Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds

Ted Lemon <> Wed, 30 October 2019 23:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DC7C6120818 for <>; Wed, 30 Oct 2019 16:31:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id B3H7pAdbohAb for <>; Wed, 30 Oct 2019 16:31:56 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 364EE120819 for <>; Wed, 30 Oct 2019 16:31:56 -0700 (PDT)
Received: by with SMTP id z17so5850694qts.9 for <>; Wed, 30 Oct 2019 16:31:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=PmmYzfkC06cIgUUh0BoL6jIOlr2G+wX/6/3+kZ4ldJk=; b=xj+lCfQnWaQOMa+Cl0fs+pog4xJZpoh6+T0+IRZzIApqNwSRvVtcMBmBG76hMifL5d F8C1b6EVWDPHn6iShUaz0XEMUcB9f5CDV10c9mfeurJ9AvMKuYn5/ULeIrG98IoO+5RH +8ITR0Br5dUh0GtGyBjl7Vd7Esa1LuCet7EN7xpIqP9Xo0BREQ0uQlvw4yk/1jgZFkmK oP9BYobDpiKwYz0Hby08v8Wqhrd2Va0fnVhDhnF724nAx7fgDCJntvK4NZPAujB1Y2LD BT9Y4EnOHJV0hjZ3xST9I3UZc8wV+i0aSSrdnoMqNyHxxHriwe6jkaUmCICYYYJvX468 c5KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=PmmYzfkC06cIgUUh0BoL6jIOlr2G+wX/6/3+kZ4ldJk=; b=dkg8AO4RO1E5sgU4V8VhH0HmkcitO+BUO+uDAQlID7qJkjfUhmBDGqYHMEwGrClULB 5vznAmqBYSZPDip95dchHeG3QnQYIRyKELsOJl0YIo114u6fNTFHZK45rtSqwhNpCzX5 ks91dvD5S3VqAPoqsyDIZV+nOtHPKtm1dvsLjPUveSuuP4CvTSa/YKSJIxEgnHRPO61/ Ek7uYbMpeFLstsin3zT/MVazDMNXTZvYUU88L3NOoUkfwlTm1+xizqhJ71F/QQwV5SMP MX3ikjAYBQAtFs9tEXF3QO7nyq2deLLC6oFvnt4/Z7XjvoCuh+FcSngvywo/yPHxSLQz U+Gg==
X-Gm-Message-State: APjAAAXIdmCFbHAA9+XB4K1XjrRJ+FaITwvRxV/0XpGkKIEmMJJh5OVI EtWs0Sju0ugDvSiNu9oLQFd60A==
X-Google-Smtp-Source: APXvYqwXLiFMJbQ8i5qzeZzeTSeTQW14wf2VsQG9NrsOzBBacpvd2dnlVwKr1Yr7kgFeO4vvAOJOpA==
X-Received: by 2002:a05:6214:14b2:: with SMTP id bo18mr1768469qvb.72.1572478315255; Wed, 30 Oct 2019 16:31:55 -0700 (PDT)
Received: from ?IPv6:2601:18b:300:36ee:c915:d402:aa29:95fd? ([2601:18b:300:36ee:c915:d402:aa29:95fd]) by with ESMTPSA id m72sm939275qke.5.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Oct 2019 16:31:54 -0700 (PDT)
From: Ted Lemon <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F0D318B4-EF02-4484-8549-65664529A3CA"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3600\))
Date: Wed, 30 Oct 2019 19:31:52 -0400
In-Reply-To: <>
Cc: "Bernie Volz (volz)" <>, "" <>, IPv6 Operations <>
To: Bud Millwood <>
References: <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3600)
Archived-At: <>
Subject: Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 23:31:59 -0000

On Oct 30, 2019, at 7:18 PM, Bud Millwood <> wrote:
> It's not so much about the lifetime of the prefix as about putting two
> prefixes in a reply to a request, right? And any CPE that can't handle
> that gracefully gets hosed. I agree that providers of course need to
> test this feature, and a server side configuration makes that
> possible. Also, I'm all for firmware upgrades, but requiring it to fix
> a hosed CPE is could be a big issue.

The thing is, if they can’t handle a two-PD response, they are out of spec.  This is already allowed in the RFC.

Granted, there may be plenty of CPEs that won’t handle this correctly.   If they can be bricked by a message with two PDs, then bricking them is the right thing to do, because that’s a zero-day vulnerability wide open on the customer network.