RE: [dhcwg] Renumbering Requirements for Stateless DHCPv6
Changming Liu <cliu@netscreen.com> Tue, 02 March 2004 22:20 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04670 for <dhcwg-archive@odin.ietf.org>; Tue, 2 Mar 2004 17:20:34 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyIFD-0000u3-MK for dhcwg-archive@odin.ietf.org; Tue, 02 Mar 2004 17:20:08 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22MK78x003430 for dhcwg-archive@odin.ietf.org; Tue, 2 Mar 2004 17:20:07 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyIFA-0000t7-GN for dhcwg-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 17:20:04 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04649 for <dhcwg-web-archive@ietf.org>; Tue, 2 Mar 2004 17:20:00 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyIF7-0000yk-00 for dhcwg-web-archive@ietf.org; Tue, 02 Mar 2004 17:20:01 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyIEJ-0000oP-00 for dhcwg-web-archive@ietf.org; Tue, 02 Mar 2004 17:19:12 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyIDD-0000X1-00 for dhcwg-web-archive@ietf.org; Tue, 02 Mar 2004 17:18:03 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyIDB-0000Zd-14; Tue, 02 Mar 2004 17:18:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyICc-0000V1-OH for dhcwg@optimus.ietf.org; Tue, 02 Mar 2004 17:17:26 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04235 for <dhcwg@ietf.org>; Tue, 2 Mar 2004 17:17:23 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyICa-0000NU-00 for dhcwg@ietf.org; Tue, 02 Mar 2004 17:17:24 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyIB7-00009F-00 for dhcwg@ietf.org; Tue, 02 Mar 2004 17:15:53 -0500
Received: from [63.126.135.18] (helo=mail2.netscreen.com) by ietf-mx with esmtp (Exim 4.12) id 1AyIAB-0007iA-00 for dhcwg@ietf.org; Tue, 02 Mar 2004 17:14:55 -0500
Received: from ns-ca.netscreen.com (ns-ca-local [10.100.3.35]) by mail2.netscreen.com (Switch-3.1.3/Switch-3.1.0) with ESMTP id i22MDw9u016986; Tue, 2 Mar 2004 14:14:10 -0800 (PST)
Received: by NS-CA with Internet Mail Service (5.5.2653.19) id <FV1JRYC5>; Tue, 2 Mar 2004 14:13:58 -0800
Message-ID: <1B6D4CAFB8CA554EB1A0925685A07DFC0342C682@MONTEREY.netscreen.com>
From: Changming Liu <cliu@netscreen.com>
To: 'JINMEI Tatuya / ???? ' <jinmei@isl.rdc.toshiba.co.jp>, 'Tim Chown ' <tjc@ecs.soton.ac.uk>
Cc: "'dhcwg@ietf.org '" <dhcwg@ietf.org>
Subject: RE: [dhcwg] Renumbering Requirements for Stateless DHCPv6
Date: Tue, 02 Mar 2004 14:13:56 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-2022-jp"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
This draft comes at the exact time we need it. We just implemeneted DHCP server and client and one of our big customers run into this reconfig issue in their planned deployment right away! I wish I would have read it early. The scenario is different from the two described in section 3. Our customer runs DHCP clients on two unpstream interfaces and DHCP server on on downstream interface which connects to a LAN with PCs, etc, The DHCP is used just to pass configuration info . Depending on the availaibility of upstream routers which have different DNS server setup among other configs, the DHCP server needs to update DNS to the LAN immediately to avoid service outage. Note that these DNS servers are in different zones. This, to my opinion, should be another major scenario: dynamic change of config info. In section 5, among three proposed mechanisms, to me, only 1) looks viable. Multicast support should not be any issue anyway. Is it true that the entire stateless auto-config and ND are based on that? The only concern may be security for forged reconfigure message. But this is a more generic issue than just for reconfigure message itself. Or am I missing something? The lifetime has several significant drawbacks. The first one is how to engineer the lifetime value? A difficult choice. if too long it will cause too long delay, which is unacceptable for service shortage. if too short, it may cause periodic storms of request/replies. This itself sounds like a attack to me. The second one is the maintenance effort for both server and client to maintain these timers as someone pointed out in the meeting. The third option looks better, but it won't work between upstream router and downstream router using DHCPv6 to pass auto-config info. The draft requires the DHCP relay which may not exist in the scenario I just described. I guess, actually, the debate, if any, will boil down to event-driven or polling? which is better and efficient? Agree? Changming Liu Netscreen Technologies Inc. -----Original Message----- From: JINMEI Tatuya / ???? To: Tim Chown Cc: dhcwg@ietf.org Sent: 3/1/2004 5:11 PM Subject: Re: [dhcwg] Renumbering Requirements for Stateless DHCPv6 >>>>> On Tue, 10 Feb 2004 13:45:49 +0000, >>>>> Tim Chown <tjc@ecs.soton.ac.uk> said: > There have not been any list comments on a draft that I wrote with Stig and > A.K. after Minneapolis on the issue of how nodes using DHCPv6 only for non > address configuration options should leanr ofconfiguration changes. > http://www.ietf.org/internet-drafts/draft-chown-dhc-stateless-dhcpv6-ren umbering-00.txt I've read the draft, and don't see a major problem in it. One minor comment: the draft repeatedly say there should be no additional security concerns in actual proposals to address the renumbering issues: In Section 4, it says The solution should also be secure, such that additional security concerns are not added to the stateless DHCPv6 networking environment. And in Section 7, it says However, whatever mechanism is designed or chosen to address this problem should avoid the introduction of new security concerns for (stateless) DHCPv6. I have sympathy for you here, but is this actually a clear and realistic requirement? In fact, draft-venaas-dhc-lifetime-01.txt, which is expected to be a proposal to address the renumbering issue, has the following security concern: An attacker could send a fake DHCP reply with a very low lifetime value. This could make a client request new data almost immediately. The value is however not kept when the next request is made. Regarding the clarity, I'm not sure by this consideration if an additional security concern is not added. Regarding the reality, I guess it is likely to see some security concerns in actual proposals, since the proposals would be a protocol extension that affects a core part of the base specification. I don't think this comment is a technical issue though. This is probably a matter of wording. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Renumbering Requirements for Stateless DH… Tim Chown
- RE: [dhcwg] Renumbering Requirements for Stateles… Bernie Volz
- Re: [dhcwg] Renumbering Requirements for Stateles… Ralph Droms
- Re: [dhcwg] Renumbering Requirements for Stateles… JINMEI Tatuya / 神明達哉
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- Re: [dhcwg] Renumbering Requirements for Stateles… Ted Lemon
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… matthew.ford
- Re: [dhcwg] Renumbering Requirements for Stateles… Ted Lemon
- Re: [dhcwg] Renumbering Requirements for Stateles… Stig Venaas
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- Re: [dhcwg] Renumbering Requirements for Stateles… Stig Venaas
- Re: [dhcwg] Renumbering Requirements for Stateles… Stig Venaas
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Bernie Volz
- RE: [dhcwg] Renumbering Requirements for Stateles… Mark Stapp
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Bernie Volz
- RE: [dhcwg] Renumbering Requirements for Stateles… Bernie Volz
- Re: [dhcwg] Renumbering Requirements for Stateles… JINMEI Tatuya / 神明達哉
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- Re: [dhcwg] Renumbering Requirements for Stateles… Ted Lemon
- Re: [dhcwg] Renumbering Requirements for Stateles… Ted Lemon
- Re: [dhcwg] Renumbering Requirements for Stateles… Ted Lemon
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- Re: [dhcwg] Renumbering Requirements for Stateles… Ted Lemon
- RE: [dhcwg] Renumbering Requirements for Stateles… Bernie Volz
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Bernie Volz
- RE: [dhcwg] Renumbering Requirements for Stateles… matthew.ford
- Re: [dhcwg] Renumbering Requirements for Stateles… Naiming Shen
- Re: [dhcwg] Renumbering Requirements for Stateles… Naiming Shen
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- RE: [dhcwg] Renumbering Requirements for Stateles… Changming Liu
- Re: [dhcwg] bcmc status and issues Thomas Narten
- Re: [dhcwg] Further comments from Elwyn Thomas Narten
- Re: [dhcwg] bcmc status and issues Ralph Droms
- Re: [dhcwg] bcmc status mail from Kuntal Chowdhury Thomas Narten