IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-01.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 09 May 2022 20:46 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D27AC159481 for <v6ops@ietfa.amsl.com>; Mon, 9 May 2022 13:46:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.955
X-Spam-Level:
X-Spam-Status: No, score=-3.955 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.857, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAai1RGb-4HW for <v6ops@ietfa.amsl.com>; Mon, 9 May 2022 13:46:02 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E610DC14F737 for <v6ops@ietf.org>; Mon, 9 May 2022 13:46:02 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id x52so13223390pfu.11 for <v6ops@ietf.org>; Mon, 09 May 2022 13:46:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=jzbZpdIBWFclcEGUfF9yYdLHx1IUbavUWaODFq2aUTc=; b=VUBjN+wbUQnzB0AzwzDxLvfjDcgM6TF+pPIFAJihPGb76/SF9V4VrCL4rlu6hhOjLf 68A4KGApHtBBNiZF1zxv6V8Rz3ly53wvh6pS9rqwqdPmNNdBRaFWsE3v981Fh8ow7Os3 b9+qOsM+kKA3AlFCzJmjZlNVC4r1VPxdYlyIYGO2tnUS6WhaJpsWCXO2M9MN6GzXSijd 8XwVVJmmbvqbIV5iorI+tnNfNnwTcp1s5dOUDVKMnSGzTyGCav4li8YOpywk+A5OnCOW PJLoofUrij7Bp3RavrqPg5ZG58BS6Mb/UtK7vcqoqrrVYSa/MBN7CDmZ0BWBD7KrRmfT uwrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=jzbZpdIBWFclcEGUfF9yYdLHx1IUbavUWaODFq2aUTc=; b=GuWdl00+Z7umSAntzOY+wRnRl0XfgTp4Vsmja66SPpLM0rXxaVVcJCJK1g2SaSwij7 9Z61wUj8Ia7QToTt85OElcKYWiNPHqtZjoKrdjfGRXetcqS+yKGS7SqAPQXBRrbj+Mmp lVcUs8NKB0lOWv+Mslsm9niM8I4VlLSHYovt6wjPFbaJQdo/iSU0a2iCk0HEsC+tVTm1 uggeySHQLBf3RNe9dsysZ9S5Yby5iE8qbPw6BI7lNZoLpaixOHQy0R36N8l42iXVDxP5 GMYjBEmh2n+obEHxKwrNQKk9KRvCbHA/crFqfCW4yRTxGNOFzzA6/R90YMe3udRqIALz AiOg==
X-Gm-Message-State: AOAM532zIoi1np5jsHYA1LoNQW8ZynT6OdZth5Vwpe2K9DMfvEdJWR3v uLyaf4sQn13sMv0CgxfPXHHVuJJmvIlr2g==
X-Google-Smtp-Source: ABdhPJzQXiIXVrTr4VCdR95cQaYG+4Ry78UK37f65g4JZH5MpJYe1YjUL1ur/8QBVGVA8D6t8EOl/Q==
X-Received: by 2002:a05:6a00:889:b0:510:91e6:6463 with SMTP id q9-20020a056a00088900b0051091e66463mr12234535pfj.58.1652129161785; Mon, 09 May 2022 13:46:01 -0700 (PDT)
Received: from ?IPv6:2406:e003:1005:b501:80b2:5c79:2266:e431? ([2406:e003:1005:b501:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id v8-20020a1709028d8800b0015e8d4eb25asm292057plo.164.2022.05.09.13.45.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 09 May 2022 13:46:00 -0700 (PDT)
To: otroan@employees.org
Cc: IPv6 Operations <v6ops@ietf.org>
References: <165064500009.9969.16134230557484818454@ietfa.amsl.com> <87aa5bcf-05cf-d170-1efb-d9caa6b48e6c@gmail.com> <C709A752-B22E-48D5-BC5E-5599574DE839@employees.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <4cddf27e-46c6-a906-517f-1bfaf79bd808@gmail.com>
Date: Tue, 10 May 2022 08:45:57 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <C709A752-B22E-48D5-BC5E-5599574DE839@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/kWaSWHGUDapILWB0NAptLSLcfrs>
Subject: Re: [v6ops] I-D Action: draft-buraglio-v6ops-ula-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2022 20:46:07 -0000

On 09-May-22 21:09, otroan@employees.org wrote:
> Brian,
> 
> I think what you have below is fine.
> 
> We also have to take into consideration that both 10.1.0.0/16 and fdee:face:fade::/48 may provide global connectivity.

Right, but even if the ULA provides conectivity via NPTv6 or NAT66, we probably want to prefer that over NAT44.

> An application wouldn't know before it tried. So it's important to remember that 6724 only gives an ordered list of SA, DA pairs to try. It does not give an ultimate answer.

Absolutely, which is why I included my comment about "a small matter of programming". However, I suspect that 99% of app programmers simply take the first result from getaddrinfo() and run with that.

    Brian

> 
> O.
> 
> 
>> On 9 May 2022, at 01:23, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>
>> Hi,
>>
>> Thanks for this draft. I have a few comments (and a tiny nit at the end).
>>
>>> The core issue is the stated interpretation from gai.conf that has the following default:
>>> #scopev4  <mask> <value>
>>> #    Add another rule to the RFC 6724 scope table for IPv4 addresses.
>>
>> I'm not sure why this matters. RFC6724 is quite correct to indicate that
>> most IPv4 unicast addresses formally have global scope, but auto-config
>> and loopback addresses have link-local scope. IPv6 is pretty much the
>> same, and in particular ULAs have *global scope* even though they are
>> not globally reachable. RFC1918 addresses are identical to ULAs in
>> that respect.
>>
>> Citing RFC4291 and https://www.rfc-editor.org/rfc/rfc8190.html#section-2.1
>> would clarify the difference between global scope (architectural) and
>> globally reachable (practical). What we care about here is whether an
>> address is globally reachable ("no" for both RFC1918 and ULA, although
>> they are both architecturally global). Unfortunately this distinction is
>> lacking in the description of gai.conf and, I suspect, in the code of
>> Linux getaddrinfo().
>>
>> What I think is lacking in the draft is an explanation of how
>> getaddrinfo() works and why it matters. Here's a walkthrough that
>> I hope will help clarify what I mean:
>>
>> Consider an end-user network with the following properties:
>>
>> It is dual stacked.
>> It uses 10.1.0.0/16 (NATted to the Internet).
>> It uses (or wants to use)  fdee:face:fade::/48 for internal IPv6.
>> It uses 2001:db8:fade::/48 for external IPv6
>>
>> We'll neglect for now whether it has a subnet structure. It shouldn't
>> matter.
>>
>> Consider a host user.mynet.example.com, a local server printer.mynet.example.com,
>> and a remote server www.theirnet.example.com. Assume they have these various
>> addresses:
>>
>> user.mynet.example.com has:
>>
>> 10.1.0.1
>> fdee:face:fade::1
>> 2001:db8:fade::1
>>
>> printer.mynet.example.com has:
>>
>> 10.1.0.10  (A record in local DNS)
>> fdee:face:fade::a  (AAAA record in local DNS)
>>
>> www.theirnet.example.com has:
>>
>> 192.0.2.15  (A record in global DNS)
>> 2001:db8:cafe::f  (AAAA record in global DNS)
>>
>> What do we *want* to happen?
>>
>> If user opens a connection to printer, we want it to choose
>> SA = fdee:face:fade::1
>> DA = fdee:face:fade::a
>>
>> If user opens a connection to www, we want it to choose
>> SA = 2001:db8:fade::1
>> DA = 2001:db8:cafe::f
>>
>> Now, if user does a DNS lookup, via getaddrinfo(), the results
>> will look like this (in the Python universe):
>>
>> For printer:
>>
>> (<AddressFamily.AF_INET: 2>, 0, 0, '', ('10.1.0.10', 0))
>> (<AddressFamily.AF_INET6: 23>, 0, 0, '', ('fdee:face:fade::a', 0, 0, 0))
>>
>> For www:
>>
>> (<AddressFamily.AF_INET6: 23>, 0, 0, '', ('2001:db8:cafe::f', 0, 0, 0))
>> (<AddressFamily.AF_INET: 2>, 0, 0, '', ('192.0.2.15', 0))
>>
>> At this point, consider what RFC6724 says:
>>
>>    As a consequence, we intend that implementations of APIs such as
>>    getaddrinfo() will use the destination address selection algorithm
>>    specified here to sort the list of IPv6 and IPv4 addresses that they
>>    return.  Separately, the IPv6 network layer will use the source
>>    address selection algorithm when an application or upper layer has
>>    not specified a source address.
>>
>> Thus, to get the desired behaviour, what matters is destination
>> address selection: if we select DA = fdee:face:fade::a, then the
>> ULA source address will follow.
>>
>> Of course this is a small matter of programming, and most programmers
>> just pick the first address. That's why we need the Section 10.6
>> mechanism of RFC6724, to insert an appropriate precedence like
>>        fdee:face:fade::/48 45 14
>>
>> which will prioritize local use of ULAs but will change nothing
>> for off-site access.
>>
>> At that point in my thinking, I started coding the program that
>> I posted yesterday.
>>
>> Nit:
>>
>> s/gai.cnf/gai.conf/
>>
>> Regards
>>    Brian
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email