Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Fernando Gont <fgont@si6networks.com> Sun, 21 February 2021 09:39 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 105F53A18BA; Sun, 21 Feb 2021 01:39:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HeGIeARNzmzq; Sun, 21 Feb 2021 01:39:34 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B6B43A18B9; Sun, 21 Feb 2021 01:39:28 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:a5f3:43ef:575c:2a1c] (unknown [IPv6:2800:810:464:2b9:a5f3:43ef:575c:2a1c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 9ACEE2809D2; Sun, 21 Feb 2021 09:39:24 +0000 (UTC)
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
References: <a5b9b8566ce446d3a5e5dcc9ca2fbac2@boeing.com> <CAN-Dau1xD21EpqrSXKHLzADPyjeWcwc=phHGSFP8cj6705O2BQ@mail.gmail.com> <5f0f480a-b331-7f0c-a738-5d80bd8569e6@si6networks.com> <02dd48fbe6cc44c482662fdc1978219f@boeing.com> <4908665c-94cf-810f-8bff-7407e3abe099@si6networks.com> <c09cfe42-f74b-ccaf-f03b-fb6942ed890f@gmail.com> <CAO42Z2wdgJXC3v9HtU-tNRAPv-zuhnyGuCq5m-r8T7LO84U3jg@mail.gmail.com> <ff071f80-67d3-b9a3-7352-39a0547da415@si6networks.com> <CAO42Z2yoEjJumjMD_YNQ_wwCV2KUsDvODy58Vg7ar=+hRw4OJA@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <19b93695-b191-3870-a4e2-ab4effbff9dd@si6networks.com>
Date: Sun, 21 Feb 2021 04:18:53 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAO42Z2yoEjJumjMD_YNQ_wwCV2KUsDvODy58Vg7ar=+hRw4OJA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/vUGFfN2gl4S4PIBlPApN4y8qv1U>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2021 09:39:38 -0000

Hi, Mark,

On 20/2/21 18:54, Mark Smith wrote:
> On Fri, 19 Feb 2021 at 14:22, Fernando Gont <fgont@si6networks.com> wrote:
>>
>> On 18/2/21 22:21, Mark Smith wrote:
>>>
>>>
>>> On Fri, 19 Feb 2021, 11:37 Brian E Carpenter,
>>> <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
>>>
>>>      So, my thought (and it belongs on this thread OR the 'IPv6
>>>      addressing: Gaps?' one) is something like:
>>>
>>>      We should abolish, delete, expunge and deprecate the word "scope"
>>>      from all IPv6 documents. It clearly doesn't have an agreed meaning,
>>>      so it is worse than useless.
>>>
>>>
>>> I think the word scope is fine.
>>>
>>> The problem is that by itself it doesn't specify what thing the scope is
>>> applying to, and people aren't explicitly saying what that scope they're
>>> referring to. "Global scope" - scope of what?
>>
>> As per RFC4007, scope refers to address uniqueness.
> 
> RFC4007 doesn't apply to ULAs:
> 
> "Though the current address architecture specification [1] defines
> unicast site-local addresses, the IPv6 working group decided to
> deprecate the syntax and the usage [5] and is now investigating other
> forms of local IPv6 addressing.  The usage of any new forms of
> local addresses will be documented elsewhere in the future.  Thus,
> this document intentionally focuses on link-local and multicast
> scopes only."
> 
> RFC4193 is of course this future document.

RFC4007 is an architecture document and does not talk about ULAs because 
it *predates* ULAs.

Given that RFC4007 is an architectural document, it is mean to apply to 
all developments -- unless updated.





>>> ULAs (and addresses in general) have at least two different scopes:
>>>
>>> - scope or domain of intended uniqueness
>>
>> For ULAs, this is "set of interconnected ULA-based networks" -- i.e.,
>> some sort of limited domain/scope.
>>
> 
> RFC4193 explicitly says that the scope of uniqueness is global:
> 
> "Local IPv6 unicast addresses have the following characteristics:
> 
>        - Globally unique prefix (with high probability of uniqueness)."

Probability != certainty

    [RFC4007] defines the scope of an address as:

       "[the] topological span within which the address may be used as a
       unique identifier for an interface or set of interfaces"

    And defines the "global scope" to be used for:

       "uniquely identifying interfaces anywhere in the Internet"



It does *not* say "probably uniquely identifying interfaces anywhere in 
the Internet"




>>> - scope or domain of intended forwarding within a network or across a
>>> set of networks
>>
>> In this case, same as before.
>>
>> Normally, both of these are equal:
> 
> In ULAs they aren't.

If you look at the definition of global scope from RFC4007, the 
definition of ULAs as being global scope doesn't match with such definition.


> Link-Local addresses generated using RFC7271s aren't either.

That's not correct. RFC7217 leads to a unique address, or fails. ONece 
you have successfully generated the address, the address does uniquely 
identify an interface on the local-link.



> The IID is likely to be globally unique, even though the Link-Local
> prefix isn't. Combining the globally unique IID with the Link-Local

IIDs are *not* globally unique. They are *locally* -- you check for 
uniqueness on the local link (via DAD), but not globally.



> prefix results in a globally unique Link-Local address - the
> forwarding scope of the packets with those addresses is limited to a
> link, however the RFC7217 LL address's scope of uniqueness is global.

Not sure what you mean: link-local addresses, as the name imply, have a 
link-local scope.




> and address uniqueness will limit
>> reachability.
>>
> 
> I'm not sure I understand what you're saying.

You can only employ an address where the address is meaningful. 
"Meaningful" means that the address specifies the same interface at the 
sender as well as at the receiver. And it is the "scope" property which 
specifies the topologicaly span where the address complies with that 
property.


Obviously, the address scope will be the upper constrain on 
reachability, because you can certainly *not* reach what you cannot address.

(you cannot get to a place if you cannot specify where you want to go)



> I am wondering if my definition of "reachability" is different from
> yours. I see it as describing the likely current forwarding capability
> of the network, because the main use of the term I've encountered is
> in the context of BGP.

Reachability: topological span where a packet with said address could 
possibly be forwarded to.



> So the "forwarding domain" is what is designed to be the case, whereas
> actual reachability depends on route tables, paths and links being
> available, ACLs or other security policies etc, intentional or not
> duplicate addresses (i.e. anycast).

The above would apply.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492