Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-08.txt
Fred Baker <fredbaker.ietf@gmail.com> Mon, 09 October 2017 23:31 UTC
Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65A7113263F; Mon, 9 Oct 2017 16:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id niWhzTGDj6zw; Mon, 9 Oct 2017 16:30:58 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D07FD120720; Mon, 9 Oct 2017 16:30:57 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id b189so479089wmd.4; Mon, 09 Oct 2017 16:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Reu6wMGsf1/GOnuMYEUgRNFke2gUPw0IJokemjBcoJY=; b=EPu8i39U/EwzMOHZQjutDTi/VZ8NwJsxqJK1/rpdSgdX6RFxPbmbpk13WZGp4/Ec55 XRHYBRfBKRDWG2yIOnvwJ1EqlY1ol5XrxBnzx3K7UygNDLFPKo2sgxhRAwETMZ0z9cLG 9BLZXmj/SmV1QFhVENHUgUaP80umcVMhKS0lM4d/Ldj+/GQ9w0//9+o3u09t8VPqq3Bb nsXYr2QHdfoKYQ72l92IpZxMZpglLxYA9i/yGMW2fCU7wQXvGSR+cKRsAo3OMqHwqIGu 6Sx8Pl5tmTZhOqRRAj17OvsOEvvYm6SjWnsYihF/kdKmqSMmMBG/0oyEdQvM7bEEN/nl qFVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Reu6wMGsf1/GOnuMYEUgRNFke2gUPw0IJokemjBcoJY=; b=SD9yuMmtYfqiKV1Czf/NT04KtjFMLUVSiSELoMZubvKM6rnM/b5hgxrgW0zMkYLKQe yPBcX2AzS6ln/+c9v3M+wlxGhAa7WvNnh7gdKGBwhUBL9rb2MoNXyrbSfu28b8mTzMvX NoO94YjUqy3BI/dgGTiWjg0soE6GJb9lB4ara7iI++S9w55Jz8BEoHVyctRhf/KpjVaT vtVBfsVw44OGiCPusDE8siguC9TsI6JZIuCMMbehoBGwuSDhzv6xBteOwSEUjVBGUQax Mfi0tShaolUER43czeQql/SfLvOL6WXZHP5JCt40kdGVlTgcMY3nlkhUYXne/RD+o2d9 pl+Q==
X-Gm-Message-State: AMCzsaXQu6t//jtuZpsjd2IfRcnP6EsswS7LGZrhB1BjsR5MoQcwy5wy 9/8DOulLCL6aYH7VG/Lgp1E=
X-Google-Smtp-Source: AOwi7QAnGl+1vI/nblZroZIJ8YpF+yXu17HdsRVkXgE3kGi2rpHt63TJDUmhY1qkSuTLzvyeSG0xIA==
X-Received: by 10.223.176.40 with SMTP id f37mr11821137wra.161.1507591856384; Mon, 09 Oct 2017 16:30:56 -0700 (PDT)
Received: from 245.66.20.149.in-addr.arpa (245.66.20.149.in-addr.arpa. [149.20.66.245]) by smtp.gmail.com with ESMTPSA id p95sm17600677wrc.53.2017.10.09.16.30.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Oct 2017 16:30:55 -0700 (PDT)
From: Fred Baker <fredbaker.ietf@gmail.com>
Message-Id: <BF10DEDD-5C78-45BB-9287-A912D0E62F77@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_26DB490D-F246-4304-BC70-0451B048B31A"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.2\))
Date: Mon, 09 Oct 2017 16:30:50 -0700
In-Reply-To: <2349a9b3358541929da084da6232848d@XCH15-06-08.nw.nos.boeing.com>
Cc: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>, Lorenzo Colitti <lorenzo@google.com>, "v6ops@ietf.org" <v6ops@ietf.org>, "internet-drafts@ietf.org" <internet-drafts@ietf.org>
To: Fred Templin <Fred.L.Templin@boeing.com>
References: <150531144008.30405.8720524557391780522@ietfa.amsl.com> <466db83261804d179fc991f43df5dcf9@XCH15-06-08.nw.nos.boeing.com> <CAKD1Yr00obLxByQEgQkXKnD=W+Kvd0XKtYAdF=Na-dLfo1MHQA@mail.gmail.com> <9142206A0C5BF24CB22755C8EC422E4585AD4EAA@AZ-US1EXMB03.global.avaya.com> <53DBD9FB-CCAE-41EB-9E3D-B04538559A2C@gmail.com> <2349a9b3358541929da084da6232848d@XCH15-06-08.nw.nos.boeing.com>
X-Mailer: Apple Mail (2.3445.4.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/s_aWqw45uufFwi-aDhJgUuKpjHM>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-08.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 23:31:00 -0000
> On Oct 9, 2017, at 7:34 AM, Templin, Fred L <Fred.L.Templin@boeing.com> wrote: > > Fred, > >> -----Original Message----- >> From: Fred Baker [mailto:fredbaker.ietf@gmail.com] >> Sent: Monday, October 09, 2017 6:17 AM >> To: Mudric, Dusan (Dusan) <dmudric@avaya.com> >> Cc: Lorenzo Colitti <lorenzo@google.com>; Templin, Fred L <Fred.L.Templin@boeing.com>; v6ops@ietf.org; internet-drafts@ietf.org >> Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-08.txt >> >> Unless someone wants to tell me I'm wrong, I don't think that consensus exists. What the document says is that when someone is >> running a service such as described, traffic from the CPE router to which a prefix has been delegated should invariably travel through > > 'draft-ietf-v6ops-unique-ipv6-prefix-per-host' is not about prefix delegation. No, it's about a service (presumably operated by an ISP) in which prefixes are delegated to hosts. While the specification is clear that the ISP might *also* IPv4 service on the same network using the same equipment, what is specified is an IPv6, and potentially IPv6-only, service. > 'draft-templin-v6ops-pdhost' is about prefix delegation. > > Thanks - Fred > >> the upstream router as opposed to directly to a router that might appear to be an immediate neighbor. It doesn't deprecate the use >> of SLAAC/DHCPv6 or the use of neighbor-to-neighbor routing in LAN networks. >> >>> On Oct 6, 2017, at 7:48 AM, Mudric, Dusan (Dusan) <dmudric@avaya.com> wrote: >>> >>> Hi Fred, >>> >>> Should it be mentioned that even though a ‘shared’ prefix with L=0 makes hosts send packets over the first hope router, the unique >> prefix per host is preferred mechanism in the environments where security is of a concern? >>> >>> Thanks, >>> Dusan. >>> >>> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Lorenzo Colitti >>> Sent: Wednesday, September 13, 2017 6:04 PM >>> To: Templin, Fred L >>> Cc: v6ops@ietf.org; internet-drafts@ietf.org >>> Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-08.txt >>> >>> I would instead say the opposite, i.e., call attention to what is in fact one of the the main benefits of this document. Suggested text: >>> >>> The practices described in this document make it very simple for networks to implement robust isolation between clients at layer 2. >> The network can simply ensure that devices cannot send packets to each other except through the first-hop router. This will >> automatically provide robust protection against attacks between devices that rely on link-local ICMPv6 packets, such as DAD reply >> spoofing, ND cache exhaustion, malicious redirects, and rogue RAs. This form of protection is much more scalable and robust than >> alternative mechanisms such as DAD proxying, forced forwarding, or ND snooping. >>> >>> >>> >>> On Wed, Sep 13, 2017 at 2:12 PM, Templin, Fred L <Fred.L.Templin@boeing.com> wrote: >>> Please add the following to Security Considerations: >>> >>> "While the practices described herein encourage L3 operations that would >>> forward all traffic through a provider managed First Hop Router, peer to peer >>> communications are still possible unless L2 mechanisms are also employed >>> in some fashion outside the scope of this document." >>> >>> Thanks - Fred >>> >>>> -----Original Message----- >>>> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org >>>> Sent: Wednesday, September 13, 2017 7:04 AM >>>> To: i-d-announce@ietf.org >>>> Cc: v6ops@ietf.org >>>> Subject: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-08.txt >>>> >>>> >>>> A New Internet-Draft is available from the on-line Internet-Drafts directories. >>>> This draft is a work item of the IPv6 Operations WG of the IETF. >>>> >>>> Title : Unique IPv6 Prefix Per Host >>>> Authors : John Jason Brzozowski >>>> Gunter Van De Velde >>>> Filename : draft-ietf-v6ops-unique-ipv6-prefix-per-host-08.txt >>>> Pages : 9 >>>> Date : 2017-09-13 >>>> >>>> Abstract: >>>> This document outlines an approach utilising existing IPv6 protocols >>>> to allow hosts to be assigned a unique IPv6 prefix (instead of a >>>> unique IPv6 address from a shared IPv6 prefix). Benefits of unique >>>> IPv6 prefix over a unique service provider IPv6 address include >>>> improved host isolation and enhanced subscriber management on shared >>>> network segments. >>>> >>>> >>>> The IETF datatracker status page for this draft is: >>>> https://datatracker.ietf.org/doc/draft-ietf-v6ops-unique-ipv6-prefix-per-host/ >>>> >>>> There are also htmlized versions available at: >>>> https://tools.ietf.org/html/draft-ietf-v6ops-unique-ipv6-prefix-per-host-08 >>>> https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-unique-ipv6-prefix-per-host-08 >>>> >>>> A diff from the previous version is available at: >>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-v6ops-unique-ipv6-prefix-per-host-08 >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of submission >>>> until the htmlized version and diff are available at tools.ietf.org. >>>> >>>> Internet-Drafts are also available by anonymous FTP at: >>>> ftp://ftp.ietf.org/internet-drafts/ >>>> >>>> _______________________________________________ >>>> v6ops mailing list >>>> v6ops@ietf.org >>>> https://www.ietf.org/mailman/listinfo/v6ops >>> >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-… internet-drafts
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… james woodyatt
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Alexandre Petrescu
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Tim Chown
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… David Farmer
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Tim Chown
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Fred Baker
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Fred Baker
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-i… Templin, Fred L