draft-ietf-v6ops-happy-eyeballs-03.txt   draft-ietf-v6ops-happy-eyeballs-04.txt 
v6ops D. Wing v6ops D. Wing
Internet-Draft A. Yourtchenko Internet-Draft A. Yourtchenko
Intended status: Standards Track Cisco Intended status: Standards Track Cisco
Expires: January 9, 2012 July 8, 2011 Expires: March 17, 2012 September 14, 2011
Happy Eyeballs: Success with Dual-Stack Hosts Happy Eyeballs: Success with Dual-Stack Hosts
draft-ietf-v6ops-happy-eyeballs-03 draft-ietf-v6ops-happy-eyeballs-04
Abstract Abstract
When the IPv4 server and path is working but the IPv6 server or IPv6 When the IPv4 server and path is working but the IPv6 server or IPv6
path is down, a dual-stack client application experiences significant path is down, a dual-stack client application experiences significant
connection delay compared to an IPv4-only client. This is connection delay compared to an IPv4-only client. This is
undesirable because it causes the dual-stack client to have a worse undesirable because it causes the dual-stack client to have a worse
user experience. This document specifies requirements for algorithms user experience. This document specifies requirements for algorithms
that reduce this delay, and provides an example algorithm. that reduce this delay, and provides an example algorithm.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2012. This Internet-Draft will expire on March 17, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3
3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
3.1. URIs and hostnames . . . . . . . . . . . . . . . . . . . . 4 3.1. URIs and hostnames . . . . . . . . . . . . . . . . . . . . 4
3.2. IPv6 connectivity . . . . . . . . . . . . . . . . . . . . 4 3.2. IPv6 connectivity . . . . . . . . . . . . . . . . . . . . 4
4. Algorithm Requirements . . . . . . . . . . . . . . . . . . . . 5 4. Algorithm Requirements . . . . . . . . . . . . . . . . . . . . 5
4.1. Adhere to Address Preference Policy . . . . . . . . . . . 6 4.1. Delay IPv4 . . . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Behavior when Preferred Address Family has Failed . . . . 7 4.2. Stateful Behavior when IPv6 Fails . . . . . . . . . . . . 7
4.3. Reset on Network (re-)Initialization . . . . . . . . . . . 7 4.3. Reset on Network (re-)Initialization . . . . . . . . . . . 8
4.4. Abandon Non-Winning Connections . . . . . . . . . . . . . 7 4.4. Abandon Non-Winning Connections . . . . . . . . . . . . . 8
5. Additional Considerations . . . . . . . . . . . . . . . . . . 8 5. Additional Considerations . . . . . . . . . . . . . . . . . . 9
5.1. Additional Network and Host Traffic . . . . . . . . . . . 8 5.1. Additional Network and Host Traffic . . . . . . . . . . . 9
5.2. Determining Address Type . . . . . . . . . . . . . . . . . 8 5.2. Determining Address Type . . . . . . . . . . . . . . . . . 9
5.3. Debugging and Troubleshooting . . . . . . . . . . . . . . 8 5.3. Debugging and Troubleshooting . . . . . . . . . . . . . . 9
5.4. Multiple Interfaces . . . . . . . . . . . . . . . . . . . 9 5.4. Three or More Interfaces . . . . . . . . . . . . . . . . . 9
5.5. Interaction with Same Origin Policy . . . . . . . . . . . 9 5.5. A and AAAA Resource Records . . . . . . . . . . . . . . . 10
5.6. Happy Eyeballs in an Operating System . . . . . . . . . . 9 5.6. A6 Resource Records . . . . . . . . . . . . . . . . . . . 10
6. Example Algorithm . . . . . . . . . . . . . . . . . . . . . . 9 5.7. Connection time out . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5.8. Interaction with Same Origin Policy . . . . . . . . . . . 10
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 5.9. Happy Eyeballs in an Operating System . . . . . . . . . . 11
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 6. Example Algorithm . . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 11 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
10.2. Informational References . . . . . . . . . . . . . . . . . 11 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . . 12 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
A.1. changes from -02 to -03 . . . . . . . . . . . . . . . . . 12 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12
A.2. changes from -01 to -02 . . . . . . . . . . . . . . . . . 12 10.2. Informational References . . . . . . . . . . . . . . . . . 12
A.3. changes from -00 to -01 . . . . . . . . . . . . . . . . . 13 Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 A.1. changes from -03 to -04 . . . . . . . . . . . . . . . . . 14
A.2. changes from -02 to -03 . . . . . . . . . . . . . . . . . 14
A.3. changes from -01 to -02 . . . . . . . . . . . . . . . . . 14
A.4. changes from -00 to -01 . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
In order to use applications over IPv6, it is necessary that users In order to use applications over IPv6, it is necessary that users
enjoy nearly identical performance as compared to IPv4. A enjoy nearly identical performance as compared to IPv4. A
combination of today's applications, IPv6 tunneling, IPv6 service combination of today's applications, IPv6 tunneling, IPv6 service
providers, and some of today's content providers all cause the user providers, and some of today's content providers all cause the user
experience to suffer (Section 3). For IPv6, a content provider may experience to suffer (Section 3). For IPv6, a content provider may
ensure a positive user experience by using a DNS white list of IPv6 ensure a positive user experience by using a DNS white list of IPv6
service providers who peer directly with them (e.g., [whitelist]). service providers who peer directly with them (e.g., [whitelist]).
skipping to change at page 4, line 33 skipping to change at page 4, line 33
3.2. IPv6 connectivity 3.2. IPv6 connectivity
When IPv6 connectivity is impaired, today's IPv6-capable web browsers When IPv6 connectivity is impaired, today's IPv6-capable web browsers
incur many seconds of delay before falling back to IPv4. This harms incur many seconds of delay before falling back to IPv4. This harms
the user's experience with IPv6, which will slow the acceptance of the user's experience with IPv6, which will slow the acceptance of
IPv6, because IPv6 is frequently disabled in its entirety on the end IPv6, because IPv6 is frequently disabled in its entirety on the end
systems to improve the user experience. systems to improve the user experience.
Reasons for such failure include no connection to the IPv6 Internet, Reasons for such failure include no connection to the IPv6 Internet,
broken 6to4 or Teredo tunnels, and broken IPv6 peering. broken 6to4 or Teredo tunnels, and broken IPv6 peering. The
following diagram shows this behavior.
DNS Server Client Server DNS Server Client Server
| | | | | |
1. |<--www.example.com A?-----| | 1. |<--www.example.com A?-----| |
2. |<--www.example.com AAAA?--| | 2. |<--www.example.com AAAA?--| |
3. |---192.0.2.1------------->| | 3. |---192.0.2.1------------->| |
4. |---2001:db8::1----------->| | 4. |---2001:db8::1----------->| |
5. | | | 5. | | |
6. | |--TCP SYN, IPv6--->X | 6. | |--TCP SYN, IPv6--->X |
7. | |--TCP SYN, IPv6--->X | 7. | |--TCP SYN, IPv6--->X |
skipping to change at page 5, line 18 skipping to change at page 5, line 19
succeeds. succeeds.
Delays experienced by users of various browser and operating system Delays experienced by users of various browser and operating system
combinations have been studied [Experiences]. combinations have been studied [Experiences].
4. Algorithm Requirements 4. Algorithm Requirements
A Happy Eyeballs algorithm has two primary goals: A Happy Eyeballs algorithm has two primary goals:
1. Provides fast connection for users, by quickly attempting to 1. Provides fast connection for users, by quickly attempting to
connect using IPv6 and IPv4. connect using IPv6 and (if that connection attempt is not quickly
successful) to connect using IPv4.
2. Avoids thrashing the network, by not always making simultaneous 2. Avoids thrashing the network, by not (always) making simultaneous
IPv6 and IPv4 connection attempts. connection attempts on both IPv6 and IPv4.
The basic idea is depicted in the following diagram: The basic idea is depicted in the following diagram:
DNS Server Client Server DNS Server Client Server
| | | | | |
1. |<--www.example.com A?-----| | 1. |<--www.example.com A?-----| |
2. |<--www.example.com AAAA?--| | 2. |<--www.example.com AAAA?--| |
3. |---192.0.2.1------------->| | 3. |---192.0.2.1------------->| |
4. |---2001:db8::1----------->| | 4. |---2001:db8::1----------->| |
5. | | | 5. | | |
skipping to change at page 6, line 31 skipping to change at page 6, line 33
Figure 3: Happy Eyeballs flow 2, IPv6 working Figure 3: Happy Eyeballs flow 2, IPv6 working
The diagram above shows a case where both IPv6 and IPv4 are working, The diagram above shows a case where both IPv6 and IPv4 are working,
and IPv4 is abandoned (12). and IPv4 is abandoned (12).
Any Happy Eyeballs algorithm will persist in products for as long as Any Happy Eyeballs algorithm will persist in products for as long as
the client host is dual-stacked, which will persist as long as there the client host is dual-stacked, which will persist as long as there
are IPv4-only servers on the Internet -- the so-called "long tail". are IPv4-only servers on the Internet -- the so-called "long tail".
Over time, as most content is available via IPv6, the amount of IPv4 Over time, as most content is available via IPv6, the amount of IPv4
traffic will decrease. This means that the IPv4 infrastructure will, traffic will decrease. This means that the IPv4 infrastructure will,
over time, be sized to accomodate that decreased (and decreasing) over time, be sized to accommodate that decreased (and decreasing)
amount of traffic. It is critical that a Happy Eyeballs algorithm amount of traffic. It is critical that a Happy Eyeballs algorithm
not cause a surge of unnecessary traffic on that IPv4 infrastructure. not cause a surge of unnecessary traffic on that IPv4 infrastructure.
To meet that goal, compliant Happy Eyeballs algorithms must adhere to To meet that goal, compliant Happy Eyeballs algorithms must adhere to
the requirements in this section. the requirements in this section.
4.1. Adhere to Address Preference Policy 4.1. Delay IPv4
All hosts have an address selection policy. IPv6-capable hosts In the near future, there will be a mix of different hosts at
usually implement [RFC3484] and may allow the user (via configuration individual subscribers homes -- hosts that are IPv4-only, hosts that
commands) or the network to modify that address selection policy are IPv6-only (e.g., sensors), and dual-stack. This mix of hosts
(e.g., [I-D.ietf-6man-addr-select-opt]). In most cases, the will exist both within a single home and between subscribers. For
preferred address family is IPv6. example an IPv4-only television or video streaming device purchased
last year and moved from the living room to a bedroom. As another
example, another subscriber might have hosts that are all capable of
dual-stack operation.
Happy Eyeballs implementations MUST follow the host's address Due to IPv4 exhaustion, it is likely that a subscriber's hosts (both
preference policy or, if that policy is unknown, implementations MUST IPv4-only hosts and dual-stack hosts) will be sharing an IPv4 address
prefer IPv6 over IPv4. with other subscribers. The dual-stack hosts have an advantage:
they can utilize IPv6 or IPv4. The IPv4-only hosts have a
disadvantage: they can only utilize IPv4. If all hosts (dual-stack
and IPv4-only) are using IPv4, there is additional contention for the
shared IPv4 address. The IPv4-only hosts cannot avoid that
contention (as they can only use IPv4) while the dual-stack hosts can
avoid that contention by using IPv6.
Justification: This reduces load on stateful IPv4 middleboxes As dual-stack hosts proliferate and content becomes available over
(NAT and firewalls) and reduces IPv4 address sharing contention. IPv6, there will be less and less IPv4 traffic. This is true
especially for dual-stack hosts that do not implement Happy Eyeballs,
because those dual-stack hosts have a very strong preference to use
IPv6 (with timeouts in the tens of seconds before they will attempt
to use IPv4).
4.2. Behavior when Preferred Address Family has Failed When deploying IPv6, both content providers and Internet Service
Providers (who supply IPv4 address sharing mechanisms such as Carrier
Grade NAT (CGN)) will want to reduce their investment in IPv4
equipment -- load balancers, peering links, and address sharing
devices. If a Happy Eyeballs implementation treats IPv6 and IPv4
equally by connecting to whichever address family is fastest, it will
contribute to load on IPv4. This load impacts IPv4-only devices (by
increasing contention of IPv4 address sharing and increasing load on
IPv4 load balancers). Because of this, ISPs and content providers
will find it impossible to reduce their investment in IPv4 equipment.
This means that costs to migrate to IPv6 are increased, because the
investment in IPv4 cannot be reduced. Furthermore, using only a
metric that measures connection speed ignores the value of IPv6 over
IPv4 address sharing, such as shared penalty boxes and geo-location
[RFC6269].
After making a connection attempt on a certain address family (e.g., Thus, to avoid harming IPv4-only hosts which can only utilize IPv4,
IPv6), a Happy Eyeballs implementation will decide to initiate a implementations MUST prefer the first IP address family returned by
second connection attempt using the other address family (e.g., the host's address preference policy, unless implementing a stateful
IPv4). algorithm described in Section 4.2. This usually means giving
preferring IPv6 over IPv4, although that preference can be over-
ridden by user configuration or by network configuration
[I-D.ietf-6man-addr-select-opt]. If the host's policy is unknown or
not attainable, implementations MUST prefer IPv6 over IPv4.
After doing so and noticing that connections using the other address 4.2. Stateful Behavior when IPv6 Fails
family (e.g., IPv4) are successful, a Happy Eyeballs implementation
MAY make subsequent connection attempts on the successful address
family (e.g., IPv4). Such an implementationMUST occasionally make
connection attempts using the host's preferred address family, as it
may have become functional. It is RECOMMENDED that implementations
try the preferred address family at least every 10 minutes. Note:
this can be achieved by connecting to both address families at the
same time, which does not significantly harm the application's
connection setup time for the successful address family. If
connections using the preferred address family are successful, the
preferred address family SHOULD be used for subsequent connections.
Justification: Once the IPv6 path becomes usable again, this Some Happy Eyeballs algorithms are stateful -- that is, the algorithm
reduces load on stateful IPv4 middleboxes (NAT and firewalls) and will remember that IPv6 always fails, or that IPv6 to certain
reduces IPv4 address sharing contention. prefixes always fails, and so on. This section describes such
algorithms. Stateless algorithms, which do not remember the success/
failure of previous connections, are not discussed in this section.
After making a connection attempt on the preferred address family
(e.g., IPv6), and failing to establish a connection within a certain
time period (see Section 5.7), a Happy Eyeballs implementation will
decide to initiate a second connection attempt using the same address
family or the other address family.
Such an implementation MAY make subsequent connection attempts (to
the same host or to other hosts) on the successful address family
(e.g., IPv4). Such an implementation MUST occasionally make
connection attempts using the host's preferred address family, as it
may have become functional again, and is RECOMMENDED to do so every
10 minutes. Implementation note: this can be achieved by attempting
to connect to both address families at the same time every 10
minutes, which does not significantly harm the application's
connection setup time. If connections using the preferred address
family are again successful, the preferred address family SHOULD be
used for subsequent connections. Because this implementation is
stateful, it MAY track connection success (or failure) based on IPv6
or IPv4 prefix (e.g., connections to the same prefix assigned to the
interface are successful whereas connections to other prefixes are
failing).
4.3. Reset on Network (re-)Initialization 4.3. Reset on Network (re-)Initialization
Because every network has different characteristics (e.g., working or Because every network has different characteristics (e.g., working or
broken IPv6 or IPv4 connectivity), a Happy Eyeballs algorithm SHOULD broken IPv6 or IPv4 connectivity), a Happy Eyeballs algorithm SHOULD
re-initialize when the host is connected to a new network. Hosts can re-initialize when the host is connected to a new network. Hosts can
determine network (re-)initialization by a variety of mechanisms determine network (re-)initialization by a variety of mechanisms
including DNAv4 [RFC4436], DNAv6 [RFC6059], [cx-osx], [cx-win]. (e.g., DNAv4 [RFC4436], DNAv6 [RFC6059]).
Justification: This provides the best chance that IPv6 will be
attempted over the new interface.
If the client application is a web browser, see also Section 5.5. If the client application is a web browser, see also Section 5.8.
4.4. Abandon Non-Winning Connections 4.4. Abandon Non-Winning Connections
It is RECOMMENDED that the non-winning connections be abandoned, even It is RECOMMENDED that the non-winning connections be abandoned, even
though they could -- in some cases -- be put to reasonable use. though they could -- in some cases -- be put to reasonable use.
Justification: This reduces the load on the server (file Justification: This reduces the load on the server (file
descriptors, TCP control blocks), stateful middleboxes (NAT and descriptors, TCP control blocks), stateful middleboxes (NAT and
firewalls) and, if the abandoned connection is IPv4, reduces IPv4 firewalls) and, if the abandoned connection is IPv4, reduces IPv4
address sharing contention. address sharing contention.
HTTP: The design of some sites can break because of HTTP cookies HTTP: The design of some sites can break because of HTTP cookies
that incorporate the client's IP address and require all that incorporate the client's IP address and require all
connections be from the same IP address. If some connections from connections be from the same IP address. If some connections from
the same client are arriving from different IP addresses (or the same client are arriving from different IP addresses (or
worse, different IP address families), such applications will worse, different IP address families), such applications will
break. Additionally for HTTP, using the non-winning connection break. Additionally for HTTP, using the non-winning connection
can interfere with the browser's Same Origin Policy (see can interfere with the browser's Same Origin Policy (see
Section 5.5). Section 5.8).
5. Additional Considerations 5. Additional Considerations
This section discusses considerations and requirements that are This section discusses considerations related to Happy Eyeballs.
common to new technology deployment.
5.1. Additional Network and Host Traffic 5.1. Additional Network and Host Traffic
Additional network traffic and additional server load is created due Additional network traffic and additional server load is created due
to the recommendations in this document, especially when connections to the recommendations in this document, especially when connections
to the perferred address family (usually IPv6) are not completing to the preferred address family (usually IPv6) are not completing
quickly. quickly.
The procedures described in this document retain a quality user The procedures described in this document retain a quality user
experience while transitioning from IPv4-only to dual stack, while experience while transitioning from IPv4-only to dual stack, while
still giving IPv6 a slight preference over IPv4 (in order to remove still giving IPv6 a slight preference over IPv4 (in order to remove
load from IPv4 networks, most importantly to reduce the load on IPv4 load from IPv4 networks, most importantly to reduce the load on IPv4
network address translators). The improvement in the user experience network address translators). The improvement in the user experience
benefits the user to only a small detriment of the network, DNS benefits the user to only a small detriment of the network, DNS
server, and server that are serving the user. server, and server that are serving the user.
skipping to change at page 8, line 50 skipping to change at page 9, line 42
fortunately IPv6/IPv4 translators are not deployed on networks with fortunately IPv6/IPv4 translators are not deployed on networks with
dual stack clients. dual stack clients.
5.3. Debugging and Troubleshooting 5.3. Debugging and Troubleshooting
This mechanism is aimed at ensuring a reliable user experience This mechanism is aimed at ensuring a reliable user experience
regardless of connectivity problems affecting any single transport. regardless of connectivity problems affecting any single transport.
However, this naturally means that applications employing these However, this naturally means that applications employing these
techniques are by default less useful for diagnosing issues with a techniques are by default less useful for diagnosing issues with a
particular address family. To assist in that regard, the particular address family. To assist in that regard, the
implementions MAY also provide a mechanism to disable their Happy implementations MAY also provide a mechanism to disable their Happy
Eyeballs behavior via a user setting. Eyeballs behavior via a user setting.
5.4. Multiple Interfaces 5.4. Three or More Interfaces
Interaction of the suggestions in this document with multiple A dual-stack host might have more than two interfaces because of a
interfaces, and interaction with the MIF working group, is for VPN (where a third interface is the tunnel address, often assigned by
further study. the remote corporate network), because of multiple physical
interfaces such as wired and wireless Ethernet, because the host
belongs to multiple VLANs, or other reasons. The interaction of
Happy Eyeballs with more than two interfaces is for further study.
5.5. Interaction with Same Origin Policy 5.5. A and AAAA Resource Records
Web browsers implement same origin policy (SOP, [sop], It is possible that an DNS query for an A or AAAA resource record
[I-D.abarth-origin]), which causes subsequent connections to the same will return more than one A or AAAA address. When this occurs, it is
hostname to go to the same IPv4 (or IPv6) address as the previous RECOMMENDED that a Happy Eyeballs implementation order the responses
successful connection. This is done to prevent certain types of following the host's address preference policy and then try the first
attacks. address. If that fails after a certain time (see Section 5.7), the
next address SHOULD be the IPv4 address.
If that fails to connect after a certain time (see Section 5.7), a
Happy Eyeballs implementation SHOULD try the other addresses
returned; the order of these connection attempts is not important.
5.6. A6 Resource Records
The A6 resource record SHOULD NOT be queried [RFC3363].
5.7. Connection time out
The primary purpose of Happy Eyeballs is to reduce the wait time for
a dual stack connection to complete, especially when the IPv6 path is
broken and IPv6 is preferred. Aggressive time outs (on the order of
tens of milliseconds) achieve this goal, but at the cost of network
traffic. This network traffic may be billable on certain networks,
will create state on some middleboxes (e.g., firewalls, IDS, NAT),
and will consume ports if IPv4 addresses are shared. For these
reasons, it is RECOMMENDED that connection attempts be paced to give
connections a chance to complete. It is RECOMMENDED that connections
attempts be paced 150-250ms apart. Stateful algorithms are expected
to be more aggressive (that is, make connection attempts closer
together), as stateful algorithms maintain an estimate of the
expected connection completion time.
5.8. Interaction with Same Origin Policy
Web browsers implement same origin policy [I-D.ietf-websec-origin]
which causes subsequent connections to the same hostname to go to the
same IPv4 (or IPv6) address as the previous successful connection.
This is done to prevent certain types of attacks.
The same-origin policy harms user-visible responsiveness if a new The same-origin policy harms user-visible responsiveness if a new
connection fails (e.g., due to a transient event such as router connection fails (e.g., due to a transient event such as router
failure or load balancer failure). While it is tempting to use Happy failure or load balancer failure). While it is tempting to use Happy
Eyeballs to maintain responsiveness, web browsers MUST NOT change Eyeballs to maintain responsiveness, web browsers MUST NOT change
their same origin policy because of Happy Eyeballs their same origin policy because of Happy Eyeballs, as that would
create an additional security exposure.
5.6. Happy Eyeballs in an Operating System 5.9. Happy Eyeballs in an Operating System
Applications would have to change in order to use the mechanism Applications would have to change in order to use the mechanism
described in this document, by either implementing the mechanism described in this document, by either implementing the mechanism
directly, or by calling APIs made available to them. To improve IPv6 directly, or by calling APIs made available to them. To improve IPv6
connectivity experience for legacy applications (e.g., applications connectivity experience for legacy applications (e.g., applications
which simply rely on the operating system's address preference which simply rely on the operating system's address preference
order), operating systems may consider more sophisticated approaches. order), operating systems may consider more sophisticated approaches.
These can include changing address sorting based on configuration These can include changing address sorting based on configuration
received from the network, or observing connection failures to IPv6 received from the network, or observing connection failures to IPv6
and IPV4 destinations. and IPV4 destinations.
skipping to change at page 10, line 12 skipping to change at page 11, line 40
time (e.g., 200-300ms), initiate a connection attempt with the time (e.g., 200-300ms), initiate a connection attempt with the
first address belonging to the other address family (e.g., IPv4) first address belonging to the other address family (e.g., IPv4)
4. The first connection that is established is used. The other 4. The first connection that is established is used. The other
connection is discarded. connection is discarded.
Other example algorithms include [Perreault] and [Andrews]. Other example algorithms include [Perreault] and [Andrews].
7. Security Considerations 7. Security Considerations
See Section 4.4 and Section 5.5. See Section 4.4 and Section 5.8.
8. Acknowledgements 8. Acknowledgements
The mechanism described in this paper was inspired by Stuart The mechanism described in this paper was inspired by Stuart
Cheshire's discussion at the IAB Plenary at IETF72, the author's Cheshire's discussion at the IAB Plenary at IETF72, the author's
understanding of Safari's operation with SRV records, Interactive understanding of Safari's operation with SRV records, Interactive
Connectivity Establishment (ICE [RFC5245]), the current IPv4/IPv6 Connectivity Establishment (ICE [RFC5245]), the current IPv4/IPv6
behavior of SMTP mail transfer agents, and the implementation of behavior of SMTP mail transfer agents, and the implementation of
Happy Eyeballs in Google Chrome and Mozilla Firefox. Happy Eyeballs in Google Chrome and Mozilla Firefox.
Thanks to Fred Baker, Jeff Kinzli, Christian Kuhtz, and Iljitsch van Thanks to Fred Baker, Jeff Kinzli, Christian Kuhtz, and Iljitsch van
Beijnum for fostering the creation of this document. Beijnum for fostering the creation of this document.
Thanks to Scott Brim, Rick Jones, Stig Venaas, Erik Kline, Bjoern Thanks to Scott Brim, Rick Jones, Stig Venaas, Erik Kline, Bjoern
Zeeb, Matt Miller, Dave Thaler, and Dmitry Anipko for providing Zeeb, Matt Miller, Dave Thaler, Dmitry Anipko, and Brian Carpenter
feedback on the document. for their feedback.
Thanks to Javier Ubillos, Simon Perreault and Mark Andrews for the Thanks to Javier Ubillos, Simon Perreault and Mark Andrews for the
active feedback and the experimental work on the independent active feedback and the experimental work on the independent
practical implementations that they created. practical implementations that they created.
Also the authors would like to thank the following individuals who Also the authors would like to thank the following individuals who
participated in various email discussions on this topic: Mohacsi participated in various email discussions on this topic: Mohacsi
Janos, Pekka Savola, Ted Lemon, Carlos Martinez-Cagnazzo, Simon Janos, Pekka Savola, Ted Lemon, Carlos Martinez-Cagnazzo, Simon
Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos, Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos,
Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel
skipping to change at page 11, line 4 skipping to change at page 12, line 30
Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos, Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos,
Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel
Roesen, Guillaume Leclanche, Mark Smith, Gert Doering, Martin Roesen, Guillaume Leclanche, Mark Smith, Gert Doering, Martin
Millnert, Tim Durack, Matthew Palmer. Millnert, Tim Durack, Matthew Palmer.
9. IANA Considerations 9. IANA Considerations
This document has no IANA actions. This document has no IANA actions.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3363] Bush, R., Durand, A., Fink, B., Gudmundsson, O., and T.
Hain, "Representing Internet Protocol version 6 (IPv6)
Addresses in the Domain Name System (DNS)", RFC 3363,
August 2002.
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484, February 2003.
10.2. Informational References 10.2. Informational References
[Andrews] Andrews, M., "How to connect to a multi-homed server over [Andrews] Andrews, M., "How to connect to a multi-homed server over
TCP", January 2011, <http://www.isc.org/community/blog/ TCP", January 2011, <http://www.isc.org/community/blog/
201101/how-to-connect-to-a-multi-h omed-server-over-tcp>. 201101/how-to-connect-to-a-multi-h omed-server-over-tcp>.
[Experiences] [Experiences]
Savolainen, T., Miettinen, N., Veikkolainen, S., Chown, Savolainen, T., Miettinen, N., Veikkolainen, S., Chown,
T., and J. Morse, "Experiences of host behavior in broken T., and J. Morse, "Experiences of host behavior in broken
IPv6 networks", March 2011, IPv6 networks", March 2011,
<http://www.ietf.org/proceedings/80/slides/v6ops-12.pdf>. <http://www.ietf.org/proceedings/80/slides/v6ops-12.pdf>.
[I-D.abarth-origin]
Barth, A., "The Web Origin Concept",
draft-abarth-origin-09 (work in progress), November 2010.
[I-D.ietf-6man-addr-select-opt] [I-D.ietf-6man-addr-select-opt]
Matsumoto, A., Fujisaki, T., Kato, J., and T. Chown, Matsumoto, A., Fujisaki, T., Kato, J., and T. Chown,
"Distributing Address Selection Policy using DHCPv6", "Distributing Address Selection Policy using DHCPv6",
draft-ietf-6man-addr-select-opt-01 (work in progress), draft-ietf-6man-addr-select-opt-01 (work in progress),
June 2011. June 2011.
[I-D.ietf-websec-origin]
Barth, A., "The Web Origin Concept",
draft-ietf-websec-origin-04 (work in progress),
August 2011.
[Perreault] [Perreault]
Perreault, S., "Happy Eyeballs in Erlang", February 2011, Perreault, S., "Happy Eyeballs in Erlang", February 2011,
<http://www.viagenie.ca/news/ <http://www.viagenie.ca/news/
index.html#happy_eyeballs_erlang>. index.html#happy_eyeballs_erlang>.
[RFC1671] Carpenter, B., "IPng White Paper on Transition and Other [RFC1671] Carpenter, B., "IPng White Paper on Transition and Other
Considerations", RFC 1671, August 1994. Considerations", RFC 1671, August 1994.
[RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting [RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting
Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006. Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, Traversal for Offer/Answer Protocols", RFC 5245,
April 2010. April 2010.
[RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for [RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for
Detecting Network Attachment in IPv6", RFC 6059, Detecting Network Attachment in IPv6", RFC 6059,
November 2010. November 2010.
[cx-osx] Adium, "AIHostReachabilityMonitor", June 2009, [RFC6269] Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
<https://bugzilla.redhat.com/show_bug.cgi?id=505105>. Roberts, "Issues with IP Address Sharing", RFC 6269,
June 2011.
[cx-win] Microsoft, "NetworkChange.NetworkAvailabilityChanged
Event", June 2009, <http://msdn.microsoft.com/en-us/
library/
system.net.networkinformation.networkchange.networkavailab
ilitychanged.aspx>.
[sop] W3C, "Same Origin Policy", January 2010,
<http://www.w3.org/Security/wiki/Same_Origin_Policy>.
[whitelist] [whitelist]
Google, "Google IPv6 DNS Whitelist", January 2009, Google, "Google IPv6 DNS Whitelist", January 2009,
<http://www.google.com/intl/en/ipv6>. <http://www.google.com/intl/en/ipv6>.
Appendix A. Changes Appendix A. Changes
A.1. changes from -02 to -03 A.1. changes from -03 to -04
o Better explained why IPv6 needs to be preferred
o Don't query A6.
A.2. changes from -02 to -03
o Re-casted this specification as a list of requirements for a o Re-casted this specification as a list of requirements for a
compliant algorithm, rather than trying to dictate a One True compliant algorithm, rather than trying to dictate a One True
algorithm. algorithm.
A.2. changes from -01 to -02 A.3. changes from -01 to -02
o Now honors host's address preference (RFC3484 and friends) o Now honors host's address preference (RFC3484 and friends)
o No longer requires thread-safe DNS library. It uses getaddrinfo() o No longer requires thread-safe DNS library. It uses getaddrinfo()
o No longer describes threading. o No longer describes threading.
o IPv6 is given a 200ms head start (Initial Headstart variable). o IPv6 is given a 200ms head start (Initial Headstart variable).
o If the IPv6 and IPv4 connection attempts were made at nearly the o If the IPv6 and IPv4 connection attempts were made at nearly the
skipping to change at page 13, line 18 skipping to change at page 15, line 5
o If we didn't get both A and AAAA, abandon all Happy Eyeballs o If we didn't get both A and AAAA, abandon all Happy Eyeballs
processing (thanks to Simon Perreault). processing (thanks to Simon Perreault).
o added discussion of Same Origin Policy o added discussion of Same Origin Policy
o Removed discussion of NAT-PT and address learning; those are only o Removed discussion of NAT-PT and address learning; those are only
used with IPv6-only hosts whereas this document is about dual- used with IPv6-only hosts whereas this document is about dual-
stack hosts contacting dual-stack servers. stack hosts contacting dual-stack servers.
A.3. changes from -00 to -01 A.4. changes from -00 to -01
o added SRV section (thanks to Matt Miller) o added SRV section (thanks to Matt Miller)
Authors' Addresses Authors' Addresses
Dan Wing Dan Wing
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
USA USA
 End of changes. 38 change blocks. 
106 lines changed or deleted 193 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/