IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt

Vasilenko Eduard <vasilenko.eduard@huawei.com> Mon, 14 November 2022 07:14 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 718ECC1522BD for <v6ops@ietfa.amsl.com>; Sun, 13 Nov 2022 23:14:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sK6zapIVcRqk for <v6ops@ietfa.amsl.com>; Sun, 13 Nov 2022 23:14:26 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 742A1C1522BB for <v6ops@ietf.org>; Sun, 13 Nov 2022 23:14:26 -0800 (PST)
Received: from frapeml500001.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4N9gRh1SMbz67Y4H; Mon, 14 Nov 2022 15:09:52 +0800 (CST)
Received: from mscpeml100001.china.huawei.com (7.188.26.227) by frapeml500001.china.huawei.com (7.182.85.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 08:14:24 +0100
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100001.china.huawei.com (7.188.26.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 10:14:23 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.031; Mon, 14 Nov 2022 10:14:23 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Andrey Kostin <ankost@podolsk.ru>, V6 Ops List <v6ops@ietf.org>
Thread-Topic: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
Thread-Index: AQHY82doJXH+mNcnv0GTzt+pTIp8Nq40v7IAgAAFmoCAAAECgIAABZ2AgAAJb4CAAAmvAIAATwEAgAAzFkCABHixgIADS9og///usQCAAPWaIA==
Date: Mon, 14 Nov 2022 07:14:23 +0000
Message-ID: <2fd756b1b0c74f19b8bddd92d11e02b5@huawei.com>
References: <CAFU7BAQmSqaZhrQ0YH-1ryp2DfZH6z5B1icR=Wc_W=sdBExuEA@mail.gmail.com> <EE3F6D3C-EC05-4B23-917D-46BA7E49BC61@employees.org> <CAFU7BAQAo7p8MQOK9+CF3OEhOYp=vpUvX_4u9DadXaqQ7ada6w@mail.gmail.com> <0d5cef0d9d914f86adf0f67a05de3001@huawei.com> <5dd6205b058f15a77fe939f06a0db99c@podolsk.ru> <5648a94d446443f783be1978e3c11271@huawei.com> <1de216ef-994e-c62e-3e03-e8637fe9f879@gmail.com>
In-Reply-To: <1de216ef-994e-c62e-3e03-e8637fe9f879@gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.195.34.30]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/mtPdph3yDvb9GoYVVKu0QcWMtUU>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2022 07:14:30 -0000

> There is a Reserved2 field in a PIO that could be redefined to indicate a maximum number of addresses allowed per host under a given prefix.

Hi Brian,
It would be a good solution.
Because local limits is better to announce from the local router.
Announce limits from the one centralized location (DHCP server) looks more complex and error prone.
Eduard
-----Original Message-----
From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] 
Sent: Sunday, November 13, 2022 10:33 PM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>; Andrey Kostin <ankost@podolsk.ru>; V6 Ops List <v6ops@ietf.org>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-linkova-v6ops-ipmaclimi-00.txt

On 14-Nov-22 06:44, Vasilenko Eduard wrote:
> If the network has limits Then hosts should adapt to the limits (not vice versa).
> It is needed to know the limits to adapt. DHCP could inform about the limit, but SLAAC could not.

It could. There is a Reserved2 field in a PIO that could be redefined to indicate a maximum number of addresses allowed per host under a given prefix.

    Brian

> 
> The number of virtual things per hardware instance would be always restricted.
> If the best AP would support 200 IP per MAC then it is still possible to run containers and stretch even that.
> 
> DHCP could impose different limits per different links. Hence, if APs' different segment has different restrictions then DHCP would impose different limits.
> If the particular link has APs with different restrictions then indeed DHCP should be configured to limit on the smallest.
> Ed/
> -----Original Message-----
> From: Andrey Kostin [mailto:ankost@podolsk.ru]
> Sent: Friday, November 11, 2022 9:15 PM
> To: V6 Ops List <v6ops@ietf.org>
> Cc: Jen Linkova <furry13@gmail.com>; Ole Troan <otroan@employees.org>; 
> Vasilenko Eduard <vasilenko.eduard@huawei.com>
> Subject: Re: [v6ops] Fwd: New Version Notification for 
> draft-linkova-v6ops-ipmaclimi-00.txt
> 
> Vasilenko Eduard писал(а) 2022-11-08 13:58:
>> N+1 allocation should fail.
>> But the network and host should be aware of it (in sync).
>>
>>> Or do we want NAT66?
>> No. DHCP in this case.
> 
> What if the underlying access network has access points from multiple vendors and they have different limits that are lower than allowed by DHCP?
> 
> The problem Jen is trying to point out is not an addressing problem and not related either to SLAAC, DHCP or static assignment. Looks like some comments pronounce SLAAC guilty in described issue and try to use this statements to push DHCP vs SLAAC dispute. This is not the case. This is an operational problem caused by lack of common practice and agreement between vendors. And that is exactly what Jen is trying to solve. She is requesting to make underlying networks equipment's behavior deterministic and provide troubleshooting capabilities by creating log messages.
> 
> Regarding limits, in some networks big number of IPs per host can be absolutely appropriate and necessary, in others there may be stricter limits and this is also a real use case. We all understand that everything is a resource and cost some money. Let's allow network owners decide what's reasonable for them and what's not. Like Bill Gates said that 640K of RAM will be always enough. Although now we are used to have a lot more memory in our computers and servers, but it's still expensive and each admin can choose how much he/she can afford.
> So, in situations where host wants more addresses then allowed, some mechanism should exist to make this limit less painful and predictive.
> DHCP is one way for it, but it can't prevent creation of multiple link-local or ULA addresses and it can hit ND cache limit even for addresses legally assigned via DHCP. So it can't be considered as a solution.
> For replacement technique for me it looks simpler just to rely on ND cache expiration timers in the same way how it works for MAC tables.
> Some vendors can develop more sophisticated features similar to MAC security to differentiate their products from the base level. Eventually a user who tries to use more addresses than allowed should realize that there is a limit and shut down some interfaces/VMs/containers/etc to obey network rules.
> 
> Kind regards,
> Andrey
> 
>> Ed/
>> -----Original Message-----
>> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Jen Linkova
>> Sent: Tuesday, November 8, 2022 9:55 PM
>> To: Ole Troan <otroan@employees.org>
>> Cc: V6 Ops List <v6ops@ietf.org>
>> Subject: Re: [v6ops] Fwd: New Version Notification for 
>> draft-linkova-v6ops-ipmaclimi-00.txt
>>
>> On Wed, Nov 9, 2022 at 1:12 AM Ole Troan <otroan@employees.org> wrote:
>>>> Fact #1: my devices need to have 7-10 IPv6 addresses.
>>>
>>> In the network you operate, that may be a fact.
>>> In other networks other rules.
>>>
>>> A requirement like that would be perfectly fine in an RFQ. Less so 
>>> in an RFC.
>>
>> What I'm struggling to understand from this thread is: what's the 
>> device supposed to do if it needs N addresses and the network only 
>> agrees to provide N-1?
>> Shall the application fail? How is it better than the situation we 
>> have now?
>> Or do we want NAT66?
>>
>>
>> --
>> SY, Jen Linkova aka Furry
>>
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email