Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

[David Farmer <farmer@umn.edu>]

On Sun, May 12, 2019 at 10:20 AM Philip Homburg <
pch-ipv6-ietf-6@u-1.phicoh.com> wrote:

> >In my opinion, you are correct if that were the only or even the primary
> >source of futile IPv4 traffic. In effect, RFC 3927 configures a Link-Local
> >IPv4 scoped address if a DHCPOFFER is not received, and then this
> >Link-Local address is used to perform futile IPv4 service discovery. From
> >my perspective, this is the primary problem, not futile IPv4
> DHCPDISCOVERS.
> >As you say exponential backoff of the DHCPDISCOVERS would easily control
> >that issue. However, something also needs to signal the dual-stack host to
> >not perform IPv4 service discovery because the dual-stack host is on an
> >IPv6-Only network, I believe this flag serves this purpose well.
>
> It is safe to assume that if an interface has no IPv4 address
> configured at all then that interface cannot be used for IPv4 service
> discovery
>
> We can assume that on an IPv6-only network there will be no DHCPv4 so the
> host will not get addresses through that route.
>
> That leaves RFC 3927. I think a simple heurisctic could be the following:
> A host SHOULD NOT configure an RFC 3927 on an interface if the host has
> working IPv6 on that interface unless the configuration of an IPv4 link
> local
> address is explicitly requested by the user.
>

Yes, that is a possible solution.  However, that solution continuously
links IPv4 to IPv6 and only unlinks them if the host has been configured to
unlink them. Whereas this flag only links IPv4 to IPv6 if the network
Administrator has consciously decided to do so. Also, as currently written
the host can be configured to ignore the flag and never link IPv4 to IPv6.

The problem is, without a flag to clearly designate a network as IPv6-Only,
then with your proposal if the DHCPv4 server on a dual-stack network ever
decides to not grant an IPv4 address to a client, due to a misconfiguration
or it simply crashes, then that client will inappropriately disable
RFC3927.  Whereas with a flag declaring a network as IPv6-Only, RFC3927 is
only inappropriately disabled when two misconfigurations or a
misconfiguration and a problem occurs.

I contend that having a flag to declare a network as IPv6-only is the only
way to safely change the behavior of the IPv4 stack on dual-stack hosts
without creating corner cases where something happens inappropriately.
Also, for the flag to be safe, it must be a secondary signal, the primary
signal for a dual-stack host to not configure a global scope unicast IPv4
address is the lack of any IPv4 DHCPOFFERS.  This way to inappropriately
disable IPv4 on an operational dual-stack network, or an IPv4-Only network
you have to both set the flag on all RAs and disable the IPv4 DHCP server.

Thanks.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================