IETF Logo Mail Archive

Re: [v6ops] Please review the No IPv4 draft

Ray Hunter <v6ops@globis.net> Tue, 15 April 2014 13:54 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D67B1A0318 for <v6ops@ietfa.amsl.com>; Tue, 15 Apr 2014 06:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.173
X-Spam-Level:
X-Spam-Status: No, score=-2.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L8SWCTn1V69U for <v6ops@ietfa.amsl.com>; Tue, 15 Apr 2014 06:54:45 -0700 (PDT)
Received: from globis01.globis.net (mail.globis.net [IPv6:2001:470:1f15:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2241A0312 for <v6ops@ietf.org>; Tue, 15 Apr 2014 06:54:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id AAE36870074; Tue, 15 Apr 2014 15:54:41 +0200 (CEST)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAStxsTninbK; Tue, 15 Apr 2014 15:54:41 +0200 (CEST)
Received: from Rays-iMac.local (092-111-140-211.static.chello.nl [92.111.140.211]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPSA id 7E80A87006F; Tue, 15 Apr 2014 15:54:41 +0200 (CEST)
Message-ID: <534D3A1F.9070307@globis.net>
Date: Tue, 15 Apr 2014 15:54:39 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.9 (Macintosh/20140129)
MIME-Version: 1.0
To: Simon Perreault <simon.perreault@viagenie.ca>
References: <534BF5A5.5010609@viagenie.ca> <534BFA08.3030404@foobar.org> <49EA8AC9-D5C5-4FE5-9A10-0CD574782F0F@nominum.com> <534C07FC.8000907@foobar.org> <F08AF14D-22C6-4F4C-9388-670EB4CD8453@nominum.com> <F2A0EC2F-6B41-4560-88BA-CEBF3E921B61@delong.com> <CAEmG1=oK8iHAms2_uVBsCtpCG7xBdhRfh9QQrd+JXUXgjBPqPA@mail.gmail.com> <0901D65B-EA79-4E20-987D-9BA01CEDDAB3@delong.com> <B3942C2F-C08E-42F2-9038-92C3C63E0023@nominum.com> <534C4DF7.4070407@foobar.org> <40E2438A-C43F-4E41-8778-511E53EF7009@nominum.com> <534D1966.5090301@foobar.org> <534D34CC.3030004@viagenie.ca>
In-Reply-To: <534D34CC.3030004@viagenie.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/nMQKvg2l8aBUixCNZYwCbX-gUAA
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 13:54:48 -0000

Simon Perreault wrote:
> Le 2014-04-15 07:35, Nick Hilliard a écrit :
>> This is not an especially relevant argument because if there were a dhcpv4
>> option to handle this, all you would need to provide the service would be a
>> local stub dhcpv4 mechanism to reply with a DHCPOFFER with a No Service
>> option. There would be no requirement to back-haul the initial DHCPREQUEST
>> to a centralised provisioning system.  IOW, from an operational point of
>> view, this can be provided simply and easily using dhcpv4 at the local
>> level, and this mechanism would spectacularly avoid the deployment problems
>> that Ray outlined.  Handling this over DHCPv6 involves a level of string,
>> gum and duck tape that makes me want to cringe.
>
> This doesn't work when the L2 link is shared with clients to which you
> do want to provide IPv4 service.
Wait a minute. If there's routers there that need to provide IPv4 
selectively to some client nodes on the same L2 link then you almost 
certainly have an on link DHCPv4 server already. Or at least an IPv4 
speaking router that can support one. And that is most likely already 
hooked in to a centralised provisioning system via DHCPv4 relays.

And you anyway have to track L2 addresses to know which nodes on the 
link DO need a proper IPv4 service and which DON'T.

In that case, just assigning all clients that do not enjoy an IPv4 
service an address from a network 10.X.X.X/8 (the range can can be 
re-used on every end router) and filtering at L3 with an access list has 
exactly the same effect.
Better still: assign those hosts that should not be using IPv4 an 
address with a very long lease via DHCPv4 from one of your RTBH black 
hole ranges. http://tools.ietf.org/html/rfc5635.

They'll never send packets off link and they'll not retransmit DHCPv4 
requests for a very long time.

It's re-using an existing mechanism that is operationally proven, is 
unlikely to cause surprises, and has the advantage of not requiring any 
new code on either the end nodes nor the last-hop routers.

>
>> As a separate issue, if the operator really wants to disable all ipv4, why
>> not disable ethertypes 0x0800 and 0x0806 at the mac forwarding layer?
>
> This doesn't work when the L2 link is shared with clients to which you
> do want to provide IPv4 service.
>
> Simon
We should fix this in IPv4. Polluting IPv6 with IPv4 switches is a bad move.

Why does anyone think that badly behaved DHCPv4 clients will be any 
better behaved because there's a (new) DHCPv6 or RA option being advertised?
If they're broken for IPv4 and haven't been patched for a long time, 
they're even more likely to be broken for IPv6, and just as likely not 
to be patched IMHO.

-- 
Regards,
RayH

v2.23.0 | Report a Bug | By Email