Re: [v6ops] AWS ipv6-only features

[Owen DeLong <owen@delong.com>]

> On Nov 30, 2021, at 11:57 , Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> On 01-Dec-21 06:14, Owen DeLong wrote:
>>> On Nov 30, 2021, at 01:47 , Philip Homburg <pch-v6ops-11@u-1.phicoh.com> wrote:
>>> 
>>>>   On Nov 29, 2021, at 10:33 , Nick Buraglio <[1]buraglio@es.net>
>>>>   wrote:
>>>> 
>>>>   "ULAs are preferred over GUAs, so when a host is presented with
>>>>   both a ULA and GUA as possible ways to reach a destination, the
>>>>   host will select the ULA. Once the ULA destination address is
>>>>   chosen, the host will then choose its ULA as a source address
>>>>   to reach the ULA destination. This preference of ULA addressing
>>>>   over GUA addressing is the mechanism that provides internal
>>>>   network connectivity independence from concurrent external
>>>>   Internet connectivity."
>>>> 
>>>>   Yep... The moral of the story is that GUA works as intended and
>>>>   ULA is a bit of a mess.
>>> 
>>> I'm a bit confused about this scenario.
>>> 
>>> Typically a hosts gets addresses from DNS. So this suggests that people
>>> create DNS RR sets that contains both GUAs and ULAs.
>>> 
>>> Is this common practice somewhere? Do people expect that something sensible
>>> will happen if you try that? Is it documented what should happen?
>> Probably more common in mDNS than DNS, but yes, something sensible SHOULD
>> happen as documented in the RFCs:
>> AAAA record sorting in getaddrinfo() or getnameinfo() should return the ULA records
>> before the GUA records in the linked list.
> 
> That should be an application programmer's choice, I think, because whether
> ULAs should be preferred is an application-specific choice. In some cases,
> a "happy eyeballs" heuristic might even be best. In any case, I don't see
> how the IETF can design a one-size-fits-all solution.

Well… The application programmer is free to go to extraordinary measures to traverse
the results from getaddrinfo() in whatever manner they wish, but the intended modus
operandi and the path of least surprise is to read the list in order and the order (absent
administrator interference in the source address selection choice via configuration)
will be ULA then GUA for all of the most obvious reasons.

> Also, of course, there are choices like: does a printer need a GUA? Why
> wouldn't a ULA be sufficient? The same goes for any internal-use-only
> server.

Right, but if the printer has ULA only and no GUA AAAA record, then this entire
discussion is a non-issue as address selection is moot if there’s only one choice.

> Also a site could decide not only to use split-horizon DNS, but also
> to use different DNS names for different addresses, e.g.
> internal-server@example.org for the ULA and server@example.org
> for the GUA.

Again, only one name is getting queried at a time in getaddrinfo(), so
something like that is moot as each name would return only one address.

We’re talking about what happens when a single query returns multiple
AAAA records, some of which are each of {ULA,GUA}.

> We abandoned draft-ietf-v6ops-ula-usage-recommendations and draft-ietf-v6ops-ula-usage-considerations. Maybe it's time to restart such an effort.

Personally, I’d favor abandoning ULA altogether, but I know that’s not a popular view.

Owen

> 
>   Brian
> 
>> As a result, an application that sensibly iterates through the list in order (as is expected
>> behavior) should connect via GUA if possible (if not, it should rapidly receive an error
>> and move on to the next item in the list, so no extraordinary processing or coding
>> is required in the application).
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops