Android's lack of DHCPv6 support poses security and IPv6 deployment issues
Image: James Martin/CNET
With the upcoming release of Android 6.0 (“Marshmallow”) this fall, many Android devices will be updated to the latest version of the OS, and new devices running 6.0 out-of-the-box are highly anticipated. However, as is the case with previous versions of Android, version 6.0 still lacks proper support for DHCPv6.
For enterprise network management — particularly in universities and businesses with a BYOD policy — the absence of the support for the DHCPv6 standard is a significant encumbrance for IPv6 deployments.
Why Android doesn’t support DHCPv6
The responsibility for this portion of the networking stack in Android falls to one Google engineer named Lorenzo Colitti, who is quite notable for his work in IPv6 deployment. In the AOSP Issue Tracker case opened in June 2012, Colitti’s proffered solution to the issue is the inclusion of support for SLAAC and RDNSS, which are the configuration and address assignment methods used primarily at the ISP level.
Colitti closed the case in December 2014, stating:
“Implementing stateless DHCPv6 does not provide much in the way of additional functionality above what Android 5.0 supports. …Implementing stateful DHCPv6 would break planned use cases such as IPv6 tethering (which would require implementing IPv6 NAT in order to work with DHCPv6) and 464xlat on wifi (which requires that the device be able to use more than one IPv6 address). It also has greater privacy implications than stateless autoconfiguration and DHCPv4. Stateful DHCPv6 will provide the ability to connect to IPv6-only networks that don’t use RDNSS, but because stateful DHCPv6 will in general not provide the two IPv6 addresses that are required to run native and 464xlat, such a network will not support IPv4-only applications; this will impact users, because they won’t be able to use applications such as Skype, Hangouts, and many others.”
Of particular interest here is the note about tethering on IPv6 networks. In June 2015, Colitti notes that one of the use cases being protected by this decision is “USB tethering when the device is on wifi.” The need for — or utility of — this use case seems particularly specious, as the likelihood of having a device that needs a Wi-Fi connection that instead must use USB seems remote.
Why the lack of DHCPv6 support is a problem
Published standards, such as those from the IETF, exist to promote interoperability. As such, a certain level of expectation — if not obligation — exists for vendors to support industry standards, at least to an extent that normal use cases are supported. Deploying an enterprise IPv6 network that relies on DHCPv6 is not in any way an edge case.
As it stands today, every other OS with a measurable user base supports DHCPv6. Support was added in Windows Vista, OS X 10.7 (Lion), Fedora 9, Ubuntu 11.04, iOS 4.3.1, BlackBerry 10, and Windows Phone 8. The adoption of DHCPv6 is not a subject of controversy in the way that a vocal group of people dislike systemd. Effectively, the situation at hand is that one engineer’s refusal to implement a standard is causing difficulties for downstream network administrators.
To further complicate this situation, Colitti contends that the inclusion of RDNSS in Android 5.0 is a suitable stand-in for DHCPv6 support. While it generally provides an administrative method that can be used in place of DHCPv6, this view is again blind to the realities that enterprise network administrators face — no version of Windows, including Windows 10, supports RDNSS. It’s possible to deploy a network with RDNSS and DHCPv6, but this creates a great deal more problems and introduces possible security holes (PDF).
How to work around this problem
Unfortunately, there are not a lot of ways to fix this issue. The one Android vendor that bakes in DHCPv6 support is Fairphone, the social action project building an environmentally and economically responsible phone. The Fairphone solution is to include wide-dhcpv6, which was also implemented as an APK by an independent developer. This is available as DHCPv6 Client in the Google Play Store, but it requires root access. A request was made for CyanogenMod to add support for DHCPv6, though this has not as of yet resulted in an appreciable amount of traction.
What’s your view?
Has the lack of DHCPv6 support caused problems in your workplace? Has this lack of support impacted the BYOD policy, or have you been advised to not use Android for this reason? Can you think of a use case for USB tethering when the host device is connected to Wi-Fi? Share your thoughts in the comments.
Note: TechRepublic and ZDNet are CBS Interactive properties.
Continue at source: