IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 28 August 2018 04:27 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E49112D949; Mon, 27 Aug 2018 21:27:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9x5gzS18Sld; Mon, 27 Aug 2018 21:27:05 -0700 (PDT)
Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 095431274D0; Mon, 27 Aug 2018 21:27:05 -0700 (PDT)
Received: by mail-pg1-x541.google.com with SMTP id t14-v6so190455pgf.0; Mon, 27 Aug 2018 21:27:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Fjr/SiLPiNdI+bWgSXS70Z9rfqgx8PtFSkN5BTh0qyY=; b=nRiKHiu4IHL+BOw3aGaApxMqvTrE0slS17UpndiaQLOJOzsjQ7XfU4y/1uJad0PrzT jxLnoQX5BK9lGZcM0bujCyczrxNKxH+RwvCz+oRc+K2LGLBaRAZPZDcyoA/Wm3iNQCij pLUhqpfRyyQzmTEbzvsKph+j/G71h+sUI2XGkipnMTaU691whCKzs+bSG1Lvvy1OzxJo 6zG9YKilbuPTqxu+nIyBqeHW9Hn//oCEsgR8fTRmBrb+lKjt3yUb+/DKxEnySkdyv1Fa l9wRS2PaH5zzOCr9+3KMDeQTFd8r6n+xn0eSRR83KzwyoO291kkCjVAHEVwdklfnbbhr IzOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Fjr/SiLPiNdI+bWgSXS70Z9rfqgx8PtFSkN5BTh0qyY=; b=VHfAdeJOwx2SzxbWUUCdLinWcA7DeKmWEX1nzShyqGv4cayOCzaV1jMw1QpjObDcdk z3HrhZBLSLEfTCt/DKPtNLIB1MhQWtmhr/FA9Nx44K/axnh2oBvkCerlGRn13WV3vOoh Ltitv9n/Tq8NG/qGGybdzAKwU++C5FY0er5mbbYBVfKM/APdbnrpLwUcLaKVn+qOCXqN 3KTvgwic3I+r/DjfozPE0CSYPC6oeyhPTYGsdrxheQt9yoBDVZFq5L/RbvgmPucXohDV MwPh87NUcsAW+zp6/4eTHJKU3yphCCiv8TceuyzpGDI3LYoIFBPvPKj6wwoMa2Mi3kwZ U/pw==
X-Gm-Message-State: APzg51DHYOeQ2JumoYtHld5p7eGB24Rx5Hopx2ipK/P9QoDLrYiLX8w3 ZnVS+Ol3Y9nBuTNlJaiOpix71O0i
X-Google-Smtp-Source: ANB0VdbeCuq69AXvhSj3LIMVOpKPHeRrph/fV71+4Q4YCptiMGvFNu/dQ5aliivMjDTKWlxwNrZUjg==
X-Received: by 2002:a62:5ec3:: with SMTP id s186-v6mr17232810pfb.146.1535430424158; Mon, 27 Aug 2018 21:27:04 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.68.33]) by smtp.gmail.com with ESMTPSA id t86-v6sm1134795pfe.109.2018.08.27.21.27.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Aug 2018 21:27:03 -0700 (PDT)
To: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>, Lea Roberts <lea.roberts@stanford.edu>, JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org>
Cc: "draft-palet-v6ops-rfc6177-bis@ietf.org" <draft-palet-v6ops-rfc6177-bis@ietf.org>, IPv6 Operations <v6ops@ietf.org>
References: <153017691583.14743.17000446834856511528@ietfa.amsl.com> <78a36a81-3bb3-9d47-aa06-8da8f7594677@gmail.com> <C040E02F-7BEC-4FF9-8585-BE380B6859DE@consulintel.es> <alpine.DEB.2.02.1807191054090.7979@networking.stanford.edu> <9142206A0C5BF24CB22755C8EC422E459CB44344@AZ-US1EXMB03.global.avaya.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <f1bc1848-abe0-553e-0fdf-623eb0d1a871@gmail.com>
Date: Tue, 28 Aug 2018 16:26:58 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <9142206A0C5BF24CB22755C8EC422E459CB44344@AZ-US1EXMB03.global.avaya.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/TGO1k8cWOfhUjZiywzcrewuFvh0>
Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 04:27:08 -0000

On 2018-08-28 06:23, Mudric, Dusan (Dusan) wrote:
> Section 4.
> "   b.  An end-user should be able to receive any prefix length up to /48
>        simply by asking."
> 
> Can  this be defined in a way to make sure that new applications and devices will always work at end sites without a need for asking ISPs for extra address space? Otherwise, the end-user might not get what he/she asks for, without paying for the "higher grade" service. Can the definition impose up to /48 LAP when needed at end sites? For example, can an application request a home router to request an ISP for /48 prefix and, when requested, ISP must grant it?

Unfortunately we can never say "must" in this context. What ISPs will provide
for what fee is well outside the IETF's competence. As observed on another
thread, applications need to be agile, even if they work better if such a
request was granted.

I'd say that once this update is done, it may be time to revisit
RFC4084.

Regards
    Brian

> 
> Regards,
> Dusan Mudric.
> 
>> -----Original Message-----
>> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Lea Roberts
>> Sent: Thursday, July 19, 2018 2:08 PM
>> To: Brian E Carpenter <brian.e.carpenter@gmail.com>; JORDI PALET
>> MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org>
>> Cc: draft-palet-v6ops-rfc6177-bis@ietf.org; IPv6 Operations
>> <v6ops@ietf.org>
>> Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
>>
>> hi Brian and Jordi -
>>
>> excellent comments and I agree also.
>>
>> thank you!!
>> /Lea
>>
>> On Thu, 19 Jul 2018, JORDI PALET MARTINEZ wrote:
>>
>>> Hi Brian,
>>>
>>>
>>>
>>> Thanks a lot for commenting and sorry the late answer ... too busy last
>> weeks.
>>>
>>>
>>>
>>> Comments in-line below (subjected to my co-author agreement), basically,
>> agree with all your inputs, except a couple of points.
>>>
>>>
>>>
>>> Thanks!
>>>
>>>
>>>
>>> Regards,
>>>
>>> Jordi
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -----Mensaje original-----
>>>
>>> De: v6ops <v6ops-bounces@ietf.org> en nombre de Brian E Carpenter
>> <brian.e.carpenter@gmail.com>
>>>
>>> Organizaci?n: University of Auckland
>>>
>>> Fecha: domingo, 8 de julio de 2018, 17:43
>>>
>>> Para: <draft-palet-v6ops-rfc6177-bis@ietf.org>, IPv6 Operations
>> <v6ops@ietf.org>
>>>
>>> Asunto: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
>>>
>>>
>>>
>>>    Hi,
>>>
>>>
>>>
>>>    Thanks for this draft.
>>>
>>>
>>>
>>>    > Abstract
>>>
>>>
>>>
>>>    This needs to be shorter. Three paragraphs is too much.
>>>
>>>
>>>
>>> For the next version, I've reduced 50% the length of the 1st paragraph. 3rd
>> paragraph, I recall is mandatory (IDNits).
>>>
>>>
>>>
>>>
>>>
>>>    > ... policy should reflect that assignment of a single subnet is
>>>
>>>    > no longer appropriate unless the recipient explicitly agrees to the
>>>
>>>    > limitations implied by such an assignment.
>>>
>>>
>>>
>>>    I *strongly* suggest deleting the "unless" clause. It leaves a
>>>
>>>    loophole, and it could easily be hidden in shrink-wrap terms
>>>
>>>    and conditions so that a subscriber would agree without even
>>>
>>>    knowing about it. Reduce this simply to:
>>>
>>>
>>>
>>>       ... policy should reflect that assignment of a single subnet is
>>>
>>>       never appropriate.
>>>
>>>
>>>
>>> Agreed and done.
>>>
>>>
>>>
>>>
>>>
>>>    > 1.  Introduction
>>>
>>>    ....
>>>
>>>    >    1.  It is extremely discouraged that /128s be given out.  While there
>>>
>>>    >        may be some cases where assigning only a single address may be
>>>
>>>    >        justified, a site, by definition, implies multiple subnets and
>>>
>>>    >        multiple devices.
>>>
>>>
>>>
>>>    I find this a bit weak. Try:
>>>
>>>
>>>
>>>       1.  It is extremely discouraged that /128s be given out.  While there
>>>
>>>           may be some applications where assigning only a single address may
>> be
>>>
>>>           tolerated, a site, by definition, implies multiple subnets and
>>>
>>>           multiple devices. Also, a /128 prevents any form of privacy-based
>>>
>>>           addressing.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    >    4.  This revision has been created to more clearly assert the
>>>
>>>    >        requirement to ensure that address assignments to end-sites
>>>
>>>    >        provide a sufficiently big number of subnets (/64 on classic
>>>
>>>    >        networks) to each end-site, taking under consideration the end-
>>>
>>>    >        site's future expected needs, new deployment expectations and
>> new
>>>
>>>    >        protocol requirements, among others.  Once all these are
>>>
>>>    >        considered, it seems unlikely that a single subnet (/64) or even
>>>
>>>    >        a small number of them should be assigned, unless very clearly
>>>
>>>    >        justified and agreed to by the end-site.
>>>
>>>
>>>
>>>    The "unless" clause is dangerous because of shrink-wrap terms and
>>>
>>>    conditions. I suggest deleting it.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    > 2.  Considerations Regarding the Prefix Length
>>>
>>>    ....
>>>
>>>    >    This consideration should be noticed, across this document, in the
>>>
>>>    >    sense that end-sites usually have subnets that use, by default,
>>>
>>>    >    SLAAC, and consequently, the LAP is mandatorily a /64.  Other
>>>
>>>    >    technologies, may have a different LAP, which must be used
>>>
>>>    >    accordingly.
>>>
>>>
>>>
>>>    I suggest s/Other/Future/ since /64 prevails everywhere today.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    > 3.  On /48 Assignments to End-Sites
>>>
>>>    ....
>>>
>>>    >    An important
>>>
>>>    >    goal in IPv6 is to significantly change the default and minimal end
>>>
>>>    >    site assignment, from "a single address" to "multiple networks" and
>>>
>>>    >    to ensure that end-sites can easily obtain address space.
>>>
>>>
>>>
>>>    I suggest adding something like this:
>>>
>>>
>>>
>>>    As the operational costs of carrier-grade NAT and address+port sharing
>>>
>>>    have shown, availability of multiple addresses and prefixes to end sites
>>>
>>>    that need them will be a considerable saving to their ISPs.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    >    It might be tempting to give home sites a single /64, since that is
>>>
>>>    >    already significantly more address space compared with today's IPv4
>>>
>>>    >    practice.  However, this precludes the expectation that even home
>>>
>>>    >    sites will grow to support multiple subnets going forward.  Hence, it
>>>
>>>
>>>
>>>    s/expectation/certainty/
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    ....
>>>
>>>    >    A key goal of the recommendations in [RFC3177] is to
>>>
>>>    >    ensure that upon renumbering, one does not have to deal with
>>>
>>>    >    renumbering into a smaller subnet size.
>>>
>>>
>>>
>>>    Perhaps add:
>>>
>>>
>>>
>>>    In particular this would apply to any site that switches to
>>>
>>>    an ISP that provides a longer prefix.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    >    It should be noted that similar arguments apply to the management of
>>>
>>>    >    zone files in the DNS.  In particular, managing the reverse
>>>
>>>    >    (ip6.arpa) tree is simplified when all links are numbered using the
>>>
>>>    >    same subnet ids
>>>
>>>
>>>
>>>    s/numbered/renumbered/
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    ....
>>>
>>>    >    years, and we don't recover back the /48's, we will be able to use
>>>
>>>    >    IPv6 addressing space for over 100.000 years.
>>>
>>>
>>>
>>>    Perhaps add:
>>>
>>>
>>>
>>>    This document does not advocate careless use of address space, but
>>>
>>>    there is objectively no reason to be restrictve.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    ....
>>>
>>>    >    Today typically, a home has already a considerable number of possible
>>>
>>>    >    subnets (a common CE has 4 LAN ports, 2 WiFi radios which support
>>>
>>>    >    several SSIDs each one, VoIP subnet, IPTV subnet, additional VLANs)
>>>
>>>    >    and if downstream routers are used, there is a need for further
>>>
>>>    >    subnets.  This means that in a short term, assigning a /60 (16
>>>
>>>    >    subnets), it is already a really bad decision, as it may enforce IPv6
>>>
>>>    >    NAT between the main CE and downstream routers.
>>>
>>>
>>>
>>>    I suggest deleting "as it may enforce IPv6 NAT between the main CE and
>>>
>>>    downstream routers". Firstly it puts NAT into the reader's mind. Secondly,
>>>
>>>    it isn't the only solution - IIDs shorter than 64 could also be implemented.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    > 4.  Impact on IPv6 Standards
>>>
>>>
>>>
>>>    I propose to simply delete this section.
>>>
>>>
>>>
>>>    Firstly, RFC3056 is deprecated so it's irrelevant today.
>>>
>>>    Secondly, the argument about ULAs (RFC4193) doesn't hold up.
>>>
>>>    ULAs are like any other /48 prefix - if you are forced to
>>>
>>>    renumber into a longer prefix, you lose some subnet bits.
>>>
>>>    That is already covered in the middle of section 3 (the
>>>
>>>    "key goal" sentence quoted above).
>>>
>>>
>>>
>>>
>>>
>>> I recall we deprecated the 6to4 anycast, but not 6to4, in fact 6to4 to 6to4
>> traffic is still useful for peer to peer.
>>>
>>>
>>>
>>>    > 6.  Security Considerations
>>>
>>>    >
>>>
>>>    >    This document has no known security implications.
>>>
>>>
>>>
>>>    Really? More prefix space offers more potential for scanning
>>>
>>>    attacks. More prefix space also allows the use of slightly
>>>
>>>    randomized prefixes and/or prefix-per host.
>>>
>>>
>>>
>>>    Also of course, a /128 would prevent any form of privacy-based
>>>
>>>    addressing.
>>>
>>>
>>>
>>> I've introduced new text on those points.
>>>
>>>
>>>
>>>    > 8.  Acknowledgements
>>>
>>>    >
>>>
>>>    >    The authors of this document will like to acknowledge the authors of
>>>
>>>    >    previous versions (Thomas Narten and Geoff Huston)
>>>
>>>
>>>
>>>    RFC3177 was signed by the whole IAB and IESG seated in 2001, and its
>>>
>>>    Acknowledgements read:
>>>
>>>
>>>
>>>    >>    This document originated from the IETF IPv6 directorate, with much
>>>
>>>    >>    input from the IAB and IESG.  The original text forming the basis of
>>>
>>>    >>    this document was contributed by Fred Baker and Brian Carpenter.
>>>
>>>    >>    Allison Mankin and Thomas Narten merged the original contributions
>>>
>>>    >>    into a single document, and Alain Durand edited the document
>> through
>>>
>>>    >>    its final stages.
>>>
>>>
>>>
>>> Agreed!
>>>
>>>
>>>
>>>    Regards
>>>
>>>        Brian
>>>
>>>
>>>
>>>    _______________________________________________
>>>
>>>    v6ops mailing list
>>>
>>>    v6ops@ietf.org
>>>
>>>    https://urldefense.proofpoint.com/v2/url?u=https-
>> 3A__www.ietf.org_mailman_listinfo_v6ops&d=DwIDaQ&c=BFpWQw8bsuKp
>> l1SgiZH64Q&r=UT3Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=-
>> 5rgYq_nYMbSH2HXHnHFCFi2KDYzOClhSiLn0au8Wu0&s=iEq1tUDbeQL4f3SLM
>> f1-xihjJYT0KAAN_BWTl9-779c&e=
>>>
>>>
>>>
>>>
>>>
>>>
>>> **********************************************
>>> IPv4 is over
>>> Are you ready for the new Internet ?
>>> https://urldefense.proofpoint.com/v2/url?u=http-
>> 3A__www.consulintel.es&d=DwIDaQ&c=BFpWQw8bsuKpl1SgiZH64Q&r=UT3
>> Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=-
>> 5rgYq_nYMbSH2HXHnHFCFi2KDYzOClhSiLn0au8Wu0&s=GMRLdItF8yKbUdE9
>> NuXE-U48uk7OHNuEijym9jhE--s&e=
>>> The IPv6 Company
>>>
>>> This electronic message contains information which may be privileged or
>> confidential. The information is intended to be for the exclusive use of the
>> individual(s) named above and further non-explicilty authorized disclosure,
>> copying, distribution or use of the contents of this information, even if
>> partially, including attached files, is strictly prohibited and will be considered a
>> criminal offense. If you are not the intended recipient be aware that any
>> disclosure, copying, distribution or use of the contents of this information,
>> even if partially, including attached files, is strictly prohibited, will be
>> considered a criminal offense, so you must reply to the original sender to
>> inform about this communication and delete it.
>>>
>>>
>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://urldefense.proofpoint.com/v2/url?u=https-
>> 3A__www.ietf.org_mailman_listinfo_v6ops&d=DwIDaQ&c=BFpWQw8bsuKp
>> l1SgiZH64Q&r=UT3Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=-
>> 5rgYq_nYMbSH2HXHnHFCFi2KDYzOClhSiLn0au8Wu0&s=iEq1tUDbeQL4f3SLM
>> f1-xihjJYT0KAAN_BWTl9-779c&e=

v2.23.0 | Report a Bug | By Email