Re: [dhcwg] AD review of draft-ietf-dhc-addr-notification-10
Lorenzo Colitti <lorenzo@google.com> Mon, 15 April 2024 08:59 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDF7EC14F726 for <dhcwg@ietfa.amsl.com>; Mon, 15 Apr 2024 01:59:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.599
X-Spam-Level:
X-Spam-Status: No, score=-22.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unf56BCv-_6m for <dhcwg@ietfa.amsl.com>; Mon, 15 Apr 2024 01:59:54 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEC30C14F721 for <dhcwg@ietf.org>; Mon, 15 Apr 2024 01:59:54 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a526a200879so92566066b.1 for <dhcwg@ietf.org>; Mon, 15 Apr 2024 01:59:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713171593; x=1713776393; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=E2aUF1AwD99ARGhuEmaYVqUcOXfV7Bp8n2IsxY1o0rE=; b=lo36eG+A2BWiTRUPsJGZQWAFZ8Ruddo7vbVQnAKu9kIIMXr3tPjR6Tjm27crRKH8+p J2NGU/qkzSCDs52Wal8fKO4wF5bVXuhT5G2JBY4Hf7RZThNLMLHsYKvJXVJ2gHpryprO OZISaELz306h6Go/PJdUi5OqZ/VsjoUoeuBgdL+iPWCUmbiL+CiBl8Zn/nCQKT7/RCCe mZ0hyrY4uoTMkN7FHWxNaKqzfNffkLJkV+RDlIOQTEFvRmHi5P4RfVM3yGke+3byB+nD W7IeD1TA1KQ60ssDyjywLPtQBrc+wp6lpBYWmy0bA+k3cb2o89UAkBcHGvQ8q1jCiQdZ ChvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713171593; x=1713776393; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=E2aUF1AwD99ARGhuEmaYVqUcOXfV7Bp8n2IsxY1o0rE=; b=vKob0X3GGWcEyo1qgwXBKpitYIdNq3eSeOFeNTtE0ggvc2zktkbpZ2xkqFWjLO/76X Sem+6ZI0pZtVicuQBrfWknm1TN51BZ6u9eP9x3CgZlYOKbSbKcQ+RFg9A2Twg1BtEAdb cTnl74lC2bQUcc/PnuzCx7K8dM9s9CPN9lsuGhQCofnXx4r3n8INRSt5DB1kLY1cvBsy qixtZQLnwvhgrY27of3Bxum5o+DG41/XFQeH9kzzrutIy9070nKvLHoyMskUIAz/VldO VDnmknstfAhHcFqoyr1E/Ev6ge8tc0TnXPAgNuWIAhZPxjHDoIImkGfemlElK6DXRF2F XoEQ==
X-Forwarded-Encrypted: i=1; AJvYcCWx+IQsjjxWscTpB43F3BgG+P5zp7cm2lgaSSKf6GiX+Oc//NYW+5eSdomOBWXyLiyaLfpUPFmkZyskf13AYA==
X-Gm-Message-State: AOJu0YwiAR5NSUJM7xVp3hCZVAAyUfvNgQG2YI8HK9ySpRYEOOnarJc5 s1NUFypULKIobeWEx/Q1KyZlO9RUoOsYgaGfU9i768fXR+ynKU9xw6kb1ZH9YsvmDV6Ib0MTkF/ P78VKX0XOPB+2bsEW8jNYZQWfoi53xhl0tPWzWI7LMEQonJiG8KMU
X-Google-Smtp-Source: AGHT+IH4eNg9IQrZin9XQkxrCKAebKHVmbUdNcnkhaA5Gdjsw86sj4Hh0/RheRmHCNU/fF0u/SJKLqqkcTrKzH2u3MQ=
X-Received: by 2002:a17:907:7f94:b0:a50:e069:55ab with SMTP id qk20-20020a1709077f9400b00a50e06955abmr7056830ejc.55.1713171592784; Mon, 15 Apr 2024 01:59:52 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR11MB49661E586240C0F620E04783A9032@PH0PR11MB4966.namprd11.prod.outlook.com> <CAFU7BAS2bhayYmyNya0pDDGDd4XwaqRF579H4WoGhGv6y_bXgw@mail.gmail.com> <PH0PR11MB49666DBAE552F214F1AC69F2A9042@PH0PR11MB4966.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB49666DBAE552F214F1AC69F2A9042@PH0PR11MB4966.namprd11.prod.outlook.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 15 Apr 2024 17:59:37 +0900
Message-ID: <CAKD1Yr2gts-s6=ZEdr263kX+wKoVjOjTQ64PPET1MzDTJcj8HQ@mail.gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Cc: Jen Linkova <furry13@gmail.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "rajiv.asati@gmail.com" <rajiv.asati@gmail.com>, Warren Kumari <warren@kumari.net>, "suresh.krishnan@gmail.com" <suresh.krishnan@gmail.com>, "shengjiang@bupt.edu.cn" <shengjiang@bupt.edu.cn>
Content-Type: multipart/alternative; boundary="0000000000003aa25306161ed8e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/8DWQxCkOSWjAmYJwolQLzQ2n-4M>
Subject: Re: [dhcwg] AD review of draft-ietf-dhc-addr-notification-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 08:59:55 -0000
I do see the argument for "MUST mark it as unavailable", but I think SHOULD is better. This is because with MUST, it is not valid to build an implementation that just logs the address notifications and does nothing else. In practice, such an implementation would work perfectly well. SLAAC works on /64s and on /64s conflicts are *incredibly* unlikely. I think it's less than one in a billion chance of collision even with 100k devices on the link, or something like that. On Sat, Apr 13, 2024 at 12:16 AM Eric Vyncke (evyncke) <evyncke@cisco.com> wrote: > Hello Jen, > > > > Also replying implicitly to Warren’s reply dated 5th of April in the same > thread. > > > > So, thank you, for the answers and suggested changes. We still disagree on > one point (see below for EVY>) but, at this stage, I will it go as you have > answered to my point (even if I do not like the answer). > > > > I.e., please upload a revised I-D and I will request an IETF Last Call > > > > Regards > > > > -éric > > > > > > > > *From: *Jen Linkova <furry13@gmail.com> > *Date: *Wednesday, 10 April 2024 at 01:15 > *To: *Eric Vyncke (evyncke) <evyncke@cisco.com> > *Cc: *dhcwg@ietf.org <dhcwg@ietf.org>, rajiv.asati@gmail.com < > rajiv.asati@gmail.com>, Warren Kumari <warren@kumari.net>, > suresh.krishnan@gmail.com <suresh.krishnan@gmail.com>, Lorenzo Colitti < > lorenzo@google.com>, shengjiang@bupt.edu.cn <shengjiang@bupt.edu.cn> > *Subject: *Re: AD review of draft-ietf-dhc-addr-notification-10 > > Hi Eric, > > Thank you very much for your review and comments. > Sorry for the delayed response, the authors have been discussing the > remaining open items, our comments are below. > > On Sat, Apr 6, 2024 at 1:38 AM Eric Vyncke (evyncke) <evyncke@cisco.com> > wrote: > > Figure 1, suggest to also add the dst address. > > We'd prefer not to. The diagram focuses on elements which are either > new (different from existing mechanisms) or important for > understanding the proposed concept. That’s why Fig1 shows the source > address: unlike all other DHCPv6 communications, ADDR-REG-INFORM > MESSAGE is sent from the global address, not the link-local one. That > difference is important to emphasize. The dst address is the standard > multicast, so nothing new here. Adding it overloads the diagram with > information and makes it harder to understand IMHO. > > EVY> fair enough > > > > ` The client MUST NOT send the ADDR-REG-INFORM message for addresses > configured by DHCPv6.` what about the very special and rare case where not > all multiple DHCPv6 servers have received the confirmation of address lease > ? > > Well...This sounds like a problem DHCPv6 protocol should address with > or without this proposal. Improving DHCPv6 reliability is out of scope > for this draft (and sending ADDR-REG-INFORM for addresses received via > IA_NA is a very high price to pay: it would be *very* noisy if we > allow the client to register DHCPv6 addresses - and this group has > spent a lot of time discussing how to optimize the registration > algorithm to minimize the amount of multicast noise... > So while nothing would be broken if we replace 'MUST NOT' with 'SHOULD > NOT', it looks very much undesirable. > > > > EVY> fair enough > > > > > # Section 4.2.1 > > In the case of multiple DHCPv6 servers, how can ` within a prefix > delegated to the client`be checked ? > > There is not much difference between knowing which prefix is > “appropriate for the link” and knowing which pool is used on the given > link: both require some knowledge of the topology. If the > administrator runs multiple DHCPv6 servers which share the same pool - > some mechanism to keep the data in sync would be required anyway, even > w.o this proposal - and defining such a mechanism sounds like out of > scope of this draft. In case of a multi-homing scenario (or multiple > administrative domains, each operating its own DHCPv6 infrastructure), > then each DHCPv6 server would only register addresses belonging to its > address space. > > > Would adding the following text to the end of Section 4.2.1 address > your concern?: > > “If a client is multihomed (connected to multiple administrative > domains, each operating its own DHCPv6 infrastructure), the > requirement to verify that the registered address is appropriate for > the link or belongs to a delegated prefix ensures that each DHCPv6 > server only registers bindings for addresses from the given > administrative domain.” > > EVY> this would indeed improve the specification > > > > > ` SHOULD log the address registration information` should probably be > more explicit about which information... I.e., DUID not always have MAC > addresses. > > We’d like the behavior to be consistent with what the server does for > assigned addresses and delegated prefixes, hence the text is saying > “as is done normally for clients to which it has assigned an address” > - we shall probably update it with “...or delegated a prefix” though. > > The proposed text: “the server SHOULD log the client DUID and the > link-layer address, if available. The server MAY log any other > information” > > EVY> LGTM > > > > ` SHOULD mark the address as unavailable for use and not include it in > future ADVERTISE messages` when can this SHOULD be bypassed ? I would > assume that a MUST would be safer. > > If the DHCPV6 pool configuration permits a collision between > DHCPv6-assigned and SLAAC addresses, then that problem exists even w/o > this proposal. This draft provides an additional signal to prevent the > collision but it should be up to the server administrator to use it. > Making this SHOULD a MUST would be safer but wouldn't guarantee that > there is no collision. > MUST would prevent a server from assigning an address that another > host has registered. But it wouldn't prevent a host forming an address > with SLAAC that the server has assigned to another host. That has to > rely on DAD or on the laws of probability. > > Given that MUST can't guarantee that collisions don't occur, SHOULD > seems appropriate. > > > > EVY> we do not agree here. Up to the authors & WG to decide of course, but > a MUST wont’ prevent other conflicts but would at least prevent some. > > > > Additionally, a very simple implementation of this draft could simply > just log and do nothing else. Unless the hosts are malicious or the > network is extremely large, this will work very well in practice, > because a collision is extremely unlikely (even with 100k clients it's > less than one in a billion). If we said MUST, such an implementation > would be non-compliant. > > > ` SHOULD include the client's link-layer address in the relayed message` > when can this SHOULD be bypassed ? I.e., without the client MAC, there is > little use of this I-D. > > Good point, thank you! > > The proposed text: > “DHCPv6 relay agents and switches that relay address registration > messages directly from clients MUST include the client's link-layer > address in the relayed message using the Client Link-Layer Address > option ([RFC6939]) if they would do so for other DHCPv6 client > messages such as SOLICIT, REQUEST, and REBIND” > > EVY> ACK > > > > Should the client periodically try to register ? I fear that some > statically addressed nodes will never register as they could stay for years > without reboot or move. > > Warren's comment summarizes the WG decision. > Anyway, statically assigned addresses are not the primary use case for > this proposal... > > EVY> WG decision is paramount at this stage. So, let’s keep the text > > > > > > > -- > Cheers, Jen Linkova >
- [dhcwg] AD review of draft-ietf-dhc-addr-notifica… Eric Vyncke (evyncke)
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Warren Kumari
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Jen Linkova
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Eric Vyncke (evyncke)
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Warren Kumari
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Lorenzo Colitti
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Eric Vyncke (evyncke)
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Warren Kumari
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Rajiv Asati