IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Mark Smith <markzzzsmith@gmail.com> Wed, 08 May 2019 01:08 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D447120073 for <ipv6@ietfa.amsl.com>; Tue, 7 May 2019 18:08:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GWWLgfmglweF for <ipv6@ietfa.amsl.com>; Tue, 7 May 2019 18:08:39 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BC0612004D for <ipv6@ietf.org>; Tue, 7 May 2019 18:08:39 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id w6so16838222otl.7 for <ipv6@ietf.org>; Tue, 07 May 2019 18:08:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wr1A15TQX9LG+sWh/CU8d4dn8PmLnG0c4fWAtZPrSbk=; b=VkV8hzyNufNHUzxPRCrjvSNn2a+8MzPoixroj0IJT06DvHqSScWmM0O/Hoi/JnJkG9 BdZli3ku9sfwVkbl+TMbjSm7w237JeCeZFcTLg2+zRbxl15+HeobTQ89ifmN2SOBT1/j Y09HRgXcKEjj1dGn+66hOB+nIUw2p0t1yo9924SSIDDBzgTOUDMN4+hO6YbZk7pqN2H6 64UZwMt5TDv0Td+W84vHw2LrX0iiXG3l4AHl68bwANcP4wsPE5+VzN6+RkB9A6Ol0u2U RhBIQWVFb/Q7T6e6pQl0G/3tjOKdiCvyfDUrHzXvxb5QvAhkPB+O8Ds+b/oYktMH3C4j aI4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wr1A15TQX9LG+sWh/CU8d4dn8PmLnG0c4fWAtZPrSbk=; b=DbFnUKz//MBLWkf4CuilXnIhF+TAkHDeRPWZHH2BEkGQ9Ud5ODTI2DUEcrxx7k3EyN moULrWsr2+3OAWculjGmkJCcN69uZibBvn2saBBfDtqNbbrOpnFceMn/bIII2P9t+H8u i5+s7r9KgHYbKZ+frWZibtkdRY9rtoBqYLM/palYyVIpU+6E3/dfXncRFR5vqcS9BjHm HpWILWq4gIKmYz7yJQdsB2Kk9QLso3nO6u/TTqErWHgwJEmP838s8MAi5G+FQ5a2JvPa fYHfr9bFOV/SdeDWjKfNVYrR3szPKlcuIt0FEsEmuW9570KNYjXojCY3Uyojj/Puror8 ziQw==
X-Gm-Message-State: APjAAAVkpYfdvrYS+Fe7RUn5ZgYI/UhbxCynuyV/YCADPhAcPBJZbBsL KJzMVw723EWM+3dwb+66BCe5y6qLL620GAIYQOo=
X-Google-Smtp-Source: APXvYqwLMnh0Xbxer30EVa1zNiKYxJ7ut9IaeJEmvlnIZ41Bi6SwcTnrfgkQjLFeE5I9TSg9wHSTsM8nJQWlnp6XvVE=
X-Received: by 2002:a9d:7453:: with SMTP id p19mr7324204otk.83.1557277718439; Tue, 07 May 2019 18:08:38 -0700 (PDT)
MIME-Version: 1.0
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <20190505200449.GB7546@vurt.meerval.net> <80073906-c3c0-1f22-9e7f-c2b349063936@gmail.com> <CAO42Z2xzVW3m0mN7jEn8SYyYCYhrufVnkfp3rBjJcijBkvucNQ@mail.gmail.com> <CACWOCC-35yVYXSRR0sRL-MBMHyOFZtJx9E9h14G8qqVh5T7qGA@mail.gmail.com> <232c1a43-0fd9-4eae-737b-260a3906f72a@gmail.com> <51F2BD2A-A590-4AF1-B8C1-FE62C9416340@steffann.nl> <8C63324F-FEF6-40BD-B918-B413CDEF9186@gmail.com> <478d5dc5-af00-4ab0-d8ef-75e41cd501d4@foobar.org> <9eb009ba-234f-ea62-779b-469255543f91@gmail.com>
In-Reply-To: <9eb009ba-234f-ea62-779b-469255543f91@gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 08 May 2019 11:08:26 +1000
Message-ID: <CAO42Z2woN_BHYbo0kJ=e1Tj525=OmU8iW5a-or8JxD1qp3ovLA@mail.gmail.com>
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000396c90058855f9eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SJNXMqp-zDVtOp1nHpZciZu6Vyk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 01:08:43 -0000

On Wed., 8 May 2019, 09:19 Brian E Carpenter, <brian.e.carpenter@gmail.com>
wrote:

> Nick, excuse top posting but it seems to me that you are
> assuming that in a managed network, the hosts are all
> managed too. That's certainly a false assumption in my
> experienced: managed routers and access points with
> BYOD hosts is a very common scenario.
>
> It remains true that even so, in many cases the managed
> network could be configured to block IPv4 at layer 2.
> I can't argue against that argument.
>

Doing that is a lot more work than enabling a flag on typically no more
than the 2 IPv6 routers on the link would be.


Computers are about making things easier, so we get to spend that saved
time on something else.


That's the only reason automated mechanisms like DHCP exist. ARP exists for
the same reason. The jobs they do could have been done manually on each
individual device. In the case of DHCP, it was done manually before DHCP
was invented and supported on PCs. DHCP and ARP fundamentally save time.


Saving battery on mobile devices saves people having to spend time more
regularly recharging their batteries.


This mechanism would be also applicable in data centres. Link-layer
broadcasts are a problem in them too.

Address Resolution Problems in Large Data Center Networks

https://tools.ietf.org/html/rfc6820


Reducing and eliminating IPv4 link-layer broadcasts on large data centre
links delays having to build more links as host numbers increase. Delaying,
reducing and ideally completely avoiding that work saves time.


Regards,
Mark.


> Regards
>    Brian
>
> On 08-May-19 07:13, Nick Hilliard wrote:
> > Bob Hinden wrote on 07/05/2019 17:31:
> >> Enterprise networks are an important use case for this proposal.
> >>
> >> The draft seems to me to be clear it is focused on managed networks.
> >> It uses the word “administrator” 12 times.   There is, of course, no
> >> administrator on unmanaged networks.
> >>
> >> Would it help if the draft said the focus is for managed networks?
> > Not really, no, because when you look at it more closely, it becomes
> > apparent that the flag is redundant on managed networks.
> >
> > What's important about managed networks is that they're managed.  I.e.
> > that whatever policy is put in place by the administrator can be
> > enforced.  v6only does not and cannot enforce anything, which means that
> > from the point of view of policy or enterprise management, it fails
> > before it leaves the block.  It fails because all it does is provide an
> > advisory hint to the operating system about the intentions of the
> > network administrator.
> >
> > Drilling down further and looking at the issue from the point of view of
> > an enterprise network, management would encompass either device
> > management or fine-grained network access control, or both.  In each
> > case, the management will be enforced because if it's not enforced, it's
> > not management: it's hand-waving.
> >
> > For device management, it might be e.g. Windows group policy, or macos
> > workgroup manager, or some orchestration tool (puppet / saltstack /
> > etc), or some COTS product to do all this - there are plenty out there.
> > The point is that the management of the devices on the network will be
> > centralised and will give the administrators of the network the ability
> > to enable or disable ipv4 by application of enforced policy.
> >
> > No sane operating system manufacturer will leave the v6only option
> > enabled by default on an out-of-the-box installation because the
> > possibility of mischief is far too great. This means that if the
> > administrator wants to change this default, they will need to touch the
> > configuration of each installation.
> >
> > But here's the thing: if they already have to change the default
> > configuration to enable v6only, why wouldn't they go the whole hog and
> > just disable v4 completely?  More to the point, if they need to delve
> > into this level of operating system protocol capabilities, their policy
> > management tools will be sufficiently fine-grained to enable or disable
> > any specific protocol on any specific network that they choose.  In
> > other words, the v6only flag is almost entirely irrelevant for managed
> > networks where the management capabilities are done on the host devices.
> >   The job can be done more simply and more reliably by using existing
> tools.
> >
> > The other type of managed network is where control of the network access
> > is managed.  I've gone into some detail on this scenario on several
> > occasions before, so please forgive me for quoting these URLs:
> >
> > https://mailarchive.ietf.org/arch/msg/ipv6/NIJ194PI8CLkuZT8U_jKEOY01QI
> > https://mailarchive.ietf.org/arch/msg/ipv6/a9KBvO88PlPrO0kLr83VOBlGmpw
> >
> > Summarising:
> >
> > - L2 ACLs provide vastly superior functionality, and work today.
> >
> > - even L2 ACLs on core links can reduce the problems assertions in the
> > v6only-flag problem statement to background noise.
> >
> > - gigantic l2 domains were busted about 30 years ago as being terrible
> > network design and the ietf has no responsibility to create workarounds
> > for people who implement terrible network designs.  And if you really
> > need to implement gigantic l2 domains, you need kit which is fit for
> > purpose.
> >
> > I.e. if you want actual management, then you need to manage, and that
> > mandates enforcement.  The larger your network, the more effort you need
> > to put into designing it properly - and managing it using appropriate
> > equipment.
> >
> > I'm sure it would be possible to contrive scenarios where marginal gain
> > in functionality is achieved with the v6only flag, but in 18 months of
> > discussion (and draft-perreault-sunset4-noipv4 before it), not even a
> > single credible use case has come up where the alternatives weren't
> better.
> >
> > Nick
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email