IETF Logo Mail Archive

Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-reconfigure-00.txt

"Dan Wing" <dwing@cisco.com> Wed, 09 November 2011 03:10 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43BE521F8494 for <behave@ietfa.amsl.com>; Tue, 8 Nov 2011 19:10:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.631
X-Spam-Level:
X-Spam-Status: No, score=-105.631 tagged_above=-999 required=5 tests=[AWL=0.968, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GaQrvj69kd5D for <behave@ietfa.amsl.com>; Tue, 8 Nov 2011 19:09:59 -0800 (PST)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 0179011E80B6 for <behave@ietf.org>; Tue, 8 Nov 2011 19:09:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=10482; q=dns/txt; s=iport; t=1320808199; x=1322017799; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=2rD5qw3xKWesuLOSSCgjubgwuYM4k7q+lhy+BN1ZNQA=; b=OsPeCNyY+CyFJMMiVcMLs2/ovOzRTzr3sBkVcGbx6CEnHONp3i8bOwr9 VYQaieczdXSRy1VjYJ47y+aIkwMFAfp38y/hLgC2LKLWGGrjhkcdcq9oU w1C4d6l6XOWkVZKNSoC5hUb/2Ujg24RSCaQIKF/zTLQG3kL7rcV5PVKOm M=;
X-IronPort-AV: E=Sophos;i="4.69,481,1315180800"; d="scan'208";a="13102927"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-4.cisco.com with ESMTP; 09 Nov 2011 03:09:53 +0000
Received: from dwingWS ([10.32.240.194]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id pA939rqJ024167; Wed, 9 Nov 2011 03:09:53 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Brian E Carpenter' <brian.e.carpenter@gmail.com>
References: <CAD4C50C.120E6%praspati@cisco.com> <4EAF0384.1050002@gmail.com> <1be201cc98b3$249d7a90$6dd86fb0$@com> <4EB6EBEB.2010600@gmail.com> <02f701cc9d89$5ad65ca0$108315e0$@com> <4EB9DE53.70805@gmail.com>
In-Reply-To: <4EB9DE53.70805@gmail.com>
Date: Tue, 08 Nov 2011 19:09:53 -0800
Message-ID: <03bc01cc9e8d$0d27ef00$2777cd00$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcyegxXEZ7LD2VyOQvGubBHZvbdX/wACOEWQ
Content-Language: en-us
Cc: 'Prashanth Patil' <praspati@cisco.com>, behave@ietf.org
Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-reconfigure-00.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 03:10:00 -0000

> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> Sent: Tuesday, November 08, 2011 5:59 PM
> To: Dan Wing
> Cc: 'Prashanth Patil'; behave@ietf.org
> Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-reconfigure-
> 00.txt
> 
> Dan,
> 
> > Our proposal does not force dual-stack hosts to resolve DNS using
> > IPv4 transport (DNS-over-IPv4).
> 
> I must have misunderstood again. It seems to me that this is exactly
> the effect of the following process:
> 
>    1.  *IPv6-only transition to Dual-Stack* In case a host is IPv6-only
>        to start off, it is provided a DNS64 Server.  When transitioning
>        to dual-stack, a IPv4 DNS Server is assigned as a consequence of
>        obtaining an IPv4 Address.  The DHCPv6 Relay Agent can detect
>        this and send RELAY-RECONFIG message Section 4.1 to the DHCPv6
>        Server indicating that the host needs to be needs to be provided
>        with "normal" DNS Server followed by DNS64 server.
> 
> That would give it an IPv4-mapped address for DNS service, which it
> would therefore access using native IPv4.

Ah, because we define:

   'normal' DNS server : DNS server using an IPv4-mapped IPv6 address
   (that is, an IPv6 address starting with ::ffff:/96 IPv4-mapped
   prefix).  Hosts can communicate with 'normal' DNS server only using
   IPv4 packets [RFC6052], section 4.2.

Yes, agreed, that is how the text is written.  This whole idea was
built around "how can we improve draft-wing-behave-dns64-config",
which did the IPv4-mapped address trick -- that trick just doesn't
always work.

So, until we can update the I-D, imagine that the definition of
"normal DNS server" is "a DNS server that is not performing DNS64
functions".  Said another way, "normal DNS server" is a normal
DNS server that is found on nearly 100% of networks today that
does not synthesize AAAA records.

With that change, would you have an objection?



But, back to your objection -- what's the problem with a dual-stack
host sending its DNS queries over IPv4?  The only issue I see is
 1. it is impure
 2. if IPv4 address sharing is on the path between the client and
    DNS server, the DNS queries will consume UDP and TCP ports. 
Are there other objections to sending DNS queries over IPv4?

-d


> Regards
>    Brian
> 
> On 2011-11-08 09:10, Dan Wing wrote:
> >> -----Original Message-----
> >> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> >> Sent: Sunday, November 06, 2011 12:20 PM
> >> To: Dan Wing
> >> Cc: 'Prashanth Patil'; behave@ietf.org
> >> Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-
> reconfigure-
> >> 00.txt
> >>
> >> On 2011-11-02 05:27, Dan Wing wrote:
> >>>> -----Original Message-----
> >>>> From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On
> >>>> Behalf Of Brian E Carpenter
> >>>> Sent: Monday, October 31, 2011 1:22 PM
> >>>> To: Prashanth Patil
> >>>> Cc: behave@ietf.org
> >>>> Subject: Re: [BEHAVE] I-D Action: draft-wing-behave-dhcpv6-
> >> reconfigure-
> >>>> 00.txt
> >>>>
> >>>> I don't get it. If a host is dual stacked it can be configured
> with
> >>>> any DNS server, as long as it is not a DNS64. If you can have a
> >>>> DNS64 directly visible, and a v4-only DNS server directly visible,
> >>>> you are on a dual stack network, so you can also have a dual stack
> >>>> DNS server directly visible.
> >>> It is anticipated that a network will have a mix of IPv4-only,
> >>> IPv6-only, and dual-stack hosts.  The hosts don't know if they
> >>> need a 'normal' DNS server or a DNS64, nor do we have a way
> >>> to tell them the difference.
> >> Indeed not, it is for the DHCPv6 server to ensure that the IPv6-only
> >> hosts are pointed to the abnormal DNS server (i.e. the DNS64
> server).
> >> I'm left very uncomfortable by this kludge. Forcing dual-stack hosts
> >> to resolve DNS via IPv4 seems backwards.
> >
> > Our proposal does not force dual-stack hosts to resolve DNS using
> > IPv4 transport (DNS-over-IPv4).
> >
> >> Also, how will this help on a network that is using RFC 6106?
> >> DHCPv6 isn't mandatory afaik.
> >
> > The RA-versus-DHCPv6 controversy is not unique to this idea,
> > of course.
> >
> > Let's see if the idea has merit; if it does, we can describe
> > how to provide similar functionality using unicast RA.
> >
> > -d
> >
> >
> >>     Brian
> >>
> >>> This I-D attempts to provide a solution to that problem of a
> >>> network with a mix of hosts that need to be configured with a
> >>> 'normal' DNS server and DNS64 server.  We believe the underlying
> >>> idea (to "poke" a host to tell it something changed on the
> >>> network) appears to have other applicability beyond the DNS/DNS64
> >>> use-case, as well.
> >>>
> >>> -d
> >>>
> >>>
> >>>> Regards
> >>>>    Brian Carpenter
> >>>>
> >>>> On 2011-11-01 05:05, Prashanth Patil wrote:
> >>>>> Hi Brian,
> >>>>> The idea behind the proposal is to provision a means by which
> >> traffic
> >>>> is
> >>>>> sent using IPv4 and not through the IPv6/IPv4 translator. The
> >>>> advantage
> >>>>> being that if NAT44 and NAT64 are deployed on the same network,
> it
> >> is
> >>>>> preferable to use NAT44 over NAT64 because of scale, performance
> >> and
> >>>>> application incompatibility issues (e.g., FTP) [RFC6384].
> >>>>> A "normal" DNS server does not have DNS64 capability. The IPv4-
> >> mapped
> >>>>> address for this "normal" server ensures that it can be reached
> >> only
> >>>> by
> >>>>> IPv4š. So if a host is IPv4-only, it will send a DNS query to the
> >>>> "normal"
> >>>>> server just to get the A records. If the host is dual-stack it
> will
> >>>> also
> >>>>> send a DNS query to the "normal" server to get both A and AAAA
> >>>> records. If
> >>>>> the destination address is an IPv4 address,  dual-stack host just
> >>>> gets A
> >>>>> records but not synthesized AAAA records. So this technique will
> >>>> ensure that
> >>>>> IPv4 is preferred over the IPv6/IPv4 translator prefix and also
> >> gives
> >>>> native
> >>>>> IPv6 higher precedence than IPv4.
> >>>>> If the host happens to be IPv6 only, then it cannot reach the
> >>>> "normal"
> >>>>> server because it has IPv4-mapped prefix as explained previously.
> >> So
> >>>> IPv6
> >>>>> only host can only reach DNS64 server. So this host will send the
> >> DNS
> >>>> query
> >>>>> to DNS64 to get AAAA records. Based on the destination address
> the
> >>>> host will
> >>>>> get IPv4-embedded IPv6 address or just the global IPv6 address.
> >>>>>
> >>>>> šNote: From RFC 6052
> >>>>> ³When presented with the IPv4-mapped prefix, current versions of
> >>>> Windows and
> >>>>> Mac OS generate IPv4 packets, but will not send IPv6 packets.²
> >>>>>
> >>>>> -Prashanth
> >>>>>
> >>>>> On 22/10/11 6:20 AM, Brian E Carpenter wrote:
> >>>>>> I have a basic question. Why does this draft define a 'normal'
> >>>>>> DNS server as one having an IPv4-mapped IPv6 address?
> >>>>>>
> >>>>>> That seems like a completely *abnormal* DNS server for a dual
> >>>>>> stack host. A dual stack host should normally have a DNS server
> >>>>>> with a regular IPv6 address that will return both A and AAAA
> >>>>>> records if they exist. Normally the server will be dual stacked
> >>>>>> anyway, and will return exactly the same response whether the
> >>>>>> query arrives via v4 or v6.
> >>>>>>
> >>>>>> A DNS server which only has an IPv4 address will also return
> >>>>>> A and AAAA records if they exist, so there is absolutely no
> >>>>>> difference as far as the dual stack host is concerned anyway.
> >>>>>> So what is the point in using the IPv4-mapped address?
> >>>>>>
> >>>>>> Regards
> >>>>>>     Brian
> >>>>>>
> >>>>>> On 2011-10-18 11:17, internet-drafts@ietf.org wrote:
> >>>>>>> A New Internet-Draft is available from the on-line Internet-
> >> Drafts
> >>>>>>> directories.
> >>>>>>>
> >>>>>>>     Title           : DHCPv6 Dynamic Re-Configuration
> >>>>>>>     Author(s)       : Dan Wing
> >>>>>>>                            Tirumaleswar Reddy
> >>>>>>>                            Prashanth Patil
> >>>>>>>     Filename        : draft-wing-behave-dhcpv6-reconfigure-
> 00.txt
> >>>>>>>     Pages           : 10
> >>>>>>>     Date            : 2011-10-17
> >>>>>>>
> >>>>>>>     Some networks are expected to support IPv4-only, dual-
> stack,
> >>>> and
> >>>>>>>     IPV6-only hosts at the same time.  This makes prioritizing
> >> the
> >>>> DNS
> >>>>>>>     servers for hosts tricky due to a heterogeneous mix of
> >> protocol
> >>>>>>>     stacks causing optimal behavior to occur only when the host
> >>>> stack re-
> >>>>>>>     initializes.  The networks infrastructure is usually well
> >>>> equipped to
> >>>>>>>     be aware of single/dual-stack nature of hosts.  This
> >>>> specification
> >>>>>>>     extends DHCPv6 so that the DHCPv6 Relay Agent can
> dynamically
> >>>>>>>     influence the priority of DNS servers provided to the host,
> >> so
> >>>> that
> >>>>>>>     the host can use the optimal DNS server for resolution.
> >>>>>>>
> >>>>>>>
> >>>>>>> A URL for this Internet-Draft is:
> >>>>>>> http://www.ietf.org/internet-drafts/draft-wing-behave-dhcpv6-
> >>>> reconfigure-00.t
> >>>>>>> xt
> >>>>>>>
> >>>>>>> Internet-Drafts are also available by anonymous FTP at:
> >>>>>>> ftp://ftp.ietf.org/internet-drafts/
> >>>>>>>
> >>>>>>> This Internet-Draft can be retrieved at:
> >>>>>>> ftp://ftp.ietf.org/internet-drafts/draft-wing-behave-dhcpv6-
> >>>> reconfigure-00.tx
> >>>>>>> t
> >>>>>>> _______________________________________________
> >>>>>>> I-D-Announce mailing list
> >>>>>>> I-D-Announce@ietf.org
> >>>>>>> https://www.ietf.org/mailman/listinfo/i-d-announce
> >>>>>>> Internet-Draft directories: http://www.ietf.org/shadow.html
> >>>>>>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >>>>>>>
> >>>>>> _______________________________________________
> >>>>>> Behave mailing list
> >>>>>> Behave@ietf.org
> >>>>>> https://www.ietf.org/mailman/listinfo/behave
> >>>>>
> >>>> _______________________________________________
> >>>> Behave mailing list
> >>>> Behave@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/behave
> >>>
> >
> >

v2.23.0 | Report a Bug | By Email