IETF Logo Mail Archive

Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Mark Andrews <marka@isc.org> Fri, 08 January 2021 02:03 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2A83A1027; Thu, 7 Jan 2021 18:03:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8moXa2OxbWJo; Thu, 7 Jan 2021 18:02:59 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8D753A1026; Thu, 7 Jan 2021 18:02:59 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 6C7B23AB0C8; Fri, 8 Jan 2021 02:02:59 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5A633160051; Fri, 8 Jan 2021 02:02:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 46B65160056; Fri, 8 Jan 2021 02:02:59 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Q7PVha7OvWtH; Fri, 8 Jan 2021 02:02:59 +0000 (UTC)
Received: from [172.30.42.68] (n114-75-149-106.bla4.nsw.optusnet.com.au [114.75.149.106]) by zmx1.isc.org (Postfix) with ESMTPSA id 4CD9C160051; Fri, 8 Jan 2021 02:02:58 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <AD20A505-14C4-4E8D-B28C-F237ECE55227@fugue.com>
Date: Fri, 08 Jan 2021 13:02:54 +1100
Cc: Philip Homburg <pch-ipv6-ietf-7@u-1.phicoh.com>, IPv6 Operations <v6ops@ietf.org>, IPv6 List <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <37D4E745-95A0-4B57-8FC7-D9DF0882FECF@isc.org>
References: <78D0D84C-53DB-4661-BA43-CFEB1F377BB4@isc.org> <AD20A505-14C4-4E8D-B28C-F237ECE55227@fugue.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/UigkeA-eTBQ4YkqDXIjgWGZvKCg>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2021 02:03:02 -0000


> On 8 Jan 2021, at 12:43, Ted Lemon <mellon@fugue.com> wrote:
> 
> Who determines what names to use?  What is the scope of the names? How is uniqueness guaranteed in that scope?

One would recommend using suffix names that are already registered to the organisation, individual in the DNS.
The example names I used where using the individuals suffix (id.au) but the idea is to leverage the existing global DNS to provide uniqueness.  If you don’t have a domain name generate a random 160 bit number and base32 encode it (like NSEC3) or similar and append .home.arpa to it.  If you are publishing into the global DNS you have a registered name to use as a suffix.  If you aren’t publishing into the global DNS you need to ensure the names don’t clash with any in the global DNS, <label>.home.arpa qualifies.   If you don’t like home.arpa, register a another name to be the default suffix labels.

>> On Jan 7, 2021, at 20:18, Mark Andrews <marka@isc.org> wrote:
>> 
>> 
>> 
>>> On 8 Jan 2021, at 02:08, Ted Lemon <mellon@fugue.com> wrote:
>>> 
>>>> On Jan 7, 2021, at 9:55 AM, Philip Homburg <pch-ipv6-ietf-7@u-1.phicoh.com> wrote:
>>>> I can see a few benefits of Mark's proposal. One is that it is good to
>>>> have a standard representation of information. In particular,
>>>> Mark's proposal would make it possible to have a master zone file that has
>>>> both public and private DNS entries. Then a split-DNS server could serve
>>>> only the public data to the outside world. 
>>> 
>>> That’s a good point, although it would still be a good point if this were just a feature of the zone file and not of the wire format.
>>> 
>>>> At the same time, I think it would be great if we can put link-local addresses
>>>> in DNS. 
>>> 
>>> That sounds like a really heavy lift.
>>> 
>>>> It may tie in nicely with scope IDs in socket addresses. If a DNS
>>>> record specifies that is valid only on a VPN link, then maybe we can already
>>>> tie the address to that link. No need to change applications, it can be
>>>> hidden in the stub resolver.
>>> 
>>> Now we need to standardize a way to identify links. This is a Hard Problem. I say this based on experience, not supposition. HNCP tried to do this, not as successfully as I’d hoped. I’ve been working on it for the Thread Border Router work, and haven’t come up with a general solution. Sure, if you have a data center and a managed multi-subnet LAN, and you can just type in configurations, this works, but most networks aren’t like that.  I think the VPN case is probably tractable, but it’s really hard to see a path to broad adoption for this idea.
>> 
>> 
>> My idea would be that there would also be a RA option(s) which advertised the names in the SA records that where applicable to the link.  Implicit to that is that there would be a API that allows getaddrinfo() to retrieve the
>> RA options for individual links and for all links on the node.  getaddrinfo() would use the later.  The former would be used to construct UPDATE requests for the DNS etc.  LLSANAME (link-local SA name), ULASANAM (ULA SA name), and perhaps others.
>> 
>>> If there is a path to broad adoption, it probably involves bottom-up work, not top-down design. Most of the ideas I’ve had about this that I think are practicable are very context-dependent. E.g., you can identify that you are on the same link because you received a link-scoped multicast.
>>> 
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>> 
>> -- 
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email