IETF Logo Mail Archive

Re: [v6ops] LAN behavior when there's no IPv4 Internet access

David Schinazi <dschinazi@apple.com> Fri, 08 September 2017 20:08 UTC

Return-Path: <dschinazi@apple.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2F1A13293A for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 13:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKQycrPghDs6 for <v6ops@ietfa.amsl.com>; Fri, 8 Sep 2017 13:08:50 -0700 (PDT)
Received: from mail-in24.apple.com (mail-out24.apple.com [17.171.2.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E00F61321E6 for <v6ops@ietf.org>; Fri, 8 Sep 2017 13:08:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1504901329; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=v0tIthK3oZm09S/UhgxgxJwJj0iqG0q9JDfJpm/sqm0=; b=aM9heeBU+YwQWZfxVTUMvSQqbor621gEXIdx2Rut388oW1jxGqhEZ7Qr5Y+1AysE 3t7BEZs817Q6sd6USrt+bV7An8emOABzb3gR1oG0HqNe0ALaSdWvt8y5Vj+YFIQe nVvzoJTnatioaRzC5emeImCkw2ikw4hnccwj1Vo2Sz8f83g7aArZqLeDyldwS9O7 j+2AIr2FnpeH4VS5PqbwKpkeD5HldZ4XhbO8vpGuDPX3rzTAqkt2gRL0imHEkZ+q CmwUv0QlO/N43PKwOLKugWj+QlBwwtJM0DRcZnX++mc0YRLJ444sDPhbki/yz0gA 4eZZ4M+smfQwvC2An+AiUg==;
Received: from relay7.apple.com (relay7.apple.com [17.128.113.101]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in24.apple.com (Apple Secure Mail Relay) with SMTP id D4.5F.25405.0D8F2B95; Fri, 8 Sep 2017 13:08:48 -0700 (PDT)
X-AuditID: 11ab0218-751d39c00000633d-75-59b2f8d0ba52
Received: from jimbu.apple.com (jimbu.apple.com [17.151.62.37]) by relay7.apple.com (Apple SCV relay) with SMTP id 85.8F.07283.0D8F2B95; Fri, 8 Sep 2017 13:08:48 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_xmTOJXXiBc48dqIv3r45nw)"
Received: from da0602a-dhcp231.apple.com (da0602a-dhcp231.apple.com [17.226.23.231]) by jimbu.apple.com (Oracle Communications Messaging Server 8.0.1.3.20170825 64bit (built Aug 25 2017)) with ESMTPSA id <0OVZ00GH99AOOW10@jimbu.apple.com>; Fri, 08 Sep 2017 13:08:48 -0700 (PDT)
Sender: dschinazi@apple.com
From: David Schinazi <dschinazi@apple.com>
Message-id: <11075405-E37C-443D-9F76-474F115A1ABD@apple.com>
Date: Fri, 08 Sep 2017 13:08:47 -0700
In-reply-to: <90BCC38D-5B70-40EB-ACD5-925BA94C4A22@gmail.com>
Cc: Lee Howard <Lee@asgard.org>, v6ops@ietf.org
To: Fred Baker <fredbaker.ietf@gmail.com>
References: <D5D82706.854F4%lee@asgard.org> <F4BC2429-579E-40BB-9F22-36BE07EAEF45@gmail.com> <D5D85166.8551D%lee@asgard.org> <90BCC38D-5B70-40EB-ACD5-925BA94C4A22@gmail.com>
X-Mailer: Apple Mail (2.3273)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrALMWRmVeSWpSXmKPExsUi2FCYqnvxx6ZIg7XcFre/NrBa/Nz3h9Hi 9LG9zA7MHr965jN57Jx1l91jyZKfTAHMUVw2Kak5mWWpRfp2CVwZ729PZCzY9oax4uPVJUwN jOdPMnYxcnJICJhIPP8xg62LkYtDSGAtk8SK1a/YYRInJ09hhkhsYJQ427qfFSTBKyAo8WPy PRYQm1kgTGLCwiYWiKK5TBJ7P08ASwgLSEt0XbgL1MDBwSagJXFgjRFEr43EzcfdUCVuEm8O rGcGsVkEVCVWPTsItphTwFbi0rQ2Noj5+hKXHqwAs0UENCVur5vGBLFrM6PEzAPXWCEulZW4 NfsS2KUSAmvYJBb9OcE4gVFoFpJjZyE5dhbQTcwC6hJTpuRChLUlnry7wAphq0ks/L2ICVl8 ASPbKkbh3MTMHN3MPCMTvcSCgpxUveT83E2MoChZzSSxg/HLa8NDjAIcjEo8vBd2booUYk0s K67MPcQozcGiJM5b93BjpJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQZGV73Hby166u9/4L07 y6jga+2fzPP79k7bzhnwTcRzy7o991/kZL+4eo99bv/Z5lUuX4x7giQO581NK39QpmgqWfPv /9pK50lCQhz3TmXXXleOSjp58tEHWSlpcUn2Xa/iVWQDyi4+8Vts8GLqGtH/RhKqjDeWh/5w uGSn8uxlQGKZv0L+6RfNSizFGYmGWsxFxYkAGLipfXMCAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMLMWRmVeSWpSXmKPExsUiON1OVffCj02RBq/a5Cxuf21gtfi57w+j xelje5kdmD1+9cxn8tg56y67x5IlP5kCmKO4bFJSczLLUov07RK4Mt7fnshYsO0NY8XHq0uY GhjPn2TsYuTkkBAwkTg5eQpzFyMXh5DABkaJs637WUESvAKCEj8m32MBsZkFwiQmLGxigSia yySx9/MEsISwgLRE14W7QA0cHGwCWhIH1hhB9NpI3HzcDVXiJvHmwHpmEJtFQFVi1bOD7CA2 p4CtxKVpbWwQ8/UlLj1YAWaLCGhK3F43jQli12ZGiZkHrrFCXCorcWv2JeYJjPyzkNw3C8l9 s4DOYBZQl5gyJRcirC3x5N0FVghbTWLh70VMyOILGNlWMQoUpeYkVprrJRYU5KTqJefnbmIE BXVDYeoOxsblVocYBTgYlXh4K7ZvihRiTSwrrsw9xCjBwawkwsv+HijEm5JYWZValB9fVJqT WnyIUZqDRUmcd/b09ZFCAumJJanZqakFqUUwWSYOTqkGxrInLyp5qr5fW3aSb+rHrbw8cS7v Sma7GbVKTnnjYBPbd+7zT13vdZvcGSKZGd6vP7Jd2+p8k+BxmznHfZhNxF4dY7Pe+P7vz7kT H6iaFlb0npHcKH20cfacd2wZJx/aFk9wvWJ2OEw/Ym+H/as5Ok+TG0W5JU9v2uN8SXCDzqmb Gp++Klk5L1RiKc5INNRiLipOBAAlZXEGZgIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/sJa-Yf5r8BKX5Rf-iigYGMOsGNE>
Subject: Re: [v6ops] LAN behavior when there's no IPv4 Internet access
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 20:08:52 -0000

While most Modern Operating Systems™ have good IPv6 support now, there will always be that one device in your home that supports neither IPv6 nor IPv4 link-local. Because of those, I don't think removing DHCPv4 from the home is worth doing in the next decades. I also don't think this should be handled by the IETF - as far as I know there was no RFC saying "stop using AppleTalk", it just went away when vendors felt that supporting it cost more than it was benefiting. The same will be true of IPv4, eventually. If the IETF wants to spend energy on sunsetting IPv4, I think it should be used on improving and documenting transition mechanisms like NAT64.

David Schinazi


> On Sep 8, 2017, at 12:23, Fred Baker <fredbaker.ietf@gmail.com> wrote:
> 
> 
> 
>> On Sep 8, 2017, at 11:03 AM, Lee Howard <Lee@asgard.org> wrote:
>> 
>> 
>> 
>> On 9/8/17, 12:56 PM, "Fred Baker" <fredbaker.ietf@gmail.com> wrote:
>> 
>>> Dumb question: is it necessary, when there is a network in which IPv4 is
>>> disabled, to say that it is disabled? What does that accomplish?
>> 
>> Debatable, but some use cases are implied by the problems documented in
>> the draft.
>> 
>>> 
>>> From my perspective, if the DHCP server is disabled from an IPv4
>>> perspective, it will stop responding to requests for an IPv4 address.
>>> Hosts can then build IPv4 link-local addresses if they choose, and
>>> communicate using them, but IPv4 will have no network services. Either
>>> IPv6 works or the network doesn't work for IPv4 traffic.
>> 
>> Should a home gateway that doesn’t have an IPv4 WAN address still act as a
>> DHCP server?
> 
> The question isn't whether some other world uses IPv4, it's whether there is a need for an IPv4 DHCP server inside the home. I don't know that having or not having an address on the WAN interface tells me that. I might have an IPv4 address on the WAN interface and not want to use it from inside the home, and I might not have such an address but need to use IPv4 on the LAN interface. I don't see any reason to presume that the WAN interface tells me anything about the LAN interface.
> 
> I would say "yes". The reason is that within the home, IPv4 may still be in use, and 169.254.x.x addresses may not serve it's purposes. The obvious examples of reasons are legacy devices that haven't been replaced/upgraded yet. 
> 
>> Some clients interpret a lack of DHCP response as an indication that the
>> network is down, even if they have IPv6. Or so it is alleged; I have not
>> tested it myself.
> 
> 
>> How often does a DHCP client send Discover messages?
>> How much ARP traffic is on a network?
>> Do we need a way to mute this traffic, or do we just have to wait until
>> device manufacturers decide to stop including IPv4 in their devices?
> 
> I don't know that *WE* need to think about this. Ripping functionality out of software is often difficult and error-prone. A vendor is unlikely to literally remove IPv4 capabilities; he's far more likely to rewrite the technology and not include it, or provide a way to turn it off (such as never sending a DHCP request because IPv4 is "manually configured"). What if they *NEVER* actually remove it, but everybody stops using it?
> 
>>> My thought is that we don't have a way to say "IPv6 is disabled here";
>>> either IPv6 works or it doesn't. I don't quite see what is really
>>> different when the shoe is on the other foot.
>> 
>> Assumptions (and therefore defaults) change depending on where you start.
>> Most people still assume IPv4, even if they also assume IPv6.
> 
> 
> 
>> Lee
>> 
>> 
>>> 
>>>> On Sep 8, 2017, at 7:52 AM, Lee Howard <Lee@asgard.org> wrote:
>>>> 
>>>> Thank you all for the discussion of covering the gaps identified in
>>>> draft-ietf-sunset4-gapanalysis. In particular, I think many of the gaps
>>>> are resolved with the revision of rfc6555 Happy Eyeballs.
>>>> 
>>>> I wonder, though, what should be the expected behavior of a stub
>>>> network when there is no IPv4 Internet access?
>>>> 
>>>> My current thinking is that the Internet gateway (IGD, Customer Premise
>>>> Router CPR, home gateway, etc.):
>>>> 	• May still route between multiple segments of the site network, and
>>>> therefore should be the IPv4 default gateway for those segments.
>>>> 	• Only knows whether native IPv4 is available. It may not be aware of
>>>> NAT64 or other transition mechanisms where it’s not involved.
>>>> So, islands of IPv4 are probable, and that’s okay. Do we need a
>>>> document responding to gapanalysis that says so? Do we need to work out
>>>> how to know when it’s possible to disable IPv4 completely in a
>>>> heterogenous unmanaged site network? Or do we need to sit on these
>>>> problems for several more years and wait for IPv4 to become unused in
>>>> many networks before we can deal with the gaps?
>>>> 
>>>> For reference, here’s the relevant section of sunset4-gapanalysis:
>>>> 3.1.  Indicating that IPv4 connectivity is unavailable
>>>> 
>>>>  PROBLEM 1:  When an IPv4 node boots and requests an IPv4 address
>>>>              (e.g., using DHCP), it typically interprets the absence
>>>>              of a response as a failure condition even when it is not.
>>>> 
>>>>  PROBLEM 2:  Home router devices often identify themselves as default
>>>>              routers in DHCP responses that they send to requests
>>>>              coming from the LAN, even in the absence of IPv4
>>>>              connectivity on the WAN.
>>>> 
>>>> 3.2.  Disabling IPv4 in the LAN
>>>> 
>>>>  PROBLEM 3:  IPv4-enabled hosts inside an IPv6-only LAN can auto-
>>>>              configure IPv4 addresses [RFC3927] and enable various
>>>>              protocols over IPv4 such as mDNS [RFC6762] and LLMNR
>>>>              [RFC4795].  This can be undesirable for operational or
>>>>              security reasons, since in the absence of IPv4, no
>>>>              monitoring or logging of IPv4 will be in place.
>>>> 
>>>>  PROBLEM 4:  IPv4 can be completely disabled on a link by filtering it
>>>>              on the L2 switching device.  However, this may not be
>>>>              possible in all cases or may be too complex to deploy.
>>>>              For example, an ISP is often not able to control the L2
>>>>              switching device in the subscriber home network.
>>>> 
>>>>  PROBLEM 5:  A host with only Link-Local IPv4 addresses will "ARP for
>>>>              everything", as described in Section 2.6.2 of [RFC3927].
>>>>              Applications running on such a host connected to an
>>>>              IPv6-only network will believe that IPv4 connectivity is
>>>>              available, resulting in various bad or sub-optimal
>>>>              behavior patterns.  See
>>>>              [I-D.yourtchenko-ipv6-disable-ipv4-proxyarp] for further
>>>>              analysis.
>>>> 
>>>>  Some of these problems were described in [RFC2563], which
>>>>  standardized a DHCP option to disable IPv4 address auto-
>>>>  configuration.  However, using this option requires running an IPv4
>>>>  DHCP server, which is contrary to the goal of IPv4 sunsetting.
>>>> 
>>>> 
>>>> Thanks for discussion,
>>>> Lee
>>>> 
>>>> _______________________________________________
>>>> v6ops mailing list
>>>> v6ops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>> 
>>> 
>> 
>> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email