IETF Logo Mail Archive

Re: [v6ops] LAN behavior when there's no IPv4 Internet access

Fred Baker <fredbaker.ietf@gmail.com> Fri, 08 September 2017 19:23 UTC

Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6168E1320C9 for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 12:23:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79WndsCPr5qA for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 12:23:20 -0700 (PDT)
Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 049E1126DD9 for <v6ops@ietf.org>; Fri, 8 Sep 2017 12:23:16 -0700 (PDT)
Received: by mail-wr0-x22d.google.com with SMTP id o42so6200856wrb.3 for <v6ops@ietf.org>; Fri, 08 Sep 2017 12:23:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DEAx7YUPN9/REPcBwWyAkPMgc35z7aNIR7esFwenry0=; b=RjYTs6WkyGYE9tMRsjZoyjWHBKEnI9A9mutGz4EaISiS3WUq/WhQUPrRIk6kM29Kpk dBTCpEpQCRkwnwbLNRQhpFZ4febERTRBhojx+2l0+SfPjrYkXG/BI/4gcqCIpHwQR1wX hPzwR52qC2zlUwlvReNr2chu30mgTNWae7tEJztMcMspqdgyTB5wIKnp0WhgB1U4Agvd ZEHgXg3JyQCgGO2s1DMBIftC/ajxEW6SYWZM5Iuvc4+ShoxuGsEiVuYVIyleqAs6eExn 5KBhGMD/yJgdjohiFdqrXawGNef4ZZwI05qtrgLESkUmFUKtoJHYyqDTg22Zoy9OuYLD abPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DEAx7YUPN9/REPcBwWyAkPMgc35z7aNIR7esFwenry0=; b=Apc7CW1I3WZdd7XezfFYmU7bJaMGlRe3RlckQPbfOkIU9CbRRP8gCXQkyQ357hBWk2 qBUHFPX6i2hMXLTuDD/sbS7rSdzLg8E3AHMl8qPPsLy/yTawVSz6f2u1cbiuDjIUe32C 0CCVem/SrlaZRiZTci/QMTlogKU8yYHtoAJLcWteNPv/WP1NzUQ2KJ6vsfV5nch+coJu e45S2T3U1JD2lX1P5eKqzxQfxcT/qHEDjhL80Fm6K42pHI4ONq6XMyhbzwY6/IKq5f1D Gk0qM4ij2L2J9vmc3ohDrKCcqoO5SI8N1TVhwXJMDRHsJCdzglk5/Dcwb+PvAI77voAm zCVg==
X-Gm-Message-State: AHPjjUhJS9XWMnW0Z2j5juOakSK7r+HqVV+AggBbW+J/EDJyMUVmsmKP wjRpurCzXiApww==
X-Google-Smtp-Source: ADKCNb61/FrUC8lDg2k/pKgWROUXNoOwRhb08NVpb08CXegovzsziQWU0t25tNkF9RbXbNYKoyWikw==
X-Received: by 10.223.163.154 with SMTP id l26mr2950177wrb.42.1504898594296; Fri, 08 Sep 2017 12:23:14 -0700 (PDT)
Received: from ?IPv6:2601:646:c005:a10:7064:f9a7:6905:c94f? ([2601:646:c005:a10:7064:f9a7:6905:c94f]) by smtp.gmail.com with ESMTPSA id s196sm3441417wmb.6.2017.09.08.12.23.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Sep 2017 12:23:13 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.6\))
From: Fred Baker <fredbaker.ietf@gmail.com>
In-Reply-To: <D5D85166.8551D%lee@asgard.org>
Date: Fri, 08 Sep 2017 12:23:10 -0700
Cc: v6ops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <90BCC38D-5B70-40EB-ACD5-925BA94C4A22@gmail.com>
References: <D5D82706.854F4%lee@asgard.org> <F4BC2429-579E-40BB-9F22-36BE07EAEF45@gmail.com> <D5D85166.8551D%lee@asgard.org>
To: Lee Howard <Lee@asgard.org>
X-Mailer: Apple Mail (2.3445.1.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/0VJ5FTFIXA7d1ZdIN5j_SQ2huFw>
Subject: Re: [v6ops] LAN behavior when there's no IPv4 Internet access
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 19:23:22 -0000


> On Sep 8, 2017, at 11:03 AM, Lee Howard <Lee@asgard.org> wrote:
> 
> 
> 
> On 9/8/17, 12:56 PM, "Fred Baker" <fredbaker.ietf@gmail.com> wrote:
> 
>> Dumb question: is it necessary, when there is a network in which IPv4 is
>> disabled, to say that it is disabled? What does that accomplish?
> 
> Debatable, but some use cases are implied by the problems documented in
> the draft.
> 
>> 
>> From my perspective, if the DHCP server is disabled from an IPv4
>> perspective, it will stop responding to requests for an IPv4 address.
>> Hosts can then build IPv4 link-local addresses if they choose, and
>> communicate using them, but IPv4 will have no network services. Either
>> IPv6 works or the network doesn't work for IPv4 traffic.
> 
> Should a home gateway that doesn’t have an IPv4 WAN address still act as a
> DHCP server?

The question isn't whether some other world uses IPv4, it's whether there is a need for an IPv4 DHCP server inside the home. I don't know that having or not having an address on the WAN interface tells me that. I might have an IPv4 address on the WAN interface and not want to use it from inside the home, and I might not have such an address but need to use IPv4 on the LAN interface. I don't see any reason to presume that the WAN interface tells me anything about the LAN interface.

I would say "yes". The reason is that within the home, IPv4 may still be in use, and 169.254.x.x addresses may not serve it's purposes. The obvious examples of reasons are legacy devices that haven't been replaced/upgraded yet. 

> Some clients interpret a lack of DHCP response as an indication that the
> network is down, even if they have IPv6. Or so it is alleged; I have not
> tested it myself.


> How often does a DHCP client send Discover messages?
> How much ARP traffic is on a network?
> Do we need a way to mute this traffic, or do we just have to wait until
> device manufacturers decide to stop including IPv4 in their devices?

I don't know that *WE* need to think about this. Ripping functionality out of software is often difficult and error-prone. A vendor is unlikely to literally remove IPv4 capabilities; he's far more likely to rewrite the technology and not include it, or provide a way to turn it off (such as never sending a DHCP request because IPv4 is "manually configured"). What if they *NEVER* actually remove it, but everybody stops using it?

>> My thought is that we don't have a way to say "IPv6 is disabled here";
>> either IPv6 works or it doesn't. I don't quite see what is really
>> different when the shoe is on the other foot.
> 
> Assumptions (and therefore defaults) change depending on where you start.
> Most people still assume IPv4, even if they also assume IPv6.



> Lee
> 
> 
>> 
>>> On Sep 8, 2017, at 7:52 AM, Lee Howard <Lee@asgard.org> wrote:
>>> 
>>> Thank you all for the discussion of covering the gaps identified in
>>> draft-ietf-sunset4-gapanalysis. In particular, I think many of the gaps
>>> are resolved with the revision of rfc6555 Happy Eyeballs.
>>> 
>>> I wonder, though, what should be the expected behavior of a stub
>>> network when there is no IPv4 Internet access?
>>> 
>>> My current thinking is that the Internet gateway (IGD, Customer Premise
>>> Router CPR, home gateway, etc.):
>>> 	• May still route between multiple segments of the site network, and
>>> therefore should be the IPv4 default gateway for those segments.
>>> 	• Only knows whether native IPv4 is available. It may not be aware of
>>> NAT64 or other transition mechanisms where it’s not involved.
>>> So, islands of IPv4 are probable, and that’s okay. Do we need a
>>> document responding to gapanalysis that says so? Do we need to work out
>>> how to know when it’s possible to disable IPv4 completely in a
>>> heterogenous unmanaged site network? Or do we need to sit on these
>>> problems for several more years and wait for IPv4 to become unused in
>>> many networks before we can deal with the gaps?
>>> 
>>> For reference, here’s the relevant section of sunset4-gapanalysis:
>>> 3.1.  Indicating that IPv4 connectivity is unavailable
>>> 
>>>   PROBLEM 1:  When an IPv4 node boots and requests an IPv4 address
>>>               (e.g., using DHCP), it typically interprets the absence
>>>               of a response as a failure condition even when it is not.
>>> 
>>>   PROBLEM 2:  Home router devices often identify themselves as default
>>>               routers in DHCP responses that they send to requests
>>>               coming from the LAN, even in the absence of IPv4
>>>               connectivity on the WAN.
>>> 
>>> 3.2.  Disabling IPv4 in the LAN
>>> 
>>>   PROBLEM 3:  IPv4-enabled hosts inside an IPv6-only LAN can auto-
>>>               configure IPv4 addresses [RFC3927] and enable various
>>>               protocols over IPv4 such as mDNS [RFC6762] and LLMNR
>>>               [RFC4795].  This can be undesirable for operational or
>>>               security reasons, since in the absence of IPv4, no
>>>               monitoring or logging of IPv4 will be in place.
>>> 
>>>   PROBLEM 4:  IPv4 can be completely disabled on a link by filtering it
>>>               on the L2 switching device.  However, this may not be
>>>               possible in all cases or may be too complex to deploy.
>>>               For example, an ISP is often not able to control the L2
>>>               switching device in the subscriber home network.
>>> 
>>>   PROBLEM 5:  A host with only Link-Local IPv4 addresses will "ARP for
>>>               everything", as described in Section 2.6.2 of [RFC3927].
>>>               Applications running on such a host connected to an
>>>               IPv6-only network will believe that IPv4 connectivity is
>>>               available, resulting in various bad or sub-optimal
>>>               behavior patterns.  See
>>>               [I-D.yourtchenko-ipv6-disable-ipv4-proxyarp] for further
>>>               analysis.
>>> 
>>>   Some of these problems were described in [RFC2563], which
>>>   standardized a DHCP option to disable IPv4 address auto-
>>>   configuration.  However, using this option requires running an IPv4
>>>   DHCP server, which is contrary to the goal of IPv4 sunsetting.
>>> 
>>> 
>>> Thanks for discussion,
>>> Lee
>>> 
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
>> 
> 
>

v2.23.0 | Report a Bug | By Email