb_0Aqs8Q=15SV1r8yNM3E7-b+fVg@mail.gmail.com>
In-Reply-To: <CABNhwV0zP5C2uCcki=g7WDb_0Aqs8Q=15SV1r8yNM3E7-b+fVg@mail.gmail.com>
From: Daryll Swer <contact@daryllswer.com>
Date: Wed, 18 Sep 2024 07:59:00 +0530
X-Gmail-Original-Message-ID: <CACyFTPGfWC4jpddD9O3BD=08fSq-sGg4g=2n6EC8N3MmsRFYOQ@mail.gmail.com>
Message-ID: <CACyFTPGfWC4jpddD9O3BD=08fSq-sGg4g=2n6EC8N3MmsRFYOQ@mail.gmail.com>
To: Gyan Mishra <hayabusagsm@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ae9f1a06225b9358"
Message-ID-Hash: VUA6RBFWNWGAJ3FEE4OBPAFTGIEKM6JX
X-Message-ID-Hash: VUA6RBFWNWGAJ3FEE4OBPAFTGIEKM6JX
X-MailFrom: contact@daryllswer.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IPv6 Operations <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Fwd: [E] New Version Notification for draft-mishra-v6ops-variable-iids-problem-statement-01.txt
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/EoSeZAXbU8ewGTUnudzXTVPopU4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

>
> Issue -#2


I see no reason to ever go smaller than a /64. A statement in issue #1
chiefly “waste of address space” suggests, IPv4-centric thinking is driving
this idea, to my understanding.

Lorenzo Colitti and few others brought up up race to the bottom with the
> /80 that ISPs would adjust to /80 as their new allocation.  Lorenzo kept
> saying that ISPs would try to push to move the IID  further shorter with
> this move opened door to race all the way down which didn’t make sense to
> me.
>
Many ISPs are still stuck on IPv4-centric mindset, this percolates down to
their IPv6 deployment, I've seen strange deployments where for example,
they don't do ia_pd, only do ia_na with a /128 GUA address and asks the
customer to NAT66.

Then there are ISPs that do obscure subnetting models in their IPAM, like
using a /120 as “large prefix delegation” because apparently a /64 or /56.

Recently I was contacted by an ISP, whose franchisee did something even
stranger, they used ULA for the “WAN” side of the CPE and a /64 that
changes every few minutes on the “LAN” side (ia_pd) and it lead to
unpredicable behaviour on the CPE side (IPv6 connectivity didn't work at
all).

The /64 vs /56 issue is a problem already as many ISPs have locked down to
single /64-only preventing multi-VLAN usage of IPv6, going smaller than /64
will only encourage the IPv4-centric mindset.

NCE cache exhaust



I mentioned NCE cache exhaustion and Nick and few others said why do we
> need VLSM we can address the entire network including P2P with /64 and no
> issues in the chat and I mentioned to read /127 RFC 6164.


In my opinion, this is a non-issue, because most network devices have
default ICMPv4/v6 rate-limiting applied out of the box, this includes
popular host OSes that are Linux-based for example. In addition to control
plane rate-limiting out-of-the-box, if someone is trying to DDoS your
network or specific IPv6 addresses (perhaps rDNS scraping?) to try and
“exhaust” the NDP table, your internal DDoS protection systems will kick-in
and scrub/re-route traffic anyway. And you can always configure a size for
the NDP table, that you think is reasonable for your specific use-case.

Implementation details may also come into play, for example, if the link is
P2P, and we use a /64, ::1 and ::2 on each device respectively and NDP
learning has taken place and these two entries are on each respective
device's table, they likely will remain in the table, even if you
intentionally flood the NDP Table (ICMPv6 again has rate limiting on the
control plane) as they were previously and still are “REACHABLE” state,
they wouldn't just get removed from the table and the system will continue
to probe it, therefore connectivity isn't affected.

I've stopped doing /126s-/127s for any network that I do IPv6 deployment
for, /64 minimum, everywhere, including PtP, no complaints so far, from
small networks to semi-large networks.

*--*
Best Regards
Daryll Swer
Website: daryllswer.com
<https://mailtrack.io/l/c173a9ccbcd36d8ae273cceaadfe8b0a3af00038?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=168cd34c0f2644db>


On Wed, 18 Sept 2024 at 03:45, Gyan Mishra <hayabusagsm@gmail.com> wrote:

> Dear v6OPS
>
> Here is a list of issues that were brought up during IETF 120.
>
> Right now we are picking up where 6man discussion left off on Issue #2
> race to the bottom.
>
> Many Thanks!!
>
> Gyan
>
> Issue #1 Problem statement discussion on fixed /64 provisioning systems as
> reason to change the standard
>
> Most against  the idea of changing the standard for the sake of
> provisioning systems that are fixed at /64.
>
> Other problems discussed that I think are valid reasons for variable IID -
> what does everyone think?
>
> - Requirements for VLSM and on a subnet with mix of SLAAC, DHCPv6 and
> static which is almost always the case both static and DHCPv6 are stuck at
> the /64 boundary as well.
>
> - waste of address space having a 64 bit IID
>
> - Private and enterprise subnets that don’t have privacy requirements
> should be able to  have longer prefixes shorter IID / VLSM capabilities.
> This has been a Day 1 ongoing concern and question by engineers deploying
> IPv6.
>
> Issue -#2 Race to bottom
>
> Lorenzo Colitti and few others brought up up race to the bottom with the
> /80 that ISPs would adjust to /80 as their new allocation.  Lorenzo kept
> saying that ISPs would try to push to move the IID  further shorter with
> this move opened door to race all the way down which didn’t make sense to
> me.
>
> The standard I am proposing would only allow up to /80 length prefix with
> 48 IID bits.  That would be the standard proposed so ISPs can at most
> change their allocations from /64 to /80 but that would be all that’s
> allowed since the SLAAC standard for IID length would be minimum of 48
> bits.  There are a lot of ISPs that have the fixed /64 provisioning systems
> issue so those would all be stuck at /64.
>
> If GUI is a major issue which I don’t we say that ULA can be used for
> variable IID and here since there is no race to bottom concern we can use
> the entire bit range from /4 - /128
>
> issue #3 Miscellaneous topics
>
> NCE cache exhaust
>
> I mentioned NCE cache exhaustion and Nick and few others said why do we
> need VLSM we can address the entire network including P2P with /64 and no
> issues in the chat and I mentioned to read /127 RFC 6164.
>
> Issue #4 Technical issues -
>
> technical issue with in draft mentioning that SLAAC is not variable and
> that it is variable already and that is not where the fixed /64 boundary
> comes which from RFC 4291 section 2.5.1.  I think there a bunch of drafts
> that mention the /64 IID boundary mentioned in the draft.
>
> Issue #5 Operational concerns with solution
>
> Bob did not like the implementation issues with mix of modified and
> unmodified devices even though not recommending he said it would be
> impossible that we would definitely have mix devices and no way to avoid
> and was the main reason for not supporting the draft.
>
>
>
> Kind Regards
>
> Gyan
>
>
>
> ---------- Forwarded message ---------
> From: Gyan Mishra <hayabusagsm@gmail.com>
> Date: Sat, Jul 27, 2024 at 3:12 AM
> Subject: Fwd: [E] New Version Notification for
> draft-mishra-v6ops-variable-iids-problem-statement-01.txt
> To: IPv6 Operations <v6ops@ietf.org>
>
>
>
> Dear v6OPS
>
> I did not have enough time to respond at the MIC on the questions asked.
>
> So I would like to field some of those questions now and see how everyone
> fields about this draft.
>
> Issue #1 Problem statement discussion on fixed /64 provisioning systems as
> reason to change the standard
>
> Most against  the idea of changing the standard for the sake of
> provisioning systems that are fixed at /64.
>
> Other problems discussed that I think are valid reasons for variable IID -
> what does everyone think?
>
> - Requirements for VLSM and on a subnet with mix of SLAAC, DHCPv6 and
> static which is almost always the case both static and DHCPv6 are stuck at
> the /64 boundary as well.
>
> - waste of address space having a 64 bit IID
>
> - Private and enterprise subnets that don’t have privacy requirements
> should be able to  have longer prefixes shorter IID / VLSM capabilities.
> This has been a Day 1 ongoing concern and question by engineers deploying
> IPv6.
>
> Issue -#2 Race to bottom
>
> Lorenzo Colitti and few others brought up up race to the bottom with the
> /80 that ISPs would adjust to /80 as their new allocation.  Lorenzo kept
> saying that ISPs would try to push to move the IID  further shorter with
> this move opened door to race all the way down which didn’t make sense to
> me.
>
> The standard I am proposing would only allow up to /80 length prefix with
> 48 IID bits.  That would be the standard proposed so ISPs can at most
> change their allocations from /64 to /80 but that would be all that’s
> allowed since the SLAAC standard for IID length would be minimum of 48
> bits.  There are a lot of ISPs that have the fixed /64 provisioning systems
> issue so those would all be stuck at /64.
>
> If GUI is a major issue which I don’t we say that ULA can be used for
> variable IID and here since there is no race to bottom concern we can use
> the entire bit range from /4 - /128
>
> issue #3 Miscellaneous topics
>
> NCE cache exhaust
>
> I mentioned NCE cache exhaustion and Nick and few others said why do we
> need VLSM we can address the entire network including P2P with /64 and no
> issues in the chat and I mentioned to read /127 RFC 6164.
>
> Issue #4 Technical issues -
>
> technical issue with in draft mentioning that SLAAC is not variable and
> that it is variable already and that is not where the fixed /64 boundary
> comes which from RFC 4291 section 2.5.1.  I think there a bunch of drafts
> that mention the /64 IID boundary mentioned in the draft.
>
> Issue #5 Operational concerns with solution
>
> Bob did not like the implementation issues with mix of modified and
> unmodified devices even though not recommending he said it would be
> impossible that we would definitely have mix devices and no way to avoid
> and was the main reason for not supporting the draft.
>
>
>
> Kind Regards
>
> Gyan
>
> ---------- Forwarded message ---------
> From: Mishra, Gyan S <gyan.s.mishra@verizon.com>
> Date: Fri, Jul 26, 2024 at 6:42 PM
> Subject: Fwd: [E] New Version Notification for
> draft-mishra-v6ops-variable-iids-problem-statement-01.txt
> To: Gyan S. Mishra <hayabusagsm@gmail.com>
>
>
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Tue, Jul 23, 2024 at 3:44 PM
> Subject: [E] New Version Notification for
> draft-mishra-v6ops-variable-iids-problem-statement-01.txt
> To: Alexandre Petrescu <Alexandre.Petrescu@cea.fr>, Alexandre Petrescu <
> alexandre.petrescu@cea.fr>, Dmytro Shytyi <dmytro@shytyi.net>, Dusan
> Mudric <dmudric@ciena.com>, Gyan Mishra <gyan.s.mishra@verizon.com>,
> Naveen Kottapalli <nkottapalli@benu.net>
>
>
> A new version of Internet-Draft
> draft-mishra-v6ops-variable-iids-problem-statement-01.txt has been
> successfully submitted by Gyan Mishra and posted to the
> IETF repository.
>
> Name:     draft-mishra-v6ops-variable-iids-problem-statement
> Revision: 01
> Title:    SLAAC Prefixes with Variable Interface ID (IID) Problem Statement
> Date:     2024-07-23
> Group:    Individual Submission
> Pages:    32
> URL:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_archive_id_draft-2Dmishra-2Dv6ops-2Dvariable-2Diids-2Dproblem-2Dstatement-2D01.txt&d=DwICaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=DnUkF34wu4mqq0UY8nn2rxBBO7qOW_D-RfNVLML28ZU&m=yOpsg61LTbRxJVfirFFKnW_889SuNFJeQWVHZYnBPs7SroiFpUYTIAiYneYXFEX6&s=KE68wUuGE8eBtHyZXBH7xy5bkVxyNrwUEV470cRrOfQ&e=
> Status:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dmishra-2Dv6ops-2Dvariable-2Diids-2Dproblem-2Dstatement_&d=DwICaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=DnUkF34wu4mqq0UY8nn2rxBBO7qOW_D-RfNVLML28ZU&m=yOpsg61LTbRxJVfirFFKnW_889SuNFJeQWVHZYnBPs7SroiFpUYTIAiYneYXFEX6&s=7I3vuUcKRci0Kx5N6lrk7sD5Xh6c5I8AEV_CvpgOopM&e=
> HTMLized:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dmishra-2Dv6ops-2Dvariable-2Diids-2Dproblem-2Dstatement&d=DwICaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=DnUkF34wu4mqq0UY8nn2rxBBO7qOW_D-RfNVLML28ZU&m=yOpsg61LTbRxJVfirFFKnW_889SuNFJeQWVHZYnBPs7SroiFpUYTIAiYneYXFEX6&s=JN176NxWs36PKk_UbEEv9Zw2DuyM0RI4J0mY1c98Nqo&e=
> Diff:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__author-2Dtools.ietf.org_iddiff-3Furl2-3Ddraft-2Dmishra-2Dv6ops-2Dvariable-2Diids-2Dproblem-2Dstatement-2D01&d=DwICaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=DnUkF34wu4mqq0UY8nn2rxBBO7qOW_D-RfNVLML28ZU&m=yOpsg61LTbRxJVfirFFKnW_889SuNFJeQWVHZYnBPs7SroiFpUYTIAiYneYXFEX6&s=ugar0T977pbBkM0q6A8yH6-uF8ufScX6AtiecmpKnT4&e=
>
> Abstract:
>
>    In the past, various IPv6 addressing models have been proposed based
>    on a subnet hierarchy embedding a 64-bit prefix.  The last remnant of
>    IPv6 classful addressing is a inflexible interface identifier
>    boundary at /64.  This document details the 64-bit boundary problem
>    statement.
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> v6ops mailing list -- v6ops@ietf.org
> To unsubscribe send an email to v6ops-leave@ietf.org
>

v2.38.3 | Report a Bug | By Email | System Status