--- 1/draft-ietf-sunset4-noipv4-00.txt 2014-12-04 19:14:48.850671847 -0800 +++ 2/draft-ietf-sunset4-noipv4-01.txt 2014-12-04 19:14:48.878672528 -0800 @@ -1,237 +1,247 @@ Network Working Group S. Perreault -Internet-Draft Viagenie +Internet-Draft Jive Communications Intended status: Standards Track W. George -Expires: March 28, 2014 Time Warner Cable +Expires: June 7, 2015 Time Warner Cable T. Tsou Huawei Technologies (USA) T. Yang L. Li China Mobile - September 24, 2013 + JF. Tremblay + Viagenie + December 4, 2014 Turning off IPv4 Using DHCPv6 or Router Advertisements - draft-ietf-sunset4-noipv4-00 + draft-ietf-sunset4-noipv4-01 Abstract This memo defines a new DHCPv6 option and a new Router Advertisement - option for indicating to a dual-stack host or router that IPv4 is to - be turned off. + option to inform a dual-stack host or router that IPv4 can be turned + off. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on March 28, 2014. + This Internet-Draft will expire on June 7, 2015. Copyright Notice - Copyright (c) 2013 IETF Trust and the persons identified as the + Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 3. The Problems We're Trying to Fix . . . . . . . . . . . . . . 4 - 3.1. Load on DHCPv4 Server . . . . . . . . . . . . . . . . . . 4 + 3. Problems Being Addressed . . . . . . . . . . . . . . . . . . 3 + 3.1. Load on DHCPv4 Server and Relay . . . . . . . . . . . . . 4 3.2. Bandwidth Consumption . . . . . . . . . . . . . . . . . . 4 3.3. Power Inefficiency . . . . . . . . . . . . . . . . . . . 4 - 3.4. IPv4 only Applications . . . . . . . . . . . . . . . . . 4 + 3.4. IPv4 Only Applications . . . . . . . . . . . . . . . . . 4 4. Design Considerations . . . . . . . . . . . . . . . . . . . . 4 4.1. DHCPv6 vs DHCPv4 . . . . . . . . . . . . . . . . . . . . 4 - 4.2. DHCPv6 vs RA . . . . . . . . . . . . . . . . . . . . . . 5 - 5. The No-IPv4 Option . . . . . . . . . . . . . . . . . . . . . 6 + 4.2. DHCPv6 vs RA . . . . . . . . . . . . . . . . . . . . . . 6 + 5. The No-IPv4 DHCPv6 Option . . . . . . . . . . . . . . . . . . 6 5.1. DHCPv6 Wire Format . . . . . . . . . . . . . . . . . . . 6 5.2. RA Wire Format . . . . . . . . . . . . . . . . . . . . . 6 5.3. Semantics . . . . . . . . . . . . . . . . . . . . . . . . 7 5.4. Example . . . . . . . . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 - 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 + 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.2. Informative References . . . . . . . . . . . . . . . . . 11 + 9.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Appendix A. Test Results of Terminals Behavior . . . . . . . . . 11 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction When a dual-stack host makes a DHCPv4 request, it typically interprets the absence of a response as a failure condition. This - makes it difficult to deploy such nodes in an IPv6-only network. + may cause operational problems when deploying an IPv6-only network. + Providing a way to inform hosts and routers that IPv4 is not + available would prevent such problems and allow for smoother + deployments. - Take for example a home router that is dual-stack capable but - provisioned with an IPv6-only WAN connection. When the router boots, - it typically assigns an IPv4 address to its LAN interface, starts - services on that interface, and starts handing out IPv4 addresses to - clients on the LAN by answering DHCPv4 requests. This is done - unconditionally, without taking the status of the IPv4 connectivity - on the WAN interface into account. Hosts on the LAN, in turn, - install a default route pointing to the router and start behaving as - if IPv4 connectivity was available. IPv4 packets destined to the - Internet get dropped at the router and timeouts happen. The end - result is that IPv4 remains fully active on the LAN and on the router - itself even when it is desired that it be turned off. + One situation where problems arise is with a dual-stack home router + provisioned with an IPv6-only WAN connection. It typically assigns + an IPv4 address to its LAN interface, starts services on that + interface and hands out IPv4 addresses to clients on the LAN by + answering DHCPv4 requests. This is done unconditionally, without + taking the status of the IPv4 connectivity on the WAN interface into + account. Hosts on the LAN install a default route pointing to the + router and behave as if IPv4 connectivity was available. IPv4 + packets destined to the Internet get dropped at the router and + timeouts happen. The end result is that IPv4 remains fully active on + the LAN and on the router itself even if it would be desirable to + turn it off, especially for applications that do not implement Happy + Eyeballs [RFC6555]. - The other exmaple is about DHCPv4 server. In Dual-Stack LAN/WLAN - network or intranet, the core router or AC often plays the role of - DHCP server, and the clients are server thousands PC or mobile - phones. If the server is configured in IPv6-only, the dual-stack or - IPv4-only clients will broadcast DHCPDISCOVER messages endlessly in - the LAN or WLAN. The thousands clients will cause a DDOS-like attack - to all the servers in the network. Since there are not specific - descriptions in any RFCs for client's behavior when it does not - receive the DHCPOFFER in response to its DHCPDISCOVER message, - various OS deploy different backoff algorithms. We tested server - popuplar OS(es), the test results is listed in the appendix. + Another situation relates to the load on DHCPv4 servers and relays. + In large dual-stack network (LAN, WLAN), thousands of hosts, + including mobile phones, may generate a significant amount of trafic + by attempting to contact a DHCP server. If the servers and relays + are configured in IPv6-only, the dual-stack or IPv4-only clients will + broadcast DHCPDISCOVER messages endlessly, creating a DDOS-like + attack on the network. This scenario has also been briefly described + for DHCPv6 in [RFC7083]. Although DHCP mandates a exponential + backoff, it is limited to 64 seconds, which may still generate + significant traffic (see section 4.1 of [RFC2131]). Various + operating systems also implement the backoff algorithms in different + ways, or not at all, with different limit values. Some test results + for a few popular operating systems are available in appendix. A new mechanism is needed to indicate the absence of IPv4 - connectivity or service that the goal is turning off IPv4, this new - signaling mechanism shall be transported over IPv6. Therefore, we - introduce a new DHCPv6 [RFC3315] option and a new Router - Advertisement (RA) [RFC4861] option for the purpose of explicitly - indicating to the host that IPv4 connectivity is unavailable. + connectivity. Considering the end goal is turn off all IPv4 + connectivity, the chosen mechanism should be transported over IPv6. + Therefore, this document introduce a new DHCPv6 [RFC3315] option and + a new Router Advertisement (RA) [RFC4861] option for the purpose of + explicitly indicating to the host that IPv4 connectivity is + unavailable. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. The following terms are also used in this document: Upstream Interface: An interface on which the No-IPv4 option is received over either DHCPv6 or RA. -3. The Problems We're Trying to Fix - -3.1. Load on DHCPv4 Server +3. Problems Being Addressed +3.1. Load on DHCPv4 Server and Relay - When a DHCPv4 server is present but intentionally does not respond to - a dual-stack node, the aggregated traffic generated by multiple such - dual-stack nodes can represent a significant useless load. This - scenario can be encountered for example with an ISP serving multiple - types of subscribers where some will get IPv4 addresses and others - not. It might not be feasible for operational reasons to block the - useless requests before they reach the DHCPv4 server, e.g. if the - DHCPv4 server itself is the one that has knowledge about which node - should or should not get an IPv4 address. + When a DHCPv4 server or relay is present but intentionally does not + react to DHCPDISCOVERs, the aggregated traffic generated by a large + number of dual-stack hosts can represent a significant bandwidth + load. This scenario is encountered with an ISP serving multiple + types of subscribers where some a provisioned for IP4 service and + others are not. It might not be feasible for operational reasons to + block the useless requests before they reach the DHCPv4 servers, for + example if the DHCPv4 servers themselves are the only ones with the + knowledge of which nodes should or should not get an IPv4 address. 3.2. Bandwidth Consumption - In addition to useless load on the DHCPv4 server, the above scenario - could also consume a significant amount of bandwidth, particularly if - the aggregated traffic from many clients goes through a low-bandwidth - link. + In addition to the useless load on the DHCPv4 servers, the above + scenario could also consume a significant amount of bandwidth, + especially if the aggregated traffic from many clients goes through a + low-bandwidth link or through a wireless link. 3.3. Power Inefficiency A dual-stack node that does not get a DHCPv4 response will usually continue retransmitting forever. Therefore, only providing IPv6 on a link will cause the node to needlessly wake up periodically and transmit a few packets. For example, the popular DHCPv4 client implementation by ISC wakes up every 5 minutes by default and tries to contact a DHCPv4 server for 60 seconds. With this configuration, a node will not be able to sleep 20% of the time. -3.4. IPv4 only Applications +3.4. IPv4 Only Applications - In many cases, IPv4-only applications such as Skype use IPv4 LLA to - bombard the LAN with IPv4 packets. In an IPv6-only environment, it - can get quite annoying and waste a lot of bandwidth. + In many cases, IPv4-only applications such as Skype use an + autoconfigured IPv4 Link-Local Addresses (LLA) to send IPv4 packets + on the LAN. In an IPv6-only environment, this behavior may waste a + significant amount of bandwidth. 4. Design Considerations 4.1. DHCPv6 vs DHCPv4 NOTE: This section will be removed before publication as an RFC. - This document describes a new DHCPv6 option for turning off IPv4. An - equivalent option could conceivably be created for DHCPv4. Here is a - discussion of the pros and cons. Arguments with a + sign argue for a + This document describes a new DHCPv6 option to turn off IPv4. An + equivalent option could conceivably be created for DHCPv4. The pros + and cons are discussed below. Arguments with a + sign argue for a DHCPv4 option, arguments with a - sign argue against. + Devices that don't speak IPv6 won't be listening for a "turn off IPv4" code, and therefore won't stop trying to establish IPv4 connectivity. - Devices that haven't been updated to speak IPv6 likely won't recognize a new DHCPv4 code telling them that IPv4 isn't supported. - + However, it's easier to implement something that - turns off the IP stack than implement IPv6. + + However, it's easier to implement something that turns off + the IP stack than implement IPv6. - Devices that don't speak IPv6 that are still active on the network mean that either IPv4 can't/shouldn't be turned off yet, or IPv4 local connectivity should be maintained to retain local services, even if global IPv4 connectivity is not necessary (think local LAN DLNA streaming, etc). - When the goal is to turn off IPv4, having to maintain and operate an IPv4 infrastructure (routing, ACLs, etc.) just to be able to send negative responses to DHCPv4 requests is not productive. Having the option transported in IPv6 allows the ISP to focus on operating an IPv6-only network. - + However, a full IPv4 infrastructure would not be necessary - in many cases. The local router could contain a very - restricted DHCPv4 server function whose only purpose would - be to reply with the No-IPv4 option. No IPv4 traffic would - have to be carried to a distant DHCPv4 server. Note however - that this may not be operationally feasible in some - situations. + + However, a full IPv4 infrastructure would not be necessary in + many cases. The local router could contain a very restricted + DHCPv4 server function whose only purpose would be to reply + with the No-IPv4 option. No IPv4 traffic would have to be + carried to a distant DHCPv4 server. Note however that this may + not be operationally feasible in some situations. - Turning IPv4 off using an IPv4-transported signal means that there is no way to go back. Once the DHCPv4 option has been accepted by the DHCPv4 client, IPv4 can no longer be turned on remotely (rebooting the client still works). Configurations change, mistakes happen, and so it is necessary to have a way to turn IPv4 back on. With a DHCPv6 option, IPv4 can be turned back on as soon as the client makes a new DHCPv6 request, which can be the next scheduled one or can be triggered immediately with a Reconfigure message. The authors conclude that a DHCPv6 option is clearly necessary, - whereas it is not as clear for a DHCPv4 option. More feedback on - this topic would be appreciated. + whereas the need for a DHCPv4 option is not as obvious. More + feedback on this topic would be appreciated. 4.2. DHCPv6 vs RA - Both DHCPv6- and RA-based solutions are presented in this draft. It + + Both DHCPv6 and RA-based solutions are presented in this draft. It is expected that the working group will decide whether both solutions, only one, or none are desirable. -5. The No-IPv4 Option +5. The No-IPv4 DHCPv6 Option The No-IPv4 DHCPv6 option is used to signal the unavailability of IPv4 connectivity. 5.1. DHCPv6 Wire Format The format of the DHCPv6 No-IPv4 option is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -291,32 +302,32 @@ 1 - No IPv4 upstream: Any kind of IPv4 connectivity is unavailable on the link on which the option is received. Therefore, any attempts to provision IPv4 by the host or to use IPv4 in any fashion, on that link, will be useless. IPv4 MAY be dropped, blocked, or otherwise ignored on that link. Upon reception of the No-IPv4 option with value 1, the following IPv4 functionality MUST be disabled on the Upstream Interface: - a. IPv4 addresses MUST NOT be assigned. + A. IPv4 addresses MUST NOT be assigned. - b. Currently-assigned IPv4 addresses MUST be unassigned. + B. Currently-assigned IPv4 addresses MUST be unassigned. - c. Dynamic configuration of link-local IPv4 addresses [RFC3927] + C. Dynamic configuration of link-local IPv4 addresses [RFC3927] MUST be disabled. - d. IPv4, ICMPv4, or ARP packets MUST NOT be sent. + D. IPv4, ICMPv4, or ARP packets MUST NOT be sent. - e. IPv4, ICMPv4, or ARP packets received MUST be ignored. + E. IPv4, ICMPv4, or ARP packets received MUST be ignored. - f. DNS A queries MUST NOT be sent, even transported over IPv6. + F. DNS A queries MUST NOT be sent, even transported over IPv6. 2 - No IPv4 upstream, local IPv4 restricted: Same semantics as value 1, with the following additions: If all DHCPv6- or RA-configured interfaces receive the No-IPv4 option with a mix of values 1, 2, and 3 (but not exclusively 3), and no other interface provides IPv4 connectivity to the Internet, IPv4 is partially shut down, leaving only local connectivity active. On the Upstream Interface, IPv4 MUST be shut down as listed above. On other interfaces, IPv4 addresses MUST NOT be @@ -329,54 +340,54 @@ * Private-Use (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) [RFC1918] 3 - No IPv4 at all: This is intended to be a stricter version of the above. The host or router receiving this option MUST disable IPv4 functionality on the Upstream Interface in the same way as for value 1 or 2. - If all DHCPv6- or RA-configured interfaces received the No-IPv4 - option with exclusively value 3, and no other interface provides - IPv4 connectivity to the Internet, IPv4 is completely shut down. - In particular: + If all DHCPv6 or RA-configured interfaces received the No-IPv4 + option with value 3, and no other interface provides IPv4 + connectivity to the Internet, IPv4 is completely shut down. In + particular: - a. IPv4 address MUST NOT be assigned to any interface. + A. IPv4 address MUST NOT be assigned to any interface. - b. Currently-assigned IPv4 addresses MUST be unassigned. + B. Currently-assigned IPv4 addresses MUST be unassigned. - c. Dynamic configuration of link-local IPv4 addresses [RFC3927] + C. Dynamic configuration of link-local IPv4 addresses [RFC3927] MUST be disabled. - d. IPv4, ICMPv4, or ARP packets MUST NOT be sent on any + D. IPv4, ICMPv4, or ARP packets MUST NOT be sent on any interface. - e. IPv4, ICMPv4, or ARP packets received on any interface MUST be + E. IPv4, ICMPv4, or ARP packets received on any interface MUST be ignored. - f. In the above, "any interface" includes loopback interfaces. + F. In the above, "any interface" includes loopback interfaces. In particular, the 127.0.0.1 special address MUST be removed. - g. Server programs listening on IPv4 addresses (e.g., a DHCPv4 + G. Server programs listening on IPv4 addresses (e.g., a DHCPv4 server) MAY be shut down. - h. DNS A queries MUST NOT be sent, even transported over IPv6. + H. DNS A queries MUST NOT be sent, even transported over IPv6. - i. If the host or router also runs a DHCPv6 server, it SHOULD + I. If the host or router also runs a DHCPv6 server, it SHOULD include the No-IPv4 option with value 2 in DHCPv6 responses it sends to clients that request it, unless prohibited by local policy. If it currently has active clients, it SHOULD send a Reconfigure to each of them with the OPTION_NO_IPV4 included in the Option Request Option. - j. If the router sends Router Advertisement, it SHOULD include + J. If the router sends Router Advertisement, it SHOULD include the No-IPv4 option with value 2 in RA messages it sends, unless prohibited by local policy. It SHOULD also send RAs immediately so that the changes take effect for all current hosts. The intent is to remove all traces of IPv4 activity. Once the No- IPv4 option with value 3 is activated, the network stack should behave as if IPv4 functionality had never been present. For example, a modular kernel implementation could accomplish the above by unloading the IPv4 kernel module at run time. @@ -405,21 +416,24 @@ request containing OPTION_NO_IPV4 in an Option Request Option. The ISP's DHCPv6 server's reply includes the No-IPv4 option with value 3. When this procedure finishes, the ISP has determined that this customer will run in IPv6-only mode and starts dropping all IPv4 packets at the first hop. If an IPv4 address was assigned, it is reclaimed, and possibly reassigned to another subscriber. The home router aborts the IPv4 provisioning procedure (if it is still running) and deactivates all IPv4 functionality. It shuts down its DHCPv4 server. It also configures its own stateless DHCPv6 - server to send the No-IPv4 option to clients that request it. + server to send the No-IPv4 option to clients that request it. (JFT: + What happens if the timer below is not implemented and IPv4 completes + before IPv6? Maybe we could recommend to run IPv6 provisioning first + when OPTION_NO_IPV4 is supported.) As an optimization, the router could delay setting up IPv4 by a few seconds (10 seconds seems reasonable). If the IPv6 procedure completes with the No-IPv4 option during that time, IPv4 will never have been set up and the router will operate in pure IPv6-only mode from the start. 6. Security Considerations One security concern is that an attacker could use the No-IPv4 option @@ -467,20 +481,30 @@ [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. 9.2. Informative References [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. + [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with + Dual-Stack Hosts", RFC 6555, April 2012. + + [RFC7083] Droms, R., "Modification to Default Values of SOL_MAX_RT + and INF_MAX_RT", RFC 7083, November 2013. + +9.3. URIs + + [1] http://www.iana.org/assignments/dhcpv6-parameters + Appendix A. Test Results of Terminals Behavior In RFC3315 [RFC3315, DHCPv6], SOL_MAX_RT is defined in DHCPv6 to prevent the frequently requesting of clients, which reduces the aggregated traffic. But in RFC2131 [RFC2131, DHCPv4], there are not corresponding IPv4 definitions or options for client's behavior if the server does not respond for the Discover messages. In fact, most of the terminals creat backoff algorithms to help them retransmit DHCPDISCOVER message in different frequency according to @@ -536,29 +560,27 @@ in one cycle, and the interval is about 68s. Symbian_S60 uses the simplest backoff method, it launches DISCOVER in every 2 or 4 seconds. Android2.3.7 is the only Operating System which can stop DISCOVER request by disconnect its wireless connection. It reboot wireless and dhcp connection every 20 seconds. Authors' Addresses + Simon Perreault - Viagenie - 246 Aberdeen - Quebec, QC G1R 2E1 + Jive Communications + Quebec, QC Canada - Phone: +1 418 656 9254 - Email: simon.perreault@viagenie.ca - URI: http://viagenie.ca + Email: sperreault@jive.com Wes George Time Warner Cable 13820 Sunrise Valley Drive Herndon, VA 20171 USA Email: wesley.george@twcable.com Tina Tsou @@ -578,10 +599,20 @@ Email: yangtianle@chinamobile.com Li Lianyuan China Mobile 32, Xuanwumenxi Ave. Xicheng District, Beijing 100053 China Email: lilianyuan@chinamobile.com + + Jean-Francois Tremblay + Viagenie + 246 Aberdeen + Quebec, QC G1R 2E1 + Canada + + Phone: +1 418 656 9254 + Email: jean-francois.tremblay@viagenie.ca + URI: http://viagenie.ca