[dhcwg] Review comments for draft-ietf-dhc-dhcpv6-failover-protocol-00.txt
Shawn Routhier <sar@isc.org> Thu, 03 December 2015 19:30 UTC
Return-Path: <sar@isc.org>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 641FE1A0127 for <dhcwg@ietfa.amsl.com>; Thu, 3 Dec 2015 11:30:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.011
X-Spam-Level:
X-Spam-Status: No, score=-5.011 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7uk2SkBQrWjU for <dhcwg@ietfa.amsl.com>; Thu, 3 Dec 2015 11:30:06 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12B6F1A0115 for <dhcwg@ietf.org>; Thu, 3 Dec 2015 11:30:06 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id D881D3493C0 for <dhcwg@ietf.org>; Thu, 3 Dec 2015 19:29:58 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 21377160048 for <dhcwg@ietf.org>; Thu, 3 Dec 2015 19:32:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 10C8B160069 for <dhcwg@ietf.org>; Thu, 3 Dec 2015 19:32:02 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id fN9-UiusdJZv for <dhcwg@ietf.org>; Thu, 3 Dec 2015 19:32:01 +0000 (UTC)
Received: from shawns-mbp.attlocal.net (107-138-42-57.lightspeed.sntcca.sbcglobal.net [107.138.42.57]) by zmx1.isc.org (Postfix) with ESMTPSA id 7D6C4160048 for <dhcwg@ietf.org>; Thu, 3 Dec 2015 19:32:01 +0000 (UTC)
From: Shawn Routhier <sar@isc.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_93ADD436-58C2-49A4-AFE5-C6FCDB3F9A74"
Message-Id: <0A4CA8D4-3D24-40D1-B664-C9B99538FF52@isc.org>
Date: Thu, 03 Dec 2015 11:29:57 -0800
To: dhcwg@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/5nzAY_3vMIRZzsndIausmtq4Hwg>
Subject: [dhcwg] Review comments for draft-ietf-dhc-dhcpv6-failover-protocol-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 19:30:10 -0000
During the last IETF there was a request to review the failover protocol draft. I’ve now had a chance to review it and here are my comments. regards, Shawn ** 1) Glossary Page 5, Delegable Prefix The use of this term seems to be inconsistent. In the glossary it seems to be something like XXXX:0:1 from which a set of prefixes to be delegated can be generated (say a set of /64s). In 4.2.2 it seems to be treating the term as the prefix that would be delegated for example XXXX:0:1:0/64. 2) Page 5, Failover endpoint - This mentions "prefixes associated with that relationship". I assume this means prefixes from which addresses or prefixes may be leased but it could be read as simply the prefixes that can be delegated. 3) Page 6, Resource - It might be useful to mention why temporary addresses are not included in failover - either in this paragraph or maybe somewhere else. (Or maybe it was in the requirements document and I missed it?) 4) page 8, 4.2.1 Independent Allocation I wonder if handing out addresses from only one partner's pool during a PARTNER-DOWN state will have any odd effects. In v4 the addresses could sort of be re-mixed over time. In v6 that won't happen. Offhand I can't think of any issues aside from the obvious pool imbalance, but it may be worth spending some time to think if odd things could happen. Paragraph 4 mentions that a partner MUST NOT lease Ipv6 addresses that were assigned to its downed partner and later released by a client. Should it also mention expired leases? declines? 5) 4.2.1.1 Independent allocation Algorithm I am confused, shouldn't the low-order bit be 127? Or is this text trying to state that low-order bit within a prefix is set or cleared? Also while it is most likely that address ranges will be described via a prefix it is also possible that they are described via start & end addresses. For example XXXX::100 to XXXX::200 (or if you prefer to have a larger range XXXX::100:0:0:0 to XXXX::200:0:0:0). When you mention "prefix" are you intending to restrict the description? or are you including something like turning the above ranges into a set of prefixes for processing? 6) 4.2.2 Proportional Allocation What happens if I have a large number of possible prefixes? For example the two servers are configured with a /32 and a prefix length of /64? Does the spec need to either limit this in some fashion or supply some guidelines or checks? Are we expecting that the configuration will include the length of the prefixes a server can delegate? I don't see any option for the rewind optimization to avoid a secondary in communications interrupted from running out of prefixes. 7) 5.3.4 POOLRESP This definition isn't quite in line with 4.2.2. This text has "to indicate that it has responded to the secondary's request" The use of "has responded to" suggests that the primary has completed the response (as in has sent all the BNDUPDs and recevied all the BNDACKs) 4.2.2 states that the POOLRESP make be sent before, during or after any BINDUPDs that need to be sent. 8) 5.4.2 OPTION_F_DNS_REMOVAL_INFO I'm imagining the sub-options encapsulated within the option which I think means the length depends on the sub-options. Are you thinking of some other arrangement? 9) 5.4.12 OPTION_F_PROTOCOL_VERSION Does the document actually specify the version number somewhere? I didn't see it but maybe I missed it. (Not the option code but the actual version number.) 10) 5.4.20 OPTION_F_STATE_EXPIRATION_TIME I believe this is the actual lifetime from 4.4? If so it would be useful to make that clear - either by changing one of the names to the other or simply adding some text. 11) 6.1.1 Sending a CONNECT message From the description of Failover Endpoint (page 5) it appears that one server can be in failover relationships with multiple other servers and one server could even be in multiple relationships with one other server. The text in 6.2 seems to reinforce this as an option. If this is true then doesn't the CONNECT message need to contain information to specify which relationship this CONNECT message is for? (Note: I'm not arguing for having multiple endpoints on the same pair of servers, I am wondering how one of them will determine which of those endpoints the other is trying to reach.) 12) 6.1.2 Receiving a CONNECT message It sounds like the the two serves can use different versions of the protocol, receive time, and unacked bind updates. The latter two seem okay but the text may want to mention that as a possibility. The first one seems like it might be difficult to deal with. 13) 6.3 Sending a STATE message In the bullet list two of them use "this failover endpoint" while the other two use "the failover endpoint". I think they are also referring to the failover endpoint sending the STATE message and find "this failover endpoint" clearer. 14) 6.6 Unreachability detection Does the document need to specify the messages are on this connection? "...any message is transmitted on this connection...". 15) The second paragraph states that if the option OPTION_F_RECEIVE_TIME is in the CONNECT or CONNECTACK message it is used. But the descriptions of CONNECT and CONNECTACK messages make it sound like that option is required. One of the two sections of text should be clarified (I would vote for always requiring the option and disconnecting if it isn't in the CONNECT or CONNECTACK). 16) Figure 1, note 4 This has the following text: ...and the MCLT has passed since the entry in RELEASED, EXPIRED, or RESET states. Should "in" be "into"? 17) Figure 1, note 7 This states that Addresses belonging to the primary server can be assigned to the secondary server pool (or the reverse) but elsewhere it appears that addresses are always handled via Independent Allocation rather than Proportional Allocation. 18) 7.3 Tiems Required for Exchanging Binding Updates partner-raw-clt-time This mentions time context which is also mentioned later on but is never defined. Perhaps adding an entry in the definitions would be useful? state-expiration-time As mentioned abouve for 5.4.20 I believe this is the actual lifetime as handed to the client? If so some text to clarify that would be useful. 19) 7.4 Sending Binding Updates The double asterisk (**) is defined as "only if the value in the OPTION_F_BINDING_STATUS is associated with a timeout". I don't see a description of which status vaues are associated with a timeout. Does this mean that a timeout happened? or could happen? From the use I think this means status == ACTIVE and therefore there is a time at which this entry would expire, but I don't think that is clear from the text. 20) 7.5.2 Procesing Binding Updates, para 4 This paragraph seems to indicate that a BNDACK doesn't need to include all of the OPTION_CLIENT_DATA options from the BNDUPD. From the other paragraphs it sounds like the BNDACK should contain all of them indicating either success or failure. In further reading 7.6 does state that the BNDACK contains an option for each option in the BNDUPD so perhaps update the phrase "each of which corresponds to one of the OPTION_CLIENT_DATA options" to something like: "one for each of the OPTION_CLIENT_DATA options" 21) Bullet item 6: This states that the partner-lifetime can be updated from a BNDUPD. In 7.3 the partner-lifetime is described as "The time that we will send (or have sent) the partner...". I think the text in 7.3 may need to update a bit to indicate that the partner can update us as well. 22) 7.6 Sending Binding Acks It occurs to me that this text and the previous text about IA_NAs and IA_PDs doesn't say if multiple options for a single client MUST or SHOULD be in a single OPTION_CLIENT_DATA or if the server is free to put them in multiple OPTION_CLIENT_DATA options (or even in separate BNDUPDs). I'm not sure if the protocol should require any behavior but it might be useful to at least point out the possibility. 23) 7.7 Receiving Binding Acks Is there any processing for receving a NAK? or should there be text saying if a NAK is recieved don't do anything? I also don't understand why the partner-lifetime is set to 0. Given the acked-partner-lifetime is set to it, retaining partner-lifetime doesn't seem necessary but it doesn't seem necessary to 0 it either. Is this to provide a way to know if / when the partner will need to be updated if it isn't 0? 24) 7.9 BNDUPD/ BNDACK Data Flow, Figure 4 At the bottom of the figure is the state expiration line in BNDACK. I assume that there is nothing under storage on receiving side as that server doesn't update the state-expiration-time. Perhaps explicitly mentioning that would be clearer? Something like "no change" or "no update"? 25) 8.1 State Machine Operation The last paragraph before the diagram mentions "+" and "-". It would be best to specify what each of them mean (I assume "-" means no communication and "+" means communication. I would also add a third to mean both. Some of the boxes include "-|+" while others simply use "+-", having a single character would probably be clearer. 26) 8.3.2 This section makes use of PREVIOUS-STATE and CURRENT-STATE without a definition of them. I believe they are intended to be the variables for those items? There seems to be some inconsistency in the use of PREVIOUS-STATE & CURRENT-STATE and previous state & current state. See step 2 para 2, step 5 para2, step 5 para 4 27) In Step 6 Should the server proceed to transition from PREVIOUS-STATE to the next state due to communications interrupted? Or perhaps the text from step 2 should be moved to here? I don't see what having step 2 is doing. In step 5 there is a mention of taking the communications OK transition, so isn't step 6 the only other case? 28) 8.7.2 Transition out of RECOVER-DONE State The text doesn't seem to match the diagram. The text only mentions transitioning when the partner is NORMAL or RECOVER-DONE. The diagram also (seems to) has (have) transitions for: RECOVER & RECOVER-WAIT to COMMUNICATIONS-INTERRUPTED, POTENTIAL-CONFLICT to POTENTIAL-CONFLICT. 29) 8.8.1 Operation in NORMAL State This note is for the NORMAL box in the diagram. The box has (responsive) which would generally indicate that both servers are responsive while only the primary is. 30) 8.9 COMMUNICATIONS-INTERRUPTED State Para 2 mentions starting a timer if configured for auto-partner down. I assume this is the "Safe Period Timer" from the diagram? If so mentioning that name in the text would be clearer. (Something like "...then a timer (the Safe Period Timer from the Figure 5) is started...") 31) 9.3 Adding RRs to the DNS There is a use case for doing DDNS updates on all lease renewals. If there is a concern that the DNS might be damaged in some way then having the DHCP server update it on each renew will tend to heal it of breakages. 32) 9.4 Deleting RRs from the DNS Is there any concern about the server making the resource FREE* crashing after receiving the BNDACK but before doing the DDNS update? I think the end result of that would be the AAAA and PTR records still in the DNS until the address is reused (for the PTR) and the client gets a new address (for the AAAA) or possibly the server recovers and finishes the cleanup.
- [dhcwg] Review comments for draft-ietf-dhc-dhcpv6… Shawn Routhier
- Re: [dhcwg] Review comments for draft-ietf-dhc-dh… Kim Kinnear
- Re: [dhcwg] Review comments for draft-ietf-dhc-dh… Shawn Routhier