Re: New Version Notification for draft-hinden-ipv4flag-00.txt

Simon Hobson <linux@thehobsons.co.uk> Sat, 18 November 2017 11:10 UTC

Return-Path: <linux@thehobsons.co.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34AD4126D3F for <ipv6@ietfa.amsl.com>; Sat, 18 Nov 2017 03:10:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YyYDauPzsH2D for <ipv6@ietfa.amsl.com>; Sat, 18 Nov 2017 03:10:28 -0800 (PST)
Received: from patsy.thehobsons.co.uk (ruthandcrusoe.plus.com [81.174.150.186]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EB3712025C for <ipv6@ietf.org>; Sat, 18 Nov 2017 03:10:28 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at patsy.thehobsons.co.uk
Received: from simons-macbookpro.lan (unknown [80.229.10.150]) by patsy.thehobsons.co.uk (Postfix) with ESMTPSA id C8AC11BC37 for <ipv6@ietf.org>; Sat, 18 Nov 2017 11:09:36 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: New Version Notification for draft-hinden-ipv4flag-00.txt
From: Simon Hobson <linux@thehobsons.co.uk>
In-Reply-To: <CAKD1Yr3vqJB9_virMp7+uH2zOYLDM+XNf=L1OihN0DdXzCNobA@mail.gmail.com>
Date: Sat, 18 Nov 2017 11:09:25 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <82D69638-7AD1-41B8-A2AD-EE94EAEB5106@thehobsons.co.uk>
References: <151090059151.22321.3357672601322845792.idtracker@ietfa.amsl.com> <E838C63E-7612-4AA4-9375-854C184D699E@gmail.com> <4393db44-6427-5905-c3b4-60a546f88807@gont.com.ar> <0F60023D-9EDA-4C5D-9ABB-27BEAD294780@gmail.com> <5CFC106B-E118-4576-9D0C-F9A59289A7E1@google.com> <05978309-F55F-4E1E-BDCE-B14352FC654E@gmail.com> <79680F90-1F77-4934-9A1A-2B0DE9B43525@google.com> <CAKD1Yr3vqJB9_virMp7+uH2zOYLDM+XNf=L1OihN0DdXzCNobA@mail.gmail.com>
To: IPv6 List <ipv6@ietf.org>
X-Mailer: Apple Mail (2.1510)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cpAYg07zM3LBnO0oSabyWuKiY64>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Nov 2017 11:10:30 -0000

Lorenzo Colitti <lorenzo@google.com>; wrote:

> What about an option that signified there was no IPv4 on the network? If the option is sent by any of the routers on the link, then hosts would not attempt IPv4 configuration.

Doesn't that come with exactly the same problem as described ? If *ANY* router on the network provides IPv6 only, then it'll signal that there's no IPv4 on the network even though there may well be. Since that router may or may not actually provide full connectivity, and even if it does it may not be what the network people want devices to be using, then the end result is "device sends RA, breaks network".

> Not sure how that would support IPv4 becoming available once the option has been set.

Presumably the device would stop signalling that there's no IPv4, and then it's up to the hosts to decide if they will try configuring it.

> Also, not clear how to deal with the DOS scenario where a rogue RA disables all IPv4 on the network until the end of time.

That's not really a new threat. A rogue device can issue RAs and make itself the default router and break IPv6 - so the only new aspect is that it can break hosts that do try connecting via both IPv4 and IPv6. Looking ahead to the final destination of having no IPv4, then the end effect is the same - a rogue device can use RAs to break the network.