IETF Logo Mail Archive

Re: [dhcwg] recommendation on DHCP6 source port numbers

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 01 March 2024 01:03 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 096D0C14F61C for <dhcwg@ietfa.amsl.com>; Thu, 29 Feb 2024 17:03:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ZH143mxeQn4 for <dhcwg@ietfa.amsl.com>; Thu, 29 Feb 2024 17:03:21 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3A25C14F60D for <dhcwg@ietf.org>; Thu, 29 Feb 2024 17:03:20 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 57E333898E; Thu, 29 Feb 2024 20:03:19 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id uPWOj5SRyU2t; Thu, 29 Feb 2024 20:03:18 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E6EEB3898D; Thu, 29 Feb 2024 20:03:17 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1709254997; bh=7ERehdSGv9jjl0mpPO2aSN5041H0+r9l8pcSXRxDr1o=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=nkGs4aBOKfxG+ZdkKpdzhjXn0pK5xye2cg25VDJSYL/tA/oZ6W3QLRZi+cqBTYa0/ 347iPDnTNsslfIw2syXQW1nDI4yafTBjfAnAONHffQPHPALhDkR16SP2D8glYHQ21P NwtVvaGq7bmBATuW2IIsDIU9AbD3VZVTiiH5lyPLIXTVwVRc7GtdjqK+4Cw4m2n6cZ IpfpRES384ASYCdhXSM0ykc1tUTBxfbIIg4cN5qhpFycs7+pQXi5JxPcAXpxlx8OCp k0qszBCHSkAM5ZVG1V2Pcyz6g8NrNZKoN1jgWGCx38LGlIvRURxmGarB0vYy3IdT7o SZKX6WXVt7AQQ==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DDC65873; Thu, 29 Feb 2024 20:03:17 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "rob@deepdivenetworklng.com" <rob@deepdivenetworking.com>
cc: David Farmer <farmer@umn.edu>, dhcwg <dhcwg@ietf.org>
In-Reply-To: <E4494DF6-D1F4-4613-BA4C-9A74F4B6989B@deepdivenetworking.com>
References: <CAN-Dau3m2_L7J9T9VBk7oyHTK0EeMeuiv+jNpuMGE3m1T623=A@mail.gmail.com> <CC99EB8A-3350-4682-B273-D0656AD8F7F4@employees.org> <CAN-Dau1SPXgyHg_fkmU6rTxWpt-edAWA9hM2kR1qyP8t1XW+_Q@mail.gmail.com> <A477E0AF-F68A-4528-A907-CF0C9F7448F2@deepdivenetworking.com> <CAN-Dau3cMV8yXF=WVXrdD36oV+_FQELDsgP4cddjrFfsagpv2w@mail.gmail.com> <E4494DF6-D1F4-4613-BA4C-9A74F4B6989B@deepdivenetworking.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 29 Feb 2024 20:03:17 -0500
Message-ID: <13193.1709254997@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/538h7Um-LeF_nLW6cpMY0CxneSI>
Subject: Re: [dhcwg] recommendation on DHCP6 source port numbers
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 01:03:25 -0000

rob@deepdivenetworklng.com <rob@deepdivenetworking.com> wrote:
    > David, I can see that argument. But we also didn't think randomized
    > source ports were going to be important for DNS... I guess I don't see
    > why we should be declaring what an implementer does on the source port

We expect DNS messages to leave the "enterprise" (site) and get returned to
us.  We require it for DNS to work.  It's the whole point.
Yes, there was a point in the past where many DNS requests were *from* port-53.

DHCPv6: not so. Just the opposite.
OpenWRT actually blocks port 546/547 from being accepted on the wan
interface, unless it's LL. (zone_wan_input)
If DHCPv6 leaves the local link, it's because there is a DHCP relay configured.

So I feel confident that we will NEVER need clients to port randomized
source ports.  We *might* decide that there is some scenario where we want a
DHCPv6 *RELAY* to do something like that, but I'll bet we won't do that
without a DTLS or IPsec wrapper.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.29.0 | Report a Bug | By Email | System Status