IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Nick Buraglio <buraglio@es.net> Fri, 29 April 2022 14:58 UTC

Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E9ABC15EB4F for <v6ops@ietfa.amsl.com>; Fri, 29 Apr 2022 07:58:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJtEaduTz-C2 for <v6ops@ietfa.amsl.com>; Fri, 29 Apr 2022 07:58:01 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2A52C157B4C for <v6ops@ietf.org>; Fri, 29 Apr 2022 07:58:01 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id g16so5340327lja.3 for <v6ops@ietf.org>; Fri, 29 Apr 2022 07:58:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=L2A4f+hDwhR3GfP8DdBzrw3HhJ9cr9jI7LudFmV87C8=; b=VrA1IOU6ZwuuCBMP7T88ZjCszjfBiqba5lU08SakgOeev9Pzb3Fgy6iXAEv4FyyCxP xVfQLtMzNTtpyC74DNAzHSpWh0VAOsjyCiS6VAMHXwMEvQhQjxYezjBKeIKrsz1L01/p UHP9/zbVrB4JzgphLgghbzupicmiARhpcPUmXWMsydnfDvP/X53cymdWnFvZBX9Izgm0 QCoitt41DrImYMxJ4Qr5rno/4eHeZdZY24Y90+SQVjK8bln9MJP71rJ5Xi+knYPV9HYV 31QSkpxSv3qh61kcJjyO3XGkPCtVsvLC1QIQbig8Yn2GdhHc9wGa2wJ6QDjnrnSArfmX yGLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=L2A4f+hDwhR3GfP8DdBzrw3HhJ9cr9jI7LudFmV87C8=; b=46WHRsjxHYTtmzN4xfgXHOuddIquGByeUfMWCvYXIN4QyEELXZk/FrGnTXAKgV2XHF /5Ia2kRoPwC7O1pjYorhDxGhop5G1Oo0ErJPtecBK6in18l5m9K+FjwjllV9rm8zGEJB KU9fXd/3jrIezzyW4HMlwFpsQHdPcK/18w0K9XqhnMQ+0DpcGrpBXkvofhfeP8wzwtED Wr2jpyJ8thRbR8fEBypr76jI/iS6VHyL6KaRwmWrb5iY8wKWrh3+VCeqfc7NhoFs5x6A ROefMxfnXulUsI6U9R29EhWhnF/aGWCO/CCQQ79JzqNOKLqlcNzuQchexiwfA/yFNyzI mFug==
X-Gm-Message-State: AOAM530iDLaIPbzMpPTyZXJDLTJpegSoHuSHjNpEfm/V1ldXEeiwzaX+ 9jfjyr2YxJjs94VTDHpjUXTFpC2dWZAIEM2GpomTmVfhq8sBkTBtGu17A4jtRAhFk9DS6VcW0Wr zkBlfafe6Dgvn5mOKNKDtRydYFD3DUOg9GL5K2qavFYOBCqlART/Gp7zYGmnqiy4O32fAZEeIFR w=
X-Google-Smtp-Source: ABdhPJxW9RO25iwaxtQdjrywXApeacDjSATCcqoXeOX3xRp09BPbIvgWPiBcZqDwZi24ZnDY+c3XGUlFH8e6+xrjXH0=
X-Received: by 2002:a2e:9e87:0:b0:24f:549:4207 with SMTP id f7-20020a2e9e87000000b0024f05494207mr20821218ljk.57.1651244279515; Fri, 29 Apr 2022 07:57:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk> <CAFU7BAST-oNGpy4JvODDsf=8eS69hV8XCi8OgEHBkkoujRN3Rw@mail.gmail.com> <699f556a3eac41179a80d2cc8749a191@huawei.com> <CAO42Z2wiebCOPmtcEOJ3rOaZEpHE7qFZZTf5KLWybSsL6rOd9Q@mail.gmail.com> <CAM5+tA-PS6m3iD62MtueRKvYTMNyUHj4-4o__MZws8dvQkpAYA@mail.gmail.com> <CAO42Z2y0vj8mfzJudeJZ5nyvHnU7S0Cpu-mQrbTFr_mDwX4BAQ@mail.gmail.com> <bc10230e8856490e84aa45c645bc98d1@huawei.com>
In-Reply-To: <bc10230e8856490e84aa45c645bc98d1@huawei.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Fri, 29 Apr 2022 09:57:48 -0500
Message-ID: <CAM5+tA8ZyocGLkn2VWJ7wK2++V7sWk0UyyZEBm82QP1Y07TBLw@mail.gmail.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: 6man list <ipv6@ietf.org>, Mark Smith <markzzzsmith@gmail.com>, Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b850b205ddcc44d4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/dMu5_-fLsSH5l54ede6UREtlrFE>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2022 14:58:06 -0000

On Fri, Apr 29, 2022 at 03:01 Vasilenko Eduard <vasilenko.eduard@huawei.com>
wrote:

> Yes, GUA over ULA is the problem.
>
> But IPv4 over ULA is the much bigger problem!
>
> And when we would start to fix it we may come to the situation ULA to GUA
> that may be one-way connectivity.
>
> I mean: it is not so simple RFC 6724 fix.
>
> Looking to all these messaging (including a usual flame about NAT) – I am
> not sure that consensus is possible. Some prefer to keep ULA dead
> (prioritized below IPv4) just as one additional barrier on the way to NPT.
>
> Probably, ULA would be down till NPT would be accepted.
>

That is a false flag - NPT will happen, and is currently happening,
regardless. Meanwhile this lack of usable address space leads to:

1. Stifled adoption of IPv6 - a problem that is continually lamented here
and elsewhere in the IPv6 community. Regardless of the semantics of what’s
been discussed here, this is the ultimate outcome.
2. Squatting in space not meant for this (use of documentation space, other
unallocated GUA)
3. Continued deployment of technologies undesirable to certain members of
this community with no guide rails.

If the IETF is willing to say “we are ok with those three givens” then
fine. We can move on, but I’m guessing that the first one by itself - which
regardless of the belief that NPTv6/NAT66/etc. can be ignored and they'll
go away is idealistic at best and dangerous at worst, see #3 above.

Hence, I am doubt that it makes sense to develop a draft to fix ULA – it
> would undermine anti-NPT position. It would be blocked anyway.
>

That is short sighted. Part of technology is adaptation - being able to
evolve to both suit the landscape and to help shape it. One doesn’t happen
without the other, because the landscape will and is always changing
regardless of if we want it to and irrespective of "bad" or "good" or
"right" and "wrong".
I personally don’t see it as condoning, or even hastening anything - like I
said that is absolutely happening anyway as detailed by many others on this
list. Recognizing that something is happening is in no way sanctioning it,
but attempting to impege it by ignoring legitimate use cases is
functionally allowing it to expand unbounded.

We need something that fills this requirement.

nb



Ed/
>
> *From:* ipv6 [mailto:ipv6-bounces@ietf.org] *On Behalf Of *Mark Smith
> *Sent:* Friday, April 29, 2022 7:47 AM
> *To:* Nicholas Buraglio <buraglio@es.net>
> *Cc:* Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>; 6man list <
> ipv6@ietf.org>; v6ops list <v6ops@ietf.org>
> *Subject:* Re: [v6ops] Vicious circle [ULA precedence [Thoughts about
> wider operational input]]
>
>
>
>
>
> On Fri, 29 Apr 2022, 11:15 Nick Buraglio, <buraglio@es.net> wrote:
>
> Again, we're focusing on the wrong thing that is a tangent out of an
> example used to describe *why* we need the thing. We need something that is
> usable in a dual stacked environment that has similar attributes to ULA. If
> everyone here thinks ULA is fine (which I do not believe is the consensus),
> great. Let's say that.
>
>
>
>
>
> We decided that when RFC4193 was published, also after site-locals were
> deprecated in RFC3879, in 2004/2005. Many networking and telephony
> protocols have provided link and/or network local private address spaces
> that don't require getting address space from an central authority. In CLNS
> it is 49.
>
>
>
> ULAs were further endorsed in RFC6204, Basic Requirements for IPv6
> Customer Edge Routers. I've seen a number of CPE implement the ULA
> requirements in that RFC (including in recent firmware for Google's Nest
> Wifi CPE.)
>
>
>
> The only current issue is preference of GUAs over ULAs in RFC6724 default
> address selection. That seems to have been made without reading of RFC4193,
> because RFC4193 says:
>
>
>
> "4.2.  Renumbering and Site Merging
>
>
>    The use of Local IPv6 addresses in a site results in making
>    communication that uses these addresses independent of renumbering a
>    site's provider-based global addresses."
>
>
>
> which is implicitly saying that ULAs need to be preferred over GUAs for
> DAs and then SAs, when there is a choice between ULA and GUA DA, and then a
> subsequent choice between a ULA and GUA SA,
>
>
>
> and
>
>
>
> " At the present time, AAAA and PTR records for locally assigned local
>
>    IPv6 addresses are not recommended to be installed in the global DNS."
>
>
>
> which is implicitly saying that hosts should be provided with ULA AAAAs
> only when the ULA DA is likely reachable because the host is part of the
> same ULA address domain i.e. split DNS.
>
>
>
> RFC6724 seems to have assumed that ULA AAAAs are always in global DNS, so
> ULAs are going to be far more unreliable most of the time than GUAs, so
> GUAs should be preferred. ULA AAAAs appearing in global DNS is a fault, and
> RFC6724 looks to then have been optimised for a fault situation.
>
>
>
> Regards,
>
> Mark.
>
>
>
>
>
>
>
>
>
>
>
> If not, let's think about how to fix it - or at the very least update the
> draft to reflect its limitations. Ideological soapboxing about the merits
> or detriment of NAT isn't really gaining any ground either way. It is a
> tool in the toolbox. Some folks use it. Vilifying it is like hating an
> earthmover because it's not a Ferrari.
>
>
>
> nb
>
>
>
>
>
>
> ᐧ
>
>
>
> On Thu, Apr 28, 2022 at 6:03 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
> On Fri, 29 Apr 2022 at 07:37, Xipengxiao
> <xipengxiao=40huawei.com@dmarc.ietf.org> wrote:
> >
> > Hi Jen,
> >
> > Thank you for bringing this useful piece of information to light.  I
> hope more people see it:
> >
> > > PCR DSS 4.0 (published in March 2022) does not mandate NAT for IPv6.
> The text has been updated.
> >
> > That said, I very much agree with Kevin Meyer: "If you want more
> Enterprises participating in the IETF discussions and improving IPv6
> uptake, start thinking about meeting them where they are. And to be crystal
> clear - NAT is where they are and where they will be for quite a while".
> >
> > My point is, given PCI DSS 4.0 (what Jen wrote as PCR DSS 4.0), we
> should tell enterprises they no longer need NAT. But if some enterprises
> still insist, respect their decision.
>
> Ignore them. IPv6 doesn't solve any problem they have, and adding NAT
> to IPv6 still won't solve any problem they have, because IPv6 still
> won't solve a problem they have.
>
>
> Earth moving equipment manufacturer: "We think you should buy an earth
> moving front end loader from us. They're great!"
>
> An Enterprise: "We don't need an earth moving front end loader, we're
> an accountancy firm. It doesn't solve any problems we have."
>
> Earth moving equipment manufacturer: "What if we add a backhoe to it?"
>
> An Enterprise: "We're still an accountancy firm, we still won't need
> it. We don't need to move dirt or dig holes. It still doesn't solve
> any problem we have."
>
> Earth moving equipment manufacturer: "Oh, come on! You really should
> buy one! We love our front end loaders. Everybody needs one. What if
> we paint it green too?"
>
> An Enterprise: "Nope. Even though our corporate colours are green,
> we're still an accountancy firm and we still won't need it. We've got
> better things to spend $100K on."
>
>
> Even government mandates to get enterprises to adopt a networking
> protocol don't work - the Internet is supposed to be running CLNS by
> now as mandated by governments around the world. (I expect Vint Cerf
> was being nice while working on this rather than truly believing OSI
> would take over.)
>
> Explaining the Role of GOSIP
> https://www.rfc-editor.org/rfc/rfc1169.html
>
>
>  It's more important to get enterprises to use IPv6 ASAP, than to
> insist that they use the "right" IPv6 solution.
> >
>
> Why is it important to get enterprises to use IPv6 ASAP?
>
>
> Regards,
> Mark.
>
>
> > XiPeng
> >
> > -----Original Message-----
> > From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Jen Linkova
> > Sent: Thursday, April 28, 2022 12:53 PM
> > To: Simon <linux@thehobsons.co.uk>
> > Cc: 6man list <ipv6@ietf.org>; v6ops list <v6ops@ietf.org>
> > Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about
> wider operational input]]
> >
> > On Thu, Apr 28, 2022 at 11:15 AM Simon <linux@thehobsons.co.uk> wrote:
> > > The IPv6 community needs to engage with this other regulatory
> community to get them to bring their standard into the 21st century.
> > >
> > > As long as the PCI standard effectively mandates IPv4 & NAPT then it’s
> going to be an uphill struggle.
> >
> > See my email I sent yesterday. PCR DSS 4.0 (published in March 2022)
> does not mandate NAT for IPv6. The text has been updated.
> >
> > --
> > SY, Jen Linkova aka Furry
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
> ᐧ

v2.23.0 | Report a Bug | By Email