IETF Logo Mail Archive

Re: [dhcwg] Tsvart Last Call/telechat review of draft-ietf-dhc-rfc3315bis-10

"Bernie Volz (volz)" <volz@cisco.com> Thu, 25 January 2018 17:01 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 414D0126D74; Thu, 25 Jan 2018 09:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.529
X-Spam-Level:
X-Spam-Status: No, score=-14.529 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bsuv8-xgYs6E; Thu, 25 Jan 2018 09:01:55 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90792126D05; Thu, 25 Jan 2018 09:01:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=41290; q=dns/txt; s=iport; t=1516899714; x=1518109314; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=JI4UImOYlK8ml8eQP79q8cVitVXeGSUT9RzDeOKYAUg=; b=g1QW/NUGR1iu59QNUmDw6ibAmkoShn58OaM5DwJhGSvNCGuDixk6NsFC AF8UJN3PC8AGv2hIT75yIInbr74O1dzl8OzaWlkzXZecLy65TToLWiz+U vCQssw+CeiGfdnWawYHIbUTULJUbN9ffKl3jDhBj3Hya38Hn+vzOsv8EO 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AEAQCtDGpa/5hdJa1cGQEBAQEBAQEBAQEBAQcBAQEBAYJKRzFmdCcHg1aKJI5pggKJEo4xghcKhTsCGoF+VBgBAQEBAQEBAQJrKIUjAQEBBCMKTBACAQgRBAEBIQEGAwICAh8RFAkIAgQBDQUIiUlMAxW1BYInhzoNgwsBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhFGCFYM/gy6Ca0QEgUkKBkyCYYJlBYpgjy6JPz0CjA+ES4R9giSGH4trjiKJCwIRGQGBOwEfOYFQcBWCZ4RXeItwgTOBFwEBAQ
X-IronPort-AV: E=Sophos;i="5.46,412,1511827200"; d="scan'208,217";a="341541072"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jan 2018 17:01:53 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id w0PH1rhM005114 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 25 Jan 2018 17:01:53 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 25 Jan 2018 11:01:52 -0600
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1320.000; Thu, 25 Jan 2018 11:01:51 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Allison Mankin <allison.mankin@gmail.com>, "tsv-art@ietf.org" <tsv-art@ietf.org>
CC: IETF Discussion <ietf@ietf.org>, "draft-ietf-dhc-rfc3315bis.all@ietf.org" <draft-ietf-dhc-rfc3315bis.all@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: Tsvart Last Call/telechat review of draft-ietf-dhc-rfc3315bis-10
Thread-Index: AQHTlWTa+QDPqI+zBE2pAa40tOEIwqOEwUSQ
Date: Thu, 25 Jan 2018 17:01:51 +0000
Message-ID: <63e2bfcda69744218b218b104483e5f4@XCH-ALN-003.cisco.com>
References: <CAP8yD=veyDjwbkHVJUjrk8Ejy+yGXoENco4fR9QEsQO2OSABwg@mail.gmail.com>
In-Reply-To: <CAP8yD=veyDjwbkHVJUjrk8Ejy+yGXoENco4fR9QEsQO2OSABwg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.1.195]
Content-Type: multipart/alternative; boundary="_000_63e2bfcda69744218b218b104483e5f4XCHALN003ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/KTlXrdb1kxsE-QgrLlcD0TgTSvw>
Subject: Re: [dhcwg] Tsvart Last Call/telechat review of draft-ietf-dhc-rfc3315bis-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 17:01:57 -0000

Hi:

Thanks much for the review.

See the comments inline below (BV>).


-          Bernie

From: Allison Mankin [mailto:allison.mankin@gmail.com]
Sent: Wednesday, January 24, 2018 5:44 PM
To: tsv-art@ietf.org
Cc: IETF Discussion <ietf@ietf.org>; draft-ietf-dhc-rfc3315bis.all@ietf.org; dhcwg@ietf.org
Subject: Tsvart Last Call/telechat review of draft-ietf-dhc-rfc3315bis-10

Reviewer: Allison Mankin
Reviewer Result: Ready with Issues

I've reviewed this document as part of TSV-ART's ongoing effort to review key
IETF documents. These comments were written primarily for the transport area
directors, but are copied to the document's authors for their information and
to allow them to address any issues raised.  When done at the time of IETF Last
Call, the authors should consider this review together with any other last-call
comments they receive. Please always CC tsv-art@ietf.org<mailto:tsv-art@ietf.org> if you reply to or
forward this review.

The draft brings together and updates multiple RFCs in order to provide a cleaned-up version of the DHCPv6 specification.

It is good to see that this Bis document for DHCPv6 has done some new work on congestion control and towards packet storm controls.  This is noted in items 12 of Appendix A (the summary of changes) and the sections on Rate Limiting (14.1) and Reliability (15) are basically in good shape, which is why the summary is Ready with issues.

The following  transport-related comments should be considered for fixing before publication

1. In Section 5, which defines that the transport is UDP, add a normative reference to BCP 145, UDP Usage Guidelines.

BV> OK, we can add.

2. There are several small issues about retransmissions:

a) there's a transmit parameters table 7.6 and it would be good for this to reference that these parameters are also controlled by the RND factor parameter and the backoffs in section 14.1

BV> OK, we’ll see what text we can craft for this. Perhaps something like “Some of the values are adjusted by a randomization factor and backoffs (see Section 15) and transmissions may be influenced by rate limiting (see Section 14.1).”

b) The REC_TIMEOUT parameter in the table in section 7.6 is in seconds, but it is described as milliseconds in section 18.3

BV> OK, we will rework the text in 18.3.11. Perhaps replace:

   If the server does not receive a Renew, Rebind, or Information-
   request message from the client in REC_TIMEOUT milliseconds, the
   server retransmits the Reconfigure message, doubles the REC_TIMEOUT
   value and waits again.  The server continues this process until
   REC_MAX_RC unsuccessful attempts have been made, at which point the
   server SHOULD abort the reconfigure process for that client.

With:

When transmitting the Reconfigure message, the server sets the retransmission time (RT) to REC_TIMEOUT. If the server does not receive a Renew, Rebind, or Information-request message from the client before the RT elapses, the server retransmits the Reconfigure message, doubles the RT value, and waits again. The server continues this process until REC_MAX_RC unsuccessful attempts have been made, at which point the server SHOULD abort the reconfigure process for that client.

c) does the rate-limit per device per interface  (a MUST in Section 14.1) explicltly include retransmissions?  This should probably be stated earlier on in the section.

BV> Yes, any transmission by the client. Note that section 14.1 doesn’t generally need to apply to retransmission timers because those would not trigger the rate limiting. The rate limiting is more to deal with “possible logic loops”.

We can change 14.1’s first sentence to add “or retransmits” to the end to clarify that this applies to all DHCP transmissions.

3. The following addition to the spec in Section 15 seems likely to cause excess retransmissions:

  A client is not expected to listen for a response during the entire
   RT period and may turn off listening capabilities after a certain
   time due to power consumption saving or other reasons.  Of course, a
   client MUST listen for a Reconfigure if it has negotiated for its use
   with the server.

If this congestion avoidance is working, then the clients may need to retransmit mostly in cases where the round-trip time isn't very variable.  So I'd be tempted to say "after a certain time" should be after the initial round-trip timeout, so as not to have too many near-misses.

BV> OK, this was to address the LONG RTs for Solicit/Information-Request when no DHCPv6 server is present – as the RT period here can an hour (SOL_MAX_RT/INF_MAX_RT) or perhaps longer if the SOL_MAX_RT / INF_MAX_RT had previously been received by the client. Perhaps we should recommend that this be at least some minimum time, such as 60 seconds? (Not sure if there’s a good general system parameter to use, such as ipReasmTimeout?) Or, could add a new entry to the section 7 table (MAX_WAIT_TIME, 60 secs, Maximum required time to wait for a response) and then change the text to use it?

   A client is not expected to listen for a response during the entire
   RT period and may turn off listening capabilities after waiting at
   least the shorter of RT and MAX_WAIT_TIME due to power
   consumption saving or other reasons.  Of course, a client MUST
   listen for a Reconfigure if it has negotiated for its use with the
   server.

There’s a lot of text in BCP 145, UDP Usage Guidelines, but there’s no direct recommendation (at least that I found).

And, perhaps there is a good argument to make MAX_WAIT_TIME smaller (30 seconds)?

Not transport related, but should be fixed:

 In Section 6.5, don't cite both RFC 3041 and RFC 4941 (about IPv6 privacy addresses), because RFC 4941 obsoletes RFC 30410.

BV> Yes, this has been recommended by others and we will remove 3041.

---------------

I expect there are some risks in the space of congestion avoidance when the up-to-32 transparent relays are in place, and I'd want to see (for future reference, not requesting a change here) some consideration about this before this spec moves from PS to Full Standard.

BV> OK, we can ignore for now. However, it may just be appropriate to reduce the HOP_COUNT_LIMIT value (in 3315bis). I think a value of 8 would be far more reasonable and still be much more than anyone would ever need (and if it becomes an issue, then write an Internet-Draft to increase and address any congestion avoidance issues). I think that would also address your concern now, which is better than to do changes later (especially if not needed).

All networks I’m aware of have only used 1 relay agent. I think RFC 6221 (Lightweight DHCPv6 Relay Agent), in some deployments, might have 2. Setting limit to 8 would still provide plenty of headroom.


​

v2.23.0 | Report a Bug | By Email