Re: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Sun, 19 November 2017 10:15 UTC
Return-Path: <prvs=14962de760=jordi.palet@consulintel.es>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BEE61243F6 for <ipv6@ietfa.amsl.com>; Sun, 19 Nov 2017 02:15:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyZjT0ZzA0sb for <ipv6@ietfa.amsl.com>; Sun, 19 Nov 2017 02:15:05 -0800 (PST)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94A421200C1 for <ipv6@ietf.org>; Sun, 19 Nov 2017 02:15:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1511086172; x=1511690972; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=QJ1IO4VxZAgTt8M3c6TPMrYek uOeK5gR+SkpSDY007U=; b=NOQiHK/z8TK1EadYuErQQi0dZqXVoU6cxzVjZW5cx Bhn5/+kDxI9oVSVrMJQvXuIS7Rk858sKeg7zp5axYB4q62U+GGlCFLaFZW7RdhzP I9Wmz0EFQxHqriCDtUV1JfuQseIRAxDwN1CBhdCfU6iE0SSNQJngVgSpBf50L8Ka aU=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=mjN9abYOB+GOZJSR8WyUfxIT/i7VlBQg+7oEv6BgNqvbPowrGEyCs3fUhIZe muuMy4kW82msqv3L/uOnJkj+hz4Kmf6VgyY5yE2yxsewDiLNhnbmhgxo7 wS7zKygoG2tMdpRJ6+WHJKZwGV3fGK9T5jlbissfTXe4haZzUetrl8=;
X-MDAV-Processed: mail.consulintel.es, Sun, 19 Nov 2017 11:09:31 +0100
X-Spam-Processed: mail.consulintel.es, Sun, 19 Nov 2017 11:09:30 +0100
Received: from [10.10.10.133] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005629750.msg for <ipv6@ietf.org>; Sun, 19 Nov 2017 11:09:29 +0100
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:171119:md50005629750::W+14dh1CNKJmGVhl:00009zQZ
X-Return-Path: prvs=14962de760=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: ipv6@ietf.org
User-Agent: Microsoft-MacOutlook/f.27.0.171010
Date: Sun, 19 Nov 2017 07:50:28 +0000
Subject: Re: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: 6man WG <ipv6@ietf.org>
Message-ID: <F26580ED-62B8-401F-83F7-882A26678454@consulintel.es>
Thread-Topic: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt]
References: <151090059151.22321.3357672601322845792.idtracker@ietfa.amsl.com> <E838C63E-7612-4AA4-9375-854C184D699E@gmail.com> <CAFU7BAQKoWPcEFQZgU3k_d0gUL4en6d2pyNq1V4RMNZ6HrSG8w@mail.gmail.com> <649be36e-5006-7688-448f-bc2794d6a39c@gmail.com> <CAN-Dau3o=YCRJi1PDdc=KeDn-n=CLyAKUdS-zj_dtWaUyHYY0w@mail.gmail.com>
In-Reply-To: <CAN-Dau3o=YCRJi1PDdc=KeDn-n=CLyAKUdS-zj_dtWaUyHYY0w@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/d7MQe1Xkkym-HNwrUG-fFpkAd4k>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Nov 2017 10:15:08 -0000
Agree with your analysis, but the problem I see is that many WiFi networks are very simple, even with high level of congestion, and they may not be able to apply such simple filters. Even home networks may have the same issues. One way or the other, hosts get updated frequently, but switches, APs and L2 infrastructure don’t, even CEs or small routers in many hotspots don’t get updated. Also, IPv4-only devices are typically never updated. For example, you buy today an IP camera, and is not easy to find one which is dual-stack. Of course, in this case the problem is different, because they will not work in a NAT64 IPv6-only network … Because most of this traffic is created by laptops, tablets and smartphones that are the ones with frequently get updated, may be the ideal solution will be something in the stack, not relaying in the router update (so not relaying in RA, options, etc.), that automatically detects the lack of IPv4 support (trying to avoid fake DHCP servers), so they automatically stop sending any IPv4 traffic, or even using IPv4 link-local? Regards, Jordi -----Mensaje original----- De: ipv6 <ipv6-bounces@ietf.org> en nombre de David Farmer <farmer@umn.edu> Responder a: <farmer@umn.edu> Fecha: sábado, 18 de noviembre de 2017, 22:07 Para: Brian E Carpenter <brian.e.carpenter@gmail.com> CC: 6man WG <ipv6@ietf.org> Asunto: Re: problem statement [was Re: New Version Notification for draft-hinden-ipv4flag-00.txt] On Sat, Nov 18, 2017 at 1:59 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: Regards Brian Carpenter On 19/11/2017 03:39, Jen Linkova wrote: > Hi Bob, > > To be honest I'm not convinced that there is a real problem to be solved.. > The draft says > > 'A mechanism is needed to inform hosts that there is no IPv4 support > and that they should turn off IPv4.' > and it would be great to have more detailed problem statement IMHO... Indeed. If there is no serious problem, don't fix. What I seemed to hear in Singapore was that people weren't happy with just ignoring the small amount of residual IPv4 traffic on ietf-nat64 (about 1% in the measurement by Bob Hinden). However, from what I saw, most of it is layer 2 broadcast traffic, which is more of a burden for the infrastructure. We need to decide whether we care. (As to whether this belongs in 6man or sunset4, that's a secondary question. As for the other comments on this thread, I am too jet lagged to respond right now... later.) Brian Here is some analysis of the issues as I see them, hopefully this can help lead us toward a problem statement; I believe there are two separate issues here; 1. Security exposure; the inverse of the problems discussed in RFC7123, basically malicious or accidental IPv4 service. 2. Residual IPv4 traffic, especially broadcast traffic; DHCP solicits, IPv4-LL, ARP, service discovery, etc... There are several solutions available already; A. Filter Ethertypes 0x0800 and 0x806 altogether B. Rogue DHCP server filtering or DHCP snooping C. Proxy ARP D. Service Discovery Proxy or Filtering How much of an actual problem the issues are and the efficacy of solutions depends on the type of network technology and the environment its used in; For wired networks, the residual IPv4 traffic, even the fact that it's mostly broadcast, isn't a significant issue. The primary problem in here is the security exposure, and solution B is usually sufficient protection, but if that isn't, solution A will totally eliminate this risk. For WiFi networks it's a little more complicate; low density WiFi environments are similar to wired networks, the primary issue being the security exposure, with the same solutions, discussed above. However, there is an additional secondary issue, the residual IPv4 broadcast traffic could unnecessarily impact other devices, especially battery powered devices. Frequently, at least in enterprise WiFi networks, solutions C and D are implemented to reduce the impact of IPv4 broadcast traffic in operational WiFi networks, they will have the same effect on the residual IPv4 broadcast traffic in this case. But, again solution A implemented within the WiFi network will totally eliminate both the security exposure and the impact of broadcast traffic on other devices. However, the residual IPv4 traffic still consumes radio airtime, even if the WiFi network discards the traffic. In very high dentistry and therefore typically congested WiFi environments this unnecessary traffic only increase the over-the-air congestion. Furthermore, broadcast traffic in a WiFi networks consume more airtime that comparable unicast traffic (worst case as much as 300 times, but 10-50 times is very typical), increasing the impact of the residual IPv4 traffic that is mostly broadcast. Only a solution that keep hosts from generating the residual IPv4 traffic in the first place can help reduce over-the-air congestion in these environments. Thanks -- =============================================== David Farmer Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 <tel:(612)%20626-0815> Minneapolis, MN 55414-3029 Cell: 612-812-9952 <tel:(612)%20812-9952> =============================================== -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
- Fwd: New Version Notification for draft-hinden-ip… Bob Hinden
- Re: New Version Notification for draft-hinden-ipv… JORDI PALET MARTINEZ
- Re: Fwd: New Version Notification for draft-hinde… Fernando Gont
- Re: Fwd: New Version Notification for draft-hinde… Brian E Carpenter
- Re: New Version Notification for draft-hinden-ipv… Bob Hinden
- Re: New Version Notification for draft-hinden-ipv… David Farmer
- Re: New Version Notification for draft-hinden-ipv… Simon Perreault
- Re: Fwd: New Version Notification for draft-hinde… Nick Hilliard
- Re: New Version Notification for draft-hinden-ipv… JORDI PALET MARTINEZ
- Re: Fwd: New Version Notification for draft-hinde… Michael Richardson
- Re: New Version Notification for draft-hinden-ipv… james woodyatt
- Re: New Version Notification for draft-hinden-ipv… Bob Hinden
- Re: New Version Notification for draft-hinden-ipv… james woodyatt
- Re: New Version Notification for draft-hinden-ipv… Bob Hinden
- Re: New Version Notification for draft-hinden-ipv… Lorenzo Colitti
- Re: New Version Notification for draft-hinden-ipv… Simon Hobson
- Re: New Version Notification for draft-hinden-ipv… Lorenzo Colitti
- Re: New Version Notification for draft-hinden-ipv… Erik Kline
- Re: New Version Notification for draft-hinden-ipv… Nick Hilliard
- Re: New Version Notification for draft-hinden-ipv… Tim Chown
- Re: New Version Notification for draft-hinden-ipv… Erik Kline
- Re: New Version Notification for draft-hinden-ipv… Jen Linkova
- Re: Fwd: New Version Notification for draft-hinde… Fernando Gont
- Re: New Version Notification for draft-hinden-ipv… Fernando Gont
- problem statement [was Re: New Version Notificati… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… Christian Huitema
- Re: problem statement [was Re: New Version Notifi… Simon Hobson
- Re: problem statement [was Re: New Version Notifi… David Farmer
- Re: problem statement [was Re: New Version Notifi… JORDI PALET MARTINEZ
- Re: problem statement [was Re: New Version Notifi… Simon Hobson
- Re: problem statement [was Re: New Version Notifi… Lorenzo Colitti
- Re: problem statement [was Re: New Version Notifi… Nick Hilliard
- Re: New Version Notification for draft-hinden-ipv… Mikael Abrahamsson
- Re: problem statement [was Re: New Version Notifi… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… Simon Hobson
- Re: problem statement [was Re: New Version Notifi… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… Nick Hilliard
- Re: problem statement [was Re: New Version Notifi… David Farmer
- Re: problem statement [was Re: New Version Notifi… Michael Richardson
- Re: problem statement [was Re: New Version Notifi… Lorenzo Colitti
- Re: problem statement [was Re: New Version Notifi… Lorenzo Colitti
- Re: New Version Notification for draft-hinden-ipv… Lorenzo Colitti
- Re: problem statement [was Re: New Version Notifi… Jen Linkova
- Re: problem statement [was Re: New Version Notifi… Lorenzo Colitti
- Re: problem statement [was Re: New Version Notifi… Mikael Abrahamsson
- Re: problem statement [was Re: New Version Notifi… Alexandre Petrescu
- Re: problem statement [was Re: New Version Notifi… Alexandre Petrescu
- Re: problem statement [was Re: New Version Notifi… Alejandro Acosta
- Re: problem statement [was Re: New Version Notifi… Nick Hilliard
- Re: Fwd: New Version Notification for draft-hinde… Brian E Carpenter
- Re: Fwd: New Version Notification for draft-hinde… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… Mikael Abrahamsson
- Re: problem statement [was Re: New Version Notifi… Ole Troan
- Re: problem statement [was Re: New Version Notifi… Mikael Abrahamsson
- Re: problem statement [was Re: New Version Notifi… David Farmer
- Re: problem statement [was Re: New Version Notifi… Nick Hilliard
- Re: problem statement [was Re: New Version Notifi… Mikael Abrahamsson
- Re: problem statement [was Re: New Version Notifi… Lorenzo Colitti
- Re: problem statement [was Re: New Version Notifi… Michael Richardson
- Re: problem statement [was Re: New Version Notifi… Alexandre Petrescu
- RE: problem statement [was Re: New Version Notifi… Manfredi, Albert E
- Re: problem statement [was Re: New Version Notifi… Nick Hilliard
- Re: problem statement [was Re: New Version Notifi… Erik Kline
- Re: problem statement [was Re: New Version Notifi… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… Nick Hilliard
- Re: problem statement [was Re: New Version Notifi… Fred Baker
- Re: problem statement [was Re: New Version Notifi… David Farmer
- Re: problem statement [was Re: New Version Notifi… Brian E Carpenter
- Re: problem statement [was Re: New Version Notifi… David Farmer
- Re: problem statement [was Re: New Version Notifi… Lorenzo Colitti
- Re: New Version Notification for draft-hinden-ipv… james woodyatt
- Re: New Version Notification for draft-hinden-ipv… james woodyatt