Re: IPv4 traffic on "ietf-v6ONLY"

Tim Chown <Tim.Chown@jisc.ac.uk> Thu, 16 November 2017 15:10 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EAFA129423 for <ipv6@ietfa.amsl.com>; Thu, 16 Nov 2017 07:10:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jisc.ac.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDElGCq74yhY for <ipv6@ietfa.amsl.com>; Thu, 16 Nov 2017 07:10:42 -0800 (PST)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [146.101.78.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 992B0129562 for <ipv6@ietf.org>; Thu, 16 Nov 2017 07:10:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc.ac.uk; s=mimecast20170213; t=1510845040; h=from:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:in-reply-to:references; bh=cI9qPdIde5GEyoH9VPaohNEYYtem6wtvAPKTW5eHKIE=; b=SxUUhI6hUN4bVdCp3vH/Su/2GWDJMIPknoyetv2xxhadMNrQgNnjQU0mGVvs7+Cz0ojQho5T3k+JKD4B3ncNh70o0YsvTG1iBgQ5I6jMA6RyDrCEmGTDUNxVnS1oq9L44u3B+2wHHHFplhSFC9ShKQr1MTJUIqd1elgP78+2Brk=
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp0209.outbound.protection.outlook.com [213.199.154.209]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-111-MLAyu4guMPWxp5DlWE9IGA-1; Thu, 16 Nov 2017 15:10:36 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1137.eurprd07.prod.outlook.com (10.163.188.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.2; Thu, 16 Nov 2017 15:10:35 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::d9b7:5aa5:5084:74c2]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::d9b7:5aa5:5084:74c2%13]) with mapi id 15.20.0239.005; Thu, 16 Nov 2017 15:10:35 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: David Farmer <farmer@umn.edu>
CC: Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>, 6man WG <ipv6@ietf.org>
Subject: Re: IPv4 traffic on "ietf-v6ONLY"
Thread-Topic: IPv4 traffic on "ietf-v6ONLY"
Thread-Index: AQHTXuC79vC4sHTDhU2mItXTxkERoKMXHFgA
Date: Thu, 16 Nov 2017 15:10:35 +0000
Message-ID: <7BDA3AE4-E7DE-4859-8ADC-758D6C49215F@jisc.ac.uk>
References: <f9805855-68cf-a3e8-a13f-c6ac31b09058@gmail.com> <bbd4e1d2-047f-6758-76f8-fd591c51dad7@gmail.com> <D631CE54.8C0F5%lee@asgard.org> <m1eEvEP-0000G3C@stereo.hq.phicoh.net> <5655992F-737A-4223-A917-63CAD6DF7A1D@cisco.com> <m1eEvku-0000F7C@stereo.hq.phicoh.net> <CAN-Dau0OSqxYWhV4F0MuJFWWfQBA+ntHaPhTbKTtZxYkLmhbGw@mail.gmail.com>
In-Reply-To: <CAN-Dau0OSqxYWhV4F0MuJFWWfQBA+ntHaPhTbKTtZxYkLmhbGw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.4.7)
x-originating-ip: [194.82.140.195]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1137; 20:pPa85q5AxriQ8qR/1D6qVmx9P4kJ5FxRyPN5td6Hy80sAunX8eChicABDih2PYG0tJYL5WBuIun2FqT04LmFX7B9V+cg96UpFObO3IAffZXU4ZeC6o7vaVvn7QY0/miHKwuTWTHNo9gPw+jkUj657FtddACJx/8yhtICUq/yN2g=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 529f4ea9-06f8-44de-b81b-08d52d043024
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:AM3PR07MB1137;
x-ms-traffictypediagnostic: AM3PR07MB1137:
x-microsoft-antispam-prvs: <AM3PR07MB11370BB1CD7488368AB94105D62E0@AM3PR07MB1137.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(8104003914727);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231022)(93006095)(93001095)(100000703101)(100105400095)(6041248)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123564025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM3PR07MB1137; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM3PR07MB1137;
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(24454002)(189002)(199003)(229853002)(82746002)(7736002)(25786009)(54906003)(305945005)(74482002)(786003)(4326008)(57306001)(316002)(189998001)(53936002)(50986999)(99286004)(2900100001)(102836003)(6116002)(2171002)(6916009)(53546010)(42882006)(76176999)(83716003)(106356001)(2950100002)(3846002)(33656002)(6246003)(97736004)(6512007)(5660300001)(50226002)(6486002)(86362001)(66066001)(478600001)(101416001)(3660700001)(8676002)(36756003)(6436002)(68736007)(72206003)(2906002)(5250100002)(105586002)(81156014)(6506006)(8936002)(14454004)(3280700002)(81166006)(93886005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1137; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <9CFF18A5DA00DE4A9AB725ED1732286C@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 529f4ea9-06f8-44de-b81b-08d52d043024
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 15:10:35.2687 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1137
X-MC-Unique: MLAyu4guMPWxp5DlWE9IGA-1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/C2zDOBJ4wqxbaDgL1fBySk82VKg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 15:10:45 -0000

> On 16 Nov 2017, at 13:42, David Farmer <farmer@umn.edu> wrote:
> 
> On Wed, Nov 15, 2017 at 5:21 AM, Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com> wrote:
> >     Perhaps, define a DHCPv6 option to convey v6-only, for which
> >     the client interpretation should be to suppress v4.  Although
> >    this will be at the cross road with allowing client's wishes to
> >    use v4 LL for whatever useless/useful traffic, it would be a
> >    reasonable deployment policy to enforce.
> 
> The problem with a DHCPv6 option is that an IPv4-only network may not be
> prepared to defend against rogue DHCPv6 servers.
> 
> So anyone who starts such a server can kick everybody else of the IPv4 network.
> 
> Great option for an overcrowded hotel or conference network.
> 
> Sorry, but that ship has sailed. If you are purposefully IPv4-only, you have to deal with rogue IPv6 RAs at least, and probably rogue DHCPv6 servers too, or you need to filter ethertype 0x86DD altogether. Otherwise, a rogue signal to turn off IPv4 is the least of your worries.  Malicious or even accidental deployment of IPv6 is a bigger security worry on these networks than a rogue signal to turn off IPv4. 
> 
> I'm not saying that a rogue signal to turn off IPv4 isn't a problem. Just if your willing to ignore rogue IPv6 deployment, then worrying about a rogue signal to turn off IPv4 seems kind of selective.

Indeed. 

Perhaps there’s a case for a ‘flip’ Informational document to RFC 7123, as an advisory document, but even that’s a bit tenuous.

Tim