IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt

Jen Linkova <furry13@gmail.com> Fri, 16 December 2022 01:02 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97E47C13A05F; Thu, 15 Dec 2022 17:02:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.848
X-Spam-Level:
X-Spam-Status: No, score=-6.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g44lRRhJ4KDr; Thu, 15 Dec 2022 17:02:55 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F74CC13A05E; Thu, 15 Dec 2022 17:02:55 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id bp15so1091540lfb.13; Thu, 15 Dec 2022 17:02:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=J79tJqIlQA+Ts1s6eEFn1rnGlCTLGS1jFCXUo0PSw+Q=; b=cUL/yfltERQ6K2dtH5S9rq9zD2aXpTJKzFs+f3eZX/7XPG/eL7azWyts1QJgNwMhJu BJi64q3tmdd7thvkTohv+RHtdrPXP8TgxdEGyhalFUIQE+oUvxuxeZSIRmM7Z738rsVb KfqXcILCdIeJ/LmA43aSN/vpoW/ul+ae69YuMAgX2dgiosap30o4+vwWPk2FqVON9VRd UMnBd4V5Txtd2ETR7fP/lEkExRY08tszan2P5YsryefdtJMS3GLp8AcU/kfmUsuOmpVc q6MqRWIoBU7Doo5/GGMPIrUYRxFjaGsY56Z9XCS/9nt/7HwiUJz3yrY4wue/voSjXm7l wYnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J79tJqIlQA+Ts1s6eEFn1rnGlCTLGS1jFCXUo0PSw+Q=; b=QjRDLOvR5wtmAht6MqwbI8bkFpdw//WrqtyZUgyBnCAq8JdnmwXQQ6cKPd6PyZuz89 qhcFstoSJqLpMnamfMIPEM6IaQ5XSvA3CjofSxplKeFtNTIj+huOAnMVUQcfG/E/5lna CK/HxEbhnVKTW5EOxMQnEOk0a4yMb9zsv7PBe5GrY7u9+CEBSnAC4uzoWyQbTfvE5ZTb ax1CNhZk0hGBR0yHhOPhMd3WYoX57y6Yz7DvruJhdhc6yUZpAEg3puZ/jsRheIiEitzZ md42MTwlczkc8XWlFgcgwhKp287VCuoID7LanXVVEeq5sgfulKctAJ32J+jcwt12vk/9 up8Q==
X-Gm-Message-State: ANoB5pkYYtPtq5tYNxtIL8V7AyvWlEd61nDRJ5qgQBZICzVgxLUChQ/k Q7K0SU6/GVLnblxe9SSkvOlzVf9t5MvX+h+JVF8=
X-Google-Smtp-Source: AA0mqf653vIdAVpqaScQ5chE0996F++BCPN9oC2ICla/0mypBjCwwgCvLrZ5FQ7ntxkGZzSEBrua4D5KkZG45tLU/34=
X-Received: by 2002:ac2:52a4:0:b0:4b5:9845:1578 with SMTP id r4-20020ac252a4000000b004b598451578mr2701652lfm.301.1671152573254; Thu, 15 Dec 2022 17:02:53 -0800 (PST)
MIME-Version: 1.0
References: <167107554671.48477.568330207202509840@ietfa.amsl.com> <CAFU7BATp=gEB3S8AzhCYDMN3fzLQrYY9pzcWJ=LQnrjC9bRKEA@mail.gmail.com> <a2b83708c99344b2afb5e65c899b2f76@huawei.com>
In-Reply-To: <a2b83708c99344b2afb5e65c899b2f76@huawei.com>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 16 Dec 2022 12:02:41 +1100
Message-ID: <CAFU7BASgMkhP0r4YYhOK8_4aSGJ-AnjN8y14mZEuBaWP46=7Yw@mail.gmail.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: V6 Ops List <v6ops@ietf.org>, "draft-collink-v6ops-ent64pd@ietf.org" <draft-collink-v6ops-ent64pd@ietf.org>, "xiaom@google.com" <xiaom@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/fnl0ZIp9vf_-Yq0CJAEENnrfJr8>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2022 01:02:55 -0000

On Fri, Dec 16, 2022 at 1:23 AM Vasilenko Eduard
<vasilenko.eduard@huawei.com> wrote:
> I like this proposal for the SLAAC deprecation in the limited (Enterprise) domain. It would greatly help for IPv6 Enterprise adoption. DHCP's absence is the biggest issue for this market segment.
> The solution needs a name for a short reference. Something like "DHCP prefix per host".
>
> 1.      What is the point to keep SLAAC if DHCP infrastructure is mandatory? I do not understand what SLAAC is left in this solution. DAD, PIO - all looks gone. In fact, this proposal is the SLAAC deprecation (despite many claims that it is not). It is visible in section 8 when discussing "SLAAC" against "prefix per host" methods.

Eventually, if the administrator of the particular network can be 100%
sure that all devices support PD, the SLAAC prefix can be indeed
removed from the router configuration.
However I'd expect it would be a while till we get to that point.
In other networks using PD might not be desirable at all (the draft
has a section on applicability). I do not want it in my home network -
OK, I have 10 devices, it's OK to have 100 ND entries, not a big deal.
It's completely different in my VXLAN network, when I suddenly get 10
times more Type 2 routes.

So we are not going to deprecate SLAAC as a protocol. Some networks
would be still using it. Even more, the hist itself would be using
SLAAC to assign addresses from the delegated prefix.

> 2.      Choosing the IID is a fully "local matter" for this solution. The host could easily choose from /96. It is discussable how many bits are needed for good IID randomization (is 32 bits enough?).
> It is a good opportunity to move the prefix to something much longer. It is not a problem for DHCP.

I have a number of concerns:
- there are still devices out there which are not particularly happy
with processing routes with prefix length between 65 and 126 in
hardware.
- how long would it take before /96 would become /128? ;)
- that would require changing the address assignment logic for the
device - now it's just doing SLAAC using the delegated prefix (incl.
privacy address generation), which would complicate things and slow
the adoption, probably.


> 3.      The proposal would not resolve MHMP (on PA addresses): the host is still not capable of properly choosing which prefix to use. The root cause is that the next hop is chosen before the source address (by getaddrinfo()). It could be discussed separately.

The draft is solving the different problem: how to let the host to
have as many addresses as the host needs/wants w/o creating
scalability issues for the network.
Multihoming issue is still here.

> 4.      It was possible to improve a little routing (aggregation) by asking the DHCP server to delegate prefixes closest (by mask) to the router interface on the link. In the case of longer prefixes (/96) - it is possible to delegate from the single /64.

Yes, the server might need to map the relay link-address field in the
relay-forward message and the pool.

> it is probably needed to have two /64 for the router on the link to support the transition period of the new solution and the SLAAC at the same time.ot

I do not think it's needed.
I configure 2001:db8::/64 on the router interface and use it for SLAAC.
The DHCP server is instructed to allocate /64 subnets from
2001:db8::/46  (assigned, for example, for the guest wifi on that
site) with the first /64 being reserved.

> 5.      The current privacy RFC is broken by this solution but it is not a problem - it may be updated later.

I do not think it's "broken". The host still uses RFC8981 for
assigning addresses from /64.
If you mean that an eavesdropper may assume that the same /64 is
always the same host, Section 11 talks about that.

> Indeed, it could be v6ops RFC because it is "local matters" for hosts and routers.

A separate 6MAN document would be required indeed, but it would be the
next step.

> It does not break SLAAC. It just deprecates it.

It provides an alternative for the networks which need it.

> Some sort of SLAAC replacement by DHCP.

A hybrid, taking the best of both ;)

> Exactly what many Enterprise people were demanding for a long time.

Glad to hear that you find it useful, thanks!

-- 
SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email