Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-by-remote-id-02.txt
"Woundy, Richard" <Richard_Woundy@cable.comcast.com> Tue, 06 October 2009 16:50 UTC
Return-Path: <richard_woundy@cable.comcast.com>
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 385A83A688D for <dhcwg@core3.amsl.com>; Tue, 6 Oct 2009 09:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.473
X-Spam-Level:
X-Spam-Status: No, score=-2.473 tagged_above=-999 required=5 tests=[AWL=-2.010, BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKNtFz4tl0Bw for <dhcwg@core3.amsl.com>; Tue, 6 Oct 2009 09:50:21 -0700 (PDT)
Received: from paoakoavas09.cable.comcast.com (paoakoavas09.cable.comcast.com [208.17.35.58]) by core3.amsl.com (Postfix) with ESMTP id ECC593A67E9 for <dhcwg@ietf.org>; Tue, 6 Oct 2009 09:50:18 -0700 (PDT)
Received: from ([10.52.116.30]) by paoakoavas09.cable.comcast.com with ESMTP id KP-NTF18.80083861; Tue, 06 Oct 2009 12:51:07 -0400
Received: from PACDCEXCMB06.cable.comcast.com ([24.40.15.22]) by PAOAKEXCSMTP01.cable.comcast.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 6 Oct 2009 12:51:08 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 06 Oct 2009 12:51:07 -0400
Message-ID: <8A82D1BFEDDE7E4597978355239BBBCB3BBF18@PACDCEXCMB06.cable.comcast.com>
In-Reply-To: <31D55C4D55BEED48A4459EB64567589A0F6B2E064A@BLRKECMBX02.ad.infosys.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dhcwg] Comments ondraft-ietf-dhc-leasequery-by-remote-id-02.txt
Thread-Index: AcogKEnENouqd3OKRVuwgUKDk00McQazR6DAAAW8cVABrbWBFAE16TeQ
References: <9195A029-8FEE-4BFB-BF25-10AED953EC88@nominum.com><7221E17E68B1A944ADCE8A83364DBEE61AF2CC92E6@BLRKECMBX01.ad.infosys.com><E2DB14A8-AAA7-4D87-866A-45B83D7F5328@nominum.com><7221E17E68B1A944ADCE8A83364DBEE61AF2CC9B14@BLRKECMBX01.ad.infosys.com><82234DC4-F5C8-4BC6-8D80-39B2643CCA91@nominum.com><7221E17E68B1A944ADCE8A83364DBEE61AFE02D6CA@BLRKECMBX01.ad.infosys.com><83BE11C0-4D56-41D0-BD42-0C24709518FB@nominum.com><20090818172107.GA30340@shell-too.nominum.com><8A82D1BFEDDE7E4597978355239BBBCB2A251B@PACDCEXCMB06.cable.comcast.com>, <8A82D1BFEDDE7E4597978355239BBBCB2A251C@PACDCEXCMB06.cable.comcast.com> <31D55C4D55BEED48A4459EB64567589A0F6B2E064A@BLRKECMBX02.ad.infosys.com>
From: "Woundy, Richard" <Richard_Woundy@cable.comcast.com>
To: Bharat Joshi <bharat_joshi@infosys.com>, Stephen Jacob <Stephen.Jacob@nominum.com>, Damien Neil <Damien.Neil@nominum.com>
X-OriginalArrivalTime: 06 Oct 2009 16:51:08.0674 (UTC) FILETIME=[33D6BE20:01CA46A5]
Cc: DHC-WG WG <dhcwg@ietf.org>
Subject: Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-by-remote-id-02.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 16:50:22 -0000
>Now after some time, lets assume, that lease for this IP address is forcibly removed from the DHCP server. I think you are making an assumption that I am not making. I see the lease time (option 51) in a leasequery message to be somewhat like an implicit contract. If the lease is forcibly removed from the DHCP server, then the contract is broken. There isn't a lease time in a DHCPLEASEUNASSIGNED or DHCPLEASEUNKNOWN message, so there isn't a contract. If a subnet is subsequently added to the DHCP server, then again it doesn't change any contract. This behavior is important because in the real world, you don't want to make assumptions about the order of activities. If an IP subnet is added to a relay agent before it is added to a DHCP server, then it is possible that a DHCPLEASEUNKNOWN message could be generated by a lease query from the relay agent. It is desirable that when the IP subnet is added to the DHCP server, that any cached DHCPLEASEUNKNOWN messages are purged from the relay agent in a timely manner. In general, it is better not to persist negative cache entries. -- Rich -----Original Message----- From: dhcwg-bounces@ietf.org [mailto:dhcwg-bounces@ietf.org] On Behalf Of Bharat Joshi Sent: Wednesday, September 30, 2009 11:25 PM To: Woundy, Richard; Stephen Jacob; Damien Neil Cc: DHC-WG WG Subject: Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-by-remote-id-02.txt Dear Rich, Sorry for a very delayed reply. Please see my response in line. > And the reason that the DHCPLEASEUNKNOWN negative response is cached -- > not permanently stored -- is that the state of the DHCP server might > change in the future, which may not be detectable through DHCP message > gleaning. > For example, someone could add an IP subnet to the DHCP server, or even > possibly forcibly add an IP lease to the DHCP server. Ok. We had thought of this and had discussed it among ourselves [co-authors]. But there are issues with this assumption. What we think is that a Relay Agent [Access Concentrator] should not worry about what it can not detect by gleaning DHCP messages. If it worries about things happening in DHCP server also, a Relay Agent [AC] would need to keep querying DHCP server even for Active leases. Taking cue from your above example, lets assume, an IP lease is first forcibly added and because of the caching and querying, we later received a LEASEACTIVE for this IP address. Now after some time, lets assume, that lease for this IP address is forcibly removed from the DHCP server. Now as mentioned above, Relay Agent can not detect this by gleaning DHCP messages as there is no DHCP release for this IP address. So how will Relay Agent find the new state for this IP address. Only by periodically checking the state of this IP address. That means it has to keep querying for all IP addresses for which LEASE is ACTIVE. This will result in too many unnecessary messages being exchanged between DHCP server and Relay Agents. So this is one of the reasons, we decided against the use of periodic query if a DHCPLEASEUNKNOWN or DHCPLEASEUNASSIGNED is received for a specific 'Query-by-remote-id'. Thanks, Bharat > -- Rich > > -----Original Message----- > From: dhcwg-bounces@ietf.org [mailto:dhcwg-bounces@ietf.org] On Behalf > Of Woundy, Richard > Sent: Monday, September 21, 2009 6:11 PM > To: Stephen Jacob; Damien Neil > Cc: DHC-WG WG > Subject: Re: [dhcwg] Comments > ondraft-ietf-dhc-leasequery-by-remote-id-02.txt > > >>I would be interested to learn why the language regarding cacheing of > DHCPLEASEUNKNOWN responses was originally included in RFC 4388. > > >I would also like to know that. :) > > I assume you are talking about this text concerning the from section 6.5 > of RFC 4388: "The access concentrator SHOULD cache this information, but > only for a relatively short lifetime, approximately 5 minutes." > > This 'negative caching' was added to prevent a denial of service attack > on the DHCP server itself. From section 7: > > Access concentrators SHOULD minimize potential denial of service > attacks on the DHCP servers by minimizing the generation of > DHCPLEASEQUERY messages. In particular, the access concentrator > SHOULD employ negative caching (i.e., cache DHCPLEASEUNASSIGNED, > DHCPLEASEACTIVE, and DHCPLEASEUNKNOWN responses to DHCPLEASEQUERY > messages) and ciaddr restriction (i.e., don't send a DHCPLEASEQUERY > message with a ciaddr outside of the range of the attached broadband > access networks). Together, these mechanisms limit the access > concentrator to transmitting one DHCPLEASEQUERY message (excluding > message retries) per legitimate broadband access network IP address > after a reboot event. > > -- Rich > > P.S. Expect a slow response from me, as I'm working on other projects > lately. > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS*** _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www.ietf.org/mailman/listinfo/dhcwg
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Stephen Jacob
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- [dhcwg] Comments on draft-ietf-dhc-leasequery-by-… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Stephen Jacob
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… pavan_kurapati
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… pavan_kurapati
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Bud Millwood
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Bharat Joshi
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Stephen Jacob
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Bud Millwood
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… pavan_kurapati
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Stephen Jacob
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… RAMAKRISHNADTV
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Stephen Jacob
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… pavan_kurapati
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Woundy, Richard
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Woundy, Richard
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Kim Kinnear
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… pavan_kurapati
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Bharat Joshi
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… pavan_kurapati
- Re: [dhcwg] Comments on draft-ietf-dhc-leasequery… Damien Neil
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Woundy, Richard
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Bharat Joshi
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Woundy, Richard
- Re: [dhcwg] Comments ondraft-ietf-dhc-leasequery-… Niall O'Reilly