Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds

"Bernie Volz (volz)" <volz@cisco.com> Thu, 31 October 2019 00:54 UTC

Return-Path: <volz@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83BFD12006B; Wed, 30 Oct 2019 17:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bkGBSITm; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ty5oq68a
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wosy9heyjQXH; Wed, 30 Oct 2019 17:54:15 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 631C5120018; Wed, 30 Oct 2019 17:54:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11125; q=dns/txt; s=iport; t=1572483255; x=1573692855; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/yCLCmeEmzGuzus025EdDF9enuq4dikgdDbdxGJzULQ=; b=bkGBSITmQ5hBDWSZLS5vJH7BmSeUTIv+jMCes7Jh3/3NPxT3NPBmxNjB WCWRiMlTInphgnnUeYFXD5e414h3dubX8ZhjSPQgUYyMfN+0VMlrnR7e2 tvxv+vkMYgm9ktRmi+9ddFL71ibqR916IX1Bp8uCzw5U5nj3Purw9r9tF A=;
IronPort-PHdr: =?us-ascii?q?9a23=3AX3BZ2hQlXoWDigezehs14fI5Ltpsv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESUANfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5NksAKh0olCc+BB1f8Kav0aCgoNM9DT1RiuXq8NBsdFQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DXAAB1MLpd/4gNJK1lGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYF9gRwvUAWBRCAECyoKhB6DRgOKc4I5ky+EYYJ?= =?us-ascii?q?SA1QJAQEBDAEBLQIBAYRAAheDTyQ4EwIDCQEBBAEBAQIBBQRthTcMhVICAQM?= =?us-ascii?q?SER0BATcBDwIBCA4xAwICAjAUEQIEAQ0FGwQDgwCBek0DLgGoAQKBOIhgdYE?= =?us-ascii?q?ygn4BAQWFEhiCFwmBNowRGIF/gTgME4JMPoQvCYMdMoIsjROCaoU8mDkKgiS?= =?us-ascii?q?VMRuZX4RXhhODVplOAgQCBAUCDgEBBYFpIoFYcBVlAYJBUBAUgwYMF4NQilN?= =?us-ascii?q?0gSiLB4EvAS9eAQE?=
X-IronPort-AV: E=Sophos;i="5.68,248,1569283200"; d="scan'208,217";a="353957947"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Oct 2019 00:53:59 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x9V0rxe2023567 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 31 Oct 2019 00:53:59 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Oct 2019 19:53:58 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Oct 2019 19:53:58 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 30 Oct 2019 20:53:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HHYEbtFrmq0cOoFRDoVndekImRRlMwp/LH5K/Vxop8/GyK6HcJWBUltyCrI6MZYfU+Abr7Nj2VPV+71jC5u/s5t3Aic5uErmmqa7vbJFOVNwAnGdFmYTmwyVAmoB32qZcEI3XADK2dSraBl6+4GIGDbTjglq2TrPZaR0O+4W/AiqY7kDM/YftugyhOQ+g+reoiPEacG41MzsMbpd96ZXN/FfzaHzOOJ/VKGoCBLIWKkHqvWB/TKEJGSwEZiatun9D+7sDZu9Y7Q2Lydrt3GVlt5QGDU4slZoNVki9s514MODqdt/kBS3E/qw1dh5uSqYBLeDzpDOUuNOyVXv8sLNuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/yCLCmeEmzGuzus025EdDF9enuq4dikgdDbdxGJzULQ=; b=JSmhroilL8dk28tOltVWjRRbKXD1cH/p7HeRAvWu4WUuiJmPYN+BQAK0MRiW2+IQVH0OYDQCfPqXVqNJe6Oy/GdQi3GxJoHju3ktRkjLS24+ckHX4+spw8aiVChiTzTrMWLnRnKc+mDpJ1Yh2r74y/oiCiETTh36BGozGPt4IMVseDOvPax0WIsfG/8YJ+j4mZ5X44wdXZ0G3gqkcWtwh/1HJ8EyCDXThNBkJfecF472BkFGRXSWTOY9McnC7E/a1kF8jBGi5Sg0D+wKRfUw/eK/sDxzDKhMIdJcmeaFWEcrpNREXGsdi38O4V9xGJ8DT4IhivgtJrkahkYq+eqXAg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/yCLCmeEmzGuzus025EdDF9enuq4dikgdDbdxGJzULQ=; b=ty5oq68aIt8nqufDHCKCRnmq0e5Xdwg6CfRLBblzOFedaVaLa3woM6CTBWcWDhpK6i6K017jgsuXN1rZuKR03bWCzcPVdCC2FQywUcrvslkZywYjBUcAh/NbTsgpYvC2iPfEnTGbcRHKePNiwyKp6+tztQ0sVuNHQE+fyy/rbUg=
Received: from MWHPR1101MB2288.namprd11.prod.outlook.com (10.174.97.139) by MWHPR1101MB2142.namprd11.prod.outlook.com (10.174.99.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Thu, 31 Oct 2019 00:53:56 +0000
Received: from MWHPR1101MB2288.namprd11.prod.outlook.com ([fe80::808:4d44:a5d1:c7f6]) by MWHPR1101MB2288.namprd11.prod.outlook.com ([fe80::808:4d44:a5d1:c7f6%11]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 00:53:56 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Ted Lemon <mellon@fugue.com>, Bud Millwood <budm@weird-solutions.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
CC: IPv6 Operations <v6ops@ietf.org>
Thread-Topic: [dhcwg] [v6ops] SLAAC renum: Problem Statement & Operational workarounds
Thread-Index: AQHVj3NwV9i3QJoK8Ua4yd4/ygUlcadz0cUAgAADvgCAABbtIw==
Date: Thu, 31 Oct 2019 00:53:55 +0000
Message-ID: <A72A93B2-B947-4365-A811-50D8908B01EA@cisco.com>
References: <MWHPR1101MB2288616D545F3DAD1D1734A1CF600@MWHPR1101MB2288.namprd11.prod.outlook.com> <CAOpJ=k06SRAHR7S+UmvFu=zvyk8j_uica2gdbBij+5pr+Jykww@mail.gmail.com> <C0A66DA1-29DE-456A-934D-7ECC07575336@cisco.com> <8755B40E-4075-4AAC-BF59-19B6DF9BA6D1@cisco.com> <B23EE439-1509-43FB-9813-F330117DBF42@fugue.com> <CAOpJ=k25ML8Z0_QRN8yoYdXut=tsZBwtBZEstceT45csb1Aunw@mail.gmail.com>, <E8D9F8C2-C4C1-44CC-AB06-87A3461B704A@fugue.com>
In-Reply-To: <E8D9F8C2-C4C1-44CC-AB06-87A3461B704A@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [24.233.121.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2b9e8d2a-4424-4b08-5cfa-08d75d9ccebd
x-ms-traffictypediagnostic: MWHPR1101MB2142:
x-microsoft-antispam-prvs: <MWHPR1101MB21429AF5D0FE23A5FB484073CF630@MWHPR1101MB2142.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02070414A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(376002)(346002)(366004)(199004)(189003)(229853002)(14444005)(99286004)(76176011)(236005)(256004)(66476007)(66556008)(64756008)(66446008)(8936002)(3846002)(11346002)(91956017)(2501003)(6512007)(446003)(6116002)(54896002)(316002)(478600001)(7736002)(66946007)(76116006)(6246003)(36756003)(186003)(71190400001)(71200400001)(2616005)(4326008)(486006)(25786009)(53546011)(6506007)(86362001)(8676002)(2906002)(6486002)(5660300002)(6436002)(66066001)(110136005)(26005)(102836004)(81166006)(81156014)(33656002)(14454004)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR1101MB2142; H:MWHPR1101MB2288.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lvvQrCT3RI/G/eKZkeSlcMTtxTW4JK6cZM1r+NUNqLg4zYpPCszv4hehKXk5MoA8VSdp9baDF0ipRXDNCU/sDcwmqFL8eABFAlKFmN4RM3Z/Sh/gmdo19EFpLzGRble1M154XzFNLEPaNNtGnaM/IqJ6DHLNRiHhl0nBivmmr+td8IwseeFNPoNsxuEgPaRABlW6pccs2CJR09de0yge584B0WailaqQJeCfLG7+WeMBTUoctOIcGNsjMjY/0s3WweSr47jQguKI+yAXtIVfWD3Q9T7BVNcA4/JtzgSfBxnwYY2GYdJFpiP4MxkqYrzlbkntEilk5Tml361Ip5dZNb59e8u0jBWmNiTnMX1UlIIoOhS5FDqDqSFn+9Be94JASO7DpUCbJpJjoMf8UXpvAeosNN1d9ty21s9V3uXllgkFrRgdSKB5t10yG3rSnlhL
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_A72A93B2B9474365A81150D8908B01EAciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b9e8d2a-4424-4b08-5cfa-08d75d9ccebd
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 00:53:55.5644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KXfQK65BWIoC2LMYUk1ELYYdGbZoF8lKV8BWukHkEMnVJHrWBAwr1q43oizId9kk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2142
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/GVM1Qs5V9VN5PJ_jpc6ODe4_m7E>
Subject: Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 00:54:17 -0000

Mark Smith on v6ops ml wrote:

“I think Ole observed that this is contrary to what the PD prefix's Valid Lifetime said would be the case. The ISP supplied a PD Prefix with a Valid Lifetime of X seconds, and then broke that promise by abruptly changing addressing before X seconds. ISPs should be expected to live up to their Valid Lifetime promises.”

And it would be worth better understanding exactly what happens in these situations (perhaps it was covered earlier but I missed or lost that)  ... if the Prefix configuration really is radically changed, even the SP dhcp server may be unable to assist.

- Bernie

On Oct 30, 2019, at 7:32 PM, Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:

On Oct 30, 2019, at 7:18 PM, Bud Millwood <budm@weird-solutions.com<mailto:budm@weird-solutions.com>> wrote:
It's not so much about the lifetime of the prefix as about putting two
prefixes in a reply to a request, right? And any CPE that can't handle
that gracefully gets hosed. I agree that providers of course need to
test this feature, and a server side configuration makes that
possible. Also, I'm all for firmware upgrades, but requiring it to fix
a hosed CPE is could be a big issue.

The thing is, if they can’t handle a two-PD response, they are out of spec.  This is already allowed in the RFC.

Granted, there may be plenty of CPEs that won’t handle this correctly.   If they can be bricked by a message with two PDs, then bricking them is the right thing to do, because that’s a zero-day vulnerability wide open on the customer network.