Re: [dhcwg] Changes in draft-ietf-dhc-option-guidelines-15
Ted Lemon <ted.lemon@nominum.com> Mon, 09 December 2013 19:17 UTC
Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646B81AE07A for <dhcwg@ietfa.amsl.com>; Mon, 9 Dec 2013 11:17:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eQsLxcFU3VB5 for <dhcwg@ietfa.amsl.com>; Mon, 9 Dec 2013 11:17:34 -0800 (PST)
Received: from exprod7og102.obsmtp.com (exprod7og102.obsmtp.com [64.18.2.157]) by ietfa.amsl.com (Postfix) with ESMTP id C4B571AE4CB for <dhcwg@ietf.org>; Mon, 9 Dec 2013 11:17:34 -0800 (PST)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob102.postini.com ([64.18.6.12]) with SMTP ID DSNKUqYXSvabXAHLUR73+jDk3JcOmTI/35E1@postini.com; Mon, 09 Dec 2013 11:17:30 PST
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id E35D91B82D0 for <dhcwg@ietf.org>; Mon, 9 Dec 2013 11:17:29 -0800 (PST)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id C2151190043; Mon, 9 Dec 2013 11:17:29 -0800 (PST)
Received: from vpna-132.vpn.nominum.com (192.168.1.10) by CAS-02.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.158.1; Mon, 9 Dec 2013 11:17:29 -0800
Content-Type: text/plain; charset="windows-1252"
MIME-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <52A60DDE.6010405@gmail.com>
Date: Mon, 09 Dec 2013 14:17:25 -0500
Content-Transfer-Encoding: quoted-printable
Message-ID: <722D47B4-9B4B-460F-BC53-B82807053E99@nominum.com>
References: <20131209182629.3798.19997.idtracker@ietfa.amsl.com> <52A60DDE.6010405@gmail.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
X-Mailer: Apple Mail (2.1822)
X-Originating-IP: [192.168.1.10]
Cc: "dhcwg@ietf.org WG" <dhcwg@ietf.org>, Bernie Volz <volz@cisco.com>
Subject: Re: [dhcwg] Changes in draft-ietf-dhc-option-guidelines-15
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 19:17:37 -0000
Here's my review of the update, AD hat off. Section 8, paragraph 3, talking about providing lists of IP addresses: This problem may be partially addressed by providing a list of addresses, rather than just a single one. That, on the other hand, complicates client operation, as some kind of failover procedure has to be defined and implemented. This goes against existing practice—almost no DHCP option returns only a single IP address for a server, nor is this expected behavior. Furthermore, cycling through a list of addresses is easy, and you'd have to do it with a DNS response as well. So I don't think this point makes sense. Next paragraph: OLD: This allows pointing at more localized services. However, such a practice requires violating DNS principles ('split horizon'), and hence is not recommended. NEW: This is one way to provide localized addressing. However, in order to do this, it is necessary to violate the DNS convention that a query on a particular name should always return the same answer (aside from ordering of IP addresses in the response, which is supposed to be varied by the name server). This same locality of reference for configuration information can be achieved directly using DHCP, since the DHCP server must know the network topology in order to provide IP address or prefix configuration. Next paragraph: OLD: The other type of ambiguity is related to multiple provisioning domains (see Section 12), and may get a different answer from the DNS depending on which interface or DNS server is used to do the resolution. This is particularly a problem when the normal expected use of the option makes sense with private DNS zone(s), as might be the case with a corporate VPN. It may also be the case that the client has explicit DNS server configured so may not be using the corporate internal DNS server. NEW: The other type of ambiguity is related to multiple provisioning domains (see Section 12). The stub resolver on the DHCP client cannot at present be assumed to make the DNS query for a DHCP- supplied FQDN on the same interface on which it received its DHCP configuration, and may therefore get a different answer from the DNS than was intended. This is particularly a problem when the normal expected use of the option makes sense with private DNS zone(s), as might be the case on an enterprise network. It may also be the case that the client has an explicit DNS server configured, and may therefore never query the enterprise network's internal DNS server. This advice is simply wrong: It may be generalized that the preference for address or FQDN depends on its envisaged usage. Short lived (immediately consumed) data should be address based, while long timed information is better served with FQDN. I don't think this is the basis on which the distinction should be made. E.g., is the DNS server IP address a short-term data item? I don't think so. It's reasonable to expect that any data returned by the DHCP server will be used for the duration of the lease, so this distinction provides no guidance. This paragraph likewise offers no useful guidance: Another aspect that should be considered is time required for the clients to notice any configuration changes. Consider a case where a server configures a service A using address and service B using FQDN. When an administrator decides to update the configuration, he or she can update the DHCP server configuration to change both services. If the clients do not support reconfigure (which is an optional feature of RFC3315, but in some environments, e.g. cable modems, is mandatory), the configuration will be updated on clients after T1 timer elapses. Depending on the nature of the change (is it a new server added to a cluster of already operating servers or a new server that replaces the only available server that crashed?), this may be an issue. On the other hand, updating service B may be achieved with DNS record update. That information may be cached by caching DNS servers for up to TTL. Depending on the values of T1 and TTL, one update may be faster than another. Furthermore, depending on the nature of the change (planned modification or unexpected failure), T1 or TTL may be lowered before the change to speed up new configuration adoption. Since we don't know what the TTL or the T1 time will be, as protocol designers, we simply can't make assumptions about whether a DHCP option will be refreshed more quickly based on T1 or TTL. Realistically, expectations about sudden network reconfiguration information being quickly propagated to the client are simply not dependable unless reconfigure is in fact available. Next paragraph: Addresses have a benefit of being easier to implemented and handle by the DHCP software. An address option is simpler to use, its validation is trivial (multiple of 16 constitutes a valid option), is explicit and does not allow any ambiguity. It is faster (does not require extra round trip time), so it is more efficient, which can be especially important for energy restricted devices. It also does not require having resolution capability. If you keep the last sentence, it should say this: It also does not require that the client implement DNS resolution. However, I'm not convinced that this is a compelling argument. Section 16, paragraph 2: If multiple instances are allowed, the document MUST explain how to use them. Care should be taken to not assume the they will be processed in the other they appear in the message. See Section 17 for more details. s/other/order/ In section 22, looks like an editing error: On the other hand, if a new document replaces, modifies existing behavior, it should be noted that it updates the other document. For example, [RFC6644] clearly updates [RFC3315] as it replaces existing with new text. s/replaces, modifies/replaces or modifies/
- [dhcwg] I-D Action: draft-ietf-dhc-option-guideli… internet-drafts
- [dhcwg] Changes in draft-ietf-dhc-option-guidelin… Tomek Mrugalski
- Re: [dhcwg] Changes in draft-ietf-dhc-option-guid… Ted Lemon