Re: Fwd: New Version Notification for draft-hinden-ipv4flag-00.txt

[Brian E Carpenter <brian.e.carpenter@gmail.com>]

Hi,

This time, not truncated by fat-fingering.

Here are some consolidated responses to a very long thread:

> draft-ietf-sunset4-noipv4

Sorry we were unaware of that. I think that a new look at
this approach is needed given the increased experience
that we now have. But at the very minimum our draft
should recognize the earlier work.

>  If the
> meaning of the flag were modified to indicate that there is either no IPv4
> service on the advertising router, or that any IPv4 service provided is
> intended to be limited to only hosts needing it for backward
> compatibility... what I'm proposing allows a limited scale legacy IPv4
> service to be provided instead of a full scale IPv4 service.

I think that semantic ("we have IPv4 but please don't use it") is
unlikely to work in our dog-eats-dog Internet.

> I also suggest a "Host behavior" section be added.

Good idea.

> I’ve the feeling reading your proposal that you’re assuming that the dual-stack hosts have the transition mechanism built-in

That's certainly not my intention. Cellular networks are different,
but in a general-purpose network, classical dual stack hosts is
the only safe assumption. We should clarify the document scope.

> - this is a trivial DOS if there is really an IPv4 network

Any single occurrence of flag==0 says IPv4 is available. Any number
of flag==1 does not change this. So this attack does not exist.
 
>   — "A host that receives Flag=1 should stop sending IPv4" 

Yes, that is wrong as a stand-alone statement; it needs to be
qualified (in the simplest case, "only Flag=1", but it needs
to refer to unexpired router lifetimes, so more words are needed.)
 
> So, no… we’re not going to stop sending RA messages (lifetime=0) . And so, we’re going to step on this 4=1 bit until the end of time. In other words, this draft won’t do what it hopes to do.

So who is defeating the intent of the existing standards there?
OK, maybe we'd better not have that conversation. We'll think
about whether special-casing lifetime==0, but the solution is
fail-safe: even one unexpired RA with flag==0 will override any
number of flag==1. We will never switch off IPv4 in such a case.

> Yep, a single flag won't work unless all routers agree on it.

That's a feature, not a bug. That's why the proposal is fail-safe.

> It would be up to the administrator to ensure that no router sent the
> option unless the network were truly IPv4-only.

No. It's router-by-router, so *all* routers must send flag==1 to
change host behaviour to IPv6-only. Default host behaviour is
dual stack.

>     [1] I would propose making it an EFO bit and leave the reserved
> bits for potentially more IPv6-critical information signaling.

Don't you think that switching off IPv4 is IPv6-critical? :-)

>     [2] I would not say that 0 means "IPv4 is Available on this
> Router" but rather "this router makes no attestation about the
> availability or lack thereof of IPv4"

I'm not sure.  It doesn't really matter, because it's only when
there are no unexpired RAs with flag==0 that we switch off IPv4.
So the only assertion that matters is that flag==1 means "I don't
route IPv4, but I don't know what other routers do."

> 
> there would also be a SAVI implication here; otherwise any connected
> host on an l2 domain would be able to disable ipv4 on any host that was
> listening to a flag of this form.

No. As long as at least one unexpired RA has flag==0, nobody stops
trying IPv4. A bad actor can send as many flag==1 bogons as it
wants; they will be no-ops.

    Brian