IETF Logo Mail Archive

Re: [v6ops] Please review the No IPv4 draft

Lorenzo Colitti <lorenzo@google.com> Thu, 17 April 2014 11:02 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B113A1A004A for <v6ops@ietfa.amsl.com>; Thu, 17 Apr 2014 04:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jcb1Lgg91bGG for <v6ops@ietfa.amsl.com>; Thu, 17 Apr 2014 04:02:47 -0700 (PDT)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 0BB301A0090 for <v6ops@ietf.org>; Thu, 17 Apr 2014 04:02:44 -0700 (PDT)
Received: by mail-ig0-f175.google.com with SMTP id ur14so2122327igb.8 for <v6ops@ietf.org>; Thu, 17 Apr 2014 04:02:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Uae3nAXLnziaLPnVPpCQ3I4CNKQH5dlzBEpVITJxCyg=; b=WQupBrq3J2SKhXLsj8M3/Sn7DLgAFlVqQF7O/1WRTSH9ykVVVRujBlCjjR7HZxPJ+i O2KnXhQECGlpZLJP6pTgMqKmpszDwLesBbUKJy3YqTPPQMWtJZ6HpSGtv8vUs3P8TGYJ tAfr2ggWKcVCvpu+EddOYEkShSiyds+GoxZeRIPnBZB1Il5x9xN+1GGG0FYAgBiaME5g aixsdSsKAeWkq5OjdVpXwmqhlF9YdJbxxNDQeZIxln9sMjmZQmNjvk+VkGfzNVmH8Vg3 sf+O3mV1rsXVTmTWF9uFuDsa0wjJITaky/OBkYtat2N3+Qtqb9YHfEQSpGNn1cBXaI+5 f14A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Uae3nAXLnziaLPnVPpCQ3I4CNKQH5dlzBEpVITJxCyg=; b=l2ynXHEkxiYklE6rmg2uZK4DtD11iNiabQP+dknqaNt1dDD7SxpqRAlK2AfXAYFa5z /8S/bX7nZgKhvD7w2PS6bUi4adQiZJBodkMlU+GPzni9bttiAc1vDGELHIbnSZ52oM1n 8X5V3BggZyb4qVgEZiz/0Ok9YuoqmYx8J0GXX+DbXxGXw/+1ZG7uSr9nx9HoaSfjxstK vKWFwRETzxjjOrsXDwdWFgG2fx60zCIrbnZP1NDRB4da1hqKT33ukpKUtNsr8a1abPTR RufBvrKWJpcS3DO+umtZrMfZmKaCaeaipBGYxxlvdQaTeblmzchwW0NUcZzcCt4uuGS3 WqbA==
X-Gm-Message-State: ALoCoQmwapNmoM4ALwDwrMLnpwl1Ayin0V74EvdUMJfW9ETMTOZ0N5CQrXqhwK8tgljxY0gf9i2qSFAMaD7E2U2SSIOERPfR1uhgwEGKJ1FWu48UVFkmADz6Ef5kSvmjKUsLax+QJ76hMQafkMcJR/gGr8rnc6oVI5thbLS+zJhC0wrkgiS3vHTs9uv5HfDikV9GZVUJAIL+
X-Received: by 10.43.138.8 with SMTP id iq8mr8600415icc.37.1397732561277; Thu, 17 Apr 2014 04:02:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.18.136 with HTTP; Thu, 17 Apr 2014 04:02:21 -0700 (PDT)
In-Reply-To: <534F96F7.3030806@globis.net>
References: <534BF5A5.5010609@viagenie.ca> <20140415083615.GB43641@Space.Net> <534D3672.3060702@viagenie.ca> <3446106.k0lm12lQ8b@linne> <alpine.DEB.2.02.1404161034220.10236@uplift.swm.pp.se> <CAKD1Yr2D+ZMi-UctuvrMzyqoHqgBy5O26GODT=bRwq0PsvLgLw@mail.gmail.com> <alpine.DEB.2.02.1404161053110.10236@uplift.swm.pp.se> <20140416155714.GB64039@ricotta.doit.wisc.edu> <alpine.DEB.2.02.1404162310050.10236@uplift.swm.pp.se> <534F96F7.3030806@globis.net>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 17 Apr 2014 20:02:21 +0900
Message-ID: <CAKD1Yr1Ma4zoe+pppErAMm_cbsFg0LfEBti5D_cRv6HrvaUjLQ@mail.gmail.com>
To: Ted Lemon <ted.lemon@nominum.com>
Content-Type: multipart/alternative; boundary="001a11c20364ce79ad04f73af88e"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/K_WAIh4RnuqcBSq2_hM29DCFGCM
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 11:02:52 -0000

On Thu, Apr 17, 2014 at 11:04 AM, Ted Lemon <ted.lemon@nominum.com> wrote:

> Yes, but Lorenzo, if you followed the conversation, you might recall that
> this very issue came up, and the authors agree that it's an issue, and will
> be updating the draft to address the issue.   After they've addressed it
> according to what we talked about, a host that implements the proposal will
> no longer be affected by rogue RAs in the way that you describe.
>

Hard to tell since we're well past 200 messages at this point, but I think
the solutions to this scenario that are being proposed are "put a
legitimate IPv6 router to your network" (i.e., enable IPv6 on it) and
"enable IPv6 RA guard + DHCPv6 guard on your network or block ethertype
0x86dd". All of those will require hardware upgrades in some networks.

And, by the way, since rogue RAs are a problem regardless, they need to be
> mitigated regardless.
>

That's a great statement in theory. However, bear in mind that on a lot of
currently-installed equipment with no RA guard / DHCPv6 guard support, that
means "block ethertype 0x86dd in the switches". As you say, if you can't or
don't do this, you already have a problem today.

However, the impact (or should I say, the "enormity" :-)) of the problem is
different:

   - Today, the situation is "block ethertype 0x86dd in the switches, and
   if you don't or can't, your hosts won't be able to reach dual-stack
   websites unless they implement happy eyeballs". A nuisance, yes, but
   survivable, since most OSes implement happy eyeballs these days.
   - If this draft is published and implemented, that will turn into "block
   ethertype 0x86dd in the switches, and if you don't or can't, kiss your
   network goodbye".

It's not OK to blind-side network operators like this.

I repeat: FOO.

v2.23.0 | Report a Bug | By Email