Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation

"Bernie Volz (volz)" <volz@cisco.com> Thu, 13 July 2017 21:42 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 270F9131794 for <dhcwg@ietfa.amsl.com>; Thu, 13 Jul 2017 14:42:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iyz3Jye_aLMs for <dhcwg@ietfa.amsl.com>; Thu, 13 Jul 2017 14:42:40 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10C18131775 for <dhcwg@ietf.org>; Thu, 13 Jul 2017 14:42:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5011; q=dns/txt; s=iport; t=1499982159; x=1501191759; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=r176BZ/DeaN1JWikEWkav8ehp7k+ztUuXjfVlfh/i+4=; b=d4QQZ5R5gZwQHRd5Wfq/5csD1iLCQPZZBEJLo9cPq5H4ZCO4K/RPlW6K v81hYD29EM78RnrCaCL4kPUv/9YyUCkDF6e6iAA1/pCaIPuBfA3nv1mWq YvDeQq60YqbfBqwUQPQLVIpKKbwZmx0/Pi0UpOqAkOwVmHHdl4tYxwPKW I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CZAABR6GdZ/5tdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkgRSOCZF1iC6NVYIRIQuFSgKDaT8YAQIBAQEBAQEBayiFGAE?= =?us-ascii?q?BAQECAQEBbAsFCwIBCBgjBAchBgsUEQIEDgWKFwMNCBCwboc0DYNkAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBGAWDKIUtLIJ5gleBcA0Wg0OCMQWRHo1XOwKPI4Rvkim?= =?us-ascii?q?MCIlMAR84gQp1FUkSAYUAHBmBTnaGT4I+AQEB?=
X-IronPort-AV: E=Sophos;i="5.40,355,1496102400"; d="scan'208";a="455002943"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Jul 2017 21:42:39 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v6DLgduX030235 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 13 Jul 2017 21:42:39 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 13 Jul 2017 16:42:38 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Thu, 13 Jul 2017 16:42:38 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
CC: Ted Lemon <mellon@fugue.com>, dhcwg <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation
Thread-Index: AQHS9arXA8HVoh8yrE6qal+jjpOQE6JQvX5QgAF87zaAABwhFw==
Date: Thu, 13 Jul 2017 21:42:38 +0000
Message-ID: <7166C3C9-81A5-4FF1-92FA-51B35DD4A6DD@cisco.com>
References: <149869621720.6575.278128190348174876@ietfa.amsl.com> <08e4e953-3a68-d6cb-6066-f60514ef0ac5@gmail.com> <3285281858d043649d507b6bda7b8646@XCH-ALN-003.cisco.com> <1f94b780-59c1-42ce-936d-0c8a71143444@gmail.com> <CAPt1N1nCt9nW2VNczpSa0f8jSn4sMGdVcxpmUTywshJrPiSFtA@mail.gmail.com>, <e2508bee-975f-8cb3-7778-14de75fe42f9@gmail.com>
In-Reply-To: <e2508bee-975f-8cb3-7778-14de75fe42f9@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/GcbgBsAjMfm0aCZQ7rb7YXXDLtM>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 21:42:42 -0000

That is a completely different constant, related to the Relay-Forward header. That has nothing to do with IPv6 header field.

- Bernie (from iPhone)

> On Jul 13, 2017, at 4:01 PM, Alexandre Petrescu <alexandre.petrescu@gmail.com> wrote:
> 
> For relay the DHCP spec says something like HpopLimit 32, which is fine.
> 
> Alex
> 
>> Le 13/07/2017 à 20:51, Ted Lemon a écrit :
>> DHCP relay is an app layer encapsulation. The hop count isn't even presented to the app layer. It would be bizarre to do anything special with it. I don't even know how you would write coffee that would accidentally get this wrong. So it shouldn't matter what hop count the client uses. Hop count is only relevant at the routing layer.
>> On Jul 13, 2017 12:00, "Alexandre Petrescu" <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
>>    Bernie,
>>    Le 12/07/2017 à 23:33, Bernie Volz (volz) a écrit :
>>        Hi:
>>            What is the Hop Limit that a Solicit should contain in the
>>            IPv6 header?
>>        ND uses hop limit of 255 so the destination can check that it is
>>        255 on receipt (whereas 1 could have been anything and forwarded
>>        many times).
>>        But I'm not sure if that is a the best practice when you don't
>>        want the packet forwarded. I would think that if the destination
>>        is a link-local multicast, it really doesn't matter as nothing
>>        should forward the packet (and if something is misconfigured to
>>        forward the packet, you're probably in deeper trouble than just
>>        with DHCPv6).
>>        RFC 4861 has:
>>        11.2.  Securing Neighbor Discovery Messages
>>        The protocol reduces the exposure to the above threats in the
>>        absence
>>        of authentication by ignoring ND packets received from off-link
>>        senders.  The Hop Limit field of all received packets is verified to
>>        contain 255, the maximum legal value.  Because routers decrement the
>>        Hop Limit on all packets they forward, received packets containing a
>>        Hop Limit of 255 must have originated from a neighbor.
>>        I don't know off hand if there's any place this is documented
>>        (what to use for hop limit with link-local).
>>    I think your explanation makes sense about ND.
>>    But, about DHCP, I need to know whether a DHCP Solicit with HopLimit 1
>>    is valid or not.
>>    As I said earlier, some DHCP clients set it at 255 whereas others at 1.
>>    In some setting, the DHCP Solicit is encapsulated in IPv4.  Some of the
>>    decapsulation RFCs say that the HopLimit is decremented.
>>    In that setting, it is not clear whether decrementing the hop limit
>>    happens, or not.
>>    But I want to make sure the client which sets HopLimit at 1 (odhcp6c) is
>>    the right way to do.
>>    I think a good place to clarify this is in the DHCP spec.
>>    The spec could say that the HopLimit has some preferred value.
>>            Is IA_NA with empty fields a valid option in a Prefix
>>            Delegation Solicit, or must IA_NA be absent altogether? (the
>>            intention is to only request the Prefix, because the address
>>            comes from RA).
>>        Not sure what an "empty" IA_NA is. Whether you include an IA_NA
>>        or not with IA_PD is the client's choice. If it what's an
>>        address (such as for management) on the upstream link, than it
>>        should include an IA_NA. This is covered in the text in 6.3
>>        (IA_PD only) vs 6.4 (IA_PD and IA_NA, typically).
>>    Noted.
>>            Is ORO with empty fields illegal in a Prefix Delegation
>>            Solicit? (the intention is to get the DNS server from RA,
>>            but some client puts an empty ORO there).
>>        An empty ORO is fine (it should not cause problems, but is
>>        obviously useless). Though if they are following the rfc3315bis
>>        and doing what they should, there would not be an empty ORO.
>>    Noted.
>>            Is it ok to use a GUA in the src address of a Solicit Prefix
>>            Delegation?
>>        See 13.1 of draft-ietf-dhc-rfc3315bis-09 ... the source address
>>        here should be link-local.
>>    Well, that contradicts some trial.
>>    I can say e.g. some (I believe Cisco) client puts a GUA in the src of a
>>    DHCPv6 Solicit.  Other DHCP clients have this optional between LLA or
>>    GUA.  The operator I work with wants it to be a GUA.
>>    As such, I dont know what is the way forward: should the spec get
>>    updated?  shoudl the operator change?  should the Cisco implementation
>>    change?
>>    Alex
>>    _______________________________________________
>>    dhcwg mailing list
>>    dhcwg@ietf.org <mailto:dhcwg@ietf.org>
>>    https://www.ietf.org/mailman/listinfo/dhcwg
>>    <https://www.ietf.org/mailman/listinfo/dhcwg>