Re: [v6ops] A broken promise - "You said PD Prefix Valid Lifetime is going to be X" (Re: SLAAC renum: Problem Statement & Operational workarounds)

Fernando Gont <fgont@si6networks.com> Fri, 01 November 2019 09:45 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2310120805 for <v6ops@ietfa.amsl.com>; Fri, 1 Nov 2019 02:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdP0UWyOQoms for <v6ops@ietfa.amsl.com>; Fri, 1 Nov 2019 02:45:19 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ED4212023E for <v6ops@ietf.org>; Fri, 1 Nov 2019 02:45:18 -0700 (PDT)
Received: from [192.168.1.36] (unknown [177.27.208.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id B922986A99; Fri, 1 Nov 2019 10:45:14 +0100 (CET)
To: Sander Steffann <sander@steffann.nl>
Cc: Mark Smith <markzzzsmith@gmail.com>, Ole Troan <otroan@employees.org>, v6ops list <v6ops@ietf.org>
References: <m1iPlMZ-0000J5C@stereo.hq.phicoh.net> <FACE45EC-27FC-437A-A5BF-D800DF089B50@fugue.com> <837E9523-14FC-4F6C-88FC-DCC316265299@employees.org> <CAO42Z2wz1H-x1O+k-ra09V=xON7GOYM+0uHkG0d3ExnsGNuDeA@mail.gmail.com> <03aad034-4e35-743f-975d-7d3c9f29b5cc@si6networks.com> <9EC75FDA-10A6-4FDC-BB42-EFC51C6631DE@steffann.nl>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Message-ID: <ad77e7c9-0578-4eca-2ef9-8f2c61638b82@si6networks.com>
Date: Fri, 1 Nov 2019 06:29:37 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <9EC75FDA-10A6-4FDC-BB42-EFC51C6631DE@steffann.nl>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/kPtgTqTj3JrUeEUyLmEY7H5Ttb0>
Subject: Re: [v6ops] A broken promise - "You said PD Prefix Valid Lifetime is going to be X" (Re: SLAAC renum: Problem Statement & Operational workarounds)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 09:45:22 -0000

On 1/11/19 05:22, Sander Steffann wrote:
> Hi,
> 
>>> I think Ole observed that this is contrary to what the PD prefix's
>>> Valid Lifetime said would be the case. The ISP supplied a PD Prefix
>>> with a Valid Lifetime of X seconds, and then broke that promise by
>>> abruptly changing addressing before X seconds. ISPs should be expected
>>> to live up to their Valid Lifetime promises.
>>
>> "Hope" doesn't make networks run properly.
> 
> This isn't "Hope", this is breaking promises, and that does break networks. If you can't at least trust that promises are intended to be kept then you have no network at all...

You might hope the ISPs do stable prefixes, that CPEs record the leased
prefixes on stable storage, and that CPE routers does not crash and reboot.

However, 37% of surveyed ISPs
(https://indico.uknof.org.uk/event/41/contributions/542/attachments/712/866/bcop-ipv6-prefix-v9.pdf)
indicate they do dynamic prefixes, and thus are likely to be facing this
problem (possibly being masqueraded by falling back to IPv4).

You may want to declare ISPs clueless, start a crusade to switch to
stable prefixes (unlikely success), claim that CPE vendors are cheap, etc.

But at the end of the day, user experience will still suck.

(I have had cases in which I have flash-renumbered my network by
changing and reloading a RA daemon)


> 
>> In any case, as previously noted, there are multiple scenarios that may
>> lead to this problem.
> 
> Sure, bad things can happen, and there are cases where despite the best intentions you can't keep your promise. But that doesn't mean everybody should go around making promises without even thinking about keeping them…

I certainly can't speak for the 37% above. But a number of folks have
already noted (some on-list, some off-list) that they are running
networks on which this flash-renumbering events do occur.

The home network/cpe case is a notable example, but others exists. And
particularly the host-side mitigations help all of them.
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492