IETF Logo Mail Archive

Re: [v6ops] ULA precedence [Thoughts about wider operational input]

"Ackermann, Michael" <MAckermann@bcbsm.com> Fri, 25 March 2022 10:05 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFE33A0BB3 for <v6ops@ietfa.amsl.com>; Fri, 25 Mar 2022 03:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.11
X-Spam-Level:
X-Spam-Status: No, score=-7.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com header.b=jP4GIIp1; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com header.b=Jr3my7i0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ta1uQyzkXgxi for <v6ops@ietfa.amsl.com>; Fri, 25 Mar 2022 03:05:36 -0700 (PDT)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D12823A0BFC for <v6ops@ietf.org>; Fri, 25 Mar 2022 03:05:36 -0700 (PDT)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id 9A15EC0DBAA4 for <v6ops@ietf.org>; Fri, 25 Mar 2022 05:05:35 -0500 (CDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=MAcCT/kkB10dJaEgo941VoowWk5dHa7JKLnJQg8lNKEfm5W26lGq+skbNhw3U+U1 rD9Y8y/2GxdKgN8iXFhVCPjWuVj76wSQf+uONb9mmAOTvG2nakSKytDhT8HtBW USqckVsw7McEzc0Va+/750Cko3FtlCYLyrwBaxwGYIFbo=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1648202735; bh=4FbwmAkVFItZvKlS6/e9Do+g5HJyiAJqgYKtDSmwe7g=; h=From:To:Subject:Date; b=jP4GIIp16JHJgNtqncBwtzuGBj7GAE+3+qFTLbHfKYW8MMikf7MsAXfTsdKFrccZA 4+oqvw0iUfcPajcaFILRrYUBvTBDvMwCuuUT+5nMkx0HeVuiWxpJNZBXe+OQ0q9QmQ 1NMIUC8TA3PiHAFKdKh9f73pebnWJjwxrNohKits=
Received: from imsva1.bcbsm.com (inetmta03.bcbsm.com [12.107.172.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.z120.zixworks.com (Proprietary) with ESMTPS id BCAF241813A7; Fri, 25 Mar 2022 05:05:34 -0500 (CDT)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 649C79206F; Fri, 25 Mar 2022 06:05:34 -0400 (EDT)
X-IMSS-DKIM-Authentication-Result: imsva1.bcbsm.com; sigcount=1; dkim=pass(1024-bit key) header.i=@bcbsm.onmicrosoft.com state=0
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 393D89206C; Fri, 25 Mar 2022 06:05:34 -0400 (EDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (unknown [104.47.55.169]) by imsva1.bcbsm.com (Postfix) with ESMTPS; Fri, 25 Mar 2022 06:05:34 -0400 (EDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EPr1eNofGQu5RSGUfWXmW0VO4QIcLrlV91CYaZh/Sw/I9BGJ1giEZsV29XwZagPXo9+zvnvmYrhkhI8Be/HAFMU+sHUAo/CH2yP40TTCuR4I0pAHzfnfP2QYJhYU5xlTUm9e7Fpq4aeTpthqkMlOwW7AAWvpV2xrFoguytk0059JwJPppGFYVkyHkelCe2bods3S2xkTGFkZG8IV0uDdX+wy5+VmvHjrfAoNzAKg++3W+BDjkzXlNh73CO/hEGIW0vdx6mXswl6gzKkxD0yNpICUMXZJH6hxajufjQbLG661rLmJeM+DtSuc2FKtp24PnY4ceh5I3ABZqseoAM8fvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ehl6EE/ngeQtv0qCcxeuym1kWU9AWt2tSBIC71fENEg=; b=HqKVtxW+oXERHzVOKHILkge2JxFqChazInI96G1x9/RFDiohULZaIAt2SVlJx5ZGx25iHHbFqM48LtyQEntZfk19woJaVuI/f1L+Xwu027mYlvm69WjqnZGAOE3N305huDngoE3c1ILYVi8bUKyA4FIA2CEYliBwieUySqQExECltVG0NXcOOnv4nqx0AB2FeVht5Uid32/tGtz8GnaBlsPdKm6aUyAinP00WZNNri0iiIkgae3qvBPS/eSuiYl5JHxQxgSxmxTfAqX+jT4A+8iSlLeveIJpVCg3B117t9SiafEt5TDwH+SQcTiXpsSqGfkdMXnxw3bzr8kS4vgfDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bcbsm.com; dmarc=pass action=none header.from=bcbsm.com; dkim=pass header.d=bcbsm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector2-bcbsm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ehl6EE/ngeQtv0qCcxeuym1kWU9AWt2tSBIC71fENEg=; b=Jr3my7i0LgTSDy4TpmCBaVNjd6gGx6Lb7CKDovOOk1Yu3aTEuFLsxYlKw4rPBfdg6WGblV41Nx9gaRlP2SmlzSNB+bbsixtQosrTE+A9TuNKfu0RttOl8Rb0eDQOa9LTg+4Uq26mPqxQkix9RWJzTGIlNcaitPImM/5mxM83dHg=
Received: from DM6PR14MB3178.namprd14.prod.outlook.com (2603:10b6:5:118::30) by DM5PR14MB1561.namprd14.prod.outlook.com (2603:10b6:3:cf::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Fri, 25 Mar 2022 10:05:32 +0000
Received: from DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::fc52:941f:cc00:2dd9]) by DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::fc52:941f:cc00:2dd9%5]) with mapi id 15.20.5081.025; Fri, 25 Mar 2022 10:05:32 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Philip Homburg <pch-v6ops-11@u-1.phicoh.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] ULA precedence [Thoughts about wider operational input]
Thread-Index: AQHYP7pnmQTYj/kvKEmClj8Bulf5NazP3rdw
Date: Fri, 25 Mar 2022 10:05:32 +0000
Message-ID: <DM6PR14MB317838AAF77A8E68FD7D8383D71A9@DM6PR14MB3178.namprd14.prod.outlook.com>
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <fd17a91f-68dc-92b5-0544-51aefa1b7f08@gmail.com> <CAM5+tA-Wq5O4pjQ++VZQi-FTKZGMRAW-LFc6O5dPOyox4QZDEw@mail.gmail.com> <YjpA4IH/eI5im8DT@Space.Net> <CAM5+tA-foEATL9uihwD=zoTZ1EvHiwc5k_xKf=GRNYD51REQYQ@mail.gmail.com> <Yjq2Gr2cQjFuQ8ie@Space.Net> <m1nXLes-0000J8C@stereo.hq.phicoh.net> <fc66c61b-2a11-c289-52fa-a89dc841a3aa@gmail.com>
In-Reply-To: <fc66c61b-2a11-c289-52fa-a89dc841a3aa@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bcbsm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eb4b120c-8b48-459c-185b-08da0e46ff7b
x-ms-traffictypediagnostic: DM5PR14MB1561:EE_
x-microsoft-antispam-prvs: <DM5PR14MB15611CA526624167B5B70F22D71A9@DM5PR14MB1561.namprd14.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FZO0UyqIw+MAKXHWLnNRHABapeM2t5vlQsjv7Hh/4XcY5XcWPiN5s5/5bFP2bOYf7FU1GSeiSpX/XZoUg7GaILH+6ZK0+h1eAacoThCbux7hpOJQrHWMVdkdIS1GnW3Qdfquz9Wucu42dhXXMn7I0Rg55+2YhWHU1EhbX752cqiklq1FV13alg78xDDwWo1hoC33hd8Q3j1543LPb/00ZVMFV5KRXf+p3Cxw3A4kDzcjkwAOqD6JPkmxlzRO+gE2zJHgrNg6p90jVuXGAu6HEBBpMlD5gBBJWyi5G3Q1bBZNdXgv1ComjHXjnLOISSyPFCUKkNw3iZM/jUv07H1xpsl2ZY7w2yCLwaE74koTl3eKtDfJLzAUqG8DWQgPHup+PltZspaQoD9EXwCy7ypJw80mpBcCahdI9atNVNUZGOzLT2snurMEBhYDlSobKGqxc6ykMPXA56xfqcGPX3kYqa3nQhOG66lnNKPHZBKDvkK5F/OPeFpGLZZfnI5vb+oeCqIMGEc1B+XteQGnXeV2RByGG6i/PeH6+qG2kTHdrhTAjqhFVfaeaNl8GuQnyVtaa4FiFXBSZ32ZCenxVE3YTlX/Bv8BqWLtjTr2IG5/OG/z4e11fAesNYMRU5tGoLrINiyq6RScb5rWj3oq5zQSN+JCyS6nJwyaM+iVM4kXP1a65mDOy7kTzgtSsUQ5Jvc8zQixsaaUkrbjHsfqGIAxBPhNoctTnqf4p4HG51Ctdw/cIuIx699fmSVmoVD+97crcD608r1CJ3d8r6Hlduk9GJ2IM9QLcDkrqHvbt5bhtuU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB3178.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(83380400001)(52536014)(33656002)(86362001)(38070700005)(26005)(66574015)(186003)(2906002)(6506007)(8936002)(508600001)(53546011)(66446008)(38100700002)(122000001)(5660300002)(7696005)(9686003)(64756008)(66946007)(66556008)(66476007)(316002)(55016003)(71200400001)(76116006)(8676002)(110136005)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GSDUx7F5fP+80/YBemrSLHS/Ejd/IimNx9dT5AjwVmiMjnOKMU5TBwaTpfrvFtvqTMh9cNrM/6gf1MtAWCsIWeXi7YJ8qoyR9DxcLs7BvW1M94yIkYP91KjJSokBBZZhnZEY9NHvMV46fc6C2vHojTDFB1vpJYHukAxakc8BGSa8oVP6VyOYuBO4PUUM7zJAvcctc9dLavgc/fcAxXTxJt0XU2hjvwxVpO9ablBV6AOidzXeMr2SC9t06zUioLTO0IHbkvlsa6A8aPcah9CeS1d7rWbrvKEQ6y9/v8xmqPwdy0bN+HnW8HL54OJ61pqMkFSsRyKoYJ/f6SWeSkPPse/fmQypB+yhezKDiKq+C5yCgPvl6aLnq+rPHfKyOtcYTQ0u26zDApOXtu+UlLWZcRG4gi7+0isyPb10R+6eofFgaVYzBqVkTHfnjxhAI1uT6Cp2zKIiMWUtFjUXMmatGNbUhAZdTXiAly1rEr1bMqbZvqCon2LRxr9FM6Xz1uoq1jMC6bowrvkULLK3xlwfNYWgoOqGogQS6pxP4sYgE6JVdGVdSRGfRiK3PMtcFvcjx91+CPH96m3FEZ/Ist0OW4tWiSptKa38myEaMQFNF/pT2uMN3OsyCJjC7dziELCMvofVaBvQT3ES0MOoPTUe/CMbIvH6RnIEwd0ffIqShPofo7GdJyMqbWl+j3G2Skuy9AQiwH1p2r5FVCpvzjw3x+MzY/56+CVLEl3wXKj+Xb+ae1ngZPHvU4b74Mmf0hxC25xE/3LqZqv652Zma/rSwL8TSL0x4KLw16Lva0C6g7zfZjqoM5GIReAucSPpF1+gM43qJ8l+8rlWuuvD0YGMJgej/eMZ3VGyhKlr6H66XjQpc8arfzpPuwzfSh9m+JiqIX1j2tqaVZ0GBON4t9JUJuDvmkGBsC8KwtajGbKtt64hyMfoqxaCpdYQYP+PW+XFIzzzATdZwNDSvlzxwC9HFmga3F3i9o+nX5LWM7uEmWr3zFOtNu8zzqcAPvuAU/d3so09u5o5K5qVWYB4WYJ8s1lDmukHJAbGxibhFVAtjgZGNPllRtlNys5N0hOm7Br/v1dlGVPovm3VrqhSC3ezNLqH3/MVCNhAf6mXneffOJ6+eJg/Wdar1HIjpOn7kHYybDub5z9UrGaINK2/ALOBWCaWLSsxMw7VZLPtmhA7GDQB8t/6uIjjxw/RSISfNhorZTniVtxmFi7/gDP3SI7LgBOA1sPoUSuAHHrFLNucPV7JUTcPllOo6T36+TmmBs/Ph06khDIBS4U+ez9llKPdCKf9EHkGWyczUL7T9A4nxTJCGu2KyuIWW/T2+++faqc11lYYWWGJmiz5lUUAg8OE2XzeF5I5oFD7ISTuOQSJ/v7tZqWvoQqrpVXGxX53t2NSMTspWQPJSsQzjnMQrSTov8HkeM7fw9f53k8a2QhuC5UwXNASNcvfGaLLek/3TLTC
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB3178.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eb4b120c-8b48-459c-185b-08da0e46ff7b
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2022 10:05:32.2322 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Lyu9okTG0WSMkiymkNLcCX/xS+XAFeU64hkmVLnhte+A0DTvf8v1XHrbxHVOdBOask7WSTxfkkPDSbzAJJZzFA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1561
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm01.z120.zixworks.com
X-VPM-GROUP-ID: 87fa3731-2656-4a5b-9e4f-037ee07c0321
X-VPM-MSG-ID: 46912162-0672-405b-a306-b2749a1a0e76
X-VPM-ENC-REGIME: TLS,Plaintext
X-VPM-IS-HYBRID: 0
X-VPM: TLS Sent
X-VPM-TLS-SENDER: vmvpm01.z120.zixworks.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/FfrTdkT5viCvZq0oNdG685nvv-o>
Subject: Re: [v6ops] ULA precedence [Thoughts about wider operational input]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 10:05:51 -0000

Thanks Brian
Agree on the subject change and agree on  having this looked at in 6MAN.  

I believe that if/when enterprises finally move to IPv6, there will be several ULA use case candidates.   But only if they work right.   Several of these issues you outlined below would seem to force a lot of traffic to stay on ipv4.   
Thanks for looking into this!

Mike


-----Original Message-----
From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Brian E Carpenter
Sent: Thursday, March 24, 2022 4:04 PM
To: Philip Homburg <pch-v6ops-11@u-1.phicoh.com>; v6ops@ietf.org
Subject: [v6ops] ULA precedence [Thoughts about wider operational input]

[External email]


(Trying, far too late, to change the Subject to be the actual subject...)

I wasn't paying enough attention when RFC6724 was done. I think it's even more wrong each time I look at it. For example, it has the consequence that if a pair of hosts have both RFC1918 and ULA addresses, the default for communication between them is RFC1918. D'Oh. If two hosts have ULAs in the same /64, they will nevertheless try IPv4 first. D'Oh. And the default table in RFC6724 is sticky in practice, even if configurable in theory.

I think this needs serious work (in 6MAN most likely).

Regards
    Brian Carpenter

On 25-Mar-22 00:29, Philip Homburg wrote:
>> (Dual-stack cannot be the answer anyway - it will have all the issues 
>> of IPv4, plus the added complications of dual-stack.  Services need 
>> to be dual-stack, but for all the rest, single-stack IPv6 needs to be 
>> the end goal - see facebook etc)
>
> Obviously, on an IPv6-only system, there is no IPv4, so the relative 
> priority of ULA compared to IPv4 does not matter.
>
> I'm curious what IPv4aaS we want to deploy. I consider NAT64 a 
> complete disaster (even if the form of 464xlat). Given how the 
> internet works, we will probably end up with NAT64 everywhere until the end of times.
>
>> This is not what I had in mind.  If "we" decide that ULA is a good 
>> way forward, IETF can update RFCs, and vendors will eventually update 
>> their base OS.  It might take 5 years, but so will everything else in 
>> Big Enterprise land.
>
> The problem with ULA is that we have lots of installations where hosts 
> with a ULA address don't have access to the IPv6 internet. Often, CPEs 
> announce a ULA when the CPE doesn't have an IPv6 uplink.
>
> In contrast, where RFC 1918 was meant for local IPv4 communication, it 
> is now on a very large scale the primary method for a host to reach 
> the IPv4 internet.
>
> So to avoid the situation where we say that ULA is local and then use 
> it to connect to the IPv6 internet, we should just allocate a new 
> space. And explicitly give it the property to connect to the IPv6 
> internet through through some sort of address translation.
>
> There is also a nice tie-in with PI. Obviously, putting millions of PI 
> prefixes in BGP does not scale.
>
> On the other hand, there is no such limit if the PI space is used behind NAT.
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> .
>

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.


This message was secured by Zix(R).

v2.23.0 | Report a Bug | By Email