Re: [dhcwg] I-D Action: draft-shen-dhc-client-port-01.txt

"Bernie Volz (volz)" <> Fri, 08 July 2016 19:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8022012D5F8 for <>; Fri, 8 Jul 2016 12:24:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4acKB61PXdS8 for <>; Fri, 8 Jul 2016 12:24:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1EAC6126B6D for <>; Fri, 8 Jul 2016 12:24:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=3950; q=dns/txt; s=iport; t=1468005896; x=1469215496; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=i09zeMJQMoZ7cnd0kqcNy9A8Y0K9B2rhY7kZOHEzJPI=; b=kl3oGi1RQi6/tdqf+5HiPVadOzE97U5u2olYi9U4D38PlWboErU89pKP eqKgnPeCrvIIcxd6h3HFobqOgocdtbZIDcG2pFBT3Ebci5bOMxBxABkfz 6++8vrSAoqHAbVdQ4ba/Z3P83W/oivbBzk+IoPWfKlmmBeay6dBYjaFvb E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D+AQCN/X9X/4QNJK1cgz6BUga5DIF7h?= =?us-ascii?q?hgCHIEMOBQBAQEBAQEBZSeETQEFIxExFBACAQgODAImAgICMBUQAgQOBYgwrwu?= =?us-ascii?q?PJgEBAQEBAQEBAQEBAQEBAQEBAQEegQGJc4QrgxeCWgEEmRQBjk6PLJANAR42g?= =?us-ascii?q?3FuiDN/AQEB?=
X-IronPort-AV: E=Sophos;i="5.28,331,1464652800"; d="scan'208";a="122034720"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Jul 2016 19:24:55 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id u68JOtvH012582 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Jul 2016 19:24:55 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 8 Jul 2016 14:24:54 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Fri, 8 Jul 2016 14:24:54 -0500
From: "Bernie Volz (volz)" <>
To: Andre Kostur <>
Thread-Topic: [dhcwg] I-D Action: draft-shen-dhc-client-port-01.txt
Thread-Index: AQHR2M8PtDgyaoUgHE2ggSXIc0+FlqAO5D0QgABYoQD//78QgA==
Date: Fri, 8 Jul 2016 19:24:54 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [dhcwg] I-D Action: draft-shen-dhc-client-port-01.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Jul 2016 19:24:58 -0000


Yes, I would agree. Far better to specify the port :).

Yeah, firewalls or NAT[P] boxes between the relays/servers could create
issues. Probably something that should be indicated in the draft that it
may not work well with NAT[P] boxes between relays or the servers (also
perhaps those boxes may drop the packets as not considering them valid
DHCP packets). Probably a minor issue as most likely that part of an
operators network would not use NAT[P], but worth just mentioning.

- Bernie

On 7/8/16, 3:17 PM, "Andre Kostur" <> wrote:

>A counterpoint for #1, I would argue that DHCPv4 does acknowledge the
>possibility of chained relays.  (RFC 951, section 7.3 talking about
>"If 'giaddr' is zero,....", would suggest that there are cases where
>the GIADDR is non-zero.)  Granted, the DHCP server will reply back to
>the original GIADDR, but by then this second relay which didn't modify
>the GIADDR may now be sending from the standard DHCP port, resulting
>in the destination port being determined to be the standard DHCP port
>(used by the 2nd relay), not the non-standard DHCP port desired by the
>first relay.
>I would suggest that both forms of this option put in the desired port
>number as the option's payload (2 octet, MSB first).
>We have also seen a particular misbehaving load balancer fiddle with
>the source port of DHCP packets as they passed by.  I'm not sure how
>widely applicable this experience is... but it has been seen in the
>On Fri, Jul 8, 2016 at 12:04 PM, Bernie Volz (volz) <>
>> Hi:
>> Some initial comments:
>> 1.       For DHCPv4, the zero length option can work since there is no
>> provision for relay chaining.
>> 2.       For DHCPv6, the zero length option does NOT work since this
>> provides no means for a case where Relay 1 uses port X which is sent to
>> Relay 2 which uses port Y to send to the Server. The server can
>>response to
>> Relay 2 on port Y (since that is the incoming port), but there is no
>> for Relay 2 to have stored the port. You should go back and make this
>> a 2 octet option with the port number. The server would then see:
>> Relay-Forw from Relay 2
>>                 Relay Port Source Port option Y
>>                 Relay-Message option
>>                                 Relay-Forw from Relay 1
>>                                                 Relay Port source Port
>> option X
>>                                                 Relay- Message Option
>> request>
>>                 And all would work correctly as the Server would use the
>> port Y from the outermost relay option, relay 2 would use the port X
>> the Relay 1 Relay-Forw.
>Andre Kostur