Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
"Mudric, Dusan (Dusan)" <dmudric@avaya.com> Tue, 28 August 2018 15:06 UTC
Return-Path: <dmudric@avaya.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97901130ED8; Tue, 28 Aug 2018 08:06:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqBivkS_HBcr; Tue, 28 Aug 2018 08:06:56 -0700 (PDT)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D482C130F5E; Tue, 28 Aug 2018 08:06:55 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2FoAgBrZIVb/wUHmMZaDgsBAQEBAQEBAQEBAQEHAQEBAQGCelVlfygKg2iUOoINgz2FF41SFIErOwsjCQKEPgIXgl4hNRcBAgEBAQEBAQICAmkcDIJoLwEBBAcDDC8JAgMBAQEBAQEBTwIPRwEBGAEBAQEDEhERMwcGBQwEAgEIDQQEAQEBAgIGIAICAh8RFQgIAgQBDQUIEweDAIFpAxUBDplIiW+BLhoChwgNgywFgQuHMIEbF4FCPiZsRoJMglZFBBiBCz4VFYJVMYImAodtCAGTCysJAoYxd4U1coI1gT+HGwMPhV2INoJnY4dJgUMCNYFScBU7gmmGAYoYOm8BAYEUimsBgRALAQE
X-IPAS-Result: A2FoAgBrZIVb/wUHmMZaDgsBAQEBAQEBAQEBAQEHAQEBAQGCelVlfygKg2iUOoINgz2FF41SFIErOwsjCQKEPgIXgl4hNRcBAgEBAQEBAQICAmkcDIJoLwEBBAcDDC8JAgMBAQEBAQEBTwIPRwEBGAEBAQEDEhERMwcGBQwEAgEIDQQEAQEBAgIGIAICAh8RFQgIAgQBDQUIEweDAIFpAxUBDplIiW+BLhoChwgNgywFgQuHMIEbF4FCPiZsRoJMglZFBBiBCz4VFYJVMYImAodtCAGTCysJAoYxd4U1coI1gT+HGwMPhV2INoJnY4dJgUMCNYFScBU7gmmGAYoYOm8BAYEUimsBgRALAQE
X-IronPort-AV: E=Sophos;i="5.53,299,1531800000"; d="scan'208";a="253433247"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by de307622-de-outbound.net.avaya.com with ESMTP; 28 Aug 2018 11:06:51 -0400
X-OutboundMail_SMTP: 1
Received: from unknown (HELO AZ-US1EXHC04.global.avaya.com) ([135.11.85.15]) by co300216-co-erhwest-out.avaya.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Aug 2018 11:06:50 -0400
Received: from AZ-US1EXMB03.global.avaya.com ([fe80::a5d3:ad50:5be9:1922]) by AZ-US1EXHC04.global.avaya.com ([135.11.85.15]) with mapi id 14.03.0382.000; Tue, 28 Aug 2018 11:06:50 -0400
From: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Lea Roberts <lea.roberts@stanford.edu>, JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org>
CC: "draft-palet-v6ops-rfc6177-bis@ietf.org" <draft-palet-v6ops-rfc6177-bis@ietf.org>, IPv6 Operations <v6ops@ietf.org>
Thread-Topic: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
Thread-Index: AQHUPoeW/ny7JdCSBEyCwIsFLEGznKTVQo4g
Date: Tue, 28 Aug 2018 15:06:49 +0000
Message-ID: <9142206A0C5BF24CB22755C8EC422E459CB44E7E@AZ-US1EXMB03.global.avaya.com>
References: <153017691583.14743.17000446834856511528@ietfa.amsl.com> <78a36a81-3bb3-9d47-aa06-8da8f7594677@gmail.com> <C040E02F-7BEC-4FF9-8585-BE380B6859DE@consulintel.es> <alpine.DEB.2.02.1807191054090.7979@networking.stanford.edu> <9142206A0C5BF24CB22755C8EC422E459CB44344@AZ-US1EXMB03.global.avaya.com> <f1bc1848-abe0-553e-0fdf-623eb0d1a871@gmail.com>
In-Reply-To: <f1bc1848-abe0-553e-0fdf-623eb0d1a871@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.11.85.50]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/xdhXwrcXVcIsgXGFcj3RTthX2gA>
Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 15:07:00 -0000
Hi Brian, There must a way to define how prefixes are assigned to always allow /48, if needed. If not in rfc6177-bis than in another RFC. We have already one limitation for SLAAC that makes sure every home gets at least one /64. We can add another one, in another RFC, to make sure /48 is given on a demand. That will insure future flexibility in any network and make the prefix assignment non-political process. Regards, Dusan. > -----Original Message----- > From: Brian E Carpenter <brian.e.carpenter@gmail.com> > Sent: Tuesday, August 28, 2018 12:27 AM > To: Mudric, Dusan (Dusan) <dmudric@avaya.com>; Lea Roberts > <lea.roberts@stanford.edu>; JORDI PALET MARTINEZ > <jordi.palet=40consulintel.es@dmarc.ietf.org> > Cc: draft-palet-v6ops-rfc6177-bis@ietf.org; IPv6 Operations > <v6ops@ietf.org> > Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt > > On 2018-08-28 06:23, Mudric, Dusan (Dusan) wrote: > > Section 4. > > " b. An end-user should be able to receive any prefix length up to /48 > > simply by asking." > > > > Can this be defined in a way to make sure that new applications and > devices will always work at end sites without a need for asking ISPs for extra > address space? Otherwise, the end-user might not get what he/she asks for, > without paying for the "higher grade" service. Can the definition impose up > to /48 LAP when needed at end sites? For example, can an application > request a home router to request an ISP for /48 prefix and, when requested, > ISP must grant it? > > Unfortunately we can never say "must" in this context. What ISPs will > provide > for what fee is well outside the IETF's competence. As observed on another > thread, applications need to be agile, even if they work better if such a > request was granted. > > I'd say that once this update is done, it may be time to revisit > RFC4084. > > Regards > Brian > > > > > Regards, > > Dusan Mudric. > > > >> -----Original Message----- > >> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Lea Roberts > >> Sent: Thursday, July 19, 2018 2:08 PM > >> To: Brian E Carpenter <brian.e.carpenter@gmail.com>; JORDI PALET > >> MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> > >> Cc: draft-palet-v6ops-rfc6177-bis@ietf.org; IPv6 Operations > >> <v6ops@ietf.org> > >> Subject: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt > >> > >> hi Brian and Jordi - > >> > >> excellent comments and I agree also. > >> > >> thank you!! > >> /Lea > >> > >> On Thu, 19 Jul 2018, JORDI PALET MARTINEZ wrote: > >> > >>> Hi Brian, > >>> > >>> > >>> > >>> Thanks a lot for commenting and sorry the late answer ... too busy last > >> weeks. > >>> > >>> > >>> > >>> Comments in-line below (subjected to my co-author agreement), > basically, > >> agree with all your inputs, except a couple of points. > >>> > >>> > >>> > >>> Thanks! > >>> > >>> > >>> > >>> Regards, > >>> > >>> Jordi > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> -----Mensaje original----- > >>> > >>> De: v6ops <v6ops-bounces@ietf.org> en nombre de Brian E Carpenter > >> <brian.e.carpenter@gmail.com> > >>> > >>> Organizaci?n: University of Auckland > >>> > >>> Fecha: domingo, 8 de julio de 2018, 17:43 > >>> > >>> Para: <draft-palet-v6ops-rfc6177-bis@ietf.org>, IPv6 Operations > >> <v6ops@ietf.org> > >>> > >>> Asunto: Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177-bis-00.txt > >>> > >>> > >>> > >>> Hi, > >>> > >>> > >>> > >>> Thanks for this draft. > >>> > >>> > >>> > >>> > Abstract > >>> > >>> > >>> > >>> This needs to be shorter. Three paragraphs is too much. > >>> > >>> > >>> > >>> For the next version, I've reduced 50% the length of the 1st paragraph. > 3rd > >> paragraph, I recall is mandatory (IDNits). > >>> > >>> > >>> > >>> > >>> > >>> > ... policy should reflect that assignment of a single subnet is > >>> > >>> > no longer appropriate unless the recipient explicitly agrees to the > >>> > >>> > limitations implied by such an assignment. > >>> > >>> > >>> > >>> I *strongly* suggest deleting the "unless" clause. It leaves a > >>> > >>> loophole, and it could easily be hidden in shrink-wrap terms > >>> > >>> and conditions so that a subscriber would agree without even > >>> > >>> knowing about it. Reduce this simply to: > >>> > >>> > >>> > >>> ... policy should reflect that assignment of a single subnet is > >>> > >>> never appropriate. > >>> > >>> > >>> > >>> Agreed and done. > >>> > >>> > >>> > >>> > >>> > >>> > 1. Introduction > >>> > >>> .... > >>> > >>> > 1. It is extremely discouraged that /128s be given out. While there > >>> > >>> > may be some cases where assigning only a single address may be > >>> > >>> > justified, a site, by definition, implies multiple subnets and > >>> > >>> > multiple devices. > >>> > >>> > >>> > >>> I find this a bit weak. Try: > >>> > >>> > >>> > >>> 1. It is extremely discouraged that /128s be given out. While there > >>> > >>> may be some applications where assigning only a single address > may > >> be > >>> > >>> tolerated, a site, by definition, implies multiple subnets and > >>> > >>> multiple devices. Also, a /128 prevents any form of privacy-based > >>> > >>> addressing. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> > 4. This revision has been created to more clearly assert the > >>> > >>> > requirement to ensure that address assignments to end-sites > >>> > >>> > provide a sufficiently big number of subnets (/64 on classic > >>> > >>> > networks) to each end-site, taking under consideration the end- > >>> > >>> > site's future expected needs, new deployment expectations and > >> new > >>> > >>> > protocol requirements, among others. Once all these are > >>> > >>> > considered, it seems unlikely that a single subnet (/64) or even > >>> > >>> > a small number of them should be assigned, unless very clearly > >>> > >>> > justified and agreed to by the end-site. > >>> > >>> > >>> > >>> The "unless" clause is dangerous because of shrink-wrap terms and > >>> > >>> conditions. I suggest deleting it. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> > 2. Considerations Regarding the Prefix Length > >>> > >>> .... > >>> > >>> > This consideration should be noticed, across this document, in the > >>> > >>> > sense that end-sites usually have subnets that use, by default, > >>> > >>> > SLAAC, and consequently, the LAP is mandatorily a /64. Other > >>> > >>> > technologies, may have a different LAP, which must be used > >>> > >>> > accordingly. > >>> > >>> > >>> > >>> I suggest s/Other/Future/ since /64 prevails everywhere today. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> > 3. On /48 Assignments to End-Sites > >>> > >>> .... > >>> > >>> > An important > >>> > >>> > goal in IPv6 is to significantly change the default and minimal end > >>> > >>> > site assignment, from "a single address" to "multiple networks" and > >>> > >>> > to ensure that end-sites can easily obtain address space. > >>> > >>> > >>> > >>> I suggest adding something like this: > >>> > >>> > >>> > >>> As the operational costs of carrier-grade NAT and address+port sharing > >>> > >>> have shown, availability of multiple addresses and prefixes to end sites > >>> > >>> that need them will be a considerable saving to their ISPs. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> > It might be tempting to give home sites a single /64, since that is > >>> > >>> > already significantly more address space compared with today's > IPv4 > >>> > >>> > practice. However, this precludes the expectation that even home > >>> > >>> > sites will grow to support multiple subnets going forward. Hence, it > >>> > >>> > >>> > >>> s/expectation/certainty/ > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> .... > >>> > >>> > A key goal of the recommendations in [RFC3177] is to > >>> > >>> > ensure that upon renumbering, one does not have to deal with > >>> > >>> > renumbering into a smaller subnet size. > >>> > >>> > >>> > >>> Perhaps add: > >>> > >>> > >>> > >>> In particular this would apply to any site that switches to > >>> > >>> an ISP that provides a longer prefix. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> > It should be noted that similar arguments apply to the management > of > >>> > >>> > zone files in the DNS. In particular, managing the reverse > >>> > >>> > (ip6.arpa) tree is simplified when all links are numbered using the > >>> > >>> > same subnet ids > >>> > >>> > >>> > >>> s/numbered/renumbered/ > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> .... > >>> > >>> > years, and we don't recover back the /48's, we will be able to use > >>> > >>> > IPv6 addressing space for over 100.000 years. > >>> > >>> > >>> > >>> Perhaps add: > >>> > >>> > >>> > >>> This document does not advocate careless use of address space, but > >>> > >>> there is objectively no reason to be restrictve. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> .... > >>> > >>> > Today typically, a home has already a considerable number of > possible > >>> > >>> > subnets (a common CE has 4 LAN ports, 2 WiFi radios which support > >>> > >>> > several SSIDs each one, VoIP subnet, IPTV subnet, additional > VLANs) > >>> > >>> > and if downstream routers are used, there is a need for further > >>> > >>> > subnets. This means that in a short term, assigning a /60 (16 > >>> > >>> > subnets), it is already a really bad decision, as it may enforce IPv6 > >>> > >>> > NAT between the main CE and downstream routers. > >>> > >>> > >>> > >>> I suggest deleting "as it may enforce IPv6 NAT between the main CE > and > >>> > >>> downstream routers". Firstly it puts NAT into the reader's mind. > Secondly, > >>> > >>> it isn't the only solution - IIDs shorter than 64 could also be > implemented. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> > 4. Impact on IPv6 Standards > >>> > >>> > >>> > >>> I propose to simply delete this section. > >>> > >>> > >>> > >>> Firstly, RFC3056 is deprecated so it's irrelevant today. > >>> > >>> Secondly, the argument about ULAs (RFC4193) doesn't hold up. > >>> > >>> ULAs are like any other /48 prefix - if you are forced to > >>> > >>> renumber into a longer prefix, you lose some subnet bits. > >>> > >>> That is already covered in the middle of section 3 (the > >>> > >>> "key goal" sentence quoted above). > >>> > >>> > >>> > >>> > >>> > >>> I recall we deprecated the 6to4 anycast, but not 6to4, in fact 6to4 to 6to4 > >> traffic is still useful for peer to peer. > >>> > >>> > >>> > >>> > 6. Security Considerations > >>> > >>> > > >>> > >>> > This document has no known security implications. > >>> > >>> > >>> > >>> Really? More prefix space offers more potential for scanning > >>> > >>> attacks. More prefix space also allows the use of slightly > >>> > >>> randomized prefixes and/or prefix-per host. > >>> > >>> > >>> > >>> Also of course, a /128 would prevent any form of privacy-based > >>> > >>> addressing. > >>> > >>> > >>> > >>> I've introduced new text on those points. > >>> > >>> > >>> > >>> > 8. Acknowledgements > >>> > >>> > > >>> > >>> > The authors of this document will like to acknowledge the authors > of > >>> > >>> > previous versions (Thomas Narten and Geoff Huston) > >>> > >>> > >>> > >>> RFC3177 was signed by the whole IAB and IESG seated in 2001, and its > >>> > >>> Acknowledgements read: > >>> > >>> > >>> > >>> >> This document originated from the IETF IPv6 directorate, with > much > >>> > >>> >> input from the IAB and IESG. The original text forming the basis of > >>> > >>> >> this document was contributed by Fred Baker and Brian Carpenter. > >>> > >>> >> Allison Mankin and Thomas Narten merged the original > contributions > >>> > >>> >> into a single document, and Alain Durand edited the document > >> through > >>> > >>> >> its final stages. > >>> > >>> > >>> > >>> Agreed! > >>> > >>> > >>> > >>> Regards > >>> > >>> Brian > >>> > >>> > >>> > >>> _______________________________________________ > >>> > >>> v6ops mailing list > >>> > >>> v6ops@ietf.org > >>> > >>> https://urldefense.proofpoint.com/v2/url?u=https- > >> > 3A__www.ietf.org_mailman_listinfo_v6ops&d=DwIDaQ&c=BFpWQw8bsuKp > >> l1SgiZH64Q&r=UT3Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=- > >> > 5rgYq_nYMbSH2HXHnHFCFi2KDYzOClhSiLn0au8Wu0&s=iEq1tUDbeQL4f3SLM > >> f1-xihjJYT0KAAN_BWTl9-779c&e= > >>> > >>> > >>> > >>> > >>> > >>> > >>> ********************************************** > >>> IPv4 is over > >>> Are you ready for the new Internet ? > >>> https://urldefense.proofpoint.com/v2/url?u=http- > >> > 3A__www.consulintel.es&d=DwIDaQ&c=BFpWQw8bsuKpl1SgiZH64Q&r=UT3 > >> Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=- > >> > 5rgYq_nYMbSH2HXHnHFCFi2KDYzOClhSiLn0au8Wu0&s=GMRLdItF8yKbUdE9 > >> NuXE-U48uk7OHNuEijym9jhE--s&e= > >>> The IPv6 Company > >>> > >>> This electronic message contains information which may be privileged or > >> confidential. The information is intended to be for the exclusive use of > the > >> individual(s) named above and further non-explicilty authorized > disclosure, > >> copying, distribution or use of the contents of this information, even if > >> partially, including attached files, is strictly prohibited and will be > considered a > >> criminal offense. If you are not the intended recipient be aware that any > >> disclosure, copying, distribution or use of the contents of this information, > >> even if partially, including attached files, is strictly prohibited, will be > >> considered a criminal offense, so you must reply to the original sender to > >> inform about this communication and delete it. > >>> > >>> > >>> > >>> _______________________________________________ > >>> v6ops mailing list > >>> v6ops@ietf.org > >>> https://urldefense.proofpoint.com/v2/url?u=https- > >> > 3A__www.ietf.org_mailman_listinfo_v6ops&d=DwIDaQ&c=BFpWQw8bsuKp > >> l1SgiZH64Q&r=UT3Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=- > >> > 5rgYq_nYMbSH2HXHnHFCFi2KDYzOClhSiLn0au8Wu0&s=iEq1tUDbeQL4f3SLM > >> f1-xihjJYT0KAAN_BWTl9-779c&e=
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Lea Roberts
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… David Farmer
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Fred Baker
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… David Farmer
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… STARK, BARBARA H
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Owen DeLong
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Mudric, Dusan (Dusan)
- Re: [v6ops] I-D Action: draft-palet-v6ops-rfc6177… Brian E Carpenter