[ipv6hackers] Happy eyeballs standards (was Re: Windows 7/2008 R2 Improved Resilliency to IPv6 Floods)
ayourtch at gmail.com
Thu Apr 18 23:16:39 CEST 2013
On Wed, Apr 17, 2013 at 5:15 PM, Karl Auer <kauer at biplane.com.au> wrote:
> On Wed, 2013-04-17 at 16:12 -0700, Andrew Yourtchenko wrote:
> > re. "sample code for happy eyeballs"
> > [...]
> > I decided against it - way too cludgy.
> > One thought I had which might make this a bit tractable is to suggest a
> > model that would separate the DNS lookup/connection establishment into a
> > separate process, and use some more or less portable mechanism  to
> > the file descriptors around..
> Can I suggest going further towards abstraction? Develop a mechanism
> that splits policy from implementation, and allow the policy to be
> passed into the connection establishment. Policy would include things
> - allow IPv6
> - allow IPv4
> - prefer IPv6 over IPv4 (yes, no, don't care)
> - how many simultaneous attempts to make
> - how long to wait
> - how many retries
> - etc
> By having separate policies, applications can set up their own, allow
> the user to configure custom policies and so on. With careful design,
I'd argue that the users (and application programmers) should at max have
one switch to toggle: "This connection is part of an interactive response
loop, complete it as soon as feasible".
The "as soon feasible" part is indeed something that could be pre-defined
in the way you describe. So as a result there would be two policies -
"bulk" and "express".
> you could have policies that are deterministic, others that are not and
> so forth. For example, in a support situation the user could simply
> switch to a single-protocol policy, even a single-address policy, and
> try again.
> > But I am very much divided from the security PoV - this delegates all the
> > connection authority to a separate process
> Having a policy step puts control of that connection process into the
> user's hands. The default should be extremely conservative.
The user should not have the control over the connection. Most of them do
not know what the connection is. The network administrator (or, the ISP),
to some extent, should.
> > What do the folks think - would such a project be useful ?
> I think an expressive, effective, extensible policy system would be very
> helpful on its own.
> Regards, K.
> Karl Auer (kauer at biplane.com.au)
> GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
> Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
More information about the Ipv6hackers