Re: [v6ops] draft-moreiras-v6ops-rfc3849bis-00

Owen DeLong <owen@delong.com> Wed, 14 August 2013 20:20 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F62521F967C for <v6ops@ietfa.amsl.com>; Wed, 14 Aug 2013 13:20:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Level:
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[AWL=0.333, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idFUTtxMwLha for <v6ops@ietfa.amsl.com>; Wed, 14 Aug 2013 13:20:42 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 9045821F9CDF for <v6ops@ietf.org>; Wed, 14 Aug 2013 13:20:40 -0700 (PDT)
Received: from delong-dhcp227.delong.com (delong-dhcp27 [192.159.10.227]) (authenticated bits=0) by owen.delong.com (8.14.2/8.14.1) with ESMTP id r7EKHgdp016128 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 14 Aug 2013 13:17:43 -0700
X-DKIM: Sendmail DKIM Filter v2.8.3 owen.delong.com r7EKHgdp016128
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=delong.com; s=mail; t=1376511464; bh=9/qeqqPvaKZbauxCe3qHuCiQCNA=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=Yjjwf/qB/7HLhGrrwY7QT8I1khc+kBmv93KqNXY/KM9+dirPaYmVnr4LFP4U8b/bV 9hF2LXeaNqzeyr3b7Wu/YX92xSX5M+eSSnV8E0WxHMmTKp8vbyvONw3a3NuTDhUlKG ZGMNLFfH1+QVmiicHALXbYY7z2icxPbeCXYF6vTU=
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <1376435086.63006.YahooMailNeo@web142506.mail.bf1.yahoo.com>
Date: Wed, 14 Aug 2013 13:17:42 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <E2F5B184-5386-48E7-B840-72753AC4E984@delong.com>
References: <5207D42F.2030302@nic.br> <5207E319.6070601@nic.br> <8C48B86A895913448548E6D15DA7553B97DA03@xmb-rcd-x09.cisco.com> <CA+z-_EWFAGFqyo3E3LzrEhpMRV6axdLJTC50BNwXMNGuJtZuTA@mail.gmail.com> <2671C6CDFBB59E47B64C10B3E0BD59230439ABEFA4@PRVPEXVS15.corp.twcable.com> <A84D9405-B3D2-4D55-BAEE-FE25ACE45EB6@delong.com> <2671C6CDFBB59E47B64C10B3E0BD59230439ABF00C@PRVPEXVS15.corp.twcable.com> <7E5164F5-CB38-49D1-94F5-5125FCD2416E@delong.com> <52095DAF.2050505@nic.br> <2671C6CDFBB59E47B64C10B3E0BD59230439ABF61A@PRVPEXVS15.corp.twcable.com> <4910BB30-FF77-4E69-8B60-E35E5847DB2F@delong.com> <2671C6CDFBB59E47B64C10B3E0BD59230439ABF936@PRVPEXVS15.corp.twcable.com> <165C9BFD-B154-4F5C-89C5-684B621D2696@delong.com> <1376435086.63006.YahooMailNeo@web142506.mail.bf1.yahoo.com>
To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
X-Mailer: Apple Mail (2.1508)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0rc1 (owen.delong.com [192.159.10.2]); Wed, 14 Aug 2013 13:17:44 -0700 (PDT)
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] draft-moreiras-v6ops-rfc3849bis-00
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 20:20:43 -0000

>>> 
>>> [WEG] at the risk of debating bikeshed colors, I would suggest perhaps 
>> using :db8:: for both the proposed GUA and ULA doc prefixes so that it serves as 
>> a visual cue.
>> 
>> I have no problem with that.
>> 
>> How about 02db:8000::/20 and fc00:0db8::/32?
>>  
> 
> As fc00:0db8::/32 is from within the existing but albeit unused portion of ULA prefix, any future use of fc00::/8 will need to specifically exclude it. I think exceptions to the normal case are better to avoid because they're another thing to remember, program as an exception case and therefore a prone to errors etc.

By definition, a documentation prefix is going to be an exception.

> I think it would be better to specify a documentation ULA prefix that has the nearly the properties as conventional ULAs, but doesn't fall within fc00::/7 (perhaps fe::/7 or something within it?). The only differences would be statements about no forwarding, no accepting routes etc.

That's an awful lot of space to devote to documentation. Personally, I thought a /32 was excessive for ULA. A 7 is ridiculous, IMHO.

> Ultimately though, I think it is fundamentally impossible to prevent something silly like using documentation prefixes on a production network, unless you use actually invalid IPv6 prefixes. The only way I can think of to do that would be by doing things such as adding invalid hexadecimal 'g-z' numbers into the example prefixes. I'm not sure I like the idea, although it might cause people who get tripped up on it to go back and think some more about what they're doing and put more effort into getting it right.

It is impossible to prevent. This aims to:

	1.	Make it less likely.
	2.	Make it easier to identify
	3.	Cause earlier identification (and thus easier rectification) when it does occur.

The doc prefix, in order to achieve full value, needs to be implementable in some training lab scenarios. As such, g-z would be a non-starter.

Owen