IETF Logo Mail Archive

Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00

"Bernie Volz (volz)" <volz@cisco.com> Fri, 07 September 2012 16:18 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C54B21F8466 for <dhcwg@ietfa.amsl.com>; Fri, 7 Sep 2012 09:18:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cYcYwL4zjJPR for <dhcwg@ietfa.amsl.com>; Fri, 7 Sep 2012 09:18:29 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 0E60E21F845C for <dhcwg@ietf.org>; Fri, 7 Sep 2012 09:18:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6393; q=dns/txt; s=iport; t=1347034709; x=1348244309; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=pcZud1fGHydTm11KG99QvRLrGzXJbXkSdT4U46VS7tQ=; b=P4T41Q7JCKMWa1KELJz/FoKzy2Eb6e7fmiZaG7bn8NqUZeRpCzV4XNhP INYTPtJXVgxH4Fe4GdjelCfpJCeLwQggWcWJMjQpQhwBILW5la89w5Oi0 4y89OIr5KRqJL50MIHyk+8wA+KQIl0Kd+JUol/Yfll5aDNjzRFh8B83k2 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EADcdSlCtJXHA/2dsb2JhbABABbs7gQeCIAEBAQMBEgEnLQsHBQcEAgEIEQQBAQEKFAkHMhQJCAIEDgUIEweHaAabLqBIixIohSxgA6QSgWeCZIFj
X-IronPort-AV: E=Sophos;i="4.80,387,1344211200"; d="scan'208";a="116364986"
Received: from rcdn-core2-5.cisco.com ([173.37.113.192]) by rcdn-iport-9.cisco.com with ESMTP; 07 Sep 2012 16:18:28 +0000
Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core2-5.cisco.com (8.14.5/8.14.5) with ESMTP id q87GIREd006724 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 7 Sep 2012 16:18:27 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.159]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.02.0318.001; Fri, 7 Sep 2012 11:18:27 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Thread-Topic: WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00
Thread-Index: AQHNdqZP3dOUnDeDJkKs3MsN2OTAhpd/JdswgAB/xoD//5GrgA==
Date: Fri, 07 Sep 2012 16:18:27 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E0F4F857F@xmb-rcd-x04.cisco.com>
References: <0AE8374B-0E04-48FF-B71D-2EE8FAAC9ED1@nominum.com> <489D13FBFA9B3E41812EA89F188F018E0F4F83D1@xmb-rcd-x04.cisco.com> <21C54D57-372F-46B0-892B-398919992546@nominum.com>
In-Reply-To: <21C54D57-372F-46B0-892B-398919992546@nominum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.244.254]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19168.005
x-tm-as-result: No--47.750300-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: dhc WG <dhcwg@ietf.org>, "Ole Troan (otroan)" <otroan@cisco.com>
Subject: Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Sep 2012 16:18:30 -0000

I believe Wes' and Hemant's issues were:

Wes (message on Thu 8/16/2012):

   Why MUST the client ignore an Advertise message with no bindings?
   What if stateful and stateless options are carried in the same message?
   Does this mean the stateless options will be ignored just because the stateful Options failed?

---

Ole's answer was that basically this is how RFC 3315 operates today and we didn't want to change this (we are fixing what happens if IA_NA and IA_PD are requested in a Solicit and only one of these is available) -- which is different than the no bindings at all case. RFC 3315 basically expects clients to use Information-Request in this case.

A while back, Ralph and I considered that this might be a good change - especially given the case when M says to use stateful but the server is not configured to give (the requesting client) any stateful bindings. Server could effectively respond with the other configuration options. But an Advertise is not the same as a Reply, so if the client was going to do a Request/Reply, we'd have to change that processing to and so why doesn't the client just do an Information-Request? (Sure, if Rapid Commit is requested, server would just Reply and client would be done.)

If the WG feels that would be a useful change, we can certainly do this change. But for this particular work, we didn't feel that change was warranted. And, it might be best to do under a separate document? Or something for a 3315bis?


Hemant (message on 8/17/2012) and Ole's response (using Ole's email on 8/20/2012):

> +1 to Wes' comment that this document is addressing a very important problem space and the solutions are needed urgently.  However, more thought is required for the solutions.
> 
> In regards to section 4.4, if the server only checks the network configuration to reply to a Confirm message, how is it possible for most network configurations that the server determines an IA_PD is on-link?   I suspect that is why RFC 3633 prohibited use of the Confirm for the IA_PD.  In any case this document should explain why did RFC 3633 have a restriction on using the Confirm for the IA_PD.  Or does network configuration include looking up the prefix pool configured on the server for allocation?  In contrast, to make an on-link determination for an IA_NA IA_Address, all the server has to do is match (longest-prefix match) all IPv6 addresses configured on the machine that the server is running on.  These addresses are clearly network configuration.  

right, either the server has the binding, or the server has configuration that it can look up in, to verify if the client has moved or not. if it has no information it MUST not reply.

> Section 4.1:  
> 
> # In relation to the first paragraph the document is addressing the fact that one server replies with, say, an IA_NA, while another server replies back with only the IA_PD.   Then why in section 4.7 the case of section 4.1 is deemed out of scope?   I also do not understand what does "equal" in section 4.7 mean.  Does it mean each server replies with all IAs that the deployment needs?

the assumption in 3315/3633 is that a client is connected to a single administrative dhc domain on an interface.
scenarios where a client finds two DHCP servers, that are administered by two different entities, are outside of the scope of 3315/3633 and therefore also outside the scope of this update. there is as far as I know separate work in progress on this.

> # In relation to the text in the last paragraph of section 4.1, if the client does not restart the Solicit retransmissions timers, what does the client do?

continues with the timers it has.
otherwise as the text says, a received advertise with a consequent restart of solicit timers would result in a solicit storm.

> 
> # Other comment:  Shouldn't the header of the document have an Updates tag to signify this document updates RFC 3315?

good point. both 3315 and 3633.

---

I guess the one change that I see is to assure we update the document header. We can respin the document for this change.

Section 4.4 is just extending the Confirm to include prefixes - this issue is already covered in RFC 3315 for Confirm processing:

                                                               If the server is unable to perform
   this test (for example, the server does not have information about
   prefixes on the link to which the client is connected), or there were
   no addresses in any of the IAs sent by the client, the server MUST
   NOT send a reply to the client.

The section 4.1 / 4.7 issue is the single vs multiple provisioning domains - we assume a single in this document.


If Wes or Hemant would like other changes to clarify any of their concerns, we would appreciate text to be added/modified.

- Bernie

-----Original Message-----
From: Ted Lemon [mailto:Ted.Lemon@nominum.com] 
Sent: Friday, September 07, 2012 11:38 AM
To: Bernie Volz (volz)
Cc: dhc WG
Subject: Re: WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00

On Sep 7, 2012, at 11:09 AM, Bernie Volz (volz) <volz@cisco.com> wrote:
> Where does this Last Call stand? August 24th has passed ...

There were a lot of comments in the WGLC, and lot of support for what is to be accomplished here, but several people raised concerns as well.   There were a few responses in favor of advancing the current document; Hemant Singh had some suggestions, to which Ole responded.   I do not know if the responses satisfied Hemant's concerns.   I raised some concerns which were not really addressed.   Wes Beebe raised a concern which Ole responded to, but again I don't know if Wes was satisfied with Ole's response.


So I think this is borderline.   There's clearly widespread support for what this draft is trying to do; I would like to hear from Hemant and Wes as to whether they are satisfied with Ole's responses.   I tend to agree with Wes' sentiment that we need to think this through very carefully; I would like to see a new draft that addresses Hemant's and Wes' concerns, if possible, and then do a second last call to get more review.   Does that work for the authors?

v2.23.0 | Report a Bug | By Email