Message Agents and IPv6 interoperability problems Research Project - - PowerPoint PPT Presentation

message agents and ipv6 interoperability problems
SMART_READER_LITE
LIVE PREVIEW

Message Agents and IPv6 interoperability problems Research Project - - PowerPoint PPT Presentation

Feb 28, 2024 20 likes •353 views

Message Agents and IPv6 interoperability problems Research Project Universiteit van Amsterdam System and Network Engineering (MSc) Conducted at SARA June 30, 2010 Michiel Timmers (michiel.timmers@os3.nl) Sebastian Carlier

slide-1
SLIDE 1

Message Agents and IPv6 interoperability problems

Research Project Universiteit van Amsterdam System and Network Engineering (MSc) Conducted at SARA June 30, 2010 Michiel Timmers (michiel.timmers@os3.nl) Sebastian Carlier (sebastian.carlier@os3.nl)

slide-2
SLIDE 2

2 / 33

Contents

  • Research Question
  • Why
  • Intro
  • Design problems with MX records in IPv4/IPv6
  • Implementation problems on clients
  • Things to keep in mind
  • Question
slide-3
SLIDE 3

3 / 33

Research Question

What e-mail architecture components and configurations introduce connectivity problems in an IPv4/IPv6 mixed environment?

slide-4
SLIDE 4

4 / 33

Why

IPv6 on your public facing services will only become more and more important. Therefore study is needed to see where problems

  • riginate to be able to fix or avoid them.
slide-5
SLIDE 5

5 / 33

Test environment

  • SARA network
  • /28 for IPv4 and /64 for IPv6
  • OS3 Lab
  • /27 for IPv4 and /64 for IPv6
  • Approximately 20 machines
  • Ubuntu 10.04, Windows, Mac OSX 10.6
  • Exim, Sendmail, Postfix, Exchange 2007 SP1
slide-6
SLIDE 6

6 / 33

Message Agents - Intro

Client (aMUA) Client (rMUA) SMTP Relay MTA MTA Mail Delivery (IMAP/POP3)

slide-7
SLIDE 7

7 / 33

Address Selection

IPv6 IPv6 IPv6 IPv6 IPv4 IPv4 IPv4 Step 1 Step 2 Message Agent Message Agent Step 3

slide-8
SLIDE 8

8 / 33

DNS A and AAAA

  • Round robin for load balancing your services:
  • With MXs of equal preference
  • With multiple A or AAAA records
  • RFC 3484 brakes this behaviour
  • Longest matching prefix (section 6, rule 9)
  • Draft “Things To Be Considered for RFC 3484 Revision”
  • RFC 3484 does not recognize private IPv4 addresses

as native (Section 6, rule 7)

slide-9
SLIDE 9

9 / 33

SMTP Relay - Problems

client SMTP Relay IPv4-only MTA: brainbird.nl IPv4/IPv6 From: user@skimbee.net (IPv6) To: unknown_user@brainbird.nl (IPv4/IPv6)

slide-10
SLIDE 10

10 / 33

SMTP Relay - Problems

client SMTP Relay IPv4-only From: user@skimbee.net (IPv6) To: unknown_user@brainbird.nl (IPv4/IPv6) MTA: brainbird.nl IPv4/IPv6 Client will send message to SMTP Relay

slide-11
SLIDE 11

11 / 33

SMTP Relay - Problems

client SMTP Relay IPv4-only Try to send it to mx10 using IPv4 From: user@skimbee.net (IPv6) To: unknown_user@brainbird.nl (IPv4/IPv6) MTA: brainbird.nl IPv4/IPv6

slide-12
SLIDE 12

12 / 33

SMTP Relay - Problems

client SMTP Relay IPv4-only From: user@skimbee.net (IPv6) To: unknown_user@brainbird.nl (IPv4/IPv6) MTA: brainbird.nl IPv4/IPv6 Recipient address rejected: User unknown

slide-13
SLIDE 13

13 / 33

SMTP Relay - Problems

client SMTP Relay IPv4-only MTA: brainbird.nl IPv4/IPv6 MTA: skimbee.net IPv6-only From: user@skimbee.net (IPv6) To: unknown_user@brainbird.nl (IPv4/IPv6) E-mail error needs to be send to sender, Not possible as domain is IPv6-only

slide-14
SLIDE 14

14 / 33

SMTP Relay - Problems

client SMTP Relay IPv4-only E-mail does not reach receiver and error code does not get returned to sender MTA: skimbee.net IPv6-only From: user@skimbee.net (IPv6) To: unknown_user@brainbird.nl (IPv4/IPv6) MTA: brainbird.nl IPv4/IPv6

slide-15
SLIDE 15

15 / 33

MX Routing - Problems

SMTP Relay IPv4-only From: user@skimbee.net To: unknown_user@brainbird.nl IPv4/IPv6 mx10 IPv4/IPv6 mx30 relay IPv6-only mx20 relay mx10 is down

slide-16
SLIDE 16

16 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay No connectivity possible between SMTP Relay and mx20 From: user@skimbee.net To: unknown_user@brainbird.nl SMTP Relay IPv4-only IPv4/IPv6 mx10

slide-17
SLIDE 17

17 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay Deliver to mx30 From: user@skimbee.net To: unknown_user@brainbird.nl SMTP Relay IPv4-only IPv4/IPv6 mx10

slide-18
SLIDE 18

18 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay From: user@skimbee.net To: unknown_user@brainbird.nl mx10 is still down SMTP Relay IPv4-only IPv4/IPv6 mx10

slide-19
SLIDE 19

19 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay From: user@skimbee.net To: unknown_user@brainbird.nl Deliver to mx20 SMTP Relay IPv4-only IPv4/IPv6 mx10

slide-20
SLIDE 20

20 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay From: user@skimbee.net To: unknown_user@brainbird.nl mx10 is still down SMTP Relay IPv4-only IPv4/IPv6 mx10

slide-21
SLIDE 21

21 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay From: user@skimbee.net To: unknown_user@brainbird.nl E-mail error needs to be send to sender, Not possible as domain is IPv4-only SMTP Relay IPv4-only IPv4/IPv6 mx10 MTA: skimbee.net IPv4-only

slide-22
SLIDE 22

22 / 33

MX Routing - Problems

IPv4/IPv6 mx30 relay IPv6-only mx20 relay From: user@skimbee.net To: unknown_user@brainbird.nl E-mail does not reach receiver and error code does not get returned to sender SMTP Relay IPv4-only IPv4/IPv6 mx10

slide-23
SLIDE 23

23 / 33

Implementation problems on clients

  • Most of the implementation problems were

found on the client side

  • Clients don't implement RFC 3484 correctly
  • Windows will end up with the same metric for

tunnels and native

  • Outlook 2007/2010 does not fall back to IPv4
  • Apple Mac OSX 10.6 is broken by design...
slide-24
SLIDE 24

24 / 33

Apple's mDNSResponder

  • Introduced in Mac OSx 10.6 (Snow Leopard)
  • Simultaneous query for A and AAAA
  • to speed up connectivity if there are DNS lookup

problems

Query: A Query: AAAA Mac OSX 10.6 DNS Resolver

slide-25
SLIDE 25

25 / 33

Apple's mDNSResponder

  • Introduced in Mac OSx 10.6 (Snow Leopard)
  • Simultaneous query for A and AAAA
  • to speed up connectivity if there are DNS lookup

problems

  • Only accepts first response

Return: A Return: AAAA Mac OSX 10.6 DNS Resolver

slide-26
SLIDE 26

26 / 33

Apple's mDNSResponder

  • This does not comply with RFC 3484.
  • Twice the amount of DNS queries on your resolver.
  • Clients will randomly access over IPv4 or IPv6

depending on what record is returned first.

  • This breaks many things
  • No fall back possible!!!
  • Problems when only AAAA is available but A

“NOERROR” is returned first.

slide-27
SLIDE 27

27 / 33

Conclusion

  • Reflecting back on our research question:

What e-mail architecture components and configurations introduce connectivity problems in an IPv4/IPv6 mixed environment?

slide-28
SLIDE 28

28 / 33

Conclusion - MTA

  • No implementation problems.
  • Problems in IPv4/IPv6 mixed environments

when doing MX routing. RFC 3974.

  • Make sure YOU have implemented Dual-Stack

(IPv4/IPv6) so in all situations MTAs can reach you.

slide-29
SLIDE 29

29 / 33

Conclusion - MUA

  • Clients will give the biggest problems.
  • Be careful before announcing AAAA for your SMTP

Relay and POP3/IMAP services.

  • Use a controlled environment to test impacted

behaviour

slide-30
SLIDE 30

30 / 33

Keep in mind

  • Transition mechanism are unreliable and

unpredictable

  • Do not configure them on a server (disable them on

Windows Server 2008).

  • Do not make any services available over transition

mechanism, like configuring an AAAA that points to a Teredo interface!!!!

  • RFC 4941 - Privacy addresses.
  • Double the amount of monitoring.
slide-31
SLIDE 31

31 / 33

Acknowledgments

  • SARA
  • Ronald van der Pol
  • Freek Dijkstra
slide-32
SLIDE 32

32 / 33

Questions?

slide-33
SLIDE 33

33 / 33

References

  • Wiki for this research
  • Apple IPv6 problems
  • Things To Be Considered for RFC 3484 Revision