[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits] [IPR]
Versions: (draft-wing-v6ops-happy-eyeballs-ipv6)
00 01 02 03 04 05 06 07 RFC 6555
v6ops D. Wing
Internet-Draft A. Yourtchenko
Intended status: Standards Track Cisco
Expires: January 9, 2012 July 8, 2011
Happy Eyeballs: Success with Dual-Stack Hosts
draft-ietf-v6ops-happy-eyeballs-03
Abstract
When the IPv4 server and path is working but the IPv6 server or IPv6
path is down, a dual-stack client application experiences significant
connection delay compared to an IPv4-only client. This is
undesirable because it causes the dual-stack client to have a worse
user experience. This document specifies requirements for algorithms
that reduce this delay, and provides an example algorithm.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2012.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
Wing & Yourtchenko Expires January 9, 2012 [Page 1]
Internet-Draft Happy Eyeballs Dual Stack July 2011
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3
3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
3.1. URIs and hostnames . . . . . . . . . . . . . . . . . . . . 4
3.2. IPv6 connectivity . . . . . . . . . . . . . . . . . . . . 4
4. Algorithm Requirements . . . . . . . . . . . . . . . . . . . . 5
4.1. Adhere to Address Preference Policy . . . . . . . . . . . 6
4.2. Behavior when Preferred Address Family has Failed . . . . 7
4.3. Reset on Network (re-)Initialization . . . . . . . . . . . 7
4.4. Abandon Non-Winning Connections . . . . . . . . . . . . . 7
5. Additional Considerations . . . . . . . . . . . . . . . . . . 8
5.1. Additional Network and Host Traffic . . . . . . . . . . . 8
5.2. Determining Address Type . . . . . . . . . . . . . . . . . 8
5.3. Debugging and Troubleshooting . . . . . . . . . . . . . . 8
5.4. Multiple Interfaces . . . . . . . . . . . . . . . . . . . 9
5.5. Interaction with Same Origin Policy . . . . . . . . . . . 9
5.6. Happy Eyeballs in an Operating System . . . . . . . . . . 9
6. Example Algorithm . . . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 11
10.2. Informational References . . . . . . . . . . . . . . . . . 11
Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . . 12
A.1. changes from -02 to -03 . . . . . . . . . . . . . . . . . 12
A.2. changes from -01 to -02 . . . . . . . . . . . . . . . . . 12
A.3. changes from -00 to -01 . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Wing & Yourtchenko Expires January 9, 2012 [Page 2]
Internet-Draft Happy Eyeballs Dual Stack July 2011
1. Introduction
In order to use applications over IPv6, it is necessary that users
enjoy nearly identical performance as compared to IPv4. A
combination of today's applications, IPv6 tunneling, IPv6 service
providers, and some of today's content providers all cause the user
experience to suffer (Section 3). For IPv6, a content provider may
ensure a positive user experience by using a DNS white list of IPv6
service providers who peer directly with them (e.g., [whitelist]).
However, this does not scale well (to the number of DNS servers
worldwide or the number of content providers worldwide), and does not
react to intermittent network path outages.
Instead, applications can improve the user experience themselves, by
more aggressively making connections on IPv6 and IPv4. There are a
variety of algorithms that can be envisioned. This document
specifies requirements for any such algorithm, with the goals that
the network and servers are not inordinately harmed with a simple
doubling of traffic on IPv6 and IPv4, and the host's address
preference is honored (e.g., [RFC3484]).
2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Problem Statement
The basis of the IPv6/IPv4 selection problem was first described in
1994 in [RFC1671],
"The dual-stack code may get two addresses back from DNS; which
does it use? During the many years of transition the Internet
will contain black holes. For example, somewhere on the way from
IPng host A to IPng host B there will sometimes (unpredictably) be
IPv4-only routers which discard IPng packets. Also, the state of
the DNS does not necessarily correspond to reality. A host for
which DNS claims to know an IPng address may in fact not be
running IPng at a particular moment; thus an IPng packet to that
host will be discarded on delivery. Knowing that a host has both
IPv4 and IPng addresses gives no information about black holes. A
solution to this must be proposed and it must not depend on
manually maintained information. (If this is not solved, the dual
stack approach is no better than the packet translation
approach.)"
Wing & Yourtchenko Expires January 9, 2012 [Page 3]
Internet-Draft Happy Eyeballs Dual Stack July 2011
As discussed in more detail in Section 3.1, it is important that the
same URI and hostname be used for IPv4 and IPv6. Using separate
namespaces (e.g., "ipv6.example.com") causes namespace fragmentation
and reduces the ability for users to share URIs and hostnames, and
complicates printed material that includes the URI or hostname.
As discussed in more detail in Section 3.2, IPv6 connectivity is
broken to specific prefixes or specific hosts, or slower than native
IPv4 connectivity.
3.1. URIs and hostnames
URIs are often used between users to exchange pointers to content --
such as on social networks, email, instant messaging, or other
systems. Thus, production URIs and production hostnames containing
references to IPv4 or IPv6 will only function if the other party is
also using an application, OS, and a network that can access the URI
or the hostname.
3.2. IPv6 connectivity
When IPv6 connectivity is impaired, today's IPv6-capable web browsers
incur many seconds of delay before falling back to IPv4. This harms
the user's experience with IPv6, which will slow the acceptance of
IPv6, because IPv6 is frequently disabled in its entirety on the end
systems to improve the user experience.
Reasons for such failure include no connection to the IPv6 Internet,
broken 6to4 or Teredo tunnels, and broken IPv6 peering.
DNS Server Client Server
| | |
1. |<--www.example.com A?-----| |
2. |<--www.example.com AAAA?--| |
3. |---192.0.2.1------------->| |
4. |---2001:db8::1----------->| |
5. | | |
6. | |--TCP SYN, IPv6--->X |
7. | |--TCP SYN, IPv6--->X |
8. | |--TCP SYN, IPv6--->X |
9. | | |
10. | |--TCP SYN, IPv4------->|
11. | |<-TCP SYN+ACK, IPv4----|
12. | |--TCP ACK, IPv4------->|
Figure 1: Existing behavior message flow
The client obtains the IPv4 and IPv6 records for the server (1-4).
Wing & Yourtchenko Expires January 9, 2012 [Page 4]
Internet-Draft Happy Eyeballs Dual Stack July 2011
The client attempts to connect using IPv6 to the server, but the IPv6
path is broken (6-8), which consumes several seconds of time.
Eventually, the client attempts to connect using IPv4 (10) which
succeeds.
Delays experienced by users of various browser and operating system
combinations have been studied [Experiences].
4. Algorithm Requirements
A Happy Eyeballs algorithm has two primary goals:
1. Provides fast connection for users, by quickly attempting to
connect using IPv6 and IPv4.
2. Avoids thrashing the network, by not always making simultaneous
IPv6 and IPv4 connection attempts.
The basic idea is depicted in the following diagram:
DNS Server Client Server
| | |
1. |<--www.example.com A?-----| |
2. |<--www.example.com AAAA?--| |
3. |---192.0.2.1------------->| |
4. |---2001:db8::1----------->| |
5. | | |
6. | |==TCP SYN, IPv6===>X |
7. | |--TCP SYN, IPv4------->|
8. | |<-TCP SYN+ACK, IPv4----|
9. | |--TCP ACK, IPv4------->|
10. | |==TCP SYN, IPv6===>X |
Figure 2: Happy Eyeballs flow 1, IPv6 broken
In the diagram above, the client sends two TCP SYNs at the same time
over IPv6 (6) and IPv4 (7). In the diagram, the IPv6 path is broken
but has little impact to the user because there is no long delay
before using IPv4. The IPv6 path is retried until the application
gives up (10).
After performing the above procedure, the client learns if
connections to the host's IPv6 or IPv4 address were successful. The
client MUST cache that information to avoid thrashing the network
with excessive subsequent connection attempts. For example, in the
diagram above, the client has noticed that IPv6 to that address
failed, and it should provide a greater preference to using IPv4
Wing & Yourtchenko Expires January 9, 2012 [Page 5]
Internet-Draft Happy Eyeballs Dual Stack July 2011
instead.
DNS Server Client Server
| | |
1. |<--www.example.com A?-----| |
2. |<--www.example.com AAAA?--| |
3. |---192.0.2.1------------->| |
4. |---2001:db8::1----------->| |
5. | | |
6. | |==TCP SYN, IPv6=======>|
7. | |--TCP SYN, IPv4------->|
8. | |<=TCP SYN+ACK, IPv6====|
9. | |<-TCP SYN+ACK, IPv4----|
10. | |==TCP ACK, IPv6=======>|
11. | |--TCP ACK, IPv4------->|
12. | |--TCP RST, IPv4------->|
Figure 3: Happy Eyeballs flow 2, IPv6 working
The diagram above shows a case where both IPv6 and IPv4 are working,
and IPv4 is abandoned (12).
Any Happy Eyeballs algorithm will persist in products for as long as
the client host is dual-stacked, which will persist as long as there
are IPv4-only servers on the Internet -- the so-called "long tail".
Over time, as most content is available via IPv6, the amount of IPv4
traffic will decrease. This means that the IPv4 infrastructure will,
over time, be sized to accomodate that decreased (and decreasing)
amount of traffic. It is critical that a Happy Eyeballs algorithm
not cause a surge of unnecessary traffic on that IPv4 infrastructure.
To meet that goal, compliant Happy Eyeballs algorithms must adhere to
the requirements in this section.
4.1. Adhere to Address Preference Policy
All hosts have an address selection policy. IPv6-capable hosts
usually implement [RFC3484] and may allow the user (via configuration
commands) or the network to modify that address selection policy
(e.g., [I-D.ietf-6man-addr-select-opt]). In most cases, the
preferred address family is IPv6.
Happy Eyeballs implementations MUST follow the host's address
preference policy or, if that policy is unknown, implementations MUST
prefer IPv6 over IPv4.
Justification: This reduces load on stateful IPv4 middleboxes
(NAT and firewalls) and reduces IPv4 address sharing contention.
Wing & Yourtchenko Expires January 9, 2012 [Page 6]
Internet-Draft Happy Eyeballs Dual Stack July 2011
4.2. Behavior when Preferred Address Family has Failed
After making a connection attempt on a certain address family (e.g.,
IPv6), a Happy Eyeballs implementation will decide to initiate a
second connection attempt using the other address family (e.g.,
IPv4).
After doing so and noticing that connections using the other address
family (e.g., IPv4) are successful, a Happy Eyeballs implementation
MAY make subsequent connection attempts on the successful address
family (e.g., IPv4). Such an implementationMUST occasionally make
connection attempts using the host's preferred address family, as it
may have become functional. It is RECOMMENDED that implementations
try the preferred address family at least every 10 minutes. Note:
this can be achieved by connecting to both address families at the
same time, which does not significantly harm the application's
connection setup time for the successful address family. If
connections using the preferred address family are successful, the
preferred address family SHOULD be used for subsequent connections.
Justification: Once the IPv6 path becomes usable again, this
reduces load on stateful IPv4 middleboxes (NAT and firewalls) and
reduces IPv4 address sharing contention.
4.3. Reset on Network (re-)Initialization
Because every network has different characteristics (e.g., working or
broken IPv6 or IPv4 connectivity), a Happy Eyeballs algorithm SHOULD
re-initialize when the host is connected to a new network. Hosts can
determine network (re-)initialization by a variety of mechanisms
including DNAv4 [RFC4436], DNAv6 [RFC6059], [cx-osx], [cx-win].
Justification: This provides the best chance that IPv6 will be
attempted over the new interface.
If the client application is a web browser, see also Section 5.5.
4.4. Abandon Non-Winning Connections
It is RECOMMENDED that the non-winning connections be abandoned, even
though they could -- in some cases -- be put to reasonable use.
Justification: This reduces the load on the server (file
descriptors, TCP control blocks), stateful middleboxes (NAT and
firewalls) and, if the abandoned connection is IPv4, reduces IPv4
address sharing contention.
Wing & Yourtchenko Expires January 9, 2012 [Page 7]
Internet-Draft Happy Eyeballs Dual Stack July 2011
HTTP: The design of some sites can break because of HTTP cookies
that incorporate the client's IP address and require all
connections be from the same IP address. If some connections from
the same client are arriving from different IP addresses (or
worse, different IP address families), such applications will
break. Additionally for HTTP, using the non-winning connection
can interfere with the browser's Same Origin Policy (see
Section 5.5).
5. Additional Considerations
This section discusses considerations and requirements that are
common to new technology deployment.
5.1. Additional Network and Host Traffic
Additional network traffic and additional server load is created due
to the recommendations in this document, especially when connections
to the perferred address family (usually IPv6) are not completing
quickly.
The procedures described in this document retain a quality user
experience while transitioning from IPv4-only to dual stack, while
still giving IPv6 a slight preference over IPv4 (in order to remove
load from IPv4 networks, most importantly to reduce the load on IPv4
network address translators). The improvement in the user experience
benefits the user to only a small detriment of the network, DNS
server, and server that are serving the user.
5.2. Determining Address Type
For some transitional technologies such as a dual-stack host, it is
easy for the application to recognize the native IPv6 address
(learned via a AAAA query) and the native IPv4 address (learned via
an A query). While IPv6/IPv4 translation makes that difficult,
fortunately IPv6/IPv4 translators are not deployed on networks with
dual stack clients.
5.3. Debugging and Troubleshooting
This mechanism is aimed at ensuring a reliable user experience
regardless of connectivity problems affecting any single transport.
However, this naturally means that applications employing these
techniques are by default less useful for diagnosing issues with a
particular address family. To assist in that regard, the
implementions MAY also provide a mechanism to disable their Happy
Eyeballs behavior via a user setting.
Wing & Yourtchenko Expires January 9, 2012 [Page 8]
Internet-Draft Happy Eyeballs Dual Stack July 2011
5.4. Multiple Interfaces
Interaction of the suggestions in this document with multiple
interfaces, and interaction with the MIF working group, is for
further study.
5.5. Interaction with Same Origin Policy
Web browsers implement same origin policy (SOP, [sop],
[I-D.abarth-origin]), which causes subsequent connections to the same
hostname to go to the same IPv4 (or IPv6) address as the previous
successful connection. This is done to prevent certain types of
attacks.
The same-origin policy harms user-visible responsiveness if a new
connection fails (e.g., due to a transient event such as router
failure or load balancer failure). While it is tempting to use Happy
Eyeballs to maintain responsiveness, web browsers MUST NOT change
their same origin policy because of Happy Eyeballs
5.6. Happy Eyeballs in an Operating System
Applications would have to change in order to use the mechanism
described in this document, by either implementing the mechanism
directly, or by calling APIs made available to them. To improve IPv6
connectivity experience for legacy applications (e.g., applications
which simply rely on the operating system's address preference
order), operating systems may consider more sophisticated approaches.
These can include changing address sorting based on configuration
received from the network, or observing connection failures to IPv6
and IPV4 destinations.
6. Example Algorithm
What follows is the algorithm implemented in Google Chrome and
Mozilla Firefox.
1. Call getaddinfo(), which returns a list of IP addresses sorted by
the host's address preference policy.
2. Initiate a connection attempt with the first address in that list
(e.g., IPv6).
3. If that connection does not complete within a short period of
time (e.g., 200-300ms), initiate a connection attempt with the
first address belonging to the other address family (e.g., IPv4)
Wing & Yourtchenko Expires January 9, 2012 [Page 9]
Internet-Draft Happy Eyeballs Dual Stack July 2011
4. The first connection that is established is used. The other
connection is discarded.
Other example algorithms include [Perreault] and [Andrews].
7. Security Considerations
See Section 4.4 and Section 5.5.
8. Acknowledgements
The mechanism described in this paper was inspired by Stuart
Cheshire's discussion at the IAB Plenary at IETF72, the author's
understanding of Safari's operation with SRV records, Interactive
Connectivity Establishment (ICE [RFC5245]), the current IPv4/IPv6
behavior of SMTP mail transfer agents, and the implementation of
Happy Eyeballs in Google Chrome and Mozilla Firefox.
Thanks to Fred Baker, Jeff Kinzli, Christian Kuhtz, and Iljitsch van
Beijnum for fostering the creation of this document.
Thanks to Scott Brim, Rick Jones, Stig Venaas, Erik Kline, Bjoern
Zeeb, Matt Miller, Dave Thaler, and Dmitry Anipko for providing
feedback on the document.
Thanks to Javier Ubillos, Simon Perreault and Mark Andrews for the
active feedback and the experimental work on the independent
practical implementations that they created.
Also the authors would like to thank the following individuals who
participated in various email discussions on this topic: Mohacsi
Janos, Pekka Savola, Ted Lemon, Carlos Martinez-Cagnazzo, Simon
Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos,
Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel
Roesen, Guillaume Leclanche, Mark Smith, Gert Doering, Martin
Millnert, Tim Durack, Matthew Palmer.
9. IANA Considerations
This document has no IANA actions.
10. References
Wing & Yourtchenko Expires January 9, 2012 [Page 10]
Internet-Draft Happy Eyeballs Dual Stack July 2011
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
10.2. Informational References
[Andrews] Andrews, M., "How to connect to a multi-homed server over
TCP", January 2011, <http://www.isc.org/community/blog/
201101/how-to-connect-to-a-multi-h omed-server-over-tcp>.
[Experiences]
Savolainen, T., Miettinen, N., Veikkolainen, S., Chown,
T., and J. Morse, "Experiences of host behavior in broken
IPv6 networks", March 2011,
<http://www.ietf.org/proceedings/80/slides/v6ops-12.pdf>.
[I-D.abarth-origin]
Barth, A., "The Web Origin Concept",
draft-abarth-origin-09 (work in progress), November 2010.
[I-D.ietf-6man-addr-select-opt]
Matsumoto, A., Fujisaki, T., Kato, J., and T. Chown,
"Distributing Address Selection Policy using DHCPv6",
draft-ietf-6man-addr-select-opt-01 (work in progress),
June 2011.
[Perreault]
Perreault, S., "Happy Eyeballs in Erlang", February 2011,
<http://www.viagenie.ca/news/
index.html#happy_eyeballs_erlang>.
[RFC1671] Carpenter, B., "IPng White Paper on Transition and Other
Considerations", RFC 1671, August 1994.
[RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting
Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
April 2010.
[RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for
Detecting Network Attachment in IPv6", RFC 6059,
Wing & Yourtchenko Expires January 9, 2012 [Page 11]
Internet-Draft Happy Eyeballs Dual Stack July 2011
November 2010.
[cx-osx] Adium, "AIHostReachabilityMonitor", June 2009,
<https://bugzilla.redhat.com/show_bug.cgi?id=505105>.
[cx-win] Microsoft, "NetworkChange.NetworkAvailabilityChanged
Event", June 2009, <http://msdn.microsoft.com/en-us/
library/
system.net.networkinformation.networkchange.networkavailab
ilitychanged.aspx>.
[sop] W3C, "Same Origin Policy", January 2010,
<http://www.w3.org/Security/wiki/Same_Origin_Policy>.
[whitelist]
Google, "Google IPv6 DNS Whitelist", January 2009,
<http://www.google.com/intl/en/ipv6>.
Appendix A. Changes
A.1. changes from -02 to -03
o Re-casted this specification as a list of requirements for a
compliant algorithm, rather than trying to dictate a One True
algorithm.
A.2. changes from -01 to -02
o Now honors host's address preference (RFC3484 and friends)
o No longer requires thread-safe DNS library. It uses getaddrinfo()
o No longer describes threading.
o IPv6 is given a 200ms head start (Initial Headstart variable).
o If the IPv6 and IPv4 connection attempts were made at nearly the
same time, wait Tolerance Interval milliseconds for both to
complete before deciding which one wins.
o Renamed "global P" to "Smoothed P", and better described how it is
calculated.
o introduced the exception cache. This contains the set of networks
that only work with IPv4 (or only with IPv6), so that subsequent
connection attempts use that address family without them causing
serious affect to Smoothed P.
Wing & Yourtchenko Expires January 9, 2012 [Page 12]
Internet-Draft Happy Eyeballs Dual Stack July 2011
o encourages that every 10 minutes the exception cache and Smoothed
P be reset. This allows IPv6 to be attempted again, so we don't
get 'stuck' on IPv4.
o If we didn't get both A and AAAA, abandon all Happy Eyeballs
processing (thanks to Simon Perreault).
o added discussion of Same Origin Policy
o Removed discussion of NAT-PT and address learning; those are only
used with IPv6-only hosts whereas this document is about dual-
stack hosts contacting dual-stack servers.
A.3. changes from -00 to -01
o added SRV section (thanks to Matt Miller)
Authors' Addresses
Dan Wing
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA
Email: dwing@cisco.com
Andrew Yourtchenko
Cisco Systems, Inc.
De Kleetlaan, 7
Diegem B-1831
Belgium
Email: ayourtch@cisco.com
Wing & Yourtchenko Expires January 9, 2012 [Page 13]
Html markup produced by rfcmarkup 1.129c, available from
https://tools.ietf.org/tools/rfcmarkup/