IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 08 May 2019 20:47 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 331F1120144 for <ipv6@ietfa.amsl.com>; Wed, 8 May 2019 13:47:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dRNe4BalvyzH for <ipv6@ietfa.amsl.com>; Wed, 8 May 2019 13:47:21 -0700 (PDT)
Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 219F012012C for <ipv6@ietf.org>; Wed, 8 May 2019 13:47:21 -0700 (PDT)
Received: by mail-pf1-x444.google.com with SMTP id t87so74156pfa.2 for <ipv6@ietf.org>; Wed, 08 May 2019 13:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Wx+hgJ3sBbdND96n7PD2FNR5bykz9qOLrFh5ELNTbKQ=; b=gncgxu+2ZYgnSb51wwihSAWV4zs74A5sCiLjIGknbqORGswvHTsVLUCQFxq6HWjvna ZaPuZ7brQfVm3vesKqWwhtkNUi/ak9g6pM2i67liC5kUOPnxG+WAphW2KwjT8IZ5wQ+/ 2fe8cPOIqPmW6XWumVVY+IbpX5fXbjz20wKM2J6G4b7ht8dsznb4l944SolJ5h/vLoFQ W2WQvL6QXpBe/h6CAaJMGeR9E3y9zaQc1lKwSrbVkM2DAuDV1s/sk+r9zlO7t2MvBAlF +nLdg2cf8eWvIQHhf8ZbDmH9KIzJ2SmyAhuo859Xfj6MiUh4BpAMJpNjUCE0dwpRZKUe LZng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Wx+hgJ3sBbdND96n7PD2FNR5bykz9qOLrFh5ELNTbKQ=; b=OKDQnYFOtnVBjVaJN6E6FDPgI7WTu8/M7ZwoQ5huToMUk+7VmlsCu4AcTOI8yuuyVo vZkvaGE5RDHxUjvq/O/TTwsjo5fMDluxju+g/Z519RIkgyXPMOmQW/D2wzDU0+Y59rjE ypoeFRWjyRW+qGxbX30tyf8naS5czEOg+Aww1fDnUDfQZ/bDPKATGT4hCKdRlrxdTeri 3zZSjjoVwEy7Y8tBpXtOjSUI5vY0/iXLObuiRMkx8wEFK1PbbKE3I4pTe849dM9LUOki KOM/eAZ6D5zQsD89v5K18akNh4OyA1ocOLnkIAph7bgpm6k1DRRJizu0+E8nN2zwnsr/ 5YRQ==
X-Gm-Message-State: APjAAAVA1OEh+/LaL5JKvViCb8nwDk/EoMssTJ2yv7tjN68tsmzIdYJH RM4UdZqf/Zp2/ptANCxwais=
X-Google-Smtp-Source: APXvYqyfTIVU6oDQd1dhYad5co2W1mDLzCTJ+wJUHDe75Y3UNGRXq6H7BvjyeTFlviybQOZdMrDNow==
X-Received: by 2002:a63:1866:: with SMTP id 38mr218341pgy.123.1557348440464; Wed, 08 May 2019 13:47:20 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.72.205]) by smtp.gmail.com with ESMTPSA id s79sm179765pfa.31.2019.05.08.13.47.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 13:47:19 -0700 (PDT)
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Gyan Mishra <hayabusagsm@gmail.com>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc: Sander Steffann <sander@steffann.nl>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <20190505200449.GB7546@vurt.meerval.net> <80073906-c3c0-1f22-9e7f-c2b349063936@gmail.com> <CAO42Z2xzVW3m0mN7jEn8SYyYCYhrufVnkfp3rBjJcijBkvucNQ@mail.gmail.com> <CACWOCC-35yVYXSRR0sRL-MBMHyOFZtJx9E9h14G8qqVh5T7qGA@mail.gmail.com> <232c1a43-0fd9-4eae-737b-260a3906f72a@gmail.com> <51F2BD2A-A590-4AF1-B8C1-FE62C9416340@steffann.nl> <8C63324F-FEF6-40BD-B918-B413CDEF9186@gmail.com> <BC988F7C-B262-4FF3-929A-02E6BCCE2266@steffann.nl> <BC23F51B-4135-47C6-B22F-8AE5CD8CB6F6@lists.zabbadoz.net> <CABNhwV138HVDDZf3+0wYPZoeu6j1nX5sZWhpfiaTzsQw=3BQKw@mail.gmail.com> <CABNhwV00hDtWNMmnLoXkCF5pPmA1ZcCo_sDGNAf5kVFvv7-KAA@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <f13c19c8-a6bf-dc5b-4503-eed067f80b82@gmail.com>
Date: Thu, 09 May 2019 08:47:15 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CABNhwV00hDtWNMmnLoXkCF5pPmA1ZcCo_sDGNAf5kVFvv7-KAA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YxX1MikvR8wRF8RxSBFd7J63vQE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 20:47:23 -0000

> I believe this could be a good use case to add to the draft.  I don't think I saw it mentioned. 

I'm not sure whether we want to delve into that detail in this draft, but I agree with you. Bjoern had some related discussion in draft-bz-v4goawayflag.

Regards
   Brian Carpenter

On 08-May-19 17:08, Gyan Mishra wrote:
> Bob & Brian 
> 
> At the bottom of page 8 it says...
> 
>   An attack would not succeed if the dual stack hosts had active IPv4 configuration. As specified in Section 7, a dual stack host will ignore the flag if it has active IPv4 configuration. 
> 
> So lets say Day 0 you have 4 Default gateways and you are trying to migrate hosts from Dual stack to IPv6 only you could change each of the 4 Default routers to change to start setting the flag=1 and at that point until the last router sets the flag the hosts on the subnet are able to communicate with the DHCPv6 server and have their lease until it hits the rebind time to renew.  So lets say once the last router sets his flag=1 so now we are sending all 1's by all default routers the hosts still all have active leases and lets say the lease time is 7 days.  So then what happens.  Do they continue to work until thee rebind time to renew and then IPv4 gets turned off and then all hosts are then migrated dynamically to IPv6-only.
> 
> So I guess I can see this flag being actually a very nice method to migrate all hosts on a subnet from dual stack to IPv6 only dynamically on managed networks.
> 
> From the support perspective I can see this being a big win and now you can eliminate from the "Access" user community getting the user community within an enterprise quickly converted to IPv6 only so that only IPv6 needs to be supported versus IPv4.  I can see many benefits to that one of which being IPv4 address depletion but even if you use private space internally and proxy out to the internet their are gains to be made from a IPv4 address space management overhead perspective and DHCPv4 scopes to be managed that can all be sunset.
> 
> As far as my previous points of why go IPv6 only now I can definitely see why now even though the internet is far behind that tackling the user community desktops is an easy "win" so to speak for IPv6 to get converted to IPv4 and then you can alway use 6to4 nat & 6to4 DNS to communicate with Servers within the enterprise and 6to4 proxy to communicate IPv4 out to the internet.
> 
> From a migration strategy you could do the following:
> 
> 1. Set the flag=1 and migrate Access User community subnets to IPv6 only.
> 2.  Migrate all internal enterprise servers from Dual stack to IPv6 only. 
> 
> Use 6to4 nat 6to4 dns and 6to4 proxy to get the v4 resources
> 
> Now the entire enterprise is 100% IPv6 only.  
> 
> 
> I believe this could be a good use case to add to the draft.  I don't think I saw it mentioned. 
> 
> 
> Gyan
> 
> 
> 
>   
> 
> On Wed, May 8, 2019 at 12:51 AM Gyan Mishra <hayabusagsm@gmail.com <mailto:hayabusagsm@gmail.com>> wrote:
> 
> 
>     I like this option below gives flexibility to the managed networks or use cases where the desktops are not yet ready for IPv6 only and they can flip the switch when the time is right in the future.
> 
>     ***From B Zeeb***
>     Given as of the last draft there is an option to disable processing 
>     despite implementing, OS vendors can implement the draft and do what 
>     they think suits their users.   Even more so they might leave the 
>     default to “off” for now as an “advanced option to turn on” and 
>     with a major OS update, once the world has moved on, flip the switch in 
>     the future.  
> 
>     Gyan
> 
>     On Tue, May 7, 2019 at 1:36 PM Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net <mailto:bzeeb-lists@lists.zabbadoz.net>> wrote:
> 
>         On 7 May 2019, at 16:54, Sander Steffann wrote:
> 
>         > Hi Bob,
>         >
>         >> Would it help if the draft said the focus is for managed networks?
>         >
>         > Hmm. Just stating where it's supposed to be used doesn't prevent abuse
>         > in other situations. If we can actually limit the potential impact on
>         > devices on unmanaged networks then that would be great.
>         >
>         > I understand this is not easy, as the same devices will be used on
>         > both networks.
> 
>         Given as of the last draft there is an option to disable processing
>         despite implementing, OS vendors can implement the draft and do what
>         they think suits their users.   Even more so they might leave the
>         default to “off” for now as an “advanced option to turn on” and
>         with a major OS update, once the world has moved on, flip the switch in
>         the future.
> 
>         I can foresee a time when ISPs really don’t want to deal with the IPv4
>         for end users anymore and you’ll be happy to have the option then. 
>         Based on 8+ years of an ipv6-only unmanaged home network (but some code
>         under my control) I can tell you that I’ll be happy if more vendors
>         start thinking “what if there’s no DCHPv4 or IPv4 gateway
>         anymore?” now!  Especially all the smart gadgets that make it into the
>         homes at the moment and multi-function devices.  If it doesn’t happen
>         soon, your support calls will come the moment you want to have the flag
>         and turn it on and it’s not there.  This is investing in a future to
>         come now with the option to leave it off until we get to the point.
> 
>         That said I am sure ISPs already talking to many of these “smart
>         entertainment device vendors” given they probably get enough support
>         calls for them anyway..  It’s in your hands to give them an extra bit
>         to better prepare for the future, and possibly in the meantime improving
>         the dual-stack IPv6 as well.
> 
>         /bz
> 
>         --------------------------------------------------------------------
>         IETF IPv6 working group mailing list
>         ipv6@ietf.org <mailto:ipv6@ietf.org>
>         Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>         --------------------------------------------------------------------
> 
> 
> 
>     -- 
>     Gyan S. Mishra
>     IT Network Engineering & Technology Consultant
>     Routing & Switching / Service Provider MPLS & IPv6 Expert
>     www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT <http://www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT>
>     Mobile – 202-734-1000
> 
> 
> 
> -- 
> Gyan S. Mishra
> IT Network Engineering & Technology Consultant
> Routing & Switching / Service Provider MPLS & IPv6 Expert
> www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT <http://www.linkedin.com/in/GYAN-MISHRA-RS-SP-MPLS-IPV6-EXPERT>
> Mobile – 202-734-1000
>

v2.23.0 | Report a Bug | By Email