Re: [dhcwg] Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements

Jen Linkova <furry13@gmail.com> Thu, 08 October 2020 01:25 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C45CC3A09C4; Wed, 7 Oct 2020 18:25:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZVpSDuHuSix; Wed, 7 Oct 2020 18:24:59 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A5B53A09C0; Wed, 7 Oct 2020 18:24:59 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id c2so5297829qkf.10; Wed, 07 Oct 2020 18:24:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9ltSWlSghhcJwuXvXEYO2nME0cO+xdTso/4lU+6wRpA=; b=CIS8jJ6wWNZbyjPqQrHs7I53L4I7UVEiaKfjWogLMIhe/VKn5aHi1ZPVnxNrxFD/Kg e6skIMVfBPGNwKw4cYdXgxH9//U+8BZTRAfF28z1n4FwK3UruXDP23NgT3qQqpF0Mqg9 w27QLfX+H7zyV2cdcs5K/FAZDSIijf4akLVPeLw+KVezjZ22mSODcQzrLRApO8uA/zsz ArDZ3Agt7lwSNQ3KnWtBYHzSotoui/6eS02vztLGCq/doriecDNDwTs6d9T+MCPxX2FG ttkmJYKTwH8uCEshZxVHg7J0M1bPmgtuAcOzwD1S+Sy0G8UQi/7XqewN2YGlprxsb+/a OHKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9ltSWlSghhcJwuXvXEYO2nME0cO+xdTso/4lU+6wRpA=; b=cBVsxzFyXtt9iYIgTk5hxk3gFy2WuZnGSisI5ocnAc+D84b23rbRYQybMOZd7oiJbU 2pMWaDF0miBcKu+vpBI2/ZuUfIRatN+yBBW0V0hlyqzCh8h30ZEG27ObGMhZjFWSoBPI JrAN+5NSFJmfE0laokCuZqRJumJXXo9v6GOI1hcmj5oWmuc/3DKx8Jm4Xo3wtPOljH9F 39IOP9URjN5bRCW2UNfDfkbuNqvLWtl00QW8wJi5K3jPo0SdssnhmFDbjIlZBRl20MNe 5e3WBCU4/MK3EYcYt1RbFlxwtnamQ3pKZEtXUU+95PItxl6Yk3wgqTrHCMcz1yAhyZyg NIow==
X-Gm-Message-State: AOAM530TLjaPJepr3GsscHjPU8PQbeUdY1Pp8LD9cNXnv8nyolEP7A8P QN0+xOfmhKXsFhmM/kIdzBpRa2TEkYvIHp/8L//3rJHA
X-Google-Smtp-Source: ABdhPJzkSB8/s7I0Dd3E+avptUjlZNqb88zS7FDRGx03Yr0LvMQfz1NviVqo401EEkZ3quolwWNyFUXbH5FUUt6m8Ns=
X-Received: by 2002:a37:d41:: with SMTP id 62mr5678002qkn.444.1602120298455; Wed, 07 Oct 2020 18:24:58 -0700 (PDT)
MIME-Version: 1.0
References: <5F6947F2-F7DF-4907-8DD5-28C2B20A91DE@gmx.com>
In-Reply-To: <5F6947F2-F7DF-4907-8DD5-28C2B20A91DE@gmx.com>
From: Jen Linkova <furry13@gmail.com>
Date: Thu, 8 Oct 2020 12:24:45 +1100
Message-ID: <CAFU7BAT87uhUKZM-G9MjCgtmGbdCwXorP3SfMJm7_Ax7pvwDjg@mail.gmail.com>
To: ianfarrer@gmx.com
Cc: v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>, dhcwg <dhcwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/MXGXHYIUKoK6xxkS_H93xqsGjmE>
Subject: Re: [dhcwg] Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 01:25:01 -0000

On Wed, Oct 7, 2020 at 9:25 PM <ianfarrer@gmx.com> wrote:
> We are currently finishing WGLC for this draft. It describes requirements for a 'DHCPv6 Delegating Relay' - this is a router functioning as the L3 edge and DHCPv6 relay (only) with prefix delegation. This is a common deployment scenario, but RFC3633/8415 only really describes PD using a Delegating Router - i.e the L3 edge also functions as a DHCPv6 server with no relay. When the relay and server functions are performed by separate devices a number of problems with how relays behave have
> been observed, so this document addresses them.
>
> During WGLC for this, Ole raised a comment related to one of the routing requirements:
>
> R-4:    If the relay has learned a route for a delegated prefix via a
>            given interface, and receives traffic on this interface with
>            a destination address within the delegated prefix (that is
>            not an on-link prefix for the relay), then it MUST be
>            dropped.  This is to prevent routing loops.  An ICMPv6 Type
>            1, Code 6 (Destination Unreachable, reject route to
>            destination) error message MAY be sent back to the client.
>            The ICMP policy SHOULD be configurable.
>
> The problem that this is trying to solve is:
>
> 3.5.  Forwarding Loops between Client and Relay

I might be missing smth but...
Let's say I have a relay and it's 'south' (client-facing) interface is
connected to a switch. The client AND second device (another router or
a host) are connected to the same segment.
The client gets a prefix, the relay 'learned' (or shall we call it
'install'?) the route for the delegated prefix pointing to its 'south'
interface with the client address as a next-hop.
What would happen if the *second* device sends traffic towards the
delegated prefix? As that device is usig the relay as its default
gateway, the traffic would be sent there.
If I read the draft correctly, instead of forwarding the traffic and
maybe sending the redirect, the relay is expected to drop it?

-- 
SY, Jen Linkova aka Furry