IETF Logo Mail Archive

Re: [v6ops] Implementation Status of PREF64

Vasilenko Eduard <vasilenko.eduard@huawei.com> Sun, 03 October 2021 17:34 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 396273A0912 for <v6ops@ietfa.amsl.com>; Sun, 3 Oct 2021 10:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqMNMB9z56Qh for <v6ops@ietfa.amsl.com>; Sun, 3 Oct 2021 10:34:36 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CCEF3A0900 for <v6ops@ietf.org>; Sun, 3 Oct 2021 10:34:36 -0700 (PDT)
Received: from fraeml702-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HMrVR6PfHz67Mtl for <v6ops@ietf.org>; Mon, 4 Oct 2021 01:31:11 +0800 (CST)
Received: from mscpeml100001.china.huawei.com (7.188.26.227) by fraeml702-chm.china.huawei.com (10.206.15.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Sun, 3 Oct 2021 19:34:33 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100001.china.huawei.com (7.188.26.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Sun, 3 Oct 2021 20:34:32 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2308.008; Sun, 3 Oct 2021 20:34:32 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
CC: v6ops list <v6ops@ietf.org>
Thread-Topic: [v6ops] Implementation Status of PREF64
Thread-Index: AQHXsWiabe9xT98knEyNpn/SXFCzFauzkUkAgABK7ICAAEb8gIAACf0AgAH4SoCAAgvogIAAROwAgAA+dACAAPFksIAAN4ew///cF4CAADh0D///620AgAE/qoCAAEymgIAAQtEAgACFcMD//87gAAADB2KAAAEo1YAAAgTGgAAMC1mAABEnE4AAAOBpgAACvIEAAAREQQAAAJLtAAACLxgAAAE9/QAAAWIOAACB1Zrg
Date: Sun, 03 Oct 2021 17:34:32 +0000
Message-ID: <27566a47840244b880cc820d755ad709@huawei.com>
References: <DDA36020-90CC-471B-83AD-3D98950F1164@delong.com> <CAO42Z2wdoSdJDOB2Zo0=ZK0ecOARRsdg2nbHZGSDOhryPbLfDw@mail.gmail.com> <F2BD0A42-E9AD-45DD-999A-638E73BE1177@delong.com> <CAKD1Yr2K3Gd3JD=NJFOoH6GYgs-8ACxRQB9-sKJ7cbF4_hxsow@mail.gmail.com> <0B533C71-5DB0-410D-A5A3-7E8FD559F214@delong.com> <CAKD1Yr3NoYfNT7+OVJoCCdgdif6AHHw29tNCPttS=-NuRZKv3w@mail.gmail.com> <5FAD5290-3616-4194-B783-D473DB38A89A@delong.com> <m1mVGC6-0000HSC@stereo.hq.phicoh.net> <D6620D7C-8FE8-4294-8014-AB18A230C9C7@delong.com> <m1mVItl-0000GuC@stereo.hq.phicoh.net> <YVN6/cA6Ob3vLJQH@Space.Net> <m1mVK32-0000HpC@stereo.hq.phicoh.net> <CAO42Z2zQys6o41+m1iX1Mm88M7CaUdQa1C+uuYqxz2STfcwt_Q@mail.gmail.com> <d2887464-19d7-da09-d6f6-51ddc0e9ca45@foobar.org> <CAO42Z2w=BVoy-EmkM+x=8bVJc8WAcwRyLrdpsOAxu-as3ed6ZQ@mail.gmail.com> <CAN-Dau0v5dS9esEfQk9w0deG-QLpQ6EH9JJBY4JVcUfstFENkQ@mail.gmail.com> <1e9444b30d964a5cb17ff419eca6cc35@huawei.com> <CAKD1Yr0T-7t-UHbsJBMLpTjKhPAV5uUQkux6oby89TVUue7PyA@mail.gmail.com> <CO1PR11MB4881D400EA4681F1505040D2D8AA9@CO1PR11MB4881.namprd11.prod.outlook.com> <CAKD1Yr3TmqFxjKuZ57wS7VuPOf6rJvOwnvnQdFrRLQ=DkZ+CCw@mail.gmail.com> <CO1PR11MB4881F411A4D5BEA7A8479726D8AA9@CO1PR11MB4881.namprd11.prod.outlook.com> <D8AEA194-293B-43E4-BCAE-33CD81FB7D8C@delong.com> <CAKD1Yr2Tug-PFV7wAh0s6-gw8W3LcLG7wC1fD7Lu_hMZQYKdtw@mail.gmail.com> <08D2885E-B824-48E8-9703-DCA98771FA37@delong.com> <CAKD1Yr2EVsY3tYUf56R0Q1+KVrowtqh-HgwXj5vxzy4wd-vkTg@mail.gmail.com> <1A6ED87B-666E-439C-852F-2E5C904C0515@delong.com> <CAKD1Yr23fY2DJDvB-9eVFRsxnBnZQ0kZuZfYUfRUHYW=_D=enA@mail.gmail.com> <CAN-Dau1z0q0R61x7iY+Wg_cFRU0jmqr+fR0y=bSXxj+K-n722w@mail.gmail.com> <CAKD1Yr1T_mXfxJGHOrBfqZfexm6GTrUqnFi57710pTroKQK6uQ@mail.gmail.com> <CAN-Dau1ktv6Ek_MkrZnVWQHW4-8Be27N-vu+64AHSm7wanGu4g@mail.gmail.com>
In-Reply-To: <CAN-Dau1ktv6Ek_MkrZnVWQHW4-8Be27N-vu+64AHSm7wanGu4g@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.205.42]
Content-Type: multipart/alternative; boundary="_000_27566a47840244b880cc820d755ad709huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/cmk75JwR8GklPS4wmudxEZvvnyg>
Subject: Re: [v6ops] Implementation Status of PREF64
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Oct 2021 17:34:43 -0000

Many IP addresses could improve privacy, but “improve privacy” could be classified as harmful to internal Enterprise traffic.
It is a tiny advantage for traffic going to the Internet that could not overcome the complexity and cost of managing many virtual things (bigger logs, more difficult troubleshooting, additional requirements to CAM tables).
I suspect that it is not enough motivation to pay the price for Enterprises.
Is anything else exist that could justify many IP addresses in the Enterprise environment?
PS: we do not have many addresses for an apartment or a house.
Eduard
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of David Farmer
Sent: Friday, October 1, 2021 9:30 AM
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
Cc: v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] Implementation Status of PREF64



On Fri, Oct 1, 2021 at 12:50 AM Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org<mailto:40google.com@dmarc.ietf.org>> wrote:
On Fri, Oct 1, 2021 at 2:15 PM David Farmer <farmer=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>> wrote:
So, is there a compromise somewhere between 1 and 2^64 addresses to be had? Isn't it possible to request multiple addresses, that is to request multiple IA_NA options? Then if the server returns a number of addresses below a threshold, then refuse the addresses?

Well, let's find out. :-)

Let's see if we get enough consensus to work on an RFC that says that all general-purpose DHCPv6 clients are entitled to receive N addresses; that any network that does not provide that number of addresses is in violation of the RFC; and that any client disabling the IPv4 stack if it does not get at least N addresses is in full compliance with all IETF specifications including RFC 8415.

Personally I will be very surprised if you get consensus on any N even on this thread (let alone the WG or the IETF). The reason for that 1 is unacceptable to some folks, but any time you go beyond 1, then lots of infrastructure needs to be changed. And that's the rub here: IMO, when folks say they want DHCPv6, it's not because they want security or access control or tracking or whatever else. It's because they want to run their networks in the same way as they do in IPv4. That means an IPAM that maps one MAC to one IP and one DNS name, for example. If you're an enterprise, that's a legitimate desire: why pay costs that you don't think are necessary? The problem is that the enterprise does not pay the costs of NAT; device manufacturers, app developers, and users do. It would be good for users to stop having to pay those costs when we upgrade to IPv6. This is where we're stuck I think.

Another reason for not having a hard number is that TCAM is expensive and that any number that would provide enough flexibiilty in the long term (e.g., one IPv6 address per app on the device) would likely be too expensive today. That's obviously easily solved with DHCPv6 PD, but the problem with DHCPv6 PD is that it's not IA_NA, and requires infrastructure to be changed. Same problem as above.

Anyway, we can try this out as a thought experiment. I'll start: how about N=64?

Well, we run a quite sizable IPv6 network, I haven't looked at the numbers in a couple of years, but we were seeming an average of 4 and change IPv6 address per MAC address including LL, we had some outliers with a few hundred and even one with more than a thousand. Let's be generous, call it 5 IPv6 GUA addresses per host on average. I think almost 13 times average might be a bit much, but 2 to 5 times the average seems reasonable, so I'd probably start with a limit of 25 per host on our network. But, I need to go look at what the 90th, 95th, and 99th percentiles are at, I just don't remember.

So, for an RFC how about 10, I have a much bigger budget than a lot of networks.

Next bid, please.

Thanks
--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email