idnits 2.17.1 draft-ietf-v6ops-happy-eyeballs-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 20, 2011) is 4511 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3484 (Obsoleted by RFC 6724) == Outdated reference: A later version (-13) exists of draft-ietf-6man-addr-select-opt-01 -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 v6ops D. Wing 3 Internet-Draft A. Yourtchenko 4 Intended status: Standards Track Cisco 5 Expires: June 22, 2012 December 20, 2011 7 Happy Eyeballs: Success with Dual-Stack Hosts 8 draft-ietf-v6ops-happy-eyeballs-07 10 Abstract 12 When a server's IPv4 path and protocol is working but the server's 13 IPv6 path and protocol are not working, a dual-stack client 14 application experiences significant connection delay compared to an 15 IPv4-only client. This is undesirable because it causes the dual- 16 stack client to have a worse user experience. This document 17 specifies requirements for algorithms that reduce this user-visible 18 delay, and provides an algorithm. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on June 22, 2012. 37 Copyright Notice 39 Copyright (c) 2011 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 1.1. Additional Network and Host Traffic . . . . . . . . . . . 3 56 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3 57 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 58 3.1. Hostnames . . . . . . . . . . . . . . . . . . . . . . . . 4 59 3.2. Delay When IPv6 is not Accessible . . . . . . . . . . . . 4 60 4. Algorithm Requirements . . . . . . . . . . . . . . . . . . . . 5 61 4.1. Delay IPv4 . . . . . . . . . . . . . . . . . . . . . . . . 7 62 4.2. Stateful Behavior when IPv6 Fails . . . . . . . . . . . . 8 63 4.3. Reset on Network (re-)Initialization . . . . . . . . . . . 9 64 4.4. Abandon Non-Winning Connections . . . . . . . . . . . . . 9 65 5. Additional Considerations . . . . . . . . . . . . . . . . . . 10 66 5.1. Determining Address Type . . . . . . . . . . . . . . . . . 10 67 5.2. Debugging and Troubleshooting . . . . . . . . . . . . . . 10 68 5.3. Three or More Interfaces . . . . . . . . . . . . . . . . . 10 69 5.4. A and AAAA Resource Records . . . . . . . . . . . . . . . 10 70 5.5. Connection time out . . . . . . . . . . . . . . . . . . . 11 71 5.6. Interaction with Same Origin Policy . . . . . . . . . . . 11 72 5.7. Implementation Strategies . . . . . . . . . . . . . . . . 11 73 6. Example Algorithm . . . . . . . . . . . . . . . . . . . . . . 12 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 75 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 76 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 77 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 78 10.1. Normative References . . . . . . . . . . . . . . . . . . . 13 79 10.2. Informational References . . . . . . . . . . . . . . . . . 13 80 Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . . 15 81 A.1. changes from -06 to -07 . . . . . . . . . . . . . . . . . 15 82 A.2. changes from -05 to -06 . . . . . . . . . . . . . . . . . 15 83 A.3. changes from -04 to -05 . . . . . . . . . . . . . . . . . 15 84 A.4. changes from -03 to -04 . . . . . . . . . . . . . . . . . 16 85 A.5. changes from -03 to -04 . . . . . . . . . . . . . . . . . 16 86 A.6. changes from -02 to -03 . . . . . . . . . . . . . . . . . 16 87 A.7. changes from -01 to -02 . . . . . . . . . . . . . . . . . 16 88 A.8. changes from -00 to -01 . . . . . . . . . . . . . . . . . 17 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 91 1. Introduction 93 In order to use applications over IPv6, it is necessary that users 94 enjoy nearly identical performance as compared to IPv4. A 95 combination of today's applications, IPv6 tunneling, IPv6 service 96 providers, and some of today's content providers all cause the user 97 experience to suffer (Section 3). For IPv6, a content provider may 98 ensure a positive user experience by using a DNS white list of IPv6 99 service providers who peer directly with them (e.g., [whitelist]). 100 However, this does not scale well (to the number of DNS servers 101 worldwide or the number of content providers worldwide), and does not 102 react to intermittent network path outages. 104 Instead, applications reduce connection setup delays themselves, by 105 more aggressively making connections on IPv6 and IPv4. There are a 106 variety of algorithms that can be envisioned. This document 107 specifies requirements for any such algorithm, with the goals that 108 the network and servers are not inordinately harmed with a simple 109 doubling of traffic on IPv6 and IPv4, and the host's address 110 preference is honored (e.g., [RFC3484]). 112 1.1. Additional Network and Host Traffic 114 Additional network traffic and additional server load is created due 115 to the recommendations in this document, especially when connections 116 to the preferred address family (usually IPv6) are not completing 117 quickly. 119 The procedures described in this document retain a quality user 120 experience while transitioning from IPv4-only to dual stack, while 121 still giving IPv6 a slight preference over IPv4 (in order to remove 122 load from IPv4 networks, most importantly to reduce the load on IPv4 123 network address translators). The improvement in the user experience 124 benefits the user to only a small detriment of the network, DNS 125 server, and server that are serving the user. 127 2. Notational Conventions 129 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 130 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 131 document are to be interpreted as described in [RFC2119]. 133 3. Problem Statement 135 The basis of the IPv6/IPv4 selection problem was first described in 136 1994 in [RFC1671], 137 "The dual-stack code may get two addresses back from DNS; which 138 does it use? During the many years of transition the Internet 139 will contain black holes. For example, somewhere on the way from 140 IPng host A to IPng host B there will sometimes (unpredictably) be 141 IPv4-only routers which discard IPng packets. Also, the state of 142 the DNS does not necessarily correspond to reality. A host for 143 which DNS claims to know an IPng address may in fact not be 144 running IPng at a particular moment; thus an IPng packet to that 145 host will be discarded on delivery. Knowing that a host has both 146 IPv4 and IPng addresses gives no information about black holes. A 147 solution to this must be proposed and it must not depend on 148 manually maintained information. (If this is not solved, the dual 149 stack approach is no better than the packet translation 150 approach.)" 152 As discussed in more detail in Section 3.1, it is important that the 153 same hostname be used for IPv4 and IPv6. 155 As discussed in more detail in Section 3.2, IPv6 connectivity is 156 broken to specific prefixes or specific hosts, or slower than native 157 IPv4 connectivity. 159 The mechanism described in this document is directly applicable to 160 connection-oriented transports (e.g., TCP, SCTP), which is the scope 161 of this document. For connectionless transport protocols (e.g., 162 UDP), a similar mechanism can be used if the application has request/ 163 response semantics (e.g., as done by ICE to select a working IPv6 or 164 IPv4 media path [RFC6157]). 166 3.1. Hostnames 168 Hostnames are often used between users to exchange pointers to 169 content -- such as on social networks, email, instant messaging, or 170 other systems. Using separate namespaces (e.g., "ipv6.example.com") 171 which are only accessible with certain client technology (e.g., an 172 IPv6 client) and dependencies (e.g., a working IPv6 path) causes 173 namespace fragmentation and reduces the ability for users to share 174 hostnames. It also complicates printed material that includes the 175 hostname. 177 The algorithm described in this document allows production hostnames 178 to avoid these problematic references to IPv4 or IPv6. 180 3.2. Delay When IPv6 is not Accessible 182 When IPv6 connectivity is impaired, today's IPv6-capable applications 183 (e.g., web browsers, email clients, instant messaging clients) incur 184 many seconds of delay before falling back to IPv4. This delays 185 overall application operation, including harming the user's 186 experience with IPv6, which will slow the acceptance of IPv6, because 187 IPv6 is frequently disabled in its entirety on the end systems to 188 improve the user experience. 190 Reasons for such failure include no connection to the IPv6 Internet, 191 broken 6to4 or Teredo tunnels, and broken IPv6 peering. The 192 following diagram shows this behavior. 194 The algorithm described in this document allows clients to connect to 195 servers without significant delay, even if a path or the server is 196 slow or down. 198 DNS Server Client Server 199 | | | 200 1. |<--www.example.com A?-----| | 201 2. |<--www.example.com AAAA?--| | 202 3. |---192.0.2.1------------->| | 203 4. |---2001:db8::1----------->| | 204 5. | | | 205 6. | |==TCP SYN, IPv6===>X | 206 7. | |==TCP SYN, IPv6===>X | 207 8. | |==TCP SYN, IPv6===>X | 208 9. | | | 209 10. | |--TCP SYN, IPv4------->| 210 11. | |<-TCP SYN+ACK, IPv4----| 211 12. | |--TCP ACK, IPv4------->| 213 Figure 1: Existing behavior message flow 215 The client obtains the IPv4 and IPv6 records for the server (1-4). 216 The client attempts to connect using IPv6 to the server, but the IPv6 217 path is broken (6-8), which consumes several seconds of time. 218 Eventually, the client attempts to connect using IPv4 (10) which 219 succeeds. 221 Delays experienced by users of various browser and operating system 222 combinations have been studied [Experiences]. 224 4. Algorithm Requirements 226 A Happy Eyeballs algorithm has two primary goals: 228 1. Provides fast connection for users, by quickly attempting to 229 connect using IPv6 and (if that connection attempt is not quickly 230 successful) to connect using IPv4. 232 2. Avoids thrashing the network, by not (always) making simultaneous 233 connection attempts on both IPv6 and IPv4. 235 The basic idea is depicted in the following diagram: 237 DNS Server Client Server 238 | | | 239 1. |<--www.example.com A?-----| | 240 2. |<--www.example.com AAAA?--| | 241 3. |---192.0.2.1------------->| | 242 4. |---2001:db8::1----------->| | 243 5. | | | 244 6. | |==TCP SYN, IPv6===>X | 245 7. | |--TCP SYN, IPv4------->| 246 8. | |<-TCP SYN+ACK, IPv4----| 247 9. | |--TCP ACK, IPv4------->| 248 10. | |==TCP SYN, IPv6===>X | 250 Figure 2: Happy Eyeballs flow 1, IPv6 broken 252 In the diagram above, the client sends two TCP SYNs at the same time 253 over IPv6 (6) and IPv4 (7). In the diagram, the IPv6 path is broken 254 but has little impact to the user because there is no long delay 255 before using IPv4. The IPv6 path is retried until the application 256 gives up (10). 258 After performing the above procedure, the client learns whether 259 connections to the host's IPv6 or IPv4 address were successful. The 260 client MUST cache information regarding the outcome of each 261 connection attempt and uses that information to avoid thrashing the 262 network with subsequent attempts. For example, in the example above, 263 the cache indicates that the IPv6 connection attempt failed, and 264 therefore the system will prefer IPv4 instead. Cache entries should 265 be flushed when their age exceeds a system defined maximum on the 266 order of ten minutes. 268 DNS Server Client Server 269 | | | 270 1. |<--www.example.com A?-----| | 271 2. |<--www.example.com AAAA?--| | 272 3. |---192.0.2.1------------->| | 273 4. |---2001:db8::1----------->| | 274 5. | | | 275 6. | |==TCP SYN, IPv6=======>| 276 7. | |--TCP SYN, IPv4------->| 277 8. | |<=TCP SYN+ACK, IPv6====| 278 9. | |<-TCP SYN+ACK, IPv4----| 279 10. | |==TCP ACK, IPv6=======>| 280 11. | |--TCP ACK, IPv4------->| 281 12. | |--TCP RST, IPv4------->| 283 Figure 3: Happy Eyeballs flow 2, IPv6 working 285 The diagram above shows a case where both IPv6 and IPv4 are working, 286 and IPv4 is abandoned (12). 288 Any Happy Eyeballs algorithm will persist in products for as long as 289 the client host is dual-stacked, which will persist as long as there 290 are IPv4-only servers on the Internet -- the so-called "long tail". 291 Over time, as most content is available via IPv6, the amount of IPv4 292 traffic will decrease. This means that the IPv4 infrastructure will, 293 over time, be sized to accommodate that decreased (and decreasing) 294 amount of traffic. It is critical that a Happy Eyeballs algorithm 295 not cause a surge of unnecessary traffic on that IPv4 infrastructure. 296 To meet that goal, compliant Happy Eyeballs algorithms must adhere to 297 the requirements in this section. 299 4.1. Delay IPv4 301 The transition to IPv6 is likely to produce a mix of different hosts 302 within a subnetwork -- hosts that are IPv4-only, hosts that are IPv6- 303 only (e.g., sensors), and dual-stack. This mix of hosts will exist 304 both within an administrative domain (a single home, enterprise, 305 hotel, or coffee shop) and between administrative domains. For 306 example, a single home might have an IPv4-only television in one room 307 and a dual-stack television in another room. As another example, 308 another subscriber might have hosts that are all capable of dual- 309 stack operation. 311 Due to IPv4 exhaustion, it is likely that a subscriber's hosts (both 312 IPv4-only hosts and dual-stack hosts) will be sharing an IPv4 address 313 with other subscribers. The dual-stack hosts have an advantage: 314 they can utilize IPv6 or IPv4, which means it can utilize the 315 technique described in this document. The IPv4-only hosts have a 316 disadvantage: they can only utilize IPv4. If all hosts (dual-stack 317 and IPv4-only) are using IPv4, there is additional contention for the 318 shared IPv4 address. The IPv4-only hosts cannot avoid that 319 contention (as they can only use IPv4) while the dual-stack hosts can 320 avoid that contention by using IPv6. 322 As dual-stack hosts proliferate and content becomes available over 323 IPv6, there will be proportionally less IPv4 traffic. This is true 324 especially for dual-stack hosts that do not implement Happy Eyeballs, 325 because those dual-stack hosts have a very strong preference to use 326 IPv6 (with timeouts in the tens of seconds before they will attempt 327 to use IPv4). 329 When deploying IPv6, both content providers and Internet Service 330 Providers (who supply IPv4 address sharing mechanisms such as Carrier 331 Grade NAT (CGN)) will want to reduce their investment in IPv4 332 equipment -- load balancers, peering links, and address sharing 333 devices. If a Happy Eyeballs implementation treats IPv6 and IPv4 334 equally by connecting to whichever address family is fastest, it will 335 contribute to load on IPv4. This load impacts IPv4-only devices (by 336 increasing contention of IPv4 address sharing and increasing load on 337 IPv4 load balancers). Because of this, ISPs and content providers 338 will find it impossible to reduce their investment in IPv4 equipment. 339 This means that costs to migrate to IPv6 are increased, because the 340 investment in IPv4 cannot be reduced. Furthermore, using only a 341 metric that measures connection speed ignores the value of IPv6 over 342 IPv4 address sharing, such as shared penalty boxes and geo-location 343 [RFC6269]. 345 Thus, to avoid harming IPv4-only hosts which can only utilize IPv4, 346 implementations MUST prefer the first IP address family returned by 347 the host's address preference policy, unless implementing a stateful 348 algorithm described in Section 4.2. This usually means giving 349 preference to IPv6 over IPv4, although that preference can be over- 350 ridden by user configuration or by network configuration 351 [I-D.ietf-6man-addr-select-opt]. If the host's policy is unknown or 352 not attainable, implementations MUST prefer IPv6 over IPv4. 354 4.2. Stateful Behavior when IPv6 Fails 356 Some Happy Eyeballs algorithms are stateful -- that is, the algorithm 357 will remember that IPv6 always fails, or that IPv6 to certain 358 prefixes always fails, and so on. This section describes such 359 algorithms. Stateless algorithms, which do not remember the success/ 360 failure of previous connections, are not discussed in this section. 362 After making a connection attempt on the preferred address family 363 (e.g., IPv6), and failing to establish a connection within a certain 364 time period (see Section 5.5), a Happy Eyeballs implementation will 365 decide to initiate a second connection attempt using the same address 366 family or the other address family. 368 Such an implementation MAY make subsequent connection attempts (to 369 the same host or to other hosts) on the successful address family 370 (e.g., IPv4). So long as new connections are being attempted by the 371 host, such an implementation MUST occasionally make connection 372 attempts using the host's preferred address family, as it may have 373 become functional again, and it SHOULD do so every 10 minutes. The 374 10 minute delay before re-trying a failed address family avoids the 375 simple doubling of connection attempts on both IPv6 and IPv4. 376 Implementation note: this can be achieved by flushing Happy Eyeballs 377 state every every 10 minutes, which does not significantly harm the 378 application's subsequent connection setup time. If connections using 379 the preferred address family are again successful, the preferred 380 address family SHOULD be used for subsequent connections. Because 381 this implementation is stateful, it MAY track connection success (or 382 failure) based on IPv6 or IPv4 prefix (e.g., connections to the same 383 prefix assigned to the interface are successful whereas connections 384 to other prefixes are failing). 386 4.3. Reset on Network (re-)Initialization 388 Because every network has different characteristics (e.g., working or 389 broken IPv6 or IPv4 connectivity), a Happy Eyeballs algorithm SHOULD 390 re-initialize when the interface is connected to a new network. 391 Interfaces can determine network (re-)initialization by a variety of 392 mechanisms (e.g., DNAv4 [RFC4436], DNAv6 [RFC6059]). 394 If the client application is a web browser, see also Section 5.6. 396 4.4. Abandon Non-Winning Connections 398 It is RECOMMENDED that the non-winning connections be abandoned, even 399 though they could -- in some cases -- be put to reasonable use. 401 Justification: This reduces the load on the server (file 402 descriptors, TCP control blocks), stateful middleboxes (NAT and 403 firewalls) and, if the abandoned connection is IPv4, reduces IPv4 404 address sharing contention. 406 HTTP: The design of some sites can break because of HTTP cookies 407 that incorporate the client's IP address and require all 408 connections be from the same IP address. If some connections from 409 the same client are arriving from different IP addresses (or 410 worse, different IP address families), such applications will 411 break. Additionally for HTTP, using the non-winning connection 412 can interfere with the browser's Same Origin Policy (see 413 Section 5.6). 415 5. Additional Considerations 417 This section discusses considerations related to Happy Eyeballs. 419 5.1. Determining Address Type 421 For some transitional technologies such as a dual-stack host, it is 422 easy for the application to recognize the native IPv6 address 423 (learned via a AAAA query) and the native IPv4 address (learned via 424 an A query). While IPv6/IPv4 translation makes that difficult, IPv6/ 425 IPv4 translators do not need to be deployed on networks with dual 426 stack clients, because dual stack clients can use their native IP 427 address family. 429 5.2. Debugging and Troubleshooting 431 This mechanism is aimed at ensuring a reliable user experience 432 regardless of connectivity problems affecting any single transport. 433 However, this naturally means that applications employing these 434 techniques are by default less useful for diagnosing issues with a 435 particular address family. To assist in that regard, the 436 implementations MAY also provide a mechanism to disable their Happy 437 Eyeballs behavior via a user setting, and to provide data useful for 438 debugging (e.g., a log or way to review current preferences). 440 5.3. Three or More Interfaces 442 A dual-stack host normally has two logical interfaces: an IPv6 443 interface and an IPv4 interface. However, a dual-stack host might 444 have more than two logical interfaces because of a VPN (where a third 445 interface is the tunnel address, often assigned by the remote 446 corporate network) or because of multiple physical interfaces such as 447 wired and wireless Ethernet, because the host belongs to multiple 448 VLANs, or other reasons. The interaction of Happy Eyeballs with more 449 than two logical interfaces is for further study. 451 5.4. A and AAAA Resource Records 453 It is possible that an DNS query for an A or AAAA resource record 454 will return more than one A or AAAA address. When this occurs, it is 455 RECOMMENDED that a Happy Eyeballs implementation order the responses 456 following the host's address preference policy and then try the first 457 address. If that fails after a certain time (see Section 5.5), the 458 next address SHOULD be the IPv4 address. 460 If that fails to connect after a certain time (see Section 5.5), a 461 Happy Eyeballs implementation SHOULD try the other addresses 462 returned; the order of these connection attempts is not important. 464 On the Internet today, servers commonly have multiple A records to 465 provide load balancing across their servers. This same technique 466 would be useful for AAAA records, as well. However, if multiple AAAA 467 records are returned to a non-Happy Eyeballs client that has broken 468 IPv6 connectivity, it will further increase the delay to fall back to 469 IPv4. Thus, web site operators with native IPv6 connectivity SHOULD 470 NOT offer multiple AAAA records. If Happy Eyeballs is widely 471 deployed in the future, this recommendation might be revisited. 473 5.5. Connection time out 475 The primary purpose of Happy Eyeballs is to reduce the wait time for 476 a dual stack connection to complete, especially when the IPv6 path is 477 broken and IPv6 is preferred. Aggressive time outs (on the order of 478 tens of milliseconds) achieve this goal, but at the cost of network 479 traffic. This network traffic may be billable on certain networks, 480 will create state on some middleboxes (e.g., firewalls, IDS, NAT), 481 and will consume ports if IPv4 addresses are shared. For these 482 reasons, it is RECOMMENDED that connection attempts be paced to give 483 connections a chance to complete. It is RECOMMENDED that connections 484 attempts be paced 150-250ms apart, to balance human factors against 485 network load. Stateful algorithms are expected to be more aggressive 486 (that is, make connection attempts closer together), as stateful 487 algorithms maintain an estimate of the expected connection completion 488 time. 490 5.6. Interaction with Same Origin Policy 492 Web browsers implement a Same Origin Policy [RFC6454] which causes 493 subsequent connections to the same hostname to go to the same IPv4 494 (or IPv6) address as the previous successful connection. This is 495 done to prevent certain types of attacks. 497 The same-origin policy harms user-visible responsiveness if a new 498 connection fails (e.g., due to a transient event such as router 499 failure or load balancer failure). While it is tempting to use Happy 500 Eyeballs to maintain responsiveness, web browsers MUST NOT change 501 their Same Origin Policy because of Happy Eyeballs, as that would 502 create an additional security exposure. 504 5.7. Implementation Strategies 506 The simplest venue for implementation of Happy Eyeballs is within the 507 application itself. The algorithm specified in this document is 508 relatively simple to implement, and would require no specific support 509 from the operating system beyond the commonly-available APIs that 510 provide transport service. It could also be added to applications by 511 way of a specific Happy Eyeballs API, replacing or augmenting the 512 transport service APIs. 514 To improve IPv6 connectivity experience for legacy applications 515 (e.g., applications which simply rely on the operating system's 516 address preference order), operating systems may consider more 517 sophisticated approaches. These can include changing default address 518 selection sorting ([RFC3484]) based on configuration received from 519 the network, or observing connection failures to IPv6 and IPV4 520 destinations. 522 6. Example Algorithm 524 What follows is the algorithm implemented in Google Chrome and 525 Mozilla Firefox. 527 1. Call getaddinfo(), which returns a list of IP addresses sorted by 528 the host's address preference policy. 530 2. Initiate a connection attempt with the first address in that list 531 (e.g., IPv6). 533 3. If that connection does not complete within a short period of 534 time (Firefox and Chrome use 300ms), initiate a connection 535 attempt with the first address belonging to the other address 536 family (e.g., IPv4) 538 4. The first connection that is established is used. The other 539 connection is discarded. 541 If an algorithm were to cache connection success/failure, the caching 542 would occur after step 4 determined which connection was successful. 544 Other example algorithms include [Perreault] and [Andrews]. 546 7. Security Considerations 548 See Section 4.4 and Section 5.6. 550 8. Acknowledgements 552 The mechanism described in this paper was inspired by Stuart 553 Cheshire's discussion at the IAB Plenary at IETF72, the author's 554 understanding of Safari's operation with SRV records, Interactive 555 Connectivity Establishment (ICE [RFC5245]), the current IPv4/IPv6 556 behavior of SMTP mail transfer agents, and the implementation of 557 Happy Eyeballs in Google Chrome and Mozilla Firefox. 559 Thanks to Fred Baker, Jeff Kinzli, Christian Kuhtz, and Iljitsch van 560 Beijnum for fostering the creation of this document. 562 Thanks to Scott Brim, Rick Jones, Stig Venaas, Erik Kline, Bjoern 563 Zeeb, Matt Miller, Dave Thaler, Dmitry Anipko, Brian Carpenter, and 564 David Crocker for their feedback. 566 Thanks to Javier Ubillos, Simon Perreault and Mark Andrews for the 567 active feedback and the experimental work on the independent 568 practical implementations that they created. 570 Also the authors would like to thank the following individuals who 571 participated in various email discussions on this topic: Mohacsi 572 Janos, Pekka Savola, Ted Lemon, Carlos Martinez-Cagnazzo, Simon 573 Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos, 574 Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel 575 Roesen, Guillaume Leclanche, Mark Smith, Gert Doering, Martin 576 Millnert, Tim Durack, Matthew Palmer. 578 9. IANA Considerations 580 This document has no IANA actions. 582 10. References 584 10.1. Normative References 586 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 587 Requirement Levels", BCP 14, RFC 2119, March 1997. 589 [RFC3484] Draves, R., "Default Address Selection for Internet 590 Protocol version 6 (IPv6)", RFC 3484, February 2003. 592 10.2. Informational References 594 [Andrews] Andrews, M., "How to connect to a multi-homed server over 595 TCP", January 2011, . 598 [Experiences] 599 Savolainen, T., Miettinen, N., Veikkolainen, S., Chown, 600 T., and J. Morse, "Experiences of host behavior in broken 601 IPv6 networks", March 2011, 602 . 604 [I-D.ietf-6man-addr-select-opt] 605 Matsumoto, A., Fujisaki, T., Kato, J., and T. Chown, 606 "Distributing Address Selection Policy using DHCPv6", 607 draft-ietf-6man-addr-select-opt-01 (work in progress), 608 June 2011. 610 [Perreault] 611 Perreault, S., "Happy Eyeballs in Erlang", February 2011, 612 . 615 [RFC1671] Carpenter, B., "IPng White Paper on Transition and Other 616 Considerations", RFC 1671, August 1994. 618 [RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting 619 Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006. 621 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 622 (ICE): A Protocol for Network Address Translator (NAT) 623 Traversal for Offer/Answer Protocols", RFC 5245, 624 April 2010. 626 [RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for 627 Detecting Network Attachment in IPv6", RFC 6059, 628 November 2010. 630 [RFC6157] Camarillo, G., El Malki, K., and V. Gurbani, "IPv6 631 Transition in the Session Initiation Protocol (SIP)", 632 RFC 6157, April 2011. 634 [RFC6269] Ford, M., Boucadair, M., Durand, A., Levis, P., and P. 635 Roberts, "Issues with IP Address Sharing", RFC 6269, 636 June 2011. 638 [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, 639 December 2011. 641 [whitelist] 642 Google, "Google IPv6 DNS Whitelist", January 2009, 643 . 645 Appendix A. Changes 647 [RFC Editor: Please remove this section prior to publication as an 648 RFC.] 650 A.1. changes from -06 to -07 652 o Changed "xmpp clients" to "instant messaging clients". 654 o For debugging/troubleshooting, providing a log of activity or a 655 way to see current settings is useful. 657 o tweaked abstract 659 o "URIs and hostnames" -> "hostnames" 661 o tweaked text on caching 663 o interfaces (not hosts) notice when they are connected to a new 664 network. 666 o encourage implementations to provide log or other way to view 667 Happy Eyeballs settings. 669 o detailed that implementation can be in OS or in application. 671 o 150-250ms is for human factors 673 A.2. changes from -05 to -06 675 o Added paragraph describing current AAAA practice on the Internet 676 (one AAAA record) due to non-Happy Eyeballs implementations, per 677 opsdir review. 679 o fixed "=" in Figure 1. 681 o Removed text discussing A6. A6 is being deprecated in another 682 document, and querying A6 is not a significant operational problem 683 on the Internet. 685 A.3. changes from -04 to -05 687 o Updated citations. 689 A.4. changes from -03 to -04 691 o Make RFC3363 a non-normative reference. 693 A.5. changes from -03 to -04 695 o Better explained why IPv6 needs to be preferred 697 o Don't query A6. 699 A.6. changes from -02 to -03 701 o Re-casted this specification as a list of requirements for a 702 compliant algorithm, rather than trying to dictate a One True 703 algorithm. 705 A.7. changes from -01 to -02 707 o Now honors host's address preference (RFC3484 and friends) 709 o No longer requires thread-safe DNS library. It uses getaddrinfo() 711 o No longer describes threading. 713 o IPv6 is given a 200ms head start (Initial Headstart variable). 715 o If the IPv6 and IPv4 connection attempts were made at nearly the 716 same time, wait Tolerance Interval milliseconds for both to 717 complete before deciding which one wins. 719 o Renamed "global P" to "Smoothed P", and better described how it is 720 calculated. 722 o introduced the exception cache. This contains the set of networks 723 that only work with IPv4 (or only with IPv6), so that subsequent 724 connection attempts use that address family without them causing 725 serious affect to Smoothed P. 727 o encourages that every 10 minutes the exception cache and Smoothed 728 P be reset. This allows IPv6 to be attempted again, so we don't 729 get 'stuck' on IPv4. 731 o If we didn't get both A and AAAA, abandon all Happy Eyeballs 732 processing (thanks to Simon Perreault). 734 o added discussion of Same Origin Policy 735 o Removed discussion of NAT-PT and address learning; those are only 736 used with IPv6-only hosts whereas this document is about dual- 737 stack hosts contacting dual-stack servers. 739 A.8. changes from -00 to -01 741 o added SRV section (thanks to Matt Miller) 743 Authors' Addresses 745 Dan Wing 746 Cisco Systems, Inc. 747 170 West Tasman Drive 748 San Jose, CA 95134 749 USA 751 Email: dwing@cisco.com 753 Andrew Yourtchenko 754 Cisco Systems, Inc. 755 De Kleetlaan, 7 756 Diegem B-1831 757 Belgium 759 Email: ayourtch@cisco.com