IETF Logo Mail Archive

Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Wed, 06 January 2021 18:56 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5961C3A1143; Wed, 6 Jan 2021 10:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.161
X-Spam-Level:
X-Spam-Status: No, score=-2.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fc_re41DPrij; Wed, 6 Jan 2021 10:56:08 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 977013A1135; Wed, 6 Jan 2021 10:56:08 -0800 (PST)
Received: from [10.0.0.129] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 6744E2838B1; Wed, 6 Jan 2021 18:56:04 +0000 (UTC)
To: Ted Lemon <mellon@fugue.com>
Cc: Gert Doering <gert@space.net>, IPv6 Operations <v6ops@ietf.org>, Philip Homburg <pch-ipv6-ietf-7@u-1.phicoh.com>, ipv6@ietf.org
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <m1kx98E-0000EhC@stereo.hq.phicoh.net> <b53b5d62-0334-f791-f56a-f2122767ecdb@si6networks.com> <m1kxAVC-0000KhC@stereo.hq.phicoh.net> <c236e635-518b-fb51-5024-901ec4677c5d@si6networks.com> <20210106162652.GX13005@Space.Net> <1ddf8850-a8cb-53a7-31bc-7433d5a984f2@si6networks.com> <1089BC1B-A8E6-4BF5-BB3E-FD440181DB56@fugue.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <b24b2ebf-e836-adf2-401e-07be96df6deb@si6networks.com>
Date: Wed, 06 Jan 2021 14:34:13 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <1089BC1B-A8E6-4BF5-BB3E-FD440181DB56@fugue.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/QEEUzBzAlJSrMG4sRrE1Ns4m-DY>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 18:56:12 -0000

On 6/1/21 14:10, Ted Lemon wrote:
> On Jan 6, 2021, at 11:46 AM, Fernando Gont <fgont@si6networks.com 
> <mailto:fgont@si6networks.com>> wrote:
>> I have Raspberry Pis that deploy here and there. In order to be able 
>> to access them, they use dynamic DNS to post their addresses on their DNS.
>> If I don't look at the properties of the addresses, then I end up 
>> puting crap on the DNS. One straightforward consequence is that many 
>> apps that don't do Happy Eyeballs end up having an insane 
>> connection-establishment period, if they happen to try the unusable 
>> addresses first.
>>
>> So "find all your IPv6 addresses and post them to the DNS" doesn't work.
> 
> It is of course not even obvious how to solve this, because sometimes 
> you do want ULA in DNS, and sometimes you don’t. And it depends on what 
> DNS. If you are doing split DNS, then you can scope the DNS that 
> advertises ULAs only to serve those networks where those ULAs are 
> in-scope. The DNS that is advertised globally would of course contain no 
> ULAs. How this is arranged is either a matter of local configuration or 
> an interesting topic of future work, depending on how you look at it.

What I do is set up to different names. e.g.:

node.mydomain,com  for the global addresses, and,
node-local.mydomain.com for the non-global addresses.

In the case of apps that are expected to be available only to local 
nodes (e.g., mDNS) the daemon might want to explicitly bind() a ULA, 
rather than bind() the wildcard "address". So the app gets an extra 
layer of isolation as a result of the address scope. And probably also 
gets more stability, since in most cases the ULA prefix will be 
generated by the local router and thus be stable, while the global 
prefix may end up being dynamic.


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email