Re: [dhcwg] RFC3315 DECLINE definition

"Mudric, Dusan (Dusan)" <dmudric@avaya.com> Mon, 13 February 2017 16:01 UTC

Return-Path: <dmudric@avaya.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20530129454 for <dhcwg@ietfa.amsl.com>; Mon, 13 Feb 2017 08:01:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YBkJUxBfAN6l for <dhcwg@ietfa.amsl.com>; Mon, 13 Feb 2017 08:01:16 -0800 (PST)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57018128E19 for <dhcwg@ietf.org>; Mon, 13 Feb 2017 08:01:16 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2GeAADe16FY/xUHmMZeGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgxBCYYEJB41akgyTJ4IPgUlDJoV8AoIqPxgBAgEBAQEBAQEDXyi?= =?us-ascii?q?CWz0GBy8BAQEBAQEBAQEBAQEBHAIPQQEBGAEBAQECARIoNAMNBwQCAQgNAQMEA?= =?us-ascii?q?QELFAkHMhQJCAIEARIIGolACAGjXY0HJgKLHAEBAQEBAQQBAQEBAQEBAQEBHoZ?= =?us-ascii?q?NhG6BPIMCBhKDMoIxBYkdh2yKaQGGbo1ziAiGL5MVHzmBAFEVPYRFHYFhdYdzK?= =?us-ascii?q?4EDAYELAQEB?=
X-IPAS-Result: =?us-ascii?q?A2GeAADe16FY/xUHmMZeGQEBAQEBAQEBAQEBBwEBAQEBgxB?= =?us-ascii?q?CYYEJB41akgyTJ4IPgUlDJoV8AoIqPxgBAgEBAQEBAQEDXyiCWz0GBy8BAQEBA?= =?us-ascii?q?QEBAQEBAQEBHAIPQQEBGAEBAQECARIoNAMNBwQCAQgNAQMEAQELFAkHMhQJCAI?= =?us-ascii?q?EARIIGolACAGjXY0HJgKLHAEBAQEBAQQBAQEBAQEBAQEBHoZNhG6BPIMCBhKDM?= =?us-ascii?q?oIxBYkdh2yKaQGGbo1ziAiGL5MVHzmBAFEVPYRFHYFhdYdzK4EDAYELAQEB?=
X-IronPort-AV: E=Sophos;i="5.35,156,1484024400"; d="scan'208";a="190447287"
Received: from unknown (HELO co300216-co-erhwest-exch.avaya.com) ([198.152.7.21]) by de307622-de-outbound.net.avaya.com with ESMTP; 13 Feb 2017 11:00:38 -0500
X-OutboundMail_SMTP: 1
Received: from unknown (HELO AZ-US1EXHC04.global.avaya.com) ([135.11.85.15]) by co300216-co-erhwest-out.avaya.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Feb 2017 11:00:24 -0500
Received: from AZ-US1EXMB03.global.avaya.com ([fe80::a5d3:ad50:5be9:1922]) by AZ-US1EXHC04.global.avaya.com ([135.11.85.15]) with mapi id 14.03.0319.002; Mon, 13 Feb 2017 11:00:23 -0500
From: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>
To: Simon Hobson <dhcp1@thehobsons.co.uk>, dhcwg <dhcwg@ietf.org>, "dhcp-users@lists.isc.org" <dhcp-users@lists.isc.org>
Thread-Topic: [dhcwg] RFC3315 DECLINE definition
Thread-Index: AdKCVGJ7VzCckicuS8ujStD5DUW3kQAAXlQAAADH2iAAAEJQgAAATJqQAAClqeAAH3aUcAAClxKAAAGY9gD///saAIAADr9wgAA6TwCAAFLTEP//ubmAgABS6jD//68/gIAAUzJQ//+28gAACnV4EAAKQI6AAB7vbSAAMyFpAABwmj1wAKS8ff4BSSOxkAKHSe+ABJNGvAAJGbPkgBI78p5w
Date: Mon, 13 Feb 2017 16:00:23 +0000
Message-ID: <9142206A0C5BF24CB22755C8EC422E457AA19659@AZ-US1EXMB03.global.avaya.com>
References: <9142206A0C5BF24CB22755C8EC422E457AA194E5@AZ-US1EXMB03.global.avaya.com> <C51D2F05-A721-4629-844C-4B6227F138A0@thehobsons.co.uk>
In-Reply-To: <C51D2F05-A721-4629-844C-4B6227F138A0@thehobsons.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.11.85.50]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/K2Mpgg1ys0qxfn2RzuJBDbZqILw>
Subject: Re: [dhcwg] RFC3315 DECLINE definition
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 16:01:19 -0000

I would like to get more feedback from DHCPv6 users. Preferably, to prioritize the list below. What would be the number one priority item from this list that DHCPv6 users would like to address?

Thanks,
Dusan

-----Original Message-----
From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Simon Hobson
Sent: Monday, February 13, 2017 9:57 AM
To: dhcwg
Subject: Re: [dhcwg] RFC3315 DECLINE definition

"Mudric, Dusan (Dusan)" <dmudric@avaya.com> wrote:

> PROBLEM STATEMENTS:
> - A network operator can set client IPv6 addresses on DHCPv6 server.

That is the primary function of the DHCP server ! I don't see that as a problem.

> An address can be invalid or make a client unreachable.

There are a lot of other ways to bo**ox up a network !
Such configurations may be deliberate. Until recently I did in fact run a network with unroutable (as in valid IP, but no router for that subnet) addresses because there was a policy decision that this particular network would be isolated - it was a backend network to carry traffic independently of the traffic on the public facing front end network.

> - A network operator can change an address prefix on a router. A client address can become unreachable

Ditto.
This is simply failing to co-ordinate network changes. Before removing/changing the prefix, the DHCP admin should have removed the pool IFF it is desired that the addresses be usable for external connectivity. As previously mentioned, this may be deliberate on the part of the Admin.

> - A default router offering a prefix to a client can become unreachable.

"Sh*t happens". Not only that, but what happens if the server hands out a load of IPv6 addresses which are all valid AT THE TIME OF ALLOCATION ? Even if your proposal were implemented, these addresses would be accepted and configured because they would be valid AT THE TIME OF ALLOCATION. The DHCP server and client cannot do anything about it if, say, 5 seconds into a 60 day lease, a router stops advertising a prefix appropriate to that address.

It would be for the OS to detect that situation, and simply stop using that address for outbound connections. IMO it would be inappropriate for all the clients to somehow tell the server that all these addresses are bad - only to have 20,000 clients all contact the server again a few minutes later when the router comes back up and the prefix becomes valid again. That would be designing in network instability.

> A client address can become unreachable on a local link 

?

> - A client does not release unused addresses

So ? There's 2^64 addresses in a minimal IPv6 prefix. How many billion addresses do you intend using for each client ? Even if your 20,000 clients all took and held onto 1000 addresses each, that's still a tiny tiny fraction of the available addresses.



> - A client validates the addresses and the address prefixes and notifies DHCPv6 server about the problems

HOW ?
You will need to define the algorithm for validating addresses. So far you've only come up with "isn't on any prefix advertised by a router" (as above, not a valid test) and "in a deprecated prefix" (as mentioned in an earlier message, not a valid test).

You will also need to define a mechanism whereby all clients can have the algorithm updated as policies change - eg prefixes get deprecated (as previously discussed), new prefixes come into use (eg I assume you would expect currently unused prefixes to be rejected, but they could come into use at any time when it's considered that they are needed).
You will also need to define a mechanism for the local admins to over-ride the stock algorithm - eg where the admins have made a policy decision to run isolated networks. This introduces a catch-22 situation where new devices might not be configurable (they won't attach to the network) until they have been configured (policy edited to allow them to connect).

This is critical to your proposal - until you can come up with an easily defined, and robust, algorithm then your proposal CANNOT work. Worse, it may cause far more problems than it is supposed to solve.


> - A client returns unused addresses
> - DHCPv6 server:
>  -- logs error messages (invalid & unreachable addresses with device IDs)
>  -- does not assign the invalid addresses
>  -- periodically checks for the reachability of unreachable addresses and, when they become reachable, assigns them again

Define "valid" and "reachable" here ?
The implication from this and your earlier emails is that you define "reachable" as "has an IP which is routable to/from 'the internet'". See my comment above about running isolated networks, that backend isolated network runs a DHCP service - so the addresses on it are "reachable" in terms of "the DHCP server can reach them", but they aren't globally routable (they are actually RFC1918 IPv4 addresses, but the argument stands).
With a previous hat on, I had 2 Class C public IPv4 allocations which weren't globally routable.

There is also the issue that the server (in the general case) CANNOT determine the reachability/routability of any prefix. There are plenty of network topologies where the server may lose connectivity to "something" while clients don't, or vice-versa, while connectivity between server and client network is still working. Similarly, there are topologies while server-client comms could be lost, while both still have connectivity to "something". This is the reason that, out of the box, DHCP4 servers in failover do NOT automatically go into partner-down state when they lose connectivity between them.

> - An operator
> -- checks if there are unreachable devices and the reason codes

An alternative: The site/organisation admins take care to co-ordinate changes, and test changes in configuration. They should employ monitoring to detect issues, and respond appropriately to helpdesk tickets.
Configuration management (and especially automation) will detect many of the issues you've raised.

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dhcwg&d=DQICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=UT3Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=-9s7e0Ks0EQLldj5oI4E9zLJKH-0ehGNzPg6r665zKo&s=yZV16lh2Yih0GhvVieDz2J5SHShPy-iKWBYCkGKJkSo&e= 


-----Original Message-----
From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Mudric, Dusan (Dusan)
Sent: Monday, February 13, 2017 9:02 AM
To: dhcp-users; dhcwg
Subject: Re: [dhcwg] RFC3315 DECLINE definition

Thanks to DHCWG group for their comments. I believe the proposals would benefit DHCv6 users.

For the record:

PROBLEM STATEMENTS:
- A network operator can set client IPv6 addresses on DHCPv6 server. An address can be invalid or make a client unreachable.
- A network operator can change an address prefix on a router. A client address can become unreachable
- A default router offering a prefix to a client can become unreachable. A client address can become unreachable on a local link
- A client does not release unused addresses

PROPOSED FAILURE INDICATIONS
- A client validates the addresses and the address prefixes and notifies DHCPv6 server about the problems
- A client returns unused addresses
- DHCPv6 server:
  -- logs error messages (invalid & unreachable addresses with device IDs)
  -- does not assign the invalid addresses
  -- periodically checks for the reachability of unreachable addresses and, when they become reachable, assigns them again
- An operator
 -- checks if there are unreachable devices and the reason codes _______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dhcwg&d=DQICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=UT3Bk9cbLeaJxhf3iCrhIoUWB8YLZU23029sMQGQ2kY&m=Qxk02ZIjaVguViwH6GFfRlZ1P5VOsYQOjA3jNkynsoA&s=2J3Xq9IQVsoMl7JTQP52olq6E_tc1b6kLGRuJ0RnkWE&e=