Re: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Sun, 19 November 2017 10:15 UTC

Return-Path: <prvs=14962de760=jordi.palet@consulintel.es>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BEE61243F6 for <ipv6@ietfa.amsl.com>; Sun, 19 Nov 2017 02:15:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyZjT0ZzA0sb for <ipv6@ietfa.amsl.com>; Sun, 19 Nov 2017 02:15:05 -0800 (PST)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94A421200C1 for <ipv6@ietf.org>; Sun, 19 Nov 2017 02:15:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1511086172; x=1511690972; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=QJ1IO4VxZAgTt8M3c6TPMrYek uOeK5gR+SkpSDY007U=; b=NOQiHK/z8TK1EadYuErQQi0dZqXVoU6cxzVjZW5cx Bhn5/+kDxI9oVSVrMJQvXuIS7Rk858sKeg7zp5axYB4q62U+GGlCFLaFZW7RdhzP I9Wmz0EFQxHqriCDtUV1JfuQseIRAxDwN1CBhdCfU6iE0SSNQJngVgSpBf50L8Ka aU=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=mjN9abYOB+GOZJSR8WyUfxIT/i7VlBQg+7oEv6BgNqvbPowrGEyCs3fUhIZe muuMy4kW82msqv3L/uOnJkj+hz4Kmf6VgyY5yE2yxsewDiLNhnbmhgxo7 wS7zKygoG2tMdpRJ6+WHJKZwGV3fGK9T5jlbissfTXe4haZzUetrl8=;
X-MDAV-Processed: mail.consulintel.es, Sun, 19 Nov 2017 11:09:31 +0100
X-Spam-Processed: mail.consulintel.es, Sun, 19 Nov 2017 11:09:30 +0100
Received: from [10.10.10.133] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005629750.msg for <ipv6@ietf.org>; Sun, 19 Nov 2017 11:09:29 +0100
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:171119:md50005629750::W+14dh1CNKJmGVhl:00009zQZ
X-Return-Path: prvs=14962de760=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: ipv6@ietf.org
User-Agent: Microsoft-MacOutlook/f.27.0.171010
Date: Sun, 19 Nov 2017 07:50:28 +0000
Subject: Re: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: 6man WG <ipv6@ietf.org>
Message-ID: <F26580ED-62B8-401F-83F7-882A26678454@consulintel.es>
Thread-Topic: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]
References: <151090059151.22321.3357672601322845792.idtracker@ietfa.amsl.com> <E838C63E-7612-4AA4-9375-854C184D699E@gmail.com> <CAFU7BAQKoWPcEFQZgU3k_d0gUL4en6d2pyNq1V4RMNZ6HrSG8w@mail.gmail.com> <649be36e-5006-7688-448f-bc2794d6a39c@gmail.com> <CAN-Dau3o=YCRJi1PDdc=KeDn-n=CLyAKUdS-zj_dtWaUyHYY0w@mail.gmail.com>
In-Reply-To: <CAN-Dau3o=YCRJi1PDdc=KeDn-n=CLyAKUdS-zj_dtWaUyHYY0w@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/d7MQe1Xkkym-HNwrUG-fFpkAd4k>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Nov 2017 10:15:08 -0000

Agree with your analysis, but the problem I see is that many WiFi networks are very simple, even with high level of congestion, and they may not be able to apply such simple filters. Even home networks may have the same issues.

One way or the other, hosts get updated frequently, but switches, APs and L2 infrastructure don’t, even CEs or small routers in many hotspots don’t get updated.

Also, IPv4-only devices are typically never updated. For example, you buy today an IP camera, and is not easy to find one which is dual-stack. Of course, in this case the problem is different, because they will not work in a NAT64 IPv6-only network …

Because most of this traffic is created by laptops, tablets and smartphones that are the ones with frequently get updated, may be the ideal solution will be something in the stack, not relaying in the router update (so not relaying in RA, options, etc.), that automatically detects the lack of IPv4 support (trying to avoid fake DHCP servers), so they automatically stop sending any IPv4 traffic, or even using IPv4 link-local?

Regards,
Jordi
 

-----Mensaje original-----
De: ipv6 <ipv6-bounces@ietf.org>; en nombre de David Farmer <farmer@umn.edu>;
Responder a: <farmer@umn.edu>;
Fecha: sábado, 18 de noviembre de 2017, 22:07
Para: Brian E Carpenter <brian.e.carpenter@gmail.com>;
CC: 6man WG <ipv6@ietf.org>;
Asunto: Re: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]

    
    
    On Sat, Nov 18, 2017 at 1:59 PM, Brian E Carpenter <brian.e.carpenter@gmail.com>; wrote:
    
    
    Regards
       Brian Carpenter
    
    On 19/11/2017 03:39, Jen Linkova wrote:
    > Hi Bob,
    >
    > To be honest I'm not convinced that there is a real problem to be solved..
    > The draft says
    >
    > 'A mechanism is needed  to inform hosts that there is no IPv4 support
    > and that they should turn off IPv4.'
    > and it would be great to have more detailed problem statement IMHO...
    
    Indeed. If there is no serious problem, don't fix. What I seemed to hear
    in Singapore was that people weren't happy with just ignoring the small
    amount of residual IPv4 traffic on ietf-nat64 (about 1% in the measurement
    by Bob Hinden). However, from what I saw, most of it is layer 2 broadcast
    traffic, which is more of a burden for the infrastructure. We need to decide
    whether we care.
    
    (As to whether this belongs in 6man or sunset4, that's a secondary question.
    As for the other comments on this thread, I am too jet lagged to respond
    right now... later.)
    
         Brian
    
    
    
    Here is some analysis of the issues as I see them, hopefully this can help lead us toward a problem statement;
    
    I believe there are two separate issues here; 
    
    1. Security exposure; the inverse of the problems discussed in RFC7123, basically malicious or accidental IPv4 service. 
    2. Residual IPv4 traffic, especially broadcast traffic; DHCP solicits, IPv4-LL, ARP, service discovery, etc...
    
    There are several solutions available already;
    
    A. Filter Ethertypes 0x0800 and 0x806 altogether
    B. Rogue DHCP server filtering or DHCP snooping
    C. Proxy ARP 
    D. Service Discovery Proxy or Filtering
    
    How much of an actual problem the issues are and the efficacy of solutions depends on the type of network technology and the environment its used in;
    
    For wired networks, the residual IPv4 traffic, even the fact that it's mostly broadcast, isn't a significant issue.  The primary problem in here is the security exposure, and solution B is usually sufficient protection, but if that isn't, solution A will totally eliminate this risk.
    
    For WiFi networks it's a little more complicate; low density WiFi environments are similar to wired networks, the primary issue being the security exposure, with the same solutions, discussed above. However, there is an additional secondary issue, the residual IPv4 broadcast traffic could unnecessarily impact other devices, especially battery powered devices. Frequently, at least in enterprise WiFi networks, solutions C and D are implemented to reduce the impact of IPv4 broadcast traffic in operational WiFi networks, they will have the same effect on the residual IPv4 broadcast traffic in this case.  But, again solution A implemented within the WiFi network will totally eliminate both the security exposure and the impact of broadcast traffic on other devices.    
    
    However, the residual IPv4 traffic still consumes radio airtime, even if the WiFi network discards the traffic. In very high dentistry and therefore typically congested WiFi environments this unnecessary traffic only increase the over-the-air congestion. Furthermore, broadcast traffic in a WiFi networks consume more airtime that comparable unicast traffic (worst case as much as 300 times, but 10-50 times is very typical), increasing the impact of the residual IPv4 traffic that is mostly broadcast. Only a solution that keep hosts from generating the residual IPv4 traffic in the first place can help reduce over-the-air congestion in these environments. 
    
    
    Thanks
    
    -- 
    ===============================================
    David Farmer               Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
    Networking & Telecommunication Services
    Office of Information Technology
    University of Minnesota   
    2218 University Ave SE        Phone: 612-626-0815 <tel:(612)%20626-0815>
    Minneapolis, MN 55414-3029   Cell: 612-812-9952 <tel:(612)%20812-9952>
    =============================================== 
    
    
    --------------------------------------------------------------------
    IETF IPv6 working group mailing list
    ipv6@ietf.org
    Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    --------------------------------------------------------------------
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.