IETF Logo Mail Archive

Re: [v6ops] LAN behavior when there's no IPv4 Internet access

Lee Howard <lee@asgard.org> Fri, 08 September 2017 18:03 UTC

Return-Path: <lee@asgard.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F4199132962 for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 11:03:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.399
X-Spam-Level:
X-Spam-Status: No, score=-5.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFhlECoA_ov1 for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 11:03:15 -0700 (PDT)
Received: from atl4mhob17.registeredsite.com (atl4mhob17.registeredsite.com [209.17.115.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DA9713292B for <v6ops@ietf.org>; Fri, 8 Sep 2017 11:03:14 -0700 (PDT)
Received: from mailpod.hostingplatform.com ([10.30.71.210]) by atl4mhob17.registeredsite.com (8.14.4/8.14.4) with ESMTP id v88I3Bj8035886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <v6ops@ietf.org>; Fri, 8 Sep 2017 14:03:11 -0400
Received: (qmail 21990 invoked by uid 0); 8 Sep 2017 18:03:11 -0000
X-TCPREMOTEIP: 72.221.14.181
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?192.168.1.160?) (lee@asgard.org@72.221.14.181) by 0 with ESMTPA; 8 Sep 2017 18:03:08 -0000
User-Agent: Microsoft-MacOutlook/14.7.2.170228
Date: Fri, 08 Sep 2017 14:03:02 -0400
From: Lee Howard <lee@asgard.org>
To: Fred Baker <fredbaker.ietf@gmail.com>
CC: v6ops@ietf.org
Message-ID: <D5D85166.8551D%lee@asgard.org>
Thread-Topic: [v6ops] LAN behavior when there's no IPv4 Internet access
References: <D5D82706.854F4%lee@asgard.org> <F4BC2429-579E-40BB-9F22-36BE07EAEF45@gmail.com>
In-Reply-To: <F4BC2429-579E-40BB-9F22-36BE07EAEF45@gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/8q1QdCjlwMag6CHRAbkmhxiRr34>
Subject: Re: [v6ops] LAN behavior when there's no IPv4 Internet access
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 18:03:17 -0000


On 9/8/17, 12:56 PM, "Fred Baker" <fredbaker.ietf@gmail.com> wrote:

>Dumb question: is it necessary, when there is a network in which IPv4 is
>disabled, to say that it is disabled? What does that accomplish?

Debatable, but some use cases are implied by the problems documented in
the draft.

>
>From my perspective, if the DHCP server is disabled from an IPv4
>perspective, it will stop responding to requests for an IPv4 address.
>Hosts can then build IPv4 link-local addresses if they choose, and
>communicate using them, but IPv4 will have no network services. Either
>IPv6 works or the network doesn't work for IPv4 traffic.

Should a home gateway that doesn’t have an IPv4 WAN address still act as a
DHCP server?
Some clients interpret a lack of DHCP response as an indication that the
network is down, even if they have IPv6. Or so it is alleged; I have not
tested it myself.

How often does a DHCP client send Discover messages?
How much ARP traffic is on a network?
Do we need a way to mute this traffic, or do we just have to wait until
device manufacturers decide to stop including IPv4 in their devices?


>
>My thought is that we don't have a way to say "IPv6 is disabled here";
>either IPv6 works or it doesn't. I don't quite see what is really
>different when the shoe is on the other foot.

Assumptions (and therefore defaults) change depending on where you start.
Most people still assume IPv4, even if they also assume IPv6.

Lee


>
>> On Sep 8, 2017, at 7:52 AM, Lee Howard <Lee@asgard.org> wrote:
>> 
>> Thank you all for the discussion of covering the gaps identified in
>>draft-ietf-sunset4-gapanalysis. In particular, I think many of the gaps
>>are resolved with the revision of rfc6555 Happy Eyeballs.
>> 
>> I wonder, though, what should be the expected behavior of a stub
>>network when there is no IPv4 Internet access?
>> 
>> My current thinking is that the Internet gateway (IGD, Customer Premise
>>Router CPR, home gateway, etc.):
>> 	• May still route between multiple segments of the site network, and
>>therefore should be the IPv4 default gateway for those segments.
>> 	• Only knows whether native IPv4 is available. It may not be aware of
>>NAT64 or other transition mechanisms where it’s not involved.
>> So, islands of IPv4 are probable, and that’s okay. Do we need a
>>document responding to gapanalysis that says so? Do we need to work out
>>how to know when it’s possible to disable IPv4 completely in a
>>heterogenous unmanaged site network? Or do we need to sit on these
>>problems for several more years and wait for IPv4 to become unused in
>>many networks before we can deal with the gaps?
>> 
>> For reference, here’s the relevant section of sunset4-gapanalysis:
>> 3.1.  Indicating that IPv4 connectivity is unavailable
>> 
>>    PROBLEM 1:  When an IPv4 node boots and requests an IPv4 address
>>                (e.g., using DHCP), it typically interprets the absence
>>                of a response as a failure condition even when it is not.
>> 
>>    PROBLEM 2:  Home router devices often identify themselves as default
>>                routers in DHCP responses that they send to requests
>>                coming from the LAN, even in the absence of IPv4
>>                connectivity on the WAN.
>> 
>> 3.2.  Disabling IPv4 in the LAN
>> 
>>    PROBLEM 3:  IPv4-enabled hosts inside an IPv6-only LAN can auto-
>>                configure IPv4 addresses [RFC3927] and enable various
>>                protocols over IPv4 such as mDNS [RFC6762] and LLMNR
>>                [RFC4795].  This can be undesirable for operational or
>>                security reasons, since in the absence of IPv4, no
>>                monitoring or logging of IPv4 will be in place.
>> 
>>    PROBLEM 4:  IPv4 can be completely disabled on a link by filtering it
>>                on the L2 switching device.  However, this may not be
>>                possible in all cases or may be too complex to deploy.
>>                For example, an ISP is often not able to control the L2
>>                switching device in the subscriber home network.
>> 
>>    PROBLEM 5:  A host with only Link-Local IPv4 addresses will "ARP for
>>                everything", as described in Section 2.6.2 of [RFC3927].
>>                Applications running on such a host connected to an
>>                IPv6-only network will believe that IPv4 connectivity is
>>                available, resulting in various bad or sub-optimal
>>                behavior patterns.  See
>>                [I-D.yourtchenko-ipv6-disable-ipv4-proxyarp] for further
>>                analysis.
>> 
>>    Some of these problems were described in [RFC2563], which
>>    standardized a DHCP option to disable IPv4 address auto-
>>    configuration.  However, using this option requires running an IPv4
>>    DHCP server, which is contrary to the goal of IPv4 sunsetting.
>> 
>> 
>> Thanks for discussion,
>> Lee
>> 
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>
>

v2.23.0 | Report a Bug | By Email