Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds

Ted Lemon <mellon@fugue.com> Wed, 30 October 2019 23:31 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC7C6120818 for <v6ops@ietfa.amsl.com>; Wed, 30 Oct 2019 16:31:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3H7pAdbohAb for <v6ops@ietfa.amsl.com>; Wed, 30 Oct 2019 16:31:56 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 364EE120819 for <v6ops@ietf.org>; Wed, 30 Oct 2019 16:31:56 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id z17so5850694qts.9 for <v6ops@ietf.org>; Wed, 30 Oct 2019 16:31:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=PmmYzfkC06cIgUUh0BoL6jIOlr2G+wX/6/3+kZ4ldJk=; b=xj+lCfQnWaQOMa+Cl0fs+pog4xJZpoh6+T0+IRZzIApqNwSRvVtcMBmBG76hMifL5d F8C1b6EVWDPHn6iShUaz0XEMUcB9f5CDV10c9mfeurJ9AvMKuYn5/ULeIrG98IoO+5RH +8ITR0Br5dUh0GtGyBjl7Vd7Esa1LuCet7EN7xpIqP9Xo0BREQ0uQlvw4yk/1jgZFkmK oP9BYobDpiKwYz0Hby08v8Wqhrd2Va0fnVhDhnF724nAx7fgDCJntvK4NZPAujB1Y2LD BT9Y4EnOHJV0hjZ3xST9I3UZc8wV+i0aSSrdnoMqNyHxxHriwe6jkaUmCICYYYJvX468 c5KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=PmmYzfkC06cIgUUh0BoL6jIOlr2G+wX/6/3+kZ4ldJk=; b=dkg8AO4RO1E5sgU4V8VhH0HmkcitO+BUO+uDAQlID7qJkjfUhmBDGqYHMEwGrClULB 5vznAmqBYSZPDip95dchHeG3QnQYIRyKELsOJl0YIo114u6fNTFHZK45rtSqwhNpCzX5 ks91dvD5S3VqAPoqsyDIZV+nOtHPKtm1dvsLjPUveSuuP4CvTSa/YKSJIxEgnHRPO61/ Ek7uYbMpeFLstsin3zT/MVazDMNXTZvYUU88L3NOoUkfwlTm1+xizqhJ71F/QQwV5SMP MX3ikjAYBQAtFs9tEXF3QO7nyq2deLLC6oFvnt4/Z7XjvoCuh+FcSngvywo/yPHxSLQz U+Gg==
X-Gm-Message-State: APjAAAXIdmCFbHAA9+XB4K1XjrRJ+FaITwvRxV/0XpGkKIEmMJJh5OVI EtWs0Sju0ugDvSiNu9oLQFd60A==
X-Google-Smtp-Source: APXvYqwXLiFMJbQ8i5qzeZzeTSeTQW14wf2VsQG9NrsOzBBacpvd2dnlVwKr1Yr7kgFeO4vvAOJOpA==
X-Received: by 2002:a05:6214:14b2:: with SMTP id bo18mr1768469qvb.72.1572478315255; Wed, 30 Oct 2019 16:31:55 -0700 (PDT)
Received: from ?IPv6:2601:18b:300:36ee:c915:d402:aa29:95fd? ([2601:18b:300:36ee:c915:d402:aa29:95fd]) by smtp.gmail.com with ESMTPSA id m72sm939275qke.5.2019.10.30.16.31.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Oct 2019 16:31:54 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <E8D9F8C2-C4C1-44CC-AB06-87A3461B704A@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F0D318B4-EF02-4484-8549-65664529A3CA"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3600\))
Date: Wed, 30 Oct 2019 19:31:52 -0400
In-Reply-To: <CAOpJ=k25ML8Z0_QRN8yoYdXut=tsZBwtBZEstceT45csb1Aunw@mail.gmail.com>
Cc: "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, IPv6 Operations <v6ops@ietf.org>
To: Bud Millwood <budm@weird-solutions.com>
References: <MWHPR1101MB2288616D545F3DAD1D1734A1CF600@MWHPR1101MB2288.namprd11.prod.outlook.com> <CAOpJ=k06SRAHR7S+UmvFu=zvyk8j_uica2gdbBij+5pr+Jykww@mail.gmail.com> <C0A66DA1-29DE-456A-934D-7ECC07575336@cisco.com> <8755B40E-4075-4AAC-BF59-19B6DF9BA6D1@cisco.com> <B23EE439-1509-43FB-9813-F330117DBF42@fugue.com> <CAOpJ=k25ML8Z0_QRN8yoYdXut=tsZBwtBZEstceT45csb1Aunw@mail.gmail.com>
X-Mailer: Apple Mail (2.3600)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/sUjJRZ4IYJshwJ4_GyBYtZ3gXgM>
Subject: Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 23:31:59 -0000

On Oct 30, 2019, at 7:18 PM, Bud Millwood <budm@weird-solutions.com>; wrote:
> It's not so much about the lifetime of the prefix as about putting two
> prefixes in a reply to a request, right? And any CPE that can't handle
> that gracefully gets hosed. I agree that providers of course need to
> test this feature, and a server side configuration makes that
> possible. Also, I'm all for firmware upgrades, but requiring it to fix
> a hosed CPE is could be a big issue.

The thing is, if they can’t handle a two-PD response, they are out of spec.  This is already allowed in the RFC.

Granted, there may be plenty of CPEs that won’t handle this correctly.   If they can be bricked by a message with two PDs, then bricking them is the right thing to do, because that’s a zero-day vulnerability wide open on the customer network.