Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Thu, 07 January 2021 22:14 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B5B73A093D; Thu, 7 Jan 2021 14:14:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.161
X-Spam-Level:
X-Spam-Status: No, score=-2.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bi3WhQZVexFp; Thu, 7 Jan 2021 14:13:59 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43AAB3A0902; Thu, 7 Jan 2021 14:13:59 -0800 (PST)
Received: from [10.0.0.129] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 46FAD283C00; Thu, 7 Jan 2021 22:13:56 +0000 (UTC)
To: Ted Lemon <mellon@fugue.com>, IPv6 Operations <v6ops@ietf.org>, 6MAN <6man@ietf.org>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <CAO42Z2wR-3vbHi-NrBBMmCTNDq5fgqvSmBUbYK7P+63QTNfxkg@mail.gmail.com> <CAKD1Yr014PzVJj9Y6O=PBGc_QSVtur-0wMpaNkFA0dqr8FHGuA@mail.gmail.com> <44e7ac61-523a-d35e-9024-7e6df81e4226@gmail.com> <be92f523-eeaa-8ed4-afdf-4a537f53748c@si6networks.com> <CAN-Dau2S9pXYAwrRbfT9aMyXPw-NYaOxKF+nXRg_14zqTr8F0g@mail.gmail.com> <f85fce6f-3c99-caf0-82c7-fc8cf9858a42@si6networks.com> <F5A8AFF8-5235-41C0-A1E2-DCDD4922C872@fugue.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <b0778f92-2323-bff4-9ca0-522c543c7617@si6networks.com>
Date: Thu, 7 Jan 2021 19:13:36 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <F5A8AFF8-5235-41C0-A1E2-DCDD4922C872@fugue.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/K6ggbbZrlUZ8u6p4Vy4s5rap7q0>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 22:14:03 -0000

On 7/1/21 18:51, Ted Lemon wrote:
> On Jan 7, 2021, at 4:35 PM, Fernando Gont <fgont@si6networks.com 
> <mailto:fgont@si6networks.com>> wrote:
>> In order for them to have "global scope", they need to be globally 
>> unique. And you note that "they are essentially unique, gven an 
>> appropriate scope”.
> 
> I think the disconnect here is that RFC 4007’s definition of “global 
> scope” clearly contradicts the sense in which ULAs are “global.” So 
> that’s a real problem.

Indeed!



> At the same time, the next question to ask is in what sense “global 
> scope” is actionable. People have been talking about zone identifiers as 
> a way to determine scope, but in practice the way we do this is with 
> routing table entries. The reason you have to specify a zone ID for a 
> link-local address is that the route to the link-local prefix is present 
> on all interfaces, but the address is valid on only one interface.

Agreed. Or: the address is not globally-unique. So the same address is 
actually valid on all interfaces, most-likely corresponding to different 
nodes .. and thus you need to specify which of all those possible 
instances of address FE80::X you are referring to.




> The same situation does not apply for ULAs. You can (almost) just use 
> routing table entries to deliver ULAs. I say (almost) because of course 
> if you don’t have an explicit route to the ULA prefix, you can’t send 
> the packet.

As noted to Brian, the case that might need a zone-id is that where you 
have a host with two interfaces, each with one different ULA prefix, and 
you need to send packets to a destination ULA that belongs to a whole 
different prefix than the ones for which you have configured addresses 
for your two interfaces.

Another similar case would be a host with two interfaces, global 
addresses on each, that has to send packets to a ULA prefix.

Relying on your default route might not get your to where you want.

(Not sure if, conceptually speaking, not having an address configured 
for the ULA prefix you're trying to communicate with, means that you're 
not part of the "zone", and hence, that you're on your own)



> So there’s a tendency to want to send the packet to the 
> default route, but that doesn’t work if you have two interfaces and two 
> default routers. This is why it’s tempting to then use the “zone ID” to 
> resolve this problem. But that doesn’t work, because the host has no way 
> to know which zone ID to use.

That seems to be a similar case than the one I was noting above. I gues 
it could also be more complicate: even if you had a single interface, 
you might have multiple default routers. So rather than specifying an 
interface, you might actually need to specify "which next hope" to use.

Of course one cannot expect that.


> So it’s the network’s responsibility to provide enough information that 
> the ULA can be correctly routed. There are two ways to do this that 
> spring to mind:
> 1. Make assumptions
> 2. Only send to a ULA if you have a specific non-global route that 
> points to it.

#2 would probably make cases that are currently supported, unsupported. 
e.g.: think of a case where your local router advertises a /64 ULA 
prefix on the local link, and you want to send a packet to an address of 
a different subnet of the same Global-ID. -- most likely your router is 
not sending RIOs for the ULA prefix you're employing....




> Option 1 could work pretty well, e.g. on a cell phone. Not so well on a 
> host with two network interfaces. It’s unlikely that a ULA is going to 
> work on the global internet, so you never send it on the cellular 
> interface. Problem solved. This is the sense in which I think it’s 
> tempting to say that the scope of a ULA is not global, because here you 
> can make a purely mechanical decision.

Agreed on this one.


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492