IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt

Nick Buraglio <buraglio@es.net> Mon, 14 November 2022 15:33 UTC

Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03DFFC1526FC for <v6ops@ietfa.amsl.com>; Mon, 14 Nov 2022 07:33:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhJwyz_0Lem2 for <v6ops@ietfa.amsl.com>; Mon, 14 Nov 2022 07:33:23 -0800 (PST)
Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB422C14CE4B for <v6ops@ietf.org>; Mon, 14 Nov 2022 07:33:23 -0800 (PST)
Received: by mail-pj1-x102c.google.com with SMTP id d13-20020a17090a3b0d00b00213519dfe4aso11007996pjc.2 for <v6ops@ietf.org>; Mon, 14 Nov 2022 07:33:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=im8SS538QePwKGO+Y/80ZqB3fonxyORLorDpWTbDyPM=; b=j5qcCBjqfwgEvGD+nofVhmeTrxTCz+cN5bl1EDuS/PZRHyzEkMur1sPlnbWv22pw9J rFIwvfr1jKX24pPVIo9ND6oYBy+4BNosUHDzm42jFGty4XmiWUDW/j/aSoMiMh5cgb3v gAudf4aOi3f0eY6uzk6HQvj2j7scewrA1GwXQ3ZbTIePD4ZWQi5gJLmcCbw9q4FJCnnw wLDNO+/Yp7RJc3JZw93CCN6+UlaD1pd812oH3xtsJtPWl1429ZfxHqvJLxxhoW7D/ayB oa4o0Lij4ygAjWRUPrFNxssxYKH3tM8FETU0cdxvfm5f4Y+Sil8j36/S139hCVRj+2TO Dv8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=im8SS538QePwKGO+Y/80ZqB3fonxyORLorDpWTbDyPM=; b=ai8H1WJxVT3KaCZqOOn0mCRKvc03Q4riuMhQpOfAPJvThTr+pizwXpYpE46fPsVun5 y09pfX3UhLUf+BIUPya8Wf3uXrGntwW9kK3UxjRSBKLEcvfTYG1daP8mLeGm428ctq3X pzDoyufUh4VSZEl6mORu6seHy/6on32K5A4YHSm+9dshzpQm7zcZFt7ZN1IN1O9BBfAu AEUMtABV968oBVF1uqmvJUVi/Q4pIuDTrwQBY7soYZjb62iKTDTJDRlw/WlcmAp3U0IN 795inXzepxmKvu6at7qmnTLv3pkyPSKlG7JRdRahLK9jcDe+z3DNkaDyaOh+4S66+LTj 1mzg==
X-Gm-Message-State: ANoB5pk7p8r0Fwjap4tU8SwhGiw1PtwGYn8mVztT93l9UT5Lm9qJGQzs ilclbQHkbpSpSRtBbwsm87Q/VWjO2IE0u9FI/kOaEZItxvaZdXe2wxL8rID3CXQ0px89/DL4PzY LbBOPmNWeoNzkPoefqHEiYq764KUnWpQYnFkMCAqrqGSSIPsc6iswGbcxLz2FoTkoCuazhrHSI3 m5mgoN4j4=
X-Google-Smtp-Source: AA0mqf7rmUX02YWAG1Ri5cHObwV26vdB+wIksAtm3um4+RlH8L0wGE2mAue+ddNzPo3omP1rIF0T0EVYjHwKuB4mjb0=
X-Received: by 2002:a17:90a:4a8a:b0:213:d66b:4973 with SMTP id f10-20020a17090a4a8a00b00213d66b4973mr14430257pjh.85.1668440002638; Mon, 14 Nov 2022 07:33:22 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BAQmSqaZhrQ0YH-1ryp2DfZH6z5B1icR=Wc_W=sdBExuEA@mail.gmail.com> <EE3F6D3C-EC05-4B23-917D-46BA7E49BC61@employees.org> <CAFU7BAQAo7p8MQOK9+CF3OEhOYp=vpUvX_4u9DadXaqQ7ada6w@mail.gmail.com> <0d5cef0d9d914f86adf0f67a05de3001@huawei.com> <5dd6205b058f15a77fe939f06a0db99c@podolsk.ru> <5648a94d446443f783be1978e3c11271@huawei.com> <1de216ef-994e-c62e-3e03-e8637fe9f879@gmail.com> <2fd756b1b0c74f19b8bddd92d11e02b5@huawei.com>
In-Reply-To: <2fd756b1b0c74f19b8bddd92d11e02b5@huawei.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Mon, 14 Nov 2022 09:33:11 -0600
Message-ID: <CAM5+tA8dRRVkBsRL6Ynmrmh1Wqhj37XD99SkFX1Zntd_iE2uWg@mail.gmail.com>
To: Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Andrey Kostin <ankost@podolsk.ru>, V6 Ops List <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b042be05ed6ff55c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Khw8gzWvNH7ayYjCdg--wZNUQOk>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2022 15:33:28 -0000

It should also be noted that dhcpv6-pd allocations need to have a route
installed at the BRAS or other aggregation router (in my personal
experience, that is) which is likely a non-issue, but will present a
consideration for devices with small routing tables, especially in
environments with significant numbers of clients. If each client receives a
prefix, a route for each prefix needs to be instantiated which may result
in tens of thousands of routes. Not a huge issue, but a potentially
important resource detail.
The idea of using a PIO to indicate a limit of addresses available does
sound like an elegant solution. I do see some value in extending a prefix
like a /64 for host use similar to rfc7278 where "LAN" is some bridge
internal to a given host. This could be especially useful in containerized
environments which are more and more prevalent as described by Jen in the
use of container-like technology in ChromeOS and the extensive use of
containers in DC environments. They almost feel like different problem
spaces that exhibit similar symptoms.

----
nb

ᐧ

On Mon, Nov 14, 2022 at 1:14 AM Vasilenko Eduard <vasilenko.eduard=
40huawei.com@dmarc.ietf.org> wrote:

> > There is a Reserved2 field in a PIO that could be redefined to indicate
> a maximum number of addresses allowed per host under a given prefix.
>
> Hi Brian,
> It would be a good solution.
> Because local limits is better to announce from the local router.
> Announce limits from the one centralized location (DHCP server) looks more
> complex and error prone.
> Eduard
> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> Sent: Sunday, November 13, 2022 10:33 PM
> To: Vasilenko Eduard <vasilenko.eduard@huawei.com>; Andrey Kostin <
> ankost@podolsk.ru>; V6 Ops List <v6ops@ietf.org>
> Subject: Re: [v6ops] Fwd: New Version Notification for
> draft-linkova-v6ops-ipmaclimi-00.txt
>
> On 14-Nov-22 06:44, Vasilenko Eduard wrote:
> > If the network has limits Then hosts should adapt to the limits (not
> vice versa).
> > It is needed to know the limits to adapt. DHCP could inform about the
> limit, but SLAAC could not.
>
> It could. There is a Reserved2 field in a PIO that could be redefined to
> indicate a maximum number of addresses allowed per host under a given
> prefix.
>
>     Brian
>
> >
> > The number of virtual things per hardware instance would be always
> restricted.
> > If the best AP would support 200 IP per MAC then it is still possible to
> run containers and stretch even that.
> >
> > DHCP could impose different limits per different links. Hence, if APs'
> different segment has different restrictions then DHCP would impose
> different limits.
> > If the particular link has APs with different restrictions then indeed
> DHCP should be configured to limit on the smallest.
> > Ed/
> > -----Original Message-----
> > From: Andrey Kostin [mailto:ankost@podolsk.ru]
> > Sent: Friday, November 11, 2022 9:15 PM
> > To: V6 Ops List <v6ops@ietf.org>
> > Cc: Jen Linkova <furry13@gmail.com>; Ole Troan <otroan@employees.org>;
> > Vasilenko Eduard <vasilenko.eduard@huawei.com>
> > Subject: Re: [v6ops] Fwd: New Version Notification for
> > draft-linkova-v6ops-ipmaclimi-00.txt
> >
> > Vasilenko Eduard писал(а) 2022-11-08 13:58:
> >> N+1 allocation should fail.
> >> But the network and host should be aware of it (in sync).
> >>
> >>> Or do we want NAT66?
> >> No. DHCP in this case.
> >
> > What if the underlying access network has access points from multiple
> vendors and they have different limits that are lower than allowed by DHCP?
> >
> > The problem Jen is trying to point out is not an addressing problem and
> not related either to SLAAC, DHCP or static assignment. Looks like some
> comments pronounce SLAAC guilty in described issue and try to use this
> statements to push DHCP vs SLAAC dispute. This is not the case. This is an
> operational problem caused by lack of common practice and agreement between
> vendors. And that is exactly what Jen is trying to solve. She is requesting
> to make underlying networks equipment's behavior deterministic and provide
> troubleshooting capabilities by creating log messages.
> >
> > Regarding limits, in some networks big number of IPs per host can be
> absolutely appropriate and necessary, in others there may be stricter
> limits and this is also a real use case. We all understand that everything
> is a resource and cost some money. Let's allow network owners decide what's
> reasonable for them and what's not. Like Bill Gates said that 640K of RAM
> will be always enough. Although now we are used to have a lot more memory
> in our computers and servers, but it's still expensive and each admin can
> choose how much he/she can afford.
> > So, in situations where host wants more addresses then allowed, some
> mechanism should exist to make this limit less painful and predictive.
> > DHCP is one way for it, but it can't prevent creation of multiple
> link-local or ULA addresses and it can hit ND cache limit even for
> addresses legally assigned via DHCP. So it can't be considered as a
> solution.
> > For replacement technique for me it looks simpler just to rely on ND
> cache expiration timers in the same way how it works for MAC tables.
> > Some vendors can develop more sophisticated features similar to MAC
> security to differentiate their products from the base level. Eventually a
> user who tries to use more addresses than allowed should realize that there
> is a limit and shut down some interfaces/VMs/containers/etc to obey network
> rules.
> >
> > Kind regards,
> > Andrey
> >
> >> Ed/
> >> -----Original Message-----
> >> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Jen Linkova
> >> Sent: Tuesday, November 8, 2022 9:55 PM
> >> To: Ole Troan <otroan@employees.org>
> >> Cc: V6 Ops List <v6ops@ietf.org>
> >> Subject: Re: [v6ops] Fwd: New Version Notification for
> >> draft-linkova-v6ops-ipmaclimi-00.txt
> >>
> >> On Wed, Nov 9, 2022 at 1:12 AM Ole Troan <otroan@employees.org> wrote:
> >>>> Fact #1: my devices need to have 7-10 IPv6 addresses.
> >>>
> >>> In the network you operate, that may be a fact.
> >>> In other networks other rules.
> >>>
> >>> A requirement like that would be perfectly fine in an RFQ. Less so
> >>> in an RFC.
> >>
> >> What I'm struggling to understand from this thread is: what's the
> >> device supposed to do if it needs N addresses and the network only
> >> agrees to provide N-1?
> >> Shall the application fail? How is it better than the situation we
> >> have now?
> >> Or do we want NAT66?
> >>
> >>
> >> --
> >> SY, Jen Linkova aka Furry
> >>
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email