Re: [v6ops] Discussion of draft-ietf-v6ops-ula-usage-recommendations

Alexandru Petrescu <alexandru.petrescu@gmail.com> Tue, 21 July 2015 16:32 UTC

Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 335EA1B2FF7 for <v6ops@ietfa.amsl.com>; Tue, 21 Jul 2015 09:32:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.983
X-Spam-Level:
X-Spam-Status: No, score=-4.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xs2tl6F8LNFs for <v6ops@ietfa.amsl.com>; Tue, 21 Jul 2015 09:32:50 -0700 (PDT)
Received: from oxalide-out.extra.cea.fr (oxalide-out.extra.cea.fr [132.168.224.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3844A1B2FF3 for <v6ops@ietf.org>; Tue, 21 Jul 2015 09:32:50 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id t6LGWlOr014149; Tue, 21 Jul 2015 18:32:48 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 22B6720251D; Tue, 21 Jul 2015 18:36:22 +0200 (CEST)
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 14FE8201108; Tue, 21 Jul 2015 18:36:22 +0200 (CEST)
Received: from [127.0.0.1] ([132.166.84.35]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id t6LGWlki012068; Tue, 21 Jul 2015 18:32:47 +0200
To: Mark Andrews <marka@isc.org>
References: <6153A91F-7E9A-4579-BA06-72964568D343@cisco.com> <55AE54D3.7070502@gmail.com> <55AE5D01.5090309@gmail.com> <55AE71F7.8000107@gmail.com> <20150721162835.26A9F338B4ED@rock.dv.isc.org>
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
Message-ID: <55AE742E.9040301@gmail.com>
Date: Tue, 21 Jul 2015 18:32:46 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <20150721162835.26A9F338B4ED@rock.dv.isc.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/YD1kZX-h2Kqc5J48hnfWsRQHPVo>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Discussion of draft-ietf-v6ops-ula-usage-recommendations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 16:32:56 -0000


Le 21/07/2015 18:28, Mark Andrews a écrit :
>
> In message <55AE71F7.8000107@gmail.com>;, Alexandru Petrescu writes:
>>
>>
>> Le 21/07/2015 16:53, Brian E Carpenter a crit :
>>> On 22/07/2015 02:18, Alexandru Petrescu wrote:
>>>> 1. Brian suggested to recommend that globals should be there on
>>>> the machines having ULAs as well, if I understand correctly.
>>>>
>>>> But I think so only on some Hosts, mainly the Hosts of end users.
>>>
>>> All hosts that need external communication.
>>
>> I agree, all hosts that need external communication.
>>
>>
>>>> 2. the ULA RFC suggests a ULA prefix can be generated out of a MAC
>>>> address.  That sixxs implementation does it.  Except it takes it
>>>> too serious: it does not accept a MAC address which is not a real
>>>> MAC address - in that oui.txt.  And random MAC addresses (for
>>>> privacy) certainly are not in that oui.txt.
>>>>
>>>> I think this is an undesirable situation to be in: unable to
>>>> generate ULAs because the only tool out there (sixxs) can't refuses
>>>> a copy paste a MAC address from the widely used windows 7 laptops.
>>>
>>> That isn't a standards issue, but I agree that operationally, there
>>> needs to be a viable way for anyone to generate a random number. Wait
>>> a minute, that doesn't seem hard.
>>
>> It's easily done centrally, but in a distributed manner it's harder -
>> how am I sure the network I connect to has ULAs generated such that they
>> dont clash with mine?
>
> *YOU* generate you ULA properly.

You for single or plural?

Until now I was saying to my peers: I take 192.168.1.1 please take 
something else and I'll route to you.

Now I am saying: generate ULA properly, make it truly random.  But how?

>>>> I am not sure what the problem is, but it's very good to have a
>>>> very easy way to generate ULAs.
>>>>
>>>> 3. in an enterprise deployment there was a problem of ULAs deployed
>>>> in a intra-network and another ULA space in another intra-network,
>>>> of the same enterprise.  So we wanted to make sure two things: the
>>>> two ULA spaces are distinct, or otherwise make sure the gateway
>>>> router does not route between the two intranets' ULAs (but yes,
>>>> route between their respective GUAs).
>>>
>>> Why not? ULA to ULA routing on a private link might be desired (e.g.
>>> after two networks merge without renumbering). From a routing PoV
>>> there is nothing special about a ULA prefix; we just need to
>>> configure carefully where it is routed and where it is not routed.
>>
>> Yes, private routing should be ok, but only if these ULAs are unique.
>> If people on different networks use different generation methods then
>> it's dubious to be sure of the uniqueness.  Maybe I choose fd00:1::/64
>> being sure that no random generator will make it, and it happens my
>> neighbors does the same.  That leads to conflict on fd00:1::/64 and we
>> dont want routing enabled between the two.
>
> Generate.  Don't choose.  If you generate then you should be ok.

Ok.

But it's much easier to choose.

We want simple ULA addresses, simple to remember, simple to type, 
ideally based on a dictionary.

This is something everybody building even the simplest IPv6 network has 
to do: what simple ULA IPv6 addresses to put there to not break something.

Alex

>
>>> Anyway - I'd like to see the draft progress. Has it already had a
>>> WGLC?
>>
>> I agree, it already has advice in it worth progressing.
>>
>> Alex
>>
>>>
>>> Brian
>>>
>>>> I am not sure how to translate that into advice, because I am not
>>>> sure how it will unfold in the near future.
>>>>
>>>> Alex
>>>>
>>>> Le 21/07/2015 16:02, Fred Baker (fred) a crit :
>>>>> https://tools.ietf.org/html/draft-ietf-v6ops-ula-usage-recommendations
>>>>>
>>>>>
>>>>
>>>>>
>> "Considerations For Using Unique Local Addresses", Bing Liu, Sheng
>>>>> Jiang, 2015-05-03
>>>>>
>>>>> This draft came up from the floor this afternoon. I think we
>>>>> need some concentrated constructive conversation regarding it -
>>>>> we have had a lot of the other kind.
>>>>>
>>>>> What issues do we need to address to complete it. and what
>>>>> specific recommendations would that include?
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________ v6ops mailing
>>>>> list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>>
>>>>
>>>> _______________________________________________ v6ops mailing list
>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>
>>>
>>>
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>