IETF Logo Mail Archive

Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt

"Bernie Volz (volz)" <volz@cisco.com> Wed, 08 April 2020 14:46 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C3E93A0A9C; Wed, 8 Apr 2020 07:46:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NE1NQmIJ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=j84Eup3w
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kb51ejos2U06; Wed, 8 Apr 2020 07:46:42 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 850543A0A9A; Wed, 8 Apr 2020 07:46:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3013; q=dns/txt; s=iport; t=1586357202; x=1587566802; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=vsIuyItNVn0Hls/SxSnyMEMn+djoCqgUVenVgfM3cro=; b=NE1NQmIJYPhtsMoK7c9f4LrzmJ+cOOtIaYvojtGHXkcxWnNbdZLqUBN4 aqz6qSAnB9/2XgB3lSH1gZWEJnqlgEbcQxAyVsmTPgs9Rswtl4WURg3cO LEDHX62EcB32U/urSjVAWY5dIYZvK1/Xl7TWzgz1bKXNgcOANO/hPzP/3 4=;
IronPort-PHdr: 9a23:pHqK8hAlJVf5hVxW0KJBUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qgw3kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMdRXUgMdz8AfngguGsmAXFP8KOzCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CtAABG441e/5ldJa1mHAEBAQEBBwEBEQEEBAEBgWkFAQELAYFTJCwFgUQgBAsqCodXA4prgl+YIIEugSQDVAoBAQEMAQEtAgQBAYREAoIHJDYHDgIDAQELAQEFAQEBAgEFBG2FVgELhXABAQEBAgESKAYBATcBBAcEAgEIEQQBAR8QMh0IAgQOBQgahVADDiABpXECgTmIYoIngn8BAQWFOxiCDQmBOAGMMhqCAIFUgk0+hFCDQoIssTQKgj2XUoJOjRmMIY88nCsCBAIEBQIOAQEFgVgBMoFXcBWDJFAYDZEiDBeDUIpUAXSBKY0ZAYEPAQE
X-IronPort-AV: E=Sophos;i="5.72,358,1580774400"; d="scan'208";a="754817937"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2020 14:46:41 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 038EkfeD018233 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 8 Apr 2020 14:46:41 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 8 Apr 2020 09:46:41 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 8 Apr 2020 09:46:40 -0500
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 8 Apr 2020 09:46:40 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KPIIxM0PH0Ewm7MSO7uIZZDuMjqzdGcGhxMNAMpol2R58GHwwdyMq51I8JOWifDtuiVkqfy7SIrtrdV4Yi1uLYztmvfdCQ5zQwcPrFa9+2nSgvcPcyZvaqHPRSAmbm49gsYEiJ4xmxc6wkSenI3JBj2+CjD8Ki4Vk0qd26Ukl6Nnn6+kxW4UJnDaIXQ9lkJqKzgA/0majigevogFu+pxMTxXrjkzN4Qi9DmkP0WgPBv/bbVygjpIi7zjhW0NU7ld/+0v7erPOnsB6IzRzTzJkJ8bND+ynbUiVgv+VMuk4FBTejM8ACzg/mI3S3FJ5WOkSgnM9uK9bp4NEet9LW56hA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fVOH9ToeynMXGxjUC7/9ve7KyFAWQ0LC2iR1ipgqYlo=; b=UddKOkrHfJ5OmvmFMn6h/luGr9ICQyJzWH7BZ0mAEsHBAq/fKoLiVf6S4MnJYH1iJcw0nEmkWchp1qEpdXauS/RLB9TR7jh7sAdHmo2Ig+O553bjj3FyuUCo11qemMY6jFkftZz/QvWhiypSJlCxNjtzdiN5ylgfaC/m2PdreCJIyglllXSk+2tg0UzFKkIMOAHwdgwTrJhYnLpyIjcF8qQWzXA1KmQmU3dPpvbiVfLabOuL5wE3BR6OkvdBPDALTtzCSmSvO/rrw/Z0CU2/4mut+7fCPxQviJMJkTCzw+wm0++Ex+GufpTeIo7qUnUUyM8P/DPjNOymuvBmqmfRiQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fVOH9ToeynMXGxjUC7/9ve7KyFAWQ0LC2iR1ipgqYlo=; b=j84Eup3wHJBhFdv6awwj5gTlzI5REt+HDPsNptoGQnpAWpx0Xm0BUMTvS4jvdkr6z5qOr8MYKAesjzkIZiapLGvX1COwOaqFp6Fy9P2Xprjuade1iva+7u2xl6SRvOEF/chtonQi2FQ0U56zM+otvwgXuGu0WVxhGMO+fRnoZiw=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN7PR11MB2868.namprd11.prod.outlook.com (2603:10b6:406:a9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.20; Wed, 8 Apr 2020 14:46:40 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::29d4:9c08:fa95:c26e]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::29d4:9c08:fa95:c26e%7]) with mapi id 15.20.2878.018; Wed, 8 Apr 2020 14:46:40 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "otroan@employees.org" <otroan@employees.org>
CC: Timothy Winters <tim@qacafe.com>, "draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org" <draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt
Thread-Index: AQHV98bEC9/aF5Xkw028jQpGj8sRqKhDn3CQgAGc4gD//8IOgIARUXJQgANV7eCAAY4agP//65+AgAmXzwCAAALb0IAKp6oAgAAHjaCAAAajgIAAAH4QgAAGSQCAAACKoA==
Date: Wed, 08 Apr 2020 14:46:39 +0000
Message-ID: <BN7PR11MB25473205C56B00742630635DCFC00@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <158346050095.14620.2547383825421375669@ietfa.amsl.com> <CANFmOt=21NNyYom9KtVQ7x5mTE6rR2GAAg8DwAdaptuOWAJLrQ@mail.gmail.com> <BN7PR11MB2547E17639F673343B5210BBCFFC0@BN7PR11MB2547.namprd11.prod.outlook.com> <CANFmOtnWHJzNtw8-aj+Dqgbqh0aeDMVtXcnib0RC4Bpi+OW0eg@mail.gmail.com> <43727BCE-732F-4629-8BCD-EBCDE2507B82@cisco.com> <BN7PR11MB2547273DA5E1D5F39F26629ACFF00@BN7PR11MB2547.namprd11.prod.outlook.com> <BN7PR11MB254754D841622448F49B021ACFCE0@BN7PR11MB2547.namprd11.prod.outlook.com> <98E34F29-CAB3-4FC3-9B53-AB17AF811683@gmx.com> <75369E25-F0D9-47A5-A94C-EF40736656FC@cisco.com> <D847C596-F3D0-4165-BA5B-32E0D4E7BA35@gmx.com> <BN7PR11MB254768A96E2FCD8A56C92138CFC90@BN7PR11MB2547.namprd11.prod.outlook.com> <CAJgLMKs+v-NF4n7Jg+2LxA965e=FtYt-i9OA7XuWMFkum9VC+w@mail.gmail.com> <BN7PR11MB254798D6651138C6A1614072CFC00@BN7PR11MB2547.namprd11.prod.outlook.com> <DD7C9190-F204-42BE-A210-BEFD3B6AE534@employees.org> <BN7PR11MB25476BB741AA9BE8073F5157CFC00@BN7PR11MB2547.namprd11.prod.outlook.com> <94FCB046-F896-48C2-A291-696D59FEA625@employees.org>
In-Reply-To: <94FCB046-F896-48C2-A291-696D59FEA625@employees.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b39fca40-fc39-4eab-8924-08d7dbcba5a4
x-ms-traffictypediagnostic: BN7PR11MB2868:
x-microsoft-antispam-prvs: <BN7PR11MB2868C5382AA2D76CC1383C9FCFC00@BN7PR11MB2868.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0367A50BB1
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(366004)(39860400002)(376002)(396003)(136003)(64756008)(26005)(8676002)(71200400001)(6916009)(8936002)(86362001)(66946007)(53546011)(2906002)(5660300002)(66446008)(66574012)(66476007)(52536014)(81166007)(66556008)(76116006)(186003)(54906003)(7696005)(478600001)(33656002)(55016002)(4326008)(9686003)(81156014)(6506007)(316002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Lt364acEBhNEcT1+G9ggGel8QDw+N+mft0a3eyBUlDRJpymvjYO4weEQiQvfDOvLdAV1HzCy+ZloQmzleZsaKTG/FbxJ/xXQqElRs6WyhoHCn7jBTdfGg9fae7g4tc3z3qznxTBahrFMBC1VqIQFb6TguQFRIXxxIhbhS5QWvjZrP1A+E4OERoJa9dYRr2ONL8eUhSVFBollisjpyK9r4Y6txtvWD+DLKRv655kxTJLt3XIPBLpgFU6/hu1AaItEmNX2Y0kfb0ui/BiOFm1NP0d8qN+BehRZi8g8lyyG8+iriq4VzMIWlF3JQsHsgCrAhiO2up3kyRIwJ+d+yzrDAyxsSZldRXUetYB7k+OClEhJNB2GKz44mAJE0KgRgEuIdzd0tK+5PNZMhR1QZj9uMtyJpldN1g7HoYz3FXSRrB9GRlFgR3vRWiaJohaaPG5a
x-ms-exchange-antispam-messagedata: undug247AeS3Um4rY1q1IdS+6Qle9AyR2hTKtAvEmUQXWsx5bLDKGCuTKiPwPyuKaEyZ5Is8aN+yngcGAApbK0LoOYNy+hITwgEgPxffxSzsjgCfFqLxSyvTl/Xxo8rTp58tMwA25YqjB9eUqyEflw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b39fca40-fc39-4eab-8924-08d7dbcba5a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2020 14:46:39.9032 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wPZzdqVmvdstyjJE/CMEz7xwxVQDySRgxu0pO6leXsPDVBWD2hV36ONAlLuLex87
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2868
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/3qxIXlZ4a-EjzNIJ9Vj4S4ZOkIo>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2020 14:46:45 -0000

   WPD-5:  Any packet received by the CE router with a destination
           address in the prefix(es) delegated to the CE router but not
           in the set of prefixes assigned by the CE router to the LAN
           must be dropped.  In other words, the next hop for the
           prefix(es) delegated to the CE router should be the null
           destination.  This is necessary to prevent forwarding loops
           when some addresses covered by the aggregate are not
           reachable [RFC4632].

This doesn't apply as the CE Router has not yet received the prefix(es) delegated. Perhaps it is just poorly written as its intent was to prevent forwarding ANY traffic back out the WAN interface.

> See the sentence above the one you quoted.

Which was:

>>A CPE should never provide transit.
>>I.e it should never forward a packet received on it's WAN interface back out the WAN interface.

But that is not a requirement mentioned. Hence, why Tim probably raised it as some CPE implemented obviously didn't consider it.

Yes, not sure exactly how the text should read. Seems like you are coming around to having some text?

- Bernie

-----Original Message-----
From: otroan@employees.org <otroan@employees.org> 
Sent: Wednesday, April 8, 2020 10:37 AM
To: Bernie Volz (volz) <volz@cisco.com>
Cc: Timothy Winters <tim@qacafe.com>; draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org; dhcwg@ietf.org
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt

>> A more specific rule for that is in 7084 and possibly in 3633, requiring a blockhole route on the requesting router for the delegated prefix.
> 
> But Tim is talking about BEFORE the PD is assigned?

See the sentence above the one you quoted.

> Do you know which requirement that is in 7084? My quick glance/search at the document did not turn up such a requirement? 

WPD-5.

> I doubt 3633 applies because that is only about PD and not what happens before PDs are assigned?
> 
> And as Tim raised it, seems likely that it must be happening frequently enough that whatever may be there is not clear enough?
> 
> Is there ever a case where a CPE should forward a packet received on the WAN interface back out the WAN interface? Probably not as it is designed to be router between the WAN and LAN interfaces only.

As I said, a CPE should not provide transit.
Not quite sure how you would best implement that though, so I'm unsure what the text should be. Perhaps something aking to this paragraph from 4443:

"One specific case in which a Destination Unreachable message is sent
   with a code 3 is in response to a packet received by a router from a
   point-to-point link, destined to an address within a subnet assigned
   to that same link (other than one of the receiving router's own
   addresses).  In such a case, the packet MUST NOT be forwarded back
   onto the arrival link."

Cheers,
Ole

v2.23.0 | Report a Bug | By Email