IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt

Jen Linkova <furry13@gmail.com> Thu, 10 November 2022 15:08 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E84A9C1522BD for <v6ops@ietfa.amsl.com>; Thu, 10 Nov 2022 07:08:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.856
X-Spam-Level:
X-Spam-Status: No, score=-1.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3BFSV0Efq9q for <v6ops@ietfa.amsl.com>; Thu, 10 Nov 2022 07:08:33 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5439C1522C2 for <v6ops@ietf.org>; Thu, 10 Nov 2022 07:08:33 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id c1so3800865lfi.7 for <v6ops@ietf.org>; Thu, 10 Nov 2022 07:08:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=09fokvZvPNzTC4U8+LFxFK1xRqmwFjxirsWv8YX/IqE=; b=RowaZUWKqhw9pG4l2XRLI/y3rqsvPb26tExPj4Q/oaR7/YF09PQ1vPM6URthO58v9a A9paaAsAeAD5NaIbJP4f4q/V4Z9txv0LKvVN9NWQPCH2zhYvO7JAOLQB1y3iIlPE1NMf ltPsujBizf4dB0Wc0PT6IDkar50fdN8ERkcUKCJVEYD7DmGrxm78kVlQwab+z9Fdo9/d gk2cCm+tQZQ1SG9ou/5BGGWLQSnN1gDyJotsLObEyf6ALZBTelH6thjSkUxOxCaWoch1 +dK5skfvVjFQOJ2dbUmcSYz4k7k1XMWHpXJfx9WLW5r5BoG+QTbzpTXAhoVol1keDQDG 7ynA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=09fokvZvPNzTC4U8+LFxFK1xRqmwFjxirsWv8YX/IqE=; b=t8m9sM59QvngVIee4Qa1dMUSXqf5Bn2nrB5hypok3Q4ynFMqD/ENPR0/ZzsahU15jP Exf4JQt6ds5d7vVt+0viZfPVa+KJKo5S6G2UNTPKSEUwgjK+5H+Cout1aWpzBsnBj45J gqxL/ga1cHDDOpFUo/gSEZwT0DrNyxSCPb0l04ODCSA5rKEiB9W7mWFshBhRS3hO8yFk qcpH/hh23tVfExQIQ4s37onhUkMPL+aR20it9y8dneXxisLibOXYTe7sDQvqqn5lf2T1 G7VN4kA/U1YtNRhS5nDzS+UQVujisWA5T9wia1NAoD8UEUVw8o7MVUZI+9DgQfxsaaAM floA==
X-Gm-Message-State: ACrzQf11QkdA5X80M6TmiBrz4kgPREkPdnf/rqJhpGFdwcdPUszHAw1k fUIj9DfzfLvKU6pT/bz5afUv/fjkOnLCi2GEHkl+OKWBSbn7Xw==
X-Google-Smtp-Source: AMsMyM68ImdaeJlhgKcFetVfMGPWUTX72/vtzn9cMEzz09B+8Hq0cwgIQJ8boqYcTs88agHIis4LvuLy2EfCpOC9suA=
X-Received: by 2002:a19:645e:0:b0:4a6:49d3:23b1 with SMTP id b30-20020a19645e000000b004a649d323b1mr24424075lfj.473.1668092912057; Thu, 10 Nov 2022 07:08:32 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BAQmSqaZhrQ0YH-1ryp2DfZH6z5B1icR=Wc_W=sdBExuEA@mail.gmail.com> <EE3F6D3C-EC05-4B23-917D-46BA7E49BC61@employees.org> <CAKD1Yr2ZonxFr2jX5bc6eNdPfixsjSheSRDTesaPxE_3WWPF0Q@mail.gmail.com> <DE0A9B08-C1A4-42CC-8817-C67BBEFC2A14@cisco.com>
In-Reply-To: <DE0A9B08-C1A4-42CC-8817-C67BBEFC2A14@cisco.com>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 11 Nov 2022 02:08:20 +1100
Message-ID: <CAFU7BARM=Ey-Np4o_LUMvJZ1xQcmT4coywKpJohPUZY9LjZvEA@mail.gmail.com>
To: "Eric Levy- Abegnoli (elevyabe)" <elevyabe=40cisco.com@dmarc.ietf.org>
Cc: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Ole Troan <otroan=40employees.org@dmarc.ietf.org>, V6 Ops List <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/VlS5D1cF3aZfK0HKMIqm4um2UoQ>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2022 15:08:38 -0000

On Fri, Nov 11, 2022 at 1:28 AM Eric Levy- Abegnoli (elevyabe)
<elevyabe=40cisco.com@dmarc.ietf.org> wrote:
>
> The minimum requirement (draft says 20) is definitely not a good idea, as it depends so much on use cases. The value could easily vary from 2 (datacenter, dhcp assigned addresses, 1 LL, one global) to thousands (RFC4389 proxy on the path to the limiting device).

Indeed the actual number does depend on the specific case. The default
value should, IMHO, work for the majority of devices.
I chose '20'  because of RFC7934, but I'm flexible.
I didn't want to really repeat what RFC7934 already said but let's
look at the very minimal numbers for an ordinary host:

- one link-local
- two global (privacy + stable)
- one 464XLAT address.
So it's 4.

That number jumps to 5 when the privacy addresses are rotated.
When I'm doing a graceful remunering, replacing /64 assigned for the
subnet, it would be 7.
Depending on how long the device keeps the addresses in the cache (a
day? a week?) it could see multiple privacy addresses.
So I'd say we shouldn't be recommending anything less than 10 anyway.

> That is another thing which is a very bad idea: LRU. These limiting devices are not routers in the vast majority of cases, they are switches (including wireless controllers and APs). This is because they need to sit as close as possible to the offending device.
> Typically, these devices can see multicast packets (DAD is the only one that is guaranteed to happen, sort-of…), not unicast.  SAVI switches entirely rely on DAD for instance. Punting unicast ND packets, and even worse data packets to the CPU of a switch so that it can figure out which addresses are LRU may be quite problematic to say the least.  LRU with just DAD would be a joke, as it only tells you when the entry was created. A crystal ball would be better in my opinion.

Well, I'm reading
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/ipv6.html
"At any given time, only eight IPv6 addresses are supported per
client. When the ninth IPv6 address is encountered, the controller
removes the oldest stale entry and accommodates the latest one."

So at least one vendor does smth like that already ;)

> The rest of the draft is fine: logging, configuring, all good common sense. Is it worth a draft? I don’t think so.

The motivation for this is that, based on my discussion with the
vendors, they need some guidance on what the default value should be,
Indeed, I can go and talk to various vendors 1:1, but I might fail
reaching some ;)

> A draft that would establish any sort of two way communications between the host and the network would be a lot more valuable.

Please come to the v6ops@ session tomorrow, I'll talk about it.

> On Tue, Nov 8, 2022 at 2:13 PM Ole Troan <otroan=40employees.org@dmarc.ietf.org> wrote:
>
> A requirement like that would be perfectly fine in an RFQ. Less so in an RFC.
>
>
>
> Ok, so then let's see *what* would be acceptable to put into an RFC.
>
>
>
> The draft says that the hardware must allow the operator to configure the limits that the network places on the hosts, and should do something reasonable when the limit is hit, such as drop the address that was used least recently. I don't see how any of these statements can be controversial and it makes sense for them to be in an RFC. These hosts do exist (example: ChromeOS), and if a network operator (example: Jen) wants to support them, then it should be possible to do so.
>
> The draft also says that if the network does not allow enough addresses per client for current implementations, those implementations will experience user-visible outages. As I see it, that's simply a fact (those implementations do exist, and they do fail), so I don't see how it could be controversial.
>
>
>
> The thing that there doesn't seem to be consensus on is whether the IETF can/should place a minimum requirement on the number of addresses.
>
>
>
> Did I miss something?
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops



-- 
SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email