Mailing List Archive

On 23/04/2012 14:24, Lutz Preßler wrote:
> I stumbled upon 2600:: beeing www.sprint.net. This sould
> necessarily be a subject-router anycast address. Is it "legal"
> and without implementation problems to have services on such
> an address?

I assume it's configured as a /128 - unless sprint have configured
2400::/28 on that web server. If it's a /128, then 2600:: is just fine as
an ipv6 address, and is no different to any other global unicast address.

http://[2600::]/

Nick

Hi everyone, first try here :)

Lutz: Why do you think this was a subject-router anycast address?
According to this page, parts of 2600:: were allocated as Unicast addresses: https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xml#note8


-----Ursprüngliche Nachricht-----
Von: ipv6-ops-bounces+sandro.elmer=wuerth-itensis.com@lists.cluenet.de [mailto:ipv6-ops-bounces+sandro.elmer=wuerth-itensis.com@lists.cluenet.de] Im Auftrag von Lutz Preßler
Gesendet: Montag, 23. April 2012 15:25
An: ipv6-ops@lists.cluenet.de
Betreff: services on subnet-router anycast address?

Hello,

I stumbled upon 2600:: beeing www.sprint.net. This sould necessarily be a subject-router anycast address. Is it "legal"
and without implementation problems to have services on such an address?

Regards,
Lutz

On 2012-04-23 14:24, Lutz Preßler wrote:
> Hello,
>
> I stumbled upon 2600:: beeing www.sprint.net. This sould
> necessarily be a subject-router anycast address. Is it "legal"
> and without implementation problems to have services on such
> an address?

I can't think of any reason why a service on port 80 would
cause a problem, even if the node is also configured to
act as a router.

Brian

> Lutz: Why do you think this was a subject-router anycast address?

It fits the definition in RFC 4291, Section 2.6.1. Required Anycast Address
http://tools.ietf.org/html/rfc4291

On Mon, Apr 23, 2012 at 10:02 AM, Elmer Sandro
<Sandro.Elmer@wuerth-itensis.com> wrote:
> Hi everyone, first try here :)
>
> Lutz: Why do you think this was a subject-router anycast address?
> According to this page, parts of 2600:: were allocated as Unicast addresses: https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xml#note8
>
>
> -----Ursprüngliche Nachricht-----
> Von: ipv6-ops-bounces+sandro.elmer=wuerth-itensis.com@lists.cluenet.de [mailto:ipv6-ops-bounces+sandro.elmer=wuerth-itensis.com@lists.cluenet.de] Im Auftrag von Lutz Preßler
> Gesendet: Montag, 23. April 2012 15:25
> An: ipv6-ops@lists.cluenet.de
> Betreff: services on subnet-router anycast address?
>
> Hello,
>
> I stumbled upon 2600:: beeing www.sprint.net. This sould necessarily be a subject-router anycast address. Is it "legal"
> and without implementation problems to have services on such an address?
>
> Regards,
>  Lutz

On 26 April 2012 06:35, Sergei Lissianoi <sergeilissianoi@gmail.com> wrote:
>> Lutz: Why do you think this was a subject-router anycast address?
>
> It fits the definition in RFC 4291, Section 2.6.1. Required Anycast Address
> http://tools.ietf.org/html/rfc4291

Probably we need a document in the IETF that clarifies that IPv6
specifications involving ascribing addresses with link-specific
properties, including but not limited to:

[1] subnet-router anycast
[2] general subnet anycast addresses a la rfc2526
[3] the whole U and L bit mess

are recommendations specifically to the operators of the logical
administrative domain in which that link resides (or to the group of
operators if responsibility for a given link is shared by more than
one administrative domain) ONLY, and that link-specific properties
CANNOT reasonably be inferred by entities outside the responsible
operational domain(s).

Erik,

On 2012-04-26 00:57, Erik Kline wrote:
> On 26 April 2012 06:35, Sergei Lissianoi <sergeilissianoi@gmail.com> wrote:
>>> Lutz: Why do you think this was a subject-router anycast address?
>> It fits the definition in RFC 4291, Section 2.6.1. Required Anycast Address
>> http://tools.ietf.org/html/rfc4291
>
> Probably we need a document in the IETF that clarifies that IPv6
> specifications involving ascribing addresses with link-specific
> properties, including but not limited to:
>
> [1] subnet-router anycast
> [2] general subnet anycast addresses a la rfc2526
> [3] the whole U and L bit mess

The U bit is by definition not a link-specific bit; it's
explicitly an assertion that the IID is globally unique.
So I don't see what it has to do with "link-specific"
properties. By definition, it applies everywhere. I'm not
clear what the mess is.

You could propose changing the addressing architecture to
abolish the special nature of the U bit, but that is a
completely separate question.

>
> are recommendations specifically to the operators of the logical
> administrative domain in which that link resides (or to the group of
> operators if responsibility for a given link is shared by more than
> one administrative domain) ONLY, and that link-specific properties
> CANNOT reasonably be inferred by entities outside the responsible
> operational domain(s).

I don't think that's the point, is it? The point is that since these
are globally defined anycast addresses, any host on any subnet can
assume they exist and can construct them simply by knowing the
subnet prefix. That either applies globally (as today) or applies
nowhere (if we abolish them).

As for the original question, I'm still looking for the harm, and
I can't see any harm in having services on the RFC 2526 addresses
either.

Brian

Hi,

On Thu, Apr 26, 2012 at 08:35:03AM +0100, Brian E Carpenter wrote:

> As for the original question, I'm still looking for the harm, and

If the peer has only have *one* possible route to that subnet, or
multiple paths ending on the *same* router, there are no restrictions
- the peer will always connect to the same router.

If the peer has multiple paths that might end on *different* routers
to that subnet, stateful services (e.g. TCP) will break when the
route flaps.

So, if the subnet operator knows that only one router leads to that
subnet, it's safe to put a service on the router. Things like remote
management or statistics come to mind.

Note that I wrote "subnet", not "link". If several routers route to
a link but use seperate subnets for it, there's no possible problem.

Stateless services like ping and traceroute have no problem, of course.

All this should be obvious, so maybe I'm missing some fine point.

> I can't see any harm in having services on the RFC 2526 addresses
> either.

Those are possibly trickier. They might end up on different hosts-
e.g. if some fallback mechanism is involved. The same considerations
apply as above, but you have to look closer whether paths to multiple
instances of the specific address can coexist.

Regards,
-is

Hi,

On Thu, Apr 26, 2012 at 10:25:15AM +0200, Ignatios Souvatzis wrote:
> Those are possibly trickier. They might end up on different hosts-
> e.g. if some fallback mechanism is involved. The same considerations
> apply as above, but you have to look closer whether paths to multiple
> instances of the specific address can coexist.

All this is assuming that there is indeed anycasting involved, instead
of just "the webserver having a cool and easy-to-remember IPv6 address".

You can't see that from outside the network in question - and I'd put my
$5 into the "it's just a webserver, no anycast involved, and quite
likely the address is bound as a /128 to its loopback, so there is not
even a subnet involved where this could be the router-anycast address".

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Hi,

On Thu, Apr 26, 2012 at 12:39:12PM +0200, Gert Doering wrote:
>
> On Thu, Apr 26, 2012 at 10:25:15AM +0200, Ignatios Souvatzis wrote:
> > Those are possibly trickier. They might end up on different hosts-
> > e.g. if some fallback mechanism is involved. The same considerations
> > apply as above, but you have to look closer whether paths to multiple
> > instances of the specific address can coexist.
>
> All this is assuming that there is indeed anycasting involved, instead
> of just "the webserver having a cool and easy-to-remember IPv6 address".
>
> You can't see that from outside the network in question - and I'd put my
> $5 into the "it's just a webserver, no anycast involved, and quite
> likely the address is bound as a /128 to its loopback, so there is not
> even a subnet involved where this could be the router-anycast address".

Of course. What I tried to embed in my sermon above was: It's the
responsibility of the server's and the subnet's administrators to
consider whether there would be any problem; the (possibly remote)
client can't decide.

-is

Hi,

On Thu, Apr 26, 2012 at 02:00:48PM +0200, Ignatios Souvatzis wrote:
> Of course. What I tried to embed in my sermon above was: It's the
> responsibility of the server's and the subnet's administrators to
> consider whether there would be any problem; the (possibly remote)
> client can't decide.

ACK :-)

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279