Network Working Group | S. Perreault |
Internet-Draft | Jive Communications |
Intended status: Standards Track | W. George |
Expires: June 7, 2015 | Time Warner Cable |
T. Tsou | |
Huawei Technologies (USA) | |
T. Yang | |
L. Li | |
China Mobile | |
JF. Tremblay | |
Viagénie | |
December 4, 2014 |
Turning off IPv4 Using DHCPv6 or Router Advertisements
draft-ietf-sunset4-noipv4-01
This memo defines a new DHCPv6 option and a new Router Advertisement option to inform a dual-stack host or router that IPv4 can be turned off.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 7, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
When a dual-stack host makes a DHCPv4 request, it typically interprets the absence of a response as a failure condition. This may cause operational problems when deploying an IPv6-only network. Providing a way to inform hosts and routers that IPv4 is not available would prevent such problems and allow for smoother deployments.
One situation where problems arise is with a dual-stack home router provisioned with an IPv6-only WAN connection. It typically assigns an IPv4 address to its LAN interface, starts services on that interface and hands out IPv4 addresses to clients on the LAN by answering DHCPv4 requests. This is done unconditionally, without taking the status of the IPv4 connectivity on the WAN interface into account. Hosts on the LAN install a default route pointing to the router and behave as if IPv4 connectivity was available. IPv4 packets destined to the Internet get dropped at the router and timeouts happen. The end result is that IPv4 remains fully active on the LAN and on the router itself even if it would be desirable to turn it off, especially for applications that do not implement Happy Eyeballs [RFC6555].
Another situation relates to the load on DHCPv4 servers and relays. In large dual-stack network (LAN, WLAN), thousands of hosts, including mobile phones, may generate a significant amount of trafic by attempting to contact a DHCP server. If the servers and relays are configured in IPv6-only, the dual-stack or IPv4-only clients will broadcast DHCPDISCOVER messages endlessly, creating a DDOS-like attack on the network. This scenario has also been briefly described for DHCPv6 in [RFC7083]. Although DHCP mandates a exponential backoff, it is limited to 64 seconds, which may still generate significant traffic (see section 4.1 of [RFC2131]). Various operating systems also implement the backoff algorithms in different ways, or not at all, with different limit values. Some test results for a few popular operating systems are available in appendix.
A new mechanism is needed to indicate the absence of IPv4 connectivity. Considering the end goal is turn off all IPv4 connectivity, the chosen mechanism should be transported over IPv6. Therefore, this document introduce a new DHCPv6 [RFC3315] option and a new Router Advertisement (RA) [RFC4861] option for the purpose of explicitly indicating to the host that IPv4 connectivity is unavailable.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The following terms are also used in this document:
When a DHCPv4 server or relay is present but intentionally does not react to DHCPDISCOVERs, the aggregated traffic generated by a large number of dual-stack hosts can represent a significant bandwidth load. This scenario is encountered with an ISP serving multiple types of subscribers where some a provisioned for IP4 service and others are not. It might not be feasible for operational reasons to block the useless requests before they reach the DHCPv4 servers, for example if the DHCPv4 servers themselves are the only ones with the knowledge of which nodes should or should not get an IPv4 address.
In addition to the useless load on the DHCPv4 servers, the above scenario could also consume a significant amount of bandwidth, especially if the aggregated traffic from many clients goes through a low-bandwidth link or through a wireless link.
A dual-stack node that does not get a DHCPv4 response will usually continue retransmitting forever. Therefore, only providing IPv6 on a link will cause the node to needlessly wake up periodically and transmit a few packets. For example, the popular DHCPv4 client implementation by ISC wakes up every 5 minutes by default and tries to contact a DHCPv4 server for 60 seconds. With this configuration, a node will not be able to sleep 20% of the time.
In many cases, IPv4-only applications such as Skype use an autoconfigured IPv4 Link-Local Addresses (LLA) to send IPv4 packets on the LAN. In an IPv6-only environment, this behavior may waste a significant amount of bandwidth.
This document describes a new DHCPv6 option to turn off IPv4. An equivalent option could conceivably be created for DHCPv4. The pros and cons are discussed below. Arguments with a + sign argue for a DHCPv4 option, arguments with a - sign argue against.
The authors conclude that a DHCPv6 option is clearly necessary, whereas the need for a DHCPv4 option is not as obvious. More feedback on this topic would be appreciated.
Both DHCPv6 and RA-based solutions are presented in this draft. It is expected that the working group will decide whether both solutions, only one, or none are desirable.
The No-IPv4 DHCPv6 option is used to signal the unavailability of IPv4 connectivity.
The format of the DHCPv6 No-IPv4 option is:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_NO_IPV4 | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | v4-level | +-+-+-+-+-+-+-+-+ option-code OPTION_NO_IPV4 (TBD). option-len 1. v4-level Level of IPv4 functionality.
The DHCPv6 client MUST place the OPTION_NO_IPV4 option code in the Option Request Option ([RFC3315] section 22.7). Servers MAY include the option in responses (if they have been so configured). Servers MAY also place the OPTION_NO_IPV4 option code in an Option Request Option contained in a Reconfigure message.
The format of the RA No-IPv4 option is:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | v4-level | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Length 1. v4-level Level of IPv4 functionality. Reserved These fields are unused. They MUST be initialized to zero by the sender and MUST be ignored by the receiver.
The option applies to the link on which it is received. It is used to indicate to the client that it should disable some or all of its IPv4 functionality. What should be disabled depends on the value of v4-level.
v4-level can take the following values:
A dual-stack home gateway is set up with a single WAN uplink and is configured to use DHCPv4 and DHCPv6 to automatically obtain IPv4 and IPv6 connectivity. On the LAN side, it has one link with multiple hosts.
When it boots, the router assigns 192.168.1.1/24 to its LAN interfaces and starts a DHCPv4 server listening on it. It hands out addresses 191.168.1.100-199 to clients. It also starts an IPv6 Router Advertisement daemon as well as a stateless DHCPv6 server, also listening on the LAN interfaces.
On the WAN side, it starts two provisioning procedures in parallel: one for IPv4 and one for IPv6.
At this point, the ISP does not know if the router supports IPv6-only operation. Therefore, by default, the ISP responds to DHCPv4 requests as usual.
As part of the IPv6 provisioning procedure, the router sends a DHCPv6 request containing OPTION_NO_IPV4 in an Option Request Option. The ISP's DHCPv6 server's reply includes the No-IPv4 option with value 3. When this procedure finishes, the ISP has determined that this customer will run in IPv6-only mode and starts dropping all IPv4 packets at the first hop. If an IPv4 address was assigned, it is reclaimed, and possibly reassigned to another subscriber.
The home router aborts the IPv4 provisioning procedure (if it is still running) and deactivates all IPv4 functionality. It shuts down its DHCPv4 server. It also configures its own stateless DHCPv6 server to send the No-IPv4 option to clients that request it. (JFT: What happens if the timer below is not implemented and IPv4 completes before IPv6? Maybe we could recommend to run IPv6 provisioning first when OPTION_NO_IPV4 is supported.)
As an optimization, the router could delay setting up IPv4 by a few seconds (10 seconds seems reasonable). If the IPv6 procedure completes with the No-IPv4 option during that time, IPv4 will never have been set up and the router will operate in pure IPv6-only mode from the start.
One security concern is that an attacker could use the No-IPv4 option to deny IPv4 access to a victim. However, unprotected vanilla DHCP can already be exploited to cause such a denial of service ([RFC2131] section 7).
TO BE COMPLETED
IANA is requested to assign value TBD with description OPTION_NO_IPV4 in the "DHCP Option Codes" table which is part of the dhcpv6-parameters registry.
IANA is requested to assign value TBD with description "No-IPv4 Option" in the IPv6 Neighbor Discovery Option Formats table which is part of the icmpv6-parameters registry.
Thanks in particular to Marc Blanchet who was the driving force behind this work.
Rajiv Asati contributed section Section 3.4.
[RFC1918] | Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G. and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, February 1996. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC3315] | Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. |
[RFC3927] | Cheshire, S., Aboba, B. and E. Guttman, "Dynamic Configuration of IPv4 Link-Local Addresses", RFC 3927, May 2005. |
[RFC4861] | Narten, T., Nordmark, E., Simpson, W. and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. |
[RFC2131] | Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. |
[RFC6555] | Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with Dual-Stack Hosts", RFC 6555, April 2012. |
[RFC7083] | Droms, R., "Modification to Default Values of SOL_MAX_RT and INF_MAX_RT", RFC 7083, November 2013. |
In RFC3315 [RFC3315, DHCPv6], SOL_MAX_RT is defined in DHCPv6 to prevent the frequently requesting of clients, which reduces the aggregated traffic. But in RFC2131 [RFC2131, DHCPv4], there are not corresponding IPv4 definitions or options for client's behavior if the server does not respond for the Discover messages.
In fact, most of the terminals creat backoff algorithms to help them retransmit DHCPDISCOVER message in different frequency according to their state machine. The same point of almost all the verious Operating Systems is that they could not stop DHCPDISCOVER requests to the server. And that will cause DDoS-Like attack to the server and bandwidth consumption in the link.
We test some of the most popular terminals' OS in WLAN, the results are illuminated as below.
-------------------------------------------------------------------- DHCP Discovery Packages Time Table -------------------------------------------------------------------- | Windows7 |Windows XP | IOS_5.0.1 |Android_2.3.7|Symbian_S60 No|Time | Time | Time | Time |Time | Time |Time | Time |Time| Time | |offset| |offset| |offset| |offset | |offset --|-----|------|------|------|-----|------|-----|-------|----|------ 1 |0 | |0 | |0.1 | |7.8 | |0 | 2 |3.9 |3.9 |0.1 | 0.1 |1.4 | 1.3 |10.3 | 2.5 |2 | 2 3 |13.3 |9.4 |4.1 | 4 |3.8 | 2.4 |17.9 | 7.6 |6 | 4 4 |30.5 |17.2 |12.1 | 8 |7.9 | 4.1 |33.9 | 16 |8 | 2 5 |62.8 |32.3 |29.1 | 17 |16.3 | 8.4 |36.5 | 2.6 |12 | 4 6 |65.9 |3.1 |64.9 | 35.8 |24.9 | 8.6 | reconnect |14 | 2 7 |74.9 |9 |68.9 | 4 |33.4 | 8.5 |56.6 | 20.1 |18 | 4 8 |92.1 |17.2 |77.9 | 9 |42.2 | 8.8 |60.2 | 3.6 |20 | 2 9 |395.2|303.1 |93.9 | 16 |50.8 | 8.6 |68.4 | 8.2 |24 | 4 10|399.1|3.9 |433.9 | 340 |59.1 | 8.3 |84.8 | 16.4 |26 | 2 11|407.1|8 |438.9 | 5 |127.3| 68.2|86.7 | 1.9 |30.1| 4.1 12|423.4|16.3 |447.9 | 9 |128.9| 1.6 | reconnect |32.1| 2 13|455.4|32 |464.9 | 17 |131.1| 2.2 |106.7| 20 |36.1| 4 14|460.4|5 |794.9 | 330 |135.1| 4 |111.4| 4.7 |38.1| 2 15|467.4|7 |799.9 | 5 |143.4| 8.3 |120.6| 9.2 |42.1| 4 16|483.4|16 |808.9 | 9 |151.7| 8.3 |134.9| 14.3 |44.1| 2 17|842.9|359.5 |824.9 | 16 |160.4| 8.7 |136.8| 1.9 |48.2| 4.1 18|846.9|4 |1141.9| 317 |168.8| 8.4 | reconnect |50.2| 2 --------------------------------------------------------------------
Figure:Terminals DHCPDISCOVER requests when Server's DHCPv4 module is down
In this figure:
For Windows7, it seems to initiate 8 times DHCPDISCOVER requests in about 300s interval.
For WindowsXP, firstly it launches 9 times DHCPDISCOVER messages, but after that it cannot get any response from the server, then it initiates 5 times requests in one cycle in around 330s intervals, and never stop.
For IOS5.0.1, it seems like WindowsXP. There are 10 times attempts in one cycle, and the interval is about 68s.
Symbian_S60 uses the simplest backoff method, it launches DISCOVER in every 2 or 4 seconds.
Android2.3.7 is the only Operating System which can stop DISCOVER request by disconnect its wireless connection. It reboot wireless and dhcp connection every 20 seconds.