[v6ops] Re: Dynamic addresses

Daryll Swer <contact@daryllswer.com> Sat, 10 August 2024 14:10 UTC

Return-Path: <contact@daryllswer.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85066C14F61D for <v6ops@ietfa.amsl.com>; Sat, 10 Aug 2024 07:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=daryllswer.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3v0Eqtw5Bne for <v6ops@ietfa.amsl.com>; Sat, 10 Aug 2024 07:10:15 -0700 (PDT)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F174C14F5FB for <v6ops@ietf.org>; Sat, 10 Aug 2024 07:10:14 -0700 (PDT)
Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-7c1324be8easo2452651a12.1 for <v6ops@ietf.org>; Sat, 10 Aug 2024 07:10:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daryllswer.com; s=google; t=1723299013; x=1723903813; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HBYkYTEvU5Bo65hlvYrmCn37LcRYLf7+RjTwbAPlP54=; b=L5XQO8EPoLgXZHZtUe/2xl0cVcfKn4sxWSBAodEphLWdyCiB8OSLd2/jY2O1fBl6EC rMJQ6qhfga7PRbnsnqWT5hhLUQt6+Xgur2CXq+HSM0UpkLPwCpJS6/dZT3lM4C4TyMqj SdRdZo92d76+Zl3xKw6tsr/6B1kk3F8abgxq0ciu5yEsgB/dPuWlHv7JyiEFEs4EyJEo Q7jArCHBnf9Q/vDxorNhJamaaNZApBokT+82KHuhThj42uWvVEY70q49ibSm/1UXb+jH ae/PdWnZidk0jYtv4yNPdBIy+HNJVuOpkJrwv3YGBP+ytrURPFcZ0c5RTiY5N6y2UAPN dxDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723299013; x=1723903813; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HBYkYTEvU5Bo65hlvYrmCn37LcRYLf7+RjTwbAPlP54=; b=HOwhA2ixL8UHTXcoRQrBd97Ye3W9cbSjYcMEYZmTE1dikqjLogMdJEVSGoLCBAnY/X CTUVbJlFtuUu+EWOujXTvkx0ELyU1NA7qrKUy1rYumTcUDqO3n5Awby4b5ONH3pvuTDf EecS+yltfUT0ElQzRz6DbdmFO8i7Fo7Y9i91lk8rtmq59lD0fVv3ciHThwehWgnilqPW kH3oQv6tJl8CMriwgDGs24P/LBBnzMJvq4qAKOQuseEu2KSHkg2CSRTYaeV/2UZh7tve gT/7+0/1nmuhE5y7wgQKyXBKqdQDlojW1D0w3ZTLdEMyHfjAcveFRRLnIYj6IstyjyDB FEIA==
X-Forwarded-Encrypted: i=1; AJvYcCWkihYGXi6tnJTZDOlH679VEZYnsGzmILZzcaaejmBEEzuABKohgm0nRb3nulebaxazoaZzodVzUGcjjmfs/g==
X-Gm-Message-State: AOJu0Yzhw0JbHfVihqFHvC3S3PgJHsv2n3+bSJa08NEltb0ddNxan3nv EL7lYz04U7NVxz9xLUL+n1vvHYDIK92IXTMiT+uoSlXCJ9hFmusE4+PvFi4kghR6ErTtHLbmmzc WPNY=
X-Google-Smtp-Source: AGHT+IGElaPYZlC+5Gb2rXVIHn4nWVfee3l9whavudM2kHEYpmDZd8h00BcgdvJpsiZrGpGawkdXXw==
X-Received: by 2002:a17:90b:8d4:b0:2c9:75a7:5c25 with SMTP id 98e67ed59e1d1-2d1c4c2dae7mr13449921a91.15.1723299013186; Sat, 10 Aug 2024 07:10:13 -0700 (PDT)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com. [209.85.214.170]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7c3dbe90325sm1184656a12.75.2024.08.10.07.10.12 for <v6ops@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 10 Aug 2024 07:10:12 -0700 (PDT)
Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1fd69e44596so20986865ad.1 for <v6ops@ietf.org>; Sat, 10 Aug 2024 07:10:12 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCWBdq+QoK9TM6/7GqJx32x5x56Nyar51X+GE4vfcj3LrauKh2jq8Hqsd4aK/l5H2X9/PZvudB8NHevLsqDLgQ==
X-Received: by 2002:a17:902:e845:b0:1f9:e2c0:d962 with SMTP id d9443c01a7336-20096baa066mr120753195ad.31.1723299012308; Sat, 10 Aug 2024 07:10:12 -0700 (PDT)
MIME-Version: 1.0
References: <df01e0f8-1b0d-4792-be2c-89a59da7de49.ref@swbell.net> <df01e0f8-1b0d-4792-be2c-89a59da7de49@swbell.net> <CAJgLMKte1H3FaoQOhc7_No=SNdczQFo2_mp2c1FvTOqLCRFm2g@mail.gmail.com> <6e70bed7-6f84-4a4a-90f8-fec1d10a599b@swbell.net> <CAJgLMKsXHcxzu8Kbrg1pu9SDkGDH0b1bWzW__CrfpDaSv3Joog@mail.gmail.com> <CACyFTPFakaDLdTJVc6d1HiR_oaedNOV76MRQxJp=+z95uQFVZQ@mail.gmail.com> <CAPt1N1=rQp5U4_X=2WvCV358S9Qm+E+_+gs_mgUJHP_68dYLmg@mail.gmail.com> <d16406c6-e5d9-4aa4-a16e-7513d04d6b07@gmail.com> <CACyFTPEdh_SL3BJ6WcD18tpYzH=Q6gxYnXanTsHZxF4xQm7LuA@mail.gmail.com> <19b076c0-ff57-471a-8f66-6ad47d7169f4@gmail.com> <f469fd02-f67e-4aa3-80e1-e055e63fadd2@swbell.net>
In-Reply-To: <f469fd02-f67e-4aa3-80e1-e055e63fadd2@swbell.net>
From: Daryll Swer <contact@daryllswer.com>
Date: Sat, 10 Aug 2024 19:39:27 +0530
X-Gmail-Original-Message-ID: <CACyFTPGNUvKkF+hxg1xJPSRNWo4aZN+jtwO3GeMLmQ1pTY8x3g@mail.gmail.com>
Message-ID: <CACyFTPGNUvKkF+hxg1xJPSRNWo4aZN+jtwO3GeMLmQ1pTY8x3g@mail.gmail.com>
To: The Multach's <jmultach@swbell.net>
Content-Type: multipart/alternative; boundary="0000000000007884e2061f54d18d"
Message-ID-Hash: KOYVPTFFC4ENE64DQECFQOX62MYDOMCV
X-Message-ID-Hash: KOYVPTFFC4ENE64DQECFQOX62MYDOMCV
X-MailFrom: contact@daryllswer.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: v6ops@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Dynamic addresses
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/H2IZUHWICjMjAETuKXLrajYD0pg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

> Then again, there is a claim that on those you may not get a prefix at
all (just a single IP6 address), and if you do, often its a /64 with no PD.

IIRC, US Telcos even have separate billing for mobile
tethering/hotspot, right? And IPv6 doesn't always work over that ways?

Over here, it appears the tethering interface just bridges with the PDP
interface, and the “clients” that connects gets a /128 GUA, shared with a
single /64 with the SIM.

> For security reasons, one of them has a rule to change the assigned IPv6
address space at least once every 4 hours.

You mean conspiracy theories about big bro and “privacy”… It's not
“security”.

iPhones have built-in security, Ted Lemon can probably elaborate on that.
Android, too, has built-in security, the Google folks here can probably
elaborate on that.

Nope, I am completely against conspiracy theories about “dynamic IP stops
big bro from spying on you”. If big bro wants to “spy” on you, no amount of
“dynamic IPs” is stopping that.

*--*
Best Regards
Daryll Swer
Website: daryllswer.com
<https://mailtrack.io/l/ba62818f368e4ab91c6676b1a01e6088ea674e45?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=b8dfc4abc306b3d8>


On Sat, 10 Aug 2024 at 19:29, The Multach's <jmultach@swbell.net> wrote:

> That triggered a memory about addressing on US cellular carriers, at least
> one of which does this.
>
> Then again, there is a claim that on those you may not get a prefix at all
> (just a single IP6 address), and if you do, often its a /64 with no PD.
>
> For security reasons, one of them has a rule to change the assigned IPv6
> address space at least once every 4 hours.
>
>
> On 8/9/2024 9:33 PM, Brian E Carpenter wrote:
>
> On 10-Aug-24 11:34, Daryll Swer wrote:
>
>  > But I don't understand the statement "breaks SLAAC on the LAN". A
> change of prefix renumbers the LAN, but that doesn't break SLAAC, it just
> causes SLAAC to renumber everything. It will only break active sessions.
>
> It will break, on the host side, because they won't know to use the new
> prefix, until the pref/valid values expire.
>
>
> https://www.6connect.com/blog/is-your-isp-constantly-changing-the-delegated-ipv6-prefix-on-your-cpe-router/
>
>
> Thanks, yes, I knew that of course but the description of that as breaking
> SLAAC confused me. (When my ISP was changing prefixes after a CE power cut
> and reboot, the issue was masked by other effects of the power cut.)
>
> There's no reason to be promoting dynamic v6 prefixes, in addition to the
> SLAAC context, this makes it painful, for end-users to host anything at
> home, even basic SSH.
>
>
> I completely agree.
>
>    Brian
>
>
> *--*
> Best Regards
> Daryll Swer
> Website: daryllswer.com
> <https://mailtrack.io/l/8b190af15371d42cba28cde7db9581f1c207dde9?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=0564b87de4f69994>
> <https://mailtrack.io/l/8b190af15371d42cba28cde7db9581f1c207dde9?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=0564b87de4f69994>
>
>
> On Sat, 10 Aug 2024 at 04:56, Brian E Carpenter <
> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>
> <brian.e.carpenter@gmail.com>> wrote:
>
>     [Public service announcement: as of now, I'm spam-filtering messages
> with 'Digest' subject headers.]
>
>     My ISP used to change my prefix whenever there was a power cut and the
> modem restarted. Now, it appears to be stable.
>
>     But I don't understand the statement "breaks SLAAC on the LAN". A
> change of prefix renumbers the LAN, but that doesn't break SLAAC, it just
> causes SLAAC to renumber everything. It will only break active sessions.
>
>     Regards
>          Brian
>
>     On 10-Aug-24 10:13, Ted Lemon wrote:
>      > In order to do this, they would have to not renew a previously
> assigned prefix. I think some German telecoms used to do this as a privacy
> message, but it was operationally very difficult because it doubled demand
> for prefixes.
>      >
>      > Where are you seeing this irl, and how does it happen?
>      >
>      > Op vr 9 aug 2024 om 15:08 schreef Daryll Swer <
> contact=40daryllswer.com@dmarc.ietf.org
> <mailto:40daryllswer.com@dmarc.ietf.org> <40daryllswer.com@dmarc.ietf.org>
> <mailto:40daryllswer.com@dmarc.ietf.org <40daryllswer.com@dmarc.ietf.org>
> <mailto:40daryllswer.com@dmarc.ietf.org> <40daryllswer.com@dmarc.ietf.org>>>
>
>      >
>      >     Tim, is there something we can do to encourage not only "more
> than a /64", but also encourage "static ia_pd to ensure the customer will
> not experience broken IPv6 connectivity due to ever changing prefixes".
>      >
>      >     Too many ISPs out there do dynamic IPs and breaks SLAAC on the
> LAN.
>      >
>      >     I feel this draft could be a powerful tool, in the hands of the
> end user to get these ISPs doing the right way of IPv6 more often.
>      >
>      >     --
>      >     Sent from my iPhone
>      >
>      >
>      >     On Fri, 9 Aug 2024 at 7:37 PM, Timothy Winters <tim@qacafe.com
> <mailto:tim@qacafe.com> <tim@qacafe.com> <mailto:tim@qacafe.com
> <tim@qacafe.com> <mailto:tim@qacafe.com> <tim@qacafe.com>>> wrote:
>      >
>      >         Yes.  I've seen several instances of /64 being used for
> container networks on CPEs.
>      >
>      >         ~Tim
>      >
>      >         On Fri, Aug 9, 2024 at 9:38 AM The Multach's <
> jmultach@swbell.net <mailto:jmultach@swbell.net> <jmultach@swbell.net> <
> mailto:jmultach@swbell.net <jmultach@swbell.net>
> <mailto:jmultach@swbell.net> <jmultach@swbell.net>>> wrote:
>      >
>      >             So are these considered a LAN link prefix assignment
> under 7084 L2:
>      >
>      >             - Assignment of a /64 prefix for internal IPv6
> communication between a
>      >             primary SoC and a secondary chip (e.g., a Wi-Fi chip
> which uses IPv6).
>      >
>      >             - Assignment of a /64 prefix for usage by an internal
> container or VM.
>      >
>      >
>      >             On 8/9/2024 7:56 AM, Timothy Winters wrote:
>      >              >
>      >              >
>      >              > On Thu, Aug 8, 2024 at 10:58 PM The Multach's <
> jmultach@swbell.net <mailto:jmultach@swbell.net> <jmultach@swbell.net> <
> mailto:jmultach@swbell.net <jmultach@swbell.net>
> <mailto:jmultach@swbell.net> <jmultach@swbell.net>>> wrote:
>      >              >
>      >              >     The following, while being user focused, fails
> to take into
>      >              >     account that
>      >              >     some of those prefixes may be used internally
> (or reserved for
>      >              >     internal
>      >              >     use) by the CPE or for ISP purposes and not
> assignable:
>      >              >
>      >              >     "SHOULD" (or an elongated exception for the
> above) would be more
>      >              >     appropriate.
>      >              >
>      >              >     LPD-4: After LAN link prefix assignment the IPv6
> CE Router MUST
>      >              >     make the
>      >              >     remaining IPv6 prefixes available to other
> routers via Prefix
>      >              >     Delegation.
>      >              >
>      >              > I think this covers that case.   After local
> assignment, unused
>      >              > prefixes MUST be made available.
>      >              > LPD-2:  The IPv6 CE Router MUST assign a prefix from
> the delegated
>      >              >            prefix as specified by L-2 [RFC7084].
>      >              >
>      >              > 7084
>      >              >    L-2:   The IPv6 CE router MUST assign a separate
> /64 from its
>      >              >           delegated prefix(es) (and ULA prefix if
> configured to provide
>      >              >           ULA addressing) for each of its LAN
> interfaces.
>      >              >
>      >              >
>      >              >     _______________________________________________
>      >              >     v6ops mailing list -- v6ops@ietf.org
> <mailto:v6ops@ietf.org> <v6ops@ietf.org> <mailto:v6ops@ietf.org
> <v6ops@ietf.org> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>      >              >     To unsubscribe send an email to
> v6ops-leave@ietf.org <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>
> <mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>      >              >
>      >
>      >         _______________________________________________
>      >         v6ops mailing list -- v6ops@ietf.org
> <mailto:v6ops@ietf.org> <v6ops@ietf.org> <mailto:v6ops@ietf.org
> <v6ops@ietf.org> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>      >         To unsubscribe send an email to v6ops-leave@ietf.org
> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org> <
> mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>      >
>      >     45efe8dfc775213ded0fc41c7d84ccccb0d6aa20
> _______________________________________________
>      >     v6ops mailing list -- v6ops@ietf.org <mailto:v6ops@ietf.org>
> <v6ops@ietf.org> <mailto:v6ops@ietf.org <v6ops@ietf.org>
> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>      >     To unsubscribe send an email to v6ops-leave@ietf.org
> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org> <
> mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>      >
>      >
>      > _______________________________________________
>      > v6ops mailing list -- v6ops@ietf.org <mailto:v6ops@ietf.org>
> <v6ops@ietf.org>
>      > To unsubscribe send an email to v6ops-leave@ietf.org
> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>
>
>