IETF Logo Mail Archive

Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-reconfigure-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 09 November 2011 03:33 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B2EA21F88A0 for <behave@ietfa.amsl.com>; Tue, 8 Nov 2011 19:33:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.491
X-Spam-Level:
X-Spam-Status: No, score=-103.491 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5g1mnARr7JvV for <behave@ietfa.amsl.com>; Tue, 8 Nov 2011 19:33:29 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id F0EAA21F888A for <behave@ietf.org>; Tue, 8 Nov 2011 19:33:28 -0800 (PST)
Received: by vws5 with SMTP id 5so1292631vws.31 for <behave@ietf.org>; Tue, 08 Nov 2011 19:33:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ZX8EpTmJ7+SVQqbCRVWFrnYRnzLokMhgfUMyB1nNQd4=; b=uULZjm6PgiPg9ifDL6C3A7nuTiPXH+OGjL2f7PpftUaFnzlVPrx2rzkywBeBn2+5bR kTrIrCjzFFhRvggJzp6eq1J+E1DBMCszXL0zfVOJFIUlQ6XTNn7gXrpPjgS3BXYneFer Ms58hF0h2H5K/o/02eAq9/2B5DaCAG/y48CO0=
Received: by 10.52.26.47 with SMTP id i15mr1289004vdg.0.1320809608279; Tue, 08 Nov 2011 19:33:28 -0800 (PST)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz. [130.216.38.124]) by mx.google.com with ESMTPS id b4sm5500389vda.7.2011.11.08.19.33.24 (version=SSLv3 cipher=OTHER); Tue, 08 Nov 2011 19:33:27 -0800 (PST)
Message-ID: <4EB9F483.2040608@gmail.com>
Date: Wed, 09 Nov 2011 16:33:23 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <CAD4C50C.120E6%praspati@cisco.com> <4EAF0384.1050002@gmail.com> <1be201cc98b3$249d7a90$6dd86fb0$@com> <4EB6EBEB.2010600@gmail.com> <02f701cc9d89$5ad65ca0$108315e0$@com> <4EB9DE53.70805@gmail.com> <03bc01cc9e8d$0d27ef00$2777cd00$@com>
In-Reply-To: <03bc01cc9e8d$0d27ef00$2777cd00$@com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: 'Prashanth Patil' <praspati@cisco.com>, behave@ietf.org
Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-reconfigure-00.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 03:33:30 -0000

Hi again,

On 2011-11-09 16:09, Dan Wing wrote:
>> -----Original Message-----
>> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
>> Sent: Tuesday, November 08, 2011 5:59 PM
>> To: Dan Wing
>> Cc: 'Prashanth Patil'; behave@ietf.org
>> Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-reconfigure-
>> 00.txt
>>
>> Dan,
>>
>>> Our proposal does not force dual-stack hosts to resolve DNS using
>>> IPv4 transport (DNS-over-IPv4).
>> I must have misunderstood again. It seems to me that this is exactly
>> the effect of the following process:
>>
>>    1.  *IPv6-only transition to Dual-Stack* In case a host is IPv6-only
>>        to start off, it is provided a DNS64 Server.  When transitioning
>>        to dual-stack, a IPv4 DNS Server is assigned as a consequence of
>>        obtaining an IPv4 Address.  The DHCPv6 Relay Agent can detect
>>        this and send RELAY-RECONFIG message Section 4.1 to the DHCPv6
>>        Server indicating that the host needs to be needs to be provided
>>        with "normal" DNS Server followed by DNS64 server.
>>
>> That would give it an IPv4-mapped address for DNS service, which it
>> would therefore access using native IPv4.
> 
> Ah, because we define:
> 
>    'normal' DNS server : DNS server using an IPv4-mapped IPv6 address
>    (that is, an IPv6 address starting with ::ffff:/96 IPv4-mapped
>    prefix).  Hosts can communicate with 'normal' DNS server only using
>    IPv4 packets [RFC6052], section 4.2.
> 
> Yes, agreed, that is how the text is written.  This whole idea was
> built around "how can we improve draft-wing-behave-dns64-config",
> which did the IPv4-mapped address trick -- that trick just doesn't
> always work.
> 
> So, until we can update the I-D, imagine that the definition of
> "normal DNS server" is "a DNS server that is not performing DNS64
> functions".  Said another way, "normal DNS server" is a normal
> DNS server that is found on nearly 100% of networks today that
> does not synthesize AAAA records.
> 
> With that change, would you have an objection?

Sure, we can separate the issues that way.

> But, back to your objection -- what's the problem with a dual-stack
> host sending its DNS queries over IPv4?  The only issue I see is
>  1. it is impure

As are many aspects of DNS64, so I suppose we have to ignore that.

>  2. if IPv4 address sharing is on the path between the client and
>     DNS server, the DNS queries will consume UDP and TCP ports. 

True, but for a network of any size, that would be crazy placement
of the DNS server, IMHO.

> Are there other objections to sending DNS queries over IPv4?

It goes against the general strategy of getting as much traffic
as possible onto v6 (assuming equal efficiency).

I think this matters sociologically. On a network with equal numbers
of v4-only, v6-only and dual stack hosts, we would see 67% of DNS
traffic still over v4, instead of 67% already over v6. The message
to management is very different.

I can't pretend that this is a technical objection ;-)

   Brian

> 
> -d
> 
> 
>> Regards
>>    Brian
>>
>> On 2011-11-08 09:10, Dan Wing wrote:
>>>> -----Original Message-----
>>>> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
>>>> Sent: Sunday, November 06, 2011 12:20 PM
>>>> To: Dan Wing
>>>> Cc: 'Prashanth Patil'; behave@ietf.org
>>>> Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-
>> reconfigure-
>>>> 00.txt
>>>>
>>>> On 2011-11-02 05:27, Dan Wing wrote:
>>>>>> -----Original Message-----
>>>>>> From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On
>>>>>> Behalf Of Brian E Carpenter
>>>>>> Sent: Monday, October 31, 2011 1:22 PM
>>>>>> To: Prashanth Patil
>>>>>> Cc: behave@ietf.org
>>>>>> Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-
>>>> reconfigure-
>>>>>> 00.txt
>>>>>>
>>>>>> I don't get it. If a host is dual stacked it can be configured
>> with
>>>>>> any DNS server, as long as it is not a DNS64. If you can have a
>>>>>> DNS64 directly visible, and a v4-only DNS server directly visible,
>>>>>> you are on a dual stack network, so you can also have a dual stack
>>>>>> DNS server directly visible.
>>>>> It is anticipated that a network will have a mix of IPv4-only,
>>>>> IPv6-only, and dual-stack hosts.  The hosts don't know if they
>>>>> need a 'normal' DNS server or a DNS64, nor do we have a way
>>>>> to tell them the difference.
>>>> Indeed not, it is for the DHCPv6 server to ensure that the IPv6-only
>>>> hosts are pointed to the abnormal DNS server (i.e. the DNS64
>> server).
>>>> I'm left very uncomfortable by this kludge. Forcing dual-stack hosts
>>>> to resolve DNS via IPv4 seems backwards.
>>> Our proposal does not force dual-stack hosts to resolve DNS using
>>> IPv4 transport (DNS-over-IPv4).
>>>
>>>> Also, how will this help on a network that is using RFC 6106?
>>>> DHCPv6 isn't mandatory afaik.
>>> The RA-versus-DHCPv6 controversy is not unique to this idea,
>>> of course.
>>>
>>> Let's see if the idea has merit; if it does, we can describe
>>> how to provide similar functionality using unicast RA.
>>>
>>> -d
>>>
>>>
>>>>     Brian
>>>>
>>>>> This I-D attempts to provide a solution to that problem of a
>>>>> network with a mix of hosts that need to be configured with a
>>>>> 'normal' DNS server and DNS64 server.  We believe the underlying
>>>>> idea (to "poke" a host to tell it something changed on the
>>>>> network) appears to have other applicability beyond the DNS/DNS64
>>>>> use-case, as well.
>>>>>
>>>>> -d
>>>>>
>>>>>
>>>>>> Regards
>>>>>>    Brian Carpenter
>>>>>>
>>>>>> On 2011-11-01 05:05, Prashanth Patil wrote:
>>>>>>> Hi Brian,
>>>>>>> The idea behind the proposal is to provision a means by which
>>>> traffic
>>>>>> is
>>>>>>> sent using IPv4 and not through the IPv6/IPv4 translator. The
>>>>>> advantage
>>>>>>> being that if NAT44 and NAT64 are deployed on the same network,
>> it
>>>> is
>>>>>>> preferable to use NAT44 over NAT64 because of scale, performance
>>>> and
>>>>>>> application incompatibility issues (e.g., FTP) [RFC6384].
>>>>>>> A "normal" DNS server does not have DNS64 capability. The IPv4-
>>>> mapped
>>>>>>> address for this "normal" server ensures that it can be reached
>>>> only
>>>>>> by
>>>>>>> IPv4š. So if a host is IPv4-only, it will send a DNS query to the
>>>>>> "normal"
>>>>>>> server just to get the A records. If the host is dual-stack it
>> will
>>>>>> also
>>>>>>> send a DNS query to the "normal" server to get both A and AAAA
>>>>>> records. If
>>>>>>> the destination address is an IPv4 address,  dual-stack host just
>>>>>> gets A
>>>>>>> records but not synthesized AAAA records. So this technique will
>>>>>> ensure that
>>>>>>> IPv4 is preferred over the IPv6/IPv4 translator prefix and also
>>>> gives
>>>>>> native
>>>>>>> IPv6 higher precedence than IPv4.
>>>>>>> If the host happens to be IPv6 only, then it cannot reach the
>>>>>> "normal"
>>>>>>> server because it has IPv4-mapped prefix as explained previously.
>>>> So
>>>>>> IPv6
>>>>>>> only host can only reach DNS64 server. So this host will send the
>>>> DNS
>>>>>> query
>>>>>>> to DNS64 to get AAAA records. Based on the destination address
>> the
>>>>>> host will
>>>>>>> get IPv4-embedded IPv6 address or just the global IPv6 address.
>>>>>>>
>>>>>>> šNote: From RFC 6052
>>>>>>> ³When presented with the IPv4-mapped prefix, current versions of
>>>>>> Windows and
>>>>>>> Mac OS generate IPv4 packets, but will not send IPv6 packets.²
>>>>>>>
>>>>>>> -Prashanth
>>>>>>>
>>>>>>> On 22/10/11 6:20 AM, Brian E Carpenter wrote:
>>>>>>>> I have a basic question. Why does this draft define a 'normal'
>>>>>>>> DNS server as one having an IPv4-mapped IPv6 address?
>>>>>>>>
>>>>>>>> That seems like a completely *abnormal* DNS server for a dual
>>>>>>>> stack host. A dual stack host should normally have a DNS server
>>>>>>>> with a regular IPv6 address that will return both A and AAAA
>>>>>>>> records if they exist. Normally the server will be dual stacked
>>>>>>>> anyway, and will return exactly the same response whether the
>>>>>>>> query arrives via v4 or v6.
>>>>>>>>
>>>>>>>> A DNS server which only has an IPv4 address will also return
>>>>>>>> A and AAAA records if they exist, so there is absolutely no
>>>>>>>> difference as far as the dual stack host is concerned anyway.
>>>>>>>> So what is the point in using the IPv4-mapped address?
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>     Brian
>>>>>>>>
>>>>>>>> On 2011-10-18 11:17, internet-drafts@ietf.org wrote:
>>>>>>>>> A New Internet-Draft is available from the on-line Internet-
>>>> Drafts
>>>>>>>>> directories.
>>>>>>>>>
>>>>>>>>>     Title           : DHCPv6 Dynamic Re-Configuration
>>>>>>>>>     Author(s)       : Dan Wing
>>>>>>>>>                            Tirumaleswar Reddy
>>>>>>>>>                            Prashanth Patil
>>>>>>>>>     Filename        : draft-wing-behave-dhcpv6-reconfigure-
>> 00.txt
>>>>>>>>>     Pages           : 10
>>>>>>>>>     Date            : 2011-10-17
>>>>>>>>>
>>>>>>>>>     Some networks are expected to support IPv4-only, dual-
>> stack,
>>>>>> and
>>>>>>>>>     IPV6-only hosts at the same time.  This makes prioritizing
>>>> the
>>>>>> DNS
>>>>>>>>>     servers for hosts tricky due to a heterogeneous mix of
>>>> protocol
>>>>>>>>>     stacks causing optimal behavior to occur only when the host
>>>>>> stack re-
>>>>>>>>>     initializes.  The networks infrastructure is usually well
>>>>>> equipped to
>>>>>>>>>     be aware of single/dual-stack nature of hosts.  This
>>>>>> specification
>>>>>>>>>     extends DHCPv6 so that the DHCPv6 Relay Agent can
>> dynamically
>>>>>>>>>     influence the priority of DNS servers provided to the host,
>>>> so
>>>>>> that
>>>>>>>>>     the host can use the optimal DNS server for resolution.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> A URL for this Internet-Draft is:
>>>>>>>>> http://www.ietf.org/internet-drafts/draft-wing-behave-dhcpv6-
>>>>>> reconfigure-00.t
>>>>>>>>> xt
>>>>>>>>>
>>>>>>>>> Internet-Drafts are also available by anonymous FTP at:
>>>>>>>>> ftp://ftp.ietf.org/internet-drafts/
>>>>>>>>>
>>>>>>>>> This Internet-Draft can be retrieved at:
>>>>>>>>> ftp://ftp.ietf.org/internet-drafts/draft-wing-behave-dhcpv6-
>>>>>> reconfigure-00.tx
>>>>>>>>> t
>>>>>>>>> _______________________________________________
>>>>>>>>> I-D-Announce mailing list
>>>>>>>>> I-D-Announce@ietf.org
>>>>>>>>> https://www.ietf.org/mailman/listinfo/i-d-announce
>>>>>>>>> Internet-Draft directories: http://www.ietf.org/shadow.html
>>>>>>>>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Behave mailing list
>>>>>>>> Behave@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/behave
>>>>>> _______________________________________________
>>>>>> Behave mailing list
>>>>>> Behave@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/behave
>>>
> 
>

v2.23.0 | Report a Bug | By Email