IETF Logo Mail Archive

Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update might break current ULA+IPv4 hostnames

Ted Lemon <mellon@fugue.com> Sun, 12 November 2023 11:38 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B98C1705FB for <v6ops@ietfa.amsl.com>; Sun, 12 Nov 2023 03:38:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0StcgG9l7il for <v6ops@ietfa.amsl.com>; Sun, 12 Nov 2023 03:38:46 -0800 (PST)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B09CDC1705F4 for <v6ops@ietf.org>; Sun, 12 Nov 2023 03:38:46 -0800 (PST)
Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-6ce353df504so2073410a34.3 for <v6ops@ietf.org>; Sun, 12 Nov 2023 03:38:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1699789125; x=1700393925; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FXSAeqL2w4XrihVMxb44G3qXDMFm+C41H6Iotq4Ihp8=; b=L95R2+hSmgm7fZt4pv3Mx5NW74VKJbEPl/zdrzxdqLow9WUGUZDdAeu2zwqldL7BfT TIpmyRP6dMyesfMNzudxp57AxA4i89p5H1CHnIucAZabuMYdeeaWMmoiODb0iLD+lcTR BSR3nKR7/4TJvcr+1RMO+Sit91IjQH9KylgdRSYBzFvaRq1hkwOdMSrzgesOLM/ftR4C o7GFu8JBPU9OiAtSFBk1XOLeTmI3PU3KGB3QMZs2oECtOpDrd0GKZ+9Gu/xkjak44GpI 6VzMCy72Wa8gw8rlqaCEQTN9cEF2Cld1lj+Eqvrvr3qQcD5kKLHCjeBzEZTYlY9f0MGb iJyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699789125; x=1700393925; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FXSAeqL2w4XrihVMxb44G3qXDMFm+C41H6Iotq4Ihp8=; b=bilXEUYCM+bnbslZEEXxCmd6o/D/ZDO8v6gunWxdazw6vdatnPJNIMoL3RmBhHou9U 7NvAiKz3LbSoLoZHm4KakQ0NZyQVXgeJgkc/MEgEC5totMJIynjv+FAV8BXmSuztjupn acI8Q+XT7Qx2MpjUc2YVcjwG4pUFVHY5izVFa6tPEDqlWCLFQTiTbw5ENXK4gfjzQLST LMQ6+iWGDAp1CwYJackAQcDkoo6SjW4YcUoQuXXu+qErZvQDDzieAbzt2wGNsHTpOrqR zfwt7AOy70H3GLHkLaACvw8wkWZ/Dj4S5O18xoFdgi43pFF0ak1YaXB1F78X4hlwoT5d NqwQ==
X-Gm-Message-State: AOJu0YwLcYWlfQBSZ/sDhjBDGJuURMaBAXN+V9gM0Qc2kTw+ESnCdWBp quvEJuai9MZDhkBHE0/4DnwbHInZV4fzPtnViwrLqw==
X-Google-Smtp-Source: AGHT+IGzidfJKb1crwCVMSXNCnAjmLQ9RKNAsNW0BgdGCuturiG2R1fWvIJ/gmQ7KpERxp+tX90Dq/mE5qHxx72bxk0=
X-Received: by 2002:a9d:6258:0:b0:6cd:a7a:848f with SMTP id i24-20020a9d6258000000b006cd0a7a848fmr4260190otk.14.1699789125378; Sun, 12 Nov 2023 03:38:45 -0800 (PST)
MIME-Version: 1.0
References: <CAPt1N1mp+494DTc0hUG0ZwD34n1Kevwu3mwZKvgUq2qaTCZ6sg@mail.gmail.com> <69565BC4-B955-4840-B407-39707C47DE3E@employees.org> <CAPt1N1n_QBBdq_f0uN4=d0QKjdAoEGk4VCm-u6pMQUB0EfiCuw@mail.gmail.com> <CAO42Z2ypqtQT85iccM0N59885Zp+o+X-Lx34CjvaAf+JH9go3w@mail.gmail.com>
In-Reply-To: <CAO42Z2ypqtQT85iccM0N59885Zp+o+X-Lx34CjvaAf+JH9go3w@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sun, 12 Nov 2023 11:38:33 +0000
Message-ID: <CAPt1N1kwJn2i6iU7shdcJBrdEn34P5aWy=k00Yf9AVKva_SbJw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: IPv6 Ops WG <v6ops@ietf.org>, Ole Trøan <otroan@employees.org>
Content-Type: multipart/alternative; boundary="00000000000002f87d0609f2ff52"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/vU_DXphQtRnSz6q59ktP9tziA2U>
Subject: Re: [v6ops] [IPv6] draft-ietf-6man-rfc6724-update might break current ULA+IPv4 hostnames
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Nov 2023 11:38:51 -0000

I think the place to draw the line is where we make a misconfiguration
scenario work at the expense of a scenario where there is no
misconfiguration.

Op zo 12 nov 2023 om 11:19 schreef Mark Smith <markzzzsmith@gmail.com>

> Hi,
>
> On Sun, 12 Nov 2023 at 21:55, Ted Lemon <mellon@fugue.com> wrote:
> >
> > I agree that in this scenario, you have a problem, but I think the case
> where GUA-> GUA doesn’t work is a misconfiguration.  We shouldn’t try to
> address every possible misconfiguration because that will lead to useless
> complexity. Rather, misconfigurations should fail.
>
> I generally agree with this. It's also best if the party who
> misconfigured something directly suffers the greatest consequences of
> their misconfiguration, which motivates them to fix it.
>
> I think there is however some value in tolerating to an extent
> misconfiguration. This is Postel's "be liberal with what you accept".
> However, liberally accepting everything is also not good. The thing to
> think about and decide on is where to draw the line between a
> tolerable misconfiguration and one that should fail hard. I'd say
> tolerable means an acceptable end-user experience, however one that
> would be improved fairly significantly if the misconfiguration is
> fixed.
>
> (More text below, have kept it all to preserve Ole's summary of my
> case rather than snipping it)
>
> > Jen’s experience with this that she shared with us last week suggests
> that this is a better path to function than wallpapering over every
> possible problem.
> >
> > Op zo 12 nov 2023 om 10:50 schreef Ole Trøan <otroan@employees.org>
> >>
> >> Hi Ted,
> >>
> >> Mark’s case:
> >> Destination host B has ULA+GUA.
> >> Source host A has ULA+GUA also.
> >>
> >> 6724 will give two SA, DA pairs.
> >>
> >> {ULA A, ULA B}
> >> {GUA A, GUA B}
> >>
> >> Now, if the only path working is:
> >> {ULA A, GUA B}
> >>
> >> Then that SA, DA combination will not be “found” by 6724.
> >>
> >> If I understood Mark’s case correctly.
> >> Eg if ULA A and ULA B were in different domains.
>
> No, in my scenario both of the Host A and Host B's ULA addresses were
> within the same network/same ULA/48 prefix.
>
> Normally, Host A's ULA address should have a path through the local
> network to Host B's ULA address and vice versa, so Host A and B's ULA
> addresses should be preferred over Host A and Host B's GUA addresses.
>
> However, there could be a routing fault such that H.A ULA to H.B ULA
> temporarily isn't working. H.A GUA to H.B. GUA would then be he fall
> back in that situation until the ULA routing problem is fixed.
>
> Regards,
> Mark.
>
>
> >>
> >> I didn’t think HE would find other SA, DA pairs than what 6724 gives.
> >>
> >> I am definitely not asserting anything here. But asking if this is also
> your understanding. :-)
> >>
> >> Cheers,
> >> Ole
> >>
> >> On 12 Nov 2023, at 11:26, Ted Lemon <mellon@fugue.com> wrote:
> >>
> >> 
> >>
> >> Sorry, you’ll have to walk me through how happy eyeballs fails here.
> I’m not seeing it.
> >>
> >> Op zo 12 nov 2023 om 09:00 schreef Ole Trøan <otroan@employees.org>
> >>>
> >>> Since the RFC6724 algorithm picks a single SA for a DA, in Mark’s
> example the algorithm will not find a working SA/DA at all.
> >>>
> >>> (A solution to that would be to return an ordered list of SAs for a
> DA.)
> >>>
> >>> I am not sure HE would help either, as it’s using what it gets from
> 6724.
> >>>
> >>> Did I understand that correctly?
> >>>
> >>> Cheers
> >>> Ole
> >>>
> >>>
> >>>
> >>> On 12 Nov 2023, at 08:31, Ted Lemon <mellon@fugue.com> wrote:
> >>>
> >>> 
> >>>
> >>> Optimizing for weird internal network outages seems rather
> pessimistic. Do we really think this is a likely situation, such that we
> need to make sure the user doesn’t experience any delay at all in this
> case, at the risk of breaking all internal connections when we need to
> renunber the GUA?
> >>>
> >>> Op zo 12 nov 2023 om 05:14 schreef Mark Smith <markzzzsmith@gmail.com>
> >>>>
> >>>> Hi David,
> >>>>
> >>>> On Sun, 12 Nov 2023, 13:59 David Farmer, <farmer@umn.edu> wrote:
> >>>>>
> >>>>> Lorenzo and Mark,
> >>>>>
> >>>>> The reality is that most systems today would use IPv4 instead of ULA
> if they didn't have GUA unless they implemented the advice in Section 10.6
> of RFC 6724, which is rare and why we need this draft.
> >>>>
> >>>>
> >>>> I understand completely why we need a draft to fix the problem with
> ULAs being below IPv4. Since I think of ULAs as site-locals+a random
> number, I assumed RFC 6724 just effectively replaced site-locals with ULAs,
> preferring them over GUAs, as site-locals had been.
> >>>>
> >>>>>
> >>>>>
> >>>>> We could make the advice in Section 10.6 mandatory, but RFC 4193
> also anticipates merging ULA networks. Therefore, the advice in Section
> 10.6 needs to be mandatory and expanded to allow for an arbitrary number of
> /48s, not just the /48 covering the PIO used for ULA. I suggested using
> PIOs to add additional ULA prefixes to the policy table dynamically.
> However, others felt such a dynamic table would be too complicated and
> preferred the simplicity of raising the preference of the ULA label above
> IPv4 yet remaining below GUA in a static table.
> >>>>
> >>>>
> >>>> For an internal destination, that could be reached by either a ULA or
> GUA address, ULA should be preferred over GUA. Otherwise, one of the key
> benefits and uses of ULAs disappears:
> >>>>
> >>>> RFC 4193:
> >>>>
> >>>> "4.2.  Renumbering and Site Merging
> >>>>
> >>>>    The use of Local IPv6 addresses in a site results in making
> >>>>    communication that uses these addresses independent of renumbering
> a
> >>>>    site's provider-based global addresses."
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>> This is relatively safe as long as Happy Eyeballs is implemented, as
> HE will try ULA against IPv4 if there is no GUA. Otherwise, if there is
> GUA, HE will try it against IPv4 instead.
> >>>>>
> >>>>> As Mark points out, this still leaves GUA preferred over ULA.
> However, raising all ULA above GUA in a static table is unsafe, as any
> remote ULA would be preferred over GUA.
> >>>>
> >>>>
> >>>> Yes.
> >>>>
> >>>>
> >>>>>
> >>>>> Then, Happy Eyeballs would try the remote ULA against IPv4 instead
> of GUA,
> >>>>
> >>>>
> >>>> Which is why HE should prefer ULA over GUA (and all IPv6 is preferred
> over all IPv4).
> >>>>
> >>>> Note that it needs to be Happy Eyeballs version 2, which works
> differently and better to HEv2 regarding IPv6 verses IPv4.
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>> with the likelihood of using IPv4 instead of GUA as expected.  A
> dynamic table that prefers known local ULAs above GUA is the only safe way
> to prefer ULA over GUA.
> >>>>
> >>>>
> >>>> I disagree.
> >>>>
> >>>> Hosts have to be able to cope with DNS providing unreachable
> destinations regardless of ULA/GUA/IPv4 etc. preference, because DNS isn't
> normally tightly coupled to the state of reachability of the network. (DNS
> caching would be hard if not impossible to do if DNS records were coupled
> to the state of OSPF, BGP and ultimately ND/ARP reachability for DAs.)
> >>>>
> >>>> So imagine your "safe" scenario where a host has a dynamic table such
> that the host knows of the local ULA /48.
> >>>>
> >>>> DNS returns the ULA and GUA DAs for an internal host.
> >>>>
> >>>> I think you're saying with your dynamic table that is a safe
> scenario, which I think means you're assuming then ULA will always be 100%
> available because now you're comfortable preferring ULA over GUA. (For
> completeness, does "unsafe" mean encountering long TCP connection timeout
> delays?)
> >>>>
> >>>> That may not be the case. Perhaps the ULA address of a host is on one
> network card, and the GUA address of the host is on a different network
> card (i.e. it's a multihomed host), and the link to the ULA network card is
> down. The ULA address is now unreachable, whereas the GUA is reachable. I
> think that would be an "unsafe" result in your "safe" scenario.
> >>>>
> >>>> DNS does not provide an assurance of current reachability. Hosts have
> to test reachability by actively trying to reach the DNS supplied DAs, and
> move on quickly to the next DA in the set somehow (e.g., via HEv2) when the
> current DA is determined to be unreachable.
> >>>>
> >>>> Once you accept that DNS may return unreachable DAs, and hosts will
> and have to deal with it in a user friendly manner (HEv2 or similar), you
> then optimise for the common and likely cases (via preferences such as ULA
> over GUA), not error and uncommon cases like remote and unreachable ULAs in
> global DNS.
> >>>>
> >>>>
> >>>> Regards,
> >>>> Mark.
> >>>>
> >>>>>
> >>>>> Therefore, the advice in Section 10.6 is still valid and should be
> expanded to allow for an arbitrary number of /48s. With a static table, ULA
> should have a lower preference than GUA to remain safe.
> >>>>>
> >>>>> Mark's agreement, based on site-local, is valid as far as it goes,
> but since there is only one site-local prefix, there is no such thing as a
> remote site-local, where there can be unreachable remote ULAs.
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> On Sat, Nov 11, 2023 at 3:57 AM Lorenzo Colitti <lorenzo=
> 40google.com@dmarc.ietf.org> wrote:
> >>>>>>
> >>>>>> Why is is a misconfiguration to put a ULA AAAA record in the DNS?
> Because it is never preferred over anything, adding it won't break
> anything, and it will work on IPv6-only networks when global IPv6
> connectivity is down. I could totally see someone doing the following:
> >>>>>>
> >>>>>> server.smallcompany.com AAAA fd73:4899:2a7f:a93a::53
> >>>>>> server.smallcompany.com AAAA 2001:db8:4923::1
> >>>>>> server.smallcompany.com A 192.0.2.1
> >>>>>>
> >>>>>> This would work well today. The server would be reached:
> >>>>>>
> >>>>>> - over global IPv6, if the client has it
> >>>>>> - over ULA, if the client is v6-only and is within small company's
> network but there is no global connectivity (e.g. ISP link down and
> addresses deprecated)
> >>>>>> - over IPv4, otherwise
> >>>>>>
> >>>>>> People might well have done this today because it works for them.
> If we change the rules as proposed in this draft, it will stop working for
> any home network that has a ULA and IPv4, but no IPv6 (and there are lots
> of these).
> >>>>>>
> >>>>>> This is a fundamental property of ULA: it doesn't provide
> reachability. If we give all of ULA the same label, and prefer it over
> other addresses, we'll always end up with problems.
> >>>>>>
> >>>>>> What happened to the idea of treating "same /48" ULA differently
> from "rest of ULA space"?
> >>>>>>
> >>>>>> On Fri, 10 Nov 2023, 15:57 David Farmer, <farmer=
> 40umn.edu@dmarc.ietf.org> wrote:
> >>>>>>>
> >>>>>>> In this scenario, a ULA source with a non-local ULA destination
> can only occur from a misconfiguration that includes both a ULA and Global
> IPv4 addresses in the Global DNS, contradicting Section 4.4 of RFC4193.
> >>>>>>>
> >>>>>>> Nevertheless, even if this misconfiguration happens, Happy
> Eyeballs, if implemented, will try the non-local ULA destination with the
> ULA source and the IPv4 destination and source pairings. The likely result
> is IPv4 being used in practice since the ULA source will typically fail to
> communicate with the non-local ULA destination, and IPv4 will succeed if
> IPv4 Internet connectivity is available.
> >>>>>>>
> >>>>>>> If Happy Eyeballs is not implemented, the non-local ULA
> destination with the ULA source is preferred, and the ULA source will
> typically fail to communicate with the non-local ULA destination; however,
> if the operational guidelines in Section 4.3 of [RFC4193] are followed. In
> that case, recognizing this failure can be accelerated, and transport layer
> timeouts (e.g., TCP) can be avoided. These guidelines will cause a
> Destination Unreachable ICMPv6 Error to be received by the source device,
> signaling the next address in the list to be tried, as discussed in Section
> 2 of RFC 6724;
> >>>>>>>
> >>>>>>> Well-behaved applications SHOULD NOT simply use the first address
> returned from an API such as getaddrinfo() and then give up if it fails.
> For many applications, it is appropriate to iterate through the list of
> addresses returned from getaddrinfo() until a working address is found. For
> other applications, it might be appropriate to try multiple addresses in
> parallel (e.g., with some small delay in between) and use the first one to
> succeed.
> >>>>>>>
> >>>>>>>
> >>>>>>> Should this also be discussed in the draft?
> >>>>>>>
> >>>>>>> Thanks
> >>>>>>>
> >>>>>>> On Fri, Nov 10, 2023 at 3:35 AM Lorenzo Colitti <lorenzo=
> 40google.com@dmarc.ietf.org> wrote:
> >>>>>>>>
> >>>>>>>> I don't know how common this is, but it's probably worth thinking
> about.
> >>>>>>>>
> >>>>>>>> Many home routers assign ULAs, even if they don't have native
> IPv6. On such networks, a hostname that has ULA and IPv4 (or ULA and global
> and IPv4) will currently work using IPv4.
> >>>>>>>>
> >>>>>>>> If hosts update to follow the new rules in
> draft-ietf-6man-rfc6724-update, that will break because new hosts will
> prefer ULA over IPv4. This won't work, because the ULA is actually a
> different ULA and the home router will drop the packets.
> >>>>>>>>
> --------------------------------------------------------------------
> >>>>>>>> IETF IPv6 working group mailing list
> >>>>>>>> ipv6@ietf.org
> >>>>>>>> Administrative Requests:
> https://www.ietf.org/mailman/listinfo/ipv6
> >>>>>>>>
> --------------------------------------------------------------------
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> ===============================================
> >>>>>>> David Farmer               Email:farmer@umn.edu
> >>>>>>> Networking & Telecommunication Services
> >>>>>>> Office of Information Technology
> >>>>>>> University of Minnesota
> >>>>>>> 2218 University Ave SE        Phone: 612-626-0815
> >>>>>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> >>>>>>> ===============================================
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> ===============================================
> >>>>> David Farmer               Email:farmer@umn.edu
> >>>>> Networking & Telecommunication Services
> >>>>> Office of Information Technology
> >>>>> University of Minnesota
> >>>>> 2218 University Ave SE        Phone: 612-626-0815
> >>>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> >>>>> ===============================================
> >>>>
> >>>> --------------------------------------------------------------------
> >>>> IETF IPv6 working group mailing list
> >>>> ipv6@ietf.org
> >>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >>>> --------------------------------------------------------------------
> >>>
> >>> --------------------------------------------------------------------
> >>> IETF IPv6 working group mailing list
> >>> ipv6@ietf.org
> >>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >>> --------------------------------------------------------------------
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email