IETF Logo Mail Archive

[v6ops] Re: DHCPv6 PD in a multi-prefix environment

David Farmer <farmer@umn.edu> Wed, 24 July 2024 14:43 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49A9C1F5889 for <v6ops@ietfa.amsl.com>; Wed, 24 Jul 2024 07:43:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.404
X-Spam-Level:
X-Spam-Status: No, score=-4.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oyH_MBLFOi7L for <v6ops@ietfa.amsl.com>; Wed, 24 Jul 2024 07:43:26 -0700 (PDT)
Received: from mta-p8.oit.umn.edu (mta-p8.oit.umn.edu [134.84.196.208]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE0F9C1CAE95 for <v6ops@ietf.org>; Wed, 24 Jul 2024 07:43:26 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p8.oit.umn.edu (Postfix) with ESMTP id 4WTcFp2VBJz9vKN1 for <v6ops@ietf.org>; Wed, 24 Jul 2024 14:43:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p8.oit.umn.edu ([127.0.0.1]) by localhost (mta-p8.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUAOZJNZVscf for <v6ops@ietf.org>; Wed, 24 Jul 2024 09:43:26 -0500 (CDT)
Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p8.oit.umn.edu (Postfix) with ESMTPS id 4WTcFn5GC6z9vKMc for <v6ops@ietf.org>; Wed, 24 Jul 2024 09:43:25 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p8.oit.umn.edu 4WTcFn5GC6z9vKMc
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p8.oit.umn.edu 4WTcFn5GC6z9vKMc
Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a7aa5885be3so102082166b.0 for <v6ops@ietf.org>; Wed, 24 Jul 2024 07:43:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; t=1721832204; x=1722437004; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xvDWhPvzbNntrP9km+yFD1pXp4QF6bdPrysduY7INuA=; b=f8yxyONtbaV2bA3O8Xy5mwaN+I9B0K9e998WayiJeEVfr7z8B29xBsLbpRCBNeWi/t WvkyVNLHg9dct4vHTCYyIO2DY1XadGfOHJ4Ub1wsAtUb/NvFXWVLKU5nyyJM9d1BF9AD cEnM8hnTunR3smneO5+PHsfMSfZo5A+GeA1P940LCvoF8iWPTUhrmCcyZlkPTRYBIemT DZH+j4H75EQZwCEtZ9OHYIJ7dCC8W4UGZGZcKPbzZur8a1v2Ozxo3nHWlyaaB8rLTduj soY2ssuGi/ZybyXupMqTRCEUNkhifQN/twdCCRZX/uCFDYQyN+TLf3HKBZ7oCz05K5RL 9H8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721832204; x=1722437004; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xvDWhPvzbNntrP9km+yFD1pXp4QF6bdPrysduY7INuA=; b=pAXKTPg839BwzKln8syXQnK3kJtQiGdo+SQUFTZjTTvXxmIr2bOE8kl1iiAE1J4g0y 6ZdUIN+CSKldh2L/7AXg1AikynNVQTsf4Odw4wGEWA2cN1ZePbUBWqOvZjhv+Vjnvoqz FqfYZz4KbhNyYI9pLCwu05qGkQI5a38v/Lg6PLivBsHAPC/UHzoj+QY+Xzi5SnRzq7Ge kh76U1oXB3jkQT1Lwn4LLJmBr6qw5xnW6qbI7W93YsIkflJUkDpJsGTcX5j8Q30g2sm1 /F351JYp2C6jkObMpIzgmOH6vZZ5HWGmhLlPfECt4293jSwcsoSM1wXsNmnUwFRy4mMt OWsQ==
X-Gm-Message-State: AOJu0YyIhHMZlv0dEwN5vbxdVzBrimgQyazX8xdHA1GS1MkWH9WGtGiY nAqx3J76p6BSxm1WujZhUIHS24pBATTHT0+WSj6fHdcNOcWsuQQvLrzuCQS241fdme+JFs83XR1 UIYOKYh/+1odq/cLfqE7JkYZGH70J2AhD9imxc3NrbcY9dOarkOZU/WhVNi/OfgBw0s0yFouWAs WxeFxPvJCx7BtFayV/Y7rWQrFFKyedmw==
X-Received: by 2002:a17:907:9443:b0:a77:c26c:a571 with SMTP id a640c23a62f3a-a7ab10bb797mr184550066b.54.1721832203925; Wed, 24 Jul 2024 07:43:23 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHFhs9bYEvcf9zrjuv33S9KD3oC52t08J+HtcZsMVfhjemRQXtahF8M75CWnAdn48kzmX+6+gQLHu5mCvazq0Y=
X-Received: by 2002:a17:907:9443:b0:a77:c26c:a571 with SMTP id a640c23a62f3a-a7ab10bb797mr184548166b.54.1721832203464; Wed, 24 Jul 2024 07:43:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAN-Dau1tRp02p58O8RKcCAVeXKqnkJt_b14KM5iCcDTm4JmnGQ@mail.gmail.com> <CAPt1N1ntZmL47HH-zkryVey6NmzEenKfBzZ90hcUQaduZV3sLw@mail.gmail.com> <CAN-Dau1udnxJTWWknwwTjzTa7cQejoE0qcVk94u5ijd3RaBXrw@mail.gmail.com> <CAPt1N1mEPLo6BN6=xLd7r+WJ7PiNhjW3GtUboZtTBZeU6dy-0Q@mail.gmail.com> <CAN-Dau0icgiM5+9_KYhEiaKwfRD2tUcA9qSpC=R5sVgSecRcGQ@mail.gmail.com> <CAN-Dau2oAAVZqO_NTi1JupUtXcg5fTgLC-T90mo3Zha01KpogQ@mail.gmail.com> <CAPt1N1mDDJT=GG6YRH7xJu2N3tsEhAdkX5U2akYnNJRuj=5uEg@mail.gmail.com> <CAN-Dau2Wi_o1_U_PKf-tM6g9SgvTc8ok3V9rTPrqjSk0b1=N=Q@mail.gmail.com> <CAPt1N1kEDabn4gWU4Nt2esWnS-ni4oEqfUOQE2EiNwAtJon3iQ@mail.gmail.com>
In-Reply-To: <CAPt1N1kEDabn4gWU4Nt2esWnS-ni4oEqfUOQE2EiNwAtJon3iQ@mail.gmail.com>
From: David Farmer <farmer@umn.edu>
Date: Wed, 24 Jul 2024 09:43:07 -0500
Message-ID: <CAN-Dau1gmevK_0rinKdopwNfVU1HRHyXk3AGUYPvNt+rpy+i=w@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Content-Type: multipart/alternative; boundary="000000000000d9c9f9061dff4c61"
Message-ID-Hash: QA3DCPIAVEHE5MP2DBIYXK2SCTTXMYA7
X-Message-ID-Hash: QA3DCPIAVEHE5MP2DBIYXK2SCTTXMYA7
X-MailFrom: farmer@umn.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: V6 Ops List <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: DHCPv6 PD in a multi-prefix environment
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ni7rZ44bN8MQ4HalbE8MqWA4_BI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

Yes, I used SNAC in my first example, but I asked it in the context of
draft-ietf-v6ops-cpe-lan-pd use, which supplements RFC7084, which clearly
can provide both GUA and ULA prefixes. But I didn't ask the
question directly enough: Do we want draft-ietf-v6ops-cpe-lan-pd to
advertise its GUA and ULA prefixes? It would be good to be explicit about
our expectations.

It says;
LPD-4:
After LAN link prefix assignment the IPv6 CE Router MUST make the remaining
IPv6 prefixes available to other routers via Prefix Delegation.

Theoretically, the CPE Router could have remaining prefixes from multiple
GUA and ULA prefixes. What are our expectations in this case?

Sorry if I wasn't clear the first time.

And if we expect any difference between how the DHCPv6 server treats the
SNAC router and PD-per-device use cases, that brings me back to the
question, "How does the DHCPv6 server know what is reusing a prefix?"
Therefore, the question is equally relevant to SNAC routers and
PD-per-device.

Thanks

On Wed, Jul 24, 2024 at 8:59 AM Ted Lemon <mellon@fugue.com> wrote:

> SNAC and PD-per-device are unrelated. You asked me a question about SNAC,
> which I answered. SNAC routers will pay no attention at all to the P bit.
>
> Op wo 24 jul 2024 om 06:19 schreef David Farmer <farmer@umn.edu>
>
>> Ok, maybe we can start over again; Appendix A of PD-per-device extols the
>> virtues of IPv6 providing multiple addresses including addresses from
>> multiple prefixes. It talks about multihomed networks,  ULA, and graceful
>> remembering.
>>
>> Now you seem to be saying that a desire to maintain multiple prefixes
>> when using Prefix Distribution is overly complex, and at least imply it
>> doesn’t make sense. But then you go on to say “you have to take what the
>> network offers.” Which is it?
>>
>> So guess I’m confused, is multi-prefix multihoming, ULA, and gracefully
>> remembering part of the IPv6 sub-prefix distribution environment we are
>> creating or not. If it is not I can probably accept that, but I think it
>> would be helpful to clearly say that somewhere. Otherwise, I don’t think is
>> crazy to assume we intend all parts of the IPv6 addressing architecture to
>> be included as part of an
>> IPv6 sub-prefix distribution environment.
>>
>> Furthermore, if they are not explicitly excluded, and it is not
>> explicitly stated that IPv6 sub-prefix distribution is intended for a
>> single GUA base prefix, then I’m going to keep asking these questions.
>> Either multiple prefixes are part of this and we talk about how they work
>> or they are not and we clearly say that.
>>
>> Thanks
>>
>> On Tue, Jul 23, 2024 at 23:02 Ted Lemon <mellon@fugue.com> wrote:
>>
>>> The general assumption is that a snac router is being used on a network
>>> that is managed in a way that makes sense. Eg if there is a 7084 router,
>>> the devices on the stub network can in principle reach out to the internet,
>>> but can’t receive incoming connections and shouldn’t be attackable. If it’s
>>> connected to an enterprise network, the assumption is that that network is
>>> managed similarly.
>>>
>>> But the bottom line is that we have to take what the network offers. I
>>> don’t think it makes sense to codify some complex set of heuristics to
>>> adapt to various possible network setups we might encounter, because there
>>> are too many possibilities, none of which seem at all likely other than the
>>> two I just described. And in those two cases, we just ask for a prefix and
>>> take whatever we get. I think that’s okay.
>>>
>>> Op di 23 jul 2024 om 20:53 schreef David Farmer <farmer@umn.edu>
>>>
>>>> from the Introduction of draft-ietf-snac-simple;
>>>>
>>>> The term "stub" refers to the way the network is seen by the link to
>>>> which it is connected: there is reachability through a stub network router
>>>> to devices on the stub network from the infrastructure link, but there is
>>>> no reachability through the stub network to any link beyond that one.
>>>>
>>>>
>>>> I was reading that as networks downstream of the SNAC router. Is this
>>>> supposed also to mean upstream of the infrastructure link?
>>>>
>>>> I wanted the SNAC network to have ULA addresses to reduce the attack
>>>> surface. But if the SNAC network cannot, by policy, communicate with the
>>>> Internet through the infrastructure link, then providing the SNAC router
>>>> with a ULA prefix is not advantageous. I'm fine proving the SNAC router
>>>> with a GUA prefix.
>>>>
>>>> That may be how I misunderstood the scenario.
>>>>
>>>> Thanks
>>>>
>>>> On Tue, Jul 23, 2024 at 10:09 PM David Farmer <farmer@umn.edu> wrote:
>>>>
>>>>> So, are you saying the SNAC router should use a GUA prefix in all
>>>>> cases and expose the IOT devices to the Global Internet?
>>>>>
>>>>> On Tue, Jul 23, 2024 at 9:55 PM Ted Lemon <mellon@fugue.com> wrote:
>>>>>
>>>>>> No, I mean can you describe a real-world scenario where this would
>>>>>> happen. I get that you could configure a DHCP server to do this. The
>>>>>> question is, when would someone configure the DHCP server that way?
>>>>>>
>>>>>> On Tue, Jul 23, 2024 at 7:49 PM David Farmer <farmer@umn.edu> wrote:
>>>>>>
>>>>>>> I already did scenario A.3 in draft-ietf-snac-simple. It is
>>>>>>> appropriate for the SNAC router to obtain a ULA prefix instead of a GUA
>>>>>>> prefix to reduce the attack surface of the IOT devices.
>>>>>>>
>>>>>>> On Tue, Jul 23, 2024 at 9:33 PM Ted Lemon <mellon@fugue.com> wrote:
>>>>>>>
>>>>>>>> Can you give us an example of a situation where such a decision
>>>>>>>> would need to be made?
>>>>>>>>
>>>>>>>> On Tue, Jul 23, 2024 at 6:48 PM David Farmer <farmer=
>>>>>>>> 40umn.edu@dmarc.ietf.org> wrote:
>>>>>>>>
>>>>>>>>> The classic ISP use case for DHCPv6 PD, as envisioned initially by
>>>>>>>>> RFC3633 and integrated into RFC8415, typically expected a single prefix to
>>>>>>>>> be delegated to a requesting router from the ISP. Meanwhile, many of the
>>>>>>>>> draft-ietf-v6ops-cpe-lan-pd use cases probably expect a subdelegation from
>>>>>>>>> this ISP provided prefix. Nevertheless, an RFC7084 CE Router may also have
>>>>>>>>> a ULA prefix to subdelegate from, and a ULA prefix may be more appropriate
>>>>>>>>> for some of the use cases. Not to mention, there may be prefixes from more
>>>>>>>>> than one ISP or additional prefixes while renumbering.
>>>>>>>>>
>>>>>>>>> Should the delegating router in draft-ietf-v6ops-cpe-lan-pd
>>>>>>>>> advertise subdelegations from all prefixes it may have and let the
>>>>>>>>> requesting router choose one or more? How does the requesting router know
>>>>>>>>> which prefixes it is appropriate to select in what circumstances? If the
>>>>>>>>> delegating router doesn't advertise subdelegations from all prefixes, how
>>>>>>>>> does it know which prefixes to advertise to which requesting routers?
>>>>>>>>>
>>>>>>>>> You can also ask the question from the opposite direction: How
>>>>>>>>> does the requesting router solicit for a ULA prefix instead of a GUA prefix
>>>>>>>>> if that is more appropriate for its use case?
>>>>>>>>>
>>>>>>>>> These questions came to mind while reading draft-ietf-snac-simple,
>>>>>>>>> as it would seem reasonable to want the SCAC router to obtain a ULA prefix
>>>>>>>>> from the delegating router and not a GUA prefix, especially in the scenario
>>>>>>>>> described in A.3. However, similar questions exist for downstream RFC7084
>>>>>>>>> or PD-per-device in a multi-prefix environment.
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>> --
>>>>>>>>> ===============================================
>>>>>>>>> David Farmer               Email:farmer@umn.edu
>>>>>>>>> Networking & Telecommunication Services
>>>>>>>>> Office of Information Technology
>>>>>>>>> University of Minnesota
>>>>>>>>> 2218 University Ave SE
>>>>>>>>> <https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>
>>>>>>>>>       Phone: 612-626-0815
>>>>>>>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>>>>>>>> ===============================================
>>>>>>>>> _______________________________________________
>>>>>>>>> v6ops mailing list -- v6ops@ietf.org
>>>>>>>>> To unsubscribe send an email to v6ops-leave@ietf.org
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> ===============================================
>>>>>>> David Farmer               Email:farmer@umn.edu
>>>>>>> Networking & Telecommunication Services
>>>>>>> Office of Information Technology
>>>>>>> University of Minnesota
>>>>>>> 2218 University Ave SE
>>>>>>> <https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>
>>>>>>>       Phone: 612-626-0815
>>>>>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>>>>>> ===============================================
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> ===============================================
>>>>> David Farmer               Email:farmer@umn.edu
>>>>> Networking & Telecommunication Services
>>>>> Office of Information Technology
>>>>> University of Minnesota
>>>>> 2218 University Ave SE
>>>>> <https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>
>>>>>       Phone: 612-626-0815
>>>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>>>> ===============================================
>>>>>
>>>>
>>>>
>>>> --
>>>> ===============================================
>>>> David Farmer               Email:farmer@umn.edu
>>>> Networking & Telecommunication Services
>>>> Office of Information Technology
>>>> University of Minnesota
>>>> 2218 University Ave SE
>>>> <https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>
>>>>       Phone: 612-626-0815
>>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>>> ===============================================
>>>>
>>>

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.36.0 | Report a Bug | By Email | System Status