Re: Running code (Was: I-D Action: draft-ietf-6man-ipv6only-flag-03.txt)

[Simon Hobson <linux@thehobsons.co.uk>]

Manfredi (US), Albert E <albert.e.manfredi@boeing.com> wrote:

> I will mostly assume that L2 filtering is NOT available, since that was stipulated as an extra obstacle. Your host device has a link to a destination. It tries to reach that link. Chances are, mDNS won’t have the address of any destination outside of this admin domain, but either way, a network which does not support IPv4 will not provide IPv4 addresses. No IPv4 address from mDNS or regular DNS, no further IPv4 attempt by the host device.

You've missed the fact that most nodes these days will autoconfigure a link-local IPv4 address. So "no address = no protocol" doesn't work. "no address (other than link-local) = no protocol" doesn't work either as it would break any network using link-local addressing - they do exist.

>> Desired result - on a network that is, by the subjective criteria decided on by the network operator/admin, IPv6 only; you disable IPv4 and don't try sending IPv4 packets.
> 
> Not even the flag will achieve this "desired result." As I said, IPv4 islands are always permissible (plug in your own switch(es)), and, you have no idea whether someone will plug in some older IPv4-only device. Only L2 filtering will truly disable IPv4 from the nodes controlled by the net admin. Having the hosts alone make that IPv6-only determination is, in fact, very close to the best you can do with a flag.

It's accepted that if devices ignore the flag then they can still play around in IPv4 link-local space - but that's not the intent of the flag. The flag is to inform nodes that IPv4 isn't supported on the network and so they can disable the protocol, saving battery (and probably memory) as well).

> Plus, it is possible to give the user a setting, such as many settings already are:
> 
> 1. Allow host to use IPv6 and IPv4 (recommended - default)
> 
> 2. Use only IPv6.

A setting for it is not practical for a number of reasons. Firstly, it will need to be changed when the user moves between different networks, secondly in most of the scenarios talked about, the user device is unknown to and the network operator and not managed by them. The aim is to be able to give the devices a flag which will **relliably** and **automatically** tell them that they can save the resources they'd otherwise expend on IPv4 operations.

I'm afraid I still see vague hand waving that implies trying stuff and if it doesn't work then adjusting stuff. That's either manual (yeah, forget that) or it's prone to problems. Apart from the acknowledged attack vector to IPv4 only networks, using an RA flag as suggested will be quite reliable and deterministic.