Re: [v6ops] draft-xiao-v6ops-nd-deployment-guidelines

[Xipengxiao <xipengxiao@huawei.com>]

Hi Chongfeng,

Thank you very much for the review and comments.  I can see that we have different intention and assumptions.  So let me first state the co-authors’ intention and assumptions.

There are a large number of “ND optimization solutions”, e.g. SEND, CGA, ND Proxy, DAD Proxy, SAVI, RA-Guard, WiND, SARP, unique prefix per host, GRAND, etc, and people may not have time to keep track of all these issues and solutions.  These may lead many people to think that “ND has many issues and I don’t know them well”.  This “don’t know them well” feeling may cause reluctance for deployment. Therefore, it would be good to provide an overview so that the issues and solutions become clear.  From this angle, we want this review to be as complete as possible, to give people confidence that they don’t miss anything.  Therefore, we include some solutions that some people may feel not directly relevant, e.g. ND Mediation (or SAVI as you said).

While writing this draft, we got multiple requests to write the guidelines per scenario. I think this has pros and cons.  The pro is, if people can find their scenarios covered in the draft, then their job becomes very easy: just apply the guidelines we provide.  The con is, if people don’t find their scenarios, then this draft is not useful.  Our basic assumption is, while the IPv6 first-hop scenarios for operators are limited and clear (mainly MBB, FBB and possibly public Wi-Fi), the scenarios for enterprises are too many to enumerate.  Therefore, we chose to provide an isolation methodology instead: from strongest isolation to no isolation, and let the deployers choose the right one based on their own scenario.

With these in mind, please see my reply in line.

From: xiechf@chinatelecom.cn <xiechf@chinatelecom.cn>
Sent: Saturday, July 9, 2022 6:26 AM
To: Xipengxiao <xipengxiao@huawei.com>; fredbaker.ietf <fredbaker.ietf@gmail.com>; list <v6ops@ietf.org>
Subject: Re: RE: [v6ops] draft-xiao-v6ops-nd-deployment-guidelines



Hi，Xipeng,

I put forward some comments after reading your draft, but it does not mean that this draft should be  revised immediately. This draft is about deployment, my personal understanding is that it is mainly for network operator or enterprise who operator their own network.

Since ND process of first-hop is usually included in other mechanisms, such as the interaction between CPE and BNG, it is usually paid less attention in network deployment. The problems caused by ND at the edge of the network are often underestimated, actually they should be given attention. This draft puts forward the idea of host isolation for this problem, which is a supplementary enhancement to the existing IPv6 deployment, the subject is valuable.

XiPeng: thanks for seeing the value.

For the illustration of issues of first-hop ND in section 2, it is recommended to be combined with the network scenarios of operators, such as mobile network, fixed network or data center network etc., and analyze of the ND problems in different scenarios, which may be more intuitive to operators.

XiPeng: I explained above why we didn’t do this.  To a large extent, we feel that operators don’t need further help.  Their scenarios are limited and clear, and 3GPP, IETF, BBF have defined the solutions clearly for them.  Our draft is written more for enterprises whose IPv6 first-hop scenarios can have many varieties.

In section 3,
-3.1 and 3.2 do not seem to have the same dimension as other parts. 3.1 and 3.2 is based on scenarios, while others focus on solutions. In addition, both 3.1 and 3.2 mention assigning an independent IPv6 address prefix to each host, but 3.3 also talks about “Unique IPv6 prefix per host”, it is ok to put this point is 3.3 from the perspective of solutions. Therefore, I propose to move 3.1 and 3.2 from this chapter to section 2, the remaining chapter focuses on the illustration of ND solutions.

XiPeng: indeed different solutions in Section 3 have different scope, but we want to review them all.  I don’t feel that we can move 3.1 & 3.2 to Section 2 as Section 2 are issues while Section 3 are solutions.

   -SAVI is mentioned in 3.10, RA guard is used to prevent fake RA messages. SAVI is mainly used to prevent fake source IP address on the access side, not to solve the problem of ND, so it is recommended not to list it here.

XiPeng: to solve spoofing issues, SAVI may be needed for ND.

4.5 describes deployment guidelines from the perspective of different schemes, I think it is better from the perspective of different deployment scenarios, for example, in the mobile network scenario, the section can give network operators guidelines how to choose different isolation methods and considerations. In addition, considering the importance of this part, it is suggested to take it as a separate chapter, such as Chapter 5.

XiPeng: 3GPP has chosen the strongest isolation method for MBB, i.e. P2P link + subnet isolation.

Section 4.6 is about the impact of host isolation mechanism on other protocols. This part does not seem to be the same dimension as other parts of section 4, and it is suggested to be a separate chapter or put into other sections.

XiPeng: Section 4.6 was indeed an independent chapter in previous versions.  But we found that its content is largely repetitive.  Because each isolation method’s disadvantages are already discussed in its applicability section and explicitly considered in the guidelines, this “Impact Section” just says the disadvantages again.  So in this version, we opt to just say that the impact (i.e. disadvantages) have already been considered.

Thank you again for your review and comments.  XiPeng

Best regards
Chongfeng


________________________________
xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>

From: Xipengxiao<mailto:xipengxiao@huawei.com>
Date: 2022-06-27 22:19
To: xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>; fredbaker.ietf<mailto:fredbaker.ietf@gmail.com>; list<mailto:v6ops@ietf.org>
Subject: RE: Re: [v6ops] draft-xiao-v6ops-nd-deployment-guidelines
Hi Dr. Xie,

Thanks for your review and comments on the draft.   Please see my reply in line.

From: xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn> <xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>>
Sent: Monday, June 27, 2022 3:26 PM
To: Xipengxiao <xipengxiao@huawei.com<mailto:xipengxiao@huawei.com>>; fredbaker.ietf <fredbaker.ietf@gmail.com<mailto:fredbaker.ietf@gmail.com>>; list <v6ops@ietf.org<mailto:v6ops@ietf.org>>
Subject: Re: Re: [v6ops] draft-xiao-v6ops-nd-deployment-guidelines

Hi， Xipeng,

In section 5, there is the following statement,

      "MBB and FBB will end at Step 1.a: isolating hosts in L2 and in subnet, with MBBv6 as the solution with SLAAC and FBBv6 as the solution with DHCPv6, respectively;"

I have two questions,

1.       What are the fist-hop in MBB and FBB respectively? As far as I know, in FBB, the link from user terminal to the edge equipment, such as BNG, comprises two segments, the segment from user terminal to home gateway and the segment from home gateway to the BNG.  But In MBB, generally there is only one hop between user terminal and the edge of the network, such as PGW/UPF,  in some cases, the mobile user terminal may play a hotsport to provide access service to other termianls.  I think the illustration of the ND solution should be in combination with the network architecture.

XiPeng: first-hop is between the “host” and the “router”.  In MBBv6/FBBv6, the “router” is the PGW/BNG while the “host” is the UE/routed RG.  You are right that the laptop and the routed RG also form  a first-hop.  We consider it as the first-hop of the homenet.

2) The second question may be related to the first one, why MBBv6 uses SLAAC but FBBv6 use DHCPv6, for the  isolation hosts in L2 and in subnet? As far as I know, SLAAC has been widely used in FBB too, and it can allocate different prefixes for different users, so as to provide some kind of isolation.

XiPeng: you are right again. SLAAC can also be used in FBBv6, but many FBBv6 deployments use DHCP PD.

Again, we are going to post a new version this week.  Please wait and review the new version.  Thanks.

XiPeng

________________________________
xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>

From: Xipengxiao<mailto:xipengxiao=40huawei.com@dmarc.ietf.org>
Date: 2022-06-27 06:43
To: Fred Baker<mailto:fredbaker.ietf@gmail.com>; v6ops list<mailto:v6ops@ietf.org>
Subject: Re: [v6ops] draft-xiao-v6ops-nd-deployment-guidelines
Hi folks,

We will post another new version this week.  Please wait for that.  Thank you.

XiPeng

From: v6ops <v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org>> On Behalf Of Fred Baker
Sent: Sunday, June 26, 2022 8:00 PM
To: v6ops list <v6ops@ietf.org<mailto:v6ops@ietf.org>>
Subject: [v6ops] draft-xiao-v6ops-nd-deployment-guidelines

With this email, let me invite commentary on draft-xiao-v6ops-nd-deployment-guidelines. Please read the draft and raise any issues you might have with it.