IETF Logo Mail Archive

Re: [v6ops] WGLC: draft-ietf-v6ops-unique-ipv6-prefix-per-host-02 - multiple prefixes per device

Lorenzo Colitti <lorenzo@google.com> Mon, 20 March 2017 09:28 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64FAB1297E1 for <v6ops@ietfa.amsl.com>; Mon, 20 Mar 2017 02:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9ybLGT8ayMV for <v6ops@ietfa.amsl.com>; Mon, 20 Mar 2017 02:28:45 -0700 (PDT)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 898CA1297E6 for <v6ops@ietf.org>; Mon, 20 Mar 2017 02:28:45 -0700 (PDT)
Received: by mail-ua0-x22f.google.com with SMTP id q7so72350967uaf.2 for <v6ops@ietf.org>; Mon, 20 Mar 2017 02:28:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+tyvbH3s/FUrK4Y0mmp60BxzZjVA0SKRugWpbXPo7Ko=; b=ZtB8ObFNSBpKDWO69PA7wpyn/y1PYfcBSSKMCb+IlzHFzRgragUW/5+kmhOqbMzbuY FGLdUGtDItO7BxS4BN+OL1E8nZ7xMu9s0x/uE4XMSQD96abwGPswI2OhiLGUDvrD/Qbb mCaw6CvXN2hXZFjLdNeK/QvdR9Xtv5xHuXhWFn39Z7q4aIo5IiY3hVoqB6ETGfOLINni XOYSMjp18w9Z+y7l8z+3ptBMjiIGdbA48YIYWeAsOGbLspKoilGlKQw1nIHdxzVls42y ZcUmckI0xVI4aXF6GPUYUgF/T9QC5OhLHy5SG520fORVt3SerM7oq6g3vfLPAiFavZZF O6ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+tyvbH3s/FUrK4Y0mmp60BxzZjVA0SKRugWpbXPo7Ko=; b=GY79lBP16puOlv5JXsSv6ZJk1L7BB2PXG6tqlTPgvU3YVpqW/Txz8vkGHPSFXQnm/n 4S/LQu/gXI7K1Fv9jMdJp5zUiGA8Xrr4PcOy3B2XmSbHhorNZB7aPfaZ/au7wsLBSYvD MEkwOiaKPh2LsdFQI7sBRhgwNAWXCf/GDXECc7W1rwDsx2FRuKrMHbP96p2b5vM2vZ2F 2nMg5qk829WnfNDdKja2pe/5dEeIX//U3tG6mpDDPBzi6Xmry1ICPZhR9EnSADhFJ23B wV0gzjGCQiFWHjBKUrxwtLNjmL9j85rP9Fb8M3yUh/QwXWz5dlznmNWuArYXh2nhHMkC /AfQ==
X-Gm-Message-State: AFeK/H1KFYTVHLWtW7OHnmX5+NQvZP5uOHTRLhzx2WX7LZ+MfzAmXytUUWmezpTJ7qC5uIRZ+eJKCAaPinDkPERK
X-Received: by 10.159.34.13 with SMTP id 13mr8225787uad.72.1490002124428; Mon, 20 Mar 2017 02:28:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.155.211 with HTTP; Mon, 20 Mar 2017 02:28:23 -0700 (PDT)
In-Reply-To: <8fc7f3e7-7155-f184-c028-a9f6da7e97db@gmail.com>
References: <BLUPR0501MB2051704E825BCA03EEB09D79AE240@BLUPR0501MB2051.namprd05.prod.outlook.com> <c8c0f5be-28bb-ba31-16da-7fc7e3fccec0@gmail.com> <20170316082639.GF2367@Space.Net> <29F9E911-E637-456D-A930-3316FFD93C41@jisc.ac.uk> <27AE6A05-C742-44BF-98E8-BFCEC72316F2@employees.org> <EF0F4950-F238-4001-BA74-D9440524BEFA@gmail.com> <634a6a12-4d82-da33-6d1d-baae2e5b2891@gmail.com> <13DA8077-91C1-4B3F-9D67-3727F546D202@employees.org> <13194a4f-aeda-63b0-0293-6bc738b068f2@gmail.com> <4D60B43B-24F9-4701-800E-13CF32CD4769@employees.org> <8fc7f3e7-7155-f184-c028-a9f6da7e97db@gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 20 Mar 2017 18:28:23 +0900
Message-ID: <CAKD1Yr0DgYyRu_sj05WoX8d5jf3xPwj5neQV1n+vCo02j4UPVw@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Ole Troan <otroan@employees.org>, Alexandre Petrescu <alexandre.petrescu@gmail.com>, "v6ops@ietf.org WG" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="001a1135bb6e57bead054b262797"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/jMf7qYAhNOUg0gK7AHjLGPEvcM8>
Subject: Re: [v6ops] WGLC: draft-ietf-v6ops-unique-ipv6-prefix-per-host-02 - multiple prefixes per device
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 09:28:47 -0000

On Fri, Mar 17, 2017 at 2:31 AM, Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
> Yes, but only if /64 is no longer sacred. It's going to be tricky if some
> of the nodes on the /66 subnets assume SLAAC at /64.

If /64 is no longer fixed then we'll end up with /128 + NAT66 like we
do in IPv4.

> So, it seems clear to me that while getting a /64 is better than getting
> a /128, it's even better to get a /56. Or even one of those 15 trillion
/48s.
> We should make it clear that /64 is not even second-best. Just better
> than /128.

Given that this is an operational draft, then I would suggest an
applicability statement: state that DHCPv6 PD is better, but also state
that best *current* practice is to provide a /64 via RA, because currently
very few hosts have DHCPv6 PD clients and providing PD on the network side
is not going to help the vast majority of clients.

Using shared links on public deployments with untrusted hosts has all sorts
of security and scalability issues (ND spoofing, DAD spoofing, ND cache
exhaustion attacks, etc.) /64 to the host is just a much better solution.

v2.23.0 | Report a Bug | By Email