Re: [v6ops] A broken promise - "You said PD Prefix Valid Lifetime is going to be X" (Re: SLAAC renum: Problem Statement & Operational workarounds)

Ole Troan <otroan@employees.org> Fri, 01 November 2019 11:16 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 709451200E0 for <v6ops@ietfa.amsl.com>; Fri, 1 Nov 2019 04:16:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pPZGeukJofXw for <v6ops@ietfa.amsl.com>; Fri, 1 Nov 2019 04:16:00 -0700 (PDT)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D173A12002E for <v6ops@ietf.org>; Fri, 1 Nov 2019 04:16:00 -0700 (PDT)
Received: from astfgl.hanazo.no (unknown [IPv6:2a01:79c:cebd:47d8:709f:2665:c927:f9f1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 0937D4E12585; Fri, 1 Nov 2019 11:16:00 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id 459C82136216; Fri, 1 Nov 2019 12:15:56 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <D3B1E770-F199-4605-BF78-A3637D6CDB42@fugue.com>
Date: Fri, 1 Nov 2019 12:15:56 +0100
Cc: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>, v6ops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4288FBC0-C421-464F-9D55-7FB77AA1FA4E@employees.org>
References: <m1iQUNM-0000KTC@stereo.hq.phicoh.net> <94BBC308-365D-41A8-96FB-242BF63FFBF9@employees.org> <D3B1E770-F199-4605-BF78-A3637D6CDB42@fugue.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3601.0.10)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/j2X7AG6XZuLwwYIvwWXEHi0LPR8>
Subject: Re: [v6ops] A broken promise - "You said PD Prefix Valid Lifetime is going to be X" (Re: SLAAC renum: Problem Statement & Operational workarounds)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 11:16:03 -0000

Ted,

>> There’s really little value in having both valid and preferred lifetimes in PD. 
> 
> Ole, I think argument from authority isn’t very useful here.   I can imagine that you might think this, but…
> 
> Suppose I want to renumber a customer.   And I have one tool with which to do this: DHCP.   What is the correct behavior?   There are options:
> 
> 1: just stop renewing the old prefix, but continue to route it
> 2: provide two prefixes, one with a preferred lifetime of zero, the other with a nonzero preferred lifetime; continue to route both until the valid lifetime on the deprecated prefix expires, at which point stop routing that prefix.
> 3: stop renewing the old prefix, and don’t route it.
> 
> I think that (1) is valid, and is what we would expect, but there is a problem: how does the infrastructure know that that prefix should continue to be routed?   It’s not seeing renewal traffic, and I think that’s how it knows currently.   Maybe it does DHCP leasequery?   If so, then does the DHCP server know the prefix is still valid?   I hope so.   It would be bad if the DHCP server gave out that prefix before it had expired.
> 
> (2) seems valid, and I think is correct behavior, but there’s been some theorizing on the DHC wg mailing list (and here, a bit) that some CPE devices might not be expecting this behavior, and might choke on it.
> 
> (3) This is a flash renumbering scenario.
> 
> Now, I think what you just said was that none of these scenarios are valid, because the ISP should never renumber the customer.   Is that correct?
> 

Neither of your options have IETF consensus behind them. DHCP PD supports renumbering, but it also says:

   "Many applications expect stable addresses.  Even though this
   mechanism makes automatic renumbering easier, it is expected that
   prefixes have a long lifespan.  During renumbering it is expected
   that the old and the new prefix co-exist for some time."

RFC4192 is as far as I know the most complete graceful renumbering description.

To continue my example:

(4) Continue to delegate prefix A with a lifetime expiring on November 11. On November 4th start also delegating prefix B with a lifetime expiring December 31st 2022.
    On November 11th, stop advertising prefix A.

This is how IPv6 renumbering has been specified for 20 years... I presume that was not news?

Cheers,
Ole