Re: [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-dhcpv6-prefix-length-hint-issue
Ted Lemon <mellon@fugue.com> Mon, 23 May 2016 19:13 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10AA612D167 for <dhcwg@ietfa.amsl.com>; Mon, 23 May 2016 12:13:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVYAY6W31NvX for <dhcwg@ietfa.amsl.com>; Mon, 23 May 2016 12:13:50 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DDAA12D094 for <dhcwg@ietf.org>; Mon, 23 May 2016 12:13:48 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id e130so41331441lfe.3 for <dhcwg@ietf.org>; Mon, 23 May 2016 12:13:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ubxp/auejIblaONxfCZ1lQ6moAuLj5lLitApfAqQI9Y=; b=AM/r5Agd2/gJxJkbFHyxC3X9MJ5lso8hDWOK7+8OtqAA/B5tpW6BpChP+B6Yks2UmN FbTxElEv+lHf/TLQq9X6MrA9DRwW7KN12898+dmEhQUn8z9SbBuS4x9wvKCLtKxMYU00 fBQsc65g7o4FjnDIljjafIXLsPYbFmyWsaLCuIZokK18RW4xDgBDWPaydOsyQK2TJ4J6 bPe/KoXC57HT6LpOkHtQ/i5pc/g51FZYJ8xTfyajbhqycgW0AlDdftDhrNqJDd07xDJi BjS9vVp+bzvdrkzvUcRQQ4yhAEoW+7elCDfHqnwM2kasH94t6GJAWVHqy6MtA61yvyDo 3qkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ubxp/auejIblaONxfCZ1lQ6moAuLj5lLitApfAqQI9Y=; b=c+tz0Q9czW4pqepgBXiU02uyz/qLFqGLVT1J1TqHB7+ovQbOt5xxAS/L96BRecPSjB Tszpp5ZrwgaizqYuu/lJ8hdYTpN4a2EGyZPfVCw1mYCBw97tl0xHqP33f7AMftd7nBBR 8LoRhvkFjBCGEkwzmp5C2r/g2OMlklFNcJkDmhrdP0UZE1W7OaXK56dde8kAx4ct0UAm Q02LICsuXPpAdZ5/19L7waMEYtAFMetfRz+h29axP6PTIsojLW/kuqPGVpMwuUBoiBH7 DdjEzPcmNPlqbSUlNL7T34FD22Oc+1zUQAI9OdAErjmLv52dVxrvnTtiuFlSFvcmDiYk fJuQ==
X-Gm-Message-State: AOPr4FVLGDgma/gQl8Dm1PDTnjvJJ9l5qyq8j9alaRNE5ThSVc1naRnP7+IpKw0EmsRAxY0ZyXR0AQRB17C/Tw==
X-Received: by 10.25.157.204 with SMTP id g195mr6411418lfe.53.1464030826218; Mon, 23 May 2016 12:13:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.153.135 with HTTP; Mon, 23 May 2016 12:13:06 -0700 (PDT)
In-Reply-To: <30a24927-a7bf-85ce-9747-7439ecc31520@zytor.com>
References: <0a8817dba2ea46c88ca67334a11c956d@XCH-ALN-003.cisco.com> <CAJE_bqedsyBNLscViu+C9JSRm0sDtnGBjk+4SCPtZ5cKnDanYA@mail.gmail.com> <CAFx+hEMmAbEPq6F_Uh4x5jX7pLXyO7pjaq8_DB+dhQhQUpXBJw@mail.gmail.com> <CAJE_bqeX6TbKgGHSi_k5+R6ML+b7uhm5h_N9e3R5q45jKuAjbA@mail.gmail.com> <3436638ada5242bf970a30897a8fbd93@XCH-ALN-003.cisco.com> <18373b06-bfdf-7bad-d872-a3bafe3748c5@zytor.com> <CAFx+hEMQgTNmm4yrEcnDL=3SUwo=nPeGur_KV5GWYOk2GUAQHQ@mail.gmail.com> <dc43b1ea0ced4d22a53d6d3531fa1617@XCH-ALN-003.cisco.com> <30a24927-a7bf-85ce-9747-7439ecc31520@zytor.com>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 23 May 2016 15:13:06 -0400
Message-ID: <CAPt1N1k49Vp-MbZZj_AQonM-DR6ZKa5XCyCjNn4uJ+HG6uHMfg@mail.gmail.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Content-Type: multipart/alternative; boundary="001a114030445659e00533873d34"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/0yH6wei-IO6v2_nUwOWNUZm2wec>
Cc: dhcwg <dhcwg@ietf.org>, "Bernie Volz (volz)" <volz@cisco.com>, 神明達哉 <jinmei@wide.ad.jp>
Subject: Re: [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-dhcpv6-prefix-length-hint-issue
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 19:13:54 -0000
What is automatic cascaded prefix delegation? On Mon, May 23, 2016 at 2:52 PM, H. Peter Anvin <hpa@zytor.com> wrote: > On 05/23/16 11:28, Bernie Volz (volz) wrote: > > > > I am concerned about client behavior personally, so this is from this > > perspective. This comes from my having written a patchset (which I > need > > to update) for ISC dhclient to do prefix requests. > > > > My concern is when the ::/n prefix hint should be included. My > > assumption has always been that a single IA_PD always correspond to > > prefixes that are to be configured together, whereas multiple IA_PD > > delegations would mean prefixes for separate entities. If this is > NOT > > the intent it probably needs to be clarified. > > > > TX>Currently in the draft, we recommend the requesting router to use one > > IA_PD option, to contain two IA_PREFIX options. One IA_PREFIX option > > containing the current delegated prefix, the other containing the > > prefix-length hint. So even if the delegating router is able to assign a > > new prefix to the client, it would be in the same IA_PD option with the > > same IAID. > > > > Yes, this is consistent with the idea that one IA_PD corresponds to one > set of overlapping identifiers. > > > > > > > It is also worth noting that a server which receives requests for > > multiple IA_PD delegations is free to aggregate those if appropriate, > > although I have no idea if actual servers in the field do. It is > still > > unclear to me if it would be better for the client to push multiple > > IA_PD options upstream -- giving the server the option to delegate or > > not delegate -- or if it should forcibly aggregate at the client > level. > > > > TX>Aggregation is indeed a problem regarding multiple IA_PDs, although > > the draft right now does not cover the that scenario. This is one of the > > complexities we tried to avoid. > > > > Avoid, how? By ignoring the problem? If this is out of scope it would > probably be wise to consider it in a future document before everything > gets set in stone by de facto implementation quirks, if that hasn't > happened already. > > This is actually a major deal, as it is the natural consequence of > automatic cascaded prefix delegation, and in many ways aggregation is > more for upstream convenience, which means it would be better > implemented as a matter of server policy. It is also more efficient in > terms of address space assignment, since the client would be more likely > to ask for specific number of prefixes. > > That being said, there is clearly a point where the packet size becomes > ridiculous, and aggregation *really* needs to be performed in the client. > > > > > b) When creating a SOLICIT message and there are prefixes which have > > been used in the past, they SHOULD be included even if they are too > > narrow. > > > > Thus, an IA_PD request might look like: > > > > 2001:db8:85a3:2345::/64 > > ::/60 > > > > meaning "please give me a /60 if you can, otherwise please give me > > 2001:db8:85a3:2345::/64 [again]". > > > > TX>I think case b) is a bit more complicated as the client's preference > > for the prefix-length could have changed since its last prefix > > delegation, so the previous prefix might not be suitable anymore. We > > could add a sentence saying "If the requesting router's configuration > > did not change during this period..." > > > > BV> My personal opinion is what value is there here in the client > > including the /64. Sure, it could, but why should it if it really isn’t > > what it wants? Again, if the client does want to include /64, it should > > send both. But in this case, I see little reason for it to send the /64. > > > > BV> I also think not including the /64 is better because it is more > > clear that client wants a /60. > > > > Why include the existing /64 here? Because the worst-case situation for > the client is getting *another* /64, which means prefix fandango for no > benefit. This is actually a highly likely scenario if the upstream > routers only provides /64s, and doesn't *itself* manage the current set > of allocations (in which case why would we bother sending it back to > them under any circumstances.) If nothing else, the client cannot trust > the latter. > > > > > > What I think is NOT clear from the client point of view: > > > > a) When creating a SOLICIT message, and we have had at least one > prefix > > of sufficient length, SHOULD ::/n be included? That is, should an > IA_PD > > request look like: > > > > 2001:db8:85a3:7890::/60 > > ::/60 > > > > TX>I think the latter is implied by the former. Currently in the draft, > > if the client requests for a specific prefix (e.g. > > 2001:db8:85a3:7890::/60), the server will first try to return the > > requested prefix, if it is not available, the server will try to assign > > a prefix with the same length (/60). So I don't think the ::/n > > prefix-length hint still needs to be included in this case. > > > > BV> That is a very good question. It really depends on what each type of > > hint means. I think we’re all clear that ::/60 means “Client wants a > > /60”. But does “2001::/60” means “give client that prefix or, if server > > can’t, /60 is the hint” (assuming no other explicit hint is included). I > > think we could definitely decide that if a client sends > > <prefix>/<length> and not ::/<length>, then length should be treated as > > the hint if the explicitly requested prefix isn’t available. But I don’t > > think the current 3633 (or the bis document) reads like that. > > > > ... or is the latter implied by the former, even if that specific > prefix > > is unavailable? What is the request looks like: > > > > 2001:db8:85a3:7890::/60 > > 2001:db8:85a3:2345::/64 > > > > TX>We don't yet cover the use case of the client requesting more than > > one specific prefix, does there exist such a use case? > > > > BV> This one does make the previous issue more complex as is the /60 or > > /64 the hint if the server can’t grant the requested value. That is why > > the ::/<length> might be best to be explicit always as to the hint. > > > > That definitely seems like the preferred client behavior. > > > > > > > b) Are there messages *other* than SOLICIT where the hint SHOULD get > > included? > > > > TX>The client could also include the prefix-length hint in the > > Renew/Rebind message. For example, if the client's hint was not honored > > during Solicit, the client could include the prefix-length hint in the > > Renew/Rebind message, to see if the server has the prefix available at > > that time. This is covered in section 3.4 and 3.5 of the draft. > > > > > > > > BV> Correct, This all applies to Renew and Rebind!!! > > > > > > > > c) Whether or not the client SHOULD be encouraged to transmit a hint > if > > it has a *wider* prefix assigned than it needs? > > > > [My feeling is that we want to encourage the client to send the hint > for > > the preferred prefix length, longer or shorer, in SOLICIT, RENEW and > > REBIND messages unless servers in the field are known to malfuction > that > > way.] > > > > TX>The ideal case would be that the client gets exactly what it needs. > > Thus, saving the wider prefix for clients that could not function > > without it. However, this would cause a lot of complexities in the > > protocol, as both clients with a "wider" and "shorter" prefix would > > continue to request for the preferred prefix-length, which would also > > cause a lot of burden on the server. I don't know whether it is worth > > the cost. Especially, if this is going to be a Standards Track document, > > then it has to be the desired behavior for all clients. > > > > BV> I don’t think there is any harm. It may cost the server some > > processing to ‘see’ if there is a better prefix available. > > > > BV> One issue here that is important to consider is that a wider prefix > > (shorter prefix length) might be best to retain as it avoids renumbering > > (either if server was able to grant less wide (longer length) or if > > something changes on the requesting router – more interfaces added). I > > could see a client doing this on a Solicit but less likely to do it on a > > Renew/Rebind to avoid renumbering. > > > > > > d) If the client MUST/SHOULD to forcibly do aggregation or not, in > the > > case that it is OK for the client side to deal with multiple disjoint > > prefixes. > > > > [I suspect that current servers will not deal well with client > > nonaggregation.] > > > > e) If the client SHOULD or SHOULD NOT to respond to a narrower prefix > > than requested by issuing a new request for multiple prefixes (via > > multiple IA_PD options). > > > > TX>Right now in the draft, if the client received a narrower prefix than > > it requested, it is encouraged to include the prefix-length hint in the > > Renew/Rebind messages(in one IA_PD option, using two IA_PREFIX options), > > and do a graceful switch over if the server is able to grant the desired > > prefix (section 3.4 and 3.5 of the draft). > > > > BV> This is what we want. > > > > > > > > f) If there is ever a reason to NOT send a prefix hint? Would that > > implicitly mean ::/64, and if so, should that be documented? > > > > TX>If the client does not send a prefix-length hint, then how the server > > act would depend on the server default policy. The servers might return > > what the client got the last time, or it could return a prefix of > > default length (Which could be a /64). > > > > BV> That is why I think sending the hint is good – if the server must > > grant a new prefix (old cannot be extended for whatever reason), it > > knows what prefix length to use in providing a new one. (Note: Of > > course, if we make it clear that a 2001::/<length> IAPREFIX means the > > hint is <length> unless another explicit hint (::/<length>) is provided, > > then we can relax the need to send an explicit hint when the lengths are > > equal.) > > > > I think the only possible answer here has to do with the effect on the > client on renumbering. If the client has gotten 2001:db8:85a3:1200::/56 > assigned and it only needs /60, sending the ::/60 hint could encourage > the server to renumber. On the other hand, including the ::/60 hint > count prevent reassignment to a /64 if the existing prefix is unavailable. > > My gut feel at this point is that if the client wants to prevent being > renumbered, but still wants to really assure it doesn't get an > inadequate prefix, it SHOULD NOT include the hint in a RENEW message, > but probably SHOULD include the hint in a SOLICIT or REBIND message. > What do think? > > -hpa > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Francis Dupont
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Marcin Siodelski
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Francis Dupont
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… otroan
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… otroan
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ian Farrer
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Francis Dupont
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… yogendra pal
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… tianxiang li
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… tianxiang li
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… H. Peter Anvin
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… tianxiang li
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… H. Peter Anvin
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)