IETF Logo Mail Archive

Re: [v6ops] A good example of why we need to careful about ULAs

Mark Andrews <marka@isc.org> Thu, 30 May 2013 23:54 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28C7921F9920 for <v6ops@ietfa.amsl.com>; Thu, 30 May 2013 16:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[AWL=-2.600, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, MANGLED_BEST=2.3, MANGLED_WORKS=2.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ROnDhdS8qFL5 for <v6ops@ietfa.amsl.com>; Thu, 30 May 2013 16:54:57 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 7700621F9698 for <v6ops@ietf.org>; Thu, 30 May 2013 16:54:57 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 72AC4C9427; Thu, 30 May 2013 23:54:48 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1369958097; bh=I5rY8fVJyXRtE7LVmi/tJ+YWhM9QFto5X9oPKcyEw48=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=VIjo6VF3ovpGrq+ID6AB/WHFSAgwKYIlTxA6MO6YGnMaqQwKq8NsfXCwl505Lv7JS sgQHDSvdgYMMm8OQB9zdw0pNLPCDXr+G8J/FDxYy7fb+xrKggeBvN3BQ0RW4i4GPPA L7QuzblCZBcpIcbt/Z/7MMP6CvoWx7DC9MHvy28Q=
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS; Thu, 30 May 2013 23:54:48 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id AC177216C40; Thu, 30 May 2013 23:54:47 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id BD66034F6EDB; Fri, 31 May 2013 09:54:42 +1000 (EST)
To: Mark Smith <markzzzsmith@yahoo.com.au>
From: Mark Andrews <marka@isc.org>
References: <CAKD1Yr29kf1Me=6JR66Gq0dFYgQx2wq=pjW8WZyHByPA0POsMQ@mail.gmail.com> <1369901467.70362.YahooMailNeo@web142506.mail.bf1.yahoo.com> <CAKD1Yr1oBr54t2ze57KQ08BLhQKX8qS4vfr_D=LjWyidKt6evA@mail.gmail.com> <1369948995.76791.YahooMailNeo@web142505.mail.bf1.yahoo.com>
In-reply-to: Your message of "Thu, 30 May 2013 14:23:15 -0700." <1369948995.76791.YahooMailNeo@web142505.mail.bf1.yahoo.com>
Date: Fri, 31 May 2013 09:54:42 +1000
Message-Id: <20130530235442.BD66034F6EDB@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>, "draft-ietf-v6ops-ula-usage-recommendations@tools.ietf.org" <draft-ietf-v6ops-ula-usage-recommendations@tools.ietf.org>
Subject: Re: [v6ops] A good example of why we need to careful about ULAs
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 23:54:59 -0000

In message <1369948995.76791.YahooMailNeo@web142505.mail.bf1.yahoo.com>, Mark S
mith writes:
> 
> >Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>; "draft-ietf-v6ops-ula-usage-reco=
> mmendations@tools.ietf.org" <draft-ietf-v6ops-ula-usage-recommendations@too=
> ls.ietf.org> =
> 
> >Sent: Thursday, 30 May 2013 7:07 PM
> >Subject: Re: [v6ops] A good example of why we need to careful about ULAs
> > =
> 
> >
> >
> >On Thu, May 30, 2013 at 5:11 PM, Mark Smith <markzzzsmith@yahoo.com.au> wr=
> ote:
> >In the early news, not really a new problem.
> >>
> >
> >
> >The part where an RFC asserts says that we can generate globally unique ad=
> dresses with no global coordination is a new problem. Yes, in theory it wor=
> ks, but in practice it doesn't, because everyone ends up using fd00:: - bec=
> ause that's the way it worked in IPv4, and ULA is just RFC1918 all over aga=
> in, right?
> >
> 
> I don't agree with trying to create a registry for the non-centrally assign=
> ed ULAs (because I think those people probably think they now own that pref=
> ix), however here is quite a list to show that a lot of people from a varie=
> ty of organisations get that ULAs aren't set to fd00::/8

All locally assigned ULA are in fd00::/8.  I think you meant
fd00:0000:0000::/48.  Yes I deliberatly added the extra zeros make
it clearer.

The example that started this thread was not in fd00:0000:0000::/48.
They may not have configured their border routers to block traffic
to/from fc00::/7 and their router may not have appropriate source
address selection rules for the reply.  Both of those are correctable.

fd00:3303:0000::/48 may not *look* random but it may well be random.

> http://www.sixxs.net/tools/grh/ula/list/
> 
> 
> >
> >The key point here is that people are going to assume is that ULA is like =
> RFC1918 and we should carefully document all the ways in which it isn't.
> >
> 
> Agree with documenting it. Site-locals were "fd00::". The site-local deprec=
> ation RFC is pretty much the inverse of all the ways ULAs aren't site-local=
> s and RFC1918s.
> 
> >
> >So is this draft aiming for BCP status and therefore should only reflect b=
> est common practice?
> >
> >
> >I think documents coming out of v6ops should reflect scenarios where there=
>  is operational experience. I don't think v6ops is the place to say "here's=
>  what we could build". It's the place to say "here's what we've built; here=
> 's what works, and here's what doesn't".
> >
> >
> 
> >As an example: we've already discovered one of the use cases in this draft=
>  (the "use ULA as a pref64") is not a use case after all, because it causes=
>  devices to prefer IPv4 transition technologies like 464xlat over NAT64. We=
>  didn't know this because nobody had actually tried to *operate a network* =
> in such a use case. I happened to catch that one because I wrote and tested=
>  an implementation, but who knows if there are caveats in any of the others?
> >
> >
> >If as an operational group we publish guidance to operators that doesn't w=
> ork in the real world (like the pref64 case above), it will be embarrassing=
>  for us and wasteful of operators' time. We should strive to do better than=
>  that.
> >
> >
> 
> Ok. So then a follow up question is how to provide perhaps more tutorial or=
> iented information? RFCs, quite reasonably, provide enough information to j=
> ustify what is=A0proposed, and usually one use case, but not all of them. T=
> hat may not be enough information for more of a novice fully understand the=
>  problem that is being solved, the variety of opportunities to use it, and =
> the pros and cons of the use of what is proposed in those scenarios. I have=
> n't thought v6ops was just a place to document what has been done, but rath=
> er to document any topics related to operations, including advice and more =
> information on how things invented here and in other IPv6 working groups co=
> uld be used.
> 
> Regards,
> Mark.
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email