IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-link-v6ops-gulla-00.txt

Vasilenko Eduard <vasilenko.eduard@huawei.com> Thu, 09 November 2023 11:59 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27ECAC14CE2B for <v6ops@ietfa.amsl.com>; Thu, 9 Nov 2023 03:59:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_mhtEQdFudF for <v6ops@ietfa.amsl.com>; Thu, 9 Nov 2023 03:59:54 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29F16C14F721 for <v6ops@ietf.org>; Thu, 9 Nov 2023 03:59:54 -0800 (PST)
Received: from mscpeml100002.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4SR0l52vWYz6JB1l for <v6ops@ietf.org>; Thu, 9 Nov 2023 19:55:29 +0800 (CST)
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100002.china.huawei.com (7.188.26.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Thu, 9 Nov 2023 14:59:51 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2507.031; Thu, 9 Nov 2023 14:59:51 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Mark Smith <markzzzsmith@gmail.com>
CC: IPv6 Operations <v6ops@ietf.org>
Thread-Topic: [v6ops] I-D Action: draft-link-v6ops-gulla-00.txt
Thread-Index: AQHaEuhvMJZwrAT1vE+Ri/QFnOQSh7Bx4lTg
Date: Thu, 09 Nov 2023 11:59:51 +0000
Message-ID: <295d9313d9dc476aa3c6d76cac64b793@huawei.com>
References: <169932088231.2135.10982706979826815565@ietfa.amsl.com> <ade3234a-9298-4b75-726d-2f22c35edf2f@gmail.com> <9f5d9069164147eca68c7dc32cf157cf@huawei.com> <CAO42Z2zkxivjSJp79EyP5MijPRAcEg_=tJo_bPva0oD7w5BxAw@mail.gmail.com>
In-Reply-To: <CAO42Z2zkxivjSJp79EyP5MijPRAcEg_=tJo_bPva0oD7w5BxAw@mail.gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.81.198.94]
Content-Type: multipart/alternative; boundary="_000_295d9313d9dc476aa3c6d76cac64b793huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ZkuRBTfjSGCrjR5XPHVES_PwlFg>
Subject: Re: [v6ops] I-D Action: draft-link-v6ops-gulla-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 11:59:56 -0000

Hi Mark, Thanks. Good text to have it in this draft.
Actually, EUI-64 for routers is so good surface for attack that pushing vendors out of it – is a value by itself.
Eduard
From: Mark Smith [mailto:markzzzsmith@gmail.com]
Sent: Thursday, November 9, 2023 11:41 AM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] I-D Action: draft-link-v6ops-gulla-00.txt


On Thu, 9 Nov 2023, 17:54 Vasilenko Eduard, <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:
Hi all,
The idea has a few drawbacks that should be better documented:
1. Changing router LLA would effectively clear the ND cache on all hosts. It Is not a big problem because PIO->LLA should not change very often.
2. Should the router listen and respond to the old LLA? How long?
3. Vendors still using EUI-64 for LLA. They could not attach so many MAC addresses for EUI-64. It should be stated clearly that they SHOULD move out of EUI-64 for this feature to work.

EUI-64s for IPv6 addresses, including for LLAs, have been obsolete since RFC 8064, which is updating specifications to use RFC 7217.

RFC 7217 is intended to be used for LLAs generally, however specifically they're in RFC 7217 to decouple router LLAs from an interface MAC address, so that e.g. a router interface module could be replaced, with the new one having a different MAC address, and the router's LLA wouldn't change.

Previous to RFC 7217, people were manually setting static router interface LLAs to achieve this MAC address independence.



4. I am not happy that "some hash function or whatever" could be used for LLA generation. Why not RECOMMEND algorithm from RFC 8981 - it uses many more parameters for the hash function (they are needed).

I have a question about this optimistic statement:
>Link-local address LLA_A is not reachable anymore, as the host changes the network attachement point. Neighbor Unreachability Detection ([RFC4861]) detects it and removes LLA_A from the list of default routers.

As I understand, in the case of a router, hosts would not send traffic directly to the host.
Hence, blackholing would continue up to 900s till the respective number of RAs would be not received.
If this is the case, then a 450s average outage is not a good mechanism.
Eduard
>
> On 07-Nov-23 14:34, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote:
> > Internet-Draft draft-link-v6ops-gulla-00.txt is now available.
> >
> >     Title:   Using Subnet-Specific Link-Local Addresses to Improve SLAAC
> Robustness
> >     Author:  Jen Linkova
> >     Name:    draft-link-v6ops-gulla-00.txt
> >     Pages:   7
> >     Dates:   2023-11-06
> >
> > Abstract:
> >
> >     This document suggests that a link-local address used by a router as
> >     a source address for Router Advertisement packets is calculated as a
> >     function of prefixes listed in the Prefix Information Option of the
> >     Router Advertisement.  The proposed approach, combined with the Rule
> >     5.5 of the Default Source Address Selection algorithm (RFC6724)
> >     improves the robustness of the SLAAC by allowing the hosts to detect
> >     the IPv6 subnet changes much faster and select the correct source
> >     address.
> >
> > The IETF datatracker status page for this Internet-Draft is:
> > https://datatracker.ietf.org/doc/draft-link-v6ops-gulla/
> >
> > There is also an HTML version available at:
> > https://www.ietf.org/archive/id/draft-link-v6ops-gulla-00.html
> >
> > Internet-Drafts are also available by rsync at:
> > rsync.ietf.org::internet-drafts
> >
> >
> > _______________________________________________
> > I-D-Announce mailing list
> > I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
> > https://www.ietf.org/mailman/listinfo/i-d-announce
> >
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org<mailto:v6ops@ietf.org>
> https://www.ietf.org/mailman/listinfo/v6ops

_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops

v2.39.1 | Report a Bug | By Email | System Status