IETF Logo Mail Archive

Re: [v6ops] WGLC for RFC6555bis

Mark Andrews <marka@isc.org> Mon, 14 August 2017 08:54 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECD4313207A for <v6ops@ietfa.amsl.com>; Mon, 14 Aug 2017 01:54:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKni4dtA08ES for <v6ops@ietfa.amsl.com>; Mon, 14 Aug 2017 01:54:10 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F34813208E for <v6ops@ietf.org>; Mon, 14 Aug 2017 01:54:10 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 4052D34A5FC; Mon, 14 Aug 2017 08:51:15 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 2C8A4160045; Mon, 14 Aug 2017 08:51:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 149A4160050; Mon, 14 Aug 2017 08:51:15 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Pw3OBD-xYHMF; Mon, 14 Aug 2017 08:51:15 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 815BE160045; Mon, 14 Aug 2017 08:51:14 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 63308823972C; Mon, 14 Aug 2017 18:51:12 +1000 (AEST)
To: Mikael Abrahamsson <swmike@swm.pp.se>
Cc: Tommy Pauly <tpauly@apple.com>, "v6ops@ietf.org" <v6ops@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <4058EE05-9C9D-47BC-BA37-742FD222F6BA@apple.com> <5542934D-6ED9-47C2-A406-360C41433BD6@gmail.com> <DE38F3DD-5890-42B6-80C7-44D18170BE94@gmail.com> <CAJE_bqfOtBahm_1n4X7tHor21gxSZXjv2i-i6Kq8=r0HdV=J5Q@mail.gmail.com> <A8F0335C-1684-4B8F-8792-4FF7D6A6605A@apple.com> <CAJE_bqdGF_6-E=2m33WKYGXzc4thLPLMcioQ90jmxg7hg4NQdw@mail.gmail.com> <BBD427A9-C97A-46F8-8F72-F5DE8457FB44@gmail.com> <20170811014229.747B98208B3C@rock.dv.isc.org> <4CEEB2DC-CF09-45B4-B7D6-2591506E0B07@apple.com> <20170811055735.C543A82149BB@rock.dv.isc.org> <304BCCE2-C4BF-4392-B4DD-B36F35FD9F23@apple.com> <20170813233141.EEEAF82278E9@rock.dv.isc.org> <alpine.DEB.2.20.1708140842470.3655@uplift.swm.pp.se>
In-reply-to: Your message of "Mon, 14 Aug 2017 08:51:37 +0200." <alpine.DEB.2.20.1708140842470.3655@uplift.swm.pp.se>
Date: Mon, 14 Aug 2017 18:51:12 +1000
Message-Id: <20170814085112.63308823972C@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ca_QV25y9p1fd74tACP2NrKc4Gg>
Subject: Re: [v6ops] WGLC for RFC6555bis
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 08:54:13 -0000

In message <alpine.DEB.2.20.1708140842470.3655@uplift.swm.pp.se>, Mikael Abraha
msson writes:
> On Mon, 14 Aug 2017, Mark Andrews wrote:
> 
> > ISP's and providers need to know when to switch off IPv4.  To do
> > that they will look at the amount of IPv4 traffic they are getting.
> > Devices that initiate IPv4 connections when there is a full working
> > IPv6 path just because there was a DNS cache miss don't help anyone
> > make that decision.  50ms is measuring cache misses not broken /
> > misconfigure authoritative servers and turning them into IPv4
> > traffic.  250ms is less so.  500ms is more less so.  This is just
> > with plain DNS.  Add DNSSEC into the mix where a cache miss may
> > well require multiple queries as DNSKEY and DS RRsets have also
> > expired 250ms is becoming too small.
> 
> You are correct, however, this problem should be solved in DNS land, not 
> in setting a really high advantage for IPv6 over IPv4 (at this point in 
> time).

The document fails to account for cache misses.  It assumes that
there will be *no* A or AAAA records present or that both A and
AAAA records will be present in the cache.  In both those caches
~50ms is fine as it accounts for variance in the lookups.

When only one of A or AAAA RRsets is present in the cache you have
lookup times < 10ms for the RRset that is present in the cache and
~200ms for the RRset that isn't in the cache but the nameserver
information is present.  Waiting a realistic period for the cache
miss to be filled is not "setting a really high advantage for IPv6
over IPv4".  It's giving them equal standing.

Another way to express this would be to require that the AAAA lookup
has a minimum amount of time to succeed before failing over to IPv4
which is of the order of the time of a cache refresh.

Below is a example of a cache miss for bbc.co.uk/A where the answer
is fetched from the other side of the world.  Thats one UDP there
and one UDP packet back.

[rock:~/git/bind9] marka% dig a bbc.co.uk
;; BADCOOKIE, retrying.

; <<>> DiG 9.12.0-pre-alpha+hotspot+add-prefetch+marka <<>> a bbc.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38363
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d3a9ce37593e504dfd7a68a45991596c1a2a6c63bc284349 (good)
;; QUESTION SECTION:
;bbc.co.uk.			IN	A

;; ANSWER SECTION:
bbc.co.uk.		300	IN	A	212.58.246.79
bbc.co.uk.		300	IN	A	212.58.244.23
bbc.co.uk.		300	IN	A	212.58.244.22
bbc.co.uk.		300	IN	A	212.58.246.78

;; Query time: 206 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 14 18:03:56 AEST 2017
;; MSG SIZE  rcvd: 130

[rock:~/git/bind9] marka% 

 
> So while everything you say is correct, I do not agree with your 
> prioritization of "avoid long tail IPv4 usage" as opposed to "if IPv6 is 
> broken, the user will turn off IPv6 (forever) because it slows down the 
> user experience once".

When IPv6 lookups are broken they usually take significantly longer
than a additional 200ms to complete as you end up with multiple
queries being made.

> I also think that the caching resolver should refresh soon-to-be-expired 
> RRs that are getting close to their TTL=0. For instance, if someone is 
> asking for an RR and it has less than 5% of its TTL left, then just 
> refresh it.

Which hides some cache misses from the client but not all of them.
Been there, done that.

> I believe there are drafts regarding this in DNSOP?
> 
> https://tools.ietf.org/html/draft-muks-dnsop-dns-opportunistic-refresh-00 
> is one. I thought there was another one, but I can't find it right now.
>
> -- 
> Mikael Abrahamsson    email: swmike@swm.pp.se
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email