Problem Statement for Renumbering IPv6 Hosts with Static Addresses in Enterprise Networks
draft-ietf-6renum-static-problem-03

[Ballot comment]
Thanks for clarifying section 2.3 in response to my comments. I hope to see more of this discussion continue in the other documents this group is working on.

[Ballot comment]
I'm entering Abstain for this document, because I think it has many
flaws, some important and some less important, but still may be
useful.

Here are some of the problems I see in the document.

DNS, mDNS and SLP are mentioned in the context of name resolution.  Is
SLP deployed widely enough to warrant mention?  What about LLMNR and
uPNP?

I don't understand why ULAs are identified as somehow affecting the
use or impact of static addresses.

DHCPv6 PD should be mentioned in the context of prefix assignment.

Is it really still common practice that " printers in particular are
manually assigned a fixed address (typically an [RFC1918] address) and
that users are told to manually configure printer access using that
fixed address"?

In section 2.3, addresses assigned through DHCPv6 are considered
problematic because the address might expire, but later DHCPv6 is
suggested as a way of assigning addresses to solve renumbering of
static addresses.

I don't understand the first sentence of 2.4.  Isn't the requirement
for a static address based on the need to maintain transport sessions
over VM movement (which isn't really how I understand the first
sentence).

In section 2.5, if asset management is based on MAC addresses, why are
static IP addresses an issue?

I don't understand the connection between "If [...] a particular host
is found to be generating some form of unwanted traffic, it is urgent
to be able to track back from its IP address to its physical location"
and renumbering of static addressing.

How does "using addresses under an enterprise's ULA prefix for
software licensing" solve the renumbering problem?  There may be a
clue in section 2.7, where addresses assigned from ULAs are suggested
as the solution for renumbering network elements.  Perhaps the bit I'm
missing is that addressing from ULAs avoids forced renumbering when
the organization prefix changes due to external causes?

In section 2.7, this claim may be true:

  In any case, when network elements are renumbered, existing user
  sessions may not survive, because of temporary "destination
  unreachable" conditions being treated as fatal errors.  This aspect
  needs further investigation.

but what is its connection to renumbering static addresses?

Section 2.8 makes a valid point about the relationship between static
addresses and asset management, but goes into solution space when it
talks about DHCPv6 for configuring static addresses.

I don't understand the first paragraph of section 3.

From section 3:

  4.  If external prefix renumbering is required, the RFC 4192
      procedure is followed.

What about renumbering required by strictly internal topology changes
in the network?  I.e., I think "external" can be dropped.

[Ballot comment]
I have no objection to the publication of this document. I have a
concern that the security considerations may need more work. For
example, ACLs seem to rely on well-known IP addresses. Those
addresses are often manually configured and the synchronisation during
renumbering is surely a vulnerability. I am sure there are plenty of
other issues that should be considered.

===

I also have some petty nits that you might want to address to improve
the document.

---

I would like it if for clarity the document title could reflect the
limitation of this document to entreprise networks.

---

ULA is used without expansion

---

Section 2.7

  It is quite common practice that some such
  addresses will have no corresponding DNS entry.

Jane Austen and I would like to know whether you mean "quite" in the
correct English sense as "completely", or in the modern sense of
"relatively" or "somewhat".  Actually, I suggest you delete the word.

---

Section 3

The hanging rhetorical question in the first paragraph is disconcerting.
Is this a question that someone doing renumbering should consider, or is
it targeted at the reader of the document? Is the word "Alternatively"
really appropriate since it suggests that the choice is between telling
the NEs and NMS, and not disrupting the network.

---

Section 3

  therefore this situation
  should be avoided except for very small networks

I presume you do not mean the situation of renumbering such networks!
But how do we avoid the situation of networks that are numbered in the
way you describe? For most existing networks, the only way to avoid the
situation is to renumber! So I assume that you are giving advice to
people deploying new equipment and networks - please make this clear.

[Ballot discuss]
Section 2.3: I think this really needs to be expanded significantly. First of all, it is not larger sites that are the only problem in this case. Any site that wishes to have devices on its network that can be connected to from outside (whether we want to call those "servers" or "peers") has to deal with this. And TTL is not the only problem with dynamic DNS. Rather, it's also a huge failure of deployment: The tools are simply not available to configure a DNS server from the get-go to allow dynamic DNS updates out of the box for any device that wishes to employ it, and domain registrars do not have dynamic DNS updates as a standard piece of technology for their registrants. Putting the burden on a common database with DHCP is a poor way to think about this problem. I fear that description of the problem in this section will cause the gap analysis to go looking for huge site-wide solutions instead of allowing for the possibility that this is a deployment and/or operational problem with dynamic DNS instead of a problem with the lack of combined DHCP/DNS databases. I think this section is presuming a solution space and hasn't fully explored the problem space.

[Ballot discuss]
I fully support the publication of this document, but I do have one issue that I would like to discuss...

1. I don't see how static addresses affect VMs as described in section 2.4. In my understanding, when a VM migrates, it will lose transport protocol state regardless of what type of IP address is used (i.e., static or dynamic). The general issue of having a VM-based service losing connectivity due to an address change is fine, but I don't understand the rest of the section.

[Ballot comment]
1. In the introduction, shouldn't the list of reasons to use static addresses include their use within ACLs and other security mechanisms based on IP addresses?  If so, a corresponding subsection in section 2 would be warranted.

IANA has reviewed draft-ietf-6renum-static-problem-02, which is currently in Last Call, and has the following comments:

IANA understands that, upon approval of this document, there are no
IANA Actions that need completion.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Problem Statement for Renumbering IPv6 Hosts with Static Addresses) to Informational RFC


The IESG has received a request from the IPv6 Site Renumbering WG
(6renum) to consider the following document:
- 'Problem Statement for Renumbering IPv6 Hosts with Static Addresses'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-12-12. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document analyses the problems of updating the IPv6 addresses of
  hosts in enterprise networks that for operational reasons require
  static addresses.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-6renum-static-problem/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-6renum-static-problem/ballot/


No IPR declarations have been submitted directly on this I-D.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?
Informational, as stated in the header, because it presents (as the title says), a problem statement.
(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:
Technical Summary:
This document analyses the problems of updating the IPv6 addresses of  hosts in enterprise networks that for operational reasons require static addresses.
Working Group Summary:
Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?
Very little controversy.  There was discussion about whether it should have been included in the document draft-6renum-enterprise-scenarios, but the authors, chairs, and AD decided it should stand alone.
Document Quality:
Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?
RJ Atkinson did an especially thorough review during WGLC.

Personnel:
Who is the Document Shepherd? Who is the Responsible Area Director?
Shepherd: Lee Howard. 
AD: Ron Bonica

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.
I provided significant suggestions to earlier versions, and have reread the current version.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?
No.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.
No.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.
No concerns.
(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?
No IPR.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.
No IPR.
(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?
There is strong consensus throughout the WG.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)
No.
(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.
No nits.
(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.
N/A.
(13) Have all references within this document been identified as either normative or informative?
Yes.
(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?
All normative references are published RFCs.
(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.
N/A, document is Informational.
(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.
N/A
(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).
No IANA considerations.
(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.
No IANA considerations.
(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.
N/A