Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Owen DeLong <> Sun, 27 October 2019 20:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 12492120086 for <>; Sun, 27 Oct 2019 13:17:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vuNTCzjVpPY6 for <>; Sun, 27 Oct 2019 13:17:57 -0700 (PDT)
Received: from ( [IPv6:2620:0:930::200:2]) by (Postfix) with ESMTP id 450F4120024 for <>; Sun, 27 Oct 2019 13:17:49 -0700 (PDT)
Received: from ( [IPv6:2620:0:930:0:0:0:200:5]) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id x9RJU4KI030826 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Oct 2019 12:30:07 -0700
DKIM-Filter: OpenDKIM Filter v2.11.0 x9RJU4KI030826
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=mail; t=1572204608; bh=xoX6+K6XmrVGHK4l/HhR18hstUCqgsoSzZHL9I0aeD4=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=jS2Wacqz6PxfifEzGRlTV+4wgrhyZMbGkuTZbF+Df1EwUg66LD/vyNmxcEFPPku6v DSFkg1xvnnMm4fULlI9O1/YHXELUAIoAUvfsyc40efhhxS+9QmW9llHCkrcMIFQ978 tCabswe5mhFeRElD74iiN/Tu5qaoGVqP+xn8FBfw=
From: Owen DeLong <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BD2A8DBD-9943-41E1-84D7-4A38241C43D5"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sun, 27 Oct 2019 12:30:04 -0700
In-Reply-To: <>
Cc: Philip Homburg <>,
To: Ted Lemon <>
References: <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 ( [IPv6:2620:0:930:0:0:0:200:2]); Sun, 27 Oct 2019 12:30:08 -0700 (PDT)
Archived-At: <>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 27 Oct 2019 20:17:59 -0000

> On Oct 27, 2019, at 06:54 , Ted Lemon <> wrote:
> On Oct 27, 2019, at 9:41 AM, Philip Homburg < <>> wrote:
>> The little bit missing is that the CPE should write prefixes advertised using
>> SLAAC to persistent storage which allows the CPE to invalidate stale prefixes
>> after a reboot.
> Actually I do not believe this is correct behavior.   Let us assume prefix delegation.   If we have prefix delegation, then when the CPE comes back from a power cycle, it should reconfirm the prefix it had previously; the assumption is that that prefix is still valid.  This can be handled in infrastructure—the ISP edge router should know whether the prefix is still valid, because if it is it should be advertising a route for it.   If it is not still valid, then the CPE router should attempt to renew it, which would go to the DHCP server (possibly both messages would).  If the lease on the address is still valid, the ISP should renew the lease and not issue a new one.   It is a misconfiguration for some other thing to happen in this case.   This would then re-establish the route in the ISP edge router.

So this still requires that the CPE has written the lease to persistent storage. Currently many CPE do not do this.

I agree that the CPE should attempt to reconfirm/renew the existing prefix lease. However, if that fails for some reason (and there are multiple scenarios which present valid reasons this could fail without misconfiguration on either side), I think that the behavior described is preferable to simply removing the old prefix from RAs and waiting for them to time out on the unsuspecting hosts. Especially in the case of 1 week preferred and 1 month valid lifetime timers.

> If the ISP wants to deprecate the old prefix, the thing to do is not to fail to renew it, but rather to renew it with a preferred lifetime of zero and offer another prefix with a preferred lifetime that is not zero.   The CPE router should in this case advertise both prefixes, with the applicable lifetimes.  Using my limited SEND proposal, the advertisement with a preferred lifetime of zero would be immediately seen by all hosts that implement limited SEND, and they would start using the new preferred prefix.  Hosts that don’t implement limited SEND would still behave correctly, but might take longer to stop using the old prefix.  This should be okay because the old valid lifetime is still valid.

Can you point to any authoritative document which supports this particular mechanism?

I don’t know of a single DHCPv6 server which operates that way currently. Can you point to a working example?

> That’s the way things should go when everything is working correctly.   If however the ISP’s DHCP server loses its cookies and can’t renew the old prefix, then we’d see the new behavior where hosts that implement limited SEND could immediately see that the old prefix was no longer usable, and would stop using it in preference to the new prefix.   Hosts that don’t implement limited SEND would behave as they behave today.

While there may be advantages to limited SEND, I don’t see that as a reason not to implement this particular fix across the board since it would benefit both hosts implementing limited SEND as well as hosts not implementing it.