idnits 2.17.1 draft-ietf-v6ops-happy-eyeballs-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 24, 2011) is 4719 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3484 (Obsoleted by RFC 6724) == Outdated reference: A later version (-04) exists of draft-chen-mif-happy-eyeballs-extension-01 == Outdated reference: A later version (-13) exists of draft-ietf-6man-addr-select-opt-00 -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 v6ops D. Wing 3 Internet-Draft A. Yourtchenko 4 Intended status: Standards Track Cisco 5 Expires: November 25, 2011 May 24, 2011 7 Happy Eyeballs: Trending Towards Success with Dual-Stack Hosts 8 draft-ietf-v6ops-happy-eyeballs-02 10 Abstract 12 This document describes an algorithm for a dual-stack client to 13 quickly determine the functioning address family to a dual-stack 14 server, and trend towards using that same address family for 15 subsequent connections. This improves the dual-stack user experience 16 during IPv6 or IPv4 server or network outages. 18 Status of this Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on November 25, 2011. 35 Copyright Notice 37 Copyright (c) 2011 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 4 54 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 55 3.1. URIs and hostnames . . . . . . . . . . . . . . . . . . . . 4 56 3.2. IPv6 connectivity . . . . . . . . . . . . . . . . . . . . 5 57 4. Client Recommendations . . . . . . . . . . . . . . . . . . . . 5 58 5. Implementation details: A and AAAA . . . . . . . . . . . . . . 7 59 5.1. Description of State Variables . . . . . . . . . . . . . . 7 60 5.2. Initialization, Cache Flush, and Resetting Smoothed P . . 9 61 5.3. Connecting to a Server . . . . . . . . . . . . . . . . . . 9 62 5.4. Adjusting Address Family Preferences . . . . . . . . . . . 10 63 5.5. Exception Cache . . . . . . . . . . . . . . . . . . . . . 11 64 6. Implementation Details: SRV . . . . . . . . . . . . . . . . . 12 65 7. Additional Considerations . . . . . . . . . . . . . . . . . . 13 66 7.1. Additional Network and Host Traffic . . . . . . . . . . . 13 67 7.2. Abandon Non-Winning Connections . . . . . . . . . . . . . 13 68 7.3. Determining Address Type . . . . . . . . . . . . . . . . . 13 69 7.4. Debugging and Troubleshooting . . . . . . . . . . . . . . 13 70 7.5. DNS Behavior . . . . . . . . . . . . . . . . . . . . . . . 14 71 7.6. Middlebox Issues . . . . . . . . . . . . . . . . . . . . . 14 72 7.7. Multiple Interfaces . . . . . . . . . . . . . . . . . . . 14 73 7.8. Interaction with Same Origin Policy . . . . . . . . . . . 14 74 8. Content Provider Recommendations . . . . . . . . . . . . . . . 15 75 9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 76 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 77 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 78 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 79 12.1. Normative References . . . . . . . . . . . . . . . . . . . 16 80 12.2. Informational References . . . . . . . . . . . . . . . . . 16 81 Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . . 17 82 A.1. changes from -01 to -02 . . . . . . . . . . . . . . . . . 18 83 A.2. changes from -00 to -01 . . . . . . . . . . . . . . . . . 18 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 86 1. Introduction 88 In order to use HTTP successfully over IPv6, it is necessary that the 89 user enjoys nearly identical performance as compared to IPv4. A 90 combination of today's applications, IPv6 tunneling and IPv6 service 91 providers, and some of today's content providers all cause the user 92 experience to suffer (Section 3). For IPv6, a content provider may 93 ensure a positive user experience by using a DNS white list of IPv6 94 service providers who peer directly with them, e.g. [whitelist]. 95 However, this is not scalable to all service providers worldwide, nor 96 is it scalable for other content providers to operate their own DNS 97 white list. 99 Instead, this document suggests a mechanism for applications to 100 quickly determine if IPv6 or IPv4 is the most optimal to connect to a 101 server. The suggestions in this document provide a user experience 102 which is superior to connecting to ordered IP addresses which is 103 helpful during the IPv6/IPv4 transition with dual stack hosts. 105 This problem is also described in [RFC1671], published in 1994: 107 "The dual-stack code may get two addresses back from DNS; which 108 does it use? During the many years of transition the Internet 109 will contain black holes. For example, somewhere on the way from 110 IPng host A to IPng host B there will sometimes (unpredictably) be 111 IPv4-only routers which discard IPng packets. Also, the state of 112 the DNS does not necessarily correspond to reality. A host for 113 which DNS claims to know an IPng address may in fact not be 114 running IPng at a particular moment; thus an IPng packet to that 115 host will be discarded on delivery. Knowing that a host has both 116 IPv4 and IPng addresses gives no information about black holes. A 117 solution to this must be proposed and it must not depend on 118 manually maintained information. (If this is not solved, the dual 119 stack approach is no better than the packet translation 120 approach.)" 122 Even after the transition, the procedure described in this document 123 allows applications to strongly prefer IPv6 -- yet when an IPv6 124 outage occurs the application will quickly start using IPv4 and 125 continue using IPv4. It will quietly continue trying to use IPv6 126 until IPv6 becomes available again, and then trend again towards 127 using IPv6. 129 Following the procedures in this document, once a certain address 130 family is successful, the application trends towards preferring that 131 address family. Thus, repeated use of the application DOES NOT cause 132 repeated probes over both address families. 134 Applications would have to change in order to use the mechanism 135 described in this document, by either implementing the mechanism 136 directly, or by calling APIs made available to them. To improve IPv6 137 connectivity experience for legacy applications (e.g., applications 138 which simply rely on the operating system's address preference 139 order), operating systems may use other approaches. These can 140 include changing address sorting based on configuration received from 141 the network, other configuration, or dynamic detection of the host 142 connectivity to IPv6 and IPV4 destinations. 144 While the application recommendations in this document are described 145 in the context of HTTP clients ("web browsers") and SRV clients 146 (e.g., XMPP clients) the procedure is also useful and applicable to 147 other interactive applications. 149 Code which implements some of the ideas described in this document 150 has been made available [Perreault] [Andrews]. 152 2. Notational Conventions 154 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 155 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 156 document are to be interpreted as described in [RFC2119]. 158 3. Problem Statement 160 As discussed in more detail in Section 3.1, it is important that the 161 same URI and hostname be used for IPv4 and IPv6. Using separate 162 namespaces causes namespace fragmentation and reduces the ability for 163 users to share URIs and hostnames, and complicates printed material 164 that includes the URI or hostname. 166 As discussed in more detail in Section 3.2, IPv6 connectivity is 167 broken to specific prefixes or specific hosts, or slower than native 168 IPv4 connectivity. 170 3.1. URIs and hostnames 172 URIs are often used between users to exchange pointers to content -- 173 such as on social networks, email, instant messaging, or other 174 systems. Thus, production URIs and production hostnames containing 175 references to IPv4 or IPv6 will only function if the other party is 176 also using an application, OS, and a network that can access the URI 177 or the hostname. 179 3.2. IPv6 connectivity 181 When IPv6 connectivity is impaired, today's IPv6-capable web browsers 182 incur many seconds of delay before falling back to IPv4. This harms 183 the user's experience with IPv6, which will slow the acceptance of 184 IPv6, because IPv6 is frequently disabled in its entirety on the end 185 systems to improve the user experience. 187 Reasons for such failure include no connection to the IPv6 Internet, 188 broken 6to4 or Teredo tunnels, and broken IPv6 peering. 190 DNS Server Client Server 191 | | | 192 1. |<--www.example.com A?-----| | 193 2. |<--www.example.com AAAA?--| | 194 3. |---192.0.2.1------------->| | 195 4. |---2001:db8::1----------->| | 196 5. | | | 197 6. | |--TCP SYN, IPv6--->X | 198 7. | |--TCP SYN, IPv6--->X | 199 8. | |--TCP SYN, IPv6--->X | 200 9. | | | 201 10. | |--TCP SYN, IPv4------->| 202 11. | |<-TCP SYN+ACK, IPv4----| 203 12. | |--TCP ACK, IPv4------->| 205 Figure 1: Existing behavior message flow 207 The client obtains the IPv4 and IPv6 records for the server (1-4). 208 The client attempts to connect using IPv6 to the server, but the IPv6 209 path is broken (6-8), which consumes several seconds of time. 210 Eventually, the client attempts to connect using IPv4 (10) which 211 succeeds. 213 Delays experienced by users of various browser and operating system 214 combinations have been studied [Experiences]. 216 4. Client Recommendations 218 Happy Eyeballs does two things: 220 1. Provides fast connection for users. To provide fast connections 221 for users, clients should make connections quickly over various 222 technologies, automatically tune itself to avoid flooding the 223 network with unnecessary connections (i.e., for technologies that 224 have not made successful connections), and occasionally flush its 225 self-tuning if it trended towards IPv4 Section 5.2. 227 2. Avoids thrashing the network. Clients need to avoid flooding the 228 network or servers with excessive connection initiation traffic. 229 One way to accomplish this, without significant impairment to the 230 user experience, is to cache which address family has been 231 unsuccessful and successful, and use that address family for 232 subsequent connections to the same host. 234 If a TCP client supports IPv6 and IPv4 and is connected to IPv4 and 235 IPv6 networks, it can perform the procedures described in this 236 section. 238 DNS Server Client Server 239 | | | 240 1. |<--www.example.com A?-----| | 241 2. |<--www.example.com AAAA?--| | 242 3. |---192.0.2.1------------->| | 243 4. |---2001:db8::1----------->| | 244 5. | | | 245 6. | |==TCP SYN, IPv6===>X | 246 7. | |--TCP SYN, IPv4------->| 247 8. | |<-TCP SYN+ACK, IPv4----| 248 9. | |--TCP ACK, IPv4------->| 249 10. | |==TCP SYN, IPv6===>X | 251 Figure 2: Happy Eyeballs flow 1, IPv6 broken 253 In the diagram above, the client sends two TCP SYNs at the same time 254 over IPv6 (6) and IPv4 (7). In the diagram, the IPv6 path is broken 255 but has little impact to the user because there is no long delay 256 before using IPv4. The IPv6 path is retried until the application 257 gives up (10). 259 After performing the above procedure, the client learns if 260 connections to the host's IPv6 or IPv4 address were successful. The 261 client MUST cache that information to avoid thrashing the network 262 with excessive subsequent connection attempts. For example, in the 263 diagram above, the client has noticed that IPv6 to that address 264 failed, and it should provide a greater preference to using IPv4 265 instead. 267 DNS Server Client Server 268 | | | 269 1. |<--www.example.com A?-----| | 270 2. |<--www.example.com AAAA?--| | 271 3. |---192.0.2.1------------->| | 272 4. |---2001:db8::1----------->| | 273 5. | | | 274 6. | |==TCP SYN, IPv6=======>| 275 7. | |--TCP SYN, IPv4------->| 276 8. | |<=TCP SYN+ACK, IPv6====| 277 9. | |<-TCP SYN+ACK, IPv4----| 278 10. | |==TCP ACK, IPv6=======>| 279 11. | |--TCP ACK, IPv4------->| 280 12. | |--TCP RST, IPv4------->| 282 Figure 3: Happy Eyeballs flow 2, IPv6 working 284 The diagram above shows a case where both IPv6 and IPv4 are working, 285 and IPv4 is abandoned (12). 287 5. Implementation details: A and AAAA 289 This section details how to provide robust dual stack service for 290 both IPv6 and IPv4, so that the user perceives very fast application 291 response. 293 Depending on implementation, the variables and procedures described 294 below might be implemented or maintained within a specific 295 application (e.g., web browser), library, framework, or by the 296 operating system itself. An API call such as "connect_by_name()" is 297 envisioned which would call the Happy Eyeballs routine and implement 298 the functions described in this section. 300 5.1. Description of State Variables 302 The system maintains a Smoothed P (which provides the overall 303 preference to IPv6 or IPv4), and an exception cache. Both of these 304 change over time and are described below: 306 Exception Cache: This is a cache, indexed by IP prefixes, contains 307 a "P" value for each prefix. Entries are added to this cache if a 308 connection to the expected address family failed and a connection 309 to the other address family succeeded. That is, these are 310 exceptions to the Smoothed P variable. See Section 5.5 for 311 description of how these prefixes are defined. 313 (Note: In previous versions of this document, this was the 314 "per-destination P (preference) value".) 316 P: Address family preference. This is computed for this connection 317 attempt. A positive value is a preference to start the IPv6 318 connection first, a negative value to start the IPv4 connection 319 first, and zero indicates both IPv6 and IPv4 connections are 320 started simultaneously. The absolute value is the number of 321 milliseconds between the connection attempts on two address 322 families. 324 Smoothed P: Smoothed address family preference. This is the address 325 family preference for destinations that are not in the exception 326 cache. This variable can be positive or negative, with values 327 having the same meaning as "P". In the absence of more specific 328 configuration information, it is RECOMMENDED that implementations 329 enforce a maximum value of 8000 (8 seconds) for this variable. 331 (Note: In previous versions of this document, this was the 332 "application-wide P (preference) value".) 334 The following values are configured and constant: 336 TI: Tolerance Interval, in milliseconds. This is the allowance in 337 the time a connection is expected to complete and its actual 338 completion, and is provided to accommodate slight differences in 339 network and server responsiveness. In the absence of dynamic 340 configuration information from the network (e.g., DHCP) or other 341 configuration information, it is RECOMMENDED to use 20ms. 343 Initial Headstart (IH): The initial headstart ("preference") for 344 IPv6, in milliseconds. This value provides a preference towards 345 IPv6 (if positive) or IPv4 (if negative) when the host joins a new 346 network or otherwise flushes its cached information (see 347 Section 5.2), and the distance to move P away from zero when P was 348 zero. In the absence of dynamic configuration information from 349 the network (e.g., [I-D.ietf-6man-addr-select-opt]) or other 350 configuration information (e.g., the node's address selection 351 policy has been modified to prefer IPv4 over IPv6), the value 352 100ms is recommended, which causes the initial IPv6 connection to 353 be attempted 100ms before the IPv4 connection. 355 MAXWAIT: Maximum wait time for a connection to complete, before 356 trying additional IP addresses. This is RECOMMENDED to be 10 357 seconds. 359 5.2. Initialization, Cache Flush, and Resetting Smoothed P 361 Because every network has different characteristics (e.g., working or 362 broken IPv6 or IPv4 connectivity) the Smoothed P variable SHOULD be 363 set to its default value (Smoothed P = Initial Headstart) and the 364 exception cache SHOULD be emptied whenever the host is connected to a 365 new network (e.g., DNAv4 [RFC4436], DNAv6 [RFC6059], [cx-osx], 366 [cx-win]). 368 If there are IPv6 failures to specific hosts or prefixes, the 369 exception cache will build up exception entries preferring IPv4, and 370 if there are significant IPv6 failures to many hosts or prefixes, 371 Smoothed P will become negative. When this occurs, IPv6 will not be 372 attempted at all. To avoid this problem, it is strongly RECOMMENDED 373 to occasionally flush the exception cache of all entries and reset 374 Smoothed P to Initial Offset. This SHOULD be done every 10 minutes. 375 In so doing, IPv6 and IPv4 are tried again so that if the IPv6 is 376 working again, it will quickly be preferred again. 378 5.3. Connecting to a Server 380 The steps when connecting to a server are as follows: 382 1. query DNS using getaddrinfo(). This will return addresses sorted 383 by the host's default address selection ordering [RFC3484], its 384 updates, or the address selection as chosen by the network 385 administrator [I-D.ietf-6man-addr-select-opt]. 387 2. If this returns both an IPv6 and IPv4 address, continue 388 processing to the next stop. Otherwise, Happy Eyeballs 389 processing stops here. 391 3. Of the addresses returned in step (1), look up the first IPv6 392 address and first IPv4 address in the Happy Eyeballs exception 393 cache. Matching entries in the exception cache influence the P 394 value for this connection attempt by setting P to the sum of 395 Smoothed_P and of the P values from the matching IPv6 entry (if 396 it exists) and the matching IPv4 entry (if it exists). 398 4. If P>=0, initiate a connection attempt using the first IPv6 399 address returned by step (1). If that connection has not 400 completed after P milliseconds, initiate a connection attempt 401 using IPv4. 403 5. If P<=0, initiate a connection attempt using the first IPv4 404 address returned by getaddrinfo. If that connection has not 405 completed after absolute value(P) milliseconds, initiate a 406 connection attempt using IPv6. 408 6. If neither connection has completed after MAXWAIT seconds, repeat 409 the procedure at step (3) until the addresses are exhausted. 411 After performing the above steps, there will be no connection at all 412 or one connection will complete first. If no connection was 413 successful, it should be treated as a failure for both IPv6 and IPv4. 415 5.4. Adjusting Address Family Preferences 417 If the preferred address family completed first, Smoothed P is 418 adjusted towards that address family. If the non-preferred address 419 family completed, we wait an additional Tolerance Interval 420 milliseconds for the preferred address family to complete. If the 421 expected address family succeeded, we increment the absolute value of 422 the Smoothed P; if the expected address family failed - we create an 423 exception entry that will make an adjustment to the future value of P 424 for the attempt on this pair in the direction opposite to the current 425 sign of Smoothed P. 427 The table below summarizes the adjustments: 428 | Connection completed within Tolerance Interval | 429 +--------+--------------|------------------|------------------+ 430 | | v6 and v4 ok | v6 ok, v4 failed | v6 failed, v4 ok | 431 +--------+--------------|------------------|------------------+ 432 | P > 0 | SP=SP+10 | SP=SP+10 | SP=SP/2 or cache | 433 | P < 0 | SP=SP+10 | SP=SP/2 or cache | SP=SP-10 | 434 | P = 0 |SP=big(10,IH) | SP=IH | SP=(-IH) | 435 |--------+--------------|------------------|------------------+ 437 Figure 4: Table summarizing P adjustments 439 The the above table is described in textual form: 441 o If P > 0 (indicating IPv6 is preferred over IPv4): 443 * and both the IPv6 and IPv4 connection attempts completed within 444 the Tolerance Interval, it means the IPv6 preference was 445 accurate or we should gently prefer IPv6, so Smoothed P is 446 increased by 10 milliseconds (Smoothed P = Smoothed P + 10). 448 * If the IPv6 connection completed but the IPv4 connection failed 449 within the tolerance interval, it means future connections 450 should prefer IPv6, so Smoothed P is increased by 10 451 milliseconds (Smoothed_P = Smoothed_P + 10). 453 * If the IPv6 connection failed but the IPv4 connection completed 454 within the tolerance interval, it means the IPv6 preference is 455 inaccurate. If no exception cache entry exists for the IPv6 456 and IPv4 prefixes, the entries are created and their P value 457 set to to the connection setup time * -1, and Smoothed P is 458 halved and rounded towards zero (Smoothed_P = Smoothed_P * 459 0.5). If an exception cache entry already existed, its P value 460 is doubled and Smoothed_P is not adjusted. 462 o If P < 0 (indicating IPv4 is preferred over IPv6): 464 * and both the IPv6 and IPv4 connection attempts completed within 465 the tolerance interval, we should gently prefer IPv6, so 466 Smoothed P is increased by 10 milliseconds (Smoothed_P = 467 Smoothed_P + 10). 469 * If the IPv6 connection completed but the IPv4 connection failed 470 within within the tolerance interval, it means the IPv4 471 preference is inaccurate. If no exception cache entry exists 472 for the IPv6 and IPv4 prefixes, they are created and their P 473 values set to the connection setup time and Smoothed P is 474 halved and rounded towards 0 (Smoothed_P = Smoothed_P * 0.5). 475 If an exception cahe entry already existed, its P value is 476 doubled and Smoothed_P is not adjusted. 478 * If the IPv4 connection completed but the IPv6 connection failed 479 within the tolerance interval, it means future connections 480 should prefer IPv4, so Smoothed P is decreased by 10 481 milliseconds (Smoothed_P = Smoothed_P - 10). 483 o If P = 0 (indicating IPv4 and IPv6 are equally preferred): 485 * and both the IPv6 and IPv4 connection attempts completed within 486 the tolerance interval, we should prefer IPv6 significantly, so 487 Smoothed P is set to the larger of Initial Headstart or 10 488 (Smoothed_P = larger(Initial Headstart, 10)). 490 * if the IPv6 connection completed but the IPv4 connection failed 491 within the Tolerance Interval, it means we need to prefer IPv6, 492 so Smoothed P is increased by 10 (Smoothed_P = Smoothed_P + 493 10). 495 * if the IPv4 connection completed but the IPv6 connection failed 496 within the Tolerance Interval, it means we need to prefer IPv4, 497 so P is decreased by 10 (Smoothed_P = Smoothed_P - 10). 499 5.5. Exception Cache 501 An exception cache is maintained of IPv6 prefixes and IPv4 prefixes, 502 which are exceptions to the Smoothed P value at the time a connection 503 was made. For IPv6 prefixes, the default prefix length is 64. For 504 IPv4, the default prefix length is /32. 506 The exception cache MAY be a fixed size, removing entires using a 507 least-frequently used algorithm. This works because the network path 508 is likely to change over time (thus old entries aren't valuable 509 anyway), and if an entry does not exist the Smoothed P value will 510 still provide some avoidance of user-noticable connection setup 511 delay. 513 6. Implementation Details: SRV 515 [[Editor's Note: SRV processing needs to be incorporated into the 516 above section, rather than described separately. This will be 517 done in a future update to this document.]] 519 For the purposes of this section, "client" is defined as the entity 520 initiating the connection. 522 For protocols which support DNS SRV [RFC2782], the client performs 523 the IN SRV query (e.g. IN SRV _xmpp-client._tcp.example.com) as 524 normal. The client MUST perform the following steps: 526 1. Sort all SRV records according to priority (lowest priority 527 first) 529 2. Process all of the SRV targets of the same priority with a weight 530 greater than 0: 532 A. Perform A/AAAA queries for each SRV target in parallel, as 533 described in the A/AAAA processing section 535 B. Connect to the IPv4/IPv6 addresses 537 C. If at least one connection succeeds, stop processing SRV 538 records 540 3. If there is no connection, process all of the SRV targets of the 541 same priority with a weight of 0, as per steps 2.1 through 2.3 542 above 544 4. Repeat steps 2.1 through 2.3 for the next priority, until a 545 connection is established or all SRV records have been exhausted 547 5. If there is still no connection, fallback to using the domain 548 (e.g., example.com), following steps 2.1 through 2.3 above 550 7. Additional Considerations 552 This section discusses considerations and requirements that are 553 common to new technology deployment. 555 7.1. Additional Network and Host Traffic 557 Additional network traffic and additional server load is created due 558 to the recommendations in this document. This additional load is 559 mitigated by the P value, especially the exception cache P value. 561 The procedures described in this document retain a quality user 562 experience while transitioning from IPv4-only to dual stack, while 563 still giving IPv6 a slight preference over IPv4 (in order to remove 564 load from IPv4 networks, most importantly to reduce the load on IPv4 565 network address translators). The improvement in the user experience 566 benefits the user to only a small detriment of the network, DNS 567 server, and server that are serving the user. 569 7.2. Abandon Non-Winning Connections 571 It is RECOMMENDED that the non-winning connections be abandoned, even 572 though they could -- in some cases -- be put to reasonable use. To 573 take HTTP as an example, the design of some sites can break because 574 of HTTP cookies that incorporate the client's IP address, require all 575 connections be from the same IP address. If some connections from 576 the same client are arriving from different IP addresses, such 577 applications will break. It is also important to abandon connections 578 to avoid consuming server resources (file descriptors, TCP control 579 blocks) or middlebox resources (e.g., NAPT). Using the non-winning 580 connection can also interfere with the browser's Same Origin Policy 581 (see Section 7.8). 583 7.3. Determining Address Type 585 For some transitional technologies such as a dual-stack host, it is 586 easy for the application to recognize the native IPv6 address 587 (learned via a AAAA query) and the native IPv4 address (learned via 588 an A query). While IPv6/IPv4 translation makes that difficult, 589 fortunately IPv6/IPv4 translators are not deployed on networks with 590 dual stack clients, which is the scope of this document. 592 7.4. Debugging and Troubleshooting 594 This mechanism is aimed at ensuring a reliable user experience 595 regardless of connectivity problems affecting any single transport. 596 However, this naturally means that applications employing these 597 techniques are by default less useful for diagnosing issues with any 598 particular transport. To assist in that regard, the applications 599 implementing the proposal in this document SHOULD also provide a 600 mechanism to revert the behavior to that of a default provided by the 601 operating system - the [RFC3484]. 603 7.5. DNS Behavior 605 Unique to DNS AAAA queries are the problems described in [RFC4074] 606 which, if they still persist, require applications to perform an A 607 query before the AAAA query. 609 [[Editor's Note 03: It is believed these defective DNS servers 610 have long since been upgraded. If so, we can remove this 611 section.]] 613 7.6. Middlebox Issues 615 Some devices are known to exhibit what amounts to a bug, when the A 616 and AAAA requests are sent back-to-back over the same 4-tuple, and 617 drop one of the requests or replies [DNS-middlebox]. However, in 618 some cases fixing this behaviour may not be possible either due to 619 the architectural limitations or due to the administrative 620 constraints (location of the faulty device is unknown to the end 621 hosts or not controlled by the end hosts). The algorithm described 622 in this draft, in the case of this erroneous behaviour will 623 eventually pace the queries such that this middlebox issue is 624 avoided. The algorithm described in this draft also avoids calling 625 the operating system's getaddrinfo() with "any", which should prevent 626 the operating system from sending the A and AAAA queries from the 627 same port. 629 For the large part, these issues with simultaneous DNS requests are 630 believed to be fixed. 632 7.7. Multiple Interfaces 634 Interaction of the suggestions in this document with multiple 635 interfaces, and interaction with the MIF working group, is for 636 further study ([I-D.chen-mif-happy-eyeballs-extension] is devoted to 637 this). 639 7.8. Interaction with Same Origin Policy 641 Web browsers implement same origin policy (SOP, [sop], 642 [I-D.abarth-origin]), which causes subsequent connections to the same 643 hostname to go to the same IPv4 (or IPv6) address as the previous 644 successful connection. This is done to prevent certain types of 645 attacks. 647 The same-origin policy harms user-visible responsiveness if a new 648 connection fails (e.g., due to a transient event such as router 649 failure or load balancer failure). While it is tempting to use Happy 650 Eyeballs to maintain responsiveness, web browsers MUST NOT change 651 their same origin policy because of Happy Eyeballs 653 8. Content Provider Recommendations 655 Content providers SHOULD provide both AAAA and A records for servers 656 using the same DNS name for both IPv4 and IPv6. 658 9. Security Considerations 660 [[Placeholder.]] 662 See Section 7.2 and Section 7.8. 664 10. Acknowledgements 666 The mechanism described in this paper was inspired by Stuart 667 Cheshire's discussion at the IAB Plenary at IETF72, the author's 668 understanding of Safari's operation with SRV records, Interactive 669 Connectivity Establishment (ICE [RFC5245]), and the current IPv4/IPv6 670 behavior of SMTP mail transfer agents. 672 Thanks to Fred Baker, Jeff Kinzli, Christian Kuhtz, and Iljitsch van 673 Beijnum for fostering the creation of this document. 675 Thanks to Scott Brim, Rick Jones, Stig Venaas, Erik Kline, Bjoern 676 Zeeb, Matt Miller, Dave Thaler, and Dmitry Anipko for providing 677 feedback on the document. 679 Thanks to Javier Ubillos, Simon Perreault and Mark Andrews for the 680 active feedback and the experimental work on the independent 681 practical implementations that they created. 683 Also the authors would like to thank the following individuals who 684 participated in various email discussions on this topic: Mohacsi 685 Janos, Pekka Savola, Ted Lemon, Carlos Martinez-Cagnazzo, Simon 686 Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos, 687 Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel 688 Roesen, Guillaume Leclanche, Mark Smith, Gert Doering, Martin 689 Millnert, Tim Durack, Matthew Palmer. 691 11. IANA Considerations 693 This document has no IANA actions. 695 12. References 697 12.1. Normative References 699 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 700 Requirement Levels", BCP 14, RFC 2119, March 1997. 702 [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for 703 specifying the location of services (DNS SRV)", RFC 2782, 704 February 2000. 706 [RFC3484] Draves, R., "Default Address Selection for Internet 707 Protocol version 6 (IPv6)", RFC 3484, February 2003. 709 12.2. Informational References 711 [Andrews] Andrews, M., "How to connect to a multi-homed server over 712 TCP", January 2011, . 715 [DNS-middlebox] 716 Various, "DNS middlebox behavior with multiple queries 717 over same source port", June 2009, 718 . 720 [Experiences] 721 Savolainen, T., Miettinen, N., Veikkolainen, S., Chown, 722 T., and J. Morse, "Experiences of host behavior in broken 723 IPv6 networks", March 2011, 724 . 726 [I-D.abarth-origin] 727 Barth, A., "The Web Origin Concept", 728 draft-abarth-origin-09 (work in progress), November 2010. 730 [I-D.chen-mif-happy-eyeballs-extension] 731 Chen, G. and C. Williams, "Happy Eyeballs Extension for 732 Multiple Interfaces", 733 draft-chen-mif-happy-eyeballs-extension-01 (work in 734 progress), March 2011. 736 [I-D.ietf-6man-addr-select-opt] 737 Matsumoto, A., Fujisaki, T., and J. Kato, "Distributing 738 Address Selection Policy using DHCPv6", 739 draft-ietf-6man-addr-select-opt-00 (work in progress), 740 December 2010. 742 [Perreault] 743 Perreault, S., "Happy Eyeballs in Erlang", February 2011, 744 . 747 [RFC1671] Carpenter, B., "IPng White Paper on Transition and Other 748 Considerations", RFC 1671, August 1994. 750 [RFC4074] Morishita, Y. and T. Jinmei, "Common Misbehavior Against 751 DNS Queries for IPv6 Addresses", RFC 4074, May 2005. 753 [RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting 754 Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006. 756 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 757 (ICE): A Protocol for Network Address Translator (NAT) 758 Traversal for Offer/Answer Protocols", RFC 5245, 759 April 2010. 761 [RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for 762 Detecting Network Attachment in IPv6", RFC 6059, 763 November 2010. 765 [cx-osx] Adium, "AIHostReachabilityMonitor", June 2009, 766 . 768 [cx-win] Microsoft, "NetworkChange.NetworkAvailabilityChanged 769 Event", June 2009, . 774 [sop] W3C, "Same Origin Policy", January 2010, 775 . 777 [whitelist] 778 Google, "Google IPv6 DNS Whitelist", January 2009, 779 . 781 Appendix A. Changes 782 A.1. changes from -01 to -02 784 o Now honors host's address preference (RFC3484 and friends) 786 o No longer requires thread-safe DNS library. It uses getaddrinfo() 788 o No longer describes threading. 790 o IPv6 is given a 200ms head start (Initial Headstart variable). 792 o If the IPv6 and IPv4 connection attempts were made at nearly the 793 same time, wait Tolerance Interval milliseconds for both to 794 complete before deciding which one wins. 796 o Renamed "global P" to "Smoothed P", and better described how it is 797 calculated. 799 o introduced the exception cache. This contains the set of networks 800 that only work with IPv4 (or only with IPv6), so that subsequent 801 connection attempts use that address family without them causing 802 serious affect to Smoothed P. 804 o encourages that every 10 minutes the exception cache and Smoothed 805 P be reset. This allows IPv6 to be attempted again, so we don't 806 get 'stuck' on IPv4. 808 o If we didn't get both A and AAAA, abandon all Happy Eyeballs 809 processing (thanks to Simon Perreault). 811 o added discussion of Same Origin Policy 813 o Removed discussion of NAT-PT and address learning; those are only 814 used with IPv6-only hosts whereas this document is about dual- 815 stack hosts contacting dual-stack servers. 817 A.2. changes from -00 to -01 819 o added SRV section (thanks to Matt Miller) 821 Authors' Addresses 823 Dan Wing 824 Cisco Systems, Inc. 825 170 West Tasman Drive 826 San Jose, CA 95134 827 USA 829 Email: dwing@cisco.com 831 Andrew Yourtchenko 832 Cisco Systems, Inc. 833 De Kleetlaan, 7 834 San Jose, Diegem B-1831 835 Belgium 837 Email: ayourtch@cisco.com