Re: [dhcwg] New Version Notification for draft-ietf-dhc-addr-registration-05.txt
"Bernie Volz (volz)" <volz@cisco.com> Fri, 27 June 2014 13:34 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A78741B2BBE for <dhcwg@ietfa.amsl.com>; Fri, 27 Jun 2014 06:34:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjtg7TjbNGTy for <dhcwg@ietfa.amsl.com>; Fri, 27 Jun 2014 06:34:54 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1830A1B2B9E for <dhcwg@ietf.org>; Fri, 27 Jun 2014 06:34:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9622; q=dns/txt; s=iport; t=1403876094; x=1405085694; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=7utk10x45tqI/hqnisOeYBs7DucXUT0wWp6CWwvuyak=; b=IapatX+wvh7Wq8BlLsTUwbbfBUr2aO6VlUNlVY+QvekT4ODJN1mrHh7W S5LUfjo9BsWiJKoruadwAPJhIqjqs+ziW3bVVgsMASD7xFXzAPDQ3ybax bqRmiqb6wBCLiY+1XKgIkLG0+EPMqee+oCHGjAG1xSb5IEmW8NUQAPCPO 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AswHAFhyrVOtJA2G/2dsb2JhbABagw1SUweqNAEBAQEBAQUBbZE9h0ABgQkWdYQDAQEBBAEBATc0CQ4EAgEIEQQBAQsUCQcnCxQJCAIEARIIAYg5CAXDUBeFZIhFJiYSBoMngRYFnB+SL4NCgW9B
X-IronPort-AV: E=Sophos;i="5.01,560,1400025600"; d="scan'208";a="336081157"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-7.cisco.com with ESMTP; 27 Jun 2014 13:34:38 +0000
Received: from xhc-rcd-x03.cisco.com (xhc-rcd-x03.cisco.com [173.37.183.77]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id s5RDYchO028475 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 27 Jun 2014 13:34:38 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.131]) by xhc-rcd-x03.cisco.com ([173.37.183.77]) with mapi id 14.03.0123.003; Fri, 27 Jun 2014 08:34:37 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Sheng Jiang <jiangsheng@huawei.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-dhc-addr-registration-05.txt
Thread-Index: AQHPj3NvBf4tyNHnxkyDrQ6e74mlpJt/yBiAgAUbM+A=
Date: Fri, 27 Jun 2014 13:34:37 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1B5DB79F@xmb-rcd-x04.cisco.com>
References: <5D36713D8A4E7348A7E10DF7437A4B923AEB5A83@nkgeml512-mbx.china.huawei.com>
In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B923AEB5A83@nkgeml512-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.243.73]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/FwcJOSdeqQGvCwQvWmqx68On95Q
Subject: Re: [dhcwg] New Version Notification for draft-ietf-dhc-addr-registration-05.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 13:34:56 -0000
Hi:
Some individual (wg co-chair hat off) comments regarding this update:
1. I don't think it is wise for the server to only send a Reply AFTER updating DNS. We don't do this for normal DHCPv6 operations (Solicit/A/R/Reply), so why do this here. The Reply should be sent by the server when it has 'accepted' the request. Note that the "success" Reply means that the server has accepted the request (per what is was requested in the received FQDN option and is in the reply's FQDN) to update DNS. That DNS is up-to-date is NOT a consideration for sending the Reply.
The main reasons for this are:
- It is in keeping with how FQDN has been handled in DHCP servers to date.
- It provides a much more predictable timing for the Reply to be returned (i.e., it could be minutes or even longer for the update to complete if the DNS service has an interruption).
- It avoids tying up additional resources on the server (i.e., holding onto the request until the reply can be sent).
This raises a second issue in that there are NO recommendations for retransmission of the request if no reply is received within some interval. You need to specify the RFC 3315 IRT, MRT, MRC, and MRD values to be used.
For example:
The client transmits the message according to section 14 of RFC 3315, using the
following parameters:
IRT ADDR_REG_TIMEOUT
MRT 0
MRC ADDR_REG_MAX_RC
MRD 0
Where ADDR_REG_TIMEOUT might be 1 second and ADDR_REG_MAX_RC might be 5. (Those values were taken from the Release values in RFC 3315). There may be reasons NOT to limit the number of retransmissions as the client could continue to send the request 'forever', obviously though we'd want a fairly large backoff time to reduce the load on the network (perhaps 30 or 60 minutes as the MRT).
Though this does raise another question as to WHEN clients should even send ADDR_REG requests? YIKES - an M and O bit discussion?? Should the document say anything about this - i.e., this should be used when there is some indication that DHCPv6 services may be available? Or ... as the address registration server may be separate from a 'normal' DHCPv6 server, may be a good reason to stay away from 'normal' DHCPv6 services? But, I also wonder how realistic that view is (I would expect this to be co-located with DHCPv6 stateless support in most cases).
Also, the text in section 3 should be updated:
An acknowledgement MAY be sent back
to the end host to indicate whether or not the registration operation
succeeded.
MAY? No - a server that accepts this request MUST send a Reply back.
And, the same goes for Figure 1. The "optional acknowledgement" MUST NOT be optional (whether a client cares to wait for it and retransmit periodically is a separate issue). But the server must always send it.
Note also the text in 5.3:
Upon receiving a RegistrationDenied error status code, the client MAY
resend the message following normal retransmission routines defined
in [RFC3315].
Needs these values because that is what is needed for the "normal retransmissions routines defined in [RFC3315]." Though in this case, I would think that:
- Different values might be appropriate.
- Or, receipt of this status code means not to 'reset' any retransmission times (i.e., the backoff times are not 'reset' so that future retransmissions continue at the longer and longer intervals, up to the max). If the client started over, it would cause a storm (at the "request/reply" rate) - which would be bad.
2. The text at the end of section 4 about when a client or server must discard the packet should be a bulleted list, more like what is in the Section 15 of RFC 3315. This is much easier to 'parse'.
So:
Clients MUST discard any received ADDR-REGISTRATION-REQUEST messages.
Servers MUST discard any received ADDR-REGISTRATION-REQUEST messages that
meet any of the following conditions:
- the message does not include a Client Identifier option.
- the message includes a Server Identifier option.
- the message does not include at least one IA_NA option.
- the message does not include an IAADDR option encapsulated within the IA_NA option(s).
- the message does not include a FQDN option (or includes multiple FQDN options).
- the message includes an Option Request Option.
3. I wonder if in section 3, more should be said about multiple address registration servers?
- While multiple address registration servers does potentially increase the load on DNS, because of how RFC 4704 and 4703 work, this should NOT be an issue - the servers should work correctly in updating DNS (either adding or removing the entries).
- The broken part with multiple servers is the 'extension' of the registration. If we have two servers and both receive the initial registration and (correctly) update DNS, the problem comes when the client extends this but one of the servers does not receive this extension. Then, the server that missed the extension removes the entry prematurely (i.e., when it expired originally).
The above is more for 'independent' servers, as servers that may communicate with each other (perhaps using a failover like protocol) may be able to reduce (or eliminate) these issues. I don't think we want to go into those details in this document (which you already have - The coordination of multiple address registration servers is out of scope).
4. Are there any recommendations we might give for when a client should 'refresh' its registration? The document just says before it expires.
What about suggesting that either the Renewal (50%) or Rebind (85%) times be used. I suspect that in this case, using 85% of the "valid-lifetime" would be reasonable to use since this is broadcast.
This might just be something like "It is recommended that clients initiate a refresh at about 85% of the valid-lifetime. Because RAs may periodically 'reset' the valid-lifetime, clients should set a refresh timer to 85% of the valid-lifetime when they complete a registration operation and only update this timer if 85% of any updated valid-lifetime would be sooner than the timer."
5. Have you confirmed that the I-D.ietf-dhc-sedhcpv6 can indeed be used for this set of requests? (That actually points out an interesting issue in that the sedhcpv6 document mentions nothing Solicit w/Rapid Commit and whether it can or can't be used. And, there's text in section 6.1 of that document that says " If the sender is a DHCPv6 client, in the failure cases, it receives a Reply message with an error status code." ... what about a Solicit (w/o Rapid Commit) and an Advertise reply.)
- Bernie
-----Original Message-----
From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Sheng Jiang
Sent: Tuesday, June 24, 2014 2:16 AM
To: dhcwg@ietf.org
Subject: [dhcwg] FW: New Version Notification for draft-ietf-dhc-addr-registration-05.txt
Hi, all,
The authors have submitted an update version. We believe all received comments have been addressed. Modifications are summarized as below:
- Mandated server's response for error code.
- Added recommendation for only one registration server out of multiple DHCPv6 servers.
- Added specification that the registration server should record the binding information.
- Allowed multiple IA_NA.
- Clarified that the ADDR-REGISTRATION-REQUEST message is dedicated for clients to initiate an address registration request. So, clients MUST NOT include any ORO.
More reviews and comments are appreciated.
Best regards,
Sheng
>-----Original Message-----
>From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
>Sent: Tuesday, June 24, 2014 2:13 PM
>To: Suresh Krishnan; Rajiv Asati; Gang Chen; Sheng Jiang; Suresh
>Krishnan; Sheng Jiang; Gang Chen; Rajiv Asati
>Subject: New Version Notification for
>draft-ietf-dhc-addr-registration-05.txt
>
>
>A new version of I-D, draft-ietf-dhc-addr-registration-05.txt
>has been successfully submitted by Sheng Jiang and posted to the IETF
>repository.
>
>Name: draft-ietf-dhc-addr-registration
>Revision: 05
>Title: Registering Self-generated IPv6 Addresses in DNS using DHCPv6
>Document date: 2014-06-23
>Group: dhc
>Pages: 8
>URL:
>http://www.ietf.org/internet-drafts/draft-ietf-dhc-addr-registration-05
>.txt
>Status:
>https://datatracker.ietf.org/doc/draft-ietf-dhc-addr-registration/
>Htmlized:
>http://tools.ietf.org/html/draft-ietf-dhc-addr-registration-05
>Diff:
>http://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-addr-registration-05
>
>Abstract:
> In networks that are centrally managed, self-generated addresses
> cause some traceability issues due to their decentralized nature.
> One of the most important issues in this regard is the inability to
> register such addresses in DNS. This document defines a mechanism to
> register self-generated and statically configured addresses in DNS
> through a DHCPv6 server.
>
>
>
>
>Please note that it may take a couple of minutes from the time of
>submission until the htmlized version and diff are available at tools.ietf.org.
>
>The IETF Secretariat
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] FW: New Version Notification for draft-ie… Sheng Jiang
- Re: [dhcwg] New Version Notification for draft-ie… Bernie Volz (volz)
- Re: [dhcwg] New Version Notification for draft-ie… Sheng Jiang