IETF Logo Mail Archive

[v6ops] Unix code & ULA preference [was enable-ula.py]

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 15 May 2022 02:03 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61BBDC159A24 for <v6ops@ietfa.amsl.com>; Sat, 14 May 2022 19:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5puoGb6_2XOB for <v6ops@ietfa.amsl.com>; Sat, 14 May 2022 19:03:16 -0700 (PDT)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E216CC159A21 for <v6ops@ietf.org>; Sat, 14 May 2022 19:03:16 -0700 (PDT)
Received: by mail-pg1-x52c.google.com with SMTP id h186so8340661pgc.3 for <v6ops@ietf.org>; Sat, 14 May 2022 19:03:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=ELQi26wKAu+VIeAqYkaBLkuQFMwwbYsoIQUZ+Xk9F7M=; b=YPpPE/nnIb+CuRS3Vv/Hks69W53KVa6F3gGHSObzn1yX1LDvux++R3Kn5O7SwiEg7n GIS8+/608xS2KtBJp9D7UH8b/THYug+Rg38DZBTUERE/Wrwtl7CGOWMZ+ax0vsBk1/xF 18/RN5ZZXM7t3D+69pOTYrQFB686a6rGvS07/p+n9NmoEm1WwdRCHAlhj6X4fXcmgN5X 1RGJbkH7v6t/7zGJw1q5zPDMG1YmFdm9AKwpYrUTl8B4Tw+15rbN4xfquXVkUw3JaMGs vieibyUVcbgqak3JfJ71owYAlE52etftDApRd6kkFKfEa2XkAAc8ThMrSbDqfH/VW4kF j47w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ELQi26wKAu+VIeAqYkaBLkuQFMwwbYsoIQUZ+Xk9F7M=; b=IuHlpPkk6IDDFUekw88NM4LucPtCXFI2yl92VRnq4GCy9KZ/4d+O9g1/BLmJTSoj6p l+ZnPsSs/FrFe3TJfKHuoruJVZYxXiL5ZWUoDJkcSXop1AxPJ96qD33xfapV6ewT7N2m Y0L58x3bi6B/vP/5y60Gdk2qgYo8ZkleLBTfHjdLGZ4MeO/amulGS0frqMvzKhwk5Q3g +6ea40/DFNViEungXkD6YaAQGTjFjge9oTMifDJFh3TSdcejkE969Coto3HD+pFRQu2X nNem7N8qpW6z1jywMm4Xl+iftcT2ErkMOSudS2jp/JmbHkSSVYt+pEpy0hL/Vb5Jexo/ VkBg==
X-Gm-Message-State: AOAM530O6uHp52jj/dR/+mW4FWObdwIzGmmYPiQyBDrOUCaRdMa5Rin7 mmvDA1hs5SbQCGgVUXp9i6yuY0I9J1vjxw==
X-Google-Smtp-Source: ABdhPJwiXodFDfGE/5/Nm54b/Q62GhMV3W3arx34RHKiueVb1+GFoBZRPUCbJRCBpotZcMdazPqzbw==
X-Received: by 2002:a62:a516:0:b0:505:722e:15d5 with SMTP id v22-20020a62a516000000b00505722e15d5mr11445861pfm.52.1652580195915; Sat, 14 May 2022 19:03:15 -0700 (PDT)
Received: from ?IPv6:2406:e003:1005:b501:80b2:5c79:2266:e431? ([2406:e003:1005:b501:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id n9-20020a170903404900b001616e13fccdsm167364pla.221.2022.05.14.19.03.13 for <v6ops@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 14 May 2022 19:03:14 -0700 (PDT)
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
To: "v6ops@ietf.org" <v6ops@ietf.org>
References: <c52c20ee-772c-3c4c-b87f-e76de7d157a9@gmail.com> <cbe52294-48c7-07f3-9d08-c0a68f56f637@gmail.com> <fd0b026e289b4e11a6636d1942c34315@huawei.com> <f978a0bd5771429381258e81541add98@huawei.com> <73b15db0-ab2b-8f13-0b59-106e177667c7@gmail.com> <03bdac98e61046b790afd433fcb0ffdc@huawei.com> <27ca530a-0897-e615-b990-dd88ec22b2bc@gmail.com>
Message-ID: <99b59868-0ba7-ce03-cbf1-02729c316971@gmail.com>
Date: Sun, 15 May 2022 14:03:10 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <27ca530a-0897-e615-b990-dd88ec22b2bc@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/LNpU_YZpl3IFRXMthiAZ033SX0g>
Subject: [v6ops] Unix code & ULA preference [was enable-ula.py]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 May 2022 02:03:21 -0000

Hi,

I believe that the URL below [1] is the latest version of getaddrinfo()
from glibc, which means that it's probably the most widely used version.

You'll notice that it refers only to RFC 3484 and does not mention RFC 6724
at all. For destination address sorting, that's fine, because the rules
are essentially the same.

I also noted that there are other versions of getaddrinfo() in use.
For example, wget uses its own simplified version, and there's a C++
version somewhere inside Firefox. All bets are off if those versions
are used.

Source address sorting is done elsewhere. You can test its behaviour
with ip -6 route get <dst_addr>. As far as I can tell, this sorting
is done in the Linux kernel by a thing called fib6_rule_action().
I found its source at [2]. If anyone can elucidate how it works and
where the RFC3484/6724 rules are expressed in code, that would be great.

    Brian

[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/posix/getaddrinfo.c
[2] https://github.com/torvalds/linux/blob/master/net/ipv6/fib6_rules.c

On 13-May-22 10:18, Brian E Carpenter wrote:
> Eduard,
> 
> In my opinion we are constrained by the socket library and in particular by getaddrinfo(). That is how essentially all software is written - call getaddrinfo() and use the first destination address that it returns. There may be exceptions (such as a browser that implements Happy Eyeballs) but that is the default. So we can only try to change the default behaviour
> of getaddrinfo().
> 
> Regards
>      Brian Carpenter
> 
> On 12-May-22 18:58, Vasilenko Eduard wrote:
>> Hi Brian,
>> I do not see a problem. The sequence of events assumed:
>> 0. Destination address choice (it is our initial goal)
>> 1. Source address choice (to choose the SA that permits us to reach the
> destination, including the possibility for policy on what Carrier to use:
> latency, packet loss, etc.)
>> 2. Next-hop choice (that announced the PIO for this SA, optimal forwarding on the 1st hop)
>> In fact, I do not understand how it did happen that the Default Address
> selection algorithm is choosing the next hop before the packet has been 
formed (SA is not appointed).
>> It complicates things pretty much and creates problems:
>> 1. Ted has pointed to one on the last IETF (different routers for different purposes lead to one-way connectivity)
>> 2. MHMP with non-equal PIOs (when destination should be reached only from the particular source/carrier)
>> 3. ULA needs something special to be activated/prioritized.
>>
>> This assumption (that Next-hop is chosen before the Source address of the packet) looks like a default assumption of DASA (RFC 6724) that was never properly discussed.
>> This principal architecture decision is difficult to understand from DASA - it could be read only between the lines by looking at the algorithms.
>> Eduard
>> -----Original Message-----
>> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
>> Sent: Wednesday, May 11, 2022 11:46 PM
>> To: Vasilenko Eduard <vasilenko.eduard@huawei.com>; v6ops@ietf.org
>> Subject: Re: [v6ops] enable-ula.py
>>
>> Eduard,
>>
>>> 1. Source Address for the flow SHOULD be chosen first
>>
>> How is that possible? Before I choose the destination, I cannot know the type of source address that would be appropriate.
>>
>> A human can pick the best pair of addresses at a glance, but the software cannot.
>>
>> Regards
>>       Brian
>>
>> On 11-May-22 22:48, Vasilenko Eduard wrote:
>>> There are 2 problems: ULA prioritization and MHMP with policy for PIOs
>>> (non-equal PIOs)
>>>
>>> The solution is the same for both:
>>>
>>> 1. Source Address for the flow SHOULD be chosen first
>>>
>>> then
>>>
>>> 2. next-hop SHOULD be chosen only between default routers that
>>> announce
>> this PIO
>>>
>>> (rule 5 & 5.5 are becoming redundant in this case - it is not possible
>>> to check against non-chosen next hop)
>>>
>>> Then the solution for the ULA problem is very simple:
>>>
>>> just prioritize FC/7 above everything (GUA, IPv4), and keep a separate
> label for it.
>>>
>>> The current rule 6 (matching labels) would be enough to stick ULA source to ULA destination, or GUA to GUA.
>>>
>>> Eduard
>>>
>>> -----Original Message-----
>>> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Vasilenko
>>> Eduard
>>> Sent: Wednesday, May 11, 2022 12:41 PM
>>> To: Brian E Carpenter <brian.e.carpenter@gmail.com>; v6ops@ietf.org
>>> Subject: Re: [v6ops] enable-ula.py
>>>
>>> Hi all,
>>>
>>> It was fine to run the script by a geek who understands his environment.
>>>
>>> IMHO: It is not suitable for the default configuration.
>>>
>>> The link could have routers not in sync on purpose. For example, one for internal communication, and another for external.
>>>
>>> If one router would announce ULA PIO (and route to this ULA) But another router could not route to this ULA then the communication would be broken.
>>>
>>> Because the second router would have a good chance to be chosen as the
> default for ULA that it does not understand.
>>>
>>> It is a very similar situation that Ted has shown on the last IETF.
>>>
>>> The root cause is that RFC 6724 assumes that the next hop is chosen before the source. It SHOULD be the opposite.
>>>
>>> Of course, it is possible to patch the second router by the source routing configuration Then the second router would be just a redundant hop for every second flow.
>>>
>>> But it is for the geeks. It is not normal to have such a default assumption.
>>>
>>> Eduard
>>>
>>> -----Original Message-----
>>>
>>> From: v6ops [mailto:v6ops-bounces@ietf.org
>>> <mailto:v6ops-bounces@ietf.org>] On Behalf Of Brian E Carpenter
>>>
>>> Sent: Wednesday, May 11, 2022 1:23 AM
>>>
>>> To: v6ops@ietf.org <mailto:v6ops@ietf.org>
>>>
>>> Subject: Re: [v6ops] enable-ula.py
>>>
>>> Hi,
>>>
>>> I've been asked off-list whether this script should be run as a cron job, since a new ULA prefix could be announced by a RA/PIO at any time.
>>>
>>> Good point, but my script is explicitly written to be used by a human 
to avoid blunders. However, what I think should happen is that the IPv6 stack should automatically do what the script does, whenever a new ULA is configured on a host. Namely, add the corresponding /48 prefix to the active precedence table. At the right place in the code, it should only be a
> few instructions.
>>>
>>> And of course, delete it when the last ULA under that /48 goes away.
>>>
>>> Any Linux core programmers here?
>>>
>>> Regards
>>>
>>>        Brian Carpenter
>>>
>>> On 08-May-22 15:21, Brian E Carpenter wrote:
>>>
>>>    > Hi,
>>>
>>>    >
>>>
>>>    > So, how hard is it to automagically set ULA precedence for a given
> /48, as suggested in section 10.6 of RFC 6724?
>>>
>>>    >
>>>
>>>    > Quite easy for Windows, as it turns out, and quite hard for Linux.
>>>
>>>    >
>>>
>>>    > In fact, if I wasn't being polite, I'd say that the Linux
>>>
>>>    > implementation is a mess. For more details, see Karl Auer's blog 
post from ten years ago, which explains it as best it can be explained: http://biplane.com.au/blog/?p=122 <http://biplane.com.au/blog/?p=122> .
> As far as I can tell, my quite recent Linux (5.4.0-109-generic x86_64) is
> still like that and mainly stuck in RFC-3484-land.
>>>
>>>    >
>>>
>>>    > So I wrote a little Python program which (a) detects if the host
>>> it's running in has any ULAs, (b) extracts the corresponding /48
>>> prefix(es),
>> and (c) sets the corresponding label and precedence for such prefix(es)
> according to section 10.6 of RFC 6724.
>>>
>>>    >
>>>
>>>    > On Linux, the program also forces all the RFC 6724 defaults. It
>>> does
>> that by overwriting /etc/gai.conf, which is more drastic than Karl's script in his blog post.
>>>
>>>    >
>>>
>>>    > Sadly, both Windows and Linux need this treatment after every reboot. Someone with deeper knowledge of the operating systems might be able to get round this. And the program doesn't know what to do for other POSIX compliant systems. But it's open source, so contributions are welcome.
>>>
>>>    >
>>>
>>>    > As the program itself says "This is experimental software that
>>> might
>> disturb network access." So far, it hasn't disturbed either my Windows 
or my Linux laptop. However, if you want to try it, it's at your own risk
> and I strongly recommend using a spare machine.
>>>
>>>    >
>>>
>>>    > enable-ula.py is at https://github.com/becarpenter/misc
>>> <https://github.com/becarpenter/misc>
>>>
>>>    >
>>>
>>>    > Regards
>>>
>>>    >       Brian
>>>
>>>    >
>>>
>>> _______________________________________________
>>>
>>> v6ops mailing list
>>>
>>> v6ops@ietf.org <mailto:v6ops@ietf.org>
>>>
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>> <https://www.ietf.org/mailman/listinfo/v6ops>
>>>
>>> _______________________________________________
>>>
>>> v6ops mailing list
>>>
>>> v6ops@ietf.org <mailto:v6ops@ietf.org>
>>>
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>> <https://www.ietf.org/mailman/listinfo/v6ops>
>>>
>>
>

v2.23.0 | Report a Bug | By Email