Re: [v6ops] When Android might disconnect because lack of DHCPv6 (was: Implementation Status of PREF64)

Alexandre Petrescu <alexandre.petrescu@gmail.com> Tue, 12 October 2021 09:00 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84A2B3A11CB for <v6ops@ietfa.amsl.com>; Tue, 12 Oct 2021 02:00:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.667
X-Spam-Level:
X-Spam-Status: No, score=0.667 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnpFrnZnlknf for <v6ops@ietfa.amsl.com>; Tue, 12 Oct 2021 01:59:58 -0700 (PDT)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B2A23A1161 for <v6ops@ietf.org>; Tue, 12 Oct 2021 01:59:58 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 19C8xtEO042095 for <v6ops@ietf.org>; Tue, 12 Oct 2021 10:59:55 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id C720A205FBE for <v6ops@ietf.org>; Tue, 12 Oct 2021 10:59:55 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id BCFCF202675 for <v6ops@ietf.org>; Tue, 12 Oct 2021 10:59:55 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 19C8xttg021033 for <v6ops@ietf.org>; Tue, 12 Oct 2021 10:59:55 +0200
To: v6ops@ietf.org
References: <DDA36020-90CC-471B-83AD-3D98950F1164@delong.com> <CAKD1Yr23fY2DJDvB-9eVFRsxnBnZQ0kZuZfYUfRUHYW=_D=enA@mail.gmail.com> <CAN-Dau1z0q0R61x7iY+Wg_cFRU0jmqr+fR0y=bSXxj+K-n722w@mail.gmail.com> <CAKD1Yr1T_mXfxJGHOrBfqZfexm6GTrUqnFi57710pTroKQK6uQ@mail.gmail.com> <702CB018-1A02-4B32-B9AA-7C7B31521F12@delong.com> <CAKD1Yr0jZR8Efzr_Y6FeiBvHYS8ATmDupx2ABTXXy-rSA_QjmA@mail.gmail.com> <1adb70a8-db0a-4ea6-f721-c1035343cda3@foobar.org> <DM6PR02MB69249D4F0A8003E77EC9F153C3B19@DM6PR02MB6924.namprd02.prod.outlook.com> <E1FED93B-674C-46DD-8C39-F6C30475C48A@delong.com> <CAKD1Yr34jv_N0jGKdg=sG76oGU7PdRjYFC_-w9Uvzs=7oGm38w@mail.gmail.com> <E6316781-AC7D-438F-B216-75B1DF9217DC@delong.com> <CAKD1Yr10OKMJ1y8bs5xpt6jS8ZWsqs66oFCXmp-QLySS5Yn4hg@mail.gmail.com> <CAN-Dau3JxPucFnbwZB-M5UD3KkSV++7u03AMQ7vOZJKqPHpJ3Q@mail.gmail.com> <403087B1-51A5-4DF4-9884-441D443DACC2@delong.com> <CAN-Dau3FBLVUSTQsFTrbDEAdy95L8evPdeD_Jg1sK34+DK0O1A@mail.gmail.com> <2D83CE75-368B-4DFD-A7B2-8E0DE8C4D733@delong.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <01036fb1-6de2-58c8-ae1e-ff9d90385685@gmail.com>
Date: Tue, 12 Oct 2021 10:59:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <2D83CE75-368B-4DFD-A7B2-8E0DE8C4D733@delong.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Bvyp5VeX5J6XqJcjnLUQpBOLCqY>
Subject: Re: [v6ops] When Android might disconnect because lack of DHCPv6 (was: Implementation Status of PREF64)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2021 09:00:04 -0000


Le 12/10/2021 à 02:38, Owen DeLong a écrit :
> 
> 
>> On Oct 11, 2021, at 10:52 , David Farmer <farmer@umn.edu 
>> <mailto:farmer@umn.edu>> wrote:
>> 
>> 
>> 
>> On Mon, Oct 11, 2021 at 12:09 PM Owen DeLong 
>> <owen=40delong.com@dmarc.ietf.org 
>> <mailto:40delong.com@dmarc.ietf.org>> wrote:
>> 
>> 
>> 
>>> On Oct 11, 2021, at 09:37 , David Farmer 
>>> <farmer=40umn.edu@dmarc.ietf.org 
>>> <mailto:farmer=40umn.edu@dmarc.ietf.org>> wrote:
>>> 
>>> 
>>> 
>>> On Mon, Oct 11, 2021 at 1:13 AM Lorenzo Colitti 
>>> <lorenzo=40google.com@dmarc.ietf.org 
>>> <mailto:40google.com@dmarc.ietf.org>> wrote:
>>> 
>>> On Mon, Oct 11, 2021 at 1:36 PM Owen DeLong 
>>> <owen=40delong.com@dmarc.ietf.org 
>>> <mailto:40delong.com@dmarc.ietf.org>> wrote:
>>> 
>>> Suppose an OS developer ships a DHCPv6 implementation that 
>>> requires N addresses and does not enable the IPv6 stack unless it
>>> receives all of them. How does that do anything to address 
>>> statements such as, "my network, my rules" that have been made on
>>> this thread? Any operator that wants to assign only one address
>>> per device still cannot use such hosts on their network, and can
>>> still criticise the implementation for not doing what they want.
>>> 
>>> At least it provides a possible way forward for networks that 
>>> don’t want to assign addresses outside of IA_NA or IA_PD to 
>>> provide addressing to android devices.
>>> 
>>> Surely a single IA_NA + a routed IA_PD would meet your 
>>> requirements, right?
>>> 
>>> 
>>> IA_PD, even by itself without IA_NA, has none of the concerns in
>>>  this thread. RFC 7934 explicitly recommends it, actually. Not 
>>> sure if enterprise network operators can or would want to deploy
>>>  IA_PD though. Is that something that we can nudge the industry 
>>> towards?
>>> 
>>> 
>>> I think this is a perfectly reasonable option for the general 
>>> purpose use case, but I will note there is no clear guidance for 
>>> the use case of IA_PD on Hosts, and even the guidance for the use
>>> of IA_PD with routers is somewhat fuzzy or at least incomplete,
>>> in my opinion. Nevertheless, this may or may not be reasonable
>>> for special or restricted purpose use cases, especially when
>>> compliance regimes are required, like PCI or NIST-800-171. I
>>> support IA_PA on hosts, but whether or not that is an acceptable
>>> replacement for IA_AN and/or IA_TA for all use cases is very much
>>> an open question, and not entirely a technical question for that
>>> matter.
>> 
>> At the point where a host solicits and/or accepts IA_PD, it has 
>> effectively declared itself to be a router.
>> 
>> Since most android devices have multiple interface and the ability 
>> to provide a “hotspot” capability, they are, in fact, routers.
>> 
>> 
>> Yes, that is technically correct, and I expect most enterprises 
>> don't, or at least don't want to, view Android devices as routers.
>>  Also, I expect extending the network or "tethering" is not 
>> acceptable behavior in a PCI or NIST-800-171 compliance contexts. 
>> So, that is part of the challenge for this approach. and why this 
>> may not be an acceptable replacement for IA_AN and/or IA_TA.
> 
> Agreed… I’m fine with android implementing IA_NA and then duking it 
> out over how many IA_NA/IA_TA addresses it requires to not shut down
>  the IPv6 stack.
> 
> Most of the enterprises that I know of holding up IPv6 deployments 
> “because android” are willing to work around this in various ways (It
> might get a PD, but the delegated prefix may have significant 
> restrictions or no access to the LAN, etc.)
> 
> The clients I’ve talked to are willing to work with the scenario 
> where android only partially breaks on their network as long as it 
> gets at least one IA_NA address and they can manage that. They don’t
>  mind a user having an android that can open a ticket to be told 
> “yeah, that’s because android’s iPv6 implementation is broken, here’s
> Lorenzo’s email.” The don’t want a situation where android just
> breaks outright because it thinks it created an address through SLAAC
> that can’t actually reach anything like it expects (which is what
> happens currently, because android utterly and in blatant violation
> of the RFCs ignores the M bit).

A similar way in which Android might break because it does not do DHCPv6
is in my home setting in a future tense.

My ISP CPE offers both IPv4 and IPv6; for IPv6 it offers either SLAAC or
DHCPv6 but not simultaneously.

In the near future, when I turn off IPv4 at home definitively, and opt
for DHCPv6 on the ISP CPE, the Android tablet will stop being connected
to the Internet even though the Windows PC will continue.

Towards that future, I intermittently turn off IPv4 on my Windows PC to
see how Internet works from home on IPv6, on SLAAC or on DHCPv6.

I dont know whether I will prefer DHCPv6 or SLAAC at home in the future,
but it might be that SLAAC might not cope with several subnets, and an
automated DHCPv6-PD might help.

Alex

> 
> Owen
> 
> 
> _______________________________________________ v6ops mailing list 
> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>