RE: Running code (Was: I-D Action: draft-ietf-6man-ipv6only-flag-03.txt)

["Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>]

-----Original Message-----
From: Toerless Eckert <tte@cs.fau.de> 

> If as i suggested the flag really means to trust IPv6 routers more than
IPv4 routers (aka: don't do IPv4 even if some IPv4 router tells provides
DHCP addresses), then it would be an explicit mechanism for IPv6 to
superceed IPv4.

Except that contradicts the current draft wording. Which says, only if all default routers have the flag set, does it mean that the net admin doesn't appreciate IPv4 on the link. (And I still think that local IPv4 traffic is, and must, be completely legit, so that too needs to be stated explicitly.) IPv6 has added complexities of allowing multiple default routers to advertise, pick the best prefix for your needs. Which says to me, it is reasonable to think that IPv4 *is* allowed, across one or more of these default router choices, but not on those with the flag set.

> I would support that interpretation on the rough
estimate on my side that it simplifies policies and evolution. Without
that interpretation, you have more complex policies whom to trust
in an automatic way.

Agreed. It is "more complex," because any one flag set does not mean that IPv4 can't be used. For instance, as a simplest case, it is fair enough for my ISP to say, "I am not routing IPv4 over my network." It is not okay for my ISP to say, "You are not allowed to use your old HP printer."

So, IMO, the flag is not necessary. The ISP can simply not provide a default IPv4 router, not provide IPv4 DNS to resolve outside names, and that gives a less ambiguous message. A host should be able to do the right thing, under those circumstances, sans flag.

> The second interpretation is vs. this means to just not even try to
do DHCP to get global IPv4 addressing/router, or whether it means
to not do IPv4 at all, including no link-local multicast. IMHO both
options are valid and would best be indicated through two separate
flags.

Yes, and we can increase complexity that way. Or, hosts decide whether to start with IPv6, rather than creating more complexity in IPv6. And again, it's not the business of the net admin, if I want to have internal IPv4 available to me. Imagine the annoyance that would create, for the average user, who knows nothing about any flag. So, suddenly, after a router update the user is totally clueless about, his peripherals, or other equipment, don't work. Aaaargh!

> I don't think there is any way to achieve complete disablement of
ipv4 operations automatically without using some additional signaling
across non-IPv4. I think it would be cleaner to do this signaling at L2,
but given the overhead/politics of anything like that with IEEE, i think
its fine to have this signaling in IPv6. I don't think there is any
simpler/better way than at least one such flag.

Agreed on L2, but "complete disablement of IPv4" should be out of the question. That breaks things that do not need to be broken. If net admin doesn't route IPv4, fine and good. IMO, stop there.

Bert