Re: Choice of network space when numbering interfaces with IPv6 (IPv6 STANDARDS)
On Oct 16, 2010, at 4:52 PM, Bill Bogstad wrote: On Sat, Oct 16, 2010 at 6:26 PM, Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) And none of the listed IETF full standards are IPv6 related. That seems a little bit odd to me given that everyone is supposed to have implemented them by now. Bill Bogstad IPv4 was much further along in deployment than IPv6 is now when the first IPv4 STDs were published as STDs. Usually RFCs bake for quite a while in the real world before becoming STDs. Owen
Re: Choice of network space when numbering interfaces with IPv6
On Oct 16, 2010, at 10:55 PM, Kevin Oberman wrote: Date: Sun, 17 Oct 2010 01:56:28 +0100 From: Randy Bush ra...@psg.com http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? must be some blowhard i have plonked Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) juniper and cisco implement today Unfortunately, a couple of other router vendors whose top of the line units I have tested recently did not. Simple Matter of Programming ;-) Please suggest to said vendors that they implement this -- IMO it's the right way to do it... W -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.netPhone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Choice of network space when numbering interfaces with IPv6
From: Warren Kumari war...@kumari.net Date: Sun, 17 Oct 2010 22:07:53 -0400 On Oct 16, 2010, at 10:55 PM, Kevin Oberman wrote: Date: Sun, 17 Oct 2010 01:56:28 +0100 From: Randy Bush ra...@psg.com http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? must be some blowhard i have plonked Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) juniper and cisco implement today Unfortunately, a couple of other router vendors whose top of the line units I have tested recently did not. Simple Matter of Programming ;-) Please suggest to said vendors that they implement this -- IMO it's the right way to do it... Rest assured that I did so during the debrief on our evaluation. I know one promised a fix quickly. I don't recall on the other as that problem was not very significant compared to other issues with that unit. These evals are so much fun. I had to listen to a sales type explain that mBGP was incomplete for MY benefit. It might confuse me to be able to run multiple address families over a single peering session. I am so touched for this sort of concern. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Choice of network space when numbering interfaces with IPv6
http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt
Re: Choice of network space when numbering interfaces with IPv6
On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they?
Re: Choice of network space when numbering interfaces with IPv6
Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) The point is to READ the draft arguments and see why /127s are the right way to address P2P circuits. Also, you might note the contributors to the draft. They are people well know on this list who have real, honest to goodness operational experience in running networks and really understand that a /64 on a P2P connection is a serious security problem. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Choice of network space when numbering interfaces with IPv6 (IPv6 STANDARDS)
On Sat, Oct 16, 2010 at 6:26 PM, Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) And none of the listed IETF full standards are IPv6 related. That seems a little bit odd to me given that everyone is supposed to have implemented them by now. Bill Bogstad
Re: Choice of network space when numbering interfaces with IPv6
On Sat, 16 Oct 2010 15:26:54 -0700 Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. No, drafts are documents that can be submitted by anybody, and can say anything, where as RFCs have been through an IETF evaluation process. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) The point is to READ the draft arguments and see why /127s are the right way to address P2P circuits. I suggest you search the v6ops mailing list, as I've read it multiple times, including all revisions, and have pointed out multiple issues with it. Also, you might note the contributors to the draft. They are people well know on this list who have real, honest to goodness operational experience in running networks and really understand that a /64 on a P2P connection is a serious security problem. As do I. You can see my analysis of the issue, and how I think it should be fixed properly, not mitigated for one type of link at the following URLs. http://www.ops.ietf.org/lists/v6ops/v6ops.2010/msg00543.html http://www.ietf.org/mail-archive/web/ipv6/current/msg12400.html
Re: Choice of network space when numbering interfaces with IPv6 (IPv6 STANDARDS)
On Sat, Oct 16, 2010 at 7:57 PM, Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org wrote: On Sat, 16 Oct 2010 19:52:31 -0400 Bill Bogstad bogs...@pobox.com wrote: On Sat, Oct 16, 2010 at 6:26 PM, Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) And none of the listed IETF full standards are IPv6 related. That seems a little bit odd to me given that everyone is supposed to have implemented them by now. The IETF standards process is different to other standards organisations - publication of an RFC doesn't make it a standard. It is much more pragmatic, as operational history is also used as an input into the decision. I read my first RFC sometime in 1984. I still find it odd that after something like a decade of development/operational history NONE of the IPv6 related RFCs have made it all the way to full standard status. This might be a minor point but I think that not making at least some of the base IPv6 RFCs full standards probably slowed down deployment. OTOH, now that people are convinced that they won't be able to get more IPv4 addresses in the near future; a possible perception that IPv6 was experimental may no longer matter... Bill Bogstad
Re: Choice of network space when numbering interfaces with IPv6
http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? must be some blowhard i have plonked Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) juniper and cisco implement today randy
Re: Choice of network space when numbering interfaces with IPv6
Date: Sun, 17 Oct 2010 01:56:28 +0100 From: Randy Bush ra...@psg.com http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? must be some blowhard i have plonked Drafts are drafts. Even most RFCs are RFCs and nothing more. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) juniper and cisco implement today Unfortunately, a couple of other router vendors whose top of the line units I have tested recently did not. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Choice of network space when numbering interfaces with IPv6
Date: Sun, 17 Oct 2010 10:24:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 15:26:54 -0700 Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. No, drafts are documents that can be submitted by anybody, and can say anything, where as RFCs have been through an IETF evaluation process. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) The point is to READ the draft arguments and see why /127s are the right way to address P2P circuits. I suggest you search the v6ops mailing list, as I've read it multiple times, including all revisions, and have pointed out multiple issues with it. Also, you might note the contributors to the draft. They are people well know on this list who have real, honest to goodness operational experience in running networks and really understand that a /64 on a P2P connection is a serious security problem. As do I. You can see my analysis of the issue, and how I think it should be fixed properly, not mitigated for one type of link at the following URLs. http://www.ops.ietf.org/lists/v6ops/v6ops.2010/msg00543.html http://www.ietf.org/mail-archive/web/ipv6/current/msg12400.html I don't entirely agree with your arguments, but the approach looks, at first glance, to be quite interesting and could quite possibly fix the problem. I'll need to digest it a bit better. Have you or someone else authored a draft on this proposal? In the meantime, I still support /127s for P2P links. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Choice of network space when numbering interfaces with IPv6
Hi Kevin, On Sat, 16 Oct 2010 20:13:22 -0700 Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 10:24:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 15:26:54 -0700 Kevin Oberman ober...@es.net wrote: Date: Sun, 17 Oct 2010 00:40:41 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org On Sat, 16 Oct 2010 12:31:22 +0100 Randy Bush ra...@psg.com wrote: http://www.ietf.org/internet-drafts/draft-ietf-6man-prefixlen-p2p-00.txt Drafts are drafts, and nothing more, aren't they? Drafts are drafts. Even most RFCs are RFCs and nothing more. No, drafts are documents that can be submitted by anybody, and can say anything, where as RFCs have been through an IETF evaluation process. Only a handful have ever been designated as Standards. I hope this becomes one of those in the hope it will be taken seriously. (It already is by anyone with a large network running IPv6.) The point is to READ the draft arguments and see why /127s are the right way to address P2P circuits. I suggest you search the v6ops mailing list, as I've read it multiple times, including all revisions, and have pointed out multiple issues with it. Also, you might note the contributors to the draft. They are people well know on this list who have real, honest to goodness operational experience in running networks and really understand that a /64 on a P2P connection is a serious security problem. As do I. You can see my analysis of the issue, and how I think it should be fixed properly, not mitigated for one type of link at the following URLs. http://www.ops.ietf.org/lists/v6ops/v6ops.2010/msg00543.html http://www.ietf.org/mail-archive/web/ipv6/current/msg12400.html I don't entirely agree with your arguments, but the approach looks, at first glance, to be quite interesting and could quite possibly fix the problem. I'll need to digest it a bit better. Have you or someone else authored a draft on this proposal? I've started writing one on the nonce solution, as it can be made to interoperate with existing deployed ND NS/NA mechanisms. Regards, Mark. In the meantime, I still support /127s for P2P links. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.netPhone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Choice of network space when numbering interfaces with IPv6
SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. Zaid
Re: Choice of network space when numbering interfaces with IPv6
On 2010-10-15 21:26, Zaid Ali wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. You mean to say that a /126 is 'small' actually as it is only 2^(128-126) = 2^2 = 4 IP addresses while a /64 is.. For this discussion, please go through the archives. In short: Personal preference of operators involved. Greets, Jeroen
Re: Choice of network space when numbering interfaces with IPv6
http://www.google.com/search?q=nanog+126+64 would be a good place to start... (And I'm guessing you mean that /64 is awfully large, not /126) Scott. On Fri, Oct 15, 2010 at 12:26 PM, Zaid Ali z...@zaidali.com wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. Zaid
Re: Choice of network space when numbering interfaces with IPv6
On 15/10/2010 20:26, Zaid Ali wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. There are 4 general choices of netmask for ipv6 point to point interface numbering schemes: /64: the default ipv4 subnet. many people feel that this is a waste of addressing space. others feel that there is so much ipv6 address space out there that it's simpler to keep all interfaces on /64. /112: /112 is 16-bit aligned, which means that it's easy to read because 16 bits implies that the last 4 octets are link-specific. Also, your entire PoP point-to-point addressing scheme can be held within a single /64, which means good address conservation /126: this is the same as we use in ipv4: it's less easy to read, as the link-specific digits are not octet-aligned. Your entire PoP point-to-point addressing scheme can be held within a single /64, which means good address conservation /127: this is used on POS links where there is no link-layer address resolution protocol available (like ARP/ND) and consequently you can end up with unknown traffic looping between each side if you're not careful. None of these is the right or the wrong approach, unless you're using POS/STM. Otherwise all of them have their merits and demerits. Nick
Re: Choice of network space when numbering interfaces with IPv6
Bahh had my head turned around and brain fried on a Friday. I was more curious about /64 vs /126 from management perspective. Thanks everyone for answering offline as well, I got my questions answered. Zaid On 10/15/10 12:26 PM, Zaid Ali z...@zaidali.com wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. Zaid
Re: Choice of network space when numbering interfaces with IPv6
Hi, On Fri, 15 Oct 2010 12:26:13 -0700 Zaid Ali z...@zaidali.com wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. If you're not going to follow the IPv6 Addressing Architecture, which says /64s for everything, then the prefix length decision is pretty much arbitrary - there is nothing that special about /112s, /126s, /127s or /128s (or /120s or /80s) - they all break something in the existing IPv6 RFCs so once you've passed that threshold then you're really only choosing your poison. If you're going to go down that latter path, I'd suggest reserving a /64 for each link, and then using a longer prefix length out of that /64 when you configure the addressing, to make it easier if you decided to change back to /64s at a later time. Regards, Mark.
Re: Choice of network space when numbering interfaces with IPv6
but then, can't we use ip unumbered on p2p links on cisco? - Original Message - From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org To: Zaid Ali z...@zaidali.com Cc: NANOG list nanog@nanog.org Sent: Saturday, 16 October, 2010 10:21:03 AM Subject: Re: Choice of network space when numbering interfaces with IPv6 Hi, On Fri, 15 Oct 2010 12:26:13 -0700 Zaid Ali z...@zaidali.com wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. If you're not going to follow the IPv6 Addressing Architecture, which says /64s for everything, then the prefix length decision is pretty much arbitrary - there is nothing that special about /112s, /126s, /127s or /128s (or /120s or /80s) - they all break something in the existing IPv6 RFCs so once you've passed that threshold then you're really only choosing your poison. If you're going to go down that latter path, I'd suggest reserving a /64 for each link, and then using a longer prefix length out of that /64 when you configure the addressing, to make it easier if you decided to change back to /64s at a later time. Regards, Mark.
Re: Choice of network space when numbering interfaces with IPv6
Date: Sat, 16 Oct 2010 08:51:03 +1030 From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org Hi, On Fri, 15 Oct 2010 12:26:13 -0700 Zaid Ali z...@zaidali.com wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. If you're not going to follow the IPv6 Addressing Architecture, which says /64s for everything, then the prefix length decision is pretty much arbitrary - there is nothing that special about /112s, /126s, /127s or /128s (or /120s or /80s) - they all break something in the existing IPv6 RFCs so once you've passed that threshold then you're really only choosing your poison. If you're going to go down that latter path, I'd suggest reserving a /64 for each link, and then using a longer prefix length out of that /64 when you configure the addressing, to make it easier if you decided to change back to /64s at a later time. If you listen to the NANOG debate on IPv6 on P2P links, you will discover that the participants (Igor of Yahoo and Rob Seastrom of Affilias) agreed that the proper way to do this was to allocate a /64 for the link but to configure it as a /127. This was to avoid ping-pong DOS attacks. I believe that the session has already been cited, but see Igor's presentation at: http://nanog.org/meetings/nanog48/presentations/Tuesday/Gashinsky_LinkNumb_N48.pdf -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751