Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Sun, 14 February 2021 21:32 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B42FC3A0BE3; Sun, 14 Feb 2021 13:32:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.011
X-Spam-Level:
X-Spam-Status: No, score=0.011 tagged_above=-999 required=5 tests=[NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmiK_K1JmtPs; Sun, 14 Feb 2021 13:32:26 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2845A3A0BC7; Sun, 14 Feb 2021 13:32:21 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:1c77:acfc:e6a8:1311] (unknown [IPv6:2800:810:464:2b9:1c77:acfc:e6a8:1311]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id B85EF28062A; Sun, 14 Feb 2021 21:32:16 +0000 (UTC)
To: Ted Lemon <mellon@fugue.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, David Farmer <farmer@umn.edu>, Fred Baker <fredbaker.ietf@gmail.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <F4E00812-E366-4520-AE17-7BB46E28D575@gmail.com> <CAN-Dau3iOjjU+FLpdtA7nqfKRX+sjjSanAU8U-O3pH-k5nSoig@mail.gmail.com> <a3fbfb94-90ae-961c-a2ab-33ade27e074e@si6networks.com> <672bd5e6-bdce-5915-1082-1ed30d3c5980@gmail.com> <f65952f1-fcd1-0918-4dd8-256f822524ee@si6networks.com> <886ad526-b62c-aef2-96ca-62e7829692b5@gmail.com> <8ed7f569-9ee8-08d6-cf17-a72bc2c7b854@si6networks.com> <B364BF30-23F1-497A-8928-5AB0D718204B@fugue.com> <30730d0f-5a90-f7ce-d9ce-6f4aef75bde2@si6networks.com> <9DD46169-462F-454B-A5B2-26FCB1B0C6EF@fugue.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <ab86907f-0efc-8b7d-e4b6-1482418b4ef8@si6networks.com>
Date: Sun, 14 Feb 2021 18:14:02 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <9DD46169-462F-454B-A5B2-26FCB1B0C6EF@fugue.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/omGm4Rn7Xf0AF_lwVhgXlwwtVSU>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Feb 2021 21:32:33 -0000

On 14/2/21 17:39, Ted Lemon wrote:
> On Feb 14, 2021, at 3:27 PM, Fernando Gont <fgont@si6networks.com 
> <mailto:fgont@si6networks.com>> wrote:
>> But ULAs, and several other prefixes raised by David ar considered 
>> "global scope" by RFC4291. Isn't the inconsistency clear?
> 
> No. I think you’re getting confused between theory and practice.
> 
> In theory, a GUA is globally unique. But there’s no mechanism for 
> ensuring that this is in fact the case. I could configure a GUA prefix 
> on my local network that’s also in use somewhere else.

That's not a legitimate use for GUAs.  Whereas in the case of ULAs, that 
the *intended* usage.

(the "mechanisms to guarantee" of course only apply to cooperating parties)


The ULA prefix is randomized such that *if you interconnect of ULA-bsed 
networks*, the *prefixes for such networks don't collide*. Global scope 
implies that *all* addresses to be considered, rather than the subset 
you want to employ for interconnection.



> In theory, a ULA is unique, because 40 bits of randomness is a lot, and 
> the likelihood of a collision is small.

This statement is incorrect.

It's only correct if you consider *a subset* of ULA prefixes. But for 
ULAs to be unique, you should be considering *all ULAs* in the Internet.
And when you compute the birthday paradox for that, you get a 
probability of ~1 of getting collisions.



> There is no mechanism to enforce 
> uniqueness other than the requirement that ULA prefixes be generated 
> using a random number generator; uniqueness is assumed, just as it is 
> with GUAs.

In ULAs, it's not assumed. Think about all the machinery and paperwork 
it's needed for you to receive a GUA prefix at home -- that's what it 
takes for your GUA address to be unique.



> So in fact in terms of architecture there is no difference between ULAs 
> and GUAs. They are both global in scope. 

PLease review the definition of scope and global scope from RFC4007, and 
also compute the birthday paradox for ULAs.



> It’s true that our system for 
> ensuring the uniqueness of GUAs is less likely to produce a collision 
> than our system for ensuring the uniqueness of ULAs, but the meaning of 
> “global” is the same in both cases.

Less likely? Everyone that employs IPv6 on the internet does so with 
unique GUAs.  OTOH, as noted, ULAs are almost guaranteed to collide at 
blobal scale.



> The architectural globalness of ULAs and GUAs does not provide any 
> guarantee. Rather, it is a statement of intent: this is what we intend 
> to be true about GUAs and ULAs.

I'm lost here....



> The reason that RFC 6724 solves this for me is that it explains how, 
> practically, to manage ULAs and GUAs so that the architectural intention 
> of the appearance of global uniqueness is not violated.

IMO, RFC6724 has nothing to do with the architecture. When it comes to 
ULAs, they are only spelled out because, since they are currently 
flagged as global, then only way you can do something special with them 
is to cherry-pick them via their associated prefix. Whereas if the scope 
was properly definied, they would be handled automagically as, e.g., 
link locals. (see Section 10.4 of RFC 10.4 of RFC6724).

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492