[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)
Owen DeLong
owend at he.net
Tue Mar 20 23:52:20 CET 2012
On Mar 20, 2012, at 3:28 PM, Douglas Otis wrote:
> On 3/20/12 2:37 PM, Owen DeLong wrote:
>>
>> On Mar 20, 2012, at 2:34 PM, Tim Chown wrote:
>>
>> On 17 Mar 2012, at 22:55, Owen DeLong wrote:
>> >>
>> >> ULA brings nothing meaningful to the table.
>> >
>> > There is an I-D on ULA usage, see
>> > http://tools.ietf.org/html/draft-liu-v6ops-ula-usage-analysis-02.
>> > I would assume the authors would like feedback.
>> >
>> > Having ULA-ULA communication in a homenet is a good thing if that
>> > means internal connections are not dropped if the accompanying
>> > global prefix changes.
>> >
>> A better solution is to provide some internal persistence on global
>> prefixes in the absence of external communication.
>>
>> Yes, you'll still drop internal connections on a renumber event, but,
>> that can be handled gracefully enough so as not to be of sufficient
>> concern to merit the drawbacks of using ULA.
>>
>> > In the homenet scenario, it seems some LLN vendors say they only
>> > want to use ULAs.
>>
>> Herein lies the real hazard of ULA. Forcing NPT into the world is a
>> really really really bad thing.
>
> Dear Owen,
>
> I agree with Tim. While NPTv6 should be avoided, there are situations that arise when dealing with IPv4 NATs. http://tools.ietf.org/html/rfc6281#page-11 also makes this point by using ULAs leverage IPv6 as a method for ensuring unique local identifiers able to retain security associations. In this case, the identifier lifetime needs to exceed that of any TCP connection or Security Association running on the host. The HIP alternative may not be supported.
>
Apple could easily have obtained an IPv6 GUA prefix for this purpose. The use of ULA is entirely optional.
Free your mind from the IPv4 private vs. public address mindset and allow yourself to consider a world where
GUA is relatively easy to obtain and can be used for non-connected purposes without penalty or difficulty.
I realize that this would require some RIR policy changes and I support those. If the IETF will get on board
with recognizing that local GUA is a better alternative than ULA, then I don't think it would be hard to get
the RIRs to adopt appropriate policy around this.
Owen
More information about the Ipv6hackers
mailing list