Re: [dhcwg] Leasequery: should it be standardized?
Richard Johnson <raj@cisco.com> Tue, 11 March 2003 04:22 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26517; Mon, 10 Mar 2003 23:22:04 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B4Z0O15827; Mon, 10 Mar 2003 23:35:00 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B4X8O15764 for <dhcwg@optimus.ietf.org>; Mon, 10 Mar 2003 23:33:08 -0500
Received: from sj-core-2.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26496 for <dhcwg@ietf.org>; Mon, 10 Mar 2003 23:19:20 -0500 (EST)
Received: from mira-sjc5-b.cisco.com (IDENT:mirapoint@mira-sjc5-b.cisco.com [171.71.163.14]) by sj-core-2.cisco.com (8.12.6/8.12.6) with ESMTP id h2B4LPEY011068; Mon, 10 Mar 2003 20:21:25 -0800 (PST)
Received: from cisco.com (stealth-10-34-245-242.cisco.com [10.34.245.242]) by mira-sjc5-b.cisco.com (Mirapoint Messaging Server MOS 3.2.1-GA) with SMTP id AEV82580; Mon, 10 Mar 2003 20:16:11 -0800 (PST)
Date: Mon, 10 Mar 2003 20:21:24 -0800
Subject: Re: [dhcwg] Leasequery: should it be standardized?
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Mime-Version: 1.0 (Apple Message framework v551)
Cc: dhcwg@ietf.org
To: Kim Kinnear <kkinnear@cisco.com>
From: Richard Johnson <raj@cisco.com>
In-Reply-To: <4.3.2.7.2.20030226120723.025d5628@goblet.cisco.com>
Message-Id: <EB5AFD40-5378-11D7-83E4-0003939711FE@cisco.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.551)
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
... A little late, but ... Definitely, we should proceed with it. It's currently in use in a number of places. I know our own cable modem code uses it. We've also heard customers describe network designs where it would come in useful. Just my $0.02. /raj On Wednesday, February 26, 2003, at 09:36 AM, Kim Kinnear wrote: > > Folks, > > We have come to something of a impasse on the leasequery draft, > and I need *your* support if you believe we should continue to > pursue this draft. > > =============================================================== > Without considerable support from the DHC WG, we will halt work > on the leasequery draft and all attempts to bring this work to > standard status. > =============================================================== > > If you believe that there is any value in standardizing the > leasequery capability, please at least respond to this list ASAP > with your positive support. > > If you have the time and expertise, please read the rest of this > email and see if you can offer cogent arguments as to why this is > work that the DHC working group should be pursuing. > > If we don't standardize the leasequery capability, each vendor of > access concentrators and DHCP products that wish to use this > approach will then need to work together (possibly in some other > forum) to try to get their products to be compatible. Of course, > it may well be that we are the only folks who see this as a > useful capability, and so that may not be an issue at all. > > Thanks -- Kim > > ----------------------- Summary ----------------------- > > In case you haven't been following the email between Thomas > Narten and myself, he has been questioning the problem statement > of the leasequery draft. Ralph proposed a new problem statement, > but Thomas feels that this whole capability is questionable. > > You are invited to respond to Thomas' arguments, which I have > distilled as follows: > > 1. Doing anything in the DHC WG like supporting "access > control in router type devices" is out of scope for the working > group, and doesn't fit its current charter. > > 2. Access control in router type devices is not well enough > understood to be sure that: > > a) leasequery is the right solution. > > b) any DHC-based approach is the "right" approach to > solve this problem. > > 3. Until we are sure of 2(a), then we should not proceed with > this work (I believe that this statement is implicit in Thomas' > comments.) > > ----------------------- Background --------------------------- > > Here is Ralph's proposed problem statement: > > Router-type devices which want to enforce some level of access > control over which IP addresses are allowed on their links > need to maintain information concerning IP<-MAC/client-id > mappings. One way in which these devices can obtain > information about IP<-MAC/client-id bindings is through "DHCP > gleaning", in which the device extracts useful information > from DHCP messages exchanged between hosts and DHCP servers. > > However, these devices don't typically have stable storage > sufficient to keep this information over reloads. There may > be additional information that is useful to the device that > cannot be obtained through DHCP gleaning. The leasequery > request message described in this document allows a device to > obtain information about IP<-MAC/client-id bindings from a > DHCP server. This information may include currently active > bindings, bindings involving previously assigned addresses for > which the lease on the address has expired and static bindings > for devices that are otherwise configured and not using DHCP > for address assignment. > > Thomas' concerns center on the second paragraph above, and he says: > > Note, that above is pretty vague and doesn't say what > information the access device needs. It's hard to look at the > problem statement and say "yes, I understand the boundaries of > the problem" and then "and the solution seems like a good > match for the problem". > > Popping up a level, how is it even appropriate for the DHC WG > to be doing work on "access control in router type devices"? > One can argue that work of this broad a scope is well > out-of-scope for this WG (e.g., look at the recently approved > charter). I'm far from clear that work of this scope should > be done in DHC or that the problem is well enough understood > to conclude that DHC lease query is the right solution or that > any DHC-based solution is the right one. What about routers > wanting to do access control that don't use DHC, for instance? > > And note, I'm not raising these issue just to be a PITA. These > are questions that I expect that the IESG would ask if I > brought the document forward. Thus, I need to have reasonable > responses to those questions. Otherwise, I can predict the > likely outcome. > > My response to Thomas was: > > This approach to access control was developed by joint work > with the folks building our access concentrators and several > of us in the DHCP implementation group. They found that the > functionality delivered to actual users was of sufficient > value to those users to be worth the cost of engineering this > particular solution. We supported them in moving the > implementation forward. > > The solution was not based on the charter of the DHC working > group either then or now -- it was based on a rather pragmatic > approach to meeting the needs of users, which it has seemed to > do. In my view at least, it fits within spirit of the DHC WG > activities, and was a logical extension of the those > activities. > > It isn't a comprehensive approach to any sort of security (nor > was it designed to be such) -- it is a supporting piece of > technology to one limited form of access control. > > Thanks for your interest in the leasequery capability. > > Kim > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www1.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Thomas Narten
- RE: [dhcwg] lease query question Cosmo, Patrick
- Re: [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Ralph Droms
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- [dhcwg] Leasequery: should it be standardized? Kim Kinnear
- Re: [dhcwg] Leasequery: should it be standardized? Ted Lemon
- Re: [dhcwg] Leasequery: should it be standardized? Thomas Narten
- Re: [dhcwg] Leasequery: should it be standardized? Kim Kinnear
- RE: [dhcwg] Leasequery: should it be standardized? Kevin A. Noll
- RE: [dhcwg] Leasequery: should it be standardized? Kevin A. Noll
- RE: [dhcwg] Leasequery: should it be standardized? Barr Hibbs
- Re: [dhcwg] Leasequery: should it be standardized? Richard Johnson