IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Thu, 19 July 2018 15:14 UTC

Return-Path: <prvs=17382ada51=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82F331310F3; Thu, 19 Jul 2018 08:14:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrXNCDYyK2fn; Thu, 19 Jul 2018 08:14:09 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CE4913111D; Thu, 19 Jul 2018 08:14:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1532013247; x=1532618047; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:Message-ID:Thread-Topic:References:In-Reply-To: Mime-version:Content-type:Content-transfer-encoding; bh=oZmxnIC/ K1D1uLoES05kASuUQzzMUNE/bNyKqM2jEYk=; b=DposB3vPQsmrVKJp4QMIOQGD NYYZRW31Ab7dpdXOGOWj+Cgoh468yU1ZVHpqOs66P3l0T+CxfsbRFusSV6gDYTKW UAUjOagIXCOZTvUorshUuyb7tfJraBfeCdyyfRurtyj6Cvwl3cDvcWZSOTiVcgbD VDG29ZxN5bn58MrFsJQ=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Thu, 19 Jul 2018 17:14:07 +0200
X-Spam-Processed: mail.consulintel.es, Thu, 19 Jul 2018 17:14:06 +0200
Received: from [192.168.6.128] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50005815395.msg; Thu, 19 Jul 2018 17:14:04 +0200
X-MDRemoteIP: 10.8.10.10
X-MDHelo: [192.168.6.128]
X-MDArrival-Date: Thu, 19 Jul 2018 17:14:04 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=17382ada51=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
User-Agent: Microsoft-MacOutlook/10.f.0.180709
Date: Thu, 19 Jul 2018 11:13:59 -0400
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, draft-palet-v6ops-rfc6177-bis@ietf.org, IPv6 Operations <v6ops@ietf.org>
Message-ID: <C040E02F-7BEC-4FF9-8585-BE380B6859DE@consulintel.es>
Thread-Topic: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
References: <153017691583.14743.17000446834856511528@ietfa.amsl.com> <78a36a81-3bb3-9d47-aa06-8da8f7594677@gmail.com>
In-Reply-To: <78a36a81-3bb3-9d47-aa06-8da8f7594677@gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/oS7s1mYBtGppjS93EcoGzC2vO7Y>
Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 15:14:21 -0000

Hi Brian,



Thanks a lot for commenting and sorry the late answer ... too busy last weeks.



Comments in-line below (subjected to my co-author agreement), basically, agree with all your inputs, except a couple of points.



Thanks!



Regards,

Jordi

 

 



-----Mensaje original-----

De: v6ops <v6ops-bounces@ietf.org> en nombre de Brian E Carpenter <brian.e.carpenter@gmail.com>

Organización: University of Auckland

Fecha: domingo, 8 de julio de 2018, 17:43

Para: <draft-palet-v6ops-rfc6177-bis@ietf.org>, IPv6 Operations <v6ops@ietf.org>

Asunto: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt



    Hi,

    

    Thanks for this draft.

    

    > Abstract

    

    This needs to be shorter. Three paragraphs is too much.



For the next version, I've reduced 50% the length of the 1st paragraph. 3rd paragraph, I recall is mandatory (IDNits).



    

    > ... policy should reflect that assignment of a single subnet is

    > no longer appropriate unless the recipient explicitly agrees to the

    > limitations implied by such an assignment.

    

    I *strongly* suggest deleting the "unless" clause. It leaves a

    loophole, and it could easily be hidden in shrink-wrap terms

    and conditions so that a subscriber would agree without even

    knowing about it. Reduce this simply to:

    

       ... policy should reflect that assignment of a single subnet is

       never appropriate.



Agreed and done.



    

    > 1.  Introduction

    ....

    >    1.  It is extremely discouraged that /128s be given out.  While there

    >        may be some cases where assigning only a single address may be

    >        justified, a site, by definition, implies multiple subnets and

    >        multiple devices.

    

    I find this a bit weak. Try:

    

       1.  It is extremely discouraged that /128s be given out.  While there

           may be some applications where assigning only a single address may be

           tolerated, a site, by definition, implies multiple subnets and

           multiple devices. Also, a /128 prevents any form of privacy-based

           addressing.



Agreed!    



    >    4.  This revision has been created to more clearly assert the

    >        requirement to ensure that address assignments to end-sites

    >        provide a sufficiently big number of subnets (/64 on classic

    >        networks) to each end-site, taking under consideration the end-

    >        site's future expected needs, new deployment expectations and new

    >        protocol requirements, among others.  Once all these are

    >        considered, it seems unlikely that a single subnet (/64) or even

    >        a small number of them should be assigned, unless very clearly

    >        justified and agreed to by the end-site.

    

    The "unless" clause is dangerous because of shrink-wrap terms and 

    conditions. I suggest deleting it.



Agreed!

    

    > 2.  Considerations Regarding the Prefix Length

    ....

    >    This consideration should be noticed, across this document, in the

    >    sense that end-sites usually have subnets that use, by default,

    >    SLAAC, and consequently, the LAP is mandatorily a /64.  Other

    >    technologies, may have a different LAP, which must be used

    >    accordingly.

    

    I suggest s/Other/Future/ since /64 prevails everywhere today.



Agreed!

    

    > 3.  On /48 Assignments to End-Sites

    ....

    >    An important

    >    goal in IPv6 is to significantly change the default and minimal end

    >    site assignment, from "a single address" to "multiple networks" and

    >    to ensure that end-sites can easily obtain address space.

    

    I suggest adding something like this:

    

    As the operational costs of carrier-grade NAT and address+port sharing

    have shown, availability of multiple addresses and prefixes to end sites

    that need them will be a considerable saving to their ISPs.



Agreed!

    

    >    It might be tempting to give home sites a single /64, since that is

    >    already significantly more address space compared with today's IPv4

    >    practice.  However, this precludes the expectation that even home

    >    sites will grow to support multiple subnets going forward.  Hence, it

    

    s/expectation/certainty/



Agreed!

    

    ....

    >    A key goal of the recommendations in [RFC3177] is to

    >    ensure that upon renumbering, one does not have to deal with

    >    renumbering into a smaller subnet size.

    

    Perhaps add:

    

    In particular this would apply to any site that switches to

    an ISP that provides a longer prefix.



Agreed!

    

    >    It should be noted that similar arguments apply to the management of

    >    zone files in the DNS.  In particular, managing the reverse

    >    (ip6.arpa) tree is simplified when all links are numbered using the

    >    same subnet ids

    

    s/numbered/renumbered/



Agreed!

    

    ....

    >    years, and we don't recover back the /48's, we will be able to use

    >    IPv6 addressing space for over 100.000 years.

    

    Perhaps add:

    

    This document does not advocate careless use of address space, but

    there is objectively no reason to be restrictve.



Agreed!

    

    ....

    >    Today typically, a home has already a considerable number of possible

    >    subnets (a common CE has 4 LAN ports, 2 WiFi radios which support

    >    several SSIDs each one, VoIP subnet, IPTV subnet, additional VLANs) 

    >    and if downstream routers are used, there is a need for further

    >    subnets.  This means that in a short term, assigning a /60 (16

    >    subnets), it is already a really bad decision, as it may enforce IPv6

    >    NAT between the main CE and downstream routers.

    

    I suggest deleting "as it may enforce IPv6 NAT between the main CE and

    downstream routers". Firstly it puts NAT into the reader's mind. Secondly,

    it isn't the only solution - IIDs shorter than 64 could also be implemented.



Agreed!

    

    > 4.  Impact on IPv6 Standards

    

    I propose to simply delete this section.

    

    Firstly, RFC3056 is deprecated so it's irrelevant today.

    Secondly, the argument about ULAs (RFC4193) doesn't hold up.

    ULAs are like any other /48 prefix - if you are forced to

    renumber into a longer prefix, you lose some subnet bits.

    That is already covered in the middle of section 3 (the

    "key goal" sentence quoted above).





I recall we deprecated the 6to4 anycast, but not 6to4, in fact 6to4 to 6to4 traffic is still useful for peer to peer.

    

    > 6.  Security Considerations

    > 

    >    This document has no known security implications.

    

    Really? More prefix space offers more potential for scanning

    attacks. More prefix space also allows the use of slightly

    randomized prefixes and/or prefix-per host.

    

    Also of course, a /128 would prevent any form of privacy-based

    addressing.



I've introduced new text on those points.

    

    > 8.  Acknowledgements

    > 

    >    The authors of this document will like to acknowledge the authors of

    >    previous versions (Thomas Narten and Geoff Huston)

    

    RFC3177 was signed by the whole IAB and IESG seated in 2001, and its

    Acknowledgements read:

    

    >>    This document originated from the IETF IPv6 directorate, with much

    >>    input from the IAB and IESG.  The original text forming the basis of

    >>    this document was contributed by Fred Baker and Brian Carpenter.

    >>    Allison Mankin and Thomas Narten merged the original contributions

    >>    into a single document, and Alain Durand edited the document through

    >>    its final stages.

 

Agreed!

   

    Regards

        Brian

    

    _______________________________________________

    v6ops mailing list

    v6ops@ietf.org

    https://www.ietf.org/mailman/listinfo/v6ops

    




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email