IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

Ted Lemon <mellon@fugue.com> Thu, 24 March 2022 09:36 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E0453A0E5F for <v6ops@ietfa.amsl.com>; Thu, 24 Mar 2022 02:36:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jrgu9MAIsIC5 for <v6ops@ietfa.amsl.com>; Thu, 24 Mar 2022 02:36:37 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DEF13A133F for <v6ops@ietf.org>; Thu, 24 Mar 2022 02:36:37 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id 12so4293781oix.12 for <v6ops@ietf.org>; Thu, 24 Mar 2022 02:36:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3OjMtrU1pEsd2rotVrm9Hv2z5wXntNOuyccm55ZddXg=; b=wIC8fNePHlBs5I2MJgJf61+KiOYNdBJ7SVgekeeWIVYeR31eKXMgVA2DaRPjZjb7WE Kc0mpSK3Q9O2OPbdx8JBKWZA6hB9+4kw6H3QIqtCvQEhErDAm3RNV27P+Fy03+K5JREO LWJ0+7D7OiKBlq4SNP6s/tbA6ncIg828MOgDVkINewltL10g0cwKYzx7BHIvLAdyztGB Da1GSDaVm3zGcCQAU90f7Tvwkt6WdhcSXnodpAhJ1jDXujTP+PWKybJSenXY61Njl8pg RVp4DCdFWG6Ks5M5VvJCO8ptHmKpWpun2qxOcpsDpUzxU3dTBfnqtmS2vnLFVE81dnyF RzhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3OjMtrU1pEsd2rotVrm9Hv2z5wXntNOuyccm55ZddXg=; b=xZgbChJQKTK4+pKhCdRS4LaZ4qLSVoixcMQWql7QXC2cL6oo0l6HwJJ5w1ZkiPX8sX /N0aEA6WJg2yZy4/0EZHmZHkjIWhKSxj9PeYQPOBYGkMk2ILcC20wQqNIQtVBx9al3vG 6I4xgu89rdBmb1H3fK/hFRp9W/mMywEbsJW93SOySvTbR9YSwF4Crd/owVaBp9y816a0 WH0JxnlGr21ZAqmZXO2kzsGbzz7kSL6Cc+LYWrGLIl0TpMz7N1ARXIMxJQlslJ2f26xh 35IGZOQQSVG2x4DrrZxJnJIwMkXcPG9TNcG33giOTqUoSdyhxS+6leL9+qnmr/tlXeG0 7QCw==
X-Gm-Message-State: AOAM531SCIvIynbvRfuiIg8XEYNtEmqt3/ogZEC0TwcduUq8FFZ/t/yb /or41PKThpUVcCv10qd67oX+gq35Zp/bYT/iwvkyQA==
X-Google-Smtp-Source: ABdhPJx1S2SIa7i8new5Gv4pjbP1+XGx3n901ibBymu7xCrUVTsMw9TNkReBiSSMY+4oqEswFZR2FOB34QhobKcCCKQ=
X-Received: by 2002:aca:1919:0:b0:2ec:b56e:6932 with SMTP id l25-20020aca1919000000b002ecb56e6932mr2003006oii.209.1648114595876; Thu, 24 Mar 2022 02:36:35 -0700 (PDT)
MIME-Version: 1.0
References: <8f918356-89ce-e2a1-a807-7d382568db0a@gmail.com> <5A071DCB-DFDC-47F7-85B3-8C9E58B691DA@isc.org> <CAM5+tA8=+RUReajG_eFCt9wY6YfoUJ8dp4GtfcuwxptpTxA6qA@mail.gmail.com> <40E94A4F-8363-43D9-A606-F5FA019FB8A0@isc.org> <8220d7f2-3bab-3fde-b559-a07cd8135d01@gmail.com>
In-Reply-To: <8220d7f2-3bab-3fde-b559-a07cd8135d01@gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 24 Mar 2022 10:35:59 +0100
Message-ID: <CAPt1N1mVc9FKwW5tX0VEnX+v-Q07xnqKSY2V9Za_9-gJxD+0ZA@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Mark Andrews <marka@isc.org>, buraglio@es.net, v6ops@ietf.org
Content-Type: multipart/alternative; boundary="00000000000009638d05daf39593"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/hZ5-0tiKSV0010lmfafLieQMSWQ>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 09:36:43 -0000

In principle, what Android doesn't implement is IA_NA, not DHCP Information
Request. So in principle, this could be a solution for Android at some
point.

On Thu, Mar 24, 2022 at 3:02 AM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> On 24-Mar-22 13:22, Mark Andrews wrote:
> > RFC 6724, Default Address Selection for Internet Protocol Version 6
> (IPv6)
> >
> >     An implementation MAY automatically add additional site-specific rows
> >     to the default table based on its configured addresses, such as for
> >     Unique Local Addresses (ULAs) [RFC4193] and 6to4 [RFC3056] addresses,
> >     for instance (see Sections 10.6 and 10.7 for examples).  Any such
> >     rows automatically added by the implementation as a result of address
> >     acquisition MUST NOT override a row for the same prefix configured
> >     via other means.  That is, rows can be added but never updated
> >     automatically.  An implementation SHOULD provide a means (the
> >     Automatic Row Additions flag) for an administrator to disable
> >     automatic row additions.
> >
> > RFC 7078 Distributing Address Selection Policy Using DHCPv6 instead of
> > using puppet.
>
> i.e., not for Android...
>
>     Brian
>
> >
> >> On 24 Mar 2022, at 08:41, Nick Buraglio <buraglio@es.net> wrote:
> >>
> >> This is very interesting, and it definitely was something I was not
> aware of. I am guessing this is also fairly unknown to others as well.
> >> Is there any more documentation on the intention of this table as it
> pertains to multiple platforms and embedded systems? I’d love to read
> whatever is available, and I’ll do a bit more research myself
> to see what is out there.
> >>
> >> nb
> >>
> >> On Wed, Mar 23, 2022 at 15:48 Mark Andrews <marka@isc.org> wrote:
> >> The table is designed to be patched for local topology. You add in the
> local ULA prefixes before IPv4.  The default will allow connection to
> succeed provided hosts and links are up and configured as expected on the
> first attempt.   If you push ULA above IPv4 and you have a non reachable
> ULA you are need fast failover to the next address.
> >>
> >> The OP complaint about the table indicates lack of understanding of
> what is intended.
> >>
> >> Note there are defined mechanisms for distributing a more site specific
> table. The OS and administrators should avail themselves of them.  A node
> doesn’t necessarily have the requisite knowledge to do this for itself
> (multiple ULA prefixes reachable). It can add directly connected
> prefixes.
> >> --
> >> Mark Andrews
> >>
> >>> On 24 Mar 2022, at 07:07, Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> >>>
> >>> Eduard, you wrote:
> >>>
> >>>> I am puzzled why ::ffff:0:0/96 has been treated as IPv4? Strange
> interpretation.
> >>>
> >>> Not at all strange. By definition (see RFC4291, section 2.5.5.2) that
> is the entire
> >>> IPv4 address space, respresented as an IPv6 prefix.
> >>>
> >>> The problem is that RFC 6724 asserts that it sets IPv6 precedence
> above IPv4,
> >>> but in fact it sets ULA precedence below IPv4. That is a glaring error
> in
> >>> RFC 6724 - either text is wrong or the table is wrong. The behaviour
> that Nick
> >>> reports is conformance to the default table in RFC 6724, which is
> non-confromance
> >>> to the text.
> >>>
> >>> Regards
> >>>    Brian Carpenter
> >>>
> >>>> On 24-Mar-22 02:53, Nick Buraglio wrote:
> >>>> My testing and experience has shown this, yes, and I know others have
> >>>> had this experience as well.
> >>>> nb
> >>>>> On Wed, Mar 23, 2022 at 3:37 AM Vasilenko Eduard
> >>>>> <vasilenko.eduard@huawei.com> wrote:
> >>>>>
> >>>>> Nick has given a URL with a detailed explanation. It has:
> >>>>> "ULA per RFC 6724 is less preferred (the Precedence value is lower)
> than all IPv4 (represented by ::ffff:0:0/96 in the table)."
> >>>>> I am puzzled why ::ffff:0:0/96 has been treated as IPv4? Strange
> interpretation.
> >>>>> The same section 2.1 has: "
> >>>>> Another effect of the default policy table is to prefer
> >>>>>     communication using IPv6 addresses to communication using IPv4
> >>>>>     addresses, if matching source addresses are available.
> >>>>> "
> >>>>> Nothing is stated about IPv6 type, "any" is assumed (including ULA).
> >>>>>
> >>>>> Nick, are you sure that IPv4 prioritization over IPv6 ULS is really
> the case for real OSes?
> >>>>> If yes, IMHO: it is the bug in implementation (non-compliance to RFC
> 6724).
> >>>>>
> >>>>> /Ed
> >>>>> -----Original Message-----
> >>>>> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Brian E
> Carpenter
> >>>>> Sent: Tuesday, March 22, 2022 11:48 PM
> >>>>> To: buraglio@es.net; Ted Lemon <mellon@fugue.com>
> >>>>> Cc: v6ops@ietf.org
> >>>>> Subject: Re: [v6ops] Thoughts about wider operational input
> >>>>>
> >>>>> Nick,
> >>>>>
> >>>>> Where is the "prefer IPv4 over ULA" preference coded (whereas,
> presumably, "prefer IPv4 over GUA" is not coded)?
> >>>>>
> >>>>> Regards
> >>>>>      Brian Carpenter
> >>>>>
> >>>>> On 23-Mar-22 09:35, Nick Buraglio wrote:
> >>>>>> Yes, I know I have harped on this many times and have posted some
> >>>>>> simple examples of the behavior to the list. My experience has been,
> >>>>>> and continues to be, that if I have dual stacked hosts with A and
> AAAA
> >>>>>> records, and the IPv6 clients are using ULA that IPv6 is never used.
> >>>>>> In an IPv6-only environment ULA has no higher priority protocol to
> >>>>>> supersede the ULA. In the context of transitioning to an IPv6 world,
> >>>>>> it is fairly unrealistic to assume any kind of greenfield, and
> >>>>>> dual-stack
> >>>>> is by and large the standard "permanently temporary" solution for
> the vast majority of implementations. So in this context, which has been
> 99% of what I have seen until I began working on the IPv6-only
> implementation
> >>> mandated by the USG OMB-M-21-07 document, that was the de facto
> standard (and will continue to be for enterprise deployments, in my
> opinion).
> >>>>>> I would be happy to be incorrect about this, honestly it would make
> my
> >>>>>> work-life easier if I was. So, yes, I fully acknowledge that your
> use
> >>>>>> case is absolutely the right one for ULA. For doing a transition in
> an
> >>>>>> existing network (which circles back the the original topic of this
> >>>>>> thread: getting enterprises to use IPv6 in a meaningful way), this
> is
> >>>>>> a really
> >>>>> well put together descriptions of the every-day implications of
> trying
> >>> to use ULA:
> >>>>>>
> https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networ
> >>>>>> ks/
> >>>>>> <
> https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-netwo
> >>>>>> rks/>
> >>>>>>
> >>>>>> nb
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Tue, Mar 22, 2022 at 3:20 PM Ted Lemon <mellon@fugue.com
> <mailto:mellon@fugue.com>> wrote:
> >>>>>>
> >>>>>>      I'm sure you believe this assertion, Nick, but you haven't
> given
> >>>>>> us
> >>>>> any way of understanding why you believe this. In fact we're using
> ULAs in the Thread Border Router to enable IPv6 communication between
> different subnets, which literally could not be done with IPv4. So at least
> for
> >>> this use case, ULAs work well. Would it work better to have a GUA?
> Comme ci comme ça. On the one hand, prefix delegation and real routing
> would make the solution more general. On the other, GUAs are great for
> reaching out to the internet, which we may or may not want light bulbs to
> be able to do.
> >>>>>>
> >>>>>>      On Tue, Mar 22, 2022 at 9:13 PM Nick Buraglio <buraglio@es.net
> <mailto:buraglio@es.net>> wrote:
> >>>>>>
> >>>>>>          ULA is an operational non-starter in the presence of any
> dual stacked hosts.  Per its design, it just won't ever use IPv6 in any
> meaningful way and that time and effort are better served on adding GUA
> addressing of one kind or another.
> >>>>>>
> >>>>>>          nb
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>          On Tue, Mar 22, 2022 at 2:55 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> >>>>>>
> >>>>>>              Hi Gert,
> >>>>>>
> >>>>>>              I see that the discussion has been going on while I
> was sleeping, but I want to clarify below...
> >>>>>>              On 22-Mar-22 21:30, Gert Doering wrote:
> >>>>>>               > Hi,
> >>>>>>               >
> >>>>>>               > On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E
> Carpenter wrote:
> >>>>>>               >> I agree with Jordi that multihoming is a genuine
> impediment. What isn't generally realised is that it's a problem of scale
> when considering at least 10,000,000 enterprises, much more than it's a
> problem of IPv6 itself.
> >>>>>>               >
> >>>>>>               > What is "an enterprise"?
> >>>>>>               >
> >>>>>>               > My stance on this is that for "largely unmanaged
> SoHo
> >>> networks" - which
> >>>>>>               > could be called "small enterprise" -
> dual-enduser-ISP
> >>> with dual-/48 or
> >>>>>>               > NPT66 gets the job done in an easy and scalable way
> (HNCP would have
> >>>>>>               > been great, but IETF politics killed it).
> >>>>>>               >
> >>>>>>               > "Enterprise that truly need their own independent
> fully managed network
> >>>>>>               > with multiple ISP uplinks and fully routed
> independent address space"
> >>>>>>               > are probably way less than 10 million...
> >>>>>>
> >>>>>>              I came up with 10 million quite some years ago as a
> reasonable estimate
> >>>>>>              of the number of medium to large businesses in the
> world, all of which
> >>>>>>              might depend on *reliable* Internet access to survive
> (and WfH during
> >>>>>>              COVID has made this even more important recently). So
> all of them
> >>>>>>              should have two independent paths to the Internet to
> >>>>>> assure
> >>>>> reliability.
> >>>>>>              That means two different ISPs (or less good, two
> >>>>>> completely
> >>>>> independent
> >>>>>>              paths to the same ISP).
> >>>>>>
> >>>>>>              So, if PI addressing is the answer, that really does
> take us to
> >>>>>>              10M /48s to be routed.
> >>>>>>
> >>>>>>              If PA is the answer, that's why I worked on SHIM6 (may
> it rest in
> >>>>>>              peace). Which is why I worked on RFC 8028. If that's
> not
> >>> the
> >>>>>>              answer, we're back to NPTv6. Possibly even to
> ULA+NPTv6.
> >>>>>>
> >>>>>>               > Half of them do not want Internet access anyway,
> just
> >>> access to their
> >>>>>>               > ALGs that will do the filtering and TLS inspection
> and everything, and
> >>>>>>               > then out to the Internet as a new TCP session (=
> could
> >>>>> be done with
> >>>>>>               > DMZ islands of upstream-provider-allocated space
> just
> >>> fine).
> >>>>>>               >
> >>>>>>               >
> >>>>>>               > We need to work on our marketing regarding
> multihoming.  "What is it that
> >>>>>>               > you get, what is the cost, which of the variants do
> you want, and why...?"
> >>>>>>
> >>>>>>              Yes.
> >>>>>>                   Brian
> >>>>>>
> >>>>>>              _______________________________________________
> >>>>>>              v6ops mailing list
> >>>>>>              v6ops@ietf.org <mailto:v6ops@ietf.org>
> >>>>>>              https://www.ietf.org/mailman/listinfo/v6ops
> >>>>>> <https://www.ietf.org/mailman/listinfo/v6ops>
> >>>>>>
> >>>>>>          _______________________________________________
> >>>>>>          v6ops mailing list
> >>>>>>          v6ops@ietf.org <mailto:v6ops@ietf.org>
> >>>>>>          https://www.ietf.org/mailman/listinfo/v6ops
> >>>>>> <https://www.ietf.org/mailman/listinfo/v6ops>
> >>>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> v6ops mailing list
> >>>>> v6ops@ietf.org
> >>>>> https://www.ietf.org/mailman/listinfo/v6ops
> >>>
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >> --
> >> ---
> >> Nick Buraglio
> >> Planning and Architecture
> >> Energy Sciences Network
> >> +1 (510) 995-6068
> >
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email