IPv6 Router Advertisement IPv6-Only Flag
draft-hinden-ipv4flag-04

Network Working Group                                          R. Hinden
Internet-Draft                                      Check Point Software
Updates: 5175 (if approved)                                 B. Carpenter
Intended status: Standards Track                       Univ. of Auckland
Expires: May 21, 2018                                  November 17, 2017


            IPv6 Router Advertisement IPv4 Availability Flag
                        draft-hinden-ipv4flag-00

Abstract

   This document specifies a Router Advertisement Flag to indicate that
   there is no IPv4 service on the advertising router.  This document
   updates RFC5175.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 21, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Hinden & Carpenter        Expires May 21, 2018                  [Page 1]


Internet-Draft          RA IPv4 Availability Flag          November 2017


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  IPv4 Availability Flag  . . . . . . . . . . . . . . . . . . .   2
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   5.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   4
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   4

1.  Introduction

   This document specifies a Router Advertisement Flag to indicate that
   there is no IPv4 service on the advertising router.

   Hosts that support IPv4 and IPv6, usually called dual stack hosts,
   need to work on IPv6 only networks.  That is, a link where there are
   no IPv4 routers and/or IPv4 services.  Monitoring of IPv6-only
   networks, for example at the IETF 100 meeting in Singapore, shows
   that current dual stack hosts will create local auto-configured IPv4
   addresses and attempt to reach IPv4 services.  A mechanism is needed
   to inform hosts that there is no IPv4 support and that they should
   turn off IPv4.

   Because there is no IPv4 support on these links, the only way to
   notify the dual stack hosts on the link is to use an IPv6 mechanism.
   An active notification will be much more robust than attempting to
   deduce this state by the lack of IPv4 responses or traffic.

   IPv4-only hosts, and dual-stack hosts that do not recognize the new
   flag, will continue to attempt IPv4 operations, in particular IPv4
   discovery protocols typically sent as link-layer broadcasts.  This
   legacy traffic cannot be prevented by any IPv6 mechanism.  The value
   of the new flag is limited to dual-stack hosts that recognize it.

   This document specifies an new flag for IPv6 Neighbor Discovery
   [RFC4861] Router Advertisement Flag [RFC5175].  It updates [RFC5175].

2.  IPv4 Availability Flag

   RFC5175 currently defines the flags in the NDP Router Advertisement
   message.  This currently contains the following one-bit flags defined
   in published RFCs:






Hinden & Carpenter        Expires May 21, 2018                  [Page 2]


Internet-Draft          RA IPv4 Availability Flag          November 2017


       0 1 2 3 4 5 6 7
      +-+-+-+-+-+-+-+-+
      |M|O|H|Prf|P|R|R|
      +-+-+-+-+-+-+-+-+



      M    Managed Address Configuration Flag [RFC4861]
      O    Other Configuration Flag [RFC4861]
      H    Mobile IPv6 Home Agent Flag [RFC3775]
      Prf  Router Selection Preferences [RFC4191]
      P    Neighbor Discovery Proxy Flag [RFC4389]
      R    Reserved

   This document defines bit 6 to be the IPv4 Available Flag:



      4    IPv4 Available Flag [RFC4861]

   This flag has two values.  These are:



      0    IPv4 is Available on this Router
      1    IPv4 is Not Available on this Router

   RFC 5175 requires that unused flag bits be set to zero.  Therefore, a
   router that does not support the new flag will not appear to assert
   that IPv4 is unsupported.

   If there are multiple IPv6 routers on a network, they might send
   different values of the flag.  A host that receives only RAs with the
   flag set to 1 should not attempt IPv4 operations, unless it
   subsequently receives at least one RA with the flag set to zero.

3.  IANA Considerations

   IANA is requested to assign the new Router Advertisement flag defined
   in Section 2 of this document.  Bit 6 is the next available bit in
   this registry, IANA is requested to use this bit unless there is a
   reason not to use this bit.

   IANA should also register this new flag bit in IANA IPv6 ND Router
   Advertisement flags Registry [IANA-RF].






Hinden & Carpenter        Expires May 21, 2018                  [Page 3]


Internet-Draft          RA IPv4 Availability Flag          November 2017


4.  Security Considerations

   This document shares the security issues with other parts of IPv6
   Neighbor Discovery.  General techniques to protect Router
   Advertisement traffic such as Router Guard [RFC6105] are useful in
   protecting these vulnerabilities.

   A bad actor could use this mechanism to attempt turn off IPv4 service
   on a network that is using IPv4.  In that case, as long as there are
   routers sending Router Advertisements with this Flag set to 0, this
   would override this attack given the mechanism in Section 2.
   Specifically a host would only turn off IPv4 service if it wasn't
   hearing any Router Advertisement with the Flag set to 0.

5.  Acknowledgments

   [Your name here]

6.  References

6.1.  Normative References

   [IANA-RF]  "IPv6 ND Router Advertisement flags",
              <https://www.iana.org/assignments/icmpv6-parameters/
              icmpv6-parameters.xhtml#icmpv6-parameters-11>.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              DOI 10.17487/RFC4861, September 2007, <https://www.rfc-
              editor.org/info/rfc4861>.

   [RFC5175]  Haberman, B., Ed. and R. Hinden, "IPv6 Router
              Advertisement Flags Option", RFC 5175, DOI 10.17487/
              RFC5175, March 2008, <https://www.rfc-editor.org/info/
              rfc5175>.

6.2.  Informative References

   [RFC6105]  Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J.
              Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105, DOI
              10.17487/RFC6105, February 2011, <https://www.rfc-
              editor.org/info/rfc6105>.

Authors' Addresses







Hinden & Carpenter        Expires May 21, 2018                  [Page 4]


Internet-Draft          RA IPv4 Availability Flag          November 2017


   Robert M. Hinden
   Check Point Software
   959 Skyway Road
   San Carlos, CA  94070
   USA

   Email: bob.hinden@gmail.com


   Brian Carpenter
   Department of Computer Science
   University of Auckland
   PB 92019
   Auckland  1142
   New Zealand

   Email: brian.e.carpenter@gmail.com


































Hinden & Carpenter        Expires May 21, 2018                  [Page 5]