Re: [dhcwg] draft-ietf-dhc-relay-port-10 & Reconfigure

"Naiming Shen (naiming)" <> Tue, 06 February 2018 18:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4B493127333; Tue, 6 Feb 2018 10:35:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.529
X-Spam-Status: No, score=-14.529 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XBiP1S9rLWQB; Tue, 6 Feb 2018 10:35:46 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AB20812741D; Tue, 6 Feb 2018 10:35:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=33086; q=dns/txt; s=iport; t=1517942145; x=1519151745; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/SwPijNS7/k/aQz7bDZDkEHAir9/tqMY5NGIz/abJW8=; b=Ow8TQefv5hn4/6IPPrIi5k7C5gnjmDOj9AySfj6vhxniQ6rDiZhAKYhV yMbryeA7l6sCU/IQ+DZYRF3yBI5GVNcQVg90xvTUrO9iYpixoSwE2syUD vkWeghZByZIOJ10vAKYWgkT/GChE3NGtPasNQLa039EmU5DB0e7nYA65v 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.46,469,1511827200"; d="scan'208,217"; a="67149472"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2018 18:35:44 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id w16IZiMH007493 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 6 Feb 2018 18:35:44 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 6 Feb 2018 12:35:43 -0600
Received: from ([]) by ([]) with mapi id 15.00.1320.000; Tue, 6 Feb 2018 12:35:43 -0600
From: "Naiming Shen (naiming)" <>
To: "Bernie Volz (volz)" <>
CC: "" <>, "" <>, Suresh Krishnan <>
Thread-Topic: draft-ietf-dhc-relay-port-10 & Reconfigure
Thread-Index: AdOfY6gaEFANtBC7Rt+MHUK/8rJcBwAQJRAAAAtogiD//7NuAA==
Date: Tue, 6 Feb 2018 18:35:43 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_DB3A5CC9F155492C82D33D9EF398753Fciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dhcwg] draft-ietf-dhc-relay-port-10 & Reconfigure
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Feb 2018 18:35:48 -0000

This change I think would be confusing, in the case the local relay and downstream
relay both have non-DHCP ports, that is the reason this field is name as “downstream”.

- Naiming

On Feb 6, 2018, at 10:27 AM, Bernie Volz (volz) <<>> wrote:

Yes, as -10 is written it requires the server record that a non-standard port was in use.

This also has an impact to Failover protocol (RFC 8156) and Leasequery (RFC 5007), as there is no carrier defined for this data.

For our server, I’m thinking we’ll avoid adding yet something else to save this data and instead store it in the outermost (closet to server) Relay-Forw “Downsteam Source Port” field (which would normally have 0 in it). That way, it is also available to Leasequery (perhaps a bit non-standard but better than defining more options).

I still think it would be much better to change:

      Downstream Source Port:  16 bit value.  To be set by the IPv6
               relay either to the downstream relay agent's UDP source
               port used for the UDP packet, or to zero if only the
               local relay agent uses the non-DHCP UDP port (not 547).


      Downstream Source Port:  16 bit value.  To be set by the IPv6

               relay either to the downstream relay agent's UDP source

               port used for the UDP packet, or to the port used by the

               local relay agent if it does not use port 547.

That way, the port value is already there.

For DHCPv4, I’m less concerned about this (mostly because almost no one uses ForceRenew with that). But even there it would be nice if the option just stored the port number.

If we’re concerned about security, you would always add: “A relay or server MAY validate that the port number in the option matches the source port on which the packet was received and discard the received message is not.”

-          Bernie

From: Naiming Shen (naiming)
Sent: Tuesday, February 06, 2018 12:43 PM
To: Bernie Volz (volz) <<>>
Cc:<>;<>; Suresh Krishnan <<>>
Subject: Re: draft-ietf-dhc-relay-port-10 & Reconfigure

Hi Bernie,

This can be a server implementation also, as long as the server saves the encapsulated
relay stack on the client’s record. My thinking is this, some other relay options may also needs
to be saved in order for Reconfigure message through the relays to work properly.

- Naiming

On Feb 6, 2018, at 8:05 AM, Bernie Volz (volz) <<>> wrote:

One issue that sadly was not addressed in is what to do about Reconfigure message. There are two ways to deliver Reconfigure messages:

1.       Via the relay
2.       Via unicast to the client

If #1 is used (perhaps because the client and server do not have direct communication because of VPNs or for other reasons), what should the server do? Options are:

1.       Always use the standard port (547).
2.       Record the relay port and use that (since the relay will also be used). I would assume that this would be the “correct” behavior?

I’m not sure if we should (or can) put a hold on RFC-to-be to add something about this?

BTW: This would also have been a good reason to put the port number into the option ALWAYS. This avoids the server from having to record something “else” (the port number), since the server can just extract the value from the outermost (closest to server) Relay Port option.

-          Bernie