Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem

Nick Hilliard <nick@inex.ie> Tue, 29 October 2013 21:51 UTC

Return-Path: <nick@inex.ie>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 596CE11E829E for <v6ops@ietfa.amsl.com>; Tue, 29 Oct 2013 14:51:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLJHBbxgqISZ for <v6ops@ietfa.amsl.com>; Tue, 29 Oct 2013 14:51:03 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) by ietfa.amsl.com (Postfix) with ESMTP id 33BEB11E8264 for <v6ops@ietf.org>; Tue, 29 Oct 2013 14:51:02 -0700 (PDT)
X-Envelope-To: <v6ops@ietf.org>
Received: from cupcake.foobar.org ([IPv6:2001:4d68:2002:100::110]) (authenticated bits=0) by mail.netability.ie (8.14.7/8.14.5) with ESMTP id r9TLowQp025270 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <v6ops@ietf.org>; Tue, 29 Oct 2013 21:50:59 GMT (envelope-from nick@inex.ie)
X-Authentication-Warning: cheesecake.netability.ie: Host [IPv6:2001:4d68:2002:100::110] claimed to be cupcake.foobar.org
Message-ID: <52702DC2.1080507@inex.ie>
Date: Tue, 29 Oct 2013 21:50:58 +0000
From: Nick Hilliard <nick@inex.ie>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: v6ops@ietf.org
References: <CE8E8EC3.59F3A%victor@jvknet.com> <06601039-CAFD-49B0-918B-A8ACD51B978D@fugue.com> <alpine.OSX.2.00.1310281905440.11422@ayourtch-mac> <CAKD1Yr0qLd7syFizEUMa6DM2a2LY6Rv5GSFyoQAs4Pir6gcNkA@mail.gmail.com> <1383036443.56704.YahooMailNeo@web142501.mail.bf1.yahoo.com> <alpine.OSX.2.00.1310291443480.31066@ayourtch-mac> <1383074208.73179.YahooMailNeo@web142505.mail.bf1.yahoo.com> <alpine.OSX.2.00.1310292030450.31066@ayourtch-mac> <CAKD1Yr1myWu7BUmcP3sJqPXFtRyGhy=Qqd2yMsYBFQjPce3GUA@mail.gmail.com> <alpine.OSX.2.00.1310292040510.31066@ayourtch-mac>
In-Reply-To: <alpine.OSX.2.00.1310292040510.31066@ayourtch-mac>
X-Enigmail-Version: 1.6
X-Company-Info-1: Internet Neutral Exchange Association Limited. Registered in Ireland No. 253804
X-Company-Info-2: Registered Offices: 1-2, Marino Mart, Fairview, Dublin 3
X-Company-Info-3: Internet Neutral Exchange Association Limited is limited by guarantee
X-Company-Info-4: Offices: 4027 Kingswood Road, Citywest, Dublin 24.
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 21:51:04 -0000

On 29/10/2013 20:20, Andrew Yourtchenko wrote:
> debate - maybe worth just folding it back into a pure factual "It was
> decided that RA does routing, DHCPv6 does not, by the way RA does a slow
> redundancy, which people do not like, therefore they think DHCPv6 should do
> routing".

WFM, and I very much like your draft so far, btw.

Later on in the text, it says:

>    However, the "single source of truth" nature of DHCPv6 prevents the
>    successful operation in case of multiple servers on the segment
>    supplying different information. RAs in this case may still work.
> 
>    Some consider the inability to support this scenario crucial, and
>    some think it is not useful. This creates contention between the
>    proponents of those who want DHCPv6 deal with routing, and those who
>    think RA is the single possible candidate for that.
> 
>    The other aspect is that because RA ties in the routing and
>    addressing information, one can say "RA shares the fate with
>    routing". However, this distinction is merely because of the
>    decision to explicitly keep DHCPv6 away from routing - so can not be
>    considered a true property of the protocol.

The premise that many people in the IETF seem to be working on is that the
typical - or even a common - deployment case of ipv6 will involve multiple
routers per lan segment.  I say this because every time the issue of DHCP
providing a defgw comes up, one of the main arguments that's trotted out is
that it will break the multiple-routers-per-lan-segment scenario.  The
above 3 paragraphs also strongly hint at this as being the target deployment.

Well maybe dhcpv6 doesn't do that, but the operational reality is that
multiple gateways on the same lan is going to be the rare exception rather
than the rule. The reason why I think this is because:

1. enterprises have an obtuse obsession for L2.  They'd pave the world with
L2 and extend L2 from one end of the universe to the other if they could.
Just look at the horror of vxlan (who are they kidding?  themselves?) as a
perfect example of this insanity.  I don't know why this is but it's the
way that lots of enterprise rolls, ranging from SME to largish networks.
Outside truly large operations (i.e. 10s of thousands of users), I have
never got the impression that enterprises got L3 routing.

2. homenet: I don't understand the target audience for the entire homenet
multiple network movement. Putting this another way: who is going to debug
homenet multiple network stuff when it breaks, because as far as I can
tell, that belongs in the realm of level 2 engineering escalation (i.e.
$120/hr sort of thing).  It's a little far-fetched to expect gramps and
grandma to set up and maintain and debug multiple networking segments.  A
good chunk of the stuff going on in homenet is vastly more complicated than
pretty much any home network is ever going to need.  Architecturally
interesting, but srsly not realistic as a viable approach to home networking.

3. service providers - the single operational group on the internet that
actually understands L3 / network segmentation and why it's important -
will attempt avoid multiple gateways per network like the plague because it
makes their deployment scenarios more complicated and provides no extra
value.  For server / host farms, service providers like FHRP with tight
timers because it gives control of onward connectivity.

All of which doesn't leave very many more user-market segments.

Regarding RA for routing and DHCP for addressing, what people care about is
connectivity.  What I need as an operator is a protocol (preferably a
single protocol because that is simpler) which will enable my boxes to gain
the connectivity they need.  Whether you call this routing or providing a
default gateway, I don't much mind.

Look, there's too much ideology going on here.  The IETF is being dazzled
by the sight of multiple lan segments and multiple egress gateways without
realising that these are the minority configuration.  All this effort is
going into optimising ipv6 address / lan autoconfiguration for these
unusual scenarios without heeding the sober reality that most people,
service providers and enterprises are only ever going to want to have a
single defgw per lan segment, and that by far the most common deployment
scenario will be a single lan segment per organisation.

I'm aware that this viewpoint will be regarded as retrograde, and that a
bunch of people on this list will probably sit there, rolling their eyes
and thinking: "yeah, and 640k was enough for everyone".

Just bear in mind that added complexity is not necessarily a good thing.
The support costs are high and the return on effort is dubious at best.
IOW, the IETF is optimising a corner case.  This is not smart.

Nick