Re: [dhcwg] AD review of draft-ietf-dhc-addr-notification-10
Warren Kumari <warren@kumari.net> Tue, 16 April 2024 09:09 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F4BFC14F60D for <dhcwg@ietfa.amsl.com>; Tue, 16 Apr 2024 02:09:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zj8D74EM4cU5 for <dhcwg@ietfa.amsl.com>; Tue, 16 Apr 2024 02:09:11 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E629C15198C for <dhcwg@ietf.org>; Tue, 16 Apr 2024 02:09:09 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-56fe7dc7f58so3662590a12.2 for <dhcwg@ietf.org>; Tue, 16 Apr 2024 02:09:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1713258548; x=1713863348; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=PBluJ77/1sSqoc2Uc4Dc6YssBixKVOCFhyp6wT0ugf0=; b=PqLpvG7FJhpEnoY358JOeDUtx7kjeVvk9mlil+b+uDnsELOo/75rk+fg9+reFG5p9X uAjWY4cM4c7eNAChT5rMIJKUVm4byttDAGunfhgHzjhjyhfuBMzMrpO2ydCXUHL/MTK2 /ZJrxUYTvby4mlwZijVAsXrjXOj413CNJIQcp2XFNi3mk/4HWnQR9d90V+4tVxcKSFJy W9XLRyk6yCFJgH0RYaWWzOKJwO6edqlrTIgBn6DlHXx/uNxIOPIi0WRcNvmvD/L1oiLx L9zmXoEWAe1+K8TcId94XdgfoTJNetfeHG3d3jf6zGmi3IXtFuvhbaLEKVhfjV2URQHV WiXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713258548; x=1713863348; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=PBluJ77/1sSqoc2Uc4Dc6YssBixKVOCFhyp6wT0ugf0=; b=rcNfZ6y+NnhtUrDp+/2cg6vgA1aHKYfDXBoDVaZVJLGIqK+bQEWFYBcnFjiO4gBaom ZNXnHfrJqSL1dEbVM4vdppEozEccauHG2PPggECntTMkSA1N2OD6P1Ehs422pjBgMUmA 6L7aBDFDLs6ncYEdm3VR5elfn7JgEIb5T6n2sY4vhEZ9/wHsmmzckP6HKLTClwC6t6RR ot1LVcbSp2gaVnG9lQ9AOyEb4hniFDWsrQG+9/SvAZqOPAr92kBDbYFRwqfS3Yi2wO86 kDN0AMu76MSizy63lj8++SAeAP0ep67h2E2Ye2ly20wicKZcK7h8ghwwrvtkfrTZDMQg GimQ==
X-Forwarded-Encrypted: i=1; AJvYcCUo9gEi+QBOt/WGnAzp97kcX07RdBQF+i3sm7cnFXMTWUynpGaTsjKVEZnWOZPDoyG/FjQBK553tzaP0eZK7A==
X-Gm-Message-State: AOJu0YyqSJQuNbSPHsTdonhl8mw4hyZmSDIm6xTjOGanK9JO9w9hD+2T LYMTSDK+luEyYRkNJ3/GITdQfh3nH4SfQbXluq9O0N8pUxfHQ7rg3QVEp48TU/I4lfKMZHorJ6E /T/Yjg1rnuka2ekJZliZsLzoXszbbBIku+o9ixg==
X-Google-Smtp-Source: AGHT+IHip+eNCti04mGcYpVpm9bGNiEccM0iSSs8rDnDpC/9JQh2Sx/Fu88vpG95h6g909WZ0CzoL0fOuUGJqN8WMSc=
X-Received: by 2002:a50:aa95:0:b0:56d:fa24:8ab3 with SMTP id q21-20020a50aa95000000b0056dfa248ab3mr9773671edc.13.1713258547890; Tue, 16 Apr 2024 02:09:07 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Tue, 16 Apr 2024 02:09:06 -0700
Mime-Version: 1.0
X-Mailer: Superhuman Desktop (2024-04-15T19:05:45Z)
X-Superhuman-ID: lv25w2wh.b5d70928-4d36-4313-be22-d586baffe396
X-Superhuman-Draft-ID: draft0057adceccfe7f14
X-Superhuman-Thread-ID: draft009fad1b3facb5df
From: Warren Kumari <warren@kumari.net>
Date: Tue, 16 Apr 2024 02:09:06 -0700
Message-ID: <CAHw9_iKwxyRkUR8UOGiPPgwA5-zafyhLEdki3JWUE6VJ1dexkw@mail.gmail.com>
To: Timothy Winters <tim@qacafe.com>, Eric Vyncke <evyncke@cisco.com>
Cc: Lorenzo Colitti <lorenzo@google.com>, Jen Linkova <furry13@gmail.com>, dhcwg@ietf.org, rajiv.asati@gmail.com, suresh.krishnan@gmail.com, shengjiang@bupt.edu.cn
Content-Type: multipart/alternative; boundary="00000000000027f2fd0616331763"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/JN-20CU8DihpbM17CgDlpuf1jts>
Subject: Re: [dhcwg] AD review of draft-ietf-dhc-addr-notification-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 09:09:15 -0000
[ + Timothy Winters explicitly ] On Mon, Apr 15, 2024 at 2:08 PM, Eric Vyncke <evyncke@cisco.com> wrote: > > > Hi Lorenzo, > > > > TL;DR: the document is only waiting for the shepherd’s write-up update to > justify the 6 authors > The shepherd writeup includes: "You will need the cooperation of the authors and editors to complete these checks.", and so, as an author, I'll cooperate :-) Tim - Perhaps the below text would work a response to Q13 (13. Has each author, editor, and contributor shown their willingness to be listed as such? If the total number of authors and editors on the front page is greater than five, please provide a justification.)? This document has 6 listed authors. As stated in the Acknowledgements section: "This document borrows heavily from a previous document, draft-ietf-dhc-addr-registration, which defined "a mechanism to register self- generated and statically configured addresses in DNS through a DHCPv6 server", which was abandoned after WGLC. The authors of draft-ietf-dhc-addr-notification felt that it was appropriate to acknowledge the primary authors of this previous document by keeping them as authors on the new document. Thanks, W > > > On the topic SHOULD/MUST, I agree that ther chance of collision is “rather > small” (to say the least), but why not adding a MUST anyway to be on the > safe side even if > DAD will be done even for IA ? Anyway, not blocking, and happy to disagree > with the authors on this minor issue. > > > > Regards, > > > > -éric > > > > > > > > *From: *Lorenzo Colitti <lorenzo@google.com> > > *Date: *Monday, 15 April 2024 at 11:00 > > *To: *Eric Vyncke (evyncke) <evyncke@cisco.com> > > *Cc: *Jen Linkova <furry13@gmail.com>, dhcwg@ietf.org <dhcwg@ietf.org>, > rajiv.asati@gmail.com <rajiv.asati@gmail.com>, Warren Kumari <warren@ > kumari.net>, suresh.krishnan@gmail.com <suresh.krishnan@gmail.com>, > shengjiang@bupt.edu.cn <shengjiang@bupt.edu.cn> > > *Subject: *Re: AD review of draft-ietf-dhc-addr-notification-10 > > > > > > I do see the argument for "MUST mark it as unavailable", but I think > SHOULD is better. This is because with MUST, it is not valid to build an > implementation that just logs the address notifications and does nothing > else. > > > > > > > > > In practice, such an implementation would work perfectly well. SLAAC works > on /64s and on /64s conflicts are *incredibly* unlikely. I think it's less > than one in a billion chance of collision even with 100k devices > on the link, or something like that. > > > > > > > > > On Sat, Apr 13, 2024 at 12:16 AM Eric Vyncke (evyncke) <evyncke@cisco.com> > wrote: > > > > > > > > Hello Jen, > > > > > > > > Also replying implicitly to Warren’s reply dated 5th of April in the same > thread. > > > > > > > > So, thank you, for the answers and suggested changes. We still disagree on > one point (see below for EVY>) but, at this stage, I will it go as you have > answered to my point (even if I do not like the answer). > > > > > > > > I.e., please upload a revised I-D and I will request an IETF Last Call > > > > > > > > Regards > > > > > > > > -éric > > > > > > > > > > > > > > > > > > > *From: *Jen Linkova <furry13@gmail.com> > > *Date: *Wednesday, 10 April 2024 at 01:15 > > *To: *Eric Vyncke (evyncke) <evyncke@cisco.com> > > *Cc: *dhcwg@ietf.org <dhcwg@ietf.org>, > rajiv.asati@gmail.com <rajiv.asati@gmail.com>, Warren Kumari <warren@ > kumari.net>, > suresh.krishnan@gmail.com <suresh.krishnan@gmail.com>, Lorenzo Colitti < > lorenzo@google.com>, > shengjiang@bupt.edu.cn <shengjiang@bupt.edu.cn> > > *Subject: *Re: AD review of draft-ietf-dhc-addr-notification-10 > > > > > > Hi Eric, > > > > Thank you very much for your review and comments. > > Sorry for the delayed response, the authors have been discussing the > > remaining open items, our comments are below. > > > > On Sat, Apr 6, 2024 at 1:38 AM Eric Vyncke (evyncke) <evyncke@cisco.com> > wrote: > > > Figure 1, suggest to also add the dst address. > > > > We'd prefer not to. The diagram focuses on elements which are either > > new (different from existing mechanisms) or important for > > understanding the proposed concept. That’s why Fig1 shows the source > > address: unlike all other DHCPv6 communications, ADDR-REG-INFORM > > MESSAGE is sent from the global address, not the link-local one. That > > difference is important to emphasize. The dst address is the standard > > multicast, so nothing new here. Adding it overloads the diagram with > > information and makes it harder to understand IMHO. > > > > EVY> fair enough > > > > > > > ` The client MUST NOT send the ADDR-REG-INFORM message for addresses > configured by DHCPv6.` what about the very special and rare case where not > all multiple DHCPv6 servers have received the confirmation of address lease > ? > > > > Well...This sounds like a problem DHCPv6 protocol should address with > > or without this proposal. Improving DHCPv6 reliability is out of scope > > for this draft (and sending ADDR-REG-INFORM for addresses received via > > IA_NA is a very high price to pay: it would be *very* noisy if we > > allow the client to register DHCPv6 addresses - and this group has > > spent a lot of time discussing how to optimize the registration > > algorithm to minimize the amount of multicast noise... > > So while nothing would be broken if we replace 'MUST NOT' with 'SHOULD > > NOT', it looks very much undesirable. > > > > > > > > EVY> fair enough > > > > > > > > > # Section 4.2.1 > > > In the case of multiple DHCPv6 servers, how can ` within a prefix > delegated to the client`be checked ? > > > > There is not much difference between knowing which prefix is > > “appropriate for the link” and knowing which pool is used on the given > > link: both require some knowledge of the topology. If the > > administrator runs multiple DHCPv6 servers which share the same pool - > > some mechanism to keep the data in sync would be required anyway, even > > w.o this proposal - and defining such a mechanism sounds like out of > > scope of this draft. In case of a multi-homing scenario (or multiple > > administrative domains, each operating its own DHCPv6 infrastructure), > > then each DHCPv6 server would only register addresses belonging to its > > address space. > > > > > > Would adding the following text to the end of Section 4.2.1 address > > your concern?: > > > > “If a client is multihomed (connected to multiple administrative > > domains, each operating its own DHCPv6 infrastructure), the > > requirement to verify that the registered address is appropriate for > > the link or belongs to a delegated prefix ensures that each DHCPv6 > > server only registers bindings for addresses from the given > > administrative domain.” > > > > EVY> this would indeed improve the specification > > > > > > > > > ` SHOULD log the address registration information` should probably be > more explicit about which information... I.e., DUID not always have MAC > addresses. > > > > We’d like the behavior to be consistent with what the server does for > > assigned addresses and delegated prefixes, hence the text is saying > > “as is done normally for clients to which it has assigned an address” > > - we shall probably update it with “...or delegated a prefix” though. > > > > The proposed text: “the server SHOULD log the client DUID and the > > link-layer address, if available. The server MAY log any other > > information” > > > > EVY> LGTM > > > > > > > ` SHOULD mark the address as unavailable for use and not include it in > future ADVERTISE messages` when can this SHOULD be bypassed ? I would > assume that a MUST would be safer. > > > > If the DHCPV6 pool configuration permits a collision between > > DHCPv6-assigned and SLAAC addresses, then that problem exists even w/o > > this proposal. This draft provides an additional signal to prevent the > > collision but it should be up to the server administrator to use it. > > Making this SHOULD a MUST would be safer but wouldn't guarantee that > > there is no collision. > > MUST would prevent a server from assigning an address that another > > host has registered. But it wouldn't prevent a host forming an address > > with SLAAC that the server has assigned to another host. That has to > > rely on DAD or on the laws of probability. > > > > Given that MUST can't guarantee that collisions don't occur, SHOULD > > seems appropriate. > > > > > > > > EVY> we do not agree here. Up to the authors & WG to decide of course, but > a MUST wont’ prevent other conflicts but would at least prevent some. > > > > > > > > Additionally, a very simple implementation of this draft could simply > > just log and do nothing else. Unless the hosts are malicious or the > > network is extremely large, this will work very well in practice, > > because a collision is extremely unlikely (even with 100k clients it's > > less than one in a billion). If we said MUST, such an implementation > > would be non-compliant. > > > > > ` SHOULD include the client's link-layer address in the relayed message` > when can this SHOULD be bypassed ? I.e., without the client MAC, there is > little use of this I-D. > > > > Good point, thank you! > > > > The proposed text: > > “DHCPv6 relay agents and switches that relay address registration > > messages directly from clients MUST include the client's link-layer > > address in the relayed message using the Client Link-Layer Address > > option ([RFC6939]) if they would do so for other DHCPv6 client > > messages such as SOLICIT, REQUEST, and REBIND” > > > > EVY> ACK > > > > > > > Should the client periodically try to register ? I fear that some > statically addressed nodes will never register as they could stay for years > without reboot or move. > > > > Warren's comment summarizes the WG decision. > > Anyway, statically assigned addresses are not the primary use case for > > this proposal... > > > > EVY> WG decision is paramount at this stage. So, let’s keep the text > > > > > > > > > > > > > > -- > > Cheers, Jen Linkova > >
- [dhcwg] AD review of draft-ietf-dhc-addr-notifica… Eric Vyncke (evyncke)
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Warren Kumari
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Jen Linkova
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Eric Vyncke (evyncke)
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Warren Kumari
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Lorenzo Colitti
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Eric Vyncke (evyncke)
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Warren Kumari
- Re: [dhcwg] AD review of draft-ietf-dhc-addr-noti… Rajiv Asati