Re: [v6ops] RFC6459 "IPv6 in 3GPP"

Med,

I think this is an issue _if_ the operator filters all incoming messages 
generated by the UE whose LL includes an IID different than what the 
network may have suggested to it.

If there is no such filter, then no need to debate specs.

Le 10/07/2017 à 14:49, mohamed.boucadair@orange.com a écrit :
> Hi Alex,
> 
> Please see inline.
> 
> Cheers, Med
> 
>> -----Message d'origine----- De : v6ops 
>> [mailto:v6ops-bounces@ietf.org] De la part de Alexandre Petrescu 
>> Envoyé : lundi 10 juillet 2017 12:12 À : v6ops@ietf.org Objet : 
>> [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address
>> 
>> Hi,
>> 
>> The INFORMATIONAL RFC6459 "IPv6 in 3GPP" contains this paragraph:
>>> The 3GPP network allocates each default bearer a unique /64 
>>> prefix, and uses layer-2 signaling to suggest to the UE an 
>>> Interface Identifier that is guaranteed not to conflict with the 
>>> gateway's Interface Identifier.  The UE must configure its 
>>> link-local address using this Interface Identifier.
>> 
>> I disagree that the UE must configure its LL using this IID. Where 
>> is this requirement from?
>> 
> 
> [Med] This is part of 3GPP spec. The GGSN/PGW selects an IID to be 
> used when forming the link-local address. The goal is called in 3GPP 
> specs :
> 
> "in order to avoid any conflict between the link-local address of
> the MS and that of the GGSN,

That conflict is avoided by DAD.

The potential of conflict is very low anyways.

The 3GPP specs should be updated to allow the UE to form the IID as it
pleases, and use maybe DAD, or maybe PPP-style negotiation.

> the Interface-Identifier used by the MS to build its link-local 
> address shall be assigned by the GGSN. The GGSN ensures the 
> uniqueness of this interface-identifier. The MT shall then enforce 
> the use of this Interface-Identifier by the TE."
> 
> BTW, this was inspired by 
> https://tools.ietf.org/html/rfc5072#section-5:
> 
> As long as the interface identifier is negotiated in the IPV6CP phase
> of the PPP connection setup,

YEs, it is called "negotiation", it means that the UE can equally well
impose its IID.

> it is redundant to perform duplicate address detection (DAD) as a
> part of the IPv6 Stateless Address Autoconfiguration protocol [3] on
> the IPv6 link-local address generated by the PPP peer.

Well, I wonder what kind of redundancy could seem offensive?
There is already a lot NS/NA messaging for the multiple "privacy" GUAs, 
so one more NS/NA would not hurt.

>> The UE should be allowed to form an IID at its will, if so it 
>> wishes.
> 
> [Med] It is allowed to do so...for non link-local addresses.

Should be so for all, be them LLs or GUAs.

>> This has consequences on privacy, and may impact interoperability 
>> when DHCPv6-PD is used later in the process.
> 
> [Med] I don't follow you here. There is no privacy concern out
> there. The IID used when forming a global IPv6 address will be
> selected by the terminal; no assumption is made about those bits.

There is a privacy concern: if the operator enforces the UE to always
use the network-assigned IID then that UE is trackable.

Alex

> 
>> 
>> Also, this being an INFORMATIONAL document, in no case a party 
>> implementing it could impose it on some other party.
>> 
>> Alex
>> 
>> _______________________________________________ v6ops mailing list
>>  v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
> 

Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address