IETF Logo Mail Archive

[v6ops] LAN behavior when there's no IPv4 Internet access

Lee Howard <lee@asgard.org> Fri, 08 September 2017 14:53 UTC

Return-Path: <lee@asgard.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20EC5132EE2 for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 07:53:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.698
X-Spam-Level:
X-Spam-Status: No, score=-4.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LQ_FB3puP5m for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 07:53:03 -0700 (PDT)
Received: from atl4mhob20.registeredsite.com (atl4mhob20.registeredsite.com [209.17.115.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45EFF132D79 for <v6ops@ietf.org>; Fri, 8 Sep 2017 07:53:03 -0700 (PDT)
Received: from mailpod.hostingplatform.com ([10.30.71.210]) by atl4mhob20.registeredsite.com (8.14.4/8.14.4) with ESMTP id v88Er01i034484 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <v6ops@ietf.org>; Fri, 8 Sep 2017 10:53:00 -0400
Received: (qmail 19330 invoked by uid 0); 8 Sep 2017 14:53:00 -0000
X-TCPREMOTEIP: 72.221.14.181
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?192.168.1.160?) (lee@asgard.org@72.221.14.181) by 0 with ESMTPA; 8 Sep 2017 14:52:58 -0000
User-Agent: Microsoft-MacOutlook/14.7.2.170228
Date: Fri, 08 Sep 2017 10:52:54 -0400
From: Lee Howard <lee@asgard.org>
To: v6ops@ietf.org
Message-ID: <D5D82706.854F4%lee@asgard.org>
Thread-Topic: LAN behavior when there's no IPv4 Internet access
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3587712778_8248487"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/EgvozbUMKNEelNB8oJ8cj3CxdCQ>
Subject: [v6ops] LAN behavior when there's no IPv4 Internet access
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 14:53:05 -0000

Thank you all for the discussion of covering the gaps identified in
draft-ietf-sunset4-gapanalysis. In particular, I think many of the gaps are
resolved with the revision of rfc6555 Happy Eyeballs.

I wonder, though, what should be the expected behavior of a stub network
when there is no IPv4 Internet access?

My current thinking is that the Internet gateway (IGD, Customer Premise
Router CPR, home gateway, etc.):
* May still route between multiple segments of the site network, and
therefore should be the IPv4 default gateway for those segments.
* Only knows whether native IPv4 is available. It may not be aware of NAT64
or other transition mechanisms where it’s not involved.
So, islands of IPv4 are probable, and that’s okay. Do we need a document
responding to gapanalysis that says so? Do we need to work out how to know
when it’s possible to disable IPv4 completely in a heterogenous unmanaged
site network? Or do we need to sit on these problems for several more years
and wait for IPv4 to become unused in many networks before we can deal with
the gaps?

For reference, here’s the relevant section of sunset4-gapanalysis:
3.1.  Indicating that IPv4 connectivity is unavailable

   PROBLEM 1:  When an IPv4 node boots and requests an IPv4 address
               (e.g., using DHCP), it typically interprets the absence
               of a response as a failure condition even when it is not.

   PROBLEM 2:  Home router devices often identify themselves as default
               routers in DHCP responses that they send to requests
               coming from the LAN, even in the absence of IPv4
               connectivity on the WAN.

3.2.  Disabling IPv4 in the LAN

   PROBLEM 3:  IPv4-enabled hosts inside an IPv6-only LAN can auto-
               configure IPv4 addresses [RFC3927] and enable various
               protocols over IPv4 such as mDNS [RFC6762] and LLMNR
               [RFC4795].  This can be undesirable for operational or
               security reasons, since in the absence of IPv4, no
               monitoring or logging of IPv4 will be in place.

   PROBLEM 4:  IPv4 can be completely disabled on a link by filtering it
               on the L2 switching device.  However, this may not be
               possible in all cases or may be too complex to deploy.
               For example, an ISP is often not able to control the L2
               switching device in the subscriber home network.

   PROBLEM 5:  A host with only Link-Local IPv4 addresses will "ARP for
               everything", as described in Section 2.6.2 of [RFC3927].
               Applications running on such a host connected to an
               IPv6-only network will believe that IPv4 connectivity is
               available, resulting in various bad or sub-optimal
               behavior patterns.  See
               [I-D.yourtchenko-ipv6-disable-ipv4-proxyarp] for further
               analysis.

   Some of these problems were described in [RFC2563], which
   standardized a DHCP option to disable IPv4 address auto-
   configuration.  However, using this option requires running an IPv4
   DHCP server, which is contrary to the goal of IPv4 sunsetting.

Thanks for discussion,
Lee

v2.23.0 | Report a Bug | By Email