IETF Logo Mail Archive

Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Tomek Mrugalski <tomasz.mrugalski@gmail.com> Tue, 09 April 2013 16:38 UTC

Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 038B921F9183; Tue, 9 Apr 2013 09:38:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.434
X-Spam-Level:
X-Spam-Status: No, score=-0.434 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8eKTNkwFyVqw; Tue, 9 Apr 2013 09:38:34 -0700 (PDT)
Received: from mail-ea0-x236.google.com (mail-ea0-x236.google.com [IPv6:2a00:1450:4013:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 0FD0121F9157; Tue, 9 Apr 2013 09:38:33 -0700 (PDT)
Received: by mail-ea0-f182.google.com with SMTP id q15so3017885ead.41 for <multiple recipients>; Tue, 09 Apr 2013 09:38:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:x-tagtoolbar-keys:content-type :content-transfer-encoding; bh=cYHGYi5rE+krljM4WYCTcndyTz/+xn/SUCBQD4597Ks=; b=IebUx3+PcLUGKfEgeQxCdDqIarft9lZ5rk+ucqUY9ndUszVtPRjAEuAgcJMRd7jYGa Kv8p7knNNng4MD2utUExAqJNIAGPOWUiLHGuNpraBEPqOy+LmCGOWOukYj26LpiwkVM5 GD7SN3sMTt3jmh8naGVquQS09YD0VH0KiwxS7S0tQiK9fYCsYiqOvtoKZSjfXVO9IKYS BDRBA4vVMgqxtunOu4GzC/JtZyB00GNUhINopYWq3/qcWO1tqwVjVo57n0fRV8rhF7mc d6NC2eIVcrMRSExrDztbrboTzf5DNbazS8gHEsgVvzzlhpXX0Re5fEG773//ZIyxqykL w5lg==
X-Received: by 10.14.5.137 with SMTP id 9mr61239229eel.30.1365525513212; Tue, 09 Apr 2013 09:38:33 -0700 (PDT)
Received: from [10.0.0.100] (host-109-107-11-157.ip.jarsat.pl. [109.107.11.157]) by mx.google.com with ESMTPS id b5sm7262444eew.16.2013.04.09.09.38.31 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Apr 2013 09:38:32 -0700 (PDT)
Message-ID: <51644403.9080206@gmail.com>
Date: Tue, 09 Apr 2013 18:38:27 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: Jouni Korhonen <jouni.nospam@gmail.com>
References: <CAC8SSWtBMyDgShEDofyUjgcBiQ_ttY_DUbDNHnhhnf531+9XXA@mail.gmail.com> <FB413294-CF61-4AD9-AF26-41EC8A30DF37@gmail.com> <5162d5aa.0794420a.2f19.fffff597@mx.google.com> <8D23D4052ABE7A4490E77B1A012B630775138825@mbx-01.win.nominum.com> <489D13FBFA9B3E41812EA89F188F018E184EBA72@xmb-rcd-x04.cisco.com> <AC349589-AC7B-442B-9CE8-D7343BC44BCC@gmail.com> <5164263E.50402@gmail.com> <450791A9-F1A5-41F5-8EE7-8A69C823CE7A@gmail.com>
In-Reply-To: <450791A9-F1A5-41F5-8EE7-8A69C823CE7A@gmail.com>
X-TagToolbar-Keys: D20130409183827957
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: dhcwg@ietf.org, "<radext@ietf.org>" <radext@ietf.org>
Subject: Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 16:38:35 -0000

On 09.04.2013 17:26, Jouni Korhonen wrote:
>> Here's DHCPv6 point of view: This DHCPv6 option will never reach DHCPv6
>> client. DHCPv6 client will never send it either. DHCPv6 Server will
>> never send this option back, just receive it from the DHCPv6 relay.
> 
> I never said server sending the OPTION_RADIUS back.
You didn't, but someone in this thread mentioned something about sending
the option back to the client.

> Still confirming what I
> meant & asked to be clarified for future use of OPTION_RADIUS (and whether
> my concern is valid to begin with):
> 
> 0) Magic happens..
> 1) DHCP Relay sends a relay-forward to DHCP Server with OPTION_RADIUS
>    including attributes X,Y,Z.
> 2) DHCP Server does not understand Z and thus responses to the Relay
>    with DHCP options/values based on X & Y only.
> 3) DHCP Relay receives the response but for it to send a meaningful
>    reply to DHCP Client it would need some DHCP option/value in
>    the reply that reflects the content of the RADIUS attribute Z
>    (that was included into the request sent to Server).
> 4) what does DHCP Relay do now?
Send the response back to the client, as usual. This is defined in
RFC3315, section 20.2, which is a very simple section. Here's the
relevant part:

   The relay agent extracts the message from the Relay Message option
   and relays it to the address contained in the peer-address field of
   the Relay-reply message.

As simple as that: decapsulate and send to the client.

Relay is not supposed to inspect the responses coming back from the
server or act as judge of any sort (that response is good and the other
is bad, because some DHCP option related to RADIUS attribute is not
there). Some relays do deep packet inspection for various reasons
(snooping addresses or prefixes for example), but that's an additional
thing that do not affect the basic operation - send the response towards
the client (or next relay closer to the client if there are more
relays). Relays may produce warnings or send some alerts if certain
option is missing, but they need to send the resonse back to the client
anyway. Otherwise they violate RFC3315 and are not really DHCPv6 relays,
but something that acts similar to DHCPv6 relay.

Tomek

v2.23.0 | Report a Bug | By Email