IETF Logo Mail Archive

Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Jen Linkova <furry13@gmail.com> Tue, 29 October 2019 22:29 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44337120072 for <v6ops@ietfa.amsl.com>; Tue, 29 Oct 2019 15:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kr9lrl0oi_pE for <v6ops@ietfa.amsl.com>; Tue, 29 Oct 2019 15:29:27 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69F6B12001E for <v6ops@ietf.org>; Tue, 29 Oct 2019 15:29:27 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id e2so601943qkn.5 for <v6ops@ietf.org>; Tue, 29 Oct 2019 15:29:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=mT1x45LoiMe26EcmWhcGpTkrdv/upVOfqzPaZS4B8nU=; b=dMk13FIiroskm/fjIkW1tw/BkIYjNkohHO6ezelUPmkkjHpb8ydNAaZ54WKUrTBaNh mxbXHhMt6LvhzWlV/Ml+g0sB1jwj+atfeX54xIMdE4IDZGwOk/V1dSZZiXZk963VyYDP hma3s7GT/xOkQ2ViMn3BjXo/SqFOo0PkaQjmbCjtWxAZjuVoOclIefI4VCT+k++Zj5B4 J1IpkWhP7KMsLiTX1dj9QBS73a33sgNzu3+5yOPHr2JhWx7CDTgOHnqpVTZ297yc11Pp koHi3kCW7PqKr1ZL6YyJwJPtc35Tx3wnJnZ8g9Ibpa4NgtE3OSFIkS2fYvcfCafECqHC C1qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=mT1x45LoiMe26EcmWhcGpTkrdv/upVOfqzPaZS4B8nU=; b=UUygn1gWfw3m2RKbAPZPstDyISE85fc8XVjgRSGO83m5ezdU6GFIWkbBjwNfW50L7Y nSFl/auMhVLz9+g1Pk2JtFCRslT3YAYoK2iT8t7hYrQHztRV1QFhmHFOxGo1he5DV8bN YgDowhPYSoSrbr7oQkcMakh7bK21pDfkaneUr2h3/EH9HTGgTuJMUXvp2WuqZHVFRUQ1 nsHDCY7Tv2SrSTRztz56eLjTiIS8R3ThDUSVBcfqcru4D197xFjnsmU0hmkPYa9ge2qH MdIQCQyBomIi389kbq0zAK3FX2qiyD7CO089GaYCakrYMq+e6DBimIpPXyGtG5FjDk2Y 1Q0g==
X-Gm-Message-State: APjAAAWMvQ56y1DUtQpY2tm7sFheFrnJxL7NwDGsA9Hgt9IsiSMYIoyv wP+Cew82k++3IV83RjDSXMb6I7O32FRsC/jYbpPYrA==
X-Google-Smtp-Source: APXvYqwWhZOlv1wPr7Ka382S5K3NuA4WNheRWUYb5EXXXsfU+LeZIhoICGsxYdV8AGJhJZQm0H5B5EeKw/TCuGJxYHE=
X-Received: by 2002:a05:620a:74b:: with SMTP id i11mr23509276qki.417.1572388166069; Tue, 29 Oct 2019 15:29:26 -0700 (PDT)
MIME-Version: 1.0
References: <m1iNIFE-0000IwC@stereo.hq.phicoh.net> <d1b6855d-bde9-7b53-4809-0846bb9772e4@si6networks.com> <CAO42Z2x7vudujw5t++obry56g=VNjQXXTHFK8pBPk0jmk78Bcg@mail.gmail.com> <CAJoHkZ8pTjszP0vw4BjX0HUhmPa6wJONzdy2JEm5iqAfBUvjRg@mail.gmail.com> <CAO42Z2wCYi4KWTEz1hUSPVr9+hu8GaHRkPuvQQ2P00knvnPaaQ@mail.gmail.com> <848BA3B3-36B4-4C42-86D0-88759BC45D5A@employees.org> <CAFU7BARBHGcxzULO-aVr+c5CJW6UCsNRkrgQSRdB7vtpYZw85w@mail.gmail.com> <40E27B00-5C6F-4704-9554-2DC532F854BE@employees.org>
In-Reply-To: <40E27B00-5C6F-4704-9554-2DC532F854BE@employees.org>
From: Jen Linkova <furry13@gmail.com>
Date: Wed, 30 Oct 2019 09:29:14 +1100
Message-ID: <CAFU7BAQ3fXkc4uN2J6tc=KuiyJKZVcvuNEecBpEc7QMkWMzjkA@mail.gmail.com>
To: Ole Troan <otroan@employees.org>
Cc: Mark Smith <markzzzsmith@gmail.com>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/z1gNxuNvXfcDeDAa1v1VpMyHUfY>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2019 22:29:29 -0000

On Tue, Oct 29, 2019 at 9:36 AM Ole Troan <otroan@employees.org> wrote:
> >> Right. Instant/flash renumbering is not supported in IP networks.
> >
> > Oh. Surprise. After I've been doing it all the time....;)
>
> Oh great. So which services do you run in the network? Any issue with short DNS ttls?

Well, I'm quite lucky. First of all, I'm mostly renumbering networks
containing "clients" - networks which rarely need incoming
connections.

> Or do you only do this with MP-TCP / QUIC or only mosh style applications with a built in session layer?
> I presume you have a routed network with multiple routers and links as well?

Boring topologies mostly - two routers to provide first-hop
redundancy, two uplinks.
And - after I've done quite a bit of renumbering both dual-stack and
single-stack segments - IPv4 renumbering is much, much worse.
Sometimes you have to flap switchports.

>Ole, not sarcastic at all. ;-)

>
>
> >
> > Actually it would be helpful  to define requirements/expectations. I read it as:
> > R1: [MUST HAVE] after the renumbering host is able to open new connections
> > R2: [NICE TO HAVE] old connections survive the renumbering.
> >
> > IMHO we shall at least enumerate the most common scenarios where R1 is
> > not happening and look what can be done here.
> > If we have a scenario when hosts end up with totally broken connectivity we can:
> > 1) say 'oh just don't do that' - however before we do this (== produce
> > some BCPs) it's worth analysing if it's feasible and, more
> > importantly:
> >  --- is the party affected by the issue is the same party which is
> > supposed to follow the BCP?
> >  --- are we talking about 'fix all hosts'? (when did we deal last
> > time with the scenario 'a machine re-authenticated via 802.1x
> > successfully, changed the VLAN but kept the old IPv6 prefix'?
> > 2) See if there is a way to mitigate at least part of the problem by
> > making the protocol more robust (isn't all DNA work is actually in the
> > same problem space?)
> >
> >> IPv6 does nothing to help with this, well, assuming a network hiding behind NAT, it makes it harder.
> >> Apart from "does not work", what more can the IETF say or do here?
> >
> > Try to make the Internet work better, maybe? :)
> >
> >>> On 24 Oct 2019, at 12:43, Mark Smith <markzzzsmith@gmail.com> wrote:
> >>>
> >>>
> >>>
> >>> On Thu, 24 Oct 2019, 20:59 Trevor Warwick, <twarwick@gmail.com> wrote:
> >>>
> >>> On Thu, 24 Oct 2019 at 09:18, Mark Smith <markzzzsmith@gmail.com> wrote:
> >>>
> >>>
> >>> I thought about this in the exact context of the scenario of this draft. Although the design of the broadband deployment I worked on always planned to give out stable prefixes, I worked through this scenario and realised that so many complex issues disappear if you provide stable prefixes.
> >>>
> >>> Fundamentally, if an ISP is selling an always on link to the same location, then the addressing should be as permanent as the link delivery location is.
> >>>
> >>>
> >>> If you're an ISP today, and using DHCPv6-PD to hand out IPv6 prefixes, what are the possible scenarios if you don't try hard to keep the prefixes stable?
> >>>
> >>> Why don't you want to try hard? Not trying hard gives customers a bad experience. They're paying you to try hard to give them the best suitable service you can give them.
> >>>
> >>>
> >>> - You could be running a closed environment where all customers are forced to use your CPE, in which case you can make sure that your CPE has various   hacks added to try to cope with prefix instability and avoid customer hosts experiencing connectivity issues when prefixes change. Maybe you can make this work well enough, and advanced customers who don't want to use your CPE are just out of luck.
> >>>
> >>> - If you're in an environment where customers can chose their own CPE, then it seems almost guaranteed that there will be connectivity problems when the prefix changes, because many CPE implementations don't handle this situation at all. So you're then relying on hosts falling back seamlessly to IPv4, in order to continue to have connectivity. In which case, I'd wonder why you're bothering to provide an IPv6 service in the first place.
> >>>
> >>> See what I said about selling an always on service to a fixed location, and the addressing having the same amount of stability as the service and link itself.
> >>>
> >>> The reason this problem really exists is that ISPs have fundamentally continued to treat residential, always on broadband customers although they were still dial up customers. Nothing has changed - per BRAS (NAS) IP address pools, pool route aggregation at the router, customer gets a single IPv4 address when they attach, that can change each time they attach. PPPoE is making Ethernet connectivity resemble dial up connectivity.
> >>>
> >>> Now this dial up model is trying to be applied to semi-permanent IPv6 services, where it's even less applicable now that customers get their own routed address space on a semi-permanent link.
> >>>
> >>> Treat all customers as routed subnet SOHO customers, so they get the same prefix regardless of which BRAS they attach to. Move the route aggregation boundary to a higher level to e.g. a cluster of BRASes, or a region.
> >>>
> >>> Use an IPv6 address provisioning model that suites and matches the service they're paying for, not a nearly 30 year old dial up model.
> >>>
> >>> If your customers can BYO their CPE, then stable prefixes are the only choice.
> >>>
> >>> See slide 6.
> >>>
> >>> Residential IPv6 CPE - What Not to Do and Other Observations
> >>> https://www.slideshare.net/mobile/markzzzsmith/residential-ipv6-cpe-what-not-to-do-and-other-observations
> >>>
> >>>
> >>>
> >>>
> >>> I do think this is an important problem that needs to be solved, for this context and the others mentioned in the draft.
> >>>
> >>>
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >>
> >> _______________________________________________
> >> v6ops mailing list
> >> v6ops@ietf.org
> >> https://www.ietf.org/mailman/listinfo/v6ops
> >
> >
> >
> > --
> > SY, Jen Linkova aka Furry
>


--
SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email