Re: you have running code ... I-D Action: draft-ietf-6man-ipv6only-flag-03.txt

["Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>]

On 2 Nov 2018, at 6:09, Lee Howard wrote:

> Doesn't it mean that user space applications on a host that 
> had/expected IPv4 would fail?
>
> I think I described my interop concern: 
> https://mailarchive.ietf.org/arch/browse/ipv6/?qdr=m&so=frm
>
> IPv4-only hosts, and dual-stack hosts
> that do not recognize the new
>     flag, may continue to attempt IPv4 operations
>
> If some devices require IPv4 and others disable IPv4, you have lost 
> connectivity between systems on a local network. As written, this is 
> not considered a misconfiguration by the administrator who sets the 
> flag.

The draft says “
    Dual stack hosts that have a good reason to use IPv4, for example 
for
    a specific IPv4 link-local service, can attempt to do so.  Therefore
    respect of the IPv6-Only flag is recommended, not mandatory, for
    hosts.

    Administrators SHOULD only use this mechanism if they are certain
    that the link is IPv6-Only.  For example, in cases where there is a
    need to continue to use IPv4, when there are intended to be 
IPv4-only
    hosts or IPv4 routers on the link, setting this flag to 1 is a
    configuration error.”


And heck, if user space applications fail because v4 doesn’t work 
anymore, than they work based on an assumption (and have been for 20 
years) and they’d better get fixed.

Here’s how it goes: (a) network admin turns ipv6-only on, 98 of 100 
hosts are fine;  2 hosts with their secret covert channel no longer talk 
for some obscure thing interacting on the local network only.  (b) users 
panic looking at their “very important service” (e.g., their private 
chat protocol written out of boredom at the end of 1999).  (c) admins 
shrug and move these two machines into a quarantine network where they 
can still talk ipv4 and will be (1) running forever until the hardware 
dies, (2) until someone fixes the software to use ipv6, (3) for the next 
6 months until the vlan is decommissioned.

The answer is: if that service is critical you will (A) be happy you 
found out about that problem if no one knew about it before and (B) 
you’ll do everything to fix it in a good way (and that could also be 
to disable that flag for another two weeks until everything is sorted).  
But you’ll fix that software.    If it’s not relevant it goes into 
“collateral damage” and you are happy that the thing is gone from 
your network and your “network hygiene level just went form orange to 
green”.

I’ve played these games for more than 8 years.  And you have to play 
them a lot less these days compared to 2010.

I guess it all depends how you arrive at the day to “turn the 
IPv6-Only flag on”.  Ideally you have selective removed IPv4 from the 
network before so the flag more or less ends up to be just a “OK, this 
is IPv6-only so make sure it stays that way” for where you have 
critical services.   But this is all “ops” and not 6man.


>>> This also disregards the issue of whether the flag was either 
>>> necessary
>>> or a good idea to start with, and nearly 700 emails into this
>>> discussion, the WG seems to be hopelessly divided on these issues.
>> I'll leave that one to the WG chair who isn't a co-author. But I will
>> say that in my mind the issue is whether the feature is one that will
>> be valuable in 5, 10 or 20 years time rather than whether it's 
>> valuable
>> today.
>
> I've come into the camp that believes that in 10 or 20 years IPv4 will 
> be disabled by default. When people post to stackoverflow complaining 
> that their 10-20 year old devices are unreachable from their brand new 
> devices, the response will be, "The old stuff might be using the old 
> protocol, IPv4. Go into Control Panel, Networking, Protocols, select 
> IPv4, click enable."

Very much like people posted “My token ring can’t talk to my 
ethernet?”  Look in 10 years the IPv4-only Islands will be very much 
understood.  People will be looking for “migrating” these to 
“something entirely new”.


> If that's likely, then this flag is only useful in the interim 5 
> years. During that time, I would like to maximize connectivity.

The flag will still be useful in 127 years when people will do IPv9 and 
there’ll be people around who say “This IPv9 stuff I am not going to 
touch, keep this legacy IPv6 on until everyone else in the world has 
moved.  Then I can go and look.”


> If a network administrator wants central control over IPv4/IPv6 
> enablement in hosts, there are better, more centralized tools for 
> that. As a principle, host behavior should be managed by host 
> management tools, and not by hints from a router.

Or by hints from a central directory service?  I guess it’s better 
I’ll remove your host entry from my dhcp server as well immediately 
then.  And also stop answering ARP and RS for you.  You can configure 
that using your host tools.

/bz