IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt

Vasilenko Eduard <vasilenko.eduard@huawei.com> Tue, 20 December 2022 16:17 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E8DC14F728; Tue, 20 Dec 2022 08:17:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aWQiMTMhk92z; Tue, 20 Dec 2022 08:17:16 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8E19C14F727; Tue, 20 Dec 2022 08:17:15 -0800 (PST)
Received: from mscpeml100001.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Nc1rx4zwsz685ZM; Wed, 21 Dec 2022 00:15:45 +0800 (CST)
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100001.china.huawei.com (7.188.26.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Tue, 20 Dec 2022 19:17:12 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.034; Tue, 20 Dec 2022 19:17:12 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Mark Smith <markzzzsmith@gmail.com>
CC: Lorenzo Colitti <lorenzo@google.com>, Gert Doering <gert@space.net>, V6 Ops List <v6ops@ietf.org>, "xiaom@google.com" <xiaom@google.com>, "draft-collink-v6ops-ent64pd@ietf.org" <draft-collink-v6ops-ent64pd@ietf.org>
Thread-Topic: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt
Thread-Index: AQHZEDnOF5bVdeWrNUmrOPEmMfer3q5u1MkAgAdZ2gCAADVDMP///yGAgACWB+A=
Date: Tue, 20 Dec 2022 16:17:12 +0000
Message-ID: <b0e7a021ee5246c1b762da8abccdd494@huawei.com>
References: <167107554671.48477.568330207202509840@ietfa.amsl.com> <CAFU7BATp=gEB3S8AzhCYDMN3fzLQrYY9pzcWJ=LQnrjC9bRKEA@mail.gmail.com> <Y5sy2ikgQEWSnCsM@Space.Net> <CAKD1Yr0EchmQ11eKCB4AfEJaG7_aFDDv_bavYJY4Zb3iDmhALg@mail.gmail.com> <4277d4e5a962400f8438e8f01c884654@huawei.com> <CAO42Z2y_SWybfLQE3g5a-kVieY05XSxaKTv-UG8kvfbYzJLH6w@mail.gmail.com>
In-Reply-To: <CAO42Z2y_SWybfLQE3g5a-kVieY05XSxaKTv-UG8kvfbYzJLH6w@mail.gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.81.194.244]
Content-Type: multipart/alternative; boundary="_000_b0e7a021ee5246c1b762da8abccdd494huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/nBLDQeqLUQI_pX45KUVOy0a3RgA>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2022 16:17:20 -0000

> Have you considered the privacy address implications of only having 32 bits to work with instead of 64?
What is proposed (“prefix per host”) does break privacy anyway. IID manipulation (does not matter how many bits) would not help. The observer would see that it is the same host. Prefix bit manipulation is needed.
If DHCP-PD would give /96 then 32 bits of the prefix could be randomized.
If DHCP_PD would give /64 then no bits left for randomized.
Hence, /96 is much better on privacy!
Effectively, only /96 permits to specify privacy. With /64 per host, privacy is dead forever.

> What about address discovery via unsolicited address probing? Sending 4 billion packets is much, much easier than sending 4 billion times 4 billion packets to try to discover live addresses within a /64.
Indeed. /64 is much more difficult to scan than /96. Have I understood you right that this point is in favor of /96 too?

> Are you worried about IPv6 address space running out?
It was a bad idea initially to waste almost 50% of address space that is for privacy only. In fact, almost (n^64-1)/n^64 of address space is wasted.
In reality, it is a little better because a few bits are needed on the link anyway.
Now, there is a chance to return IPv6 address space to 96 bits.
I remember that HP CEO said, “I see the market for 2 computers next year”.
Or Bill claimed that “640kB is for sure enough”.

> IPv6 today with 128 bit addresses is equivalent to the first designs of IPv6 with 64 bit addresses, except that a host can have 2^64 bits for itself, instead of only a single address.
The world has already abused IPv6 address so much.

Eduard
From: Mark Smith [mailto:markzzzsmith@gmail.com]
Sent: Tuesday, December 20, 2022 1:08 PM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Lorenzo Colitti <lorenzo@google.com>; Gert Doering <gert@space.net>; V6 Ops List <v6ops@ietf.org>; xiaom@google.com; draft-collink-v6ops-ent64pd@ietf.org
Subject: Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt


On Tue, 20 Dec 2022, 18:14 Vasilenko Eduard, <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:

  *   A /64 provides "infinite" addresses.
/96 is infinite too (for the host)

  *   In practice, /64 is the only prefix length that supports SLAAC.
Not a problem. The SLAAC may be on the different /64

  *   SLAAC is the only address assignment mechanism required to be supported by all hosts.
No problem. Hosts may support SLAAC and “/96 prefix per host” for a long time, even at the same time on the same link.
I do not see a reason why the new address acquisition mechanism should stick to the /64 prefix boundary.

Why not?

Why do you think a /96 is a good prefix length?

Have you considered the privacy address implications of only having 32 bits to work with instead of 64?

What about address discovery via unsolicited address probing? Sending 4 billion packets is much, much easier than sending 4 billion times 4 billion packets to try to discover live addresses within a /64.

Are you worried about IPv6 address space running out?

The early designs of IPv6 only had 64 bit addresses. RFC1710:

"SIPP supports addresses which are twice the number of bits as IPv4
   addresses.  These addresses support an address space which is four
   billion (2^^32) times the size of IPv4 addresses (2^^32).  Another
   way to say this is that SIPP supports four billion internets each the
   size of the maximum IPv4 internet.  That is enough to allow each
   person on the planet to have their own internet.  Even with several
   layers of hierarchy (with assignment utilization similar to IPv4)
   this would allow for each person on the planet to have their own
   internet each holding several thousand hosts."

IPv6 today with 128 bit addresses is equivalent to the first designs of IPv6 with 64 bit addresses, except that a host can have 2^64 bits for itself, instead of only a single address.

Regards,
Mark.


Ed/

From: v6ops [mailto:v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org>] On Behalf Of Lorenzo Colitti
Sent: Tuesday, December 20, 2022 10:00 AM
To: Gert Doering <gert@space.net<mailto:gert@space.net>>
Cc: V6 Ops List <v6ops@ietf.org<mailto:v6ops@ietf.org>>; xiaom@google.com<mailto:xiaom@google.com>; draft-collink-v6ops-ent64pd@ietf.org<mailto:draft-collink-v6ops-ent64pd@ietf.org>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt

On Thu, Dec 15, 2022 at 11:44 PM Gert Doering <gert@space.net<mailto:gert@space.net>> wrote:
Something like a /96 per host - so "limitless amounts of host would
fit into a single /64" would avoid that, and still fulfill the
stated necessity of having many many many addresses per hosts.

The reason the draft mentions /64 is:

  *   A /64 provides "infinite" addresses.
  *   In practice, /64 is the only prefix length that supports SLAAC.
  *   SLAAC is the only address assignment mechanism required to be supported by all hosts.
That means that a node that gets a /64 is guaranteed to be able to extend the network indefinitely to all IPv6 nodes while maintaining end-to-end connectivity to all of them. That's a major improvement over IPv4's current capabilities. It's true that a /64 is relatively expensive in terms of address space. That said, this proposal is targeted towards larger networks. Fortunately, smaller networks tend to be less tightly managed, and for many of those networks, directly using SLAAC is fine.

That said - based on past experience I fear that there is no single number that will get consensus in this group. For example, I definitely wouldn't want to *recommend* /96, because /96 would lose the above advantages. So, how about we just state the facts? Something like:

=====
Delegating a /64 prefix to the client allows the client to provide limitless addresses to IPv6 nodes connected to it (e.g., virtual machines, tethered devices), because all IPv6 nodes are required to support SLAAC.
=====
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email