IETF Logo Mail Archive

Re: [Dhcpv6bis] PPPoE/DSL use of DHCPv6

"Bernie Volz (volz)" <volz@cisco.com> Wed, 11 May 2016 17:41 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcpv6bis@ietfa.amsl.com
Delivered-To: dhcpv6bis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68CD612B011 for <dhcpv6bis@ietfa.amsl.com>; Wed, 11 May 2016 10:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.516
X-Spam-Level:
X-Spam-Status: No, score=-15.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2q-jrJGDDmEt for <dhcpv6bis@ietfa.amsl.com>; Wed, 11 May 2016 10:41:18 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9759412D093 for <dhcpv6bis@ietf.org>; Wed, 11 May 2016 10:41:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25496; q=dns/txt; s=iport; t=1462988478; x=1464198078; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=45Mhe1+mgh7rvLfjXWAyImFvkg9VhzmF6vaGeaJ6WDM=; b=BfPQGpvRDXvFrtekYZiq0fC4WK/OvCjYUF0xLeBq29gnNJEldut3NvAe bSVOf3RAxriuEX0VjbE4Aw5wrfVBOkgZHDnjDAKlchEmXktJmB5qcf0ew h57gjEe7UrY7fZ25tToNcaq8q7g/0+i8jq1/j4obpQjXCJUrIgUzfRDL6 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AaAgCNbTNX/51dJa1egmxMVX0GuSoBDYF2FwEKgkCCaEoCHIEfOBQBAQEBAQEBZSeEQgEBAQQBAQELFQo4CQMIEAIBCA4DBAEBKAMCAgIlCxQJCAIEAQ0FCIgnDqk3kGkBAQEBAQEBAQEBAQEBAQEBAQEBAQERBIpshBABEQEGPBCCSoJZBZgnAYh1hSGPII9AAR4BAUKCBRuBS26HTAkXBBt/AQEB
X-IronPort-AV: E=Sophos;i="5.24,608,1454976000"; d="scan'208,217";a="106987752"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 May 2016 17:41:17 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u4BHfHXO014615 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 May 2016 17:41:17 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 11 May 2016 12:41:16 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1104.009; Wed, 11 May 2016 12:41:16 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Ted Lemon <mellon@fugue.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Thread-Topic: [Dhcpv6bis] PPPoE/DSL use of DHCPv6
Thread-Index: AQHRq6bKhvovJ6S3QUKUjepO7y9yop+0T14A//+vErA=
Date: Wed, 11 May 2016 17:41:16 +0000
Message-ID: <4f9c4b6899e647c3bbca98bc4419c7a6@XCH-ALN-003.cisco.com>
References: <b32cecf196974099b78a0636cfd28fec@XCH-ALN-003.cisco.com> <27050.1462485683@obiwan.sandelman.ca> <12843.1462986084@obiwan.sandelman.ca> <CAPt1N1=UxAG3zj+DpK4iJ6huefQZS2+s_7WKrqS3SsUcZc-hSw@mail.gmail.com>
In-Reply-To: <CAPt1N1=UxAG3zj+DpK4iJ6huefQZS2+s_7WKrqS3SsUcZc-hSw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.131.76.230]
Content-Type: multipart/alternative; boundary="_000_4f9c4b6899e647c3bbca98bc4419c7a6XCHALN003ciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcpv6bis/L8fO7BII-bTUrxyxjBgkSDZ-VQE>
Cc: "dhcpv6bis@ietf.org" <dhcpv6bis@ietf.org>
Subject: Re: [Dhcpv6bis] PPPoE/DSL use of DHCPv6
X-BeenThere: dhcpv6bis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "DHCPv6 \(RFC3315\) bis discussion list" <dhcpv6bis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcpv6bis>, <mailto:dhcpv6bis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcpv6bis/>
List-Post: <mailto:dhcpv6bis@ietf.org>
List-Help: <mailto:dhcpv6bis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcpv6bis>, <mailto:dhcpv6bis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2016 17:41:21 -0000

Comments inline below (BV>).


-          Bernie

From: Dhcpv6bis [mailto:dhcpv6bis-bounces@ietf.org] On Behalf Of Ted Lemon
Sent: Wednesday, May 11, 2016 1:21 PM
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dhcpv6bis@ietf.org
Subject: Re: [Dhcpv6bis] PPPoE/DSL use of DHCPv6

In order for two DHCP servers to share the same DUID, it would be necessary that they also share the same database, in a synchronous manner so that either server could always answer the same question the same way.

BV> Yes. I always wondered if for DHCPv6 failover we should have a “failover DUID” (same for both failover partners) that would allow RENEWs to be handled by either server. But we have never really discussed and there could be some drawbacks. So, for now left it alone. The existing separate server-ids (DUIDs) works fine. It is less efficient when one server is down for extended periods (as the Renews generated by clients trying to reach it are ignored), but ideally neither server is offline for long!!

On Wed, May 11, 2016 at 1:01 PM, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>> wrote:

<#secure method=pgpmime mode=sign>

I started my previous email with some thoughts/questions about the DSL
case.  Some of my edits added some additional references to 7084 and
Broadband Forum's TR-187.

I wanted to write/ask some higher level questions.


My background:
  In my DHCPv6 server implementation for (FinePoint ServPOET) PPPoE use, I run
  a very minimal DHCPv6 server on each gateway router. (Not a relay
  agent!). This multi-interface server receives configuration information from
  the PPPD which has done the round trip with the radius server.
  I understand that some other implementations do an additional round trip
  with the radius server, I'm not sure I understand how that works.
  I know that there are Relay Agent options which can be used to by pass
  things received by PPP from the radius server to a central DHCP server.

For me, leases come from the radius server, and are the perogative of the
radius server. My DHCP server doesn't manage any pools, etc...
The DHCPv6 process also serves as Route Advertiser for the ppp link.

A DUID-UUID is generated system-wide upon first use.

1) It occurs to me that in a cluster situation (where multiple PPPoE servers
   listen for the PPPoE PADT and respond in a way to balance load), that
   perhaps the DUID should be shared across all of the PPPoE servers, as (at
   the PPP layer) the client can be serviced by any member of the cluster.
   This is what would happen were the DHCP server centralized, but I'm pretty
   sure that if there were redundant DHCP servers that the server DUIDs would
   unique.

2) Can the returned non-temporary IA_NA returned by the DHCPv6 server be the
   same address as would be generated by SLAAC?  Clearly RA doesn't actually
   generate the address, and given stable private addresses the CPE device
   could well come up with a different address, but is the IA_NA allowed
   to be the same?

BV> While it COULD be, it does create some more complex issues if a prefix is set to also allow auto-configuration. I’m not sure how common this is today (it was used a bit more early on before there were many DHCPv6 clients). Android’s lack of DHCPv6 may still force some places to do this. And, there is a v6ops or 6man draft that I think indicated that this caused issues for certain operating systems. (Our server does have an knob (default is disabled) to do this, and some customers used it .. but I think they’ve all moved away from doing so.)

BTW: I’m also not sure how you would know the SLAAC generated address in the PPP case. When packets are relayed from Ethernet, it is easy since the Relay-Forw’s peer-address has that in it. Perhaps you are trying to extract the mac-address from the Client ID (DUID). If so, I think that is very bad.


   Radius defines PW_FRAMED_IPV6_PREFIX for the PPP link itself, and nothing
   stops this from being a /128, AFAIK.

   Should we say something about this situation?
   (I neither help the radius admin to shoot themselves in the foot, nor
   prevent it)

BV> Where do you want to say something? I don’t think this belongs in RFC 3315 bis. And, I’m not even sure what situation you are referring to. And, with the move to randomly generated mac-addresses and thus DUIDs, I’m not sure what value using the SLAAC would have.


   More and more, I'd like to suggest that for the common 7084 situation
   that the PPP link not be numbered at all with public addresses
   (link-local), and that the CPE should pick an address from one of it's
   PD-delegated LAN IPs to use for traffic that it sends.
   (I rather wish that the IETF had authored TR-187)

   As such, I'd expect the RA to say M=1,O=1 and avoid having a PIO option
   at all, signaled by lack of a PW_FRAMED_IPV6_PREFIX, and for the DHCPv6
   server to decline to do IA_NA assignment, but offer IA_PDs.

3) I probably had a third point, which I'll remember when I get further
   in the document :-)

--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr%2BIETF@sandelman.ca>>, Sandelman Software Works
 -= IPv6 IoT consulting =-



_______________________________________________
Dhcpv6bis mailing list
Dhcpv6bis@ietf.org<mailto:Dhcpv6bis@ietf.org>
https://www.ietf.org/mailman/listinfo/dhcpv6bis

v2.23.0 | Report a Bug | By Email