IETF Logo Mail Archive

Re: [v6ops] Stability and Resilience (was Re: A common...)

Tim Chown <Tim.Chown@jisc.ac.uk> Fri, 22 February 2019 17:30 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4649A12EB11 for <v6ops@ietfa.amsl.com>; Fri, 22 Feb 2019 09:30:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_SPF_TEMPERROR=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jisc.ac.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMN_VNXQRGaD for <v6ops@ietfa.amsl.com>; Fri, 22 Feb 2019 09:30:21 -0800 (PST)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [207.82.80.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A27B1130F27 for <v6ops@ietf.org>; Fri, 22 Feb 2019 09:30:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc.ac.uk; s=mimecast20170213; t=1550856618; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ANQxV2pb5yUq5vJN/tqRNZL3c1rJguZtqy4OhMNMWrk=; b=EZeJ254giw0maPLFM/WQLjJN62In5SkDhodRvkCUNFREO+SlhLtaHnZ+yILfkECmXtbps11kwAK0YWwu/gcfOU5ndMee0EFvutyZhZoGtOXu46M8j7R7kirJs1jc6LQxPd5Cixw4mMnRDdaNjf9W+IfxmVuexSsamgT94UjH3dA=
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04lp2054.outbound.protection.outlook.com [104.47.13.54]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-184-jia-mL8QPFuZkEaSLUZdIg-2; Fri, 22 Feb 2019 17:30:15 +0000
Received: from AM0PR07MB4177.eurprd07.prod.outlook.com (52.133.54.140) by AM0PR07MB3988.eurprd07.prod.outlook.com (52.134.80.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.11; Fri, 22 Feb 2019 17:30:11 +0000
Received: from AM0PR07MB4177.eurprd07.prod.outlook.com ([fe80::617a:4c8b:34ae:efcb]) by AM0PR07MB4177.eurprd07.prod.outlook.com ([fe80::617a:4c8b:34ae:efcb%4]) with mapi id 15.20.1665.008; Fri, 22 Feb 2019 17:30:11 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Owen DeLong <owen@delong.com>
CC: Lee Howard <lee@asgard.org>, IPv6 Ops WG <v6ops@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
Thread-Topic: [v6ops] Stability and Resilience (was Re: A common...)
Thread-Index: AQHUytDKOAr/QA2oqUmIfoA6xQEuxqXsEuSA
Date: Fri, 22 Feb 2019 17:30:11 +0000
Message-ID: <763ED571-AC76-419A-A0B6-43F9AC763F53@jisc.ac.uk>
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <0629af5e-5e1b-7e01-5bf4-b288a2d36809@asgard.org> <DD0A06B0-C704-451C-AA43-CAF420F24B4D@delong.com>
In-Reply-To: <DD0A06B0-C704-451C-AA43-CAF420F24B4D@delong.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.102.3)
x-originating-ip: [2001:a88:d510:1101:28c8:aca5:5953:beb6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7e71d4ea-fa7e-411d-5304-08d698eb662f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:AM0PR07MB3988;
x-ms-traffictypediagnostic: AM0PR07MB3988:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: 1; AM0PR07MB3988; 20:UE4BXX0p+bBhfDJO29b0Lx1zOylzuzuRdTK9m5GP5h9crV5vipgIUnVxUX3fzSFRTx1wssXUYlDXYzYH8CnO2X83KCUitKgLmW03YIVJGpSC3ermWv8Mt1RnfInD4UREKZ3GFzdgCNS2WNloD0Wfla1cokCQa1QXZzsCBva3Rzk=
x-microsoft-antispam-prvs: <AM0PR07MB3988B44B032E4160541902F4D67F0@AM0PR07MB3988.eurprd07.prod.outlook.com>
x-forefront-prvs: 09565527D6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(39860400002)(346002)(366004)(396003)(199004)(189003)(76176011)(6506007)(68736007)(236005)(786003)(81156014)(106356001)(25786009)(53546011)(316002)(4326008)(57306001)(74482002)(53936002)(8676002)(6116002)(54906003)(6512007)(14454004)(229853002)(54896002)(6306002)(105586002)(50226002)(86362001)(606006)(102836004)(81166006)(99286004)(446003)(46003)(7736002)(72206003)(476003)(8936002)(6486002)(82746002)(6246003)(11346002)(71200400001)(71190400001)(83716004)(5660300002)(33656002)(93886005)(6436002)(97736004)(256004)(2616005)(36756003)(2906002)(486006)(186003)(6916009)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB3988; H:AM0PR07MB4177.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: mmEqGzEW4QFmvj2lqb1Rcr47DJgHT/pV3PmD4VMa/BKRCHt0Cp3HQ6ynVqt0tuJx5RPeD1XZ21EfClAoUbRg65qpt+4fJBx1Jg1e5p/L4vltKv3j7xO5WsZzmK2VTP0IXxtlJQJP3d0QNWt/JActaFsioO2P9piQNlkBan8QPy3xoMVZifmhJc2mJi7pchwCNGk2D3wYIzUul19ja6n8s8jSQTaW8eHKpQEKFH2hGogGNLyGheWrMoCRt4FE9MURkz/lrXgAPX5p3rSOx4FAAp0rq7qrXADzJsuiaFTkaubqfFVPkwj9lkEsuOQe1uSDMYiNHjiFDD4cFNZU8MfudXmnNxCLnYLH8kr8VWTZ6D2JgcWPKG7g8aXnOSg9s5vDOVCM+hLjwgW0FhFoTB6n2AnVzam8M6M1uQykrQXAtsc=
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e71d4ea-fa7e-411d-5304-08d698eb662f
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2019 17:30:11.7487 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3988
X-MC-Unique: jia-mL8QPFuZkEaSLUZdIg-2
X-Mimecast-Spam-Score: 0
Content-Type: multipart/alternative; boundary="_000_763ED571AC76419AA0B643F9AC763F53jiscacuk_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/iKh4WCvDQtSv2du2OAVL5ltv2Qc>
Subject: Re: [v6ops] Stability and Resilience (was Re: A common...)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 17:30:24 -0000

Hi,

On 22 Feb 2019, at 17:04, Owen DeLong <owen@delong.com<mailto:owen@delong.com>> wrote:

Networks should, as much as possible, be resilient to prefix changes. Some things networks can do to improve resilience:

  1.


Write a learned prefix to non-volatile memory and issue a DHCPv6 Renew for that prefix on reboot.

  2.


Use dynamic DNS and shorter TTLs.

  3.


Implement something like NETCONF to distribute prefix information to policy devices like firewalls or SD-WAN controllers. I think a separate document describing this application of NETCONF would make sense.

If the prefix is written to nv men, wouldn’t it also be possible for implementers to send rapid deprecation RAs for any prefix not renewed?

In other words, after reboot, try to reacquire same prefix. If that doesn’t work, when you advertise the new prefix, you could also include the old prefix with a very short preferred and valid lifetime (e.g. 1 second) in the first RA, which should be sent to the all nodes on link multicast?

It doesn’t eliminate the problem, but 1 second additional duration would be barley noticeable amid the minute or so it takes most home gateways to reboot.

That's similar in spirit to RAmond, which we used to use when seeing rogue RAs on our campus network.  It would auto-deprecate any prefixes that shouldn't be there. (http://ramond.sourceforge.net/)

The snag is that I suspect most OSes would ignore a valid timer of 1 second, given the 7200 second (2 hour) minimum defined in RFC 4862 (unless the RA is authenticated, somehow).  The preferred timer can be zero.  When RAmond was written, if we used a valid timer less than 7200 seconds it seemed that the deprecating RAs were ignored.  That was 10+ years ago though.  Perhaps Tim Winters has data on whether that rule is implemented today in practice; I'd assume the tests he runs might include that.

But I like Lee's analysis.

Tim

v2.23.0 | Report a Bug | By Email