Internet DRAFT - draft-hiromi-sunset4-termination-ipv4
draft-hiromi-sunset4-termination-ipv4
INTERNET-DRAFT R.Hiromi
Intended Status: Informational Intec,Inc.
Expires: September 12, 2013 Hazeyama
NAIST
A.Onoe
Sony Corporation
O.Nakamura
Keio University
March 11, 2013
A workaround for termination of IPv4 network services
draft-hiromi-sunset4-termination-ipv4-01
Abstract
After sun-setting of IPv4, many devices will be connected to IPv6
single stack network. In this document we describe a workaround for
IPv6 enabled network configuration. At this moment, the condition of
IPv6 adoption on the consumer devices such as PC, tablet, mobile
terminal and entertainment device are various. For example, some
devices are fully support IPv6 client but some are not. It is very
hard to provide IPv6 network service with these various conditioned
devices. To solve this problem, we tried to verify some
configurations to connect these devices into IPv6 enabled consumer
network for termination of IPv4 network services.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
<Hiromi, et al.> Expires September 12, 2013 [Page 1]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . 3
1.3 Test Network . . . . . . . . . . . . . . . . . . . . . . . 3
2. Variety of devices . . . . . . . . . . . . . . . . . . . . . . 6
2.1 Device classification . . . . . . . . . . . . . . . . . . . 6
2.2 Observation on devices . . . . . . . . . . . . . . . . . . . 8
3 Workaround . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1 trial and result . . . . . . . . . . . . . . . . . . . . . . 9
3.2 remaining issue . . . . . . . . . . . . . . . . . . . . . . 10
4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5 Security Considerations . . . . . . . . . . . . . . . . . . . . 10
6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 10
7 References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
7.1 Normative References . . . . . . . . . . . . . . . . . . . 11
8 Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 12
<Hiromi, et al.> Expires September 12, 2013 [Page 2]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
1 Introduction
After sun-setting of IPv4, many devices will be connected to IPv6
single stack network. In this document we describe a workaround of
IPv6 enabled network configuration. At this moment, the condition of
IPv6 adoption on the consumer devices such as PC, tablet, smart
phones and entertainment devices are various. For example, some
devices are fully support DHCPv6 client function but some are not.
In IETF, additional function for connecting clients are still
discussed. Implementation of client function will be changing for a
while. It must be very hard to provide IPv6 network service with
these various conditioned devices. To solve this issue, we tried to
verify several configurations to connect these devices into IPv6
enabled consumer network.
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2 Problem Statement
"IPv6 support" on consumer devices are inconsistent in
implementation. Especially some devices are designed with IPv6
limitation if no IPv4 information provided on the device. The IPv6
network services has to absorb these differences in some way.
1.3 Test Network
In this document we call "IPv6-only network" as a user network which
connects IPv6 clients and carries IPv6 packets. We made an IPv6-only
test network with 3 patterns of configurations. The pattern A is the
basic configuration. In the pattern B, DNS64[DNS64]/NAT64[NAT64] is
located in the User router segment and users refer DNS proxy. In the
pattern C, DNS64/NAT64 is located in ISP segment.
We brought above IPv6-only network to seasonal WIDE Camp from 2011 to
2012[I-D.draft-hazeyama-widecamp-ipv6-only-experience-02]. WIDE Camp
was hold 3 times. Through DNS64/NAT64 translation, the clients can
access IPv4 Internet services and with this technique the users can
turn off IPv4 at the edge network. We can observe simply IPv6 client
behavior and solve the specified points.
Here is the basic configuration;
User-Access: WiFi(IEEE802.11a,b,g,n)
ISP(IPv6): DHCP-PD or static setting of prefix
<Hiromi, et al.> Expires September 12, 2013 [Page 3]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
IPv4 Internet: using coexistence mechanism(4rd,464XLAT,SA46T,
DNS64/NAT64) over IPv6, base technology
is DNS64/NAT64
DNS64/NAT64: Map all IPv4 toward IPv4 Internet into IPv6
RA: Enable Other Config flag for DHCP6
DHCP6: Distribute DNS64 server address
DHCP4: No DHCPv4 running
(this is for whom really needs IPv4 connection)
IPv6 Address Configuration:
SLAAC(address prefix, default router), DHCPv6
(DNS server)
Fig.1 Pattern A(Basic Network Topology)
+-------------+
| IPv6 router |
| on ISP |
+-------------+
|
|
+--------------- IPv6 Internet ----------------------+
|
|
+---------+
| User GW |
+---------+
| +--- IPv4 Internet ---+
| | |
+-----+ | +--------+ +-------+ +------+
|DHCP4| | | DHCP6 | | DNS64 | | NAT64|
+-----+ | +--------+ +-------+ +------+
| | | | |
| | | | |
+---------------- /64 prefix segment ---------------------+
|
+--------------+
| user devices |
+--------------+
<Hiromi, et al.> Expires September 12, 2013 [Page 4]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
Fig.2 Pattern B
+-------------+
| IPv6 router |
| on ISP |
+-------------+
|
|
+--------------- IPv6 Internet ----------------------+
|
| +--- IPv4 Internet ---+
+--------------+ | |
| IPv6 router | +-----+ +-----+
| on user side | |DNS64| |NAT64|
+--------------+ +-----+ +-----+
| | | |
| +--- /64 prefix segment ---+
|
+---------+
| User GW |
+---------+
|
|
+-----+ +------------+ | +--------+
|DHCP4| |DNS Proxy | | | DHCP6 |
+-----+ |wt. A filter| | +--------+
| +------------+ | |
| | | |
+---------------- /64 prefix segment ---------------------+
|
+--------------+
| user devices |
+--------------+
<Hiromi, et al.> Expires September 12, 2013 [Page 5]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
Fig.3 Pattern C
+-- IPv4 Internet --+
| |
+-----+ +-----+
|DNS64| |NAT64|
+-----+ +-----+
| |
+--------------- IPv6 Internet ----------------------+
|
+-------------+
| IPv6 router |
| on ISP |
+-------------+
|
|
+--------------- IPv6 Internet ----------------------+
|
|
+---------+
| User GW |
+---------+
|
|
+-----+ +------------+ | +--------+
|DHCP4| |DNS Proxy | | | DHCP6 |
+-----+ |wt. A filter| | +--------+
| +------------+ | |
| | | |
+---------------- /64 prefix segment ---------------------+
|
+--------------+
| user devices |
+--------------+
2. Variety of devices
In this section, we describe what kinds of devices we examined in the
test network.
2.1 Device classification
Over 300 devices were brought into every WIDE Camp. We classified their
Device Type, OS, OS version. We determined deference of DHCP6 client
behavior and possible precondition per OS. Table 1 and 2 shows the
result of them. Popular OS on PC was both Windows and MacOS X series.
Various versions were observed. Popular OS on Mobile Phone was both
<Hiromi, et al.> Expires September 12, 2013 [Page 6]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
Android and iOS. Feature phone were also popular but there were no WiFi
function on such feature phone so that they were out of our target. In
Table 1, we listed up auto-address configuration function on each OS.
The last column means the SLAAC/DHCP6 failed if they got IPv4 local
address. In Table 2, we picked up the OS which does not have IPv6
friendly User Interface and could not input IPv6 address manually with
the UI.
Table 1. Result of the client behavior per OS
+---------+----------+----------+----------+----------+
|OS |Version |RA |DHCPv6 |169.254/16|
+---------+----------+----------+----------+----------+
|Windows |XP |o |x | |
| |Vista |o |o | |
| |7 |o |o | |
| |8 |o |o | |
+---------+----------+----------+----------+----------+
|MacOS X |10.6 |o |x | |
| |10.7 |o |o | |
| |10.8 |o |o | |
+---------+----------+----------+----------+----------+
|Android |1.6 |x |x | |
| |2.3.4 |o |x |x |
| |2.3.5 |o |x |x |
| |2.3.6 |o |x |x |
| |4.0.3 |o |x |x |
| |4.0.4 |o |x |x |
| |4.1 |o |x |x |
+---------+----------+----------+----------+----------+
|iOS |4.3.2 JB |o |x |x |
| |5 |o |x |x |
+---------+----------+----------+----------+----------+
|iPad iOS |5 |o |o | |
| |6 |o |o | |
+---------+----------+----------+----------+----------+
|kindle |3.1 |x |x | |
+---------+----------+----------+----------+----------+
|NetBSD |5.1 |o |x | |
| |6.99.4 |o |x | |
+---------+----------+----------+----------+----------+
|Ubuntsu |12.0.4 |o |o | |
+---------+----------+----------+----------+----------+
<Hiromi, et al.> Expires September 12, 2013 [Page 7]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
Table 2. List of OS without IPv6 support on User Interface
+----------+-----------+--------------+--------------+
|OS |Version |display |configuration |
+----------+-----------+--------------+--------------+
|Android |2.3.4 |x |x |
| |2.3.6 |x |x |
+----------+-----------+--------------+--------------+
|iOS |5 |x |x |
+----------+-----------+--------------+--------------+
|iPad iOS |5 |x |x |
+----------+-----------+--------------+--------------+
2.2 Observation on devices
We observed 5 problematic behaviors.
(a). failed to set name server(v6) information(WinXP, MacOS SL,
Android)
(b). failed to input name server(v6) by manual configuration(Android)
(c). failed to resolve resource record under (a) or (c)
condition(WinXP, MacOS SL, Android)
(d). "network setting" won't be completed before getting set of IPv4
information(DNS,router,IPv4 Address)(iOS5,Android)
(e). waiting for IPv4 connection timeout(MacOS)
The causes of problems on consumer devices are sorted by 3 types.
First one is IPv6 implementation issue, which we listed on Table 1.
The other issue is User Interface issue, which we listed on Table 2.
The last one is coming from other layer's function, typical issue is a
WiFi controller which provided by vendor(Lenovo Access Connections) and
turn off IPv4 with the controller setting then the client was able to
connect to IPv6-only network.
<Hiromi, et al.> Expires September 12, 2013 [Page 8]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
3 Workaround
In this document, we focused on the problem which occurred by IPv6
implementation on the clients.
How do we solve the problematic behavior? It might be a distant idea
that waiting for all devices fully support IPv6. We considered to put
additional configuration parameters to comply with improvements.
3.1 trial and result
To solve (a)to(e) in Section 2.2, we reconsidered network setting and
putting into testbed network step by step.
(1) DNS64/NAT64 Map all IPv4 on Internet into IPv6
(2) DHCPv6 for DNS(IPv6) configuration
(3) DHCPv4 for IPv4 private address configuration
(4) DHCPv4 for DNS(IPv4) and Default Router
(actual packet transfer is prohibited on this router)
(5) DNS(IPv4) is located local segment
(6) DNS(IPv4, IPv6) set 'A' filter
(7) DNS(IPv4, IPv6) always returns 'NODATA' with 'A' query
(Over both IPv4 and IPv6 transport)
(8) AAAA queries forward to DNS64 server
Experiment #1:
With "IPv4 private address assignment via DHCP4 without Default
Router nor DNS", no issues were solved.
- Timeout problem exist on MacOSX.
- iOS applications are sometimes working,but periodically fails due
to retrying Wi-Fi connection.
Experiment #2:
Put BIND9 forwarder on-link and configure DHCP4/6 to use this DNS.
Configure BIND9 forwarder with: deny-answer-addresses { 0.0.0.0/0; };
Which direct no IPv4 address answer should be trusted. It returns
SERVFAIL to resolver.
- Android is now working: Browser, Twitter, Facebook are OK.
- iOS is working: but periodically fails due to retrying.
- MacOS is working: but still encountered fallback timeout.
- Windows is NOT WORKING: all DNS queries failed due to SERVFAIL.
Experiment #3:
Hack AAAA filtering code on BIND9 to filter 'A' instead of 'AAAA'
both on IPv4/IPv6 transport. Put BIND9 above to local link, which is
configured to forward all queries to DNS64. Configure DHCP4/DHCP6 to
use the DNS proxy.
- Windows, MacOS X, iOS, Android is now working.
<Hiromi, et al.> Expires September 12, 2013 [Page 9]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
- Some of applications still failed on IPv6 only, but many are OK:
IE/Safari/Chrome/Firefox, Twitter, Facebook, Instagram, APNS, ...
After bringing all new additional network configuration, most of all
clients were able to connect IPv6-only network with zero-
configuration on the client side.
This is the technique for IPv6-only network but also can be useful
for terminating IPv4 network environment at the user network.
3.2 remaining issue
"Waiting for IPv4 connection timeout on MacOS" is still issued. A
possible reason for this connection failure during 1-2 minutes after
WiFi connection established is timing of sending RS(Router
Solicitation). RS is sent from kernel before Wi-Fi link is
established. No IPv6 address is obtained until periodical RA(Router
Advertisement) is received.
Workaround for this is considered as follows but we were not unable
to examine it on the camp at this time.
- shorten RA interval to 5-10 seconds (though it disturb Wi-Fi...)
- Detect association through AP log and kick RS or RA.
4 Conclusion
We determined several network configurations with variety of devices.
For IPv4 sun-setting, the network should have these capabilities
described below.
- Core Network has to connect IPv4 Internet
- Core Network has to have IPv4 and IPv6 coexistence technology
- devices can be connected IPv6 only segment
- IPv4 address assigning protocol should be enabled for IPv6
address settings
- "A filter" on DNS server is effective for terminating IPv4
connection trial
5 Security Considerations
Possible security threats are same as what pointed out in original
protocols and technologies.
6 IANA Considerations
This document has no IANA implications.
<Hiromi, et al.> Expires September 12, 2013 [Page 10]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
7 References
7.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[NAT64] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
[DNS64] Bagnulo, M., Sullivan, A., Matthews, P., and I. van
Beijnum, "DNS64: DNS Extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers", RFC 6147,
April 2011.
[I-D.draft-hazeyama-widecamp-ipv6-only-experience-02]H. Hazeyama, R.
Hiromi, T. Ishihara and O. Nakamura, "Experiences from
IPv6-Only Networks with Transition Technologies in the
WIDE Camp Autumn 2012", draft-hazeyama-widecamp-ipv6-only-
experience-02, October 2012.
<Hiromi, et al.> Expires September 12, 2013 [Page 11]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
8 Acknowledgement
Here, we thank to all the participants of WIDE camp(s) on the
experiments. We also say thank you to whom serving implementations
and services in the Matsuhiro Royal Hotel.
Y. Ueno of Keio Univ. for IPv6 L2TP implementation
NTT EAST and IIJ for the commercial IPv6 service
R. Nakamura of Univ. of Tokyo, Y. Ueno of Keio Univ. and R. Shouhara
of Univ. of Tokyo for helping us on the base settings of the IPv6
only experiments and merging into the camp-net.
T. Jimei of Internet Systems Consortium for his quick hack on A
filter of Bind 9.
T. Ishihara of Univ. of Tokyo for his DNS operating advisory
Y. Atarashi of Alaxala Networks and R. Atarashi of IIJ Innovation
Institute for designing the items of face to face interview and
analyzing user survey data.
Authors' Addresses
R.Hiromi
INTEC Inc.
1-3-3, Shinsuna,
Koto-ku,
Tokyo, Japan
EMail: hiromi@inetcore.com
Hiroaki Hazeyama
NAIST
Takayama 8916-5
Nara, Japan
Phone: +81 743 72 5216
Email: hiroa-ha@is.naist.jp
Atsushi Onoe
SONY Corporation
EMail: onoe@wide.ad.jp
Osamu Nakamura
WIDE Project
5322 Endo
Kanagawa, Japan
Email: osamu@wide.ad.jp
<Hiromi, et al.> Expires September 12, 2013 [Page 12]
INTERNET DRAFT<A workaround for termination of IPv4 ne March 11, 2013
<Hiromi, et al.> Expires September 12, 2013 [Page 13]