Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00.txt
Ed Horley <ed@hexabuild.io> Sat, 12 June 2021 03:32 UTC
Return-Path: <ed@hexabuild.io>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D2783A1AEB for <v6ops@ietfa.amsl.com>; Fri, 11 Jun 2021 20:32:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.656
X-Spam-Level:
X-Spam-Status: No, score=-0.656 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hexabuild-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jiU2Eul5OmoC for <v6ops@ietfa.amsl.com>; Fri, 11 Jun 2021 20:32:35 -0700 (PDT)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E3783A1AEC for <v6ops@ietf.org>; Fri, 11 Jun 2021 20:32:34 -0700 (PDT)
Received: by mail-vs1-xe2d.google.com with SMTP id b1so4876731vsh.7 for <v6ops@ietf.org>; Fri, 11 Jun 2021 20:32:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hexabuild-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HCUVLqtB5fIGZhEN3zhAP/6k42EmfWjuutYjAcMmF/0=; b=yX+fWyUl4KSnaR8MgUvqlrTXPVn0ufx/bZiCYQTDlSmaRl/ttDGIl0LMJtUYXeJSIS xoPZH0wyiDpKTxvGckwc3aytnunihO8BN0kXrfUlU04B5djL0eoXDT2R+J8zkPWAkA/X 5SHawPr6hGM0ewl95G+A5104KQnSV+1hUzbdwENVg6MEqwJK7gKI2c6YhLRTBjrMPd3m q4u2WfnnjDuaaRwhy83vlgF6i17t6wrVkiPZ/jyU1R8nwMcCoyOHpMftwKcJxLsu7Mfn cieK9e+r3yi/6/hFNvg2GTOb1TRNBJKj0dbmi7GXV58YXCP5y2LbgRRqN6YCAfoC8uma Ev/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HCUVLqtB5fIGZhEN3zhAP/6k42EmfWjuutYjAcMmF/0=; b=Jwjp+pCEpoIllkYPKBrG0NLrI5Fa4ehRhIy/0lnhkWq/5Gum3JDKvd+Sn9nPZge5Ui QpNUSHj0AhklkSoR78QQy9JJjPJz8/xBwU0AEbWtE1kIp0RsNT5HIvSAqAK+ziVfcw1A k3i9BVQ7FQPvlu1hhbkxSuUXNmjBy+zAZ22+JmG6qqJAeR4HB3NLqFCKzMnyTExBw8a+ 0FZ0VFKNdPQANUj1o45e4FhEGpXXIh3Pc7/T8/CsjqtSJocJwEtY0Fe+nihIOUdbzok6 mUR4vk3A2zxUIQ4WbNKFdDbw0iaLnGoxw0p4jN524zK5LfR32emSosXu0kS+F09uzhnn 3PwQ==
X-Gm-Message-State: AOAM531HGWVrBl1SAze0MEE/Jd2lGjpTJU1KXn+ygtC/j1Y84NMq9Aaj wPZA/jwBKG5T6aPkoCb5egB0NrrDucqXUYurtOf3sw==
X-Google-Smtp-Source: ABdhPJw8CDhlb79bp4WZl8vPpko0iN2DCBKXsC1ZI2kdO5YIG2t/DMj/hztrvAEiZ/UFQ7u5Dz0Q3tTr2sNibBui/L0=
X-Received: by 2002:a67:f745:: with SMTP id w5mr1145304vso.11.1623468753100; Fri, 11 Jun 2021 20:32:33 -0700 (PDT)
MIME-Version: 1.0
References: <162293202497.20978.11278185466573537743@ietfa.amsl.com> <d928f260-e0b1-7672-7114-7ac09dace037@gmail.com> <CAM5+tA8qt0Z9jKnfFYHWVpX8MC8zkFOnnmUvFboBnBS_OURoxg@mail.gmail.com> <CAO42Z2x=9gpE-BhsHMHD3djgeqJ8qLvz1Dv8cx=mT1sw0J8HTA@mail.gmail.com> <93ae03e7-ee58-defc-7531-69f428a9a81b@gmail.com>
In-Reply-To: <93ae03e7-ee58-defc-7531-69f428a9a81b@gmail.com>
From: Ed Horley <ed@hexabuild.io>
Date: Fri, 11 Jun 2021 20:32:22 -0700
Message-ID: <CAE=N4xfYVOccmG=bK_=okPeDZ1=Bb_EGbzcdCxHOLHnLCsuT=A@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: IPv6 Operations <v6ops@ietf.org>, Mark Smith <markzzzsmith@gmail.com>, Nicholas Buraglio <buraglio@es.net>
Content-Type: multipart/alternative; boundary="0000000000005534e705c4894636"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/yQaX5goirXm0XuJjPkeLuecnmoM>
Subject: Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 03:32:41 -0000
That is easy, fc00::/7 is effectively useless in dual-stack networks to test IPv6. From RFC 6724: Prefix Precedence Label ::1/128 50 0 ::/0 40 1 ::ffff:0:0/96 35 4 2002::/16 30 2 2001::/32 5 5 fc00::/7 3 13 ::/96 1 3 fec0::/10 1 11 3ffe::/16 1 12 On Fri, Jun 11, 2021 at 20:07 Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > TL;DR: fc00::/7 is already assigned for local use. What can 0200::/7 do > better? > > Regards > Brian Carpenter > > On 12-Jun-21 14:58, Mark Smith wrote: > > Hi Nicholas, > > > > Top posting as a summary answer. > > > > I think you're fundamentally asking for a new private IPv6 address > > space. I don't think you can rely on it being exclusively use in labs > > because people don't always follow IPv6 address space use rules, as > > the existing squatting on 0200::/7 demonstrates.* > > > > You're also asking for a non-globally unique private address space. So > > deployments of it, some illegitimate, may possibly suffer from many if > > not all of the problems that the non-globally unique site-local > > address space did - see RFC 3879, "Deprecating Site Local Addresses" > > for those. > > > > If somebody needs more private address space than a single ULA /48 can > > provide, they can generate more for their own use, as long as they > > have a new random Global ID part. There is no requirement in RFC4193 > > that an organisation MUST only have and only use a single /48 ULA > > prefix. > > > > The ULA address space wasn't specifically designed to be used to teach > > address space planning and route aggregation, although I think the 16 > > bits between /48 and /64 could be used for that, as the 16 bits > > between 10.0.0.0/8 and 10.0.0.0/24 have commonly been in IPv4. > > > > If a ULA's 16 bits aren't enough to teach address space planning, then > > the 32 bits between /32 and /64 in the existing 2001:db8::/32 > > documentation prefix could be used. Gaining more bits for this purpose > > by not using the /48 boundary for aggregation would demonstrate bit > > level aggregation rather than sticking to nibble or octet aggregation > > boundaries. > > > > I appreciate the /7 proposed is the same size of the deprecated OSI > > NSAP-mapped prefix, however a /7 to teach address space planning seems > > very excessive. It is twice as large as the whole of the IPv6 > > multicast address space. > > > > If the 2001:db8::/32 prefix is not big enough to usefully teach the > > techniques of address space planning and route aggregation, how big > > does it need to be? How many aggregation boundaries does there need to > > be in a fictitious network and its address space to effectively teach > > address space planning and route aggregation? > > > > The bits available for aggregation in in either 2001:db8::/32 or a ULA > > /48 can easily support 4 levels or more of 4 bit aggregation > > boundaries at nibble boundaries. When wouldn't that be enough to teach > > the technique? > > > > Regards, > > Mark. > > > > *I've seen a number of examples of people getting the ULA address > > space incorrect too despite "Unique" actually being in the name - > > https://blog.apnic.net/2020/05/20/getting-ipv6-private-addressing-right/ > > > > On Sat, 12 Jun 2021 at 08:13, Nick Buraglio <buraglio@es.net> wrote: > >> > >> Our reasoning behind this is that it is not practical for all > organizations to request and justify new address space simply for modeling > their network in order to test migrations / tests / prototyping, > particularly when building drop in replacement architectures or brownfield > migrations for very, very large networks with allocations larger than /32 > (nor should they have to do so). As such, the use cases here are drawn > directly from operational pain and inefficiencies. > >> For example, having to make a request in the ARIN region for IPv6 > resource allocation requires a network design. Entities that are building a > very large network requesting an allocation of /24 are left between a rock > and a hard place since the design has no real mechanism for both address > planning and prototyping / labbing. The current way this is accomplished is > to use often clunky compromises on numbering, a mix of whatever address > space is randomly chosen which in turn requires some level of extra and > arguably avoidable effort in order to migrate to production, and uses some > randomly chosen address block which may or may not be allocated somewhere > else. Since building a prototype using an address schema that won't reflect > the end state as well as it could is very often either a mash up of > documentation prefixes, randomly chosen unallocated space, or a mirror of > the GUA allocation, it introduces a lot of margin of error in both > configuration and migration operations. > >> The last of the aforementioned list - a mirror of the GUA allocation - > has its own set of "...and here be dragons" problems, not the least of > which is potential for leaking into the existing network, confusion about > devices, and other very real human errors. > >> > >> Documentation prefixes already exist which are arguably in that > category of "ambiguous" due to the lack of any kind of reserved and > speciality block for prototyping and labbing, of which they are very often > used. Leveraging a block from the global address space also loses the > advantage of being dereferenced ala rfc6724 as some of the other blocks are > (ULA, etc. ). This could be added to an update to also become deprioritized > if adopted. > >> > >> Additionally, we also have a very recent example of the block in > question being used in an available platform that is running production > traffic in their overlay. It is largely undocumented, functionally > squatting the 0200::/7 block. It is structurally important for, for > example, cloud providers, energy industry (i.e. power meters) that have > extremely large networks that do not want to risk using their actual GUA > space in a lab that could potentially be leaked by misconfiguration. Since > the 0200::/7 is very close to 2000::/3 and can be fairly trivially migrated > from lab / prototyping to production with very straightforward programmatic > means. > >> > >> Moreover, we believe this prototype / lab prefix should be different > from documentation address space in order to retain unique address space > for actual documentation to avoid the haphazard way it is typically done in > the wild in v4 land. for example, code snippets intended for cut-and-paste > should be lab, documentation should be documentation prefix. > >> > >> I hope this helps inform our reasons for proposing it. We're all happy > to discuss this further! > >> > >> nb > >> > >> > >> > >> --- > >> Nick Buraglio > >> Planning and Architecture Group > >> Energy Sciences Network; AS293 > >> Lawrence Berkeley National Laboratory > >> buraglio@es.net > >> +1 (510) 995-6068 > >> > >> > >> On Thu, Jun 10, 2021 at 5:23 PM Brian E Carpenter < > brian.e.carpenter@gmail.com> wrote: > >>> > >>> My concern about this draft is that it intentionally creates ambiguous > address space, something we have very carefully avoided since the beginning > of IPv6. > >>> > >>> Regards > >>> Brian > >>> > >>> On 06-Jun-21 10:27, internet-drafts@ietf.org wrote: > >>>> > >>>> A New Internet-Draft is available from the on-line Internet-Drafts > directories. > >>>> > >>>> > >>>> Title : Expanding IPv6 Lab Use Space > >>>> Authors : Ed Horley > >>>> Tom Coffeen > >>>> Scott Hogg > >>>> Nick Buraglio > >>>> Kevin Myers > >>>> Chris Cummings > >>>> Russ White > >>>> Filename : draft-horley-v6ops-lab-00.txt > >>>> Pages : 5 > >>>> Date : 2021-06-05 > >>>> > >>>> Abstract: > >>>> TTo reduce the likelihood of addressing conflicts and confusion > >>>> between lab deployments and non-lab (i.e., production) deployments, > >>>> an IPv6 unicast address prefix is reserved for use in lab, > proof-of- > >>>> concept, and validation networks as well as for for any similar use > >>>> case. This document describes the use of the IPv6 address prefix > >>>> 0200::/7 as a prefix reserved for this purpose (repurposing the > >>>> deprecated OSI NSAP-mapped prefix). > >>>> > >>>> > >>>> The IETF datatracker status page for this draft is: > >>>> https://datatracker.ietf.org/doc/draft-horley-v6ops-lab/ > >>>> > >>>> There is also an htmlized version available at: > >>>> https://datatracker.ietf.org/doc/html/draft-horley-v6ops-lab-00 > >>>> > >>>> > >>>> Internet-Drafts are also available by anonymous FTP at: > >>>> ftp://ftp.ietf.org/internet-drafts/ > >>>> > >>>> > >>>> _______________________________________________ > >>>> I-D-Announce mailing list > >>>> I-D-Announce@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/i-d-announce > >>>> Internet-Draft directories: http://www.ietf.org/shadow.html > >>>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > >>>> > >>> > >>> _______________________________________________ > >>> v6ops mailing list > >>> v6ops@ietf.org > >>> https://www.ietf.org/mailman/listinfo/v6ops > >> > >> _______________________________________________ > >> v6ops mailing list > >> v6ops@ietf.org > >> https://www.ietf.org/mailman/listinfo/v6ops > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops > -- ed@hexabuild.io - 925-876-6604
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Nick Buraglio
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Mark Smith
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Ed Horley
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Mark Smith
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… David Farmer
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… David Farmer
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Nick Buraglio
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Nick Buraglio
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Mark Smith
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… David Farmer
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Mark Smith
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Nick Buraglio
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Dale W. Carder
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Ed Horley
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… David Farmer
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Ed Horley
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… sthaug
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Mark Smith
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Nick Buraglio
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Ed Horley
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Kevin Myers
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… David Farmer
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Chris Cummings
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Owen DeLong
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… JORDI PALET MARTINEZ
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Fred Baker
- Re: [v6ops] I-D Action: draft-horley-v6ops-lab-00… Gyan Mishra