Re: [dhcwg] I-D Action: draft-shen-dhc-client-port-01.txt

"Bernie Volz (volz)" <volz@cisco.com> Fri, 08 July 2016 19:24 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8022012D5F8 for <dhcwg@ietfa.amsl.com>; Fri, 8 Jul 2016 12:24:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Level:
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4acKB61PXdS8 for <dhcwg@ietfa.amsl.com>; Fri, 8 Jul 2016 12:24:56 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EAC6126B6D for <dhcwg@ietf.org>; Fri, 8 Jul 2016 12:24:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3950; q=dns/txt; s=iport; t=1468005896; x=1469215496; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=i09zeMJQMoZ7cnd0kqcNy9A8Y0K9B2rhY7kZOHEzJPI=; b=kl3oGi1RQi6/tdqf+5HiPVadOzE97U5u2olYi9U4D38PlWboErU89pKP eqKgnPeCrvIIcxd6h3HFobqOgocdtbZIDcG2pFBT3Ebci5bOMxBxABkfz 6++8vrSAoqHAbVdQ4ba/Z3P83W/oivbBzk+IoPWfKlmmBeay6dBYjaFvb E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D+AQCN/X9X/4QNJK1cgz6BUga5DIF7h?= =?us-ascii?q?hgCHIEMOBQBAQEBAQEBZSeETQEFIxExFBACAQgODAImAgICMBUQAgQOBYgwrwu?= =?us-ascii?q?PJgEBAQEBAQEBAQEBAQEBAQEBAQEegQGJc4QrgxeCWgEEmRQBjk6PLJANAR42g?= =?us-ascii?q?3FuiDN/AQEB?=
X-IronPort-AV: E=Sophos;i="5.28,331,1464652800"; d="scan'208";a="122034720"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Jul 2016 19:24:55 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u68JOtvH012582 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Jul 2016 19:24:55 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 8 Jul 2016 14:24:54 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Fri, 8 Jul 2016 14:24:54 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Andre Kostur <akostur@incognito.com>
Thread-Topic: [dhcwg] I-D Action: draft-shen-dhc-client-port-01.txt
Thread-Index: AQHR2M8PtDgyaoUgHE2ggSXIc0+FlqAO5D0QgABYoQD//78QgA==
Date: Fri, 8 Jul 2016 19:24:54 +0000
Message-ID: <D3A575AD.3032C%volz@cisco.com>
References: <20160708041305.18785.16916.idtracker@ietfa.amsl.com> <FDE950BA-7E7F-4D7E-912C-C324B628A246@cisco.com> <adb4507f1c9947478d3e613271a98367@XCH-ALN-003.cisco.com> <CAL10_BpueP_-+x-g81j4xh14R9DwitZtSuWXaOOKz=tqPyo31g@mail.gmail.com>
In-Reply-To: <CAL10_BpueP_-+x-g81j4xh14R9DwitZtSuWXaOOKz=tqPyo31g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.1.197]
Content-Type: text/plain; charset="utf-8"
Content-ID: <9DF74E7D6C1C5B47B1A90E2A9BF14880@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/PDQW0_EJ7oI0ep5SXReNr1aL3hI>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] I-D Action: draft-shen-dhc-client-port-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 19:24:58 -0000

Andre:

Yes, I would agree. Far better to specify the port :).

Yeah, firewalls or NAT[P] boxes between the relays/servers could create
issues. Probably something that should be indicated in the draft that it
may not work well with NAT[P] boxes between relays or the servers (also
perhaps those boxes may drop the packets as not considering them valid
DHCP packets). Probably a minor issue as most likely that part of an
operators network would not use NAT[P], but worth just mentioning.

- Bernie

On 7/8/16, 3:17 PM, "Andre Kostur" <akostur@incognito.com> wrote:

>A counterpoint for #1, I would argue that DHCPv4 does acknowledge the
>possibility of chained relays.  (RFC 951, section 7.3 talking about
>"If 'giaddr' is zero,....", would suggest that there are cases where
>the GIADDR is non-zero.)  Granted, the DHCP server will reply back to
>the original GIADDR, but by then this second relay which didn't modify
>the GIADDR may now be sending from the standard DHCP port, resulting
>in the destination port being determined to be the standard DHCP port
>(used by the 2nd relay), not the non-standard DHCP port desired by the
>first relay.
>
>I would suggest that both forms of this option put in the desired port
>number as the option's payload (2 octet, MSB first).
>
>We have also seen a particular misbehaving load balancer fiddle with
>the source port of DHCP packets as they passed by.  I'm not sure how
>widely applicable this experience is... but it has been seen in the
>wild.
>
>On Fri, Jul 8, 2016 at 12:04 PM, Bernie Volz (volz) <volz@cisco.com>
>wrote:
>> Hi:
>>
>>
>>
>> Some initial comments:
>>
>>
>>
>> 1.       For DHCPv4, the zero length option can work since there is no
>> provision for relay chaining.
>>
>> 2.       For DHCPv6, the zero length option does NOT work since this
>> provides no means for a case where Relay 1 uses port X which is sent to
>> Relay 2 which uses port Y to send to the Server. The server can
>>response to
>> Relay 2 on port Y (since that is the incoming port), but there is no
>>place
>> for Relay 2 to have stored the port. You should go back and make this
>>option
>> a 2 octet option with the port number. The server would then see:
>>
>> Relay-Forw from Relay 2
>>
>>                 Relay Port Source Port option Y
>>
>>                 Relay-Message option
>>
>>                                 Relay-Forw from Relay 1
>>
>>                                                 Relay Port source Port
>> option X
>>
>>                                                 Relay- Message Option
>>
>>                 
>><client’s
>> request>
>>
>>                 And all would work correctly as the Server would use the
>> port Y from the outermost relay option, relay 2 would use the port X
>>from
>> the Relay 1 Relay-Forw.
>
>
>-- 
>Andre Kostur