IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Ole Troan <otroan@employees.org> Sun, 03 February 2019 12:27 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C441C1271FF; Sun, 3 Feb 2019 04:27:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQrVblKe2yqV; Sun, 3 Feb 2019 04:27:36 -0800 (PST)
Received: from bugle.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3663127B4C; Sun, 3 Feb 2019 04:27:35 -0800 (PST)
Received: from [IPv6:2001:67c:1810:f051:805b:20ca:693a:4c94] (unknown [185.175.219.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bugle.employees.org (Postfix) with ESMTPSA id AA515FECC10E; Sun, 3 Feb 2019 12:27:33 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Ole Troan <otroan@employees.org>
X-Mailer: iPhone Mail (16D39)
In-Reply-To: <a4f6742e-f18e-3384-d4cc-06bfab49101f@si6networks.com>
Date: Sun, 03 Feb 2019 13:27:31 +0100
Cc: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, v6ops@ietf.org, 6man WG <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FEFA99C2-4F09-4D8F-8D51-C9D9D7090637@employees.org>
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <alpine.DEB.2.20.1901311236320.5601@uplift.swm.pp.se> <m1gpCcz-0000FlC@stereo.hq.phicoh.net> <ddd28787-8905-bafd-3546-2ceef436c8b0@si6networks.com> <m1gptWx-0000G3C@stereo.hq.phicoh.net> <69609C58-7205-4519-B17A-4FBC8AE2EA16@employees.org> <ac773bb5-0da8-064b-d46b-3a218b8c9e7a@si6networks.com> <CFAEACC4-BA78-4DF9-AD8A-3EB0790B8000@employees.org> <a4f6742e-f18e-3384-d4cc-06bfab49101f@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/HVmJi9QzR2hJOUVShabr3R3ZROE>
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Feb 2019 12:27:38 -0000


> On 3 Feb 2019, at 12:49, Fernando Gont <fgont@si6networks.com> wrote:
> 
>> On 3/2/19 07:32, Ole Troan wrote:
>> 
>> 
>>> On 3 Feb 2019, at 05:29, Fernando Gont <fgont@si6networks.com> wrote:
>>> 
>>> On 2/2/19 08:57, Ole Troan wrote:
>>>>> One question is whether it makes sense for routers to have valid lifetimes of
>>>>> more than a day for prefixes that are obtained using DHCP-PD.
>>>>> 
>>>>> Another is whether general purpose hosts should accept lifetimes of more
>>>>> than a day. Maybe hosts should just truncate.
>>>> 
>>>> The (original) intended lifetime for DHCP PD is a lifetime equal to the length of the contract with your ISP.
>>>> Lifetimes become meaningless with “flash renumbering”. Neither SLAAC nor DHCP PD is designed for that.
>>>> 
>>>> The simple solution to this problem is “if it hurts, stop doing it”.
>>> 
>>> FWIW, lifetimes are mostly irrelevant to the problem that *we* are
>>> discussing (which is rather orthogonal to the problem mentioned above):
>>> our case is that in which the router just reboots -- so no matter what
>>> the lifetime was, the information will be invalid anyway.
>>> 
>> 
>> That’s not how SLAAC and PD are designed. Lifetimes are not invalid just because of a router reboot. Look at advertised lifetimes as a sort of contract. 
> 
> Well, the problem is that you are making a contract on the LAN side for
> a contract you may not have on the WAN side. If the router reboots and
> the CEP no longer "owns" some prefix, then that contract is void.

You have the contract on the WAN side. What makes you think not. E.g via PD learns that given prefix is valid until March 1 2020.
A reboot doesn’t change that. 

> Ideally, the CPE will advertise that the contract is void. But it is
> clear that for most deployed CPEs, that will not happen.

So a bug. 
What you are talking about is the case where the ISP breaks the contract. While it previously promised to delegate you a prefix until 20200301, all trace of that has gone. 


> 
> 
> 
>> What you seem to be talking about is either a bug a misconfiguration or both. 
> 
> It's neither of those. If anything, it's the result of
> under-specification of the necessary glue between automatic
> configuration on the WAN side, and automatic configuration on the LAN side.
> 
> e.g., there were no requirements for CPEs to keep track of prefixes that
> they have been leased in the past -- if at all possible.

DHCP PD will give you the old prefix back. 

> 
> 
> 
>> With that established, you are arguing that hosts/applications should behave better in the case of this misconfiguration?
> 
> They should behave better in scenarios where the CPE may have rebooted
> and lost state of previously leased prefixes, which may have thus become
> invalid.

It’s not the CPE reboot that’s the problem. It’s the ISP breaking the contract and using the opportunity to flash renumber the user. 


> 
>> If you want something like session survivability,
>> that’s not a trivial problem to solve.
> 
> Not sure what you mean by "session survivability"

Try to keep a TCP session active while changing addresses. 

> 
>> 
>> Currently the network will give an ICMP destination unreachable code 5 and deprecate the invalid prefix if it has information to do so.
> 
> Where in RFC4443 do ICMP unreach code 5 get to invalidate prefixes?
> 
> Answer: Nowhere. They don't get to do that. All ICMPv6 error messages
> are soft errors. And it would be a huge mistake (and huge
> vulnerability!) to behave otherwise.

It’s a strong hint to the host stack to pick a different source address. 

>> Without getting into the multi-homing discussion and requiring hosts to “throw spaghetti on the wall”, I don’t see how your draft improves on that. 
> 
> Not sure what you mean. If the same router that advertised those
> prefixes doesn't advertise those prefixes anymore, why would you think
> they are still valid?

Because that’s what the network previously advertised. 
If source addresses from that prefix no longer works that’s a good hint to the host to try something else. There’s a list of heuristics the host must use. 

I still don’t see how your draft improves much on this. Can you explain?

Ole


> 
> -- 
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email