Re: [v6ops] Discussion of draft-ietf-v6ops-ula-usage-recommendations

Mark Andrews <marka@isc.org> Tue, 21 July 2015 15:26 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B7441B2E85 for <v6ops@ietfa.amsl.com>; Tue, 21 Jul 2015 08:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OetERgCArk3 for <v6ops@ietfa.amsl.com>; Tue, 21 Jul 2015 08:26:38 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEE781B2F4D for <v6ops@ietf.org>; Tue, 21 Jul 2015 08:24:42 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id C76C43493BE; Tue, 21 Jul 2015 15:24:36 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 15346160086; Tue, 21 Jul 2015 15:25:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id F1F0A160079; Tue, 21 Jul 2015 15:25:32 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XW7d5L3Ui1cO; Tue, 21 Jul 2015 15:25:32 +0000 (UTC)
Received: from rock.dv.isc.org (unknown [31.133.138.45]) by zmx1.isc.org (Postfix) with ESMTPSA id 999F5160052; Tue, 21 Jul 2015 15:25:32 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 096C3338A4AD; Wed, 22 Jul 2015 01:24:34 +1000 (EST)
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <6153A91F-7E9A-4579-BA06-72964568D343@cisco.com> <55AE54D3.7070502@gmail.com>
In-reply-to: Your message of "Tue, 21 Jul 2015 16:18:59 +0200." <55AE54D3.7070502@gmail.com>
Date: Wed, 22 Jul 2015 01:24:34 +1000
Message-Id: <20150721152434.096C3338A4AD@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/rttFXlU6LXRqlFXi-q5X5W0-pqQ>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Discussion of draft-ietf-v6ops-ula-usage-recommendations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 15:26:44 -0000

In message <55AE54D3.7070502@gmail.com>, Alexandru Petrescu writes:
> 1. Brian suggested to recommend that globals should be there on the
> machines having ULAs as well, if I understand correctly.
> 
> But I think so only on some Hosts, mainly the Hosts of end users.
> 
> 2. the ULA RFC suggests a ULA prefix can be generated out of a MAC
> address.  That sixxs implementation does it.  Except it takes it too
> serious: it does not accept a MAC address which is not a real MAC
> address - in that oui.txt.  And random MAC addresses (for privacy)
> certainly are not in that oui.txt.

This is a ULA generator.  You do not need a MAC.

% dd if=/dev/random bs=7 count=1 | od -t x1 | awk '/0000/ {print "fd" $2 ":" $3 $4 ":" $5 $6 ; exit}'
1+0 records in
1+0 records out
7 bytes transferred in 0.000024 secs (293601 bytes/sec)
fd61:cb66:8851
% 

> ULAs because the only tool out there (sixxs) can't refuses a copy paste
> a MAC address from the widely used windows 7 laptops.

*All* you need is 7 bytes of random numbers.  Many modern CPU's
will do this for you today.  If you don't have that then you can
use the pseudo random number generator in the rfc.

The algorithm is for CPE devices without a good source of randomness.

> I am not sure what the problem is, but it's very good to have a very
> easy way to generate ULAs.
> 
> 3. in an enterprise deployment there was a problem of ULAs deployed in a
> intra-network and another ULA space in another intra-network, of the
> same enterprise.  So we wanted to make sure two things: the two ULA
> spaces are distinct, or otherwise make sure the gateway router does not
> route between the two intranets' ULAs (but yes, route between their
> respective GUAs).   I am not sure how to translate that into advice,
> because I am not sure how it will unfold in the near future.
> 
> Alex
> 
> Le 21/07/2015 16:02, Fred Baker (fred) a =E9crit :
> > https://tools.ietf.org/html/draft-ietf-v6ops-ula-usage-recommendations
> >
> >
> "Considerations For Using Unique Local Addresses", Bing Liu, Sheng
> > Jiang, 2015-05-03
> >
> > This draft came up from the floor this afternoon. I think we need
> > some concentrated constructive conversation regarding it - we have
> > had a lot of the other kind.
> >
> > What issues do we need to address to complete it. and what specific
> > recommendations would that include?
> >
> >
> >
> > _______________________________________________ v6ops mailing list
> > v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
> >
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org