IETF Logo Mail Archive

Re: [v6ops] DHCP Option 108 Issue with Mac and iOS devices

Ted Lemon <mellon@fugue.com> Thu, 21 December 2023 16:38 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D83A6C14CEE3 for <v6ops@ietfa.amsl.com>; Thu, 21 Dec 2023 08:38:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VeF79wqM9X7Y for <v6ops@ietfa.amsl.com>; Thu, 21 Dec 2023 08:38:05 -0800 (PST)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A925AC14F616 for <v6ops@ietf.org>; Thu, 21 Dec 2023 08:38:05 -0800 (PST)
Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-67f6729a57fso15646706d6.1 for <v6ops@ietf.org>; Thu, 21 Dec 2023 08:38:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1703176684; x=1703781484; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=u6NVl6wh/eBhFz3zfMq3Rh/PtrOpB3JnZxtPVvBRwmw=; b=QMO3S2S4KEazf8wqDjK440X36/by/OfAEtBVVB1cUNBZCiTZyNwnBMPWn6KwNzPeMM /XlE0wI/EKUMFaPZRgjjuMPVg/hxDEzNpUMesk6ZNn3P2VpAlCehv3FHhN6DJSuc5e9K I1vxgfM5Phswc6jLywJ6u2wT2Qx3GOVEmThtr/x+YcjExe4ZTcOtCMrMOEa9lbe+UDtO UC2p+Ndnb0Sz7+UjYtUPCDJ2i7BKxjnZSf8hT76QXtg+vnELP3ZcLhPOKPClEh1n6VlG U/QPunV4BIEnedinrc+BoBAUGvKINYdL56+1r58QvF+Sg+VQptEWzDXR1b/9VIr4qrH8 jetQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703176684; x=1703781484; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u6NVl6wh/eBhFz3zfMq3Rh/PtrOpB3JnZxtPVvBRwmw=; b=GqvDvXYtJ0tqi6JwVbZn9Tcg2kn/GERC6t9mpP3NeTCk7nnP3cTCR0B7mGWTkqmDde XnHA219KMu7cbuSnuPsuBZ1oCL7wbP+8E8C/W8gP+bpCq2LRptkEv+hrq1vxD6KAxvTW fnJHca28XJOm2YuA530bVggAbPQu5jRDMNUsdWp/AW9y2nqEkOOMIsIz8AzTeLrJGRv6 wIEhhqlZkWzGRBBKzxqW3TseQLYZK3j7rA2GTBzIMZC7XIdM2y/eqfngpMnSmqLS3VBb bRUyBhajtwfwkE+YgJT827Xtm+xppYg06WyD8VTm7FWAm7Ubscmdjk24hk+p0t7x5Q3S AnkA==
X-Gm-Message-State: AOJu0YwWk7+fE610VofTMVBiknEvpTIYFbA5znunWBzdWJrOHLLJKbaU rPW+gCaY4dBc4D/+14DPD8Msw1rdbpGlqN0ksRt6kWNb0iQ/qQ==
X-Google-Smtp-Source: AGHT+IHZZx1zuHpmI84ZQJhTuYBvI2Or5rFj2WG5EN3CmcxS3IzesYzXEIEadUxcO1qNLbticftx8XreXVC4ekS3lqs=
X-Received: by 2002:a05:6214:413:b0:67f:49e5:9711 with SMTP id z19-20020a056214041300b0067f49e59711mr1304044qvx.53.1703176684441; Thu, 21 Dec 2023 08:38:04 -0800 (PST)
MIME-Version: 1.0
References: <CAPt1N1mnHJG+-xQexXCBLQZW7+Ya02vkTeYwM-WGrh8XDi3yJw@mail.gmail.com> <306522A8-5D55-41AC-AB64-FDCDFAAAEB9C@employees.org>
In-Reply-To: <306522A8-5D55-41AC-AB64-FDCDFAAAEB9C@employees.org>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 21 Dec 2023 11:37:28 -0500
Message-ID: <CAPt1N1mWL_CzjaPGddcX3Ge_q9gj9J2zR_yVa9vwb6VKb-+Wcw@mail.gmail.com>
To: Ole Trøan <otroan@employees.org>
Cc: Ole Troan <otroan=40employees.org@dmarc.ietf.org>, v6ops@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004426f6060d07b9bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/0sw1mHFH7kZwLZgKdMRzsxHQ7dA>
Subject: Re: [v6ops] DHCP Option 108 Issue with Mac and iOS devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2023 16:38:07 -0000

These feel like really unlikely hypotheticals. I think we could safely wait
until such a thing happened, but I don't think it will happen—this would be
a weird default configuration for a vendor to provide. I agree that network
operators don't know the details of every implementation; that's why we
have careful rollouts of new behavior. I think Jen's work in this area has
been exemplary, and I think the work done by the other folks here rolling
out v6-mostly in conference networks has also been really helpful in
surfacing issues. So I don't think we need to go looking for hypothetical
problems that could occur if somebody who ought to know better did
something silly.

On Thu, Dec 21, 2023 at 11:02 AM Ole Trøan <otroan@employees.org> wrote:

>
>
> On 21 Dec 2023, at 16:28, Ted Lemon <mellon@fugue.com> wrote:
>
> 
> The network operator has decided to do this.
>
>
> Perhaps. Or someone else provisioned the network like this. Or network
> devices came with that as the default configuration.
>
> I don’t think we can assume every network operator knows the tidbits of
> every implementation.
>
> We have to ensure host configuration is robust.
> “Don’t allow those devices on the network or don’t configure the network
> that way then.”  Isn’t an acceptable answer.
>
> There was a reason why the IPv6 only flag proposal failed. Sounds like 108
> have similar set of issues.
> I don’t think writing documents is going to help with particular
> implementations either. We could possibly do an interop.
>
> O.
>
> Presumably they already know that Android doesn't support DHCPv6, and they
> don't want BYOD to work, so it's fine. Or maybe they didn't know that, in
> which case they will try to roll this out, hopefully not on every network
> at once, discover that they have an issue, and either change their
> DHCP/SLAAC policy, or decide not to roll out option 108 after all. I don't
> see any work for us to do here. I would say that Android implementations
> should pay attention to the fact that SLAAC isn't supported and ignore
> option 108 in this case, and perhaps we could write up a document
> explaining that, but it's not clear to me that this is necessary.
>
>
> On Thu, Dec 21, 2023 at 5:17 AM Ole Troan <otroan=
> 40employees.org@dmarc.ietf.org> wrote:
>
>> Take the perfectly valid network deployment where addresses are assigned
>> with DHCPv6 IA_NA. And NAT64 is supported.
>>
>> The subset of hosts that supports 108 but is missing the DHCPv6 feature,
>> how are they supposed to behave?
>>
>> I prefer the two protocols to run ships in the night. Can we come up with
>> some recommendations that limit the v4/v6 interdependence and also avoid
>> increasing brittleness with the introduction of 108?
>>
>> Ole
>>
>>
>>
>> > On 21 Dec 2023, at 01:08, Jen Linkova <furry13@gmail.com> wrote:
>> >
>> > On Wed, Dec 20, 2023 at 11:18 PM Gert Doering <gert@space.net> wrote:
>> >>>> So the message needs to be carried back "I can not take a laptop with
>> >>>> such a configuration to conferences anymore".
>> >>>
>> >>> This answer, while possibly technically correct, is unreasonable.
>> >>
>> >> "Employees coming back and yelling at the IT support desk" is a fairly
>> >> good feedback mechanism for "what you do to my laptop makes me look
>> like
>> >> a fool out there, AND I couldn't join that super-important Zoom call".
>> >
>> > I very much agree with Gert here.
>> > There is a spectrum. On one side there is a network which is unusable
>> > for the vast majority of the clients.  Let's say, IPv6-only WiFi w/o
>> > NAT64. It's unlikely that anyone would deploy that as a public
>> > network.
>> >
>> > On the other end of the spectrum is an ideal, perfect network which
>> > any client can use.
>> >
>> > The real network is always somewhere in the middle, and the closer you
>> > are trying to get to the ideal, the harder (and more expensive) it
>> > gets.
>> > In real networks there are always some clients having some issues. So
>> > the decision the network administrator has to make is where to draw a
>> > line. What corner cases to support and what falls into the 'go and fix
>> > your client' category. The key criteria would be along the lines of
>> > "can it be fixed or can a workaround be provided?" and "how many of
>> > those cases are there?"
>> > And it's quite possible that other people have different views on
>> > where the line is (also, clients footprint might vary for different
>> > networks).
>> >
>> > Why do I think that the scenario of 'a Macbook with disabled IPv6'
>> > belongs to the "not supported, fix your device" case?
>> >
>> > - it is not a bug/OS issue which requires totally unpredictable time
>> > to fix. It's a configuration issue.
>> > - it's not the default state of the device. Someone has configured it
>> > that way, and they shall be able to change it.
>> > - the problem is very well scoped, unlike "please go and fix all
>> > IPv4-only applications".  I have no words to express how many issues I
>> > discovered when I got rid of the HE safety net. I wish I found those
>> > issues earlier.
>> > - it's very important to send the message back to people who
>> > configured the device that way. I think it's unlikely for a personal
>> > device to be configured like that (and even then it's easy to fix,
>> > unlike corporate policy) - and for corporate devices their techsupport
>> > shall know that a new use case exists now. They might be shocked to
>> > know there are IPv6-enabled networks out there, not mentioning
>> > IPv6-mostly. Otherwise that issue would never get fixed.
>> >
>> > The problem with "run some tests and keep IPv4 if IPv6 doesn't work"
>> > is not just that it's harmful for applications on properly working
>> > devices, as I've said.
>> > It's also that it would be almost impossible to come up with tests.
>> > which can be completed in reasonable time and still covers all cases.
>> > There is another danger which really scares me. The main issue with
>> > operating a dual-stack network is that troubleshooting is much harder:
>> > you never know what protocol the endpoint uses right now. If we let
>> > the devices decide 'oh, I do not like what I saw, I'm going to stay
>> > IPv4-enabled for now', it would complicate troubleshooting and IPv4
>> > subnet planning.
>> >
>> > There might be other cases when a device has issues on IPv6-mostly -
>> > one well-known example is pre-Sonoma MacOS with custom IPv4 DNS
>> > servers configured. I think it was great that such devices stayed
>> > IPv6-only, so we could find the issue and get it fixed. Yes, today the
>> > answer to such users would be " don't configure it that way" or, if
>> > it's a corporate policy, "go and complain to your support so they
>> > either change it or upgrade your device". I do not think it should be
>> > a reason for keeping IPv4 on those devices.
>> >
>> > --
>> > Cheers, Jen Linkova
>> >
>> > _______________________________________________
>> > v6ops mailing list
>> > v6ops@ietf.org
>> > https://www.ietf.org/mailman/listinfo/v6ops
>>
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
>

v2.41.0 | Report a Bug | By Email | System Status