Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update might break current ULA+IPv4 hostnames
Ole Troan <otroan@employees.org> Mon, 13 November 2023 07:39 UTC
Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49B90C14CF1D for <v6ops@ietfa.amsl.com>; Sun, 12 Nov 2023 23:39:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFUn086Xwng0 for <v6ops@ietfa.amsl.com>; Sun, 12 Nov 2023 23:39:46 -0800 (PST)
Received: from proxmox01.kjsl.com (proxmox01.kjsl.com [204.87.183.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B083C14F75F for <v6ops@ietf.org>; Sun, 12 Nov 2023 23:39:46 -0800 (PST)
Received: from proxmox01.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox01.kjsl.com (Proxmox) with ESMTP id 042AEE38F0; Mon, 13 Nov 2023 07:39:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=Rxd+53B9vpsM0Ofj dvX4WHT3hpokqGAUtRaUTzuY1wI=; b=LVFPQaR4/OwoloOVqjMlL0IHDq6qVlH0 bpiP3dxwd9GKdg5Xy/+4tTPkwp72uFICQySLI/6q6f/KyvG/ToowCfnl+ZiiqgYn LNJ28m4x+eHCt+frSAXvlmRnGJG7vscCYZ12vBJ5x8fa7VEtzIAVr1i4lZ0TB8W1 loswbFzhxmNbRxDd0XK/xJl4kh7El3iJL2QdYr+bhGRAhfiUCuKo0YqG7c2VEZtt 0U+02dmlpm37Rl2bUF07qj/FmNXNHXIoP6DvcWwLleZ9yMdlC6yqPJzGhjFX2Fp4 x1mzES4XNkFnj5d6+R6rPR9pzSd5P2AY4MvXXGQg2Xjhicwh+JocCw==
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox01.kjsl.com (Proxmox) with ESMTPS id D4D2FE3862; Mon, 13 Nov 2023 07:39:45 +0000 (UTC)
Received: from smtpclient.apple (unknown [IPv6:2001:420:44c1:1250:c9a7:b23:96c4:36d0]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 245754E11B81; Mon, 13 Nov 2023 07:39:44 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <CAN-Dau2rfT8AmWzsLmHT0scB5vsLF4X3E+cprX8shwaxJAwM2w@mail.gmail.com>
Date: Mon, 13 Nov 2023 08:39:32 +0100
Cc: Mark Smith <markzzzsmith@gmail.com>, IPv6 Ops WG <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FBB917E3-712B-40A5-9DD3-F309DC4383BE@employees.org>
References: <CAO42Z2ypqtQT85iccM0N59885Zp+o+X-Lx34CjvaAf+JH9go3w@mail.gmail.com> <52796575-6400-4017-BA5C-4746B187B285@employees.org> <CAN-Dau2rfT8AmWzsLmHT0scB5vsLF4X3E+cprX8shwaxJAwM2w@mail.gmail.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Fx4LcKzVBPcpCgcNEE3kfLNtCBQ>
Subject: Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update might break current ULA+IPv4 hostnames
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2023 07:39:50 -0000
David,
> > Normally, Host A's ULA address should have a path through the local
> > network to Host B's ULA address and vice versa, so Host A and B's ULA
> > addresses should be preferred over Host A and Host B's GUA addresses.
>
> Come to think about it. Wouldn’t RFC6724 also fail in the MPMH case?
>
> Yes, it will fail in some cases but succeed in others.
> Source host A with GUA1+GUA2 (from ISPA AND ISPB)
> And destination host B with GUA3.
>
> 6724 will return the source address with the longest matching prefix to GUA3. So only one of these:
>
> {GUA1, GUA3}
> {GUA2, GUA3}
>
> The SA determines exit path, so depending on which ISP is down. Communication will fail.
> Redundancy is the whole point of multi-homing…
>
> If there is a soft failure of the provider of the selected SA, there will be a failure. If there is a hard enough failure to cause the withdrawal of one of the RAs, then redundancy will work.
Using addressing as a reachability indicator is wrong. RAs may only work when hosts are directly connected to exit.
> The other case I am concerned about is the one where within a single network multiple routers make up their own ULA and use that to assign addresses to directly connected hosts but do not participate in routing. We then have multiple disjointed ULA domains within the network. With RFC7078 and SNAC routers I am not sure if we can avoid that. This would possibly have been cleaner with site-locals.
>
> In many cases you refer to, the disjoint ULA domains are likely to be ULA-only domains. If there are ULA-only domains, there will only be ULA destinations to try, and they will be reachable or not. When we mix ULA, GUA, and IPv4, things get really complicated. ULA-only domains should be relatively straightforward.
Just working through all the cases where the 6724 approach fails.
From a 4007 point of view it’s possible to deploy ULAs in a more complex (and convoluted) fashion than site-locals.
Anyway, from a pure 6724 perspective. Why isn’t the correct solution to return all candidate sources for a given destination, instead of only the “best”. Then it’s up to the upper layers to walk through the list of candidate sources / candidate destinations until one or multiple connections is achieved.
As Brian has pointed out this may have some consequences for the Linux APIs, but then again we aren’t standardising this for only one implementation either.
O.
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Nick Buraglio
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Ole Trøan
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… David Farmer
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Brian E Carpenter
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Brian E Carpenter
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Ted Lemon
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Mark Smith
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Ted Lemon
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Ted Lemon
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Vasilenko Eduard
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Ole Trøan
- Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update… Ole Troan