[v6ops] Re: Dynamic addresses

George Michaelson <ggm@algebras.org> Wed, 14 August 2024 20:20 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EBF6C151066 for <v6ops@ietfa.amsl.com>; Wed, 14 Aug 2024 13:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdEf4_F33lGD for <v6ops@ietfa.amsl.com>; Wed, 14 Aug 2024 13:20:11 -0700 (PDT)
Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE155C14F6FA for <v6ops@ietf.org>; Wed, 14 Aug 2024 13:20:11 -0700 (PDT)
Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-26ff51294c4so233390fac.3 for <v6ops@ietf.org>; Wed, 14 Aug 2024 13:20:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20230601.gappssmtp.com; s=20230601; t=1723666810; x=1724271610; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2jS9GIgr059IRmBuZndznkUObpRQUPaVV+qegVVoWuU=; b=0Q4K95quqcGCoPTuVr/S7OHLOUR7Egz7L5PjiRxdTDDFZz3wyPiXbBFh2axD6vEmjP hYMPyzp5WmxBjDrWLdQ99m9WmQc9BGi67C2zBqhzpSQf0xBiZjp/yBUvhKcaFJnByBUW 4NQzq5mREHMRgvwx/K0ghyWrc8ZBQUox879/NtIODqw7/oL/MsO+MJFbyGNmrkgmD2hZ AXEgjIf3InYaZ22xMH9HCX4Pjls1WzN2H0R6mgQeZqx+gI8veYGy4NXQ2WkwIqx/E2wt fXTIkMdIjOYaAcSTUhcohmPC2yFisOcEHSmDcFNjiF1mq8DOW4z1Gm0myBYkCpx2+1RB 1RGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723666810; x=1724271610; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2jS9GIgr059IRmBuZndznkUObpRQUPaVV+qegVVoWuU=; b=lQ+SGRQlx5zFAXEyHmows3JCic04rLHWedMzZx6aaZ779Pc/TCuSfG2VfmVr3GW6qC NUk9mFifMyX68Qvr+tKVUyXLi1GUM0HQXdC7p+H4kg0zYiUtJE0x29QqWWll8fOYyzX0 KHvp3+liaK5lsDUGBBi63kMu1dVXyALuax6dCZlFzoOFD82FjdyPqD1pH7CJyoNLHnh7 lpj/UlYlloF0Qn6lpONNIfPJA2iNr6yIEBpkgu3QQJyV+khQrP4wma4YOwOJafQ/e3bt gs/jeCUuj6CyRJtMJe5EENUZAimQr1ipMJ2kDspA2Pcbw0p95k6JdPN/r/gmYEOSFV4v jASg==
X-Forwarded-Encrypted: i=1; AJvYcCUM4xwQaqkPKggvd23fmeuCMvZQoYnlriiilRMNciGxKlgaTL12Pk9O9ut/QSb5E7Rge0GbREkQm8rTR5ablw==
X-Gm-Message-State: AOJu0Yxg4mQvzRviAg0qog1iBKqWURmQlXtSK5yhfn7g0h3LPqXf3ohA gLjpoICE2etOFf4yjBbq8DXxPRz5bZXrk42wel0jW3UCdfmqYGEAWtej5j01rS93OtIik+SVk9N RR2ZWjzV/rwH9NdEyvy4vx8qfknNMx3VIgFaNyMZ2dR0RNZCh
X-Google-Smtp-Source: AGHT+IGuzlP0L6b0P8tykViyRuqM8bs5bSpDkwRBI1l0kNXPxod5egvtER0lo6Ttwago2v1G8BM7jHJuwP2+jDCFA1w=
X-Received: by 2002:a05:6870:d3ce:b0:260:71c4:f33a with SMTP id 586e51a60fabf-26fe5bdfd86mr4479771fac.39.1723666809805; Wed, 14 Aug 2024 13:20:09 -0700 (PDT)
MIME-Version: 1.0
References: <d16406c6-e5d9-4aa4-a16e-7513d04d6b07@gmail.com> <DB9PR07MB777164E663505AA86537EB1DD6852@DB9PR07MB7771.eurprd07.prod.outlook.com> <20240812142831.22a4f28e@zbook> <DB9PR07MB7771D93917C01A028E30FDEED6852@DB9PR07MB7771.eurprd07.prod.outlook.com> <0d0f35a3-1493-4e4e-8b4a-08f41fac2b2c@gmail.com> <CACyFTPFPRrW5MxZ8yoNPKYWxzaGQO-HnMNpEKR3TCbVpK6hgWg@mail.gmail.com> <20240813065439.061ef59a@zbook> <CACyFTPH+dA9xkCUT98zHr7AYpGyYFuOgOaynhsPjz3iKEuseog@mail.gmail.com> <20240813171637.48ce7cfe@zbook> <CACyFTPGgJsjLtoTegqy34BCSVH+vp_oxbKvBj3vnLaXpiD-vGA@mail.gmail.com> <Zrx7N9IWGeDqIuPf@Space.Net>
In-Reply-To: <Zrx7N9IWGeDqIuPf@Space.Net>
From: George Michaelson <ggm@algebras.org>
Date: Thu, 15 Aug 2024 06:19:58 +1000
Message-ID: <CAKr6gn0MYNr+jhjNvnBS6Tv8bi+U_LMN+ynE1Nnp0Qj_cO61kg@mail.gmail.com>
To: Gert Doering <gert@space.net>
Content-Type: multipart/alternative; boundary="000000000000e8fefd061faa73b2"
Message-ID-Hash: K7OIHHZBH5L4DVZNRSQW3CQGBBSTQFDK
X-Message-ID-Hash: K7OIHHZBH5L4DVZNRSQW3CQGBBSTQFDK
X-MailFrom: ggm@algebras.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Daryll Swer <contact=40daryllswer.com@dmarc.ietf.org>, "<v6ops@ietf.org>" <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Dynamic addresses
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/qJjGyraVzhD00Q4dOR_-i5V1yNo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

Surely before arguing for constant renumbering you should explain
remediation for the downsides of constant renumbering?

I suspect they involve stable addressed third parties. You would know that
there are many people who reject use of 3 way handshake rendezvous e.g. in
NAT traversal.

If they involve use of the DNS then they also construct dependency on name
to address mapping stability, cost money and have security issues around
TSIG and cryptography at scale as well as update and propagation delay.

Normally I find I agree easily with what you say. I think you are hand
waving consequences on your own experience with stable addresses as a norm.
If you have active solutions and live behind a dynamically addressed sub
prefix of some other delegate it would be useful to share how you make
inbound ssh work reliably.

(I have used an ssh reverse tunnel maintained by a daemon to overcome this
problem. It demands owning a stable endpoint outside the changing prefix
boundary on a globally routable. Presumably you could do this
probabilistically on dynamic ips which don't frequently change at some risk
of synchronised change wrecking it)

George

On Wed, 14 Aug 2024, 7:39 pm Gert Doering, <gert@space.net> wrote:

> Hi,
>
> On Wed, Aug 14, 2024 at 04:11:27AM +0530, Daryll Swer wrote:
> > I'm not sure what you're proposing, Marco. But my stance on the matter is
> > simple: Get rid of dynamic prefixes in IPv6 production.
>
> There some good arguments for dynamic prefixes, namely, people should stop
> putting explicit IPv6 addresses into places (which will inevitably cause
> headaches when changing ISP).  So actually having better support for
> automatic DNS registration/discovery (mDNS and friends) and just making
> SoHo networks renumber automatically and properly is a worthwile goal.
>
> I do agree that those 0.001% of people that SSH into their home servers
> will hate SSHs dying on a renumbering event...
>
> Gert Doering
>         -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Ingo
> Lalla,
>                                            Karin Schuler, Sebastian Cler
> Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
>
> _______________________________________________
> v6ops mailing list -- v6ops@ietf.org
> To unsubscribe send an email to v6ops-leave@ietf.org
>