[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)

To: Christian Huitema <huitema@windows.microsoft.com>, Brian Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
From: Rémi Després <remi.despres@free.fr>
Date: Tue, 29 Jan 2008 10:02:44 +0100
Cc: v6ops <v6ops@ops.ietf.org>
In-reply-to: <AFE0AC8DCDE68842B94E8EC69D5F21D639F1F14CB1@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>
References: <1960684A-584F-4754-A122-0940BC61DDC0@dragondata.com> <67099930801231003l648d3200k7c86be48d35b21ef@mail.gmail.com> <479CD34E.7010403@free.fr> <A3B8A0B7-7E54-4A88-8C07-29DD2CBE727E@dragondata.com> <479CF498.4090702@gmail.com> <479D9E65.5090808@free.fr> <87ir1ee03n.fsf@mid.deneb.enyo.de> <479DABCB.7030705@free.fr> <5F00FC98-D878-4305-838C-3D9A8B5D7E5A@muada.com> <479DDD8C.3010707@spaghetti.zurich.ibm.com> <479DF86F.9060904@free.fr> <832C204A-0CBA-4147-ADFF-40E4AB6070AA@dragondata.com> <AFE0AC8DCDE68842B94E8EC69D5F21D639F1F14CB1@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Christian Huitema wrote :

What about KISS? The current specification of ::FFFF:0:0/96 is
essentially that of a "magic value".

In a different view, which IMHO is right, what RFC 2535 says makessense, is indeed simple, and is not magic.

<<<
   The API also provides a different type of compatibility: the ability
   for IPv6 applications to interoperate with IPv4 applications.  This
   feature uses the IPv4-mapped IPv6 address format defined in the IPv6
   addressing architecture specification [2].  This address format
   allows the IPv4 address of an IPv4 node to be represented as an IPv6
   address.  The IPv4 address is encoded into the low-order 32 bits of
   the IPv6 address, and the high-order 96 bits hold the fixed prefix
   0:0:0:0:0:FFFF.  IPv4- mapped addresses are written as follows:

      ::FFFF:<IPv4-address>

   These addresses can be generated automatically by the
   getipnodebyname() function when the specified host has only IPv4
   addresses (as described in Section 6.1).

   Applications may use PF_INET6 sockets to open TCP connections to IPv4
   nodes, or send UDP packets to IPv4 nodes, by simply encoding the
   destination's IPv4 address as an IPv4-mapped IPv6 address, and
   passing that address, within a sockaddr_in6 structure, in the
   connect() or sendto() call.  When applications use PF_INET6 sockets
   to accept TCP connections from IPv4 nodes, or receive UDP packets
   from IPv4 nodes, the system returns the peer's address to the
   application in the accept(), recvfrom(), or getpeername() call using
   a sockaddr_in6 structure encoded this way.>>>

Since applications *MAY* use PF_INET6 to send packets to IPv4 nodes(IPv4 meaning here "IPv4-only"), dual stacks *SHOULD* better send thesepackets in IPv4 when IPv4 link interfaces are available: if sent inIPv6, they are likely to find no paths to their destinations; in IPv4they would normally reach their destinations.

According to some, whenever that magic value is encountered,
something extraordinary shall happen, such  > as switching to a different network level protocol. This is a recipe
for trouble, because it breaks the "keep it simple" rule.

In the different view, letting applications to have only one socketinterface is *simpler* than obliging them to know whether the IP layerworks in IPv4 or IPv6.

What we have for every other address prefix is simple. V6 packets are
sent using V6, and the outgoing interfaces are chosen according to V6
routing rules. In a host, the header of incoming V6 packet is
checked, and unicast packets are rejected if the particular
destination address is not recognized as a valid address for the
receiving interface. In a router, packets are routed according to
routing tables, and if no route is configured packets are dropped.
Some routers may also perform ingress filtering. Anything more
complex than is guaranteed to cause problems.

In my understanding all of this is right.
It would need however to be completed by something about v4-v6 coexistence.
What about something like: <<<

Packets the source or destination of which is IPv4 only must be: (1) inIPv4 on links that are IPv4-only or IPv4 and IPv6; (2) in IPv6 onIPv6-only links, with IPv4 addresses in mapped format.>>>

Note that, to route IPv6 packets the destination of which is mappedIPv4, the 0::/64 routing prefix should not be artificially considered asinvalid by routers.

The typical case where this is useful is within multi-subnet sites wherethere are IPv6 only hosts, and where access to the IPv4 Internet is viaCPEs that support NATv6-v4. >>>

I think that Itojun was right, and we should simply deprecate the
::FFFF:0:0/96 prefix.

Have you a reference where he suggests to go that far?

In Itojun's document I know,
http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-00,

the proposal, in 2003, was to avoid mapped addressses "on the wire"(notat socket interfaces).As far as I know, this document became obsolete without Itojun himselfinsisting on the subject.

While it identifies some threats in some configurations, it doesn'tconflict, in my undersatnding, with mapped addresses on the wire in someother useful ones.One of these other configurations happens to be very pertinent (and IMHOcompletely Kiss :-) ) for IPv6-only client hosts to be able to reachIPv4-only servers.



Rémi

Follow-Ups:
- Re: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
  - From: Christian Huitema <huitema@windows.microsoft.com>

References:
- 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: Kevin Day <toasty@dragondata.com>
- Re: 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: "Erik Kline" <ekline@ekline.com>
- Re: 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: Kevin Day <toasty@dragondata.com>
- Re: 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: Rémi Després <remi.despres@free.fr>
- Re: 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: Rémi Després <remi.despres@free.fr>
- Re: 6to4 using ::FFFF:0000:0000/96 (mail.comcast.net AAAA record weirdness)
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
  - From: Jeroen Massar <jeroen@unfix.org>
- Re: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
  - From: Rémi Després <remi.despres@free.fr>
- Re: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
  - From: Kevin Day <toasty@dragondata.com>
- RE: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
  - From: Christian Huitema <huitema@windows.microsoft.com>

Prev by Date: Re: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
Next by Date: RE: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
Previous by thread: RE: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
Next by thread: RE: One socket per AF (Was: 6to4 using ::FFFF:0000:0000/96...)
Index(es):
- Date
- Thread