IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 09 May 2019 23:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45241120126 for <ipv6@ietfa.amsl.com>; Thu, 9 May 2019 16:11:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XmI-quGoYkZd for <ipv6@ietfa.amsl.com>; Thu, 9 May 2019 16:11:36 -0700 (PDT)
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 979211200DE for <ipv6@ietf.org>; Thu, 9 May 2019 16:11:36 -0700 (PDT)
Received: by mail-pg1-x52f.google.com with SMTP id z3so1968929pgp.8 for <ipv6@ietf.org>; Thu, 09 May 2019 16:11:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=lTPzWCBvaQ/u9HDs8vGSIloXzvmGhR02N3ogxkumjvM=; b=RuGclYZtdKT8l/J6NUSj7iFL0i4Dw5eB6o4RGk3by5uizqonjVxas67b3xANUXCfut LC0RyJ2/msZQujSwVyDwpHPeJopFQpHMMMBR8gncJcYkyiUdIaaLyYwYS0GXcEyGG0wO g9T/wjIoFJkJnTQAd35ZzRPA4R3At3wZMVt8KVeP/f0kJaX76nm50HqfRuAHh5Mb1DL4 XwEY/edBxrl+KSmXYmthPUvJ8XP/wLClO0v/SRkjnax1bA+GzTDZB3ur+vF63KmoCvV1 n8F+7CC2JlYd56JjjCDAUS1p0fayS4AR8oqMGkE4efDFnBY3+eQkl9vkZqrUG+6aU+uV EMVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=lTPzWCBvaQ/u9HDs8vGSIloXzvmGhR02N3ogxkumjvM=; b=hKQQ+EB34Q+M1fn8GRJlXAD1DeLmcZHXlvqzykKRmiQMnv+uJ3PdKQUw+fO9v7P/KA U8DjxlhDcE6NdDIKxFWhHJvFkOMw4mNbOd/TKrOhQee78+26jE9s98oJ8aMQmF/3mCMO LvKTF2PDf2iGToYTIWSro8q//+tIHkZ/GqJkzUBvTKb0xVynMNO2rJN76r+D84Vu0bfZ U80F11fboW9J2kWT+VpwlNy14kwqBAnz/FsyKqb/ptVgakg5PTS2bG9Q8Kz+igxEwWUL JnTVpNFP3M00uLvoh1Kq3JlP3xBg3nn8md0j60/Yvwlv6Z0d9TB9Arh+F2QawxLZMiWA ZWJQ==
X-Gm-Message-State: APjAAAXbwXbKsrQ5AZdg/2XdmXQ3kL7QzTzJKM1krU9Eexjs9UmCj+XT 2ZmR3oH1lOENXcNRDGUaQFs=
X-Google-Smtp-Source: APXvYqyH5sCW8gQEhCF7uQWzVUk/V3I/6DtpWOibkYNUBtCgU/tcw37n15hqmX6PQvztc+RaJAWZcQ==
X-Received: by 2002:a62:d205:: with SMTP id c5mr9075394pfg.219.1557443496051; Thu, 09 May 2019 16:11:36 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.72.205]) by smtp.gmail.com with ESMTPSA id x16sm4395560pff.30.2019.05.09.16.11.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 May 2019 16:11:35 -0700 (PDT)
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: David Farmer <farmer@umn.edu>
Cc: Fernando Gont <fernando@gont.com.ar>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <CAO42Z2zEWvt9NyemMb8H0AEvPvmNSDGa4wcXiS6n5yRxNFCHQg@mail.gmail.com> <c7e18765-be04-6494-8193-984dbccb520b@foobar.org> <CANMZLAYh+V57yrWOzmUyjSMK0g95u1D5_GZmyZBMOMKAZnrnCg@mail.gmail.com> <3F474511-6FE3-4A0A-9B84-7C37F08FBB5D@steffann.nl> <E352C226-C708-4418-BCDE-10525CAB109A@jisc.ac.uk> <652fb10e-b8ce-0151-a9a0-62d2378caed2@gmail.com> <0079c716-d56c-7199-f493-f5e56e1307ae@foobar.org> <b33de303-eaca-f7f6-804e-2c9343eb92a1@gmail.com> <6C4ABEF1-2565-4BA9-9FC5-5B3C45A719AD@gmail.com> <c2222416-6491-1906-a403-d012777a4b38@gmail.com> <CABNhwV0-SdKZqQa4z9jhpc8h1Eq=8UxRhtvHt1==BYEMTVRjug@mail.gmail.com> <96790121-7D50-4C6F-924F-87065B989E44@gmail.com> <ccab3694-54f2-bdd1-f8ac-cb159dbc0a81@gont.com.ar> <CAN-Dau0_w0n9C6grqi1bXAL-k239K7RMiQyhx5=c-Y_wqrV2OQ@mail.gmail.com> <20191d2e-32f3-a8e9-e3be-e67b326e3061@gmail.com> <CAN-Dau21yEap8P8TcXfTPPyFH6W9bJ7bWh6xZN-Guqba1_im4g@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <6a9dc032-335a-bdc1-2f2a-0123c68a41bd@gmail.com>
Date: Fri, 10 May 2019 11:11:32 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAN-Dau21yEap8P8TcXfTPPyFH6W9bJ7bWh6xZN-Guqba1_im4g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/vbhnTgApmlQxjRYHs2yYb6blME4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 23:11:38 -0000


Regards
   Brian Carpenter

On 10-May-19 04:47, David Farmer wrote:
> 
> 
> On Wed, May 8, 2019 at 5:30 PM Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> 
>     David,
> 
>     > A host that receives any RAs with the flag set to 1
> 
>     No! That must be
> 
>     A host that receives only RAs with the flag set to 1
> 
>     It is an absolute requirement that all routers must agree that the flag is 1, or else it has no effect.
> 
>     Otherwise I'm sympathetic to your rewrite, but I see little point in updating the draft until the WG Chair gives us a read-out on the rough consensus.
> 
> 
> Because with this flag now only being a secondary signal and the lack of any DHCPOFFERS is now the primary signal, 

That's been suggested, but not agreed. I'm reluctant to remove the requirement that all the default routers agree (in the case that there's more than one, of course), because disagreement signals that the network admins have screwed up somehow.

Fairly clearly, if a host observes DHCP(v4) traffic and also observes the IPv6-only flag, the flag loses. If the current wording isn't clear on that, we need changes such as Mikael or you have suggested. But I'm also reluctant to over-specify the heuristic that a host should apply, because different stack implementations are ... different.

    Brian

> it is safe to allow any RA set to 1 to trigger no longer auto-configuring an IPv4 Link-Local address, this only has an effect if the host also doesn't receive any DHCPOFFERS. So, if the host receives one RA with the flag set and one RA with the flag cleared, the host should continue sending DHCPDISCOVERS perodically and configure an IPv4 address if it gets any DHCPOFFER. However, if it never gets any DHCPOFFERS it should not auto-configure of an IPv4 Link-Local address, even though there are conflicting settings of this flag in the RAs.
> 
> This at least partially mitigates the malicious sending of an RA with the flag cleared on an IPv6-Only network, again the lack of DHCPOFFERS controls if the host configures an IPv4 address or not, this flag only says what to do if you don't receive any DHCPOFFERS and whether or not to continue sending periodic DHCPDISCOVERS. Further, you should only stop sending DHCPDISCOVERS if the flags in RAs received all agree.
> 
> Thanks.
> 
> -- 
> ===============================================
> David Farmer               Email:farmer@umn.edu <mailto:Email%3Afarmer@umn.edu>
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota  
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================

v2.23.0 | Report a Bug | By Email