Re: what problem is solved by proscribing non-64 bit prefixes?

To: Pekka Savola <pekkas at netcore.fi>
Subject: Re: what problem is solved by proscribing non-64 bit prefixes?
From: Alexandru Petrescu <alexandru.petrescu at gmail.com>
Date: Tue, 30 Sep 2008 19:56:47 +0200
Cc: Alexandru Petrescu <alexandru.petrescu at gmail.com>, V6ops Chairs <v6ops-chairs at tools.ietf.org>, IETF IPv6 Mailing List <ipv6 at ietf.org>, Ron Bonica <rbonica at juniper.net>, Steve_Eiserman at ao.uscourts.gov, Pasi Eronen <Pasi.Eronen at nokia.com>, "Sherman, Kurt T." <ksherman at mitre.org>, "Martin, Cynthia E." <cemartin at mitre.org>, draft-ietf-v6ops-addcon at tools.ietf.org, ralph.liguori at disa.mil, night at nist.gov, dougm at nist.gov
Delivered-to: ietfarch-ipv6-archive at core3.amsl.com
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <alpine.LRH.2.00.0809301958310.20045 at netcore.fi>
List-archive: <https://www.ietf.org/mailman/private/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <48DB374B.1000308 at piuha.net> <0AC4B700F00DBB4C94F95727E0991414014B2441 at IMCSRV7.MITRE.ORG> <48E230D5.3040204 at gmail.com> <0AC4B700F00DBB4C94F95727E0991414014B24D2 at IMCSRV7.MITRE.ORG> <48E24F78.70004 at ca.afilias.info> <alpine.LRH.2.00.0809301958310.20045 at netcore.fi>
Sender: ipv6-bounces at ietf.org
User-agent: Thunderbird 2.0.0.17 (Windows/20080914)

Pekka, I also think having that 64bit boundary helped in designing CGAs.They're more secure when we know IIDs must be 64bit in length.


Pekka Savola wrote:

On Tue, 30 Sep 2008, Brian Dickson wrote:
Dunn, Jeffrey H. wrote:

My basic question is: What basic engineering problem is solved by
proscribing non-64 bit prefixes?
If the non-64 prefixes had not been proscribed, we wouldn't have beenable to use the existing engineering method to develop CGA/SENDspecifications.

If CGA addresses are a departure allowing the IID on Ethernet besomething else than an Ethernet-derived IID (e.g. not always have fffesomewhere in the middle) then they (CGA IIDs) could also settle forless, like being 63 in length, instead of 64. This would allow forfurther subnetting the typical /64 into two /65s, with only minimal 1bitdecrease in security.

It may be that CGA addresses and longer-than-64bit SLAAC are notincompatible.


Just some thoughts.

Alex
SLAAC: IPv6 StateLess Address AutoConf

These are being leveraged in SHIM6 and potentially inother applications as well. Likely we couldn't even solve theseengineering problems (at least without major drawbacks/otherassumptions) if we couldn't have made assumptions about the widely-usedprefix length.
That said, I personally use non-64 bit prefixes on point-to-point linksbetween routers, but I have done so willingly and knowing that if theIETF develops anything fancy new stuff, I might not be able to use it orI might need to renumber.
When managing such a scheme alongside an IPv6 prefix which needs to beassigned to the same set of servers, which are all dual-stack, the*number* of prefixes, their *relative* numbering, and the host*addresses* within the prefixes, it is quickly apparent that use ofonly /64 prefixes makes for a management nightmare, particularly ifrenumbering of prefixes and/or servers occurs, e.g. re-balancing theVLSM arrangement itself in IPv4-land.
I don't understand why *relative* numbering (i.e: overlapping subnetmasks) is important in IPv6, and I'm not sure if I see the case even forv4. Could you enlighten me?
I assume you refer to a scenario where on the same broadcast domainthere are hosts which are configured with say A.B.C.0/24 length, andsome others are configured with, say, A.B.C.D/28 prefix length.



______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.

For more information please visit http://www.messagelabs.com/email______________________________________________________________________

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

References:
- v6ops-addcon and longer than 64 bit prefixes
  - From: Jari Arkko
- RE: v6ops-addcon and longer than 64 bit prefixes
  - From: Dunn, Jeffrey H.
- Re: what problem is solved by proscribing non-64 bit prefixes? (was: v6ops-addcon and longer than 64 bit prefixes)
  - From: Alexandru Petrescu
- RE: what problem is solved by proscribing non-64 bit prefixes? (was: v6ops-addcon and longer than 64 bit prefixes)
  - From: Dunn, Jeffrey H.
- Re: what problem is solved by proscribing non-64 bit prefixes?
  - From: Brian Dickson
- Re: what problem is solved by proscribing non-64 bit prefixes?
  - From: Pekka Savola

Prev by Date: RE: what problem is solved by proscribing non-64 bit prefixes?
Next by Date: RE: what problem is solved by proscribing non-64 bit prefixes?
Previous by thread: RE: what problem is solved by proscribing non-64 bit prefixes?
Next by thread: Re: what problem is solved by proscribing non-64 bit prefixes?
Index(es):
- Date
- Thread

Re: what problem is solved by proscribing non-64 bit prefixes?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.