IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Mark Smith <markzzzsmith@gmail.com> Fri, 29 April 2022 04:47 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D996C15E6F3; Thu, 28 Apr 2022 21:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.401
X-Spam-Level:
X-Spam-Status: No, score=0.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.998, HK_RANDOM_FROM=0.998, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zsQKUWRF0TsN; Thu, 28 Apr 2022 21:46:58 -0700 (PDT)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7571C14F741; Thu, 28 Apr 2022 21:46:58 -0700 (PDT)
Received: by mail-pj1-x102f.google.com with SMTP id o69so4772721pjo.3; Thu, 28 Apr 2022 21:46:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LzuTWdqIecFkBVVK9bg0HrtPjiyZBwQeJ3eccMEgD4o=; b=OZCUkweMm+nA1VhbxS8WaUUwJAGNThSKnUtmSIIXoYDXbrWYPAFCXtkQ4dYowIyb6b 2EALxvBKXbPVEEGGSGsp0fHVmmNnxYTG+NhMqDBWDai6Jn1AAM9wb8j7+SbEA0uSLUTs KhG14FnkoW5bCFRfa3iHp/i5GS4dYES1h7+9HciYSGbmLZ0osjBLAL84wrhYWHqSakV/ Q/h45fuDFunwoxrGKMwwClArszN9d9IWNiNY/OxlO+TgEvxWS0ohAxsdQtfG8GA+ylL0 t/GGdEZ4fapzIx9LSudvP7GahcrZl8IZ28ZuSpvq+M0ai6BPpR3SWu5oI0JiLUd10Yao yL7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LzuTWdqIecFkBVVK9bg0HrtPjiyZBwQeJ3eccMEgD4o=; b=LyyTfLscarUcbQyx9p6qlvTKtvZg+kzdqW3d7J7Q/CaBQ4slI8SMIDnEofYa697BrZ XxAxpkKK/Muh4wa4fGmzAQe+AEkVeZzpt1c2bEIVUjGqmlUJmNObTvM8V7jG3DTQ6f78 dUMnf3FEGoJ/s/g7CKwDP36bBoWBeUoV1vlgtOFf74rq/I5ykl2JXOHix4ED8pJOaDOW TRkvmVTSzokPie9aCzfbLsHJ+LltXNbtHTKYIsIF4xFZxMWdMofBXao48i0wzf0pEC8I 14qx3N6PJZIWc3saX6SPp/G68vEOp7hlaEncz1NfRZsB7fEzuUU+zcJ2shOupfCf3shC bTqw==
X-Gm-Message-State: AOAM530dSwq3aO3lnPrfumZFdQ4QavxRGtxnnBylO6bzvajpi7prMW33 Ugwh0fBtyPsaYhLkggZZBi5pm1Kuaaz5JwFbXcA=
X-Google-Smtp-Source: ABdhPJxc+G7AZJTrbtZ20MeTaEoL6M28mir5oSAM7MAV1uUHd586GGKEVRW99P1kGYEbWdR/n7bmgVVD7jGM5FsuTEA=
X-Received: by 2002:a17:90b:1e10:b0:1d9:a68a:144f with SMTP id pg16-20020a17090b1e1000b001d9a68a144fmr1896357pjb.17.1651207617926; Thu, 28 Apr 2022 21:46:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk> <CAFU7BAST-oNGpy4JvODDsf=8eS69hV8XCi8OgEHBkkoujRN3Rw@mail.gmail.com> <699f556a3eac41179a80d2cc8749a191@huawei.com> <CAO42Z2wiebCOPmtcEOJ3rOaZEpHE7qFZZTf5KLWybSsL6rOd9Q@mail.gmail.com> <CAM5+tA-PS6m3iD62MtueRKvYTMNyUHj4-4o__MZws8dvQkpAYA@mail.gmail.com>
In-Reply-To: <CAM5+tA-PS6m3iD62MtueRKvYTMNyUHj4-4o__MZws8dvQkpAYA@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 29 Apr 2022 14:46:30 +1000
Message-ID: <CAO42Z2y0vj8mfzJudeJZ5nyvHnU7S0Cpu-mQrbTFr_mDwX4BAQ@mail.gmail.com>
To: Nicholas Buraglio <buraglio@es.net>
Cc: Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>, 6man list <ipv6@ietf.org>, v6ops list <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000845ac705ddc3bb60"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Ncq3KHUxYBbnBadK1Z5KsRwhQIw>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2022 04:47:02 -0000

On Fri, 29 Apr 2022, 11:15 Nick Buraglio, <buraglio@es.net> wrote:

> Again, we're focusing on the wrong thing that is a tangent out of an
> example used to describe *why* we need the thing. We need something that is
> usable in a dual stacked environment that has similar attributes to ULA. If
> everyone here thinks ULA is fine (which I do not believe is the consensus),
> great. Let's say that.
>


We decided that when RFC4193 was published, also after site-locals were
deprecated in RFC3879, in 2004/2005. Many networking and telephony
protocols have provided link and/or network local private address spaces
that don't require getting address space from an central authority. In CLNS
it is 49.

ULAs were further endorsed in RFC6204, Basic Requirements for IPv6 Customer
Edge Routers. I've seen a number of CPE implement the ULA requirements in
that RFC (including in recent firmware for Google's Nest Wifi CPE.)

The only current issue is preference of GUAs over ULAs in RFC6724 default
address selection. That seems to have been made without reading of RFC4193,
because RFC4193 says:

"4.2.  Renumbering and Site Merging

   The use of Local IPv6 addresses in a site results in making
   communication that uses these addresses independent of renumbering a
   site's provider-based global addresses."

which is implicitly saying that ULAs need to be preferred over GUAs for DAs
and then SAs, when there is a choice between ULA and GUA DA, and then a
subsequent choice between a ULA and GUA SA,

and

" At the present time, AAAA and PTR records for locally assigned local
   IPv6 addresses are not recommended to be installed in the global DNS."

which is implicitly saying that hosts should be provided with ULA AAAAs
only when the ULA DA is likely reachable because the host is part of the
same ULA address domain i.e. split DNS.

RFC6724 seems to have assumed that ULA AAAAs are always in global DNS, so
ULAs are going to be far more unreliable most of the time than GUAs, so
GUAs should be preferred. ULA AAAAs appearing in global DNS is a fault, and
RFC6724 looks to then have been optimised for a fault situation.

Regards,
Mark.





If not, let's think about how to fix it - or at the very least update the
> draft to reflect its limitations. Ideological soapboxing about the merits
> or detriment of NAT isn't really gaining any ground either way. It is a
> tool in the toolbox. Some folks use it. Vilifying it is like hating an
> earthmover because it's not a Ferrari.
>
> nb
>
>
>
> ᐧ
>
> On Thu, Apr 28, 2022 at 6:03 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
>> On Fri, 29 Apr 2022 at 07:37, Xipengxiao
>> <xipengxiao=40huawei.com@dmarc.ietf.org> wrote:
>> >
>> > Hi Jen,
>> >
>> > Thank you for bringing this useful piece of information to light.  I
>> hope more people see it:
>> >
>> > > PCR DSS 4.0 (published in March 2022) does not mandate NAT for IPv6.
>> The text has been updated.
>> >
>> > That said, I very much agree with Kevin Meyer: "If you want more
>> Enterprises participating in the IETF discussions and improving IPv6
>> uptake, start thinking about meeting them where they are. And to be crystal
>> clear - NAT is where they are and where they will be for quite a while".
>> >
>> > My point is, given PCI DSS 4.0 (what Jen wrote as PCR DSS 4.0), we
>> should tell enterprises they no longer need NAT. But if some enterprises
>> still insist, respect their decision.
>>
>> Ignore them. IPv6 doesn't solve any problem they have, and adding NAT
>> to IPv6 still won't solve any problem they have, because IPv6 still
>> won't solve a problem they have.
>>
>>
>> Earth moving equipment manufacturer: "We think you should buy an earth
>> moving front end loader from us. They're great!"
>>
>> An Enterprise: "We don't need an earth moving front end loader, we're
>> an accountancy firm. It doesn't solve any problems we have."
>>
>> Earth moving equipment manufacturer: "What if we add a backhoe to it?"
>>
>> An Enterprise: "We're still an accountancy firm, we still won't need
>> it. We don't need to move dirt or dig holes. It still doesn't solve
>> any problem we have."
>>
>> Earth moving equipment manufacturer: "Oh, come on! You really should
>> buy one! We love our front end loaders. Everybody needs one. What if
>> we paint it green too?"
>>
>> An Enterprise: "Nope. Even though our corporate colours are green,
>> we're still an accountancy firm and we still won't need it. We've got
>> better things to spend $100K on."
>>
>>
>> Even government mandates to get enterprises to adopt a networking
>> protocol don't work - the Internet is supposed to be running CLNS by
>> now as mandated by governments around the world. (I expect Vint Cerf
>> was being nice while working on this rather than truly believing OSI
>> would take over.)
>>
>> Explaining the Role of GOSIP
>> https://www.rfc-editor.org/rfc/rfc1169.html
>>
>>
>>  It's more important to get enterprises to use IPv6 ASAP, than to
>> insist that they use the "right" IPv6 solution.
>> >
>>
>> Why is it important to get enterprises to use IPv6 ASAP?
>>
>>
>> Regards,
>> Mark.
>>
>>
>> > XiPeng
>> >
>> > -----Original Message-----
>> > From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Jen Linkova
>> > Sent: Thursday, April 28, 2022 12:53 PM
>> > To: Simon <linux@thehobsons.co.uk>
>> > Cc: 6man list <ipv6@ietf.org>; v6ops list <v6ops@ietf.org>
>> > Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about
>> wider operational input]]
>> >
>> > On Thu, Apr 28, 2022 at 11:15 AM Simon <linux@thehobsons.co.uk> wrote:
>> > > The IPv6 community needs to engage with this other regulatory
>> community to get them to bring their standard into the 21st century.
>> > >
>> > > As long as the PCI standard effectively mandates IPv4 & NAPT then
>> it’s going to be an uphill struggle.
>> >
>> > See my email I sent yesterday. PCR DSS 4.0 (published in March 2022)
>> does not mandate NAT for IPv6. The text has been updated.
>> >
>> > --
>> > SY, Jen Linkova aka Furry
>> >
>> > _______________________________________________
>> > v6ops mailing list
>> > v6ops@ietf.org
>> > https://www.ietf.org/mailman/listinfo/v6ops
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>>
>

v2.23.0 | Report a Bug | By Email