IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by September 13, 2023

Timothy Winters <tim@qacafe.com> Mon, 25 September 2023 13:44 UTC

Return-Path: <tim@qacafe.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E7B4C14CE52 for <dhcwg@ietfa.amsl.com>; Mon, 25 Sep 2023 06:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qacafe.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRbnUFKGlLRU for <dhcwg@ietfa.amsl.com>; Mon, 25 Sep 2023 06:44:48 -0700 (PDT)
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF9D6C14CE4A for <dhcwg@ietf.org>; Mon, 25 Sep 2023 06:44:48 -0700 (PDT)
Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-1c44c0f9138so44239345ad.2 for <dhcwg@ietf.org>; Mon, 25 Sep 2023 06:44:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qacafe.com; s=google; t=1695649488; x=1696254288; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=rrYdYYXTb0mUw5iAyYmKu6lGVD5YLFJEI8kIaSOt0Gs=; b=K2kwhfU5yLwPPPDlY7g+lTttHnOLGzV6TMo7rvDWaD+3MqjoJljN1vNx4PkGSMeVTp CINzWd/ZjJrll2v9qDPqupecRFDcGf6DXF5GN6ucg1GAXg/bQuPcN7vqLmlx+tqWWClL h0g/09oavBsGBDjPOFClC3VYD0cOV0WFB213Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695649488; x=1696254288; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rrYdYYXTb0mUw5iAyYmKu6lGVD5YLFJEI8kIaSOt0Gs=; b=GiMkyNz1JUkElHpA3nrte3Fq94kGsH1x8yZmfOyyLH/h9CW7ryPfdA02SSPCkBMXw3 Qj1sNmjQXADFs+h+rCgVgKZaoGLgXSaLGwQ/0rg+NyzU+D5iu+tHwU9bjP94V9ffHJUt 3HvU/PYKSRUx1HkntMdLpV/oIU+kdoihEwDCUriyEAJu2a53aUykKhrAI4wQrptwEch6 zyp+1HPw6xjL5rDlAHf1dG/COji3qsUifEfUH6Hd0M625CiN2uC5iLCbPxqdNn0VyqhV k2A1fW0Z/Tidic8clpzVZ9x3AeGfiXqKA9qHOlg+03YHsli/3fsBnGZaEkm5BptEJ80e Rrhw==
X-Gm-Message-State: AOJu0Yze6KqnFd4aAszd4/FwWR7FWnB8zJH9GG6AWgtkwtWkQJS1Uv4P h2RPXXyhY+6JeAwLScj+DEPoeiAjwgkcA3MtxMkhVA==
X-Google-Smtp-Source: AGHT+IExGx5QPe12b2gYiA1LA8xQEmCvtSVpv3/AqJKJBLQZ8kwBcJRyJAkelrcociB1VkCpNIye6txCmlDSzGDI/LE=
X-Received: by 2002:a17:90a:5904:b0:267:eeee:ab17 with SMTP id k4-20020a17090a590400b00267eeeeab17mr4387788pji.45.1695649487944; Mon, 25 Sep 2023 06:44:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAJgLMKvATJP78ONPc8f6kG2eNWq83XCTSdvRLVGKWB26JGrANQ@mail.gmail.com> <1E185C09-B45E-4B1E-81F8-3CB6141B9881@employees.org>
In-Reply-To: <1E185C09-B45E-4B1E-81F8-3CB6141B9881@employees.org>
From: Timothy Winters <tim@qacafe.com>
Date: Mon, 25 Sep 2023 09:44:36 -0400
Message-ID: <CAJgLMKtYy2U1vScQoW4eWD3sLipeUTak7BqkELXZ61=6_cKJDQ@mail.gmail.com>
To: Ole Trøan <otroan@employees.org>
Cc: Bernie Volz <bevolz@gmail.com>, dhcwg <dhcwg@ietf.org>, Ted Lemon <mellon@fugue.com>
Content-Type: multipart/alternative; boundary="0000000000006498c306062f290f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/D7liemImJBnu3emi_-JzPZpryr8>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by September 13, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2023 13:44:53 -0000

Hi Ole,

We have had some operators' interests in this solution over
scrapping switches and routers.   I think it would be helpful to hear from
network operators or DHCPv6 server solutions about how viable and
deployable this solution is.

~Tim

On Sat, Sep 23, 2023 at 4:08 AM Ole Trøan <otroan@employees.org> wrote:

> Thanks Tim,
>
> I do wonder if it’s not worth doing a complete retake of this proposal.
>
> If the operator requirement is to know which address has been in use in
> the network by which device at any point in time, then that cannot be
> guaranteed with this mechanism. Existing first-hop security mechanisms in
> switches and routers would be much more robust.
>
> O.
>
> On 22 Sep 2023, at 22:22, Timothy Winters <tim@qacafe.com> wrote:
>
> 
> Hi Everyone,
>
> The working group had some great discussion about this document during the
> WGLC.    Based on the discussion it didn't pass WGLC at this time.  It will
> mostly need another round of discussion and potentially a revision based on
> those discussions.
>
> Additionally, Bernie and I discussed and think it's a good idea to wait to
> ask IANA for a early code points until we have passed WGLC.
>
> Regards,
> Tim
>
> On Thu, Sep 14, 2023 at 3:16 PM Bernie Volz <bevolz@gmail.com> wrote:
>
>> An interesting question may be do we need new messages at all? Using
>> Information Request / Reply with new option is perhaps cleanest?
>> - existing clients can do what they do today
>> - existing servers (and relays or other snoopers) will not know option so
>> ignore (hopefully silently)
>> - existing servers only see “more” Information-Request for clients not
>> supporting this new work when enabling O-bit to request address
>> registrations
>> - “new” clients that do SLAAC when O-bit set and did support
>> Information-Request can do initial registration in first message (or send
>> when address assigned) and do periodic updates (perhaps even ask for other
>> options via ORO to refresh information) … they may actually have no more
>> messages than today (well, except if they have multiple SLAAC addresses as
>> need to use a separate Information-Request for each) … they could also
>> decouple previous and new behavior at increase in traffic.
>> - registration only clients that did not use Information-Request
>> previously add new traffic … which is exactly what we want
>>
>> The only downside is it kind of overloads Information-Request as it is
>> now also a client to server communication. Though the client already can
>> send information to server in Information-Request (user class, vendor
>> class, vendor information, …). And, we could say the client is asking
>> whether the server supports registration (by getting new option in Reply).
>>
>> Note: It may be worth thinking about making use of the new “registration
>> address” option’s encapsulated options field if client wants to send other
>> information (such as fqdn). This isn’t really bad as this is likely address
>> specific and any server that wanted to do something with this data needs
>> updating anyway. This keeps all of the registration information hidden from
>> those devices that don’t that registration option.
>>
>> Anyway, this is now a very good reason to hold off on early assignment
>> for message types (and likely say WGLC failed).
>>
>> - Bernie (from iPad)
>>
>> On Sep 14, 2023, at 2:32 PM, Bernie Volz <bevolz@gmail.com> wrote:
>>
>> Hi:
>>
>> (Just catching up and responding to this as was asked specifically…there
>> could have been more I haven’t yet read.)
>>
>> 8415bis only prohibits IA options in Information-Request
>>
>> 16.12.  Information-request Message
>>
>>    Clients MUST discard any received Information-request messages.
>>
>>    Servers MUST discard any received Information-request message that
>>    meets any of the following conditions:
>>
>>    *  the message includes a Server Identifier option (see
>>       Section 21.3), and the DUID in the option does not match the
>>       server's DUID.
>>
>>    *  the message includes an IA option.
>>
>>
>> I wonder however if having an Address Registration option specifically
>> would be better (the Information-Request and new registration request could
>> use this instead of IA_Addr option). This might avoid an overly aggressive
>> server or relay that checks the Information-Request or its Reply for
>> options from doing odd things if it sees the IAAddr. If we’re trying to
>> make things safe, this may be best. Note also that it may help other
>> devices in the path that may want to snoop for this data. (But it could
>> have downside if any “options” are developed as then those specifications
>> would need to determine if they are also allowed in this new address
>> option).
>>
>>
>> On a separate note, one issue the current draft may need to document and
>> is a consideration is that when O-bit (RA) and A-bit (PIO) is set, a
>> registration only server should really support Information-Request as it
>> will also get lots of those from clients that support DHCPv6 - it may just
>> send back a pretty empty Reply.
>>
>> By using Ted’s suggestion of using Information-Request, it would be
>> natural for registration only to be implemented at least sufficiently to
>> send a well formed Reply even when not address registration request.
>>
>> It seems like a clever idea to use Information-Request at least for
>> initial determination of support.
>> - it avoids extra packets.
>> - client could honor server’s INF_MAX_RT to reduce frequency of probing
>> (likely periodic probing is not a bad idea).
>>
>>
>> - Bernie (from iPad)
>>
>> On Sep 14, 2023, at 11:29 AM, Lorenzo Colitti <lorenzo@google.com> wrote:
>>
>> 
>> On Fri, Sep 15, 2023 at 12:22 AM Ted Lemon <mellon@fugue.com> wrote:
>>
>>> What I think would be most expedient (if we must use DHCP to probe for
>>> support of address registration) would be to do the first address
>>> registration as an information request with the additional information in
>>> the information request, using the source address being registered. If the
>>> reply that comes back confirms the address registration, then all
>>> subsequent address registrations on this link would be sent as address
>>> registrations.
>>>
>>
>> Well, but if we can come up with a reasonable way to represent an address
>> registration using an information-request packet, then why not make all
>> registrations be information-request packets?
>>
>> +Bernie Volz <bevolz@gmail.com> any thoughts on using
>> information-request and reply messages, instead of the new addr-reg-inform
>> and addr-reg-reply messages currently defined in the draft?
>>
>> _______________________________________________
>> dhcwg mailing list
>> dhcwg@ietf.org
>> https://www.ietf.org/mailman/listinfo/dhcwg
>>
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
>
>

v2.23.0 | Report a Bug | By Email