| < draft-buraglio-v6ops-ula-01.txt | draft-buraglio-v6ops-ula-02.txt > | |||
|---|---|---|---|---|
| Network Working Group N. Buraglio | Network Working Group N. Buraglio | |||
| Internet-Draft C. Cummings | Internet-Draft C. Cummings | |||
| Intended status: Informational Energy Sciences Network | Intended status: Informational Energy Sciences Network | |||
| Expires: 24 October 2022 R. White | Expires: 11 November 2022 R. White | |||
| Juniper Networks | Juniper Networks | |||
| 22 April 2022 | 10 May 2022 | |||
| Unintended Operational Issues With ULA | Unintended Operational Issues With ULA | |||
| draft-buraglio-v6ops-ula-01 | draft-buraglio-v6ops-ula-02 | |||
| Abstract | Abstract | |||
| The behavior of ULA addressing as defined by [RFC6724] is preferred | The behavior of ULA addressing as defined by [RFC6724] is preferred | |||
| below legacy IPv4 addressing, thus rendering ULA IPv6 deployment | below legacy IPv4 addressing, thus rendering ULA IPv6 deployment | |||
| functionally unusable in IPv4 / IPv6 dual-stacked environments. This | functionally unusable in IPv4 / IPv6 dual-stacked environments. This | |||
| behavior is counter to the operational behavior of GUA IPv6 | behavior is counter to the operational behavior of GUA IPv6 | |||
| addressing on nearly all modern operating systems that leverage a | addressing on nearly all modern operating systems that leverage a | |||
| preference model based on [RFC6724] . | preference model based on [RFC6724] . | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 24 October 2022. | This Internet-Draft will expire on 11 November 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
| described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Defining Well Known Unintended Operational Issues With ULA . 2 | 2. Defining Well Known Unintended Operational Issues With ULA . 2 | |||
| 3. Operational Implications . . . . . . . . . . . . . . . . . . 3 | 3. Operational Implications . . . . . . . . . . . . . . . . . . 3 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| In modern IPv4 / IPv6 dual-stacked environments, ULA addressing and | In modern IPv4 / IPv6 dual-stacked environments, ULA addressing and | |||
| GUA IPv6 addressing exhibit opposite behavior, which creates | GUA IPv6 addressing exhibit opposite behavior, which creates | |||
| difficulties in deployments leveraging ULA addressing. This | difficulties in deployments leveraging ULA addressing. This | |||
| conflicting behavior carries planning, operational, and security | conflicting behavior carries planning, operational, and security | |||
| implications for environments requiring ULA addressing with IPv4/IPv6 | implications for environments requiring ULA addressing with IPv4/IPv6 | |||
| dual-stack and prioritization of IPv6 traffic by default, as is the | dual-stack and prioritization of IPv6 traffic by default, as is the | |||
| behavior with IPv6 GUA addressing. | behavior with IPv6 GUA addressing. | |||
| skipping to change at page 4, line 33 ¶ | skipping to change at page 4, line 33 ¶ | |||
| was for a configurable, longest-match table to be adjusted as-needed. | was for a configurable, longest-match table to be adjusted as-needed. | |||
| In practice, modifying the prefix policy table remains difficult | In practice, modifying the prefix policy table remains difficult | |||
| across platforms, and in some cases impossible. Embedded, | across platforms, and in some cases impossible. Embedded, | |||
| proprietary, closed source, and IoT devices are especially difficult | proprietary, closed source, and IoT devices are especially difficult | |||
| to adjust and are, in many cases, incapable of any adjustment | to adjust and are, in many cases, incapable of any adjustment | |||
| whatsoever. Large scale manipulation of the policy table also | whatsoever. Large scale manipulation of the policy table also | |||
| remains out of the realm of realistic support for small and medium | remains out of the realm of realistic support for small and medium | |||
| scale operators due to lack of ability to manipulate all the hosts | scale operators due to lack of ability to manipulate all the hosts | |||
| and systems, or a lack of tooling and access. | and systems, or a lack of tooling and access. | |||
| Below is an example of a gai.cnf file from a modern Linux | Below is an example of a gai.conf file from a modern Linux | |||
| installation as of 03 April 2022: | installation as of 03 April 2022: | |||
| # Configuration for getaddrinfo(3). | # Configuration for getaddrinfo(3). | |||
| # | # | |||
| # So far only configuration for the destination address sorting is needed. | # So far only configuration for the destination address sorting is needed. | |||
| # RFC 3484 governs the sorting. But the RFC also says that system | # RFC 3484 governs the sorting. But the RFC also says that system | |||
| # administrators should be able to overwrite the defaults. This can be | # administrators should be able to overwrite the defaults. This can be | |||
| # achieved here. | # achieved here. | |||
| # | # | |||
| # All lines have an initial identifier specifying the option followed by | # All lines have an initial identifier specifying the option followed by | |||
| skipping to change at page 6, line 10 ¶ | skipping to change at page 6, line 10 ¶ | |||
| # The defaults are equivalent to: | # The defaults are equivalent to: | |||
| # | # | |||
| #scopev4 ::ffff:169.254.0.0/112 2 | #scopev4 ::ffff:169.254.0.0/112 2 | |||
| #scopev4 ::ffff:127.0.0.0/104 2 | #scopev4 ::ffff:127.0.0.0/104 2 | |||
| #scopev4 ::ffff:0.0.0.0/96 14 | #scopev4 ::ffff:0.0.0.0/96 14 | |||
| Figure 2 | Figure 2 | |||
| Several assumptions are made here and are largely based on | Several assumptions are made here and are largely based on | |||
| interpretations of [RFC6724] but are not operationally relevant in | interpretations of [RFC6724] but are not operationally relevant in | |||
| modern networks. | modern networks. As this file or an equivalent structure within a | |||
| given operating system is referenced, it dictates the behavior of the | ||||
| getaddrinfo() or analogous process. More specifically, where | ||||
| getaddrinfo() or comparable API is used, the sorting behavior should | ||||
| take into account both the source address of the requesting host as | ||||
| well as the destination addresses returned and sort according to both | ||||
| source and destination addressing, i.e, when a ULA address is | ||||
| returned, the source address selection should return and use a ULA | ||||
| address if available. Similarly, if a GUA address is returned the | ||||
| source address selection should return a GUA source address if | ||||
| available. | ||||
| Here are some example failure modes: | Here are some example failure modes: | |||
| 1. ULA per [RFC6724] is less preferred (the Precedence value is | 1. ULA per [RFC6724] is less preferred (the Precedence value is | |||
| lower) than all legacy IPv4 (represented by ::ffff:0:0/96 in the | lower) than all legacy IPv4 (represented by ::ffff:0:0/96 in the | |||
| aforementioned table). | aforementioned table). | |||
| 2. Because of the lower Precedence value of fc00::/7, if a host has | 2. Because of the lower Precedence value of fc00::/7, if a host has | |||
| legacy IPv4 enabled, it will use legacy IPv4 before using ULA. | legacy IPv4 enabled, it will use legacy IPv4 before using ULA. | |||
| End of changes. 8 change blocks. | ||||
| 9 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||