Making Default Address Selection More Robust FoolProof - - PowerPoint PPT Presentation

making default address selection more robust foolproof
SMART_READER_LITE
LIVE PREVIEW

Making Default Address Selection More Robust FoolProof - - PowerPoint PPT Presentation

Feb 12, 2023 386 likes •540 views

Making Default Address Selection More Robust FoolProof draft-linkova-6man-default-addr-selection-update-00 Jen Linkova IETF99, Prague, July 2017 When Does a Host Stop Using an Address? Preferred lifetime expired An RA received

slide-1
SLIDE 1

Making Default Address Selection More Robust FoolProof

draft-linkova-6man-default-addr-selection-update-00

Jen Linkova IETF99, Prague, July 2017

slide-2
SLIDE 2

When Does a Host Stop Using an Address?

  • Preferred lifetime expired
  • An RA received containing a PIO with Preferred Lifetime = 0
  • The host network interface status changed

2

slide-3
SLIDE 3

Why Does a Host Stop Using an Address?

  • Host moved to another L2 domain (e.g. VLAN)
  • IPv6 Subnet assigned to the L2 domain changed

○ e.g. subnet renumbering

3

slide-4
SLIDE 4

What Should Happen?

  • L2 domain change:

○ Network interface status change (up/down)

  • Subnet renumbering

○ RAs sent containing a PIO with Preferred Lifetime = 0 (address deprecation)

4

slide-5
SLIDE 5

What Happens Sometimes?

  • Network change is not detected
  • Network interface stays up
  • RAs are not sent or not received

5

slide-6
SLIDE 6

Failure Scenario #1: Automation

6

Interface FOO ip address 2001:db8::1/64 Interface FOO ip address 2001:db8:1::1/64 Interface FOO ip address 2001:db8::1/64

Automation Is the New Black!

configuration push configuration rollback broken v6 connectivity broken v6 connectivity

slide-7
SLIDE 7

Failure Scenario #2: Unreliable RAs

7

Interface FOO ip address 2001:db8::1/64 Interface FOO ip address 2001:db8::1/64 Preferred lifetime 0 Interface FOO ip address 2001:db8:1::1/64

Intermediate configuration push Final configuration push Multicast RA lost broken v6 connectivity!

slide-8
SLIDE 8

Failure Scenario #3: Automation

8

Interface Foo Vlan 666 Interface FOO Vlan 777 Interface FOO Vlan 666

configuration push configuration rollback broken v6 connectivity broken v6 connectivity

(*) Related: 801.x supplicant not clearing IPv6 stack state after re-authentication

slide-9
SLIDE 9

Failure Scenario #4: DHCP-PD

9

Router ISP Network Switch DHCP-PD 2001:db8:1::/56 Host 2001:db8:1:foo RA with PIO 2001:db8:1::/64

9

New Router ISP Network Switch DHCP-PD 2001:db8:2::/56 Host 2001:db8:1:foo 2001:db8:2:cafe RA with PIO 2001:db8:2::/64 Router failure/replacement

slide-10
SLIDE 10

Rule 5.5: A New Hope?

Source Address Selection Rule 5.5: Prefer addresses in a prefix advertised by the next-hop. Yes but…

  • Rule 5.5 is applicable if the host tracks next-hop/prefix pairs
  • Sometimes the first-hop LLA does not change (VRRP)
  • Does not help with renumbering & lost RA scenarios

10

slide-11
SLIDE 11

Proposed Solution

Update the source address selection with a new, second-to-last rule:

Use the address preferred lifetime as tie-breaker

11

slide-12
SLIDE 12

RFC6724 Old Text

Rule 8: Use longest matching prefix. …. [examples skipped] Rule 8 MAY be superseded if the implementation has other means

  • f choosing among source addresses.

12

slide-13
SLIDE 13

RFC6724 Proposed New Text

Rule 8: Use the address from the most recently refreshed prefix.

If SA's PIO was received more recently than SB's POI, then prefer SA. Similarly, if SB's POI was received more recently than SA's POI, then prefer SB. If the implementation does not keep track of when the particular POI was received, then the addresses preferred lifetime SHOULD be considered instead: if preferred lifetime(SA) > preferred lifetime(SB), then prefer SA. Similarly, if preferred lifetime(SB) > preferred lifetime(SA), then prefer SB.

Rule 9: Use longest matching prefix. Rules 8 and 9 MAY be superseded if the implementation has other means of choosing among source addresses.

13

slide-14
SLIDE 14

NEXT STEPS?

14