Discussion:
meanwhile... .home, finally has a home.arpa.
(too old to reply)
Dave Taht
2018-10-23 03:51:20 UTC
Permalink
This is one of those endless bikesheds I'd totally given up on. Thx ted!

https://www.rfc-editor.org/rfc/rfc8375.txt
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
Dave Taht
2018-10-23 15:09:19 UTC
Permalink
Post by Dave Taht
This is one of those endless bikesheds I'd totally given up on. Thx ted!
If you're feeling like an adventure, you might find the latest draft of the homenet naming architecture entertaining.
https://github.com/ietf-homenet-wg/simple-naming/blob/master/draft-ietf-homenet-simple-naming.txt
Read it just now. this is an ietf notion of "simple", yes?
Post by Dave Taht
I decided to keep going on it since the submission deadline was extended, so it's pretty close to feature complete except for the HNCP part.
I'm curious: are you using HNCP on your networks?
Mikael is the sole survivor here, so far as I know.

2 years back, I gave up on deploying ipv6 any further than the lab.
Getting dynamic ipv6 reliably into my production network... I gave up.
I asked for a static allocation from comcast, haven't heard back yet.

As examples that persist, dhcpv6-pd renewals seem to be broken in
openwrt still, so I get a bunch of prefixes... and a few a days later
they vanish. I get static routes to nowhere, often, out of that. And:
with only a /60 available, I also run out of prefixes to allocate if
something reboots at the wrong time at the wrong place, and so on.
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
Mikael Abrahamsson
2018-10-23 15:47:03 UTC
Permalink
Post by Dave Taht
Mikael is the sole survivor here, so far as I know.
I ended up disabling the homenet stuff because lifetimes didn't align with
my preference in provider (my non-preferred provider has longer
lease-times than my preferred provider, so in the whole source-selection
mechanism my non-preferred provider won). Also, there is no good way to
detect L2 failures towards providers.

https://tools.ietf.org/html/draft-patterson-intarea-ipoe-health-05 solves.
Post by Dave Taht
As examples that persist, dhcpv6-pd renewals seem to be broken in
openwrt still, so I get a bunch of prefixes... and a few a days later
with only a /60 available, I also run out of prefixes to allocate if
something reboots at the wrong time at the wrong place, and so on.
I do not have this problem. I get /56 PD from provider and it hasn't
changed yet.
--
Mikael Abrahamsson email: ***@swm.pp.se
Dave Taht
2018-10-23 16:12:16 UTC
Permalink
Post by Mikael Abrahamsson
Post by Dave Taht
Mikael is the sole survivor here, so far as I know.
I ended up disabling the homenet stuff because lifetimes didn't align
with my preference in provider (my non-preferred provider has longer
lease-times than my preferred provider, so in the whole
source-selection mechanism my non-preferred provider won). Also, there
is no good way to detect L2 failures towards providers.
https://tools.ietf.org/html/draft-patterson-intarea-ipoe-health-05 solves.
I just ping6 my upstream dns server, roughly the same algorithm. But
if it goes down, you don't want to take away the local ipv6 addresses,
just the default route, and when you do that, you end up falling back to
ipv4.

which also needs that ping.
Post by Mikael Abrahamsson
Post by Dave Taht
As examples that persist, dhcpv6-pd renewals seem to be broken in
openwrt still, so I get a bunch of prefixes... and a few a days
later they vanish. I get static routes to nowhere, often, out of
that. And: with only a /60 available, I also run out of prefixes to
allocate if something reboots at the wrong time at the wrong place,
and so on.
I do not have this problem. I get /56 PD from provider and it hasn't
changed yet.
(this is a case where I'm using dhcpv6-pd internally to get
prefixes. Just one hop to comcast seems to work)

You probably live in a place with reliable power. I get a power flicker
at least once a week. the corest routers are on battery backup but that
only lasts a few hours and the last big outage was about 9 hours about 6
weeks ago. When everything reboots, chaos reigns. When only some things
reboot, different kinds of chaos reign.

I am glad to see some standardized support for naming happen, but even
then, names have to expire, somehow also.

Secondly a usable set of /56s would be "enough" in my case (about 40
boxes), /60 doesn't divide into that.

thirdly, I don't want to assign routable ipv6 prefixes to everything,
just to end-user APs and when I last tried hnpd it wanted to give even
my p2p boxes /64s

fourthly, we have dnsmasq, odhcpd, odhcpc, babel and hnetd all battling
it out with slightly different notions of how to redistribute things.

fifthly, I started running into babel trouble in my original deployment
when I ended up exporting, oh, 13? 11? prefixes and IPs per router by
default. (and had 80 routers at the time) I have a bunch of "fixes" for
babel on github of varying utility, but what mostly worked was to
aggressively filter each "area" down to just the few routes that were
needed - and then getting those filters right, through hnetd, was
essentially impossible.

These days I try to keep each area at one packet total for updates.

I know my use case is "special" compared to the desired needs of
homenet. The prefix allocation mechanism I need here is basically an
authenticated request from many (ipv4 or ipv6 link local) hops deep into
the network, which... I used to do with an itty bitty shell script over
ssh, until I gave up for these other reasons.

static, permanent, real ipv6 to your edge is better, then you can do
whatever you want, however you want, do it once, and never do it again.

I've come to rather appreciate NAT for what it does to separate my
policies from my ISP's.
Mikael Abrahamsson
2018-10-24 08:22:54 UTC
Permalink
Post by Dave Taht
I just ping6 my upstream dns server, roughly the same algorithm. But
if it goes down, you don't want to take away the local ipv6 addresses,
just the default route, and when you do that, you end up falling back to
ipv4.
I want to lower the preferred lifetime for the PD PIO from that connection
to 0 when upstream lifecheck fails (ie, send RA with 0 preferred
lifetime). So correct, don't take away the addresses, just make sure
they're not chosen anymore for outgoing connections.
Post by Dave Taht
You probably live in a place with reliable power. I get a power flicker
at least once a week. the corest routers are on battery backup but that
only lasts a few hours and the last big outage was about 9 hours about 6
weeks ago. When everything reboots, chaos reigns. When only some things
reboot, different kinds of chaos reign.
Right. The frequent re-addressing of interfaces (every time it goes up and
down actually) is one thing I pointed out years ago is a weak spot in the
homenet implementation.
Post by Dave Taht
Secondly a usable set of /56s would be "enough" in my case (about 40
boxes), /60 doesn't divide into that.
Agreed, /56 is what's needed.
Post by Dave Taht
thirdly, I don't want to assign routable ipv6 prefixes to everything,
just to end-user APs and when I last tried hnpd it wanted to give even
my p2p boxes /64s
Yes, it allocates /64 per interface. You can share interface with multiple
things by creating bridge interfaces.
Post by Dave Taht
fourthly, we have dnsmasq, odhcpd, odhcpc, babel and hnetd all battling
it out with slightly different notions of how to redistribute things.
Right, a device that speaks homenet should not request PD.
Post by Dave Taht
I've come to rather appreciate NAT for what it does to separate my
policies from my ISP's.
Configuring static ULA addresses might be a way to handle it. Doesn't help
reaching them from the outside though. We need DNS or other mechanism to
keep track of addresses as they change over time.
--
Mikael Abrahamsson email: ***@swm.pp.se
Dave Taht
2018-10-24 16:39:54 UTC
Permalink
Post by Mikael Abrahamsson
Post by Dave Taht
I just ping6 my upstream dns server, roughly the same algorithm. But
if it goes down, you don't want to take away the local ipv6 addresses,
just the default route, and when you do that, you end up falling back to
ipv4.
I want to lower the preferred lifetime for the PD PIO from that
connection to 0 when upstream lifecheck fails (ie, send RA with 0
preferred lifetime). So correct, don't take away the addresses, just
make sure they're not chosen anymore for outgoing connections.
Post by Dave Taht
You probably live in a place with reliable power. I get a power
flicker at least once a week. the corest routers are on battery
backup but that only lasts a few hours and the last big outage was
about 9 hours about 6 weeks ago. When everything reboots, chaos
reigns. When only some things reboot, different kinds of chaos
reign.
Right. The frequent re-addressing of interfaces (every time it goes up
and down actually) is one thing I pointed out years ago is a weak spot
in the homenet implementation.
SLAAC remains my preference. :)
Post by Mikael Abrahamsson
Post by Dave Taht
Secondly a usable set of /56s would be "enough" in my case (about 40
boxes), /60 doesn't divide into that.
Agreed, /56 is what's needed.
Post by Dave Taht
thirdly, I don't want to assign routable ipv6 prefixes to
everything, just to end-user APs and when I last tried hnpd it
wanted to give even my p2p boxes /64s
Yes, it allocates /64 per interface. You can share interface with
multiple things by creating bridge interfaces.
Well, openwrt has the ability to use a tag like "local" or "ula".
I do not know if hnetd will pick that up or not.

Can't bridge a network this wide over this many wifi links.
Post by Mikael Abrahamsson
Post by Dave Taht
fourthly, we have dnsmasq, odhcpd, odhcpc, babel and hnetd all
battling it out with slightly different notions of how to
redistribute things.
Right, a device that speaks homenet should not request PD.
But I need that to get from my ISP.
Post by Mikael Abrahamsson
Post by Dave Taht
I've come to rather appreciate NAT for what it does to separate my
policies from my ISP's.
Configuring static ULA addresses might be a way to handle it. Doesn't
help reaching them from the outside though. We need DNS or other
mechanism to keep track of addresses as they change over time.
Wish. And long ago we tried to publish a draft that tied dns names
simply to slaac addresses.
Mikael Abrahamsson
2018-10-24 18:04:06 UTC
Permalink
Post by Dave Taht
Post by Mikael Abrahamsson
Right, a device that speaks homenet should not request PD.
But I need that to get from my ISP.
Right, it should request PD from the ISP (homenet external port) but it
should not request PD from homenet internal ports.
--
Mikael Abrahamsson email: ***@swm.pp.se
Dave Taht
2018-10-23 16:15:59 UTC
Permalink
That is good feedback, if depressing. I'm kind of in the same boat—I really want to do some work on this for OpenWRT, but it hasn't come up to the top of the stack yet. The reason I was asking is that when I've said at IETF that I don't think HNCP is actually complete yet, I get a lot of rotten tomatoes from the authors.
Did they ever get it to work over dtls?
Michael Richardson
2018-10-23 23:28:47 UTC
Permalink
Post by Dave Taht
2 years back, I gave up on deploying ipv6 any further than the lab.
Getting dynamic ipv6 reliably into my production network... I gave up.
I asked for a static allocation from comcast, haven't heard back yet.
Dude. Comcast is a residential monopoly ISP. Inappropriate for labs.
IPv6 is trivial with a reasonable ISP (I realize that almost an oxymoron)
I pay $125CDN/month for 50Mbs/10Mbs with /56 over VDSL2.
(That's for an all-you-can-eat business plan, with priority NOC access)

--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] ***@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
Dave Taht
2018-10-23 23:38:56 UTC
Permalink
Post by Michael Richardson
Post by Dave Taht
2 years back, I gave up on deploying ipv6 any further than the lab.
Getting dynamic ipv6 reliably into my production network... I gave up.
I asked for a static allocation from comcast, haven't heard back yet.
Dude. Comcast is a residential monopoly ISP. Inappropriate for labs.
IPv6 is trivial with a reasonable ISP (I realize that almost an oxymoron)
I pay $125CDN/month for 50Mbs/10Mbs with /56 over VDSL2.
(That's for an all-you-can-eat business plan, with priority NOC access)
There are no alternatives where I am, except pointing a radio at the side of a
mountain. After climbing the mountain.
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
Loading...