IETF Logo Mail Archive

Re: [dhcwg] RE: mboned: draft-jdurand-assign-addr-ipv6-multicast-dhcpv6-00 comments

Stig Venaas <Stig.Venaas@uninett.no> Fri, 13 August 2004 12:27 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10997; Fri, 13 Aug 2004 08:27:56 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Bvb2V-0008PI-80; Fri, 13 Aug 2004 08:20:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BvarR-0006aa-Fj for dhcwg@megatron.ietf.org; Fri, 13 Aug 2004 08:08:41 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10113 for <dhcwg@ietf.org>; Fri, 13 Aug 2004 08:08:40 -0400 (EDT)
Received: from tyholt.uninett.no ([158.38.60.10]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Bvawb-0005HK-ED for dhcwg@ietf.org; Fri, 13 Aug 2004 08:14:01 -0400
Received: from sverresborg.uninett.no (sverresborg.uninett.no [IPv6:2001:700:e000:0:204:75ff:fee4:423b]) by tyholt.uninett.no (8.12.10/8.12.10) with ESMTP id i7DC882M023105; Fri, 13 Aug 2004 14:08:08 +0200
Received: (from venaas@localhost) by sverresborg.uninett.no (8.12.8/8.12.8/Submit) id i7DC87Mx012667; Fri, 13 Aug 2004 14:08:07 +0200
X-Authentication-Warning: sverresborg.uninett.no: venaas set sender to Stig.Venaas@uninett.no using -f
Date: Fri, 13 Aug 2004 14:08:07 +0200
From: Stig Venaas <Stig.Venaas@uninett.no>
To: Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] RE: mboned: draft-jdurand-assign-addr-ipv6-multicast-dhcpv6-00 comments
Message-ID: <20040813120807.GA12587@sverresborg.uninett.no>
References: <C9588551DE135A41AA2626CB645309370A7033EB@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <56D748BC-E63B-11D8-8860-000A95D9C74C@nominum.com> <20040810110500.GB2802@sverresborg.uninett.no> <B44D822E-EAEC-11D8-90BB-000A95D9C74C@nominum.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <B44D822E-EAEC-11D8-90BB-000A95D9C74C@nominum.com>
User-Agent: Mutt/1.4.1i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc: dhcwg@ietf.org, mboned@lists.uoregon.edu
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org

On Tue, Aug 10, 2004 at 09:45:36AM -0700, Ted Lemon wrote:
> Stig, maybe you can explain for me how it is less complicated to supply 
> multicast prefixes than it is to do stateful allocation - I don't get 
> it.   With multicast prefixes, the client either has to take its 

OK, I'll try.

> chances with the possibility of a collision, which seems quite likely 
> (random number generators are usually deterministic, not random, and 
> getting one that uses any real source of entropy is difficult, not 
> easy), or it has to do some kind of duplicate address detection, which 
> also seems difficult, not easy.

I don't have a clue what the likelihood is. But just to make it clear,
we're talking of a 32-bit number. So question is how likely is it for
two hosts/applications on the same link to pick the same 32-bit value.
I agree that some form of DAD could be needed, and I agree it's not
easy. I've been wondering slightly if the DAD in Neighbor Discovery
could be reused, but anyway, it's a big complication, I agree.

> In contrast, while stateful address allocation requires slightly more 
> work on the server side (in the sense that the server has to remember 
> which address it allocated), it's much easier on the client side - the 
> client gets a specific address, doesn't need a good RNG, and doesn't 
> need to do multicast DAD.   The additional complexity of remembering 
> which IP address we gave to the client is well-understood technology, 
> requiring no innovations and risking no accidental DoS attacks from 
> broken clients.

The stateful approach introduces some other complexity on the client
that I'm concerned about.

The main issue, is that it's the application that needs the
addresses. You need some additional infrastructure/middleware on the
host. Either the application needs to act as DHCP client (there are
big issues with that) or the application needs some standardized way
of communicating with the DHCP client. Basically the application will
need to signal to the DHCP client that it needs an address, and that
must be returned back to the client. Also, while the application is
running, the DHCP client must renew the address on behalf of the
application. I've been trying to think through how to actually
implement this, and it's not easy.

I must say though, that coming up with a general solution to how
applications can interact with DHCP might be interesting.

If we instead used the stateless prefix announcement solution we may
need to solve the DAD issue, but there are some advantages.

o For link-local multicast, it would be possible to generate link
  unique multicast addresses with no need for DHCP servers or routers.

o For unicast-prefix-based addressing (RFC 3306) you can generate a
  /96 multicast prefix from the links unicast /64 prefix and then
  using RNG plus possibly DAD you can come up with prefixes to use on
  the link. This can be done without DHCP.

o For Embedded-RP the application will need to learn the prefix from
  somewhere. But the system could learn the prefix once (from DHCP,
  from config file or whatever) and all the applications use the same.
  You can perhaps compare it to how applications use resolv.conf on
  unix and how it might be configured from DHCP or other systems.

> History suggests that DHCP server implementations are more likely to be 
> correct than DHCP client implementations, perhaps because there is less 
> risk of monoculture in the interoperability testing done by a DHCP 
> server vendor than by a DHCP client vendor (a client vendor will 
> typically test against a single server, whereas a server vendor will 
> typically have many different clients to test against).

Right

> So if it makes sense to do something like this, I would vote for doing 
> it in a stateful manner, not a stateless manner.

I think something like this is needed. Currently I'm in favour of
stateless, but I'm trying to explore both possibilities. I'm not
sure myself which one is superior.

Stig

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.39.1 | Report a Bug | By Email | System Status