IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

David Farmer <farmer@umn.edu> Mon, 02 May 2022 15:04 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A58EC159A30 for <v6ops@ietfa.amsl.com>; Mon, 2 May 2022 08:04:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OoFDGLJV-Wm for <v6ops@ietfa.amsl.com>; Mon, 2 May 2022 08:04:13 -0700 (PDT)
Received: from mta-p6.oit.umn.edu (mta-p6.oit.umn.edu [134.84.196.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76ECBC159A23 for <v6ops@ietf.org>; Mon, 2 May 2022 08:04:12 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 4KsRFR2yqwz9vmdY for <v6ops@ietf.org>; Mon, 2 May 2022 15:04:11 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOalj8HIOnwb for <v6ops@ietf.org>; Mon, 2 May 2022 10:04:11 -0500 (CDT)
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 4KsRFQ6q6pz9vmdm for <v6ops@ietf.org>; Mon, 2 May 2022 10:04:10 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p6.oit.umn.edu 4KsRFQ6q6pz9vmdm
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p6.oit.umn.edu 4KsRFQ6q6pz9vmdm
Received: by mail-ej1-f70.google.com with SMTP id nd34-20020a17090762a200b006e0ef16745cso6905426ejc.20 for <v6ops@ietf.org>; Mon, 02 May 2022 08:04:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jyp9kVpaKgDk3YlxBXeP+ns+fxtg17TidFX4aMMyME0=; b=TOhFlELhEwqxZX+iob1Z+OR2p3CjD/a49b0aMElpTYWlx+L2sMX9K2oOdyULrE+hfa Vqw8WOnnSXsWEI/KPa9U2KuNfh/33HNZ86YV9OFM30s6p8+NnQaXrtRB8Z/BdCe9zm96 cLa+MXEX/+1iR2nJd4GWeWntbjTVelH5CbXUokISsNEJ0rxuwWBXaRMQqInGl1E5q4Lf uvoz6I1nx0PnB88kHMgbWycw3QWRCAtLqV76iuvyjqrQML3zLbPTrlbK9tRza8K0h6ZC S0q6MTFW8oBaWA2eC6cvqwtmZ+ZzVj+6c/RL9BAjbU7+ZR42/sNIYgtxglbKabgSC+xx vfsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jyp9kVpaKgDk3YlxBXeP+ns+fxtg17TidFX4aMMyME0=; b=A3Ic0un5tw3G6OIyAMaoAIHTosJNXhFBTlp5cuPwUOMPSA4Dtwp4RclQSkO4WYgMwO ixF/z2JGvFN3jL+2vPX51t3EZWIfD2P8M4KqXFH2EbG+W5KEFLKNUot/Q2+6/1VmiHmk /8YaVBZ0qJV5udLBMAaFUkzzS4ewKbP+MqVTZ2J6nWpGX8CK6dgg5vgTVBx7f2WELXex 5Cj76ijFtWyMmkNohVEOAxgrbENSe0t8MstS/cAHcv+xqzhNLt4MQt7QwT8GDNpsW7Ql 6+h1tZ18cAlroOvBKLXNRTvdsIcchIZmr0qZVArXyAMZYugbHPOCZeS3e/6KD/+tQTVn R6vw==
X-Gm-Message-State: AOAM532VCjBA6ieAPyYSS7TzaJ/nZlabjnuvU/ABU0NQvyj72gerOkBR G++koVKbLKYjFtJtINhwwEnzfn5uR6cY5uFafKTH7X7mLM7LJ0C1hPRYP9uLiznEG3ySgtnga3U RWQDELPWFmrYnx+D3gBqIBRTl3w==
X-Received: by 2002:a05:6402:2214:b0:425:d6ed:de5d with SMTP id cq20-20020a056402221400b00425d6edde5dmr13514105edb.383.1651503849474; Mon, 02 May 2022 08:04:09 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzglYB8X756RObU5O4E5YPj6ufK3g5hwdpECzWsKDAUkZ54pjnRspAqF7ubZ+zc3VMa01EYRQiTb5IwWKJnj3Y=
X-Received: by 2002:a05:6402:2214:b0:425:d6ed:de5d with SMTP id cq20-20020a056402221400b00425d6edde5dmr13514077edb.383.1651503849103; Mon, 02 May 2022 08:04:09 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk> <CAFU7BAST-oNGpy4JvODDsf=8eS69hV8XCi8OgEHBkkoujRN3Rw@mail.gmail.com> <699f556a3eac41179a80d2cc8749a191@huawei.com> <CAO42Z2wiebCOPmtcEOJ3rOaZEpHE7qFZZTf5KLWybSsL6rOd9Q@mail.gmail.com> <CAN-Dau1FV-uEkX1S7vOEVxggjcNvUVTmokPAEOiapxPTySN-vw@mail.gmail.com> <CAPt1N1mk8Qv1anXohCJaiH0WWn-BkS4mr=ffyF0cCaE7CM314w@mail.gmail.com> <CAE=N4xf_wRPQeChkfXWxj7+Do8jp2U6hDtjH+-RUNis+ynMRbQ@mail.gmail.com> <CAM5+tA__Gegt5fR1UFwshm7DKDVMDpFsJK2jMG6Z6Yo79Noc3A@mail.gmail.com> <59b90d7184194a84a0c53b616796dec0@huawei.com> <BN8PR07MB70767C3EC7B68EF1D2286CFE95FC9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAN-Dau3iyP7sMUsiP3ckYEpkLoQK-bpgKnDn6d4Ci7f9V_5CPw@mail.gmail.com> <14c97051cbeb4e20b4b1103c894cd602@huawei.com> <CAN-Dau2s+MxdC1xc9xM=Gs2x5Ak9nh0uv-m5_nYGPHymZMUJsw@mail.gmail.com> <CAO42Z2yJjcQp4C4FXy-vfs+O0Bxaa+pBg0rOpiAmN1xF-TGK5Q@mail.gmail.com>
In-Reply-To: <CAO42Z2yJjcQp4C4FXy-vfs+O0Bxaa+pBg0rOpiAmN1xF-TGK5Q@mail.gmail.com>
From: David Farmer <farmer@umn.edu>
Date: Mon, 02 May 2022 10:03:52 -0500
Message-ID: <CAN-Dau3a9zxT1W=2d=8MDT7nz90=WhG7Ff2xOjfm8=Z8YYsPBw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Vasilenko Eduard <vasilenko.eduard@huawei.com>, 6man list <ipv6@ietf.org>, Kevin Myers <kevin.myers@iparchitechs.com>, v6ops list <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000045779c05de08b409"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/TjX0fCBNqoGM0hf3UozKQC2iyxY>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2022 15:04:18 -0000

On Mon, May 2, 2022 at 7:32 AM Mark Smith <markzzzsmith@gmail.com> wrote:

>
>
> On Mon, 2 May 2022, 13:51 David Farmer, <farmer=40umn.edu@dmarc.ietf.org>
> wrote:
>
>> ...
>> I believe RFC 6724 is correct, ULAs that are not known to be local,
>>
>
> If a host is given a ULA as a candidate DA, then it is to be considered
> local and reachable, because per RFC4193, ULA addresses are not to appear
> in global DNS.
>

So IFF, the ULA addresses are not learned from DNS, and I'm not sure that
is a safe assumption. For example, RFC 5220 section 2.2.2 seems to imply
ULAs within the DNS, which is one of the referenced sections in the first
paragraph of 10.6.

Further, as noted in RFC 5220 section 2.1.4, again one of the referenced
sections in the first paragraph of 10.6;

If the ULA is used for internal communication, packets with the ULA need to
be filtered at the Router.


That being the router at the Internet boundary for the local network. Your
statement also assumes such filtering is present, and again that doesn't
seem to be a safe assumption.

So, IFF ULAs are not in the DNS, and ULAs are filtered at the Internet
boundary for the local network, can a host assume a ULA given as a
candidate DA, is in fact local and not a remote ULA address.

And at least in my personal experience and the problems as stated in RFC
5220, seems to indicate those conditions are not reliably the case. Put
another way, the assumption that a ULA given as a candidate DA is in fact a
local ULA, and not a remote ULA, is probably only true for well-run and
well-configured networks.  And I for one would like IPv6 to operate as
robustly as possible and work even when a network is misconfigured in some
way(s).

Remember, RFC 6724 was intended to deal with issues that caused traffic to
be black-holed when IPv6 was enabled, and as a result, many people were
simply disabling IPv6, so let's be careful not to go back to those days.

should be considered remote and GUA IPv6 and IPv4(both GUA and RFC 1918)
>> should be considered more reliable than any possibly/probably remote ULA
>> prefix. Where RFC 6724 failed, is not to require the known to be local ULAs
>> to be added to the table, so ULA will function as intended.
>>
>> Thanks
>>
>
Thanks.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email