IETF Logo Mail Archive

Re: [v6ops] Please review the No IPv4 draft

"Bernie Volz (volz)" <volz@cisco.com> Mon, 14 April 2014 20:44 UTC

Return-Path: <volz@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A48881A0717 for <v6ops@ietfa.amsl.com>; Mon, 14 Apr 2014 13:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.773
X-Spam-Level:
X-Spam-Status: No, score=-9.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIVOb5HV4RDf for <v6ops@ietfa.amsl.com>; Mon, 14 Apr 2014 13:44:51 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) by ietfa.amsl.com (Postfix) with ESMTP id BF3241A0694 for <v6ops@ietf.org>; Mon, 14 Apr 2014 13:44:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6614; q=dns/txt; s=iport; t=1397508288; x=1398717888; h=from:to:cc:subject:date:message-id:references: content-transfer-encoding:mime-version; bh=QLWtBaUVcUen54U71PDgCk98Yapy8JTkuhjoTXlsttc=; b=LNlv3f88Xe0kWw75wWZYi8eD9wamJgiVI828O01Hs7aodb+H7RKhTlYx 8jpj9VRuVxqe1Rgn3MNwnc66HkvXCPff9ZKeykCL19knJPxzJH5nFtsc5 HKfqyoxlato4v/eFeRrEiYbSXb5Yaf3H+mCKHmbRD825GvOXcCbtjtnwJ o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhEFACRITFOtJA2M/2dsb2JhbABZgwY7V7t7hzWBJxZ0giUBAQEDAQEBATc0CwUHBAIBCBEEAQEBChQJBycLFAkIAgQBDQUIDAeHWQgNzAUTBI49MQ2DHoEUBJR0ljCDMYFpJB4
X-IronPort-AV: E=Sophos;i="4.97,859,1389744000"; d="scan'208";a="35728746"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-6.cisco.com with ESMTP; 14 Apr 2014 20:44:47 +0000
Received: from xhc-rcd-x11.cisco.com (xhc-rcd-x11.cisco.com [173.37.183.85]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s3EKil8q013186 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 14 Apr 2014 20:44:47 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.212]) by xhc-rcd-x11.cisco.com ([173.37.183.85]) with mapi id 14.03.0123.003; Mon, 14 Apr 2014 15:44:47 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Ted Lemon <ted.lemon@nominum.com>, Owen DeLong <owen@delong.com>
Thread-Topic: [v6ops] Please review the No IPv4 draft
Thread-Index: AQHPV/Dx0jm4+vJrr02ADXU7FejXCZsRRQJ8gABWeACAAAfpAIAAA3kAgAAXoQD//8+J4IAABSXg
Date: Mon, 14 Apr 2014 20:44:47 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1AFE3163@xmb-rcd-x04.cisco.com>
References: <534BF5A5.5010609@viagenie.ca> <534BFA08.3030404@foobar.org> <49EA8AC9-D5C5-4FE5-9A10-0CD574782F0F@nominum.com> <534C07FC.8000907@foobar.org> <F08AF14D-22C6-4F4C-9388-670EB4CD8453@nominum.com> <F2A0EC2F-6B41-4560-88BA-CEBF3E921B61@delong.com> <091F7BAB-2AAC-41B3-A67C-540482323E71@nominum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.242.239]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/C5NB_R-t3sfsmD5QjDFPPBH71JE
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 20:44:55 -0000

BTW: How significant is the problem anyway? Has this been analyzed by anyone?

Sure, the clients broadcast these packets but this is the "good" direction in Wifi - the Wifi 'switch' can be told to drop them. Other switches can to?

Seems to me that this would be far better to leave to the networking infrastructure to just 'block' the DHCPv4 packets if IPv4 isn't enabled?

Or are there networks where the periodic DHCPv4 DHCPDISCOVERs will end up costing significant overhead?

I suspect many access networks (i.e. DOCSIS - the IP Provisioning Mode TLV) already provide some information about whether v4, v6, or both are available?

- Bernie

-----Original Message-----
From: Bernie Volz (volz) 
Sent: Monday, April 14, 2014 4:34 PM
To: 'Ted Lemon'; Owen DeLong
Cc: v6ops@ietf.org
Subject: RE: [v6ops] Please review the No IPv4 draft

>So you are proposing a massive change to the DHCPv4 protocol in order to arrange for it to be able to be turned off, rather than a minor change to the DHCPv6 protocol to signal that there is no IPv4 available.   How does this make sense?

Are the changes really so massive? (In total, yes there probably is a lot of code to tweak, but that will happen if it is done on the IPv6 or IPv4 side.)

To add this to DHCPv4, we would need a new option code that a client that supports the new "DHCPTURNOFF" message (or whatever it is called) includes in the PRL. The server would then know it can send it (if applicable). For clients that don't support this feature, the server would likely just ignore the packets (as if there was no server).

I think the main reasons for considering using IPv6 were:
1. IPv6 components are more likely to be updated (many people would probably prefer not to touch the v4 code if they don't have to anymore). Thus, this change can be rolled out with other changes.
2. For v6 only deployments (where there is no v4), this does require SOME v4 (i.e., to deploy the server - though "link-local" v4 addresses would be perfectly usable). There may also be relays to configure (which involves yet more v4) -- or new small server to implement to eliminate the relay. (If relays are used there might be some issues with whether all relays will relay the packet back to the client with the 'unknown' message type.)

If you have v4 and v6 available on your network, there's no clear winner. If you have only v6 on your network, using v6 to signal this has advantages.

There's one other minor consideration ... if v6 is used to signal this, it can also be used for manually configured IPv4 hosts (though of course you could just manually reconfigure those).

- Bernie

-----Original Message-----
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Ted Lemon
Sent: Monday, April 14, 2014 2:14 PM
To: Owen DeLong
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Please review the No IPv4 draft

On Apr 14, 2014, at 11:49 AM, Owen DeLong <owen@delong.com> wrote:
> What is being proposed here would be more like responding to an IPv4 packet with an ICMP6 unreachable, which I'm pretty sure would be considered problematic.

Okay, let's consider your example as it relates to the discussion.   Here we are talking about responding to an IPv6 packet with another IPv6 packet, which contains information about the availability of IPv4 service on the local wire.   In your example you are talking about responding to an IPv4 packet with an IPv6 packet.   So the two situations are not analogous.   I agree that if we were doing what you suggest in your example, that would be a bad idea, because the association between an IPv4 and an IPv6 address is something that would have to be inferred by the network, and that _would_ involve a layering violation.

But the actual use case we are talking about involves no such layering violation.

> Sure, so adding a form of NACK or DHCP-UNREACHABLE message to IPv4 makes sense to me.

So you are proposing a massive change to the DHCPv4 protocol in order to arrange for it to be able to be turned off, rather than a minor change to the DHCPv6 protocol to signal that there is no IPv4 available.   How does this make sense?

> Why not, instead of using a DCHCPOFFER, provide an ICMPv4 DHCP-UNAVAILABLE message which can be sent in response to a DHCPREQUEST message by any router which is configured to authoritatively deny DHCPv4 on the link? A host receiving such a message should be expected to behave in an identical manner to the behavior proposed in this draft.

ICMP != DHCP.   You just objected to the No IPv4 proposal (or Nick did) on the basis that it's hard for a DHCPv6 client to pass information to a DHCPv4 client (which, TBH, sounds like a bug to me).   Why is it easier for the ICMP implementation in the kernel to pass information to the DHCPv4 client?   I have personal experience with this: there's code in the ISC DHCP server/client that has to catch bogus error messages pushed up the stack by the kernel and ignore them in order to avoid having its state machine broken, because the kernel has no way to associate ICMP messages with particular datagram sources.  My belief was that the kernel should discard such messages, because it can't do anything useful with them, but the linux guys decided to deliver them; neither solution is really satisfactory.  You are proposing to use this as a solution in favor of something that would actually work reliably.   That doesn't make sense.

The reality is that one of the biggest problems with the configuration system on linux is that the various components don't communicate with each other in a useful way.   Other operating systems manage to do a better job, and there's work ongoing in the linux community to fix this problem (e.g., systemd is now pulling a lot of network stack functionality into it specifically so that it can be part of the system configuration state machine as a whole, and dnsmasq does something similar).

So in reality it makes a tremendous amount of sense to put this information in DHCPv6, and the concern that it may be difficult to communicate the information to the IPv4 stack is a temporary situation that's easily addressed.   Putting it in IPv4 means more useless network traffic, more attack surfaces on IPv6-only routers, etc.

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email