IETF Logo Mail Archive

[dhcwg] Comments - draft-ietf-dhc-l2ra-extensions-00

"Wojciech Dec (wdec)" <wdec@cisco.com> Mon, 06 October 2008 13:42 UTC

Return-Path: <dhcwg-bounces@ietf.org>
X-Original-To: dhcwg-archive@megatron.ietf.org
Delivered-To: ietfarch-dhcwg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA2033A6921; Mon, 6 Oct 2008 06:42:52 -0700 (PDT)
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 55D143A6921 for <dhcwg@core3.amsl.com>; Mon, 6 Oct 2008 06:42:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qd4Fo7rNl8Ez for <dhcwg@core3.amsl.com>; Mon, 6 Oct 2008 06:42:47 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 71B753A68FB for <dhcwg@ietf.org>; Mon, 6 Oct 2008 06:42:46 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.33,367,1220227200"; d="scan'208";a="21743573"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 06 Oct 2008 13:43:20 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m96DhKq9005467; Mon, 6 Oct 2008 15:43:20 +0200
Received: from xbh-ams-332.emea.cisco.com (xbh-ams-332.cisco.com [144.254.231.87]) by ams-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m96DhKeE003706; Mon, 6 Oct 2008 13:43:20 GMT
Received: from xmb-ams-33b.cisco.com ([144.254.231.86]) by xbh-ams-332.emea.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 6 Oct 2008 15:43:19 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 06 Oct 2008 15:43:12 +0200
Message-ID: <D9872168DBD43A41BD71FFC4713274D405C71EFD@xmb-ams-33b.emea.cisco.com>
In-Reply-To: <C50C0608.86889%john_brzozowski@cable.comcast.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Comments - draft-ietf-dhc-l2ra-extensions-00
Thread-Index: AckZqsP8AqSVooWeEd2stAAX8tljeAL88pfbAIBjxVA=
References: <C4F7F88E.8539D%john_brzozowski@cable.comcast.com> <C50C0608.86889%john_brzozowski@cable.comcast.com>
From: "Wojciech Dec (wdec)" <wdec@cisco.com>
To: dhcwg@ietf.org
X-OriginalArrivalTime: 06 Oct 2008 13:43:19.0882 (UTC) FILETIME=[7E56CAA0:01C927B9]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=8536; t=1223300600; x=1224164600; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=wdec@cisco.com; z=From:=20=22Wojciech=20Dec=20(wdec)=22=20<wdec@cisco.com> |Subject:=20Comments=20-=20=20draft-ietf-dhc-l2ra-extension s-00 |Sender:=20; bh=MCXdNHUkC6BTLzoIRFReQVqMqe+C7EVzQTJg7l3doHQ=; b=oDRlLRE9Kxj24zsOyUCF/y7l6gco9vFXBriNrekRMCaxcltN7o8zzJQN6e DARcGoCDnP9wu8sO2MhAD+0E8torf9l03z4GMqjAvswgjyslLodvDhLJeo1y VlUHpoKXYZ;
Authentication-Results: ams-dkim-1; header.From=wdec@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Cc: dhc Chairs <dhc-chairs@tools.ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>, "Ralph Droms (rdroms)" <rdroms@cisco.com>
Subject: [dhcwg] Comments - draft-ietf-dhc-l2ra-extensions-00
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org

 Hi Folks,

Here are my review comments for draft-ietf-dhc-l2ra-extensions-00. I
have mainly doubts about the scope of the problem that's being addressed
and concern on whether it is actually suitable as a DHC WG item.

Section 1
----------
It's stated that "This document proposes enhancements in Layer 2 Relay
Agent [7] which
   addresses issues like flooding between Layer 3 Relay Agent and Layer
   2 Relay Agent"

Could the authors describe what is/are the scenario(s) under which such
flooding occurs *between* the Layer 3 and Layer 2 agents? Some form of
problem statement/description would be welcome. Section 3 appears to
contain an brief overview, of these, but mixes them with enhancements.
This actually brings me to comment on Section 3...

Section 3
---------
"Broadcasting DHCP requests on all interfaces

   A normal Layer 2 Relay Agent[7] would broadcast a DHCP request
   message to all its interfaces except..."

This not quite normal behaviour. I don't quite see how this is a problem
*between* the L3 and L2 relay agents, if anything this is a problem for
any ethernet broadcast frame sent "upstream" from the client towards a
L2 access node. If so, then this problem has nothing to do with DHCP,
and is actually covered in say the private vlan concept in 802.1d (also
explained in
http://www.ietf.org/internet-drafts/draft-sanjib-private-vlan-10.txt).
As such I do not believe that this is actually a problem to be covered
in a DHC draft, besides the fact that there are other ways in which the
"broadcast issue" can be handled.
BTW I am implicitly assuming that we're talking about ethernet here (are
we? Surely any non broadcast ethernet L2 access node doesn't run into
this issue)

"Layer 3 Relay Agent broadcasting DHCP replies

   Layer 3 Relay Agents generally broadcast DHCP replies towards Layer 2
   Relay Agents. "

I don't quite see why it's stated that L3 relay agents generally
broadcast replies. If anything, my experience points to the contrary, ie
that in SP environments the L3 relay will either explicitly unicast at
L2 replies or have a configurable option to ignore requests with the
broadcast flag set. As such I don't quite see that this is a problem
which requires additional DHC work for a L2 relay. If anything the L3
relay functionality could be described somewhere (it already is
documented in vendor release notes). Also, if the motivation is that
there are hosts that can only interpret broadcast MAC frames before an
IP address is assigned, then something is wrong there.

The remaining problem/extension described in this section is:
"Recovering Lease Information from Server

   A Layer 2 Relay Agent[7] may snoop DHCP messages and maintain the
   lease information.  This information is lost if the Layer 2 Relay
   Agent reboots."

This appears to be a valid problem, but actually has little to do with
broadcasts between the L3 and L2 agents. That said, the method proposed
may have some issues... (more on that in the next section review

Section 5.2.3
-------------
"While generating a DHCP reply for a DHCPLEASEQUERY message, if the
   message type is DHCPLEASEUNASSIGNED or DHCPLEASEUNKNOWN, it MUST echo
   back the Relay Agent Information received in the DHCPLEASEQUERY
   message.  If the message type is DHCPLEASEACTIVE, DHCP server
   prepares the message as described in RFC 4388 and ignores the Relay
   Agent Information option received in the DHCPLEASEQUERY message."

If I interpret this correctly the server will:
- send a response message to the L3 relay with the L2 relay agent option
(opt82) with For LeaseQueries that have no valid/active lease
- send a response message to the L3 relay without the L2 relay agent
option (opt82) with For LeaseQueries that have a valid lease
This leads me to conclude that in the latter case an L2 relay
(eventually receiving the reply) will be unable not correlate it to a
given port. If the assumption is that the server needs to insert in the
reply *another* (a cached) relay agent info option, then it raises very
much the possibility that the L2 relay receiving it was not actually the
one that generated it (and should probably ignore the response). In
either case I do not see how the L2 relay can then use the message for
anything useful. In fact this appears could well lead to an undesirable
aspect: If a client with a valid lease moves in the same domain to
another L2 agent in the same domain he/she will be Denied the service
until the lease expires (as per section 5.2.1) - assuming that the
"query" feature use is coupled with security. 
Now, in the former case, i.e. when the L2 relay receives a reply
(DHCPLEASEUNASSIGNED or DHCPLEASEUNKNOWN), then even though it can
correlate it to a given port, I see no benefit in it doing so; it had no
state to begin with, and now it has no valid state to go on either.
What's the point in all this? 

Section 5.2.5.1 
---------------
"When a DHCPLEASEUNASSIGNED message is received by a Layer 2 Relay
   Agent, it means that there is no active lease for the IP address
   present in the DHCP server, but that a server does in fact manage
   that IP address.  Layer 2 Relay Agent SHOULD cache this information
   for later use."

What later use? Why is caching this info useful? (Note: A similar
question may be brought forward to rfc4388, but that's bygone now...
Let's talk about why is it useful to have this caching on a L2 relay)

Section 6.
----------
"Even though the DHCP clients are not setting the broadcast flag, it
   is still possible that the DHCPOFFER and DHCPACK messages from the
   DHCP server are sent to all access concentrators.  This is when the
   access concentrator implements a MAC concentration or MAC translation
   function. "

This sanctions the use of L2 MAC NAT which I do not think that the IETF
should get involved in... It also appears that this may be the source of
the real problem which could cause a L3 agent reply sent to a perfectly
valid client unicast mac address to be flooded in an L2 domain. If in
the upstream direction, MACs are NATed but the L3 relay replies to the
client MAC address then that frame will get flooded. It's a problem with
MAC NATing, not DHCP IMO. Actually, it's testament to why the MAC NATIng
is flawed; the L2 MAC NAT device needs a DHCP NAT function too,
translating the client mac address field (and likely breaking rfc3118).

I'd welcome a discussing/resolution of the above before continuing with
the review of some of the other details.

Regards,
Woj.
 

> -----Original Message-----
> From: John Jason Brzozowski 
> [mailto:john_brzozowski@cable.comcast.com] 
> Sent: 03 October 2008 23:25
> To: dhc WG
> Cc: Ted Lemon; David Miles; Ralph Droms (rdroms); Wojciech 
> Dec (wdec); dhc Chairs
> Subject: [CORRECTION] draft-ietf-dhc-l2ra-extensions-00
> 
> Folks,
> 
> This is a correction to the original email below.
> 
> The following draft has been accepted as a WG work item.  If 
> you have any questions or concerns please send feedback to 
> the mailing list.
> 
> Feedback from the WG or the team below, if not already 
> forwarded, is requested.
> 
> Thanks,
> 
> -Ralph Droms, John Brzozowski
>    dhc WG chairs
> 
> On 9/18/08 12:22 PM, "John Jason Brzozowski"
> <john_brzozowski@cable.comcast.com> wrote:
> 
> > Folks,
> > 
> > Before we continue discussions surrounding the above becoming a WG 
> > work item we determined in Dublin that additional mailing 
> discussion is required.
> > 
> > Please review the draft and send your comments and question 
> to the WG.
> > 
> > Additionally, the following folks have also agreed to 
> review the draft:
> > 
> > * David Miles
> > * Ted Lemon
> > * Woj dec
> > * Ralph Droms
> > 
> > Once the review is complete and sufficient discussion has 
> occurred on 
> > the mailing we will revisit next steps for 
> draft-ietf-dhc-l2ra-extensions-00.
> > 
> > 
> > Thanks,
> > 
> > John
> 
> =========================================
> John Jason Brzozowski
> Comcast Corporation
> e) mailto:john_brzozowski@cable.comcast.com
> m) 609-377-6594
> =========================================
> 
> 
> 
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email