IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 08 May 2019 22:26 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E9912017F for <ipv6@ietfa.amsl.com>; Wed, 8 May 2019 15:26:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8hx_nwhnXp1 for <ipv6@ietfa.amsl.com>; Wed, 8 May 2019 15:26:16 -0700 (PDT)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A705512013E for <ipv6@ietf.org>; Wed, 8 May 2019 15:26:16 -0700 (PDT)
Received: by mail-pl1-x635.google.com with SMTP id b3so83179plr.7 for <ipv6@ietf.org>; Wed, 08 May 2019 15:26:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=SN1wgDb8hF2hXw2R0QIVxPJQqvcKBKaxOdiMbuoE0IQ=; b=Qc7lTRgudNeOAb5d+PitcDBMZf3yx86ctz7hSYi8ba6NfZW5nUX0KKqDEN6d/evehb ceE/yvWUERAbGBxm/dRtcdBnfLNzWYa6dk9M4bTUeJyMU/6dO2bRyFqAo9OXJ/yXRTwj o0/9c01Ldg18yTtCLtFMwhulEfUCAju7WeVVeNQT1xMXkuyBMlsq+2STUwCyjw7YxAWK asyy5oHt1DYWTAz9+shgkEIT+62uNnpfwJ8irW2cjFhklUu1nF1K9mYPnsyF9OUm4px5 NDiSasJ7m5QVwzo0qtmpwSY0o8pLj3Kx5qwyQHZReTEO4+HJgC4HLqDSK9V6N5CYlRxH KH0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SN1wgDb8hF2hXw2R0QIVxPJQqvcKBKaxOdiMbuoE0IQ=; b=VVYK6cAsxQdxKim+1bJAOxrjpdaZJuxTdD0THCokKR3DCAC0LGf4AYxiD0yIiBZDLJ vJvv0eLKchpZTmZ1vVqV4qGorL2mgBw/d/m+TG/Lb/2uvTCNmN8ejcrxT3WyXAuFvYfi i7Wk7IKVe70FqMwGn0+sSe0hxFpUpyleq+yerfrnYR0VSgQSRR01QbYSAj0WlUxkLSKO EuW1WHnE0EHAGSPnpvasPwf42aUSdrle4KXEC3datPji4Vj6HGdB0vDkyuPk4P2SNrc6 VTCOSGPItgmIepfj+hCWUb3SLYpIqdhjGvLl50bNkIybBjBsmBmSRylA2UjEvBlzG/CG zDQQ==
X-Gm-Message-State: APjAAAUdV5vRll9z7DHmuS7hxTUoTU2MyftbUU9Fy9cp7aP9uOlGcu1d VGDhSwnjN11uDsC+HrVMvpY=
X-Google-Smtp-Source: APXvYqwcwSA7zIObnhxU+1lL4nLtGaelqLNwugc2EhzWtSQWEWWpPbhZFYQ9ASN/olHiMGip8S8UgQ==
X-Received: by 2002:a17:902:e188:: with SMTP id cd8mr398216plb.110.1557354375429; Wed, 08 May 2019 15:26:15 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.72.205]) by smtp.gmail.com with ESMTPSA id i129sm296766pfc.163.2019.05.08.15.26.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 15:26:14 -0700 (PDT)
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: David Farmer <farmer@umn.edu>, Fernando Gont <fernando@gont.com.ar>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <8b9fd743-bfcc-525c-98f6-154f3fa713cc@foobar.org> <CAO42Z2zEWvt9NyemMb8H0AEvPvmNSDGa4wcXiS6n5yRxNFCHQg@mail.gmail.com> <c7e18765-be04-6494-8193-984dbccb520b@foobar.org> <CANMZLAYh+V57yrWOzmUyjSMK0g95u1D5_GZmyZBMOMKAZnrnCg@mail.gmail.com> <3F474511-6FE3-4A0A-9B84-7C37F08FBB5D@steffann.nl> <E352C226-C708-4418-BCDE-10525CAB109A@jisc.ac.uk> <652fb10e-b8ce-0151-a9a0-62d2378caed2@gmail.com> <0079c716-d56c-7199-f493-f5e56e1307ae@foobar.org> <b33de303-eaca-f7f6-804e-2c9343eb92a1@gmail.com> <6C4ABEF1-2565-4BA9-9FC5-5B3C45A719AD@gmail.com> <c2222416-6491-1906-a403-d012777a4b38@gmail.com> <CABNhwV0-SdKZqQa4z9jhpc8h1Eq=8UxRhtvHt1==BYEMTVRjug@mail.gmail.com> <96790121-7D50-4C6F-924F-87065B989E44@gmail.com> <ccab3694-54f2-bdd1-f8ac-cb159dbc0a81@gont.com.ar> <CAN-Dau0_w0n9C6grqi1bXAL-k239K7RMiQyhx5=c-Y_wqrV2OQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <5ea31cc7-8eb2-cf09-6fea-858ec79ff08a@gmail.com>
Date: Thu, 09 May 2019 10:26:10 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAN-Dau0_w0n9C6grqi1bXAL-k239K7RMiQyhx5=c-Y_wqrV2OQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/UL_0uFAbKPZSJdSAXivJ6cQA9EE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 22:26:19 -0000

David,



Regards
   Brian Carpenter

On 09-May-19 09:55, David Farmer wrote:
> 
> 
> On Wed, May 8, 2019 at 2:54 PM Fernando Gont <fernando@gont.com.ar <mailto:fernando@gont.com.ar>> wrote:
> 
>     The question is probably why not use IPv4 to disable IPv4. Entangling
>     one protocol with another generally leads to increased complexity, and
>     interesting attack vectors.
> 
>     I wonder why, if the issue is really a layer 2- one (e.g., stations
>     being awaken unnecessarily), the problem is not solved at layer 2- --
>     e.g. filtering at layer to, based on the Ether Proto.
> 
>     Thoughts?
> 
> 
> First, I don't think this flag is tangling the streams so to speak, IPv4 and IPv6 are tangled by the dual-stack model. I think of the flag as trying to untangle IPv6 from IPv4 so we can run IPv6-Only on dual-stack hosts.
> 
> The primary signal for a dual-stack host to not configure an IPv4 address should be the failure to receive an IPv4 address from a DHCPv4 Server [RFC2131]. This flag should be a secondary signal for a dual-stack host to not auto-configured an IPv4 Link-Local addresses [RFC3927] assuming an address has not received via DHCPv4, to not perform any IPv4 service discovery (such as mDNS [RFC6762]) using IPv4 Link-Local Addresses, and further, to limit the number of attempts that are made to configure an IPv4 address via DHCPv4. 
> 
> Otherwise, without this secondary signal, when a dual-stack host does not receive an IPv4 address from a DHCPv4 Server it would normally auto-configured an IPv4 Link-Local addresses, perform IPv4 service discovery (such as mDNS [RFC6762]) using IPv4 Link-Local addresses, and some dual-stack hosts are quite persistent in their attempt to configure an IPv4 address. It is these sides effects of not receiving an IPv4 address from a DHCPv4 Server that the flag needs to mitigate and that are necessary to untangle IPv6 from IPv4 to run IPv6-Only on dual-stack hosts.
> 
> This secondary signal needs to be expressed with an IPv6 mechanism so that it is compatible with Layer 2 filtering of IPv4 Ethertypes, however, use of the flag doesn't require this filtering. If this signal is expressed in IPv4 then it is impossible for the signal to be received in the presence of Layer 2 filtering of IPv4 Ethertypes. 
> 
> The following is the rewrite I propose for the logic in the Host Behavior Considerations Section based on the above restatement of the purpose of the flag. 
> 
> ---
> 
> A host that receives any RAs with the flag set to 1 SHOULD NOT auto-configured an IPv4 Link-Local Addresses [RFC3927] when it fails to receive an IPv4 address via DHCPv4 [RFC2131] and therefore SHOULD NOT perform IPv4 service discovery (such as mDNS [RFC6762]) using IPv4 Link-Local addresses.
> 
> A host that receives only RAs with the flag set to 1 SHOULD make a limit number of attempts to configure an IPv4 address via DHCPv4 and then make no further attempts. OPTIONAL, such a host could make no attempt to configure an IPv4 address at all. 
> 
> As soon as a host receives any RAs with the flag set to 0 it SHOULD attempt to configure an IPv4 address via DHCPv4 if it does not already have an IPv4 address configured, and MAY continue to periodically attempt to configure an IPv4 address via DHCPv4 if it does not receive an IPv4 address from a DHCPv4 Server as long as it is receiving any RAs with the flag set to 0.
> 
> A host that successfully configures an IPv4 address received via DHCPv4 SHOULD continue using it and attempt to renew it when necessary regardless the status of the flag in the RAs it is receiving. Further, it MAY perform IPv4 service discovery (such as mDNS [RFC6762]) using the configured IPv4 address.
> 
> Thanks.
> 
> -- 
> ===============================================
> David Farmer               Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota  
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email