Re: interop problems with getaddrinfo() address selection

Keith Moore <moore@cs.utk.edu> Sun, 09 December 2007 20:31 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1SoR-0004hh-7d; Sun, 09 Dec 2007 15:31:43 -0500
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1J1SoQ-0004hb-C4 for discuss-confirm+ok@megatron.ietf.org; Sun, 09 Dec 2007 15:31:42 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1SoP-0004hL-VY for discuss@apps.ietf.org; Sun, 09 Dec 2007 15:31:41 -0500
Received: from m1.imap-partners.net ([64.13.152.131]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J1SoN-0001if-KC for discuss@apps.ietf.org; Sun, 09 Dec 2007 15:31:41 -0500
Received: from lust.indecency.org (m650f36d0.tmodns.net [208.54.15.101]) by m1.imap-partners.net (MOS 3.8.4-GA) with ESMTP id AIE70932 (AUTH admin@network-heretics.com); Sun, 9 Dec 2007 12:30:00 -0800 (PST)
Message-ID: <475C5047.3010807@cs.utk.edu>
Date: Sun, 09 Dec 2007 12:29:59 -0800
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031)
MIME-Version: 1.0
To: Tony Finch <dot@dotat.at>
Subject: Re: interop problems with getaddrinfo() address selection
References: <Pine.LNX.4.64.0712061901020.24448@hermes-1.csi.cam.ac.uk> <200712062020.PAA16213@Sparkle.Rodents.Montreal.QC.CA> <Pine.LNX.4.64.0712071735070.24448@hermes-1.csi.cam.ac.uk> <475B0ABC.5090806@cs.utk.edu> <Pine.LNX.4.64.0712092000150.29087@hermes-1.csi.cam.ac.uk>
In-Reply-To: <Pine.LNX.4.64.0712092000150.29087@hermes-1.csi.cam.ac.uk>
X-Enigmail-Version: 0.95.5
OpenPGP: id=E1473978
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: der Mouse <mouse@Rodents.Montreal.QC.CA>, discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Tony Finch wrote:
> On Sat, 8 Dec 2007, Keith Moore wrote:
>   
>> this seems like an almost-inherent consequence of IPv6's expecting hosts
>> to have multiple addresses and asking hosts initiating a communication
>> to do address selection.  it's not specific to getaddrinfo() - any API
>> that tried to solve that problem would be likely to reorder addresses to
>> some degree.
>>     
>
> The problem isn't specific to IPv6 - for example see the comments about
> address selection for "multihomed" MXs in RFC 2821. However in practice we
> ignore this possibility and treat host names with multiple IP addresses as
> equally reachable at any address. I don't think IPv6 substantially changes
> this situation, because most of its common extra addresses have limited
> scope and will not be published in the DNS.
>   
I think it's a stretch to assume that in the future that all IP
addresses associated with a domain and advertised in DNS are equally
reachable.

As a start IPv4 isn't going away.  So a site may need to advertise both
IPv4 and IPv6 addresses in order to be widely reachable, and the party
initiating a connection gets to decide which is better.

>From my own experience it is a good idea for a site to advertise both
6to4 and native IPv6 addresses.  A 6to4 site initiating a connection
will probably do better to use the destination's 6to4 address; similarly
for a native site using the destination's native address.  An
IPv4-to-IPv4 connection is almost certainly better than a connection
between a native and 6to4 IPv6 address.

Then you have ULIAs which are globally unique and globally scoped but
which might not be globally reachable.  As long as there's an
expectation that IPv6 addresses are PA, there will be a need for ULIAs. 
But networks using ULIAs will interconnect with other networks including
those using PA space and other networks using ULIAs. 

Then you have mobile IP which creates additional choices, and a growing
tendency for hosts to have multiple network interfaces where more than
one interface can be connected to the Internet.

The notion that you can control address visibility using DNS in this
world is pretty much a fantasy.

>> though it should be possible for the client implementation to go through
>> the list of addresses, assign a preference value to each one (based on
>> address type and number of leading bits in common with one of the
>> hosts's local addresses), then perform a stable sort by preference value.
>>     
>
> That's essentially what RFC 3484 recommends, and what causes the problem.
>   
What causes the problem is the assumption that a destination can have
multiple addresses, a source can have multiple addresses, and the party
initiating the connection can somehow make a good decision about which
address pair to use without any information from the network.

As for DNS randomization, it's never been reasonable to expect an
application to try each of several addresses in the order returned by
DNS.  The fact that many apps happened to work this way (because it was
often the easiest way to do things) was an accident, not something
required by the DNS protocol or the defined protocol for most of those apps.

Keith