IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-design-choices-04.txt

Mark ZZZ Smith <markzzzsmith@yahoo.com.au> Mon, 23 February 2015 09:04 UTC

Return-Path: <markzzzsmith@yahoo.com.au>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA7DD1A0358 for <v6ops@ietfa.amsl.com>; Mon, 23 Feb 2015 01:04:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.201
X-Spam-Level: ***
X-Spam-Status: No, score=3.201 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HK_RANDOM_REPLYTO=0.999, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jx20ywYo3b8Z for <v6ops@ietfa.amsl.com>; Mon, 23 Feb 2015 01:04:38 -0800 (PST)
Received: from nm33-vm7.bullet.mail.gq1.yahoo.com (nm33-vm7.bullet.mail.gq1.yahoo.com [98.136.216.246]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F10201A038A for <v6ops@ietf.org>; Mon, 23 Feb 2015 01:04:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.au; s=s2048; t=1424682277; bh=hEKh1hEOtL1rlkC5ZG9Dhwv1Og5Xfi2kZsF4ayQnm6k=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=iJ/FxMDZ8S3RV/JILszfuj9imZ9Q4hOAFlONVOP915pXc6bgBHLJOsBRcfCZrRrf+QJPFooRZk3YRo/huSMHo7xTOuc/bfSZ7Xfa5atE/U6MU7mtwfbpNXcTQHUaFtwclGtIBXKn9aiw3IDDfiC3lj1LG9GJGCzAeGwLkCjn5x60C7nLwd07q1wj0fUtzJWmYpbySqxDjGPOfAx4VdZevkUZDyamQcaK/ZGEuLtBHWxq2O8q1MX+TH5PMMhVQDeIxdoMWM16D3jbF8bWiAePt1wS94jiSrrkcw3mIrqzBtc11ggfjHJfet27OUwkt3oMXHrPxqQmaxBNH2DlUrvn9A==
Received: from [127.0.0.1] by nm33.bullet.mail.gq1.yahoo.com with NNFMP; 23 Feb 2015 09:04:37 -0000
Received: from [216.39.60.182] by nm33.bullet.mail.gq1.yahoo.com with NNFMP; 23 Feb 2015 09:01:47 -0000
Received: from [98.139.214.32] by tm18.bullet.mail.gq1.yahoo.com with NNFMP; 23 Feb 2015 09:01:47 -0000
Received: from [98.139.215.229] by tm15.bullet.mail.bf1.yahoo.com with NNFMP; 23 Feb 2015 09:01:47 -0000
Received: from [127.0.0.1] by omp1069.mail.bf1.yahoo.com with NNFMP; 23 Feb 2015 09:01:47 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: 348216.58116.bm@omp1069.mail.bf1.yahoo.com
X-YMail-OSG: WS0iaj8VM1k1smSzlvgG95SKwfDxlEhJ24WgJspIXJnq2obYl0sbKBnQI41WuwP iIu8gsj2YZFi9KPlAmdnDmQH1z68s8HBQONUcB7WyaWCRMy8HV0ON7oAIQ0Rm6z9k9lgLca7C5VZ iaZhjwlu4OLODE2nTQA6BcRzbrQN7SN8fL.QeKYzLW3yDein0Wtx_NPUQzb7s.AtX1ZMeu6lW_8Q EUpJOQ0c1q0UQJzoAqbaTsM4i3YDtoeaXOCd9co.51x3hvNlLyLfIpS4W._tVvekFWJbMcleBduH 8vzdynoTyeWbpuRUrtge10kE1KCvzqWbAWF0gqFpPrjoLQyVXk5Z.eFFbaH0k_HT1tYi3mFhByUb Rv9ud3ByDSd3FZYqM2b93TTwJmt61SG.yFa94yeRgkLd5rY2.M92ZMlCIclUwt0CLD_X55gjr.E3 fS4hkzc7Q5nFnGQqOy.KW8hh3htEBc.FyiG4xI76lFfsUvwfki.pmq5GdDEIhv.4ioRIs3jZbe4k bHJ9IjRcjH7blCw0o4Dwd0DoED5HC2LIIHiyjWXFGjjhSRM34LySx
Received: by 66.196.80.114; Mon, 23 Feb 2015 09:01:46 +0000
Date: Mon, 23 Feb 2015 09:01:39 +0000
From: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
To: Philip Matthews <philip_matthews@magma.ca>
Message-ID: <1184650378.7552509.1424682099969.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <53DB2211-946B-4C0C-AB8D-50398E25CFAA@magma.ca>
References: <53DB2211-946B-4C0C-AB8D-50398E25CFAA@magma.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/XwCdZeL7UqfJ_gduOwZa10KAm7k>
Cc: v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-design-choices-04.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 09:04:40 -0000

Hi Philip,


----- Original Message -----
From: Philip Matthews <philip_matthews@magma.ca>
To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
Cc: v6ops list <v6ops@ietf.org>
Sent: Sunday, 22 February 2015, 14:40
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-design-choices-04.txt


On 2015-02-19, at 23:13 , Mark ZZZ Smith wrote:

> Hi,
> 
> 
> ----- Original Message -----
> From: Philip Matthews <philip_matthews@magma.ca>
> To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
> Cc: v6ops list <v6ops@ietf.org>
> Sent: Friday, 20 February 2015, 14:09
> Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-design-choices-04.txt
> 
> Mark:
> 
> Thanks for your comments.  Replies inline.
> 
> Philip
> 
<snip> 
> /"Have global and/or unique-local addresses assigned in addition to link-locals" would probably read better.
DONE

/There is a loose ')' in there though ;-)

> 
> /One thought about when to use 'addresses' verses 'prefixes'. I and I think a lot of other people think at the level of assigning a prefix to a link, with the assumption and implication that all interfaces attached to the link would normally have addresses from each of the on-link prefixes. The case where link attached interfaces wouldn't have addresses from all of the present prefixes would be an exception (e.g., in IPv4, when the subnet is too small, or in IPv6, perhaps when migrating a prefix off of a link, or when the prefix has been configured on a stateful DHCPv6 server, but not all hosts have asked for addresses from it.)
> 
> / "2.1.2.  Interfaces with Only Link-Local Addresses?" seems to be written from with the unstated assumption that all interfaces will have addresses from all on-link prefixes. As that isn't an IPv6 requirement, I think it would be best to state that assumption, and that there may be situations where that is not the case. 
> 
> / More broadly, it seems that although interfaces are where addresses are assigned, this whole topic is really about whether to assign certain types of prefix to a link or not (and therefore implicitly all link-attached interfaces), rather than to individual interfaces or not. So I wonder if it might be a bit clearer if the perspective was changed slightly from addresses assigned to interfaces (implicitly all interfaces on a link) to prefixes assigned to links, and then stating the assumption that in most cases all interfaces will get addresses from all on-link prefixes. 

Interesting comment.  However, I confess that I am not seeing how this section might be rewritten.  Note that this section is just trying to contrast zero vs non-zero numbers of GUAs and/or ULAs, and not discuss one vs two vs ... GUAs/ULAs.

/ I understand what it is trying to contrast, and I'd describe it as contrasting whether to have just a link-local prefix on the link, or whether to add one or more GUA and/or ULA prefixes to the link. 

/ If that description is correct, then it is assuming that all interfaces attached to the link will get addresses from what ever prefixes are present on the link. Yet the text, by being 'Interface' oriented', rather than 'link oriented' implies that it is a decision that would be made on a per-interface rather than a per-link basis. Technically it can be made on a per-Interface basis, but commonly isn't.

Perhaps you could give an example or two of rewritten sentences?

/ How about something like this:

2.1.2. Link-local prefix only links?

The Link-local prefix is automatically present on links on which IPv6 is operating over, as all IPv6 interfaces are required to have a Link-Local address [RFC4291]. Link-local addresses are or can be used for IPv6 operation or applications when the source and destination are on-link [RFC4007][RFC5942][RFC6724]

To provide on-link nodes with the ability to reach off-link destinations, or for off-link sources to reach on-link destinations, one or more GUA and/or ULA prefixes need to be present on the link. Note that although it is not required, it is common and likely that the attached nodes' link-attached interfaces will have addresses from all of the present GUA and/or ULA prefixes, as the nodes will be likely to automatically participate in the SLAAC and/or stateful DHCPv6 address configuration protocols.

There are two advantages of interfaces that only have Link-Local addresses.  The first
advantage is ease of configuration.  In a network with a large number
of Link-Local only interfaces, the operator can just enable an IGP on each
router, without going through the tedious process of assigning and
tracking the addresses for each interface.  The second advantage is
security.  Since packets with Link-Local destination addresses should
not be routed, it is very difficult to attack the associated
nodes from an off-link device.  This implies less effort around
maintaining security ACLs.

(etc.)


Regards,
Mark.
 
> 
> 
> 
>> 
>> "Proper" support for multiple prefixes on a link is one of IPv6's enhanced capabilities over IPv4's. People should be encouraged to take advantage of it if it would be useful to them.
> 
> I agree, though it is not often I find an situation where I can take advantage of this.
> 
> / I think the case for ULAs is when link-local reachability is too small, and global scope reachability is too large, because it reduces security. For example, addressing internal only servers/services (e.g., network printers), or network equipment management addresses.
> 
> 
> 
> Regards,
> Mark.
> 
>> 
>> Regards,
>> Mark.
>> 
>> 
>> 
>> 
>> 
>> ----- Original Message -----
>> From: Philip Matthews <philip_matthews@magma.ca>
>> To: v6ops list <v6ops@ietf.org>
>> Cc: 
>> Sent: Thursday, 19 February 2015, 8:23
>> Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-design-choices-04.txt
>> 
>> Hi Everyone:
>> 
>> Victor and I just posted this update, which addresses the comments raised in Honolulu, and generally cleans up the draft. No really big changes, but lots of little changes.  
>> 
>> A few highlights:
>> * The wording in the title, abstract and introduction has been modified to narrow the scope of the document. The document no longer claims to cover all choices around designing IPv6 network, but just certain choices that are routing-related. This always been the de-facto situation, but now the introduction etc reflect this.  Some additional sentences saying "X is not covered here, see doc Y" have also been added. Thanks to Dave Thaler and Eric Vyncke for suggestions in this area.
>> * The text around using BGP sessions to link-local addresses has been updated after some email exchanges with Francis Dupont (co-author of RFC 2545), who observed that RFC 2545 forbids this (even though most vendors support it).
>> * The text around security of link-local addresses has been modified since some routers forward packets containing link-local source addresses. Thanks to Jen Lincova for pointing this out.
>> * The initial few sentences in a number of sections has been changed in an attempt to improve the document flow.
>> * The document now has a security considerations section. There is nothing earth-shaking here; Victor and I elected to just point to some existing documents that are relevant to the choices discussed in the document.
>> 
>> There were many other small changes to try to improve document wording and clarity, and I thank a number of my colleagues at Alcatel-Lucent for their helpful reviews.
>> 
>> Overall, Victor and I feel this new version is much improved, and we hope you guys will too. As always, we welcome further comments.
>> 
>> - Philip
>> 
>> On 2015-02-18, at 15:57 , internet-drafts@ietf.org wrote:
>> 
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the IPv6 Operations Working Group of the IETF.
>>> 
>>>      Title           : Some Design Choices for IPv6 Networks
>>>      Authors         : Philip Matthews
>>>                        Victor Kuarsingh
>>>   Filename        : draft-ietf-v6ops-design-choices-04.txt
>>>   Pages           : 17
>>>   Date            : 2015-02-18
>>> 
>>> Abstract:
>>> This document presents advice on certain routing-related design
>>> choices that arise when designing IPv6 networks (both dual-stack and
>>> IPv6-only).  The intended audience is someone designing an IPv6
>>> network who is knowledgeable about best current practices around IPv4
>>> network design, and wishes to learn the corresponding practices for
>>> IPv6.
>>> 
>>> 
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-v6ops-design-choices/
>>> 
>>> There's also a htmlized version available at:
>>> http://tools.ietf.org/html/draft-ietf-v6ops-design-choices-04
>>> 
>>> A diff from the previous version is available at:
>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-v6ops-design-choices-04
>>> 
>>> 
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>> 
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>> 
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
>>> 
>> 
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> 

 

> 
> 
> 
>> 
>> "Proper" support for multiple prefixes on a link is one of IPv6's enhanced capabilities over IPv4's. People should be encouraged to take advantage of it if it would be useful to them.
> 
> I agree, though it is not often I find an situation where I can take advantage of this.
> 
> / I think the case for ULAs is when link-local reachability is too small, and global scope reachability is too large, because it reduces security. For example, addressing internal only servers/services (e.g., network printers), or network equipment management addresses.
> 
> 
> 
> Regards,
> Mark.
> 
>> 
>> Regards,
>> Mark.
>> 
>> 
>> 
>> 
>> 
>> ----- Original Message -----
>> From: Philip Matthews <philip_matthews@magma.ca>
>> To: v6ops list <v6ops@ietf.org>
>> Cc: 
>> Sent: Thursday, 19 February 2015, 8:23
>> Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-design-choices-04.txt
>> 
>> Hi Everyone:
>> 
>> Victor and I just posted this update, which addresses the comments raised in Honolulu, and generally cleans up the draft. No really big changes, but lots of little changes.  
>> 
>> A few highlights:
>> * The wording in the title, abstract and introduction has been modified to narrow the scope of the document. The document no longer claims to cover all choices around designing IPv6 network, but just certain choices that are routing-related. This always been the de-facto situation, but now the introduction etc reflect this.  Some additional sentences saying "X is not covered here, see doc Y" have also been added. Thanks to Dave Thaler and Eric Vyncke for suggestions in this area.
>> * The text around using BGP sessions to link-local addresses has been updated after some email exchanges with Francis Dupont (co-author of RFC 2545), who observed that RFC 2545 forbids this (even though most vendors support it).
>> * The text around security of link-local addresses has been modified since some routers forward packets containing link-local source addresses. Thanks to Jen Lincova for pointing this out.
>> * The initial few sentences in a number of sections has been changed in an attempt to improve the document flow.
>> * The document now has a security considerations section. There is nothing earth-shaking here; Victor and I elected to just point to some existing documents that are relevant to the choices discussed in the document.
>> 
>> There were many other small changes to try to improve document wording and clarity, and I thank a number of my colleagues at Alcatel-Lucent for their helpful reviews.
>> 
>> Overall, Victor and I feel this new version is much improved, and we hope you guys will too. As always, we welcome further comments.
>> 
>> - Philip
>> 
>> On 2015-02-18, at 15:57 , internet-drafts@ietf.org wrote:
>> 
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the IPv6 Operations Working Group of the IETF.
>>> 
>>>      Title           : Some Design Choices for IPv6 Networks
>>>      Authors         : Philip Matthews
>>>                        Victor Kuarsingh
>>>   Filename        : draft-ietf-v6ops-design-choices-04.txt
>>>   Pages           : 17
>>>   Date            : 2015-02-18
>>> 
>>> Abstract:
>>> This document presents advice on certain routing-related design
>>> choices that arise when designing IPv6 networks (both dual-stack and
>>> IPv6-only).  The intended audience is someone designing an IPv6
>>> network who is knowledgeable about best current practices around IPv4
>>> network design, and wishes to learn the corresponding practices for
>>> IPv6.
>>> 
>>> 
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-v6ops-design-choices/
>>> 
>>> There's also a htmlized version available at:
>>> http://tools.ietf.org/html/draft-ietf-v6ops-design-choices-04
>>> 
>>> A diff from the previous version is available at:
>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-v6ops-design-choices-04
>>> 
>>> 
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>> 
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>> 
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
>>> 
>> 
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email