draft-ietf-sunset4-gapanalysis-02.txt   draft-ietf-sunset4-gapanalysis-03.txt 
Network Working Group JP. Dionne Network Working Group JP. Dionne
Internet-Draft S. Perreault Internet-Draft S. Perreault
Intended status: Informational Viagenie Intended status: Informational Viagenie
Expires: August 26, 2013 T. Tsou Expires: January 16, 2014 T. Tsou
Huawei Technologies (USA) Huawei Technologies (USA)
C. Zhou C. Zhou
Huawei Technologies Huawei Technologies
February 22, 2013 July 15, 2013
Gap Analysis for IPv4 Sunset Gap Analysis for IPv4 Sunset
draft-ietf-sunset4-gapanalysis-02 draft-ietf-sunset4-gapanalysis-03
Abstract Abstract
Sunsetting IPv4 refers to the process of turning off IPv4 Sunsetting IPv4 refers to the process of turning off IPv4
definitively. It can be seen as the final phase of the migration to definitively. It can be seen as the final phase of the migration to
IPv6. This memo enumerates difficulties arising when sunsetting IPv6. This memo enumerates difficulties arising when sunsetting
IPv4, and identifies the gaps requiring additional work. IPv4, and identifies the gaps requiring additional work.
Status of This Memo Status of This Memo
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 26, 2013. This Internet-Draft will expire on January 16, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Related Work . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Related Work . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Remotely Disabling IPv4 . . . . . . . . . . . . . . . . . . . 2 3. Remotely Disabling IPv4 . . . . . . . . . . . . . . . . . . . 3
3.1. Indicating that IPv4 connectivity is unavailable . . . . 3 3.1. Indicating that IPv4 connectivity is unavailable . . . . 3
3.2. Disabling IPv4 in the LAN . . . . . . . . . . . . . . . . 3 3.2. Disabling IPv4 in the LAN . . . . . . . . . . . . . . . . 3
4. Client Connection Establishment Behavior . . . . . . . . . . 4 4. Client Connection Establishment Behavior . . . . . . . . . . 3
5. Disabling IPv4 in Operating System and Applications . . . . . 4 5. Disabling IPv4 in Operating System and Applications . . . . . 4
6. On-Demand Provisioning of IPv4 Addresses . . . . . . . . . . 5 6. On-Demand Provisioning of IPv4 Addresses . . . . . . . . . . 4
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Security Considerations . . . . . . . . . . . . . . . . . . . 5
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
10. Informative References . . . . . . . . . . . . . . . . . . . 5 10. Informative References . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Appendix A. Solution Ideas . . . . . . . . . . . . . . . . . . . 7
A.1. Remotely Disabling IPv4 . . . . . . . . . . . . . . . . . 7
A.1.1. Indicating that IPv4 connectivity is unavailable . . 7
A.1.2. Disabling IPv4 in the LAN . . . . . . . . . . . . . . 7
A.2. Client Connection Establishment Behavior . . . . . . . . 7
A.3. Disabling IPv4 in Operating System and Applications . . . 8
A.4. On-Demand Provisioning of IPv4 Addresses . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
The final phase of the migration to IPv6 is the sunset of IPv4, that The final phase of the migration to IPv6 is the sunset of IPv4, that
is turning off IPv4 definitively on the attached networks and on the is turning off IPv4 definitively on the attached networks and on the
upstream networks. upstream networks.
Some current implementation behavior makes it hard to sunset IPv4. Some current implementation behavior makes it hard to sunset IPv4.
Additionally, some new features could be added to IPv4 to make its Additionally, some new features could be added to IPv4 to make its
sunsetting easier. This document analyzes the current situation and sunsetting easier. This document analyzes the current situation and
skipping to change at page 3, line 14 skipping to change at page 3, line 17
3.1. Indicating that IPv4 connectivity is unavailable 3.1. Indicating that IPv4 connectivity is unavailable
PROBLEM 1: When an IPv4 node boots and requests an IPv4 address PROBLEM 1: When an IPv4 node boots and requests an IPv4 address
(e.g., using DHCP), it typically interprets the absence of a (e.g., using DHCP), it typically interprets the absence of a
response as a failure condition even when it is not. response as a failure condition even when it is not.
PROBLEM 2: Home router devices often identify themselves as default PROBLEM 2: Home router devices often identify themselves as default
routers in DHCP responses that they send to requests coming from routers in DHCP responses that they send to requests coming from
the LAN, even in the absence of IPv4 connectivity on the WAN. the LAN, even in the absence of IPv4 connectivity on the WAN.
One way to address these issues is to send a signal to a dual-stack
node that IPv4 connectivity is unavailable. Given that IPv4 shall be
off, the message must be delivered through IPv6.
3.2. Disabling IPv4 in the LAN 3.2. Disabling IPv4 in the LAN
PROBLEM 3: IPv4-enabled hosts inside an IPv6-only LAN can auto- PROBLEM 3: IPv4-enabled hosts inside an IPv6-only LAN can auto-
configure IPv4 addresses [RFC3927] and enable various protocols configure IPv4 addresses [RFC3927] and enable various protocols
over IPv4 such as mDNS [I-D.cheshire-dnsext-multicastdns] and over IPv4 such as mDNS [I-D.cheshire-dnsext-multicastdns] and
LLMNR [RFC4795]. This can be undesirable for operational or LLMNR [RFC4795]. This can be undesirable for operational or
security reasons, since in the absence of IPv4, no monitoring or security reasons, since in the absence of IPv4, no monitoring or
logging of IPv4 will be in place. logging of IPv4 will be in place.
PROBLEM 4: IPv4 can be completely disabled on a link by filtering it PROBLEM 4: IPv4 can be completely disabled on a link by filtering it
on the L2 switching device. However, this may not be possible in on the L2 switching device. However, this may not be possible in
all cases or may be too complex to deploy. For example, an ISP is all cases or may be too complex to deploy. For example, an ISP is
often not able to control the L2 switching device in the often not able to control the L2 switching device in the
subscriber home network. subscriber home network.
One way to address these issues is to send a signal to a dual-stack PROBLEM 5: A host with only Link-Local IPv4 addresses will "ARP for
node that auto-configuration of IPv4 addresses is undesirable, or everything", as described in Section 2.6.2 of [RFC3927].
that direct IPv4 communication between nodes on the same link should Applications running on such a host connected to an IPv6-only
not take place. network will believe that IPv4 connectivity is available,
resulting in various bad or sub-optimal behavior patterns. See
This problem was described in [RFC2563], which standardized a DHCP [I-D.yourtchenko-ipv6-disable-ipv4-proxyarp] for further analysis.
option to disable IPv4 address auto-configuration. However, using
this option requires running an IPv4 DHCP server, which is contrary
to the goal of IPv4 sunsetting. An equivalent way of signalling this
over IPv6 is necessary, using either Router Advertisements or DHCPv6.
Furthermore, it could be useful to have L2 switches snoop this
signalling and automatically start filtering IPv4 traffic as a
consequence.
Finally, it could be useful to publish guidelines on how to safely Some of these problems were described in [RFC2563], which
block IPv4 on an L2 switch. standardized a DHCP option to disable IPv4 address auto-
configuration. However, using this option requires running an IPv4
DHCP server, which is contrary to the goal of IPv4 sunsetting.
4. Client Connection Establishment Behavior 4. Client Connection Establishment Behavior
PROBLEM 5: Happy Eyeballs [RFC6555] refers to multiple approaches to PROBLEM 6: Happy Eyeballs [RFC6555] refers to multiple approaches to
dual-stack client implementations that try to reduce connection dual-stack client implementations that try to reduce connection
setup delays by trying both IPv4 and IPv6 paths simultaneously. setup delays by trying both IPv4 and IPv6 paths simultaneously.
Some implementations introduce delays which provide an advantage Some implementations introduce delays which provide an advantage
to IPv6, while others do not [Huston2012]. The latter will pick to IPv6, while others do not [Huston2012]. The latter will pick
the fastest path, no matter whether it is over IPv4 or IPv6, the fastest path, no matter whether it is over IPv4 or IPv6,
directing more traffic over IPv4 than the other kind of directing more traffic over IPv4 than the other kind of
implementations. This can prove problematic in the context of implementations. This can prove problematic in the context of
IPv4 sunsetting, especially for Carrier-Grade NAT phasing out IPv4 sunsetting, especially for Carrier-Grade NAT phasing out
because CGN does not add significant latency that would make the because CGN does not add significant latency that would make the
IPv6 path more preferable. Traffic will therefore continue using IPv6 path more preferable. Traffic will therefore continue using
the CGN path unless other network conditions change. the CGN path unless other network conditions change.
PROBLEM 6: getaddrinfo() [RFC3493] sends DNS queries for both A and PROBLEM 7: getaddrinfo() [RFC3493] sends DNS queries for both A and
AAAA records regardless of the state of IPv4 or IPv6 availability. AAAA records regardless of the state of IPv4 or IPv6 availability.
The AI_ADDRCONFIG flag can be used to change this behavior, but it The AI_ADDRCONFIG flag can be used to change this behavior, but it
relies on programmers using the getaddrinfo() function to always relies on programmers using the getaddrinfo() function to always
pass this flag to the function. The current situation is that in pass this flag to the function. The current situation is that in
an IPv6-only environment, many useless A queries are made. an IPv6-only environment, many useless A queries are made.
Recommendations on client connection establishment behavior that
would facilitate IPv4 sunsetting are therefore appropriate.
5. Disabling IPv4 in Operating System and Applications 5. Disabling IPv4 in Operating System and Applications
PROBLEM 7: Completely disabling IPv4 at runtime often reveals It is possible to completely remove IPv4 support from an operating
system as has been shown by the work of Bjoern Zeeb on FreeBSD.
[Zeeb] Removing IPv4 support in the kernel revealed many IPv4
dependencies in libraries and applications.
PROBLEM 8: Completely disabling IPv4 at runtime often reveals
implementation bugs. Hard-coded dependencies on IPv4 abound, such implementation bugs. Hard-coded dependencies on IPv4 abound, such
as on the 127.0.0.1 address assigned to the loopback interface. as on the 127.0.0.1 address assigned to the loopback interface.
It is therefore often operationally impossible to completely It is therefore often operationally impossible to completely
disable IPv4 on individual nodes. disable IPv4 on individual nodes.
PROBLEM 8: In an IPv6-only world, legacy IPv4 code in operating PROBLEM 9: In an IPv6-only world, legacy IPv4 code in operating
systems and applications incurs a maintenance overhead and can systems and applications incurs a maintenance overhead and can
present security risks. present security risks.
It is possible to completely remove IPv4 support from an operating
system as has been shown by the work of Bjoern Zeeb on FreeBSD.
[Zeeb] Removing IPv4 support in the kernel revealed many IPv4
dependencies in libraries and applications.
It would be useful for the IETF to provide guidelines to programmers
on how to avoid creating dependencies on IPv4, how to discover
existing dependencies, and how to eliminate them. Having programs
and operating systems that behave well in an IPv6-only environment is
a prerequisite for IPv4 sunsetting.
6. On-Demand Provisioning of IPv4 Addresses 6. On-Demand Provisioning of IPv4 Addresses
As IPv6 usage climbs, the usefulness of IPv4 addresses to subscribers As IPv6 usage climbs, the usefulness of IPv4 addresses to subscribers
will become smaller. This could be exploited by an ISP to save IPv4 will become smaller. This could be exploited by an ISP to save IPv4
addresses by provisioning them on-demand to subscribers and addresses by provisioning them on-demand to subscribers and
reclaiming them when they are no longer used. This idea is described reclaiming them when they are no longer used. This idea is described
in [I-D.fleischhauer-ipv4-addr-saving] and [BBF.TR242] for the in [I-D.fleischhauer-ipv4-addr-saving] and [BBF.TR242] for the
context of PPP sessions. In these scenarios, the home router is context of PPP sessions. In these scenarios, the home router is
responsible for requesting and releasing IPv4 addresses, based on responsible for requesting and releasing IPv4 addresses, based on
snooping the traffic generated by the hosts in the LAN, which are snooping the traffic generated by the hosts in the LAN, which are
still dual-stack and unaware that their traffic is being snooped. still dual-stack and unaware that their traffic is being snooped.
PROBLEM 9: Dual-stack hosts that implement Happy-Eyeballs [RFC6555] PROBLEM 10: Dual-stack hosts that implement Happy-Eyeballs [RFC6555]
will generate both IPv4 and IPv6 traffic even if the algorithm end will generate both IPv4 and IPv6 traffic even if the algorithm end
up chooosing IPv6. This means that an IPv4 address will always be up chooosing IPv6. This means that an IPv4 address will always be
requested by the home router, which defeats the purpose of on- requested by the home router, which defeats the purpose of on-
demand provisioning. demand provisioning.
PROBLEM 10: Many operating systems periodically perform some kind of PROBLEM 11: Many operating systems periodically perform some kind of
network connectivity check as long as an interface is up. network connectivity check as long as an interface is up.
Similarly, applications often send keep-alive traffic Similarly, applications often send keep-alive traffic
continuously. This permanent "background noise" will prevent an continuously. This permanent "background noise" will prevent an
IPv4 address from being released by the home router. IPv4 address from being released by the home router.
PROBLEM 11: Hosts in the LAN have no knowledge that IPv4 is available PROBLEM 12: Hosts in the LAN have no knowledge that IPv4 is available
to them on-demand only. If they had explicit knowledge of this to them on-demand only. If they had explicit knowledge of this
fact, they could tune their behaviour so as to be more fact, they could tune their behaviour so as to be more
conservative in their use of IPv4. conservative in their use of IPv4.
PROBLEM 12: This mechanism is only being proposed for PPP even though PROBLEM 13: This mechanism is only being proposed for PPP even though
it could apply to other provisioning protocols (e.g., DHCP). it could apply to other provisioning protocols (e.g., DHCP).
7. IANA Considerations 7. IANA Considerations
None. None.
8. Security Considerations 8. Security Considerations
TODO It is believed that none of the problems identified in this draft are
security issues.
9. Acknowledgements 9. Acknowledgements
Thanks in particular to Nejc Skoberne and Lee Howard for their Thanks in particular to Nejc Skoberne and Lee Howard for their
thorough reviews and comments. thorough reviews and comments.
Special thanks to Marc Blanchet who was the driving force behind this
work.
10. Informative References 10. Informative References
[BBF.TR242] [BBF.TR242]
Broadband Forum, "TR-242: IPv6 Transition Mechanisms for Broadband Forum, "TR-242: IPv6 Transition Mechanisms for
Broadband Networks", August 2012. Broadband Networks", August 2012.
[Huston2012] [Huston2012]
Huston, G. and G. Michaelson, "RIPE 64: Analysing Dual Huston, G. and G. Michaelson, "RIPE 64: Analysing Dual
Stack Behaviour and IPv6 Quality", April 2012. Stack Behaviour and IPv6 Quality", April 2012.
skipping to change at page 6, line 22 skipping to change at page 6, line 9
Cheshire, S. and M. Krochmal, "Multicast DNS", draft- Cheshire, S. and M. Krochmal, "Multicast DNS", draft-
cheshire-dnsext-multicastdns-15 (work in progress), cheshire-dnsext-multicastdns-15 (work in progress),
December 2011. December 2011.
[I-D.fleischhauer-ipv4-addr-saving] [I-D.fleischhauer-ipv4-addr-saving]
Fleischhauer, K. and O. Bonness, "On demand IPv4 address Fleischhauer, K. and O. Bonness, "On demand IPv4 address
provisioning in Dual-Stack PPP deployment scenarios", provisioning in Dual-Stack PPP deployment scenarios",
draft-fleischhauer-ipv4-addr-saving-03 (work in progress), draft-fleischhauer-ipv4-addr-saving-03 (work in progress),
August 2012. August 2012.
[I-D.yourtchenko-ipv6-disable-ipv4-proxyarp]
Yourtchenko, A. and O. Owen, "Disable "Proxy ARP for
Everything" on IPv4 link-local in the presence of IPv6
global address", draft-yourtchenko-ipv6-disable-
ipv4-proxyarp-00 (work in progress), May 2013.
[RFC2563] Troll, R., "DHCP Option to Disable Stateless Auto- [RFC2563] Troll, R., "DHCP Option to Disable Stateless Auto-
Configuration in IPv4 Clients", RFC 2563, May 1999. Configuration in IPv4 Clients", RFC 2563, May 1999.
[RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W.
Stevens, "Basic Socket Interface Extensions for IPv6", RFC Stevens, "Basic Socket Interface Extensions for IPv6", RFC
3493, February 2003. 3493, February 2003.
[RFC3789] Nesser, P. and A. Bergstrom, "Introduction to the Survey [RFC3789] Nesser, P. and A. Bergstrom, "Introduction to the Survey
of IPv4 Addresses in Currently Deployed IETF Standards of IPv4 Addresses in Currently Deployed IETF Standards
Track and Experimental Documents", RFC 3789, June 2004. Track and Experimental Documents", RFC 3789, June 2004.
skipping to change at page 7, line 28 skipping to change at page 7, line 21
[RFC4795] Aboba, B., Thaler, D., and L. Esibov, "Link-local [RFC4795] Aboba, B., Thaler, D., and L. Esibov, "Link-local
Multicast Name Resolution (LLMNR)", RFC 4795, January Multicast Name Resolution (LLMNR)", RFC 4795, January
2007. 2007.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, April 2012. Dual-Stack Hosts", RFC 6555, April 2012.
[Zeeb] , "FreeBSD Snapshots without IPv4 support", , [Zeeb] , "FreeBSD Snapshots without IPv4 support", ,
<http://wiki.freebsd.org/IPv6Only>. <http://wiki.freebsd.org/IPv6Only>.
Appendix A. Solution Ideas
A.1. Remotely Disabling IPv4
A.1.1. Indicating that IPv4 connectivity is unavailable
One way to address these issues is to send a signal to a dual-stack
node that IPv4 connectivity is unavailable. Given that IPv4 shall be
off, the message must be delivered through IPv6.
A.1.2. Disabling IPv4 in the LAN
One way to address these issues is to send a signal to a dual-stack
node that auto-configuration of IPv4 addresses is undesirable, or
that direct IPv4 communication between nodes on the same link should
not take place.
A signalling protocol equivalent to the one from [RFC2563] but over
IPv6 is necessary, using either Router Advertisements or DHCPv6.
Furthermore, it could be useful to have L2 switches snoop this
signalling and automatically start filtering IPv4 traffic as a
consequence.
Finally, it could be useful to publish guidelines on how to safely
block IPv4 on an L2 switch.
A.2. Client Connection Establishment Behavior
Recommendations on client connection establishment behavior that
would facilitate IPv4 sunsetting would be appropriate.
A.3. Disabling IPv4 in Operating System and Applications
It would be useful for the IETF to provide guidelines to programmers
on how to avoid creating dependencies on IPv4, how to discover
existing dependencies, and how to eliminate them. Having programs
and operating systems that behave well in an IPv6-only environment is
a prerequisite for IPv4 sunsetting.
A.4. On-Demand Provisioning of IPv4 Addresses
No idea.
Authors' Addresses Authors' Addresses
Jean-Philippe Dionne Jean-Philippe Dionne
Viagenie Viagenie
246 Aberdeen 246 Aberdeen
Quebec, QC G1R 2E1 Quebec, QC G1R 2E1
Canada Canada
Phone: +1 418 656 9254 Phone: +1 418 656 9254
Email: jean-philippe.dionne@viagenie.ca Email: jean-philippe.dionne@viagenie.ca
 End of changes. 25 change blocks. 
51 lines changed or deleted 93 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/