IETF Logo Mail Archive

Re: [v6ops] ULA precedence [Thoughts about wider operational input]

Mark Smith <markzzzsmith@gmail.com> Wed, 27 April 2022 21:51 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD184C159A30; Wed, 27 Apr 2022 14:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.401
X-Spam-Level:
X-Spam-Status: No, score=0.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.998, HK_RANDOM_FROM=0.998, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRILn-igNvLs; Wed, 27 Apr 2022 14:51:33 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83FF6C159524; Wed, 27 Apr 2022 14:51:33 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id h12so2684330plf.12; Wed, 27 Apr 2022 14:51:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=p1u2OGYPrFCXMaKQHF066YYqokkz5vzZwZ/mNcWPXA0=; b=lUH2yszsEVC0PehSFflBewVAa+AEV4REztE+9R1QVOfgo+gdgL+1UTIgiAGqCcKah9 OW6+4ZwPCjQaFOU7BPzkzP+fYu5lwK3RETiNIokOHQNTNBGWo++9qFH/pAr4jPFX3qoF wbk8T4dHIK89LlBlJGRe14GCEV++geMpxQ/ywmRAUKAIbYp22fI93Ob3irVxpAlkUvgw YaqCunFXgrTDjfLKFN0wbLh2vettylAbmGoOQAz6aC8GE0YPcVllps5zQYR3f+xFqWOe GaHf7/dE6h/P++jcmqBsBgoiG9uaSWemg+pNpbsuQyoZozZJjQTVUQupaNbE6B7+04pk nddA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=p1u2OGYPrFCXMaKQHF066YYqokkz5vzZwZ/mNcWPXA0=; b=fAyc+7O/CpkmkA4xppdAdCHThxYxcyMU8Nsg3EXDIw75H5E2rmcM9tDNfr+iQcUD5k KMizBuuyLRRsfrNQ7pFV3frnNh7wzjvhPwfI85dqW6xQFngsl1I6oD6Kkm8xWRlLac7p rp01Ik2KdwmR9XhSlM9zwakxnl5XxDb53w2dmKjhHnc4CqA1x400Dt7EFtXCwmnJqYPc AvM4NGgqJkwMPCw2ZLgZVHlcAV0Ta1c74Q4QZtpaokkop9vD6/Xdp6MepYCqPFrURy5J 7lgG1DxKQTIylb+nnvvQIIbiN897GaBgimBcD5FFJ0cq4EE3PWptG99RMhGQPLyv6+Kc 2ICA==
X-Gm-Message-State: AOAM530ScHseBaVU3Ldpl/Q9bfTFMBU99hRASsiFV1P36fWCAxENKoRQ HECTT2bckHpfLkDOeyu4qvv5JF1z5MlyJHfN7cuD4kwV
X-Google-Smtp-Source: ABdhPJzS3jJ7Y/3ufPXDETnlw0Kk7JqjLi9+E1Qds6yFQV5+u/x2bpN/nO0EaEnO4B6jbKWTnfQEH0oqG5T4t5Oo92U=
X-Received: by 2002:a17:902:f605:b0:14f:5d75:4fb0 with SMTP id n5-20020a170902f60500b0014f5d754fb0mr30613678plg.101.1651096292462; Wed, 27 Apr 2022 14:51:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <20220425100310.GF67548@fg-networking.de> <CAPt1N1=XedJ7tY9pKDS3LvDMak6iPsK9fA=oF7Z0KkmGcA6-_A@mail.gmail.com> <CAO42Z2ydhe3hVOqSaN814hYh3oF3yG_du+gRkg6yD5haCqDnLQ@mail.gmail.com> <CAPt1N1=YdnZ_N+47v4A_EM70TobSt1sw5tcmBfQJEP5Y1zCwMg@mail.gmail.com>
In-Reply-To: <CAPt1N1=YdnZ_N+47v4A_EM70TobSt1sw5tcmBfQJEP5Y1zCwMg@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 28 Apr 2022 07:51:05 +1000
Message-ID: <CAO42Z2xyx2MpCCYQoXA9izRM7Xk42+Z-1OnL2PuzgsGfw1SFiw@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: 6man list <ipv6@ietf.org>, Erik Auerswald <auerswald@fg-networking.de>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/foxfHetvlEsERY42YtGXOtaYxMw>
Subject: Re: [v6ops] ULA precedence [Thoughts about wider operational input]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2022 21:51:38 -0000

Hi Ted,

On Tue, 26 Apr 2022 at 11:02, Ted Lemon <mellon@fugue.com> wrote:
>
> I hate to contradict, but no it doesn’t. It means that such networks require explicit configuration.

I don't think they should, and requiring that makes ULAs far less
useful if GUAs are preferred over ULAs as either the DAs or the
matching SA for a selected ULA DA.

The main theme of DA selection in RFC3484 is to prefer the likely most
reliable DA by minimising external dependencies. Loopback is the best
DA because it has the minimum external dependencies - it is within the
host itself. GUAs are the least likely reliable of a set of DAs
because they are likely to have the most external dependencies, such
as links, routers, networks, network operators, and RIRs and ISPs
supplying the GUA space, for the majority of GUA DAs - Internet GUA
DAs.

RFC6724 doesn't follow that minimise external dependencies theme
because it is preferring GUAs with more external dependencies over
ULAs that have less external dependencies.

The main cause of the problems with site-locals was their lack of any
uniqueness and the complications of the work arounds to that, such as
site-IDs (see RFC3879). ULAs solved that by embedding a likely
globally unique 40 number in the local network address space.
(Link-locals have this lack of uniqueness problem too, which is why
there are zone IDs to fix it. Unique Link-Local Addressing anybody?)

So ULAs are likely more reliable than GUAs for all of the same reasons
Site-Locals were likely more reliable than GUAs - less external
dependencies. ULAs should be preferred over GUAs by default for DA and
then SA selection similar to how Site-Locals were preferred over GUAs
by default.

I assumed that was all the update to RFC6724 was going to be for ULAs
- replacing Site-Locals with ULAs with the same SA and DA preferences.

Regards,
Mark.





> If we don’t think that’s going to work, maybe we should do something about it. That said , Ole mentioned that this is intended to fix a broken network anyway, and it’s probably better to fix that in a different way (draft coming at some point).
>
> On Mon, Apr 25, 2022 at 18:43 Mark Smith <markzzzsmith@gmail.com> wrote:
>>
>>
>>
>> On Mon, 25 Apr 2022, 21:45 Ted Lemon, <mellon@fugue.com> wrote:
>>>
>>> On Apr 25, 2022, at 06:03, Erik Auerswald <auerswald@fg-networking.de> wrote:
>>>
>>> And all that would probably not preclude constructing a different
>>> scenario where choosing GUA over ULA as source address would break
>>> connectivity.
>>>
>>>
>>> The question is not what possible scenarios are there, but what scenarios do we want to address with default behavior versus what scenarios can we only address with managed behavior. So e.g. not using longest-match for ULAs with different global identifiers sounds like a good default behavior, but obviously will break in some scenarios; in these scenarios, clearly we need support for configuring source address selection (which we already know how to do). Preferring GUA source address over ULA makes sense by default, I think, even though it is not always going to be the right thing to do.
>>
>>
>>
>> Defeats a significant purpose of ULAs.
>>
>> RFC4193:
>>
>> 4.2.  Renumbering and Site Merging
>>
>>    The use of Local IPv6 addresses in a site results in making
>>    communication that uses these addresses independent of renumbering a
>>    site's provider-based global addresses.
>>
>>
>>>
>>> Thus I would rather suggest to consider if making tracking which
>>> gateways advertised which prefixes mandatory would be a better
>>> approach.
>>>
>>>
>>> That's nice, and again would probably produce better default behavior. But I suspect it doesn't solve as many problems as you're hoping it will. E.g. what happens if the link you're connected to is one hop away from the link to which both of your upstream providers are connected? Now you have one router advertising everything, so this doesn't help.
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email