Re: [v6ops] Discussion of draft-ietf-v6ops-ula-usage-recommendations
joel jaeggli <joelja@bogus.com> Tue, 21 July 2015 16:41 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64C731A8F40 for <v6ops@ietfa.amsl.com>; Tue, 21 Jul 2015 09:41:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0fFzr6aFPrhQ for <v6ops@ietfa.amsl.com>; Tue, 21 Jul 2015 09:41:05 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 545911A8AA8 for <v6ops@ietf.org>; Tue, 21 Jul 2015 09:41:05 -0700 (PDT)
Received: from dhcp-b3b7.meeting.ietf.org ([IPv6:2001:67c:370:176:80ea:5653:9df6:4f0c]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id t6LGf0Ta063122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 21 Jul 2015 16:41:02 GMT (envelope-from joelja@bogus.com)
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>, Mark Andrews <marka@isc.org>
References: <6153A91F-7E9A-4579-BA06-72964568D343@cisco.com> <55AE54D3.7070502@gmail.com> <55AE5D01.5090309@gmail.com> <55AE71F7.8000107@gmail.com> <20150721162835.26A9F338B4ED@rock.dv.isc.org> <55AE742E.9040301@gmail.com>
From: joel jaeggli <joelja@bogus.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55AE761A.3020500@bogus.com>
Date: Tue, 21 Jul 2015 18:40:58 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0
MIME-Version: 1.0
In-Reply-To: <55AE742E.9040301@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="tbHXSC0LPSio5MklEGE4qCPCdIpB1a9W2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/vFvH7oNsJySf26-I04fCXxvS6tg>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Discussion of draft-ietf-v6ops-ula-usage-recommendations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 16:41:07 -0000
On 7/21/15 6:32 PM, Alexandru Petrescu wrote: > > > Le 21/07/2015 18:28, Mark Andrews a écrit : >> >> In message <55AE71F7.8000107@gmail.com>, Alexandru Petrescu writes: >>> >>> >>> Le 21/07/2015 16:53, Brian E Carpenter a crit : >>>> On 22/07/2015 02:18, Alexandru Petrescu wrote: >>>>> 1. Brian suggested to recommend that globals should be there on >>>>> the machines having ULAs as well, if I understand correctly. >>>>> >>>>> But I think so only on some Hosts, mainly the Hosts of end users. >>>> >>>> All hosts that need external communication. >>> >>> I agree, all hosts that need external communication. >>> >>> >>>>> 2. the ULA RFC suggests a ULA prefix can be generated out of a MAC >>>>> address. That sixxs implementation does it. Except it takes it >>>>> too serious: it does not accept a MAC address which is not a real >>>>> MAC address - in that oui.txt. And random MAC addresses (for >>>>> privacy) certainly are not in that oui.txt. >>>>> >>>>> I think this is an undesirable situation to be in: unable to >>>>> generate ULAs because the only tool out there (sixxs) can't refuses >>>>> a copy paste a MAC address from the widely used windows 7 laptops. >>>> >>>> That isn't a standards issue, but I agree that operationally, there >>>> needs to be a viable way for anyone to generate a random number. Wait >>>> a minute, that doesn't seem hard. >>> >>> It's easily done centrally, but in a distributed manner it's harder - >>> how am I sure the network I connect to has ULAs generated such that they >>> dont clash with mine? >> >> *YOU* generate you ULA properly. > > You for single or plural? > > Until now I was saying to my peers: I take 192.168.1.1 please take > something else and I'll route to you. that's to of dramatically underselling the amount of coordination required to use rc1918 space between administrative domains. > Now I am saying: generate ULA properly, make it truly random. But how? > >>>>> I am not sure what the problem is, but it's very good to have a >>>>> very easy way to generate ULAs. >>>>> >>>>> 3. in an enterprise deployment there was a problem of ULAs deployed >>>>> in a intra-network and another ULA space in another intra-network, >>>>> of the same enterprise. So we wanted to make sure two things: the >>>>> two ULA spaces are distinct, or otherwise make sure the gateway >>>>> router does not route between the two intranets' ULAs (but yes, >>>>> route between their respective GUAs). >>>> >>>> Why not? ULA to ULA routing on a private link might be desired (e.g. >>>> after two networks merge without renumbering). From a routing PoV >>>> there is nothing special about a ULA prefix; we just need to >>>> configure carefully where it is routed and where it is not routed. >>> >>> Yes, private routing should be ok, but only if these ULAs are unique. >>> If people on different networks use different generation methods then >>> it's dubious to be sure of the uniqueness. Maybe I choose fd00:1::/64 >>> being sure that no random generator will make it, and it happens my >>> neighbors does the same. That leads to conflict on fd00:1::/64 and we >>> dont want routing enabled between the two. >> >> Generate. Don't choose. If you generate then you should be ok. > > Ok. > > But it's much easier to choose. > > We want simple ULA addresses, simple to remember, simple to type, > ideally based on a dictionary. Wierdly when you go to an RIR you don't get to pick what your prefix is... if you don't see your selection with randomness your probability of a collision within your organzation is going to go way up. > This is something everybody building even the simplest IPv6 network has > to do: what simple ULA IPv6 addresses to put there to not break something. I don't have any ula in in my production networks. > Alex > >> >>>> Anyway - I'd like to see the draft progress. Has it already had a >>>> WGLC? >>> >>> I agree, it already has advice in it worth progressing. >>> >>> Alex >>> >>>> >>>> Brian >>>> >>>>> I am not sure how to translate that into advice, because I am not >>>>> sure how it will unfold in the near future. >>>>> >>>>> Alex >>>>> >>>>> Le 21/07/2015 16:02, Fred Baker (fred) a crit : >>>>>> https://tools.ietf.org/html/draft-ietf-v6ops-ula-usage-recommendations >>>>>> >>>>>> >>>>>> >>>>> >>>>>> >>> "Considerations For Using Unique Local Addresses", Bing Liu, Sheng >>>>>> Jiang, 2015-05-03 >>>>>> >>>>>> This draft came up from the floor this afternoon. I think we >>>>>> need some concentrated constructive conversation regarding it - >>>>>> we have had a lot of the other kind. >>>>>> >>>>>> What issues do we need to address to complete it. and what >>>>>> specific recommendations would that include? >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ v6ops mailing >>>>>> list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops >>>>>> >>>>> >>>>> _______________________________________________ v6ops mailing list >>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops >>>>> >>>> >>>> >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >> > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] Discussion of draft-ietf-v6ops-ula-usage-… Fred Baker (fred)
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Brian E Carpenter
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Mark Andrews
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Mark Andrews
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… joel jaeggli
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Brian E Carpenter
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Gert Doering
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Gert Doering
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Alexandru Petrescu
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Gert Doering
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Mark Smith
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Mark Smith
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… joel jaeggli
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Erik Kline
- Re: [v6ops] Discussion of draft-ietf-v6ops-ula-us… Liubing (Leo)