IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt

Nick Hilliard <nick@foobar.org> Wed, 09 November 2022 12:47 UTC

Return-Path: <nick@foobar.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50662C14F732 for <v6ops@ietfa.amsl.com>; Wed, 9 Nov 2022 04:47:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XE2ajRHw5oom for <v6ops@ietfa.amsl.com>; Wed, 9 Nov 2022 04:47:31 -0800 (PST)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3827C14F693 for <v6ops@ietf.org>; Wed, 9 Nov 2022 04:47:29 -0800 (PST)
Received: from cupcake.local (admin.ibn.ie [46.182.8.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netability.ie (Postfix) with ESMTPSA id 2F2CC9EA9E; Wed, 9 Nov 2022 12:47:25 +0000 (GMT)
To: Mark Smith <markzzzsmith@gmail.com>
Cc: V6 Ops List <v6ops@ietf.org>
References: <166787013771.45604.8636622079744458317@ietfa.amsl.com> <CAFU7BAQV5eeO3EKWXyTYDnsnAUhLCi-j-b7tkAJ5K79+-qSN9g@mail.gmail.com> <90963634-b469-a959-321c-8431e21dae85@foobar.org> <CAO42Z2yoveziP3wz0oDCQjPrs=zkLLfaJ2z0tePocPQjZFZSAQ@mail.gmail.com> <a4887c00-fec1-39f7-1362-2ac08e545072@foobar.org> <CAO42Z2z8kLCoU+=G1mOHrKnaXufCat5WZ-F7KqbUdJUhZ2iY-A@mail.gmail.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <ed4d98ac-4164-b451-5d85-197f0f8d80b7@foobar.org>
Date: Wed, 09 Nov 2022 12:47:23 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:52.0) Gecko/20100101 PostboxApp/7.0.58
MIME-Version: 1.0
In-Reply-To: <CAO42Z2z8kLCoU+=G1mOHrKnaXufCat5WZ-F7KqbUdJUhZ2iY-A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/W1pZ1_nukianPuO989_YCmt6UNM>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 12:47:33 -0000

Mark Smith wrote on 08/11/2022 22:16:
> These problems fundamentally exist because hosts are in a position to 
> create state in network elements without getting authorisation and 
> therefore exhaust that state capacity

The IETF designed slaac with a specific philosophy in mind, namely that 
the network client should not be especially constrained by the policies 
of the network operator. Part of this approach included giving slaac a 
default free-for-all in terms of number resource acquisition inside any 
particular prefix. So this didn't happen by accident - it was a 
fundamental design choice.

> This is not a new problem, IPv4 ARP caches have always been vulnerable 
> to state capacity exhaustion.

You're correct that it's not a new problem: for mechanisms like 
DHCP/ipv4, static/ipv4 and static/ipv6, the client needs to set out to 
go out of its way to claim network resources.  With DHCPv6, the problem 
can be managed by setting per-client limits.  What's different with 
SLAAC is that unconstrained resource acquisition is enabled by default 
and there's no option to disable or constrain the behaviour.

Nick

v2.23.0 | Report a Bug | By Email