Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 13 February 2021 18:30 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF5483A09A8; Sat, 13 Feb 2021 10:30:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RVpHBS3Qqe6Y; Sat, 13 Feb 2021 10:30:15 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C077E3A09B5; Sat, 13 Feb 2021 10:30:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id E850B38A71; Sat, 13 Feb 2021 13:33:43 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id LNJrgHnXlKKy; Sat, 13 Feb 2021 13:33:42 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id C44E438A70; Sat, 13 Feb 2021 13:33:42 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 966145B2; Sat, 13 Feb 2021 13:30:12 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: IPv6 Operations <v6ops@ietf.org>, "6man\@ietf.org" <6man@ietf.org>
In-Reply-To: <684feac2-b5da-7fac-cdc2-b91ecc063b5b@si6networks.com>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <F4E00812-E366-4520-AE17-7BB46E28D575@gmail.com> <b2e51a89-e8a7-9ddb-643d-63a98569b03c@si6networks.com> <CB9EA5F4-A241-46A4-A371-B2A1BFB8C72F@fugue.com> <dff93a2e-f4f8-01c9-ce88-c2dbb20a04f1@si6networks.com> <759637FF-77C7-41EA-8671-73988AD48873@fugue.com> <9877D352-E9BB-453B-A676-D2B5C546C1C2@gmail.com> <11035C3E-BA75-4B9D-A047-B2AA1DE23BEA@fugue.com> <b3f1c53f-c22d-c9fb-6094-9a15d79fcd43@si6networks.com> <b9972eb4-b4db-e82d-12ec-1cfcc75a9e45@gmail.com> <6488.1613188541@localhost> <684feac2-b5da-7fac-cdc2-b91ecc063b5b@si6networks.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Sat, 13 Feb 2021 13:30:12 -0500
Message-ID: <9091.1613241012@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/wIzxela8w5hQe6EfCRjwENJl90M>
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2021 18:30:18 -0000

Fernando Gont <fgont@si6networks.com> wrote:
    > On 13/2/21 00:55, Michael Richardson wrote:
    >>
    >> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > ULAs SHOULD
    >> be treated exactly like GUAs for all practical purposes > (including
    >> using a default router for them), with the exception that > they MUST
    >> be filtered by border routers at a domain boundary that is > defined
    >> administratively. The only extra requirement is that ULA > prefixes
    >> MUST be unique within that domain boundary. That's all, I > think.
    >>
    >> But, that's pretty much always just BCP38, right?

    > Not really. BCP38 means that you don't allow packets to enter your
    > network if they are employing the address space of your network (i.e.,

That's not what I think of BCP38.
And that's not what BCP38 section 3 says.

It has nothing to do with what your address space is, and everything to do
what your routes to their address says.
What you describe is a subset of BCP38, applicable to stub networks only.

BCP38 means that you don't accept packets with source addresses that you
could not route back in that direction.
It doesn't work in the DFZ, and at peering points.
The rule you cited can also be useful, but it's not the same thing.

Either way, it does catch a huge amount of stuff, including keeping
ULAs from escaping.

    > OTOH, my ISP seems to employ ULAs in their infrastructure... so
    > filtering ULAs at my CPE router would "break" traceroute.

1) I think your ISP is broken, but...
2) If your default route is unadorned with a source address restriction, and
   since it points to your ISP, they aren't incorrect.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide