IETF Logo Mail Archive

[v6ops] Re: Dynamic addresses

Ted Lemon <mellon@fugue.com> Sat, 10 August 2024 14:24 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8ACC14F682 for <v6ops@ietfa.amsl.com>; Sat, 10 Aug 2024 07:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6rNVKGw-YWLI for <v6ops@ietfa.amsl.com>; Sat, 10 Aug 2024 07:24:06 -0700 (PDT)
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6E65C14F70A for <v6ops@ietf.org>; Sat, 10 Aug 2024 07:24:06 -0700 (PDT)
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-260dde65a68so1884377fac.2 for <v6ops@ietf.org>; Sat, 10 Aug 2024 07:24:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1723299846; x=1723904646; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0ChPChY0QoVeEVULSgeOXlqtKvg7i9w/Bj0IzVmbojc=; b=Ar/TJG175bLfcOPdrzJmyIyH3w85v1qhnN0BS0RlOCBgTKICHnn2h8gTRCkBEefWrI qfMocBb+LoEz4hxWYHoedfkTkVKbg6Iu0KnQFj75MicsYa8HbSPpJvs1BmLLStEb6gef 6NfeYyiSnmV1y/fh71pXg7OtFRceoM6ujeSjYYPZpItyq85B3MehVZH1b92b8zFDOEHZ jtq2uq+hrobFdLdKcjs9iXKx096+mbQS8/4IhrJ2kFJzC1eG96Vdqcj+kvhybhgpA/82 5psmRgldBugWX4fj0Ln1NcQVFAdTL16KdnkGSupHGvGDf8LW+9cz4HD1mYxQf4AYlVXg ThjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723299846; x=1723904646; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0ChPChY0QoVeEVULSgeOXlqtKvg7i9w/Bj0IzVmbojc=; b=ofdJcUUvkEpWCIWQaj1GuDkTYdPyrZJYt93c4wcVE+pjPj+5EUqotPdNya+zbBOouk jx1NVbqBQrifcq/Q8FBpz8lvQHywuBhpPXzPH6L+yqH2Ieyh8t+52+XIX8EfKD1nblBq 0Q6hfdTJ9mWN0zPhEpaE5OeKBa5S/QwAVyAZEdM9Q1Hb00X3FA2RooLxSGICavxgKRxG dirqpvpiopauxFAq6oYdATd44fOe5IVrpXce++7Y7JjIYPdjHz3sFWS1iLPNa2jWqwui a+8o/Z7GZ3Bt6ndXsZ1NRlSDrGas02UfHx0ilpMGSl8HZKWkAQMXtdmXSptaPcYpOhaK 2RNg==
X-Forwarded-Encrypted: i=1; AJvYcCWXSnihGBZEx1HYQypmp4n6M8dU1IN21qji+BfMEiZRxDO/Rd/QWdD4gsC3/nnCc1MUbVlO3oubMv8blDXDyw==
X-Gm-Message-State: AOJu0YzH5Jg64QlAS3HfQKrr2zRdu/Q0Dqsv6wiy9Jut6IbVBMLs37CS jTDQyTvI2FSvvLKTl2D5gzk9bSv7mloG/2/czxdeF4FNwtGU5/tGGSiC3WvibuVyzqqOf+le84r FduZTHdBxE9ii2bxw5CRryCuC5tHlMi2RLek2lqIgqIrM0fHidsE=
X-Google-Smtp-Source: AGHT+IF7r3hLOD4pMwWg6QRQ823ca+GrJdLyoNatzvtmRnfROZzOZTWfu/oBeTRN8FrKYghMtSvh15yB1ST/dkvNCxI=
X-Received: by 2002:a05:6871:3320:b0:25b:3e23:e5ef with SMTP id 586e51a60fabf-26c62c1c3a4mr5529553fac.3.1723299845569; Sat, 10 Aug 2024 07:24:05 -0700 (PDT)
MIME-Version: 1.0
References: <df01e0f8-1b0d-4792-be2c-89a59da7de49.ref@swbell.net> <df01e0f8-1b0d-4792-be2c-89a59da7de49@swbell.net> <CAJgLMKte1H3FaoQOhc7_No=SNdczQFo2_mp2c1FvTOqLCRFm2g@mail.gmail.com> <6e70bed7-6f84-4a4a-90f8-fec1d10a599b@swbell.net> <CAJgLMKsXHcxzu8Kbrg1pu9SDkGDH0b1bWzW__CrfpDaSv3Joog@mail.gmail.com> <CACyFTPFakaDLdTJVc6d1HiR_oaedNOV76MRQxJp=+z95uQFVZQ@mail.gmail.com> <CAPt1N1=rQp5U4_X=2WvCV358S9Qm+E+_+gs_mgUJHP_68dYLmg@mail.gmail.com> <d16406c6-e5d9-4aa4-a16e-7513d04d6b07@gmail.com> <CACyFTPEdh_SL3BJ6WcD18tpYzH=Q6gxYnXanTsHZxF4xQm7LuA@mail.gmail.com> <19b076c0-ff57-471a-8f66-6ad47d7169f4@gmail.com> <f469fd02-f67e-4aa3-80e1-e055e63fadd2@swbell.net> <CACyFTPGNUvKkF+hxg1xJPSRNWo4aZN+jtwO3GeMLmQ1pTY8x3g@mail.gmail.com>
In-Reply-To: <CACyFTPGNUvKkF+hxg1xJPSRNWo4aZN+jtwO3GeMLmQ1pTY8x3g@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sat, 10 Aug 2024 10:23:54 -0400
Message-ID: <CAPt1N1kLTuKjtvsJ5qGd_kjnc8K2HDc7OemMqtaSavGH6kAqJA@mail.gmail.com>
To: Daryll Swer <contact@daryllswer.com>
Content-Type: multipart/alternative; boundary="000000000000231896061f5503fa"
Message-ID-Hash: Y4KVMCIMCWGICDAZQNOZ4LFOGVIZK4RL
X-Message-ID-Hash: Y4KVMCIMCWGICDAZQNOZ4LFOGVIZK4RL
X-MailFrom: mellon@fugue.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The Multach's <jmultach@swbell.net>, v6ops@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Dynamic addresses
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/h9AMLqz2kqAKJ5y8txIDD_XK_r0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

At least in Germany the address shifting was a regulatory thing—the isp I
was working with on it didn’t want to do it—it was expensive and
inconvenient.

It sounds like the isps who you know of who are doing this are not
following the rfcs. That makes it cheaper, and makes it break IPv6 for the
end user.

Op za 10 aug 2024 om 10:10 schreef Daryll Swer <contact@daryllswer.com>

> > Then again, there is a claim that on those you may not get a prefix at
> all (just a single IP6 address), and if you do, often its a /64 with no PD.
>
> IIRC, US Telcos even have separate billing for mobile
> tethering/hotspot, right? And IPv6 doesn't always work over that ways?
>
> Over here, it appears the tethering interface just bridges with the PDP
> interface, and the “clients” that connects gets a /128 GUA, shared with a
> single /64 with the SIM.
>
> > For security reasons, one of them has a rule to change the assigned IPv6
> address space at least once every 4 hours.
>
> You mean conspiracy theories about big bro and “privacy”… It's not
> “security”.
>
> iPhones have built-in security, Ted Lemon can probably elaborate on that.
> Android, too, has built-in security, the Google folks here can probably
> elaborate on that.
>
> Nope, I am completely against conspiracy theories about “dynamic IP stops
> big bro from spying on you”. If big bro wants to “spy” on you, no amount of
> “dynamic IPs” is stopping that.
>
> *--*
> Best Regards
> Daryll Swer
> Website: daryllswer.com
> <https://mailtrack.io/l/ba62818f368e4ab91c6676b1a01e6088ea674e45?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=b8dfc4abc306b3d8>
>
>
> On Sat, 10 Aug 2024 at 19:29, The Multach's <jmultach@swbell.net> wrote:
>
>> That triggered a memory about addressing on US cellular carriers, at
>> least one of which does this.
>>
>> Then again, there is a claim that on those you may not get a prefix at
>> all (just a single IP6 address), and if you do, often its a /64 with no PD.
>>
>> For security reasons, one of them has a rule to change the assigned IPv6
>> address space at least once every 4 hours.
>>
>>
>> On 8/9/2024 9:33 PM, Brian E Carpenter wrote:
>>
>> On 10-Aug-24 11:34, Daryll Swer wrote:
>>
>>  > But I don't understand the statement "breaks SLAAC on the LAN". A
>> change of prefix renumbers the LAN, but that doesn't break SLAAC, it just
>> causes SLAAC to renumber everything. It will only break active sessions.
>>
>> It will break, on the host side, because they won't know to use the new
>> prefix, until the pref/valid values expire.
>>
>>
>> https://www.6connect.com/blog/is-your-isp-constantly-changing-the-delegated-ipv6-prefix-on-your-cpe-router/
>>
>>
>> Thanks, yes, I knew that of course but the description of that as
>> breaking SLAAC confused me. (When my ISP was changing prefixes after a CE
>> power cut and reboot, the issue was masked by other effects of the power
>> cut.)
>>
>> There's no reason to be promoting dynamic v6 prefixes, in addition to the
>> SLAAC context, this makes it painful, for end-users to host anything at
>> home, even basic SSH.
>>
>>
>> I completely agree.
>>
>>    Brian
>>
>>
>> *--*
>> Best Regards
>> Daryll Swer
>> Website: daryllswer.com
>> <https://mailtrack.io/l/8b190af15371d42cba28cde7db9581f1c207dde9?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=0564b87de4f69994>
>> <https://mailtrack.io/l/8b190af15371d42cba28cde7db9581f1c207dde9?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=0564b87de4f69994>
>>
>>
>> On Sat, 10 Aug 2024 at 04:56, Brian E Carpenter <
>> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>
>> <brian.e.carpenter@gmail.com>> wrote:
>>
>>     [Public service announcement: as of now, I'm spam-filtering messages
>> with 'Digest' subject headers.]
>>
>>     My ISP used to change my prefix whenever there was a power cut and
>> the modem restarted. Now, it appears to be stable.
>>
>>     But I don't understand the statement "breaks SLAAC on the LAN". A
>> change of prefix renumbers the LAN, but that doesn't break SLAAC, it just
>> causes SLAAC to renumber everything. It will only break active sessions.
>>
>>     Regards
>>          Brian
>>
>>     On 10-Aug-24 10:13, Ted Lemon wrote:
>>      > In order to do this, they would have to not renew a previously
>> assigned prefix. I think some German telecoms used to do this as a privacy
>> message, but it was operationally very difficult because it doubled demand
>> for prefixes.
>>      >
>>      > Where are you seeing this irl, and how does it happen?
>>      >
>>      > Op vr 9 aug 2024 om 15:08 schreef Daryll Swer <
>> contact=40daryllswer.com@dmarc.ietf.org
>> <mailto:40daryllswer.com@dmarc.ietf.org>
>> <40daryllswer.com@dmarc.ietf.org> <mailto:40daryllswer.com@dmarc.ietf.org
>> <40daryllswer.com@dmarc.ietf.org>
>> <mailto:40daryllswer.com@dmarc.ietf.org>
>> <40daryllswer.com@dmarc.ietf.org>>>
>>      >
>>      >     Tim, is there something we can do to encourage not only "more
>> than a /64", but also encourage "static ia_pd to ensure the customer will
>> not experience broken IPv6 connectivity due to ever changing prefixes".
>>      >
>>      >     Too many ISPs out there do dynamic IPs and breaks SLAAC on the
>> LAN.
>>      >
>>      >     I feel this draft could be a powerful tool, in the hands of
>> the end user to get these ISPs doing the right way of IPv6 more often.
>>      >
>>      >     --
>>      >     Sent from my iPhone
>>      >
>>      >
>>      >     On Fri, 9 Aug 2024 at 7:37 PM, Timothy Winters <tim@qacafe.com
>> <mailto:tim@qacafe.com> <tim@qacafe.com> <mailto:tim@qacafe.com
>> <tim@qacafe.com> <mailto:tim@qacafe.com> <tim@qacafe.com>>> wrote:
>>      >
>>      >         Yes.  I've seen several instances of /64 being used for
>> container networks on CPEs.
>>      >
>>      >         ~Tim
>>      >
>>      >         On Fri, Aug 9, 2024 at 9:38 AM The Multach's <
>> jmultach@swbell.net <mailto:jmultach@swbell.net> <jmultach@swbell.net> <
>> mailto:jmultach@swbell.net <jmultach@swbell.net>
>> <mailto:jmultach@swbell.net> <jmultach@swbell.net>>> wrote:
>>      >
>>      >             So are these considered a LAN link prefix assignment
>> under 7084 L2:
>>      >
>>      >             - Assignment of a /64 prefix for internal IPv6
>> communication between a
>>      >             primary SoC and a secondary chip (e.g., a Wi-Fi chip
>> which uses IPv6).
>>      >
>>      >             - Assignment of a /64 prefix for usage by an internal
>> container or VM.
>>      >
>>      >
>>      >             On 8/9/2024 7:56 AM, Timothy Winters wrote:
>>      >              >
>>      >              >
>>      >              > On Thu, Aug 8, 2024 at 10:58 PM The Multach's <
>> jmultach@swbell.net <mailto:jmultach@swbell.net> <jmultach@swbell.net> <
>> mailto:jmultach@swbell.net <jmultach@swbell.net>
>> <mailto:jmultach@swbell.net> <jmultach@swbell.net>>> wrote:
>>      >              >
>>      >              >     The following, while being user focused, fails
>> to take into
>>      >              >     account that
>>      >              >     some of those prefixes may be used internally
>> (or reserved for
>>      >              >     internal
>>      >              >     use) by the CPE or for ISP purposes and not
>> assignable:
>>      >              >
>>      >              >     "SHOULD" (or an elongated exception for the
>> above) would be more
>>      >              >     appropriate.
>>      >              >
>>      >              >     LPD-4: After LAN link prefix assignment the
>> IPv6 CE Router MUST
>>      >              >     make the
>>      >              >     remaining IPv6 prefixes available to other
>> routers via Prefix
>>      >              >     Delegation.
>>      >              >
>>      >              > I think this covers that case.   After local
>> assignment, unused
>>      >              > prefixes MUST be made available.
>>      >              > LPD-2:  The IPv6 CE Router MUST assign a prefix
>> from the delegated
>>      >              >            prefix as specified by L-2 [RFC7084].
>>      >              >
>>      >              > 7084
>>      >              >    L-2:   The IPv6 CE router MUST assign a separate
>> /64 from its
>>      >              >           delegated prefix(es) (and ULA prefix if
>> configured to provide
>>      >              >           ULA addressing) for each of its LAN
>> interfaces.
>>      >              >
>>      >              >
>>      >              >     _______________________________________________
>>      >              >     v6ops mailing list -- v6ops@ietf.org
>> <mailto:v6ops@ietf.org> <v6ops@ietf.org> <mailto:v6ops@ietf.org
>> <v6ops@ietf.org> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>>      >              >     To unsubscribe send an email to
>> v6ops-leave@ietf.org <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>
>> <mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>>      >              >
>>      >
>>      >         _______________________________________________
>>      >         v6ops mailing list -- v6ops@ietf.org
>> <mailto:v6ops@ietf.org> <v6ops@ietf.org> <mailto:v6ops@ietf.org
>> <v6ops@ietf.org> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>>      >         To unsubscribe send an email to v6ops-leave@ietf.org
>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org> <
>> mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>>      >
>>      >     45efe8dfc775213ded0fc41c7d84ccccb0d6aa20
>> _______________________________________________
>>      >     v6ops mailing list -- v6ops@ietf.org <mailto:v6ops@ietf.org>
>> <v6ops@ietf.org> <mailto:v6ops@ietf.org <v6ops@ietf.org>
>> <mailto:v6ops@ietf.org> <v6ops@ietf.org>>
>>      >     To unsubscribe send an email to v6ops-leave@ietf.org
>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org> <
>> mailto:v6ops-leave@ietf.org <v6ops-leave@ietf.org>
>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>>
>>      >
>>      >
>>      > _______________________________________________
>>      > v6ops mailing list -- v6ops@ietf.org <mailto:v6ops@ietf.org>
>> <v6ops@ietf.org>
>>      > To unsubscribe send an email to v6ops-leave@ietf.org
>> <mailto:v6ops-leave@ietf.org> <v6ops-leave@ietf.org>
>>
>>

v2.34.0 | Report a Bug | By Email | System Status