Re: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements

"Bernie Volz (volz)" <volz@cisco.com> Wed, 04 November 2020 23:57 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E13193A117F; Wed, 4 Nov 2020 15:57:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=SqjQo5Qq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=QZWgKlTs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-NCRQbWX_63; Wed, 4 Nov 2020 15:57:11 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 841923A117D; Wed, 4 Nov 2020 15:57:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=43578; q=dns/txt; s=iport; t=1604534231; x=1605743831; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=9Xg/f55Bvy8C4biQMnkeR9bOijTwfgi88ugF7mGdfp4=; b=SqjQo5Qq3MCBqWwSEJCwUZwzpYZAOdvq9EWDriLOLQKzOSoGh4M9Y7kz vBAUmRNJ3FVshVwD9H4jQb1boKtem3wiPBZmbHTFUFto/8d1QLXQNm+Bj cd4bzuFB2Eax47sBhfkVF2vHn3a+9w+2/YCOTkb4/ypX+pjb6rsGlDWgu k=;
IronPort-PHdr: =?us-ascii?q?9a23=3APfWU4hFzYmmRId5HHnvz9Z1GYnJ96bzpIg4Y7I?= =?us-ascii?q?YmgLtSc6Oluo7vJ1Hb+e401QWbXIjH5bRDkeWF+6zjWGlV55GHvThCdZFXTB?= =?us-ascii?q?YKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGGcviaRvVuHLhpTIXEw?= =?us-ascii?q?/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oKxDjpgTKvc5Qioxneas=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AnAgBYP6Nf/4ENJK1iHQEBAQEJARI?= =?us-ascii?q?BBQUBgX4FAQsBgSIvIy4HcFkvLgqEM4NJA41PihOObIJTA08FCwEBAQ0BARg?= =?us-ascii?q?BDAgCBAEBgVWCdQIXgXUCJTcGDgIDAQELAQEFAQEBAgEGBHGFYQELhXIBAQE?= =?us-ascii?q?BAwEBEBEKEwEBLAsBCwQCAQgRBAEBIQECBAMCAgIfBgsUCQgCBA4FCBqDBYF?= =?us-ascii?q?+TQMuAQ6lPQKBO4hodoEygwQBAQWBMwETQYJ9DQuCEAMGgTgBgnGDcYEGhVE?= =?us-ascii?q?bggCBEAFDgk8+ghtCAQECAQGBXRUPBwmCYTOCLJA8gR6CCocajAyQR1QKgm2?= =?us-ascii?q?JCoxshTWDGJ5Vk02Bfoh6gm6SXgIEAgQFAg4BAQWBaiQqgS1wFTuCNQEzCUc?= =?us-ascii?q?XAg2OHwwXFIM6hRSFRHQCNgIGAQkBAQMJfIw7AYEQAQE?=
X-IronPort-AV: E=Sophos;i="5.77,451,1596499200"; d="scan'208,217";a="581073670"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Nov 2020 23:57:10 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 0A4NvAOj005550 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 4 Nov 2020 23:57:10 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 4 Nov 2020 17:57:09 -0600
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 4 Nov 2020 18:57:09 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 4 Nov 2020 17:57:08 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F7OPNSkTYyeZxvt+fl31WcZPWVkYzAS0eNkbYL/37LxbsbKVTnTs+PIWKLKhumQDvV42+nWlicdXw0hD5mdvOpbo3GGeAKTtjnnM5MDbB8Uuj77/mOqiBXm5S3EyRgt0ksu7b0EP7si0HMdlyv3UB7+ZUOn8B1txyF5Nm566oobnwQA5wgIWvTXcN5Yeq7GKOa3ehc2Pr4L9QYSi44d3mFbx7PJfv/MuPeC1LBBFXN4NiKq5co3xttLlbXr1DOnRw4/qkyUr5XGFb5f/uHNbgz5iwWjqUaqvVpbQl4tVbu3gpKyKJGk9tIDag7NUP+R6LXAZVBCRsB2zDevT1yFcrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Xg/f55Bvy8C4biQMnkeR9bOijTwfgi88ugF7mGdfp4=; b=KmjWi3JH8q4HLHpnp04C+l4CnxdGRsEsnJc1eSXTzAPXXTHr0yevyovMZkyMZWqaC4co0tWCBCAcQnfVPr1ishUadB9Nm7zkEXev6VOF+b1OvrrABdvW1ubz8gS/2BJRCFursAcO9G8kvHSfVn7YYT6Iwy5cefgUaS3mjWh7pK5hLHIfJNXukSgBDlfnFV0sCihvJuq9x5Jor5wxKU4yxKkSP2Jdb5b+7iZf+r2CteODyAK6SDo7G16Rg/dv7utA0CevNqgnxfhQlmaXumMR1b4QY1IF2I2WGbW24oUfEIU/l7CQrITHfD9VwCLL4hsZZEJ+sRx2/iqmzXyBwjsppA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Xg/f55Bvy8C4biQMnkeR9bOijTwfgi88ugF7mGdfp4=; b=QZWgKlTsysbYrkkEVuCYpie4z5lUvO4QdI732ArZ0Xi9HBTqySInftfAav4lTIFz4AOhg8f3ytRFVy8JoCiy5XAXpucC5amr3Uda3UMFOfyrXgo7VuEwXdfzsJKPLIF9v/+9lMppPbZOYkP/3eW8OAcnBmhmnDyFB9weFjbXqkE=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN7PR11MB2785.namprd11.prod.outlook.com (2603:10b6:406:ac::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.29; Wed, 4 Nov 2020 23:57:07 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::1dc1:e7f4:84ef:3711]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::1dc1:e7f4:84ef:3711%6]) with mapi id 15.20.3499.032; Wed, 4 Nov 2020 23:57:07 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org" <draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org>
CC: v6ops list <v6ops@ietf.org>, dhcwg <dhcwg@ietf.org>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Thread-Topic: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
Thread-Index: AQHWoWMb7h/SuZNgk0iBKtkQ2d57eamVg+CAgAJkrICAFvSAAIAJKGCXgAANHACAALRpUA==
Date: Wed, 4 Nov 2020 23:57:06 +0000
Message-ID: <BN7PR11MB2547DD143D784940F5524DA5CFEF0@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <5F6947F2-F7DF-4907-8DD5-28C2B20A91DE@gmx.com> <CAFU7BAT87uhUKZM-G9MjCgtmGbdCwXorP3SfMJm7_Ax7pvwDjg@mail.gmail.com> <f2a9e0188cd84f52adce279cfb04cbcc@boeing.com> <D259F559-8528-428A-A9DF-0D9FB07E6BE4@gmx.com> <BN7PR11MB2547029C572CB32F3C593AD7CF0B0@BN7PR11MB2547.namprd11.prod.outlook.com> <ff36a6d9f0834b5bbf331c6c40df16b8@boeing.com> <A0B74F43-07A4-47C2-B773-3F2071CFCED3@cisco.com> <CAFU7BARUKw_c2c9+3k9kJ0UqrATTruGKPGkVb5NPTo=vspb0NA@mail.gmail.com> <19432.1602258078@localhost> <644565BC-5818-4244-A34A-1B39C3FC9175@gmx.com> <BYAPR11MB25496B31F581D4E32D46542ACF040@BYAPR11MB2549.namprd11.prod.outlook.com> <CAFU7BARy-GFLDx=jRPu8Mst_Lc9fVRNTMT1MxOpEKqJ+qq9oaw@mail.gmail.com> <BCD1B4F1-32F3-4ECB-8A97-C4E58D746F22@gmx.com> <BDA018BA-70A6-4DC3-92FA-21506C72F6D9@cisco.com> <CAJgLMKt6Zd4H9SdFog3y36HMbCizQ-SsSL0p+DsdtVchz2xjUg@mail.gmail.com>
In-Reply-To: <CAJgLMKt6Zd4H9SdFog3y36HMbCizQ-SsSL0p+DsdtVchz2xjUg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 99666c57-f868-43e8-9059-08d8811d5611
x-ms-traffictypediagnostic: BN7PR11MB2785:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN7PR11MB2785685DF0A56614A9BD5413CFEF0@BN7PR11MB2785.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cOKZnaa7BVnx8PGq4youuxpIdhtnHwVPuR+aDJR6WhoUbyQEMAl2jBgBE59gb7KgDz7g8mr0X+MZJRiCaEJsc9WYI2XJ/cfLdf2yNK+vlpYKDspCjYDTOSXA7gnhBYZznEjwD4Y7kTV7kP1yrRWJ8QrlxlOz6dcWkncm+UiFGbc3EYJkX3l7jJzKyvPrGacYrmAgOtXlJsoEQ01h33SxZEh+xaR/VRXVrg1FM7KM0EkTpomucUv2I98LZiSFIoV28U4sXWQNNrV0KkqY1KizB5fSsG/5lecNff/Nfq65J1DW78BEh72PvvvmckZcIEbfVYz7Bct+b5TxcZM9R5X9VdZai5WMrgpueiys0gEnofdE4//TS/t8WNND1Nw0YK851MdZW2tprgKAkr6nLkGU6HNDS1WC0si1ybksE8PzaFJWnc1crzixcF0z3d5bdYOQnqlJDksNepNb0ZpkULy0Fw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(376002)(396003)(346002)(366004)(39860400002)(66476007)(64756008)(966005)(66556008)(9686003)(55016002)(166002)(66446008)(66946007)(54906003)(76116006)(8936002)(5660300002)(83380400001)(26005)(8676002)(7696005)(6506007)(107886003)(53546011)(2906002)(4326008)(6916009)(52536014)(450100002)(33656002)(86362001)(71200400001)(478600001)(66574015)(316002)(186003)(518174003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: +AzyPAQdzJMSQsAXFC8fOjxuqylp/6GKIGMjY2OYiocpt5kIUmpj0PejjlA7/gpfxSCUGF+Opr06b4UqDLK62LZ8iB87wbKE04Ah7T6CPypMS2Rfd3x+Axs9tuVRrrbrD41whas8m/0AyZaNHolXLgiosIKewhop5Kf/cpLlmClkUaZvEFWxSj92zIwqbLPJ6rji6u4Qd7q/XqGV6g4Hh82USr5bh7msrQ2KA3Qu5stl7jAdnZMY/Rk0YhjOR8BRAxLgYnf7MCBZazFuhlS0CvIrd4WNj3Oz0r1u4PgwOxFFT0+T9H7vnI2wJiV7ntjIqeIS81/NbzrgKthcnqZFlpcSYLylqVGs5taodJ2bIDTosEZkAMrGC8DsyxLQsT3nmSoCZ1X4Qivife1RXmM5BZHtnfyMasWyCgAWOa1a4nQ4CbNONUvnAANF9KDdHF9Nc/84EZa3Bf43xBZeFsx9PtEL9lIDqEvtb2yc4qfeaKSWxhFf/DJjA+j+dtDT9A4IyGbbtqIi5o7OFKiGOIfPAAvkCittc3P8angxy6ooioLXnbUIDcl4ZLDBk3+vStqnrW8ehgxK8p78K50mQtn60E9i009sM375XQ2yhcFvsJJoEaLZ0VNmWl1kT06ceiLRo8Ry6FKdBobfjgpI+HYjNg==
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB2547DD143D784940F5524DA5CFEF0BN7PR11MB2547namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2547.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 99666c57-f868-43e8-9059-08d8811d5611
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2020 23:57:06.9782 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AmgIb9PNbhnNaLXTFnMWLmSW0ZNdatm9uJmX0Xmdp1s1Hr1jfDjL7HYcOpc+tImZ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2785
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/1g-4YDUfAnIR8epK-HutlH4pZj4>
Subject: Re: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2020 23:57:15 -0000

I’m also wondering given issues the IESG raised for the https://tools.ietf.org/html/draft-ietf-v6ops-cpe-slaac-renum document regarding the text…
2<https://tools.ietf.org/html/draft-ietf-v6ops-cpe-slaac-renum-05#section-2>-2>.  Requirements Language

   Take careful note: Unlike other IETF documents, the key words "MUST",
   "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
   "RECOMMENDED", "MAY", and "OPTIONAL" in this document are not used as
   described in [RFC2119<https://tools.ietf.org/html/rfc2119>]9>].  This document uses these keywords not
   strictly for the purpose of interoperability, but rather for the
   purpose of establishing industry-common baseline functionality.  As
   such, the document points to several other specifications (preferable
   in RFC or stable form) to provide additional guidance to implementers
   regarding any protocol implementation required to produce a
   successful CE router that interoperates successfully with a
   particular subset of currently deploying and planned common IPv6
   access networks.

   Note: the aforementioned terms are used in exactly the same way as in
   [RFC7084<https://tools.ietf.org/html/rfc7084>]4>], with the above explanation copied verbatim from
   Section 1.1 of [RFC7084]<https://tools.ietf.org/html/rfc7084#section-1.1>.1>.

See https://datatracker.ietf.org/doc/draft-ietf-v6ops-cpe-slaac-renum/ballot/.

… whether it would be wise to follow the IESG guidance and drop the special use (in section 2.3)? Otherwise, you may run into the same issues the cpe-slaac-renum document did.

It may be wise to wait until the dust settles with that document and the text that it ends up using (perhaps just the default boilerplate for the keywords). And apply that.

I WILL assume you will do that (as I am currently the one holding the document) unless I hear otherwise from you. Or, you could decide to just update it to follow the standard boilerplate for these keywords – if so, be sure to use the latest version, such as what was used in https://tools.ietf.org/html/rfc8925 (section 1.1).

Thanks!


  *   Bernie

From: dhcwg <dhcwg-bounces@ietf.org> On Behalf Of Timothy Winters
Sent: Wednesday, November 4, 2020 8:02 AM
To: Bernie Volz (volz) <volz=40cisco.com@dmarc.ietf.org>
Cc: v6ops list <v6ops@ietf.org>rg>; dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements


I agree with Bernie, link-layer address would be an improvement to the Mac Address.

~Tim

On Wed, Nov 4, 2020 at 7:15 AM Bernie Volz (volz) <volz=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>> wrote:
Hi ... looks good but perhaps MAC address is too Ethernet specific and just link-layer address would be better?
- Bernie


On Oct 29, 2020, at 12:24 PM, "ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>" <ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>> wrote:

Hi,

Sorry for the delay in reply, I’ve been out of the office for the last few weeks for various reasons.

Here’s a new wording proposal incorporating Jen & Bernie’s suggestions:

R-4
To prevent routing loops, the relay SHOULD implement a configurable policy to drop packets
received on a DHCP-PD client facing interface with a destination address in a prefix delegated
to a client connected to that interface, as follows:  For point-to-point links, when the packet’s
ingress and egress interfaces match. For multi-access links, when the packet’s ingress and
egress interface match, and the source MAC and next-hop MAC addresses match. An
ICMPv6 Type 1, Code 6 (Destination Unreachable, reject route to destination) error message MAY
be sent as per [RFC4443], section 3.1.  The ICMP policy SHOULD be configurable.

Thanks,
Ian

On 15. Oct 2020, at 03:51, Jen Linkova <furry13@gmail.com<mailto:furry13@gmail.com>> wrote:

On Wed, Oct 14, 2020 at 12:44 AM Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>> wrote:

If not, perhaps we just say:

R-4
To prevent routing loops, the relay SHOULD implement a configurable policy to drop traffic received from an uplink interface as follows:

I'm not sure 'from an uplink interface' makes sense. In the case of a
routing loop caused by an amnesiac DHCP-PD client it would be a
downstream interface.
The scenario when such traffic arrives from an uplink interface is
'the uplink router believes the prefix is delegated to the client but
the relay does not have a route pointing to the client so it sends
traffic back' - so more likely 'an amnesiac relay' case.


For point-to-point links, when the packet's ingress and egress interfaces match. For multi-access links, when the packet's ingress and egress interface match, and the source MAC and next-hop MAC addresses match. An ICMPv6 Type 1, Code 6 (Destination Unreachable, reject route to
destination) error message MAY be sent as per [RFC4443], section 3.1.  The ICMP policy SHOULD be configurable.

- Bernie

-----Original Message-----
From: ianfarrer@gmx.com<mailto:ianfarrer@gmx.com> <ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>>
Sent: Tuesday, October 13, 2020 9:16 AM
To: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>>; Jen Linkova <furry13@gmail.com<mailto:furry13@gmail.com>>
Cc: Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>>; dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>>; 6man <ipv6@ietf.org<mailto:ipv6@ietf.org>>; v6ops list <v6ops@ietf.org<mailto:v6ops@ietf.org>>
Subject: Re: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements

Hi,

Thanks for all of the discussion on this. We’ve reworked the requirement as follows:

R-4
To prevent routing loops, the relay SHOULD implement a configurable policy to drop client traffic as follows:  For point-to-point links, when the packet's ingress and egress interfaces match. For multi-access links, when the packet's ingress and egress interface match, and the source MAC and next-hop MAC addresses match. An ICMPv6 Type 1, Code 6 (Destination Unreachable, reject route to
destination) error message MAY be sent back to the client.  The ICMP policy SHOULD be configurable.

Thanks,
Ian


On 9. Oct 2020, at 17:41, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>> wrote:


Jen Linkova <furry13@gmail.com<mailto:furry13@gmail.com>> wrote:

I think there is confusion re: the scenario we are talking about.
I've attached the diagram for the case which concerns me.
So:
- The Relay R has an interface eth0 connected to a switch S.
- Devices A and B are connected to the same switch and using R as a
default gateway.
- The prefix 2001:db8::/56 was delegated to a client A via the relay R.

a friendly amendment to your example to aid in human comprehension:
   } - The prefix 2001:db8:0000:0123:/64 was delegated to a client A via the relay R.
   }  - R installs a route for 2001:db8:0000:0123:/64 towards A via eth0.


- The device B (which has an address NOT from the delegated prefix,
but from another /64 assigned to that common link, let's sat
2001:db8:cafe::/64) sends a packet to an address from the delegated

now, my brain can more clearly see that 2001:db8:cafe::/64 is not
within 2001:db8:0000:0123:/64, while I had to use a few extra brain
cells to see that it wasn't in that ::/56 :-)


What I'd expect to happen (with DHCP-PD or without - e.g. if R has a
static route towards A, not a dynamic route produced by PD):
- the packet is sent to A. Well, if A does not have a route to
2001:db8::42 then indeed a routing loop might happen. But if A does
have a route, the packet will be delivered.


What seems to be required by R4:
- R detects that the packet is received via eth0 and needs to be sent
back to eth0. R4 seems to require such packets to be dropped.
So if B would never be able to communicate to any address in the
delegated prefix, right?


Am I missing anything?

I think that you got it right.


Perhaps the missing piece of the rule is don’t send it back to where it came from, based on link layer addresses (or link if point-to-point).


Yes. If R4 was saying 'drop the packet if it comes from the same
link-layer address you are going to send it back' - it would make
total sense. But I don't think routers do *that*.

Yes, if we made the check on L2 address, then it would work.
And I agree that routers are exactly doing that.

I think that it also works if B is a router with additional interfaces
downstream, unless there are multiple paths.

--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>   . o O ( IPv6 IøT consulting )
         Sandelman Software Works Inc, Ottawa and Worldwide

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------



--
SY, Jen Linkova aka Furry

_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops