Re: [dhcwg] Comments on draft-wing-dhc-dns-reconfigure-01
"Prashanth Patil (praspati)" <praspati@cisco.com> Sun, 28 July 2013 09:01 UTC
Return-Path: <praspati@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E2DA21F9D65 for <dhcwg@ietfa.amsl.com>; Sun, 28 Jul 2013 02:01:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XO1zZlxx9Gb for <dhcwg@ietfa.amsl.com>; Sun, 28 Jul 2013 02:01:43 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 82AB621F9CA8 for <dhcwg@ietf.org>; Sun, 28 Jul 2013 02:01:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6730; q=dns/txt; s=iport; t=1375002103; x=1376211703; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=WE9uA5mcwVs0dtvVSY4zZoDypjeC2Yg/8WGAe0z3z8c=; b=IpznXJ6O2UZAlFrJRwnStph/HIrEVhB0LpT/590wiZ1bbRVGmqU3/xVu cv0pGJLKwzXccdxDUgrQMRAPDrWULnlaTJr6DQ7lEagZRQ1M49SAL2FgT fLLy8LSs9ylEdT15xv4z3DYmtCezxRt1lJFNO2QkQNUX5UGw06Bzgwa2S E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhYFANnc9FGtJV2a/2dsb2JhbABagwY1UL1SgRcWdIImAQQBAQFrBAcSAQgOFAs6BgslAgQOBQgBEIdlAw8MrnQNiF6NFYE/eDEHCoMMbwOIco0Ejg+FJoMUgWlB
X-IronPort-AV: E=Sophos;i="4.89,763,1367971200"; d="scan'208";a="240441654"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-8.cisco.com with ESMTP; 28 Jul 2013 09:01:42 +0000
Received: from xhc-rcd-x08.cisco.com (xhc-rcd-x08.cisco.com [173.37.183.82]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r6S91gXw025102 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 28 Jul 2013 09:01:42 GMT
Received: from xmb-rcd-x07.cisco.com ([169.254.7.106]) by xhc-rcd-x08.cisco.com ([173.37.183.82]) with mapi id 14.02.0318.004; Sun, 28 Jul 2013 04:01:42 -0500
From: "Prashanth Patil (praspati)" <praspati@cisco.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
Thread-Topic: [dhcwg] Comments on draft-wing-dhc-dns-reconfigure-01
Thread-Index: AQHOi3ETwFwM4QCfqkuJwfEc4R4eHA==
Date: Sun, 28 Jul 2013 09:01:41 +0000
Message-ID: <B235506D63D65E43B2E40FD27715372E1CE49AB8@xmb-rcd-x07.cisco.com>
In-Reply-To: <51F3EF6F.1080501@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.5.130515
x-originating-ip: [10.61.92.37]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <B4D49AB947501A419D52FDE22777A2ED@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Comments on draft-wing-dhc-dns-reconfigure-01
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jul 2013 09:01:48 -0000
Hi Tomek, Thanks for the detailed review. Inline.. On 27/07/13 9:33 PM, "Tomek Mrugalski" <tomasz.mrugalski@gmail.com> wrote: >I had some time to review draft-wing-dhc-dns-reconfigure-01. This is a >reasonable draft and I believe it tries to solve a real problem. If >authors are going to request adoption in DHC, we'll need to either >update our charter to include it or get AD permission to adopt it. >Since we're in the process of updating our charter, it will be quite >easy to add that draft to our charter. > >Please note the the new charter says that if a new proposal defines >simple option that follows standard behavior, it should be adopted in >the respective WG, not in DHC. That draft defines a simple option, but >it does introduce behavior change, hence it should be adopted in DHC in >my opinion. > >However, I have some comments: > >Section 3, bullets 2 and 3 mention "regular DNS server", but the >terminology section defines only "DNS server". > >Section 3, bullet 3: "regualr" => "regular" Accept, will correct. > >Section 4: Please remove the formatting lines after info-flags. The >format as it is presented now suggested 3 octets of padding. This is >probably not what you want. > >Option-length field should be defined explicitly as 1. Accept. > >Although you only define values 0x01 and 0x02, you should add a text >that the server MUST ignore the option if it doesn't recognize >configured flag. Accept. > >Also, naming of the field a 'flag' is not fortunate. This is more of an >enumaration value. Flag somewhat implies that this is a bit field and >some people may get idea to set both flags and send 0x03. Obviously that >combination does not make sense. Agreed. 'Flag' is not appropriate, it is a mutually exclusive enum. > >Section 5 should start with "DHCPv6 relay agents that implement >this functionality MUST support RFC6977." > >Section 5, first paragraph "IPV6_HIG_PROI_NORM_SERV": H missing after >HIG. In some of the earlier threads, there was discussion on whether info sent to the server be more generic and not specific to the DNS problem. There could be other potential actions that a server MAY want to take, either by built-in design or configuration, based on end point mode i.e IPv4 only, IPv6 only, Dual-Stack, transitions from Ipv4/6 to Dual-stack and vice versa. The idea is to now dynamically indicate generic host mode in RELAY-FORW and RECONFIGURE_REQUEST to the server and the server then chooses to (RE)CONFIGURE accordingly, the draft defines server behavior for DNS reconfiguration to start off with. > >Section 5 repeats some normative language from RFC6977 using slightly >different wording. It would be better to say that relay sends >RECONFIGURE-REQUEST as defined in RFC6977. > >Section 6, first and second bullet: Most of the text about sending >reconfigure is duplicated. It would be easier to read if it had >been written once and apply to both cases. > >Section 6 says "The server will remember this configuration for the life >of the lease." That is not sufficient. DHCPv6 clients may have more >than one lease. What about stateless clients? They do >information-request only and there are no leases for them. Agreed, stateless clients have to be taken into account. > >It should be specified somewhere (perhaps in section 7) in the text that >only the relay closest to the client is able to do host tracking. >Keep in mind that DHCPv6 allows up to 32 relays. I never heard of >any network that has more than 2 cascade relays, though. Yes, it has to be the one closest to the client. Will specify this. > >There's also redundancy in the section 6. What if the relay starts >sending reconfigure-request with flag set to 0x01 for a given client? >Server should trigger reconfigure for the first time, but later only >check that the flag matches current configuration and do not trigger >another reconfigure. Sure, such behavior would likely mean bad relay >implementation, but I personally would consider it protocol resiliency. Right, ideally a relay shouldn¹t be sending redundant reconfigure-requests. Needs text to specify behavior on both relay and server for this. > >Section 7 can possibly also mention if the information about clients >is affected by relay reboots, e.g. if the information should be kept >in some form of persistent storage or if the relay should retrieve >its lost information using leasequery. If you do not want to be too >specific, please add an information that specific retention policy is >implementation dependent. Sure. > >There's one flaw in the whole concept or at least an omission in the way >the mechanism is described. Section 7 mentions information about relay >gathering IPv4/IPv6 - MAC mapping, but the reconfigure-request (and >almost any other operation in DHCPv6) references clients by their >DUIDs. So it should be a triplet of IP/MAC/DUID. Do not assume any >relation between MAC and DUID. There are DUID types that are not based >on MAC. Also, even when the client uses MAC-based DUID, it is perfectly >valid case to use different interface's MAC to generate DUID or keep >using DUID after changing NIC. Accept. > >Security considerations may also mention that if a relay is compromised, >it may be used to force the uncompromised server to abuse clients by >triggering repetitive reconfigurations. That's not a big issue as in >case of the relay being compromised there are more serious ways intruder >could wreak havoc. Sure, will mention this risk. > >References need updating: I-D.ietf-dhc-triggered-reconfigure >was published as RFC6977. > >Section 9: nit-pick: There is no "DHCPv6 Options" section in RFC3315. >It is better to say that IANA is requested to add option-code to the >"DHCP Option Codes" maintained at >www.iana.org/assignments/dhcpv6-parameters (note: the registry that >keeps DHCPv6 options is called "DHCP >option codes", not "DHCPv6 Option codes". It is a bit odd, but that's >how the registry was named). Thanks, will do. > >Section 10.1: Are you sure that all those references are normative? >RFC6052, RFC6147, RFC6384 and RFC6724 seems like informative. > >None of the informative references are used in the text. Please either >reference or remove them. Accept. > >Finally, let me repeat my previous opinion (with my chair hat off): I >consider this draft useful and would like to see it adopted in DHC. > >Hope that helps, Thanks, Prashanth >Tomek > >_______________________________________________ >dhcwg mailing list >dhcwg@ietf.org >https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Comments on draft-wing-dhc-dns-reconfigur… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-wing-dhc-dns-reconf… Prashanth Patil (praspati)