Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-01.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 04 June 2022 20:58 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABBB2C14F75F for <v6ops@ietfa.amsl.com>; Sat, 4 Jun 2022 13:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.739
X-Spam-Level:
X-Spam-Status: No, score=-2.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.876, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4bVRLZbAnscK for <v6ops@ietfa.amsl.com>; Sat, 4 Jun 2022 13:58:06 -0700 (PDT)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94345C14F723 for <v6ops@ietf.org>; Sat, 4 Jun 2022 13:58:06 -0700 (PDT)
Received: by mail-pj1-x102a.google.com with SMTP id j7so9863160pjn.4 for <v6ops@ietf.org>; Sat, 04 Jun 2022 13:58:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=PUcmgGdfyiZZDg5+hoLujoQT8W+FFHNBUt82U1ItQyQ=; b=n2cmUuLejlzBNtze3uWuH7N9QxQmD172meMzGMao5wWH3jfEhByoO91DE6+fi9jXVz vsbFyWORXM46jcwfjuZ9uVNdUao+k6nemcLfszXBBuvT4a2RAPz1vEE7VHKhrOTVHD5H AAax94ZY9I3fqWYficE5rBznc+0i2NYg5wNSE1VVErkH/AEjCAVM3FwdGsI4JXnPnaSK WD9g/x7cA8/EzzLGK7fVCad6OpcSbKIanWGzSutgxiXNwwIahmQQHdY+eHFQS9+y9nXj TkEuUBE9kUt1L2v/uhHfOdZIgdUnFOPcHWCHFWnPF4YveH4ynTNzFUZY+Ry284D4e/5R 1hBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=PUcmgGdfyiZZDg5+hoLujoQT8W+FFHNBUt82U1ItQyQ=; b=Q6gqvn8dVss5P4BwWESzpObkUuCyvYn4EfqohYHFqcb+WLQjSIxUjZW0NtBarNRJmn 5p87OjIOabAneDdLdzmQLXokwTopwKmMBTpm664rw9QVgkJs3u6FQMj1Vrs+fAfdSn0w yWoZgBPTjC/iC3HWuT609qgS8sgZPJdRrGOYvO1RfTghJd5YzklrJr6hQI6vnA4He5UR JHVTWxocpbISTaR2e3q99rAde2lKxUPKhLEnmFXl44nyQdM7jS6250ErWbeoi9Ohx5sl FjYbs+uI8eXb6KpFX9TB1hI2c+DNSI6AgwryqvmcjPCRpo2Qn38r9btR3AsR98QUojK6 kVxw==
X-Gm-Message-State: AOAM533GlAGeyj7AOwIITmRHqIH8hTdWItM1IFW0rgFhTw9Ck8wgXaO7 twM9YIpTQhZIhBcYyH0mjDzePxtxntnMxA==
X-Google-Smtp-Source: ABdhPJyWnKG0KpADZHa1ndCxIJPCRYBvtUnNSMPgGMJ3OYWAj6DYWzwo5y9cVdQq8W2RnpNVFI139g==
X-Received: by 2002:a17:902:ef48:b0:159:51d:f725 with SMTP id e8-20020a170902ef4800b00159051df725mr16554676plx.47.1654376285628; Sat, 04 Jun 2022 13:58:05 -0700 (PDT)
Received: from ?IPv6:2406:e003:1005:b501:80b2:5c79:2266:e431? ([2406:e003:1005:b501:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id jh14-20020a170903328e00b0015e8d4eb2a8sm7691697plb.242.2022.06.04.13.58.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 04 Jun 2022 13:58:04 -0700 (PDT)
To: buraglio@es.net, Ed Horley <ed@hexabuild.io>
Cc: IPv6 Operations <v6ops@ietf.org>
References: <165064500009.9969.16134230557484818454@ietfa.amsl.com> <87aa5bcf-05cf-d170-1efb-d9caa6b48e6c@gmail.com> <CAM5+tA8P1iSwYArY_Qch=AiA4kw7m=ajHjKjeB5KmHgbeU8MHg@mail.gmail.com> <CAE=N4xecVTZL5dGwn4pQNtkubE_Y4a6dFdD4Wx5MCYX7yWUA8A@mail.gmail.com> <cfb9bf48-4d8e-0549-bc7b-dabd46f34b95@gmail.com> <CAE=N4xf-j1gtuWJqsytBmgtgyS8FX-0=ux3_ZAMF+XtBAo9gUQ@mail.gmail.com> <CAM5+tA81zmFeD9s90exDUzi080AFvLv3P-4sTjWvOcG478PS6A@mail.gmail.com> <CAM5+tA8XjujZdR1SUgDEOuCCLM=6cm2yoMtbiwt5P-G9pY_eeA@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <6211e9f5-8592-5ec9-a01b-7642a68f7338@gmail.com>
Date: Sun, 05 Jun 2022 08:58:02 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <CAM5+tA8XjujZdR1SUgDEOuCCLM=6cm2yoMtbiwt5P-G9pY_eeA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/SMq4qrOFN1p_kW9PukpGRXb9d3Y>
Subject: Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2022 20:58:10 -0000
Nick,
I think you should point out that RFC6724 also purports to define the solution in section 10.6, and that this actually works, except that the mechanism is o/s dependent and is not, as far as I know, supported by an RA-based signal from the router, a DHCPv6 option, or a NETCONF mechanism. The
only mechanisms available appear to be local config on the host [1].
If a host was required to configure a policy entry as per section 10.6 whenever a new ULA prefix was announced by an RA, I think we would get the required behaviour. (There could be a config option to disable that, although it's hard to imagine it ever being the wrong thing to do.)
The only alternative to that seems to be a wrapper for getaddrinfo() like
I prototyped [2].
Regards
Brian
[1] https://mailarchive.ietf.org/arch/msg/v6ops/3MVHjxnvbNd5tOqyzIOzTrBKzVk/
[2] https://mailarchive.ietf.org/arch/msg/v6ops/W1-I0RDb3F2F5B8CEx_bpYsXdRk/
On 03-Jun-22 08:38, Nick Buraglio wrote:
> Circling back around to re-ignite some discussions about this draft. I am planning to be at the next IETF, is there anything else folks would like addressed in this current document? Other details to discuss? https://datatracker.ietf.org/doc/draft-buraglio-v6ops-ula/ <https://datatracker.ietf.org/doc/draft-buraglio-v6ops-ula/>
>
> nb
>
>
> ᐧ
>
> On Tue, May 17, 2022 at 9:39 AM Nick Buraglio <buraglio@es.net <mailto:buraglio@es.net>> wrote:
>
> I am definitely available to help this along. I incorporated the last suggested changes a week or so ago.
> nb
>
>
>
> ᐧ
>
> On Tue, May 17, 2022 at 9:36 AM Ed Horley <ed@hexabuild.io <mailto:ed@hexabuild.io>> wrote:
>
> Thanks, Brian, anything specific Nick, myself, and others can do around helping to document the problem space better? Maybe jump on a working call/session to chat through it?
>
> On Mon, May 16, 2022 at 10:47 PM Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
>
> Ed,
>
> This is a topic where the WG basically failed some years ago, by being unable to reach a consensus around draft-ietf-v6ops-ula-usage-recommendations. I still think that is unfortunate, but at least we need
to agree on the problem space and what needs to be fixed. Whether Nick's draft needs to be either adopted or published as an RFC isn't clear yet, but I think it's very important to document the problem space first. So I'd say we should encourage the draft & its author for a little longer, before deciding
> about adoption.
>
> Regards
> Brian
>
> On 17-May-22 07:01, Ed Horley wrote:
> > I was curious what the process is for moving this to v6ops WG draft? I know several folks have requested this, sorry for my ignorance on the matter. I feel it wouldn't it make sense to get that done given that Brian and others are working on issues for RFC 6724 and there seems to be more discussion around the ULA topic in general. Thoughts?
> > - Ed
> >
> > On Tue, May 10, 2022 at 9:01 AM Nick Buraglio <buraglio@es.net <mailto:buraglio@es.net> <mailto:buraglio@es.net <mailto:buraglio@es.net>>> wrote:
> >
> > I added some additional verbiage based on your suggestions and addressed the NIT.
> >
> > nb
> >
> > On Sun, May 8, 2022 at 6:23 PM Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com> <mailto:brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>>> wrote:
> >
> > Hi,
> >
> > Thanks for this draft. I have a few comments (and a tiny nit at
> the end).
> >
> > > The core issue
is the stated interpretation from gai.conf that has the following default:
> > >
> > > #scopev4 <mask> <value>
> > > # Add another rule to the RFC 6724 scope table for IPv4 addresses.
> >
> >
> > I'm not sure why this matters. RFC6724 is quite correct to indicate that
> > most IPv4 unicast addresses formally have global scope, but auto-config
> > and loopback addresses have link-local scope. IPv6 is pretty much the
> > same, and in particular
ULAs have *global scope* even though they are
> > not globally reachable.
RFC1918 addresses are identical to ULAs
> in
> > that respect.
> >
> > Citing RFC4291 and https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1 <https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1> <https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1 <https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1>>
> > would clarify the difference between global scope (architectural) and
> > globally reachable (practical). What we care about here is whether an
> > address is globally reachable ("no" for both RFC1918 and ULA, although
> > they are both architecturally global). Unfortunately this distinction is
> > lacking in the description of gai.conf and, I suspect, in the code of
> > Linux getaddrinfo().
> >
> >
> > What I think is lacking
in the draft is an explanation of how
> > getaddrinfo() works and
why it matters. Here's a walkthrough that
> > I hope will help clarify what I mean:
> >
> > Consider an end-user network with the following properties:
> >
> > It is dual stacked.
> > It uses 10.1.0.0/16 <http://10.1.0.0/16> <https://streaklinks.com/BCrgR95yMi36cGo4vgrfW-nn/http%3A%2F%2F10.1.0.0%2F16 <https://streaklinks.com/BCrgR95yMi36cGo4vgrfW-nn/http%3A%2F%2F10.1.0.0%2F16>> (NATted to the Internet).
> > It uses (or wants to use) fdee:face:fade::/48 for internal IPv6.
> > It uses 2001:db8:fade::/48 for external IPv6
> >
> > We'll neglect for now whether it has a subnet structure. It shouldn't
> > matter.
> >
> > Consider a host user.mynet.example.com <http://user.mynet.example.com> <http://user.mynet.example.com <http://user.mynet.example.com>>, a local server printer.mynet.example.com <http://printer.mynet.example.com> <http://printer.mynet.example.com <http://printer.mynet.example.com>>,
> > and a remote server www.theirnet.example.com <http://www.theirnet.example.com> <http://www.theirnet.example.com <http://www.theirnet.example.com>>. Assume they have these various
> > addresses:
> >
> > user.mynet.example.com <http://user.mynet.example.com> <http://user.mynet.example.com <http://user.mynet.example.com>> has:
> >
> > 10.1.0.1
> > fdee:face:fade::1
> > 2001:db8:fade::1
> >
> > printer.mynet.example.com <http://printer.mynet.example.com> <http://printer.mynet.example.com <http://printer.mynet.example.com>> has:
> >
> > 10.1.0.10 (A record in local DNS)
> > fdee:face:fade::a
(AAAA record in local DNS)
> >
> > www.theirnet.example.com <http://www.theirnet.example.com> <http://www.theirnet.example.com <http://www.theirnet.example.com>> has:
> >
> > 192.0.2.15 (A record in global DNS)
> > 2001:db8:cafe::f (AAAA record in global DNS)
> >
> > What do we *want* to happen?
> >
> > If user opens a connection to printer, we want it to choose
> > SA = fdee:face:fade::1
> > DA = fdee:face:fade::a
> >
> > If user opens a connection to www, we want it to choose
> > SA = 2001:db8:fade::1
> > DA = 2001:db8:cafe::f
> >
> > Now, if user does a DNS
lookup, via getaddrinfo(), the results
> > will look like this (in
the Python universe):
> >
> > For printer:
> >
> > (<AddressFamily.AF_INET: 2>, 0, 0, '', ('10.1.0.10', 0))
> > (<AddressFamily.AF_INET6: 23>, 0, 0, '', ('fdee:face:fade::a', 0, 0, 0))
> >
> > For www:
> >
> > (<AddressFamily.AF_INET6: 23>, 0, 0, '', ('2001:db8:cafe::f', 0, 0, 0))
> > (<AddressFamily.AF_INET: 2>, 0, 0, '', ('192.0.2.15', 0))
> >
> > At this point, consider
what RFC6724 says:
> >
> > As a consequence, we intend that implementations
> of APIs such as
> > getaddrinfo() will use the destination address selection algorithm
> > specified here to sort the list of IPv6 and IPv4
> addresses that they
> > return. Separately, the IPv6 network layer
> will use the source
> > address selection algorithm when an application or upper layer has
> > not specified a source address.
> >
> > Thus, to get the desired behaviour, what matters is destination
> > address selection: if we select DA = fdee:face:fade::a, then the
> > ULA source address will
follow.
> >
> > Of course this is a small matter of programming, and most programmers
> > just pick the first address. That's why we need the Section 10.6
> > mechanism of RFC6724, to insert an appropriate precedence like
> >
> > fdee:face:fade::/48 45 14
> >
> > which will prioritize local use of ULAs but will change nothing
> > for off-site access.
> >
> > At that point in my thinking, I started coding the program that
> > I posted yesterday.
> >
> > Nit:
> >
> > s/gai.cnf/gai.conf/
> >
> > Regards
> > Brian
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org <mailto:v6ops@ietf.org> <mailto:v6ops@ietf.org <mailto:v6ops@ietf.org>>
> > https://www.ietf.org/mailman/listinfo/v6ops <https://www.ietf.org/mailman/listinfo/v6ops> <https://www.ietf.org/mailman/listinfo/v6ops <https://www.ietf.org/mailman/listinfo/v6ops>>
> >
> > ᐧ
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org <mailto:v6ops@ietf.org> <mailto:v6ops@ietf.org <mailto:v6ops@ietf.org>>
> > https://www.ietf.org/mailman/listinfo/v6ops <https://www.ietf.org/mailman/listinfo/v6ops> <https://www.ietf.org/mailman/listinfo/v6ops <https://www.ietf.org/mailman/listinfo/v6ops>>
> >
> >
> >
> > --
> > Ed Horley
> > ed@hexabuild.io <mailto:ed@hexabuild.io> <mailto:ed@hexabuild.io <mailto:ed@hexabuild.io>>| (925) 876-6604
> > Advancing Cloud, IoT, and Security with IPv6
> > https://hexabuild.io <https://hexabuild.io> <https://hexabuild.io/ <https://hexabuild.io/>>
> > And check out the IPv6 Buzz Podcast at https://packetpushers.net/series/ipv6-buzz/ <https://packetpushers.net/series/ipv6-buzz/> <https://packetpushers.net/series/ipv6-buzz/ <https://packetpushers.net/series/ipv6-buzz/>>
>
>
>
> --
> Ed Horley
> ed@hexabuild.io <mailto:ed@hexabuild.io>| (925) 876-6604
> Advancing Cloud, IoT, and Security with IPv6
> https://hexabuild.io <https://hexabuild.io/>
> And check out the IPv6 Buzz Podcast at https://packetpushers.net/series/ipv6-buzz/ <https://packetpushers.net/series/ipv6-buzz/>
>
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… otroan
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Ed Horley
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Fred Baker
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Ed Horley
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Nick Buraglio
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-… David Farmer