Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Alexandre Petrescu <alexandre.petrescu@gmail.com> Mon, 04 November 2019 08:30 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC2E6120999 for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2019 00:30:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tIVj_T6pYAHf for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2019 00:30:02 -0800 (PST)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894FB12006D for <v6ops@ietf.org>; Mon, 4 Nov 2019 00:30:02 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id xA48TrWN006781; Mon, 4 Nov 2019 09:29:53 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 27C64200B4F; Mon, 4 Nov 2019 09:29:53 +0100 (CET)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 198D22033F3; Mon, 4 Nov 2019 09:29:53 +0100 (CET)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id xA48TrAc020446; Mon, 4 Nov 2019 09:29:53 +0100
To: Owen DeLong <owen@delong.com>
Cc: v6ops@ietf.org
References: <85b1ef40-f107-0ece-3e71-377f4d22dd46@si6networks.com> <bb750ae0-940c-2477-fc6b-cea38af777e5@gmail.com> <9dfd5e47-c593-4145-b530-74fb0f4155ed@www.fastmail.com> <f2d0633e-6b99-7d64-d718-b4b24c73b494@gmail.com> <6ABAC3D7-30EA-4ECD-8B5F-A04309C208CE@delong.com> <55508c99-42b7-5c22-5c56-306a41b51bf3@gmail.com> <AC9B4576-1F1F-49CA-AE62-066C2CBDC2E4@delong.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <7778d7f2-0c5b-2d22-24a2-e319b6d26c4a@gmail.com>
Date: Mon, 4 Nov 2019 09:29:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <AC9B4576-1F1F-49CA-AE62-066C2CBDC2E4@delong.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ZnkaCme6KHDXOU7EBT9T6GKfk6k>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 08:30:10 -0000


Le 31/10/2019 à 15:16, Owen DeLong a écrit :
[...]
> 
> I’m not familiar with your particular router or its GUI, so I can’t 
> explain why it displays what it does.

I think I understand you.  These GUIs are not only difficult to explain
to others but also difficult to manipulate.

The best is to replace manual filling of prefixes in GUI fields with
automated prefix delegation.

Alex

> 
> It may simply be limited to 8 subnets that it can handle. It may be 
> something else.
> 
> I doubt that it has anything to do with your neighbor as your
> neighbor would get their own separate PD. They might have the
> opposing /61 (ce18..ce1f), but in that case they would still also
> have 8 subnets in that case.
>> 
>> Yet in the hextet notation, I get ce10, ce11 ... ce17 (see an 
>> annotated figure of GUI below).  They are 8 /64s.  I dont see ce18,
>>  neither ce19 in the GUI.  Might it be that my neighbor gets ce18
>> and ce19, but it would mean s/he cant get more than 2 /64s.  Might
>> it be that free hides ce18 and ce19 for something else inside my
>> home that they dont tell me what.  Might it be they expect me to
>> ask them for more addresses later.
>> 
>> Whether I get a /61 or a /60 at home is still a valid question for
>> me.
>> 
>>> 16 /64s is a /60. 256 /64s is a /56. You should be getting 65,536
>>> /64s (a /48) and if I were you, I would complain to any ISP that
>>> gave me less.I
>> 
>> I keep the /48 request in mind for my next interaction with their 
>> service, because I have many things to ask.
>> 
>> I suppose they will ask me, in return, if I already spent the 2^61
>>  addresses they already gave me.
>> 
> This is IPv4think. In the IPv6 world, the intent is to provide large
>  blocks to avoid future need to renumber and routing table
> pollution.
> 
> Owen
> 
>> Alex
>> 
>> 
>> 
>> PS:
>> 
>> For information, see below an annotated copy of the GUI listing the
>>  form of the 8 prefixes I see in GUI on CPE.
>> 
>> One may notice things to complain about: the use of ff:fe in the
>> LL, the way they call it 'Prefix Delegation' without using
>> DHCPv6-PD and the optional firewall IPv6 activation (off by default
>> - they dream :-)
>> 
>> You may understand why I say I have many things to ask them.
>> 
>> 
>> <mohkmddlfcdkakja.png>
>> 
>> 
>> 
>>> Owen
>>> 
>>>> On Oct 30, 2019, at 9:29 AM, Alexandre
>>>> Petrescu<alexandre.petrescu@gmail.com>  wrote:
>>>> 
>>>> 
>>>> 
>>>> Le 30/10/2019 à 15:27, Radu-Adrian Feurdean a écrit :
>>>>> On Thu, Oct 24, 2019, at 11:20, Alexandre Petrescu wrote:
>>>>>> In particular, the home networks scenario is very
>>>>>> appropriate. First, I must say that the home network that I
>>>>>> use uses a fixed /56 allocated by my ISP.  In this, the
>>>>>> prefix never changes, and it is not obtained by DHCPv6-PD -
>>>>>> it is guaranteed by contract signed by hand. Such a case
>>>>>> could be mentioned, as not being a problem described in
>>>>>> this draft.
>>>>> If you are talking about residential service (not
>>>>> business/enterprise-class), I would like to know who your
>>>>> service provider is.
>>>> (my correction: I am not at all good at bit fiddling, sorry.
>>>> What I get at home is a /60, I think, not a /56.  Because the
>>>> CPE GUI proposes me to split it into 8 /64s).
>>>> 
>>>> YEs, it is at home, probably you mean it is residential.  The
>>>> payment is a flat 35eur/month.  No special QoS commitments from
>>>> them, other than a 'noise level' of 55dbm due to the length of
>>>> the line.
>>>> 
>>>> The service provider is Free. ('Free' is its name; it was the
>>>> first callable at gratuitous phone numbers when all others
>>>> requested a payment in exchange; later they were the first to
>>>> offer flat rates when the others were per-connection time;
>>>> because of that it called itself so).
>>>> 
>>>>>> I must say that this kind of software (request a prefix
>>>>>> with DHCPv6-PD, form sub-prefixes, and put them in RAs on
>>>>>> the other interfaces) does not exist as open source or some
>>>>>> other available package.
>>>>> Dibbler-client does that by default. Once the delegated
>>>>> prefix (shorter than /64) is obtained, a /64 from that prefix
>>>>> is assigned to each interface. With proper radvd.conf
>>>>> configuration (prefix ::/64), RAs will be sent for those
>>>>> prefixes.
>>>> I did not know.  The difficulty I talked about is to maintain
>>>> what's in that radvd.conf in sync with what is dhcpd.conf.
>>>> Maybe some software packages already do it.
>>>> 
>>>> Also, because you talk about deriving /64s out of /56: I am not
>>>> sure there is a standard way to do it.  Maybe dibbler does it,
>>>> but I doubt it is the best way.
>>>> 
>>>>> A lot (?? most ??) of CPEs implementing DHCPv6-PD client do
>>>>> this in some form or another. Some do this automatically
>>>>> (take prefixes and assign them to interfaces), other need
>>>>> manual configuration (n-th prefix go to interface ZZZ).
>>>> It's good to know.
>>>> 
>>>> But again, I doubt these CPEs derive prefixes in the manner
>>>> that _I_ want it.
>>>> 
>>>> For example, I want the /60 to be derived into one /64 and a
>>>> single other set of /64s.  I dont want the /60 to be derived
>>>> into 8 /64s.
>>>> 
>>>> I do that to help aggregation and speed up the forwarding
>>>> process.
>>>> 
>>>> Other times I might want to derive that /60 differently.
>>>> 
>>>> I dont think there is a standard way to do it.
>>>> 
>>>>>> Because of that, I am surprised that you call it 'the most
>>>>>> common deployment scenario'.  Is this a scenario that is
>>>>>> _expected_ to be 'common'?
>>>>> "Expected enough" to warrant a device to be disqualified as
>>>>> "CPE that supports IPv6" if it doesn't work this way. In an
>>>>> ISP environment.
>>>> Well.
>>>> 
>>>> A CPE that supports IPv6 should run DHCPv6.  A CLient and a
>>>> Server? Both?  Just one?
>>>> 
>>>> How does CPE propagate the prefixes learned with its CLient to
>>>> its Server?
>>>> 
>>>>>> I would like to request addition of two other scenarios: -
>>>>>> an IoT scenario, in which an IoR Router connects several
>>>>>> sensors to the Internet.  For example, an IoT Router is
>>>>>> deployed in a box at a traffic lights.  The IoT device is
>>>>>> the Traffic Lights Controller connected on Ethernet to the
>>>>>> IoT Router.  The IoT Router is connected on 4G. - a
>>>>>> vehicular networks scenario: the On-Board Unit is deployed
>>>>>> in a car. This OBU has a 4G interface and an Ethernet
>>>>>> interface. There are several computers in the car that need
>>>>>> IPv6 addresses.
>>>>> Like : you have a mobile phone on a network doing
>>>>> IPv6+NAT64,
>>>> My CPE is not doing NAT64, I think.
>>>> 
>>>> I dont want NAT64.
>>>> 
>>>>> you pout it in tethering/mobile-hotspot mode, and connect
>>>>> several other devices (usually laptops) to that hotspot -
>>>>> they all get IPv6 addresses (in the same single /64 that the
>>>>> phone obtained via SLAAC or something else). It is clear that
>>>>> getting a /56 (even a /60 or /62 would do it) via DHCPv6-PD
>>>>> would be a nicer solution, but when your mobile device runs
>>>>> android....
>>>> Well.  Android is good in many places and for many goals.
>>>> 
>>>> I agree that tethering/mobile-hotspot mode is a good solution
>>>> in certain circumstances, like sharing one's smartphone
>>>> connection to tablets nearby.
>>>> 
>>>> However, tethering in IPv6 ('64share' RFC) has some drawbacks:
>>>> (1) it does not support more than the WiFi tethered to the
>>>> cellular (doesnt support an additional subnet like Ethernet)
>>>> and (2) the incoming interface must be cellular (cant be
>>>> another wifi).
>>>> 
>>>> In a car, one has a WiFi hotspot but also lots of Ethernets and
>>>> CANs. It's not possible to use 64share to accomodate all that.
>>>> 
>>>> Hence, there DHCPv6-PD is not just a nicer solution - it is a
>>>> requirement.
>>>> 
>>>> Other than cars, even at home, one may want a DHCPv6-PD Server
>>>> on the CPE for similar reasons.
>>>> 
>>>> If one wants to run tethering on a device at home that has no
>>>> cellular connection (e.g. a WiFi<->USB, or a USB<->Ethernet
>>>> device) to extend to other devices then one cant use tethering
>>>> ('64share'), must use DHCPv6-PD.
>>>> 
>>>> Alex
>>>> 
>>>> 
>>>> _______________________________________________ v6ops mailing
>>>> list v6ops@ietf.org 
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>