IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-colitti-v6ops-host-addr-availability-01.txt

Lorenzo Colitti <lorenzo@google.com> Tue, 28 July 2015 15:58 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 918BD1ACD5F for <v6ops@ietfa.amsl.com>; Tue, 28 Jul 2015 08:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7kqqmdSQ_18 for <v6ops@ietfa.amsl.com>; Tue, 28 Jul 2015 08:58:15 -0700 (PDT)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5854C1ACDA0 for <v6ops@ietf.org>; Tue, 28 Jul 2015 08:57:18 -0700 (PDT)
Received: by ykdu72 with SMTP id u72so99225274ykd.2 for <v6ops@ietf.org>; Tue, 28 Jul 2015 08:57:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=YtG4J8Z7ytPmtTR371X8Yk6KphlgXYhCUNHo1CFvq4I=; b=mw0injXkqfcPBivxgXioSRuH7kMDx4pYb3COMs64YvXFaGvnVrjingxBizrBhooqhn VYjBjz6DKXiLkXxyxT/siI9dl1CJHvTBG2MwQu13LbiiuecWzOXZqwVNOsOEmwfiYsRK KArWWmWVmfrIXURK6o9t1a//pJv5jANCq7kjYvbJCQyd2jxIK45qjymzCiJgWFVib9sl Cd37xP3uqjEsL4mLiVK/EylVgiWAvtiphFZAV9RS5yWD0MASGeHSeiwdNr3lwsRFZ990 yFWX8NmlMlCu74llOUquzTQJZHxbUO0RCoCxjlpdgi+5vVPbKVxz8shByRb9gTN6f/a4 bBAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=YtG4J8Z7ytPmtTR371X8Yk6KphlgXYhCUNHo1CFvq4I=; b=Z6aMKjbGq3pDz0nY/5JpiiMzLg26wDYh+xetjvqXMZgtFkbWQPsMlHPAcPBiDb21my WmJXxiQ69AZv9b4V6iniHNt2xVN5mB044vzA5c2MCFSDadnkiiOUYGrX0wN5X5nX+Lvs s9hzJoKKHuq3D9dK45bWk09LwIKqJ0Yx013X8Foiyv1QLU9KFR5V2pzl1I4tQYb1gVnE mG+5cH5MWBtR6FJcA238i3ioAFkL/aJ9w2Ntx/2sFZk3+doRYO00uqrFv2eXp4VGiUyD 0HqdVx8TlRM7HGHxSDb7HN4KfHD5v+8TefvBtDd3C7/yaKlNpoJH4u8fZLITpihMAXzh cE3A==
X-Gm-Message-State: ALoCoQkAuj1eMlKmgX81+NThSyoUG6GUiFz0iVePWYBGmTuOTwuSacWIOoSfr4LYPuTS7py2v5iZ
X-Received: by 10.129.75.214 with SMTP id y205mr38919837ywa.65.1438099037537; Tue, 28 Jul 2015 08:57:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.8.201 with HTTP; Tue, 28 Jul 2015 08:56:57 -0700 (PDT)
In-Reply-To: <BE811683-3BBA-40F0-B047-282DA7E774AA@nominum.com>
References: <20150723130715.12113.47480.idtracker@ietfa.amsl.com> <55B1ED14.6030501@gmail.com> <m1ZIZ4w-0000CbC@stereo.hq.phicoh.net> <CAKD1Yr2z6T86gmQMPZwbgFB4mdt7=xWNuei5jaQg=vpG7-zLVg@mail.gmail.com> <m1ZJdjZ-0000CcC@stereo.hq.phicoh.net> <20150727091241.GL84167@Space.Net> <m1ZJfOr-0000CgC@stereo.hq.phicoh.net> <C9C3FBC4-44F3-45D2-B8C4-3725396E5D40@nominum.com> <CAPi140Mx96dBgeaCkrsDD+-J85OZDo5Di+gHTBiaGDzYK2us4w@mail.gmail.com> <20150728115944.GZ84167@Space.Net> <CAPi140PKh64L=nr96pv3dn7FO_Y9pW162YzBT8kZHSMsedGYtQ@mail.gmail.com> <BE811683-3BBA-40F0-B047-282DA7E774AA@nominum.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Wed, 29 Jul 2015 00:56:57 +0900
Message-ID: <CAKD1Yr3pHBRk+BTOJOOSC=c6M4FNaumGEKwHvFW=ThED7M744g@mail.gmail.com>
To: Ted Lemon <ted.lemon@nominum.com>
Content-Type: multipart/alternative; boundary="001a113f3d0a4925f0051bf18655"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/N0XWQ7jvMKm8PD_ZAmuCMRdjoLc>
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] I-D Action: draft-colitti-v6ops-host-addr-availability-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2015 15:58:17 -0000

SLAAC might be ideal for this, but there are many (mostly enterprise /
university) network administrators who have stated they will never run
SLAAC.

One goal of this document is to ensure that even on networks don't run
SLAAC, then we as an industry don't end up with substantial deployments of
networks that provide too few addresses. That will over time pressure
devices to implement NAT66, and that would be suboptimal for everybody.

Privacy is only one of the many use cases in the draft. Another pretty
clear example is running VMs in your laptop. What are you going to do if
the network doesn't run SLAAC but provides you with exactly 1 IA_NA and you
want to run a VM? (Other than NAT66, I mean...)

On Tue, Jul 28, 2015 at 11:27 PM, Ted Lemon <ted.lemon@nominum.com> wrote:

> Having read the document, it seems a bit pie in the sky.   The idea that
> subdividing a prefix will give users privacy is nonsensical: if it is well
> known that ISP X provides a /48 to every home, then people will assume that
> all hosts in any given /48 in that ISP’s allocation will belong to the same
> person or same household.
>
> Given that, then if there is some performance reason for clustering
> multiple address assignments to the same host, the way to do it is to
> delegate a /120 to that host, and have a route to that /120 that points to
> that host.   If the host needs more than 256 addresses, delegate something
> bigger, or delegate multiple /120s.
>
> This is really easy to do.   It doesn’t give you a ton of privacy, but I
> don’t think it gives you less privacy than delegating a /64, and in some
> sense it gives you more because now you can do multiple allocations and
> still get the efficiency of address clustering, and the snooper doesn’t
> have as much information about address allocation patterns.
>
> And if you don’t want to do DHCPv6-PD, then SLAAC is actually ideal for
> this application, because you can in principle use a random number
> generator to produce the host part of the address, and just generate a
> bunch of random numbers with entropy so that a snooper can’t predict which
> addresses will be held in common by the same host.
>
> But I still really don’t see the point of this.
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email