IETF Logo Mail Archive

Re: [v6ops] LAN behavior when there's no IPv4 Internet access

Fred Baker <fredbaker.ietf@gmail.com> Fri, 08 September 2017 16:56 UTC

Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFF9E132710 for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 09:56:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMN6Vta5d54B for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 09:56:23 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB29132705 for <v6ops@ietf.org>; Fri, 8 Sep 2017 09:56:22 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id i189so8317097wmf.1 for <v6ops@ietf.org>; Fri, 08 Sep 2017 09:56:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UoOaqBFexMQ1iwrgq/MnERszuaRoaHR6SQea8Zbmua0=; b=hyvscKi5TukjJsIUNOyMJNiwh11yNq2Dtbu3EZNoeL73obKVr8h57ffpkLok7P8fmR tvVHS7XRMNRWEmxH/EB3CCI/EYB9JxElh3pF5mM9IofVoho65m99Ka/0tx6LIA3zOOE3 UjWT5uYUSm6phNYrWkfOznQWXZKXZFpyd2oJF+TdDycSR4/QMq+57y/7Lq9AY56MMTXk H7dEYde77PKHwDfn6sHNrqsDcpcfnA6mPBU0ZUSm7opmSF3gQyRt7zl/cWfOWDW1N4Sj kRenSlibq1zXifdU0Dr9cdGlUz7hu9+E49nwaD9RAOKRTJJzsi7kXh6+ruWgzhjDMYPm Zwhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UoOaqBFexMQ1iwrgq/MnERszuaRoaHR6SQea8Zbmua0=; b=qCZnkzkdWJ2J9Ohb9fAkJL1lefd4q1ymLnGRNASdH7klwtaLCQDxndy3d5zX9wh6tH jCJhXiCQyAgtqjQW95voWre1gfjlzIGwzXretb45qmrZ2rQfRbWqYkz/AJXoLFEtzhFV MUwet6TPp+YhUGg0WiPhfYo1QBQNTJmDQ8f8mvQkohXijAolHY1MGEeKEXzkoksjf8iO uFcCUM9vV+FcYzCxdnTyYSFmf6hD5s1JZUr9vH/bnB/YSmbY4xLJc65h6hrqb36sRRJA 3KHU8bb74q9SOhMHPi8dgH1lf0XB4YX6tqsARR2OP9PzB/ltYZ99rEmiBwL/1z3PfjaM uXsA==
X-Gm-Message-State: AHPjjUisHxZc55er7pt3r7KDNY3gwRG6k3sIUVlZ4FUSKQqkQKUji58B 4VUJgy0XQcDosxv/yld+/woihFkG
X-Google-Smtp-Source: ADKCNb4pULK9Rk5KGcmJS3nOwpuqN36uPru8RRD7+/baeW6otbFQH/g3OPP495o9ZfloZDVWNi/mgA==
X-Received: by 10.28.23.5 with SMTP id 5mr2127227wmx.62.1504889781229; Fri, 08 Sep 2017 09:56:21 -0700 (PDT)
Received: from ?IPv6:2601:646:c005:a10:7064:f9a7:6905:c94f? ([2601:646:c005:a10:7064:f9a7:6905:c94f]) by smtp.gmail.com with ESMTPSA id z51sm3026933wrb.22.2017.09.08.09.56.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Sep 2017 09:56:20 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.6\))
From: Fred Baker <fredbaker.ietf@gmail.com>
In-Reply-To: <D5D82706.854F4%lee@asgard.org>
Date: Fri, 08 Sep 2017 09:56:17 -0700
Cc: v6ops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F4BC2429-579E-40BB-9F22-36BE07EAEF45@gmail.com>
References: <D5D82706.854F4%lee@asgard.org>
To: Lee Howard <Lee@asgard.org>
X-Mailer: Apple Mail (2.3445.1.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/cpXUbelu4ah_E4rlhOagAiZkgYA>
Subject: Re: [v6ops] LAN behavior when there's no IPv4 Internet access
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 16:56:25 -0000

Dumb question: is it necessary, when there is a network in which IPv4 is disabled, to say that it is disabled? What does that accomplish?

From my perspective, if the DHCP server is disabled from an IPv4 perspective, it will stop responding to requests for an IPv4 address. Hosts can then build IPv4 link-local addresses if they choose, and communicate using them, but IPv4 will have no network services. Either IPv6 works or the network doesn't work for IPv4 traffic.

My thought is that we don't have a way to say "IPv6 is disabled here"; either IPv6 works or it doesn't. I don't quite see what is really different when the shoe is on the other foot.

> On Sep 8, 2017, at 7:52 AM, Lee Howard <Lee@asgard.org> wrote:
> 
> Thank you all for the discussion of covering the gaps identified in draft-ietf-sunset4-gapanalysis. In particular, I think many of the gaps are resolved with the revision of rfc6555 Happy Eyeballs.
> 
> I wonder, though, what should be the expected behavior of a stub network when there is no IPv4 Internet access?
> 
> My current thinking is that the Internet gateway (IGD, Customer Premise Router CPR, home gateway, etc.):
> 	• May still route between multiple segments of the site network, and therefore should be the IPv4 default gateway for those segments. 
> 	• Only knows whether native IPv4 is available. It may not be aware of NAT64 or other transition mechanisms where it’s not involved.
> So, islands of IPv4 are probable, and that’s okay. Do we need a document responding to gapanalysis that says so? Do we need to work out how to know when it’s possible to disable IPv4 completely in a heterogenous unmanaged site network? Or do we need to sit on these problems for several more years and wait for IPv4 to become unused in many networks before we can deal with the gaps?
> 
> For reference, here’s the relevant section of sunset4-gapanalysis:
> 3.1.  Indicating that IPv4 connectivity is unavailable
> 
>    PROBLEM 1:  When an IPv4 node boots and requests an IPv4 address
>                (e.g., using DHCP), it typically interprets the absence
>                of a response as a failure condition even when it is not.
> 
>    PROBLEM 2:  Home router devices often identify themselves as default
>                routers in DHCP responses that they send to requests
>                coming from the LAN, even in the absence of IPv4
>                connectivity on the WAN.
> 
> 3.2.  Disabling IPv4 in the LAN
> 
>    PROBLEM 3:  IPv4-enabled hosts inside an IPv6-only LAN can auto-
>                configure IPv4 addresses [RFC3927] and enable various
>                protocols over IPv4 such as mDNS [RFC6762] and LLMNR
>                [RFC4795].  This can be undesirable for operational or
>                security reasons, since in the absence of IPv4, no
>                monitoring or logging of IPv4 will be in place.
> 
>    PROBLEM 4:  IPv4 can be completely disabled on a link by filtering it
>                on the L2 switching device.  However, this may not be
>                possible in all cases or may be too complex to deploy.
>                For example, an ISP is often not able to control the L2
>                switching device in the subscriber home network.
> 
>    PROBLEM 5:  A host with only Link-Local IPv4 addresses will "ARP for
>                everything", as described in Section 2.6.2 of [RFC3927].
>                Applications running on such a host connected to an
>                IPv6-only network will believe that IPv4 connectivity is
>                available, resulting in various bad or sub-optimal
>                behavior patterns.  See
>                [I-D.yourtchenko-ipv6-disable-ipv4-proxyarp] for further
>                analysis.
> 
>    Some of these problems were described in [RFC2563], which
>    standardized a DHCP option to disable IPv4 address auto-
>    configuration.  However, using this option requires running an IPv4
>    DHCP server, which is contrary to the goal of IPv4 sunsetting.
> 
> 
> Thanks for discussion,
> Lee
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email