IETF Logo Mail Archive

Re: [v6ops] JANOG34 provides 3.2.1 and 3.2.2

Mark ZZZ Smith <markzzzsmith@yahoo.com.au> Wed, 02 July 2014 10:22 UTC

Return-Path: <markzzzsmith@yahoo.com.au>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2F3C1B28F2 for <v6ops@ietfa.amsl.com>; Wed, 2 Jul 2014 03:22:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.701
X-Spam-Level: *
X-Spam-Status: No, score=1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HK_RANDOM_REPLYTO=0.999, J_CHICKENPOX_32=0.6, J_CHICKENPOX_55=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYHpGnaoX6kN for <v6ops@ietfa.amsl.com>; Wed, 2 Jul 2014 03:22:15 -0700 (PDT)
Received: from nm33.bullet.mail.bf1.yahoo.com (nm33.bullet.mail.bf1.yahoo.com [72.30.238.133]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B8D11B28EB for <v6ops@ietf.org>; Wed, 2 Jul 2014 03:22:15 -0700 (PDT)
Received: from [98.139.212.153] by nm33.bullet.mail.bf1.yahoo.com with NNFMP; 02 Jul 2014 10:22:14 -0000
Received: from [98.139.212.217] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 02 Jul 2014 10:22:14 -0000
Received: from [127.0.0.1] by omp1026.mail.bf1.yahoo.com with NNFMP; 02 Jul 2014 10:22:13 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 998679.71966.bm@omp1026.mail.bf1.yahoo.com
Received: (qmail 54675 invoked by uid 60001); 2 Jul 2014 10:22:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.au; s=s1024; t=1404296533; bh=6fJnzBSTDFcSMHzwjHS/tupDq1IuhpDa+9ZCtZ+DCgo=; h=References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=b45W6+FNrcFtBicourKImOrkVZP85qdV72WWLIdmGOSgDa8tEWuZ43+WzmA3k86TyS3XLT1S0Yz54SswDO7JyQKniVW69SDTm5adFEpnuNQmpN6s58hx4/nVzrgFHnOzPHhr+qkiMIQCBPIp91srDCL6wAMfz84JC25PQkjvx6k=
X-YMail-OSG: qyswkwsVM1knSV4nKlsmNuhJi3rDCzH5kWBq2lFNad5cZr1 NdreoTtg3U0zqinwA1bENeQtdKtzS2u0xEAVXioBUs1yFdtQgJHh54GtkiAX IbMGnH4pJONeWkiZmdSs3ULZ8TrsR3G.SiwFY9vQo7eXLhcebZLP42hx0LqQ 91cv2F1uDW60UGDCvU8haHtK_AL5UI388KKAPowBEaS_Rxe2ZoxRhpF88NGY 47OWavWrRruq4KU7P6Wp2p9u71gjAZSUYT7P1pRc6kisKFJOR14t3WIvH13L XtOvzj8KnPZrTIvOylPOfn1vhJasCQ8zbZDsao0aUtakvlapsIZBPrER1VV4 5quqC9Be2HxqG0JLwIZrn7wV0_v0uqqV0juf8iJni_GMzGwPkRYmTL9ef0A7 8kNpdFkV4i0953qOOW4gvBtIHsnGJHLeWiPAerf7qdQXwlej.GB_4ZyhMLxd x83VyJXNsloG1xdDU8MdiBmdCyh0qSCLqLUsZ6bivjcTKL.eER9HlSYJxbO6 wTHIeDw9pMDwem099G2bRjVgC6I.KobUw6IZnHL0Y0e6d4XamvhSxFaI-
Received: from [150.101.221.237] by web162204.mail.bf1.yahoo.com via HTTP; Wed, 02 Jul 2014 03:22:13 PDT
X-Rocket-MIMEInfo: 002.001, CgoKLS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLQo.IEZyb206IExpdWJpbmcgKExlbykgPGxlby5saXViaW5nQGh1YXdlaS5jb20.Cj4gVG86IFNoaXNoaW8gVHN1Y2hpeWEgKHNodHN1Y2hpKSA8c2h0c3VjaGlAY2lzY28uY29tPgo.IENjOiAia3NoaW1penVAanVuaXBlci5uZXQiIDxrc2hpbWl6dUBqdW5pcGVyLm5ldD47ICJ2Nm9wc0BpZXRmLm9yZyIgPHY2b3BzQGlldGYub3JnPjsgImkxOG5AamFub2cuZ3IuanAiIDxpMThuQGphbm9nLmdyLmpwPgo.IFNlbnQ6IE1vbmRheSwgMzAgSnVuZSAyMDE0IDIBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.191.1
References: <53AD471B.6070009@cisco.com> <6015024E-05E9-4749-8D85-3943ECDA3111@cisco.com> <8AE0F17B87264D4CAC7DE0AA6C406F453D8ECC41@nkgeml506-mbx.china.huawei.com>
Message-ID: <1404296533.59165.YahooMailNeo@web162204.mail.bf1.yahoo.com>
Date: Wed, 02 Jul 2014 03:22:13 -0700
From: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
To: "Liubing (Leo)" <leo.liubing@huawei.com>, "Shishio Tsuchiya (shtsuchi)" <shtsuchi@cisco.com>
In-Reply-To: <8AE0F17B87264D4CAC7DE0AA6C406F453D8ECC41@nkgeml506-mbx.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/maBy2eYrcTZ45UeXbxTUflFCCY4
Cc: "kshimizu@juniper.net" <kshimizu@juniper.net>, "v6ops@ietf.org" <v6ops@ietf.org>, "i18n@janog.gr.jp" <i18n@janog.gr.jp>
Subject: Re: [v6ops] JANOG34 provides 3.2.1 and 3.2.2
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2014 10:22:17 -0000



----- Original Message -----
> From: Liubing (Leo) <leo.liubing@huawei.com>
> To: Shishio Tsuchiya (shtsuchi) <shtsuchi@cisco.com>
> Cc: "kshimizu@juniper.net" <kshimizu@juniper.net>; "v6ops@ietf.org" <v6ops@ietf.org>; "i18n@janog.gr.jp" <i18n@janog.gr.jp>
> Sent: Monday, 30 June 2014 2:10 PM
> Subject: Re: [v6ops] JANOG34 provides 3.2.1 and 3.2.2
> 
> Hi Shishio,
> 
> Thanks much for sharing the information. It's great that JANOG34 will 
> provide more experience of using ULAs.
> 
> Basically I agree with Fred that it is important to see whether the statements 
> of the draft is correct. In addition to Fred's comments, I have some other 
> concerns:

So I added a ULA /64 to my home network in addition to my ISP assigned GUA /64 in around May last year IIRC, so see if it would cause any problems. I generally try to be a 'user' at home so that I can get some insight into what the typical non-technical person experiences.

I haven't had any issues since adding the ULA, which could mean any of (a) the ULA is never used, (b) the right choice is being made between the ULA and GUA prefix, and (c) happy eyeballs is hiding any IPv4 vs IPv6 ULA issues. Not very scientific, but then again there has never been any issues which has made me consider the ULA prefix to be a possible cause. I have for somewhere in the order of the last six months switched off the RA PIO L bit for both my GUA and ULA prefix to see how hairpinning all traffic except link-local through my default router works, and have also not really noticed anything, other than Linux Network manager taking over IPv6 configuration from the kernel, and not obeying the RA PIO L bit (which should be fixed now).


> - Is it easy to configure a host with ULA+PA? E.g., both through SLAAC

Yes. I'm using OpenWRT on my CPE, I added the ULA prefix via the 'luci' gui. It is now an additional RA PIO, and I'm using SLAAC addressing, so my hosts get both GUA and ULA prefixes/addresses (and temporary addresses as well, as I've also enabled that).

> or 
> through SLAAC/DHCPv6 respectively.

Don't know about DHCPv6.

> - Are there still many hosts using the old address selection algorithm [3484]? 
> Since [RFC3484] hosts will face the problem of selecting un-expected ULA-PA 
> source/destination address pairs.

Either yes, or most likely. My 'normal' or commonly used hosts are Linux (currently Fedora 20, 3 of them), and for a while I was updating /etc/gai.conf with the new RFC6724 rules. However I haven't got around to doing that for the most recent Fedora 20 installs, so I think it is likely that those hosts are still using RFC3484 rules for the last six months.

I do have some virtual windows hosts, however I haven't looked closely at them in this regard. My Android phone is has both GUA and ULA addresses (and privacy addresses for both GUA and ULA prefixes), and I've had no issues with using that. I recently got a Chromecast which can use IPv6 to stream content, and it doesn't seem to have had any issues with the ULA prefix when accessing GUA IPv6 only available content.

The ULA vs GUA rules in RFC6724 only really matter if there is a choice between a GUA and a ULA. ULAs shouldn't be in the global DNS, so in most cases there will be no choice, it'll either be one or more GUAs or one or more ULAs exclusively.

Some people seem to be concerned about ULAs being put in the global DNS, and therefore causing problems if a host tries to use an unreachable ULA instead of a reachable GUA address. In my experience I haven't seen that problem occur with RFC1918s in global IPv4 DNS entries, so I don't think it will happen much with IPv6 ULAs. That being said, I think the Happy Eyeballs approach applied to the set of returned IPv6 addresses, which might be a mix of GUAs and ULAs, not just across IPv4 and IPv6 addresses would mitigate that.

> - Let me confirm the ULA-only Deployment in JANOG34, did you mean "connect 
> to the Internet through ULA-only" or "ULA-only in an isolated network 
> or for internal use only"? (The 3.2.1 of the draft specifically means the 
> former.) 
>

These questions sound a bit to me like you haven't added a ULA prefix to an IPv6 network you're commonly using. So if you haven't, I think you should - 'the proof of the pudding is in the eating'.

Regards,

Mark.
  
> Best regards,
> Bing
> 
> 
>>  -----Original Message-----
>>  From: Fred Baker (fred) [mailto:fred@cisco.com]
>>  Sent: Saturday, June 28, 2014 8:58 AM
>>  To: Shishio Tsuchiya (shtsuchi)
>>  Cc: Liubing (Leo); kshimizu@juniper.net; v6ops@ietf.org; i18n@janog.gr.jp
>>  Subject: Re: [v6ops] JANOG34 provides 3.2.1 and 3.2.2
>> 
>> 
>>  On Jun 27, 2014, at 3:27 AM, Shishio Tsuchiya <shtsuchi@cisco.com> 
> wrote:
>> 
>>  > Leo and v6ops
>>  > F.Y.I
>>  > JANOG(JApan Network Operator's Group) decided to provide ula 
> address
>>  to the JANOG34 conference network.
>>  > http://www.janog.gr.jp/en/index.php?JANOG34_Meeting
>>  >
>>  > They will provide 3.2.1. ULA-only Deployment and 3.2.2. ULA along with
>>  GUA.
>>  >
>>  http://tools.ietf.org/html/draft-ietf-v6ops-ula-usage-recommendations-02
>>  >
>>  > If you would like to confirm something on the network , please let me
>>  know.
>> 
>>  Thanks for this.
>> 
>>  I would expect that the key things to prove are the statements in the 
> draft.
>>  Also, any observations that might come up would be useful. For example,
>>  was it fair to say that the network that was isolated remained isolated? 
> Did
>>  using a ULA and a GUA on a globally-accessible network cause any issues?
>>  What, if anything, was necessary in the router(s) in question to prevent 
> hosts
>>  from using ULA source addresses to connect to GUA addresses? Did hosts in
>>  fact form both ULA and GUA-based addresses and use them appropriately
>>  when connecting to applications inside and outside the network?
>> 
>>  What one might hope would be that ULA-based addresses were used to
>>  connect to other ULA-based addresses, as their bit strings were most 
> similar,
>>  and GUA-based addresses were used to connect to other GUA-based
>>  addresses, for the same reason. One might hope that ULA prefixes were not
>>  announced in BGP without needing extra thought, and that if they were
>>  announced, they were not accepted. One might further hope that when a
>>  ULA was not announced into a neighboring domain, a packet sent to the ULA
>>  prefix didn't cross the domain boundary.
>> 
>>  Of course, we need to hear about any extra work that was required, and any
>>  problems that arose. And we need to understand if the deployment of a ULA
>>  prefix necessarily implied the deployment of an IPv6/IPv6 NAT or NAPT. I
>>  don't expect that it will and am certainly not asking for it to, but 
> that
>>  expectation has been promoted.
>> 
>>  JANOG will be Wednesday-Friday the week before IETF 90, and v6ops will
>>  meet Monday and Tuesday. It would be nice if someone could make a point
>>  of reporting on the experiment.
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email