IETF Logo Mail Archive

Re: Fwd: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 08 May 2019 00:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DAFF12013A for <ipv6@ietfa.amsl.com>; Tue, 7 May 2019 17:11:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U-FtX2Sw9u_G for <ipv6@ietfa.amsl.com>; Tue, 7 May 2019 17:11:33 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BFB912006E for <ipv6@ietf.org>; Tue, 7 May 2019 17:11:33 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id g9so1557945plm.6 for <ipv6@ietf.org>; Tue, 07 May 2019 17:11:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=4wUBrDHqvhgs3QHcmDtZ5RZYdDTYNQdCBYFpBJO7VY0=; b=PHmdmTxok20yIqhcaCkkU81GRgSqZvWCvqlznkLtfUigxEuPAs/O584dntbc7nNU6Q qsLiA/kUjU2CFUg9lXPVY4d50XNnaD87GwshMf06JNSJDPqNePm5xeXMUFITy6ZoQ7me 25+cvPY4Ui+kwo2S0yTCD3DyjTY7ct+pGWS/VnCqTlWKL5oVB/LapgRXkCFpAKNH1zWP vLNpfH7v5+5D9Ct3j4qCzNxccETUHjh4ZgyLDuEWrMidvwI5uaiTLHSbPAZqALZAoN1Q DMKehPDgfDAcfaLi4muRGzRX7A0mKX2CyC+llZ1MEWtmre8hZbb6bTH1vd75t5xfD0kn 4hzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=4wUBrDHqvhgs3QHcmDtZ5RZYdDTYNQdCBYFpBJO7VY0=; b=oAGBLM1zYf0N7AsNNLUJcYxEtV/UT9igtKkQ/QicXGfhujmz+/WQ/hrylwnr0+oln3 H4H2AJ4qVvGY50Wm84oAwJmurqSp7DJ7tMsC07Yu/tGZ69gUFKhijIZof8Wo9RCX7TYl KMjECL+fWlVGt3ZIF6iw1wVk58dNWgw7e/ZQzdM3jDPTdJoMVOu9A5iNBLm+o/wOMwCC 7EdtVzPiWfCPQUT7du+2qFQv/+jxvNvNJC1dblnxJTuDR9p5kSb1nIkDHdEOKMlxMS6K zBU5NRUpJFN0UDOIDoBLbeVJ62v+FDayeaYv+lZjXkulQ8EjnRfw13ZCjn4ait/Ffffl Zz+w==
X-Gm-Message-State: APjAAAWXeE5wMS6zhS33XbKzGZn/JxXuDtqOX8FjG2JB1UU6lwlIa8cX fFU11QkAuGMyNsfbbpICl50nUTay
X-Google-Smtp-Source: APXvYqy6jtyUo9T9fVWY53wXlDZRNyIeCM5Kwxmv1hV5nEn2C9DHv1Sx8/yblbx2Zjs3C+idhrM0SA==
X-Received: by 2002:a17:902:7486:: with SMTP id h6mr8576033pll.58.1557274292363; Tue, 07 May 2019 17:11:32 -0700 (PDT)
Received: from [130.216.36.6] (sc-cs-567-laptop.uoa.auckland.ac.nz. [130.216.36.6]) by smtp.gmail.com with ESMTPSA id b22sm22255764pgg.88.2019.05.07.17.11.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 May 2019 17:11:31 -0700 (PDT)
Subject: Re: Fwd: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: David Farmer <farmer@umn.edu>, 6man WG <ipv6@ietf.org>
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <alpine.DEB.2.20.1905070846120.1824@uplift.swm.pp.se> <5bf11ff3fb3b4ba88c33c23521d931e8@boeing.com> <CAN-Dau3BtudB5HM=1u72BExu_64teEDeO7i+aQXhk28Qc2u2vA@mail.gmail.com> <CAN-Dau0Rv3YKg+rmwMK2yDOD0iDi-=bG0uGq0yNMTkLH7nAGBw@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <2a5975e9-d5ae-afa8-083c-a5e0ae1f245b@gmail.com>
Date: Wed, 08 May 2019 12:11:27 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAN-Dau0Rv3YKg+rmwMK2yDOD0iDi-=bG0uGq0yNMTkLH7nAGBw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/L2nnBdgP5u1Tn3Sf1WeO_vMD2ZQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 00:11:36 -0000

Speaking for myself:

> In the presence of the flag, a host MAY attempt DHCPv4 a limited number of times, but MUST NOT perform Stateless Auto-Configuration of an IPv4 address and MUST NOT perform any service discovery (such as mDNS) unless it receives a unicast IPv4 address from DHCPv4 server or relay on the network.

In effect that expands the current SHOULD NOT text, which says:

>>> A host that receives only RAs with the flag set to 1 SHOULD NOT
>>> attempt any IPv4 operations, unless it subsequently receives at least
>>> one RA with the flag set to zero.

I think that's a reasonable addition, if the document proceeds.

   Brian

On 08-May-19 10:23, David Farmer wrote:
> Whoops, I lost the list somehow.
> 
> ---------- Forwarded message ---------
> From: *David Farmer* <farmer@umn.edu <mailto:farmer@umn.edu>>
> Date: Tue, May 7, 2019 at 5:13 PM
> Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
> To: Manfredi (US), Albert E <albert.e.manfredi@boeing.com <mailto:albert.e.manfredi@boeing.com>>
> 
> 
> 
> 
> On Tue, May 7, 2019 at 4:26 PM Manfredi (US), Albert E <albert.e.manfredi@boeing.com <mailto:albert.e.manfredi@boeing.com>> wrote:
> 
>     On Mon, 29 Apr 2019, Ole Troan wrote:
> 
>     > At the 6man meeting at IETF 104 in Prague there was support to close the working group last call and advance
>     > draft-ietf-6man-ipv6only-flag-05 to the IESG.
>     >
>     > This call is to confirm that decision on the mailing list.
>     >
>     > Please give objections and comments to this decision to the mailing list, by 2019-05-13.
> 
>     I've not changed my mind on this. The flag seems unnecessary, and if anything, can cause confusion and problems. It seems to have been motivated by people wanting to see what it would be like to get all IPv4 users off the network, at an IETF meeting, and then people have been trying to make the case that it would be generically useful.
> 
>     There are other ways of sunsetting IPv4 if a network wants to, exactly the same as any number of older network protocols have been obsoleted, never needing any new explicit flag for the purpose. And I would way prefer for equipment vendors themselves, such as smartphone vendors, to create their own heuristics, if they feel that IPv4 is so wasteful of battery power. The onus should be on them, IMO, not on the IETF, and certainly not on other users of the network who might not know or pay attention to that flag.
> 
>     The KISS principle holds. Only add complications if it's essential.
> 
> 
> The two alternatives to this flag I've heard discussed are;
> 
> 1. Layer 2 filtering of Etherthypes 0x0800 and 0x0806
> 2. RFC2563 to signal host to not use Link-local IPv4
> 
> The problem is, these two options are incompatible with each other. You can either block IPv4 traffic or signal the host that not to use Link-local IPv4, you really can't do both at the same time.
> 
> I just had a thought, what if the host behavior for the flag was changed to be more like the behavior specified for RFC2563? 
> 
> In the presence of the flag, a host MAY attempt DHCPv4 a limited number of times, but MUST NOT perform Stateless Auto-Configuration of an IPv4 address and MUST NOT perform any service discovery (such as mDNS) unless it receives a unicast IPv4 address from DHCPv4 server or relay on the network.
> 
> This way a Rogue RA with this flag set is much less dangerous than a Rouge DHCPv4 server and doesn't directly impede IPv4 internet access. It would impede Link-local IPv4, but only if there is not a functioning DHCPv4 server or the attacker can also block the DHCPv4 process in addition to announcing a rogue RA with the flag set.
>  
> Would that be acceptable?
> 
> -- 
> ===============================================
> David Farmer               Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota  
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> 
> 
> -- 
> ===============================================
> David Farmer               Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota  
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email