IETF Logo Mail Archive

Re: [v6ops] ULA precedence [Thoughts about wider operational input]

Mark Smith <markzzzsmith@gmail.com> Sat, 26 March 2022 00:32 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF043A0E71 for <v6ops@ietfa.amsl.com>; Fri, 25 Mar 2022 17:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.611
X-Spam-Level:
X-Spam-Status: No, score=-4.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.998, HK_RANDOM_FROM=0.998, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ixUooVEAbJU for <v6ops@ietfa.amsl.com>; Fri, 25 Mar 2022 17:32:23 -0700 (PDT)
Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D17F3A0EA9 for <v6ops@ietf.org>; Fri, 25 Mar 2022 17:32:23 -0700 (PDT)
Received: by mail-pj1-x102c.google.com with SMTP id b8so8995538pjb.4 for <v6ops@ietf.org>; Fri, 25 Mar 2022 17:32:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=shDgfA5WAj/Vx/53gnvK9Y+hxOP1p6+9d59ZGpsDkr4=; b=Q9wmVS6P9w+UZE3CCaWF1vcYjqMy1QcgmuEsL49Zv8W6eWvviGVvvYzDrrhvgiIbFf Aa0ZVbyDIc5kymnwV4eiKOsL9o7iHnRWUcuOAkoH1THDh3e58nMb+DEpxarFw+pRBEC8 6uhhQr4zVqdPXUoAkpJyz3qefUrc5hmW1QhB42DNhPlzGikN2d4RjtAOUjV3pW2vTr1Z YV+z6xsz4FedGdZBifdYkzVUsPHT9SvNvbbDIEsIA1i0Xc0lmsWdaR2PYwb75Wwz1IHU eGWg5xD5J7Rcj41IK4EfuLdXDxWBsu3WCWnVRSjA1WEKfpAP2rdyJRdr/mtRqtOAnJli IYow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=shDgfA5WAj/Vx/53gnvK9Y+hxOP1p6+9d59ZGpsDkr4=; b=jhoSaS1ePP/emrVHef8/jAW3VH1BtbPHlfjhssrratJryDuG7kXFoohODSk8E74Bcm RfKth0/sv+DPNfU2oh8iVj2sjFzPevvO4uvenp8Hd4/j4eRKV+4k7QzBojP3r+CMqn/s 5tAGfAKI4bZ31zR5dunkQYZ6WE5qw4oHvGJ89JIQPuAYoeFlVXx5gfOJujnc5JxoL6SV oRFs5DnHgBXs9fZ/io7XamB79B3JTAFjn0FqYEyxKGWJpS1YYDRhNKTG+Q6mQtZBL6kK egaUvkRDoWjseOaDac0TchhqVgQ3tnH1zO7EOu9eW0ucvwlCVBMAYomYwyhx3N6MGOmo ee0g==
X-Gm-Message-State: AOAM530s+pswXjYN+KU5w5jQM5pZBapbEvWnCvcCdLkQxQiKJFbYvGDk GebpdNwiF4Lku3uKyhJQbOXMyb+9l0ktbKO9xs2JJ0ev
X-Google-Smtp-Source: ABdhPJy002H9UroG6pkcRtkgflGeyEruQkffcoYImLnJHGu7Pr2JNP96ywVi642Ww9Y/OpSCuoDednAGYA6lKXdhMQg=
X-Received: by 2002:a17:902:f605:b0:14f:5d75:4fb0 with SMTP id n5-20020a170902f60500b0014f5d754fb0mr14308753plg.101.1648254742185; Fri, 25 Mar 2022 17:32:22 -0700 (PDT)
MIME-Version: 1.0
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <fd17a91f-68dc-92b5-0544-51aefa1b7f08@gmail.com> <CAM5+tA-Wq5O4pjQ++VZQi-FTKZGMRAW-LFc6O5dPOyox4QZDEw@mail.gmail.com> <YjpA4IH/eI5im8DT@Space.Net> <CAM5+tA-foEATL9uihwD=zoTZ1EvHiwc5k_xKf=GRNYD51REQYQ@mail.gmail.com> <Yjq2Gr2cQjFuQ8ie@Space.Net> <m1nXLes-0000J8C@stereo.hq.phicoh.net> <fc66c61b-2a11-c289-52fa-a89dc841a3aa@gmail.com>
In-Reply-To: <fc66c61b-2a11-c289-52fa-a89dc841a3aa@gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 26 Mar 2022 11:31:54 +1100
Message-ID: <CAO42Z2yHLpcqAWVnfMXMZ=miYB43tXGG2S6EAhHAcOGdd6751Q@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Philip Homburg <pch-v6ops-11@u-1.phicoh.com>, v6ops list <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068494005db143628"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/sLM2H6eVomHt8UgDqrlcR4cndQI>
Subject: Re: [v6ops] ULA precedence [Thoughts about wider operational input]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Mar 2022 00:32:27 -0000

On Fri, 25 Mar 2022, 07:04 Brian E Carpenter, <brian.e.carpenter@gmail.com>
wrote:

> (Trying, far too late, to change the Subject to be the actual subject...)
>
> I wasn't paying enough attention when RFC6724 was done.


Neither was I.

I assumed it was swapping site-locals for ULAs, because the issue with
site-locals was their lack of uniqueness. Otherwise, preference over GUAs
etc. was all fine.

RFC6724 now preferrs GUAs over ULAs, which defeats the use of ULAs to
provide internal connectivity while performing a GUA renumber, which is one
of the ULA use cases mentioned in RFC4193, and I think one of the main
reasons to have a parallel internal/local address space.

The justification for that change in RFC6724 is that GUAs seems to be that
they may be more reliably reached than ULAs (section 10.6). I don't agree,
I think in general local addressing will inherently be more reliable than
global addressing.

However, a GUA address could be more reliably reached than the equivalent
ULA for the destination at the time any particular connection is attempted.

So I've been thinking we should:

- change the preference of ULAs to over GUAs (and IPv4), to facilitate GUA
renumbering per RFC4193.

- recommend the use of Happy Eyeballs v2 at the time of the connection
attempt to address the issue of a GUA DA being available when the
equivalent ULA DA might not be, addressing the situation that caused ULAs
to be put below GAUs.

- suggest and possibly recommend multi-path transport protocols like MPTCP
that would connect to both (all) available GUAs and ULAs, providing
robustness against either GUA or ULA addresses going away during the
connection.

Regards,
Mark.

I think it's even
> more wrong each time I look at it. For example, it has the consequence that
> if a pair of hosts have both RFC1918 and ULA addresses, the default for
> communication between them is RFC1918. D'Oh. If two hosts have ULAs in the
> same /64, they will nevertheless try IPv4 first. D'Oh. And the default
> table
> in RFC6724 is sticky in practice, even if configurable in theory.
>
> I think this needs serious work (in 6MAN most likely).
>
> Regards
>     Brian Carpenter
>
> On 25-Mar-22 00:29, Philip Homburg wrote:
> >> (Dual-stack cannot be the answer anyway - it will have all the issues
> >> of IPv4, plus the added complications of dual-stack.  Services need to
> >> be dual-stack, but for all the rest, single-stack IPv6 needs to be
> >> the end goal - see facebook etc)
> >
> > Obviously, on an IPv6-only system, there is no IPv4, so the relative
> > priority of ULA compared to IPv4 does not matter.
> >
> > I'm curious what IPv4aaS we want to deploy. I consider NAT64 a complete
> > disaster (even if the form of 464xlat). Given how the internet works,
> > we will probably end up with NAT64 everywhere until the end of times.
> >
> >> This is not what I had in mind.  If "we" decide that ULA is a good
> >> way forward, IETF can update RFCs, and vendors will eventually
> >> update their base OS.  It might take 5 years, but so will everything
> >> else in Big Enterprise land.
> >
> > The problem with ULA is that we have lots of installations where hosts
> with
> > a ULA address don't have access to the IPv6 internet. Often, CPEs
> announce
> > a ULA when the CPE doesn't have an IPv6 uplink.
> >
> > In contrast, where RFC 1918 was meant for local IPv4 communication, it is
> > now on a very large scale the primary method for a host to reach the IPv4
> > internet.
> >
> > So to avoid the situation where we say that ULA is local and then use it
> > to connect to the IPv6 internet, we should just allocate a new space. And
> > explicitly give it the property to connect to the IPv6 internet through
> > through some sort of address translation.
> >
> > There is also a nice tie-in with PI. Obviously, putting millions of PI
> > prefixes in BGP does not scale.
> >
> > On the other hand, there is no such limit if the PI space is used behind
> NAT.
> >
> >
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> > .
> >
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email