Re: [v6ops] New Version Notification for draft-ietf-v6ops-dhcp-pd-per-device-05.txt
Martin Huněk <martin.hunek@tul.cz> Mon, 06 November 2023 19:47 UTC
Return-Path: <martin.hunek@tul.cz>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDAC4C17C50A for <v6ops@ietfa.amsl.com>; Mon, 6 Nov 2023 11:47:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tul.cz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W7adB-D9Jgzu for <v6ops@ietfa.amsl.com>; Mon, 6 Nov 2023 11:47:08 -0800 (PST)
Received: from bubo.tul.cz (bubo.tul.cz [IPv6:2001:718:1c01:16::aa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93280C18E1AF for <v6ops@ietf.org>; Mon, 6 Nov 2023 11:47:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at tul.cz
Received: from asclepius.adm.tul.cz (unknown [IPv6:2001:718:1c01:11::1:a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bubo.tul.cz (Postfix) with ESMTPSA id 56BB818050A06; Mon, 6 Nov 2023 20:47:01 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 bubo.tul.cz 56BB818050A06
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tul.cz; s=tul2021; t=1699300021; bh=oQ1vK4TQymmckXPU5Kka6qkkfc690G8a1sQAoKSZ1Rk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=S9mEmac97ivyeTeDhLF1yj6QLQbApl38XTz2KVnSXItHLkoZMkjFcnR7utp1S4551 UQrhGUrOpzfOEi2W2/2rV2LevDAaJqo0pD4teQGiPK4WfNBE+Be8qLHwEbUMEOjTY2 AXpfM82zjmBJjLMySgPXJhb8Dnwa/CtAmLsqVS1LwKX5FEEg3Nc+bPMgaPEleTaefT BIQVrX7LjOANMxBC8YTnMEuHgMZRFK963ESwuzpK0zoQ0hJ8NACz8gT4/AMsC48pGJ lDiCppJZjHQE+t7scjabVxaNycxN5RKxt7fHFSFeEbG7MtwGsYPAX0L8qRYVw6pqwE 0qJYtDNjvZJQg==
From: Martin Huněk <martin.hunek@tul.cz>
To: Lorenzo Colitti <lorenzo@google.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Ole Troan <otroan@employees.org>, V6 Ops List <v6ops@ietf.org>, Xiao Ma <xiaom@google.com>
Date: Mon, 06 Nov 2023 20:46:56 +0100
Message-ID: <5666162.ihCYSUqkRZ@asclepius.adm.tul.cz>
Organization: Technická univerzita v Liberci
In-Reply-To: <CAKD1Yr0uMvS-ctwf+RcDQG6pEwr7Ho7qyi0H7BLu+MFMA496+A@mail.gmail.com>
References: <169919966581.36738.5162400304409089286@ietfa.amsl.com> <4598146.F5Vx1aKkY9@asclepius.adm.tul.cz> <CAKD1Yr0uMvS-ctwf+RcDQG6pEwr7Ho7qyi0H7BLu+MFMA496+A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3777150.RrQHTzY0li"; micalg="sha384"; protocol="application/pkcs7-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ruYU9XUP-gxE58Q0jE6JlMwc3R4>
Subject: Re: [v6ops] New Version Notification for draft-ietf-v6ops-dhcp-pd-per-device-05.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 19:47:14 -0000
Hi, Dne pondělí 6. listopadu 2023 10:00:14 CET, Lorenzo Colitti napsal(a): > On Mon, Nov 6, 2023 at 2:41 AM Martin Huněk <martin.hunek@tul.cz> wrote: > > > If you have at least X+32 of IPv6, you can be in the same situation with > > IPv6 as you are in IPv4. Now, do we want to be in the same situation? Why > > migrate to IPv6, then? > > > > It's not the same situation. As the draft explains, x+32 is 32 times better > than IPv4 if we never move beyond 2000::/3. If we move beyond 2000::/3, > it's 256 times better than IPv4. Whether any given network has enough space > for that is up to the operators and the RIRs. Based on your comments, it's > clearly not enough for your network. That's OK - whether a network uses > this model is up to the network, and it's pretty clear that there are some > networks, like home networks with only a /64 or a /60, that will never be > able to run this model due to lack of space. I do have /16 of IPv4 and /48 of IPv6. By the formula presented in the draft I get the exact result: X = 16 16 + 32 = 48 So I'm in precisely the same situation as I'm with IPv4. How is it any better than the address-space constraints of IPv4? I do not necessarily care who is to blame. I just know what I have, and even if I'm allowed to expand the address space, I would be forced to renumber. There would be almost zero gain for clients having /64 compared to /80 (when we do not allow network extension), so for me personally, having a strict /64 barrier is just a complication and a poor design choice, especially when a host is not informing how big a prefix it really needs. > > FWIW, I think you said that in order to use this you'd need to assign a /49 > to your Wi-Fi network? That doesn't seem unreasonable to me, or to other > operators that are part of this discussion. It doesn't seem reasonable to me. It is half of my address space, and I won't be getting more; it is without reserves to expand, and I had to move several networks to clear it. If a host would have been fine with /80, I would be just fine with one /64 or /63 (or /60). I could manage just fine with what I have. It makes even more sense as we do not allow a network extension. > > Remember, what we are trying to do here is a compromise: provide to network > operators the control and tracking that they like to have via DHCPv6, while > ensuring that connected devices can support pretty much any use case, > including hosts forming unlimited addresses, plugging in routers, and doing > a moderate amount of network extension with end-to-end connectivity and > without NAT. We think this model has a lot of advantages, but it's > definitely not the only one. If any user is allowed to extend the network, how do I know who is the end user? Unsupported, not allowed things should be hard to get working. If someone tries to extend the network (while not allowed to do so), I want his/her attempt to fail. Then, the broken connectivity is desired. Btw: Do you have any data about how big a share of a company allows the "bring your own router" policy in their corporate network? Network extension in corporate networks is not a common use case, in my opinion. > > I agree with Gert. You can have /80s all you want, but you are not getting > > /64s from me. If your implementation requires it, then it is NAT66 for you, > > ND proxy, or IPv4 only. You choose. > > > > I hate to say it, but... network operators saying, "my network, my rules" > and insisting that devices will only have the amount of address space that > they think they need is precisely why host implementers don't trust > networks to do the right thing. The implementers know less about the network the device is connected to than the admins running it. Quite frankly, you would not be able to know local restrictions, nor would you care. Yes, we can make this mutual distrust basis to reconsider BYOD policies. > > This is why we need a fixed boundary - otherwise we end up with a race to > the bottom that ends at /128. At the moment, the only possible fixed > boundary is /64, because once the device gets a /64, it can do whatever it > wants, and extend the network all it wants, using SLAAC. If we make SLAAC > run on longer prefixes, then maybe we'll all agree on one size. But who > knows if that will work. Just like you say, "you can have all the /80s you > want, but you're not getting /64s", some other operators saying, "you can > have all the /128s you want, but you're not getting /80s". One thing at a > time. If we make this model work with /64s, maybe it's possible to imagine > changing SLAAC. > Do you really think that? Yes, there will be some networks that will use IPv4 principles and try to conserve IP space so much that they try to give too little to clients. However, many more are adhering to recommendations made by IETF or RIR. At ISP, I give /56 to residential clients, /48 to companies (or upon request). I could give just /64 or /60, but I know what I would like to have at home and how many I can assign to maintain a reasonable addressing plan. It is up to me as a Network administrator to make the plan and configure my routers accordingly. I'm not really in the camp of let's change an SLAAC prefix size as we would not see practical results in years to come. However, if it provides me with additional tools to manage my networks, then why not? This draft is a bit different. If every device required a /64 and it would like to extend the network, I would be pushed around, and I hate that. Clients would push me to give them /64, SCO would push me on network security front, and RIPE policy and upstream addressing plan are constraining me with address space. Having an OS vendor pushing me with the substantial number of devices is the thing I need the least. Regards, Martin
- Re: [v6ops] New Version Notification for draft-ie… Jen Linkova
- Re: [v6ops] New Version Notification for draft-ie… Martin Huněk
- Re: [v6ops] New Version Notification for draft-ie… Mark Elkins
- Re: [v6ops] New Version Notification for draft-ie… Jen Linkova
- Re: [v6ops] New Version Notification for draft-ie… Brian E Carpenter
- Re: [v6ops] New Version Notification for draft-ie… Gert Doering
- Re: [v6ops] New Version Notification for draft-ie… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-ie… Martin Huněk
- Re: [v6ops] New Version Notification for draft-ie… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-ie… Delong.com
- Re: [v6ops] New Version Notification for draft-ie… jordi.palet@consulintel.es
- Re: [v6ops] New Version Notification for draft-ie… Owen DeLong
- Re: [v6ops] New Version Notification for draft-ie… jordi.palet@consulintel.es
- Re: [v6ops] New Version Notification for draft-ie… Alexandre Petrescu
- Re: [v6ops] New Version Notification for draft-ie… Frank Habicht
- Re: [v6ops] New Version Notification for draft-ie… Owen DeLong
- Re: [v6ops] New Version Notification for draft-ie… owen@Delong.com
- Re: [v6ops] New Version Notification for draft-ie… Owen DeLong
- Re: [v6ops] New Version Notification for draft-ie… Martin Huněk
- Re: [v6ops] New Version Notification for draft-ie… Tim Chown
- Re: [v6ops] New Version Notification for draft-ie… Philipp S. Tiesel
- Re: [v6ops] New Version Notification for draft-ie… Nick Buraglio
- Re: [v6ops] New Version Notification for draft-ie… Brian E Carpenter