IETF Logo Mail Archive

Re: you have running code ... I-D Action: draft-ietf-6man-ipv6only-flag-03.txt

Lee Howard <lee@asgard.org> Mon, 05 November 2018 06:06 UTC

Return-Path: <lee@asgard.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9531712D4E9 for <ipv6@ietfa.amsl.com>; Sun, 4 Nov 2018 22:06:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xISFd-zuSjDT for <ipv6@ietfa.amsl.com>; Sun, 4 Nov 2018 22:06:12 -0800 (PST)
Received: from atl4mhob14.registeredsite.com (atl4mhob14.registeredsite.com [209.17.115.52]) by ietfa.amsl.com (Postfix) with ESMTP id 464D612777C for <ipv6@ietf.org>; Sun, 4 Nov 2018 22:06:12 -0800 (PST)
Received: from mailpod.hostingplatform.com (atl4qobmail01pod6.registeredsite.com [10.30.71.209]) by atl4mhob14.registeredsite.com (8.14.4/8.14.4) with ESMTP id wA566AQ6012017 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <ipv6@ietf.org>; Mon, 5 Nov 2018 01:06:10 -0500
Received: (qmail 23149 invoked by uid 0); 5 Nov 2018 06:06:10 -0000
X-TCPREMOTEIP: 49.248.225.53
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?100.77.55.205?) (lee@asgard.org@49.248.225.53) by 0 with ESMTPA; 5 Nov 2018 06:06:09 -0000
Subject: Re: you have running code ... I-D Action: draft-ietf-6man-ipv6only-flag-03.txt
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, ipv6@ietf.org
References: <153973137181.9473.10666616544238076833@ietfa.amsl.com> <6264F7A1-59EB-467D-A576-E5F2F0DEE7DD@lists.zabbadoz.net> <CACWOCC-xL0PfkNHgCqhB28GE-jCWUUagQE4PukdpXK+YHgWpyg@mail.gmail.com> <97ba35ff-b4a7-314c-3010-297d06be645d@foobar.org> <01c2a55e-1888-3ebc-3252-11b9005b8272@gmail.com> <0abd7b4d-b0e0-b1bc-2468-678befbc7cac@asgard.org> <3e155df0-5799-8788-5fbe-767a7421828c@gmail.com> <18646396-e3f7-b9ad-3871-69868468859a@asgard.org> <d080497b-4f39-b877-1524-f23d9b1446e0@gmail.com>
From: Lee Howard <lee@asgard.org>
Message-ID: <95654922-acd1-3cb3-c650-942c97e3cc85@asgard.org>
Date: Mon, 05 Nov 2018 11:36:04 +0530
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <d080497b-4f39-b877-1524-f23d9b1446e0@gmail.com>
Content-Type: multipart/alternative; boundary="------------1BA9841FF75F6A3C5E1B77C6"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hfmW30-DbDlt8KadyBeMsxt3zsc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 06:06:15 -0000

On 11/4/18 2:45 AM, Brian E Carpenter wrote:
> On 2018-11-04 00:35, Lee Howard wrote:
>>
>>>> If a network administrator wants central control over IPv4/IPv6
>>>> enablement in hosts, there are better, more centralized tools for that.
>>>> As a principle, host behavior should be managed by host management
>>>> tools, and not by hints from a router.
>>> I'm not sure how that can work on a BYOD network. On a fully managed network,
>>> sure, we could "easily" invent a solution.
>> Taken all-in-all, then, the use case for this flag is a network where
>> the administrator:
>>
>> 1. does not know what's on the network,
> May not know what's on the link, or does not have management access
> to some devices on the link, or does not have policy control over
> some devices on the link. There are many such networks.
>
>> 2. expects that there are some applications using IPv4,
> I don't see that. The admin has decided that there are no IPv4
> services on the link - presumably no DHCPv4, no DNS over IPv4,
> no IPv4 routing. Whether or not some hosts contain IPv4 applications
> isn't necessarily known to the admin.

If there are no IPv4 services, there is nothing to turn off using this flag.


>
>> 3. understands that IPv4 will continue to work locally, 3b. except for
>> dual-stack hosts that honor the flag,
> It might be fairer to say that the admin doesn't care whether
> IPv4 works locally, but has decided to announce to everybody that
> there are no IPv4 services on the link, knowing that only 3b hosts
> will understand the announcement.
>
> (The fact that RAs are universal, whereas other possible mechanisms
> such as DHCPv6 or NETCONF are not, is relevant here.)

Okay, "understands that IPv4 will continue to work locally if enabled on 
hosts."

>> 4. understands that applications may have already negotiated IPv4
>> connectivity,
> Again - doesn't care.

The document says:

Administrators MUST only use this mechanism if they are certain that
    the link is IPv6-Only.  For example, in cases where there is a need
    to continue to use IPv4, when there are intended to be IPv4-only
    hosts or IPv4 routers on the link, setting this flag to 1 is a
    configuration error.

"certain that the link is IPv6-Only" is not the same as "doesn't care if 
there are residual IPv4 connections."


>
>> 5. desires to break communications for 3b and 4,
> Again - doesn't care.

The flag is specifically to disable connectivity through IPv4. If you 
don't care about IPv4, you don't set the flag.


>
>> and prevent IPv4
>> Internet access.
> Yes, that's the primary decision. Of course, the assumption is that
> IPv6-only access to the Internet is necessary and sufficient.
>
>> It's not just that administrator accepts that 3b and 4 won't work, but
>> as you said above, "The admin will presumably be happy with this result."
> Or doesn't care.

If she didn't care, she wouldn't set the flag. This administrator is 
intentionally setting the flag for one or more of the reasons given in 
the Introduction.

>> This seems to me a very narrow application.
> It's certainly directed at a specific (and future) phase of history, when
> IPv6-only is viable and IPv4 has not yet faded into oblivion. How many
> links for how many years would be in that phase is an open question.
>
> As the draft recognizes, there are other mechanisms available too.
> What strikes me as unique about this mechanism is simply that *every*
> dual stack host receives and understands RAs; this is our only way
> of getting a bit to every single dual stack device. That's not
> narrow, IMHO.

The number of cases where IPv4 might exist and an administrator wants to 
shut it down and has no other tools seems narrow to me. While I agree 
that all dual-stack hosts understand RAs, that doesn't mean they all 
understand this flag. I have counted zero host operating system 
implementers who have said they will take action on this flag, but check 
my math.

In a desire to be constructive, I think we had talked earlier about 
defining the flag to mean, "I have no IPv4 routes." That might be useful 
information for a host, letting it decide whether it needs IPv4 locally 
(or has another IPv4 route), and disable appropriately.

Lee

>
>       Brian
>
>

v2.23.0 | Report a Bug | By Email