[ipv6hackers] Happy eyeballs standards (was Re: Windows 7/2008 R2 Improved Resilliency to IPv6 Floods)

Andrew Yourtchenko ayourtch at gmail.com
Thu Apr 18 23:16:39 CEST 2013 

On Wed, Apr 17, 2013 at 5:15 PM, Karl Auer <kauer at biplane.com.au> wrote:

> On Wed, 2013-04-17 at 16:12 -0700, Andrew Yourtchenko wrote:
> > re. "sample code for happy eyeballs"
> > [...]
> >  I decided against it - way too cludgy.
>
> Good.
>
> > One thought I had which might make this a bit tractable is to suggest a
> > model that would separate the DNS lookup/connection establishment into a
> > separate process, and use some more or less portable mechanism [1] to
> pass
> > the file descriptors around..
>
> Can I suggest going further towards abstraction? Develop a mechanism
> that splits policy from implementation, and allow the policy to be
> passed into the connection establishment. Policy would include things
> like:
>
>  - allow IPv6
>  - allow IPv4
>  - prefer IPv6 over IPv4  (yes, no, don't care)
>  - how many simultaneous attempts to make
>  - how long to wait
>  - how many retries
>  - etc
>
> By having separate policies, applications can set up their own, allow
> the user to configure custom policies and so on. With careful design,




I'd argue that the users (and application programmers) should at max have
one switch to toggle: "This connection is part of an interactive response
loop, complete it as soon as feasible".

The "as soon feasible" part is indeed something that could be pre-defined
in the way you describe.  So as a result there would be two policies -
"bulk" and "express".


> you could have policies that are deterministic, others that are not and
> so forth. For example, in a support situation the user could simply
> switch to a single-protocol policy, even a single-address policy, and
> try again.
>
> > But I am very much divided from the security PoV - this delegates all the
> > connection authority to a separate process
>
> Having a policy step puts control of that connection process into the
> user's hands. The default should be extremely conservative.
>
>
The user should not have the control over the connection. Most of them do
not know what the connection is. The network administrator (or, the ISP),
to some extent, should.


> > What do the folks think - would such a project be useful ?
>
> I think an expressive, effective, extensible policy system would be very
> helpful on its own.
>

Thanks!

--a


>
> Regards, K.
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
>
> GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
> Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>

More information about the Ipv6hackers mailing list