Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Wed, 06 January 2021 02:45 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3648A3A0418; Tue, 5 Jan 2021 18:45:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.16
X-Spam-Level:
X-Spam-Status: No, score=-2.16 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLkHb31cw-vY; Tue, 5 Jan 2021 18:45:03 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F27EA3A040B; Tue, 5 Jan 2021 18:45:02 -0800 (PST)
Received: from [10.0.0.129] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 438632837EF; Wed, 6 Jan 2021 02:44:57 +0000 (UTC)
To: Mark Smith <markzzzsmith@gmail.com>
Cc: 6MAN <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <CAO42Z2wR-3vbHi-NrBBMmCTNDq5fgqvSmBUbYK7P+63QTNfxkg@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <2e80ec51-ec66-16c7-7c9e-a6e8d632c5de@si6networks.com>
Date: Tue, 5 Jan 2021 23:44:49 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAO42Z2wR-3vbHi-NrBBMmCTNDq5fgqvSmBUbYK7P+63QTNfxkg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/aGUXkDtKuaLhntlSeR2cGNkir4M>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 02:45:07 -0000

Hi, Mark,

Thanks a lot for your comments! In-line....

On 5/1/21 23:00, Mark Smith wrote:
[...]
>     Prior to posting this document, we had some on-list discussion (on the
>     v6ops list) and also some off-list discussion with some of you (bcc'ed).
> 
>     The opinions have been in one of these camps:
> 
>     1) the current specs are coherent and there's no problem
> 
>     2) There's a problem with the definition of "global scope" -- so ULAs
>     *are* global scope, but global scope does not really stand for the
>     definition in RFC4007.
> 
> 
>     3) The definitions in RFC4007 are correct, and thus the scope of
>     ULAs is
>     not really global, but scopee(link-local) < scope(ULAs) < scope(global)
> 
> The thing that is really missing from "global scope" is what scope or 
> domain is being described? Forwarding scope? Uniqueness scope? Some 
> other scope (DNS visibility is probably another one). All of them?

FWIW, the definition of "scope" as per RFC4007 has to do with being able 
to being able to uniquely identify an interface. i.e., "uniqueness" from 
your list.

As such, forwarding scope should always be smaller than that (i.e., 
address: where the thing is, route: how to get there).



> ULAs are intended to be globally unique addresses, but not to be 
> globally (Internet) forwardable.

The math in RFC4193 for "uniqueness" considers *only a reduced number of 
uLA-based networks being inter-connected*. So, when computing global 
uniqueness, you should consider *all ULA prefixes in use*, not just 
those of networks you are interconnecting. And when you do that, you get 
a very high probability of collisions (~1).



> Their forwarding scope is limited to 
> non-global, either within a single local network, or between a set of 
> local networks that have agreed to forward their respective ULA /48 
> prefixes between each other, overriding the default of local networks 
> only forwarding scope. (Ethernet addresses are a similar example, 
> globally unique addresses, link only forwarding scope.)

Not really: Ethernet Addresses (when "U/L" bit set) are centrally 
assigned. When not set, they only have local significance, and are not 
globally unique.  The analogy is that ULAs are like local Ethernet 
addresses, whereas ULA-C would be similar to Universal/global Ethernet 
addresses.


> GUAs also are intended to be globally unique addresses, but are intended 
> to be globally (Internet) forwardable.

The birthday paradox tells you that with a 40-bit Global ID, you cannot 
really expect ULA prefixes to be globally-unique.



> There isn't really a ULA equivalent in IPv4,

ULAs are the equivalent of RFC1918, with the addition of:

1) More bits for the addresses (both the prefix, subnet id, and 
interface ID)

2) A requirement to generate ULA prefixes from a PRNG -- something that 
wouldn't have made sense for RFC1918, anyway, because you only have a 
limited number of bits for the addresses.



> although I think a lot of 
> the arguments in RFC1627, "Network 10 Considered Harmful (Some Practices 
> Shouldn't be Codified)" would have been arguments for one e.g, "The 
> lesson that we learned was that every IP address ought to be globally 
> unique, independent of its attachment to the Internet." 

How could you possibly achieve that without a central registry, and only 
40 bits (think birthday paradox)?


Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492