IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00.txt

Ed Horley <ed@hexabuild.io> Sat, 12 June 2021 03:32 UTC

Return-Path: <ed@hexabuild.io>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D2783A1AEB for <v6ops@ietfa.amsl.com>; Fri, 11 Jun 2021 20:32:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.656
X-Spam-Level:
X-Spam-Status: No, score=-0.656 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hexabuild-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jiU2Eul5OmoC for <v6ops@ietfa.amsl.com>; Fri, 11 Jun 2021 20:32:35 -0700 (PDT)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E3783A1AEC for <v6ops@ietf.org>; Fri, 11 Jun 2021 20:32:34 -0700 (PDT)
Received: by mail-vs1-xe2d.google.com with SMTP id b1so4876731vsh.7 for <v6ops@ietf.org>; Fri, 11 Jun 2021 20:32:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hexabuild-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HCUVLqtB5fIGZhEN3zhAP/6k42EmfWjuutYjAcMmF/0=; b=yX+fWyUl4KSnaR8MgUvqlrTXPVn0ufx/bZiCYQTDlSmaRl/ttDGIl0LMJtUYXeJSIS xoPZH0wyiDpKTxvGckwc3aytnunihO8BN0kXrfUlU04B5djL0eoXDT2R+J8zkPWAkA/X 5SHawPr6hGM0ewl95G+A5104KQnSV+1hUzbdwENVg6MEqwJK7gKI2c6YhLRTBjrMPd3m q4u2WfnnjDuaaRwhy83vlgF6i17t6wrVkiPZ/jyU1R8nwMcCoyOHpMftwKcJxLsu7Mfn cieK9e+r3yi/6/hFNvg2GTOb1TRNBJKj0dbmi7GXV58YXCP5y2LbgRRqN6YCAfoC8uma Ev/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HCUVLqtB5fIGZhEN3zhAP/6k42EmfWjuutYjAcMmF/0=; b=Jwjp+pCEpoIllkYPKBrG0NLrI5Fa4ehRhIy/0lnhkWq/5Gum3JDKvd+Sn9nPZge5Ui QpNUSHj0AhklkSoR78QQy9JJjPJz8/xBwU0AEbWtE1kIp0RsNT5HIvSAqAK+ziVfcw1A k3i9BVQ7FQPvlu1hhbkxSuUXNmjBy+zAZ22+JmG6qqJAeR4HB3NLqFCKzMnyTExBw8a+ 0FZ0VFKNdPQANUj1o45e4FhEGpXXIh3Pc7/T8/CsjqtSJocJwEtY0Fe+nihIOUdbzok6 mUR4vk3A2zxUIQ4WbNKFdDbw0iaLnGoxw0p4jN524zK5LfR32emSosXu0kS+F09uzhnn 3PwQ==
X-Gm-Message-State: AOAM531HGWVrBl1SAze0MEE/Jd2lGjpTJU1KXn+ygtC/j1Y84NMq9Aaj wPZA/jwBKG5T6aPkoCb5egB0NrrDucqXUYurtOf3sw==
X-Google-Smtp-Source: ABdhPJw8CDhlb79bp4WZl8vPpko0iN2DCBKXsC1ZI2kdO5YIG2t/DMj/hztrvAEiZ/UFQ7u5Dz0Q3tTr2sNibBui/L0=
X-Received: by 2002:a67:f745:: with SMTP id w5mr1145304vso.11.1623468753100; Fri, 11 Jun 2021 20:32:33 -0700 (PDT)
MIME-Version: 1.0
References: <162293202497.20978.11278185466573537743@ietfa.amsl.com> <d928f260-e0b1-7672-7114-7ac09dace037@gmail.com> <CAM5+tA8qt0Z9jKnfFYHWVpX8MC8zkFOnnmUvFboBnBS_OURoxg@mail.gmail.com> <CAO42Z2x=9gpE-BhsHMHD3djgeqJ8qLvz1Dv8cx=mT1sw0J8HTA@mail.gmail.com> <93ae03e7-ee58-defc-7531-69f428a9a81b@gmail.com>
In-Reply-To: <93ae03e7-ee58-defc-7531-69f428a9a81b@gmail.com>
From: Ed Horley <ed@hexabuild.io>
Date: Fri, 11 Jun 2021 20:32:22 -0700
Message-ID: <CAE=N4xfYVOccmG=bK_=okPeDZ1=Bb_EGbzcdCxHOLHnLCsuT=A@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: IPv6 Operations <v6ops@ietf.org>, Mark Smith <markzzzsmith@gmail.com>, Nicholas Buraglio <buraglio@es.net>
Content-Type: multipart/alternative; boundary="0000000000005534e705c4894636"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/yQaX5goirXm0XuJjPkeLuecnmoM>
Subject: Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 03:32:41 -0000

That is easy, fc00::/7 is effectively useless in dual-stack networks to
test IPv6. From RFC 6724:


Prefix        Precedence Label
      ::1/128               50     0
      ::/0                  40     1
      ::ffff:0:0/96         35     4
      2002::/16             30     2
      2001::/32              5     5
      fc00::/7               3    13
      ::/96                  1     3
      fec0::/10              1    11
      3ffe::/16              1    12


On Fri, Jun 11, 2021 at 20:07 Brian E Carpenter <brian.e.carpenter@gmail.com>
wrote:

> TL;DR: fc00::/7 is already assigned for local use. What can 0200::/7 do
> better?
>
> Regards
>    Brian Carpenter
>
> On 12-Jun-21 14:58, Mark Smith wrote:
> > Hi Nicholas,
> >
> > Top posting as a summary answer.
> >
> > I think you're fundamentally asking for a new private IPv6 address
> > space. I don't think you can rely on it being exclusively use in labs
> > because people don't always follow IPv6 address space use rules, as
> > the existing squatting on 0200::/7 demonstrates.*
> >
> > You're also asking for a non-globally unique private address space. So
> > deployments of it, some illegitimate, may possibly suffer from many if
> > not all of the problems that the non-globally unique site-local
> > address space did - see RFC 3879, "Deprecating Site Local Addresses"
> > for those.
> >
> > If somebody needs more private address space than a single ULA /48 can
> > provide, they can generate more for their own use, as long as they
> > have a new random Global ID part. There is no requirement in RFC4193
> > that an organisation MUST only have and  only use a single /48 ULA
> > prefix.
> >
> > The ULA address space wasn't specifically designed to be used to teach
> > address space planning and route aggregation, although I think the 16
> > bits between /48 and /64 could be used for that, as the 16 bits
> > between 10.0.0.0/8 and 10.0.0.0/24 have commonly been in IPv4.
> >
> > If a ULA's 16 bits aren't enough to teach address space planning, then
> > the 32 bits between /32 and /64 in the existing 2001:db8::/32
> > documentation prefix could be used. Gaining more bits for this purpose
> > by not using the /48 boundary for aggregation would demonstrate bit
> > level aggregation rather than sticking to nibble or octet aggregation
> > boundaries.
> >
> > I appreciate the /7 proposed is the same size of the deprecated OSI
> > NSAP-mapped prefix, however a /7 to teach address space planning seems
> > very excessive. It is twice as large as the whole of the IPv6
> > multicast address space.
> >
> > If the 2001:db8::/32 prefix is not big enough to usefully teach the
> > techniques of address space planning and route aggregation, how big
> > does it need to be? How many aggregation boundaries does there need to
> > be in a fictitious network and its address space to effectively teach
> > address space planning and route aggregation?
> >
> > The bits available for aggregation in in either 2001:db8::/32 or a ULA
> > /48 can easily support 4 levels or more of 4 bit aggregation
> > boundaries at nibble boundaries. When wouldn't that be enough to teach
> > the technique?
> >
> > Regards,
> > Mark.
> >
> > *I've seen a number of examples of people getting the ULA address
> > space incorrect too despite "Unique" actually being in the name -
> > https://blog.apnic.net/2020/05/20/getting-ipv6-private-addressing-right/
> >
> > On Sat, 12 Jun 2021 at 08:13, Nick Buraglio <buraglio@es.net> wrote:
> >>
> >> Our reasoning behind this is that it is not practical for all
> organizations to request and justify new address space simply for modeling
> their network in order to test migrations / tests / prototyping,
> particularly when building drop in replacement architectures or brownfield
> migrations for very, very large networks with allocations larger than /32
> (nor should they have to do so). As such, the use cases here are drawn
> directly from operational pain and inefficiencies.
> >> For example, having to make a request in the ARIN region for IPv6
> resource allocation requires a network design. Entities that are building a
> very large network requesting an allocation of /24 are left between a rock
> and a hard place since the design has no real mechanism for both address
> planning and prototyping / labbing. The current way this is accomplished is
> to use often clunky compromises on numbering, a mix of whatever address
> space is randomly chosen which in turn requires some level of extra and
> arguably avoidable effort in order to migrate to production, and uses some
> randomly chosen address block which may or may not be allocated somewhere
> else. Since building a prototype using an address schema that won't reflect
> the end state as well as it could is very often either a mash up of
> documentation prefixes, randomly chosen unallocated space, or a mirror of
> the GUA allocation, it introduces a lot of margin of error in both
> configuration and migration operations.
> >> The last of the aforementioned list -  a mirror of the GUA allocation -
> has its own set of "...and here be dragons" problems, not the least of
> which is potential for leaking into the existing network, confusion about
> devices, and other very real human errors.
> >>
> >> Documentation prefixes already exist which are arguably in that
> category of "ambiguous" due to the lack of any kind of reserved and
> speciality block for prototyping and labbing, of which they are very often
> used. Leveraging a block from the global address space also loses the
> advantage of being dereferenced ala rfc6724 as some of the other blocks are
> (ULA, etc. ). This could be added to an update to also become deprioritized
> if adopted.
> >>
> >> Additionally, we also have a very recent example of the block in
> question being used in an available platform that is running production
> traffic in their overlay. It is largely undocumented, functionally
> squatting the 0200::/7 block. It is structurally important for, for
> example, cloud providers, energy industry (i.e. power meters)  that have
> extremely large networks that do not want to risk using their actual GUA
> space in a lab that could potentially be leaked by misconfiguration. Since
> the 0200::/7 is very close to 2000::/3 and can be fairly trivially migrated
> from lab / prototyping to production with very straightforward programmatic
> means.
> >>
> >> Moreover, we believe this prototype / lab prefix should be different
> from documentation address space in order to retain unique address space
> for actual documentation to avoid the haphazard way it is typically done in
> the wild in v4 land. for example, code snippets intended for cut-and-paste
> should be lab, documentation should be documentation prefix.
> >>
> >> I hope this helps inform our reasons for proposing it. We're all happy
> to discuss this further!
> >>
> >> nb
> >>
> >>
> >>
> >> ---
> >> Nick Buraglio
> >> Planning and Architecture Group
> >> Energy Sciences Network; AS293
> >> Lawrence Berkeley National Laboratory
> >> buraglio@es.net
> >> +1 (510) 995-6068
> >>
> >>
> >> On Thu, Jun 10, 2021 at 5:23 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> >>>
> >>> My concern about this draft is that it intentionally creates ambiguous
> address space, something we have very carefully avoided since the beginning
> of IPv6.
> >>>
> >>> Regards
> >>>    Brian
> >>>
> >>> On 06-Jun-21 10:27, internet-drafts@ietf.org wrote:
> >>>>
> >>>> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> >>>>
> >>>>
> >>>>         Title           : Expanding IPv6 Lab Use Space
> >>>>         Authors         : Ed Horley
> >>>>                           Tom Coffeen
> >>>>                           Scott Hogg
> >>>>                           Nick Buraglio
> >>>>                           Kevin Myers
> >>>>                           Chris Cummings
> >>>>                           Russ White
> >>>>       Filename        : draft-horley-v6ops-lab-00.txt
> >>>>       Pages           : 5
> >>>>       Date            : 2021-06-05
> >>>>
> >>>> Abstract:
> >>>>    TTo reduce the likelihood of addressing conflicts and confusion
> >>>>    between lab deployments and non-lab (i.e., production) deployments,
> >>>>    an IPv6 unicast address prefix is reserved for use in lab,
> proof-of-
> >>>>    concept, and validation networks as well as for for any similar use
> >>>>    case.  This document describes the use of the IPv6 address prefix
> >>>>    0200::/7 as a prefix reserved for this purpose (repurposing the
> >>>>    deprecated OSI NSAP-mapped prefix).
> >>>>
> >>>>
> >>>> The IETF datatracker status page for this draft is:
> >>>> https://datatracker.ietf.org/doc/draft-horley-v6ops-lab/
> >>>>
> >>>> There is also an htmlized version available at:
> >>>> https://datatracker.ietf.org/doc/html/draft-horley-v6ops-lab-00
> >>>>
> >>>>
> >>>> Internet-Drafts are also available by anonymous FTP at:
> >>>> ftp://ftp.ietf.org/internet-drafts/
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> I-D-Announce mailing list
> >>>> I-D-Announce@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/i-d-announce
> >>>> Internet-Draft directories: http://www.ietf.org/shadow.html
> >>>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >>>>
> >>>
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >>
> >> _______________________________________________
> >> v6ops mailing list
> >> v6ops@ietf.org
> >> https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
-- 
ed@hexabuild.io - 925-876-6604

v2.23.0 | Report a Bug | By Email