IETF Logo Mail Archive

Re: Running code (Was: I-D Action: draft-ietf-6man-ipv6only-flag-03.txt)

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 31 October 2018 23:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F472130DD6 for <ipv6@ietfa.amsl.com>; Wed, 31 Oct 2018 16:11:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYT42C_skH5X for <ipv6@ietfa.amsl.com>; Wed, 31 Oct 2018 16:11:08 -0700 (PDT)
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6484B130DF5 for <ipv6@ietf.org>; Wed, 31 Oct 2018 16:11:08 -0700 (PDT)
Received: by mail-pl1-x62c.google.com with SMTP id c13-v6so137346plz.13 for <ipv6@ietf.org>; Wed, 31 Oct 2018 16:11:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=qtwO3fVAwuOboj2YcKithZF7AhEbdah+qTCouPMu5gA=; b=anGr5O0o3VKSohf4oP5QhA1PgMfyZE2FSQof/XBejyHr9LDjlUW6D1XZrVx7XWQGl3 UcGFfYlsEXBJR4FLcqxp4AK4Y8ppTiV06WhUClhmhdQ/wR7PsLX5uLeFL61J9if4v3Rm SZv4GoSyXzJ4Rhb02QGjrl2238sPODlxjVZ3ncIpSHBVZ3nep7BT/iFCyjj8Ie4x73QY ntE2W324gSTSwToI9K9r9bvqotoUiuKYDolKq9lQu9vi/o0iYmGqGvl3ikzkLZS3mArM y7mM60WQoaqgKGkZrNLhpsNe8pFiRfY9Pe9B/DmcvxwCerAOiMC8NLVzWD9vOMb/XgWh q3FA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=qtwO3fVAwuOboj2YcKithZF7AhEbdah+qTCouPMu5gA=; b=AuVZVOBTJXwvg3pNWDCqEr0jH5SdZSFmvg+tMpU0eH1xyvNKMFseV8oOO27fFkIhgv 9CfkpJnvDexuvkOw0OkLZC9aATUkbConNWf65nGwxb9/u6VkIl14COHei2R+OBTNPIwX 62Qjec3Wy6hJJ/KnsJE5hO+lmIAqxwUpO8mMKam8CGk/u7kImhtfHaKpRwoRh8VZzgKw J9EJRA/ePbGpzL0RHYw1PtJxexBonb7N7LtPatXftIdW0qGZSFKPhgVN0rPB6DA3N0D5 48tWadRMeywuwGzlF9yZebZNObbo9icVkF7f45VF+LXXEzdDoL8rfJs2iUNa63+tM1e5 rgZQ==
X-Gm-Message-State: AGRZ1gImOW9WGJcpiudH8jzad6B+b/BQqvhOQaGAD81Mb9npG+fjFkLQ ZJRkgXTDHHSwnBXwe8Hs1C/azP0t
X-Google-Smtp-Source: AJdET5cMuZHflEF0s/2GIf7zS0caS5JRdwmMpDjFq90BdUgX5hTjNkiScOmnrFiMXzkEcswefuA3Gw==
X-Received: by 2002:a17:902:a614:: with SMTP id u20-v6mr5242568plq.77.1541027467479; Wed, 31 Oct 2018 16:11:07 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id c124-v6sm40031460pfa.119.2018.10.31.16.11.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 16:11:06 -0700 (PDT)
Subject: Re: Running code (Was: I-D Action: draft-ietf-6man-ipv6only-flag-03.txt)
To: Simon Hobson <linux@thehobsons.co.uk>, 6man WG <ipv6@ietf.org>
References: <0d6008a4-337b-2ccb-2d9f-837f786eca65@gmail.com> <bfa4397a-aa7a-1184-4147-4cbfbfd13603@si6networks.com> <8C587906-F0EE-4A61-9046-2BFAC52588C0@isc.org> <E8DE18B5-94FC-411C-A310-E49A382E0079@thehobsons.co.uk> <e0fa8fad1b4249c9af79788323b0a922@boeing.com> <3A03A073-72E2-43A8-90A4-5C29DF445361@thehobsons.co.uk> <27fdbd71125842d888c5136684bf6e7b@boeing.com> <9A4368D6-E4B1-474C-9838-B584AF6D70C8@thehobsons.co.uk> <m1gHUMI-0000I6C@stereo.hq.phicoh.net> <9e3f31a2-2a38-cb47-a7b0-73a4c3cbf21b@gmail.com> <20181030210331.rnwwn6sh23bgo4ot@faui48f.informatik.uni-erlangen.de> <97ce4bf9-ae09-653f-b161-6c5e5456ff68@gmail.com> <04903F24-ADD5-4A13-B757-8CF348B9C65F@thehobsons.co.uk>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <21e83a4a-e7e5-ab32-4107-79912419accf@gmail.com>
Date: Thu, 01 Nov 2018 12:11:03 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <04903F24-ADD5-4A13-B757-8CF348B9C65F@thehobsons.co.uk>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/UaNCHFFDQIk1l0n6OHc8umUKlQI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 23:11:11 -0000

On 2018-10-31 22:59, Simon Hobson wrote:
> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
>> The example I've used is a an IP-based smoke detector trying to connect
>> to an IP-based central fire alarm system. Because human safety is
>> involved it needs to try every possible type of connectivity in any case,
>> so giving up on IPv4 because the IPv6 routers say so is not the right
>> answer.
> 
> I very strongly disagree with this example.
> As it's a "safety of life" issue, these devices should NEVER EVER be on anything but a safely segregated network. If they aren't, then they are NOT part of a proper fire detection system. 

You're completely correct**. But that doesn't actually change the logic
of my example. If a safety-critical device is (incorrectly) attached to
the wrong network, it's going to do whatever it can to correct the situation,
and no RFC can stop it.

   Brian

** Speaking as someone who in about 1980 ditrectly caused a beam dump
in the CERN Antiproton Accumulator because some idiot had connected the
power supply for the human safety systm to our computer room's UPS,
and I switched on a new computer that had a hard-wired ground fault
that tripped the UPS.


> There's a reason that fire detection and alarm systems are normally hard wired, with their own systems, using fire resistant cables (at least for the alarm annunciators). I find it hard to believe that any IP based system just randomly plugged into a general purpose network would pass even the basics of requirements for a fire detection & alarm system.
> Having a little knowledge of how commercial fire detection systems operate - there is a lot of work goes into fault detection and mitigation. Once you get past the basic small systems, they even have automated faulty cable detection and isolation - so get a cable short, no problem, the system will isolate that section (losing a few sensors but not the whole loop) and raise a fault alarm.
> 
> Given the number of failure modes for such an arrangement (detectors plugged into random IP network with everything else), the only sane option would be that upon loss of connectivity with the sensor, the system would have to go into fire alarm mode - there is no other option as the control system could not differentiate between a fire that's taken out power to the sensors, fire that's taken out the non-fire rated cable to the sensor, a switch failure, a power failure taking out the switch, something nicking the IP address, or an admin being unaware of this safety critical system on the network and "turning off" IPv4.
> 
> Mind you, if the system did lose connectivity by setting this flag - then it presumably understands IPv6 and will be using it, so the failure mode of setting this flag incorrectly is moot. On the other hand, if the admin decides that IPv4 is dead and filters IPv4 traffic at L2 in the switches (and the fire detection system is IPv4 only) - well that would break things and he'd get to know about it fairly quickly.
>>From experience, it's "a tad embarrassing" to set off the fire alarm because you've forgotten that part of one of your systems links into it when you're doing the periodic checks - and before you can get to the alarm panel to cancel the alarm, people are already heading out of the door :-(
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> .
>

v2.23.0 | Report a Bug | By Email