Re: [dhcwg] WGLC for draft-ietf-dhc-dhcpv4-over-dhcpv6-03 - Respond by Dec 9, 2013

"Bernie Volz (volz)" <volz@cisco.com> Fri, 06 December 2013 15:05 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EADAE1AE050 for <dhcwg@ietfa.amsl.com>; Fri, 6 Dec 2013 07:05:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Prw2UBL47ETr for <dhcwg@ietfa.amsl.com>; Fri, 6 Dec 2013 07:05:36 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id 9DF211ADFF3 for <dhcwg@ietf.org>; Fri, 6 Dec 2013 07:05:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=62160; q=dns/txt; s=iport; t=1386342332; x=1387551932; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=bCP/7B2popILlUgS15EqQEp5d6GP3iIR845VsHzRJQA=; b=dGtBcxux60TnOq0TVBtN8oTCqXS5FkomC5x7azpvboovIvH7HTwW4yd6 GWKdgePBx3BEaFnR+a0gFP9epXOeXrUeoTffeYLZhVtkJ7TbyFB8m8a29 iLXBTSbXxG+tpTtqIMwHMjQjWbgBZUbAd7xjIPgyu7HRgb5heiy5TK/pc E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnAHAE3noVKtJV2Z/2dsb2JhbABZgkNEOFOwL4hRgSEWbQeCJQEBAQQMDhM6CwcQAgEIEQEDAQELFgEGBzIUAwYIAQEEDgUIAYd5DcB6F45fMQYBBoMagRMDk29ChROQY4Mpgio
X-IronPort-AV: E=Sophos; i="4.93,841,1378857600"; d="scan'208,217"; a="289855702"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP; 06 Dec 2013 15:05:30 +0000
Received: from xhc-rcd-x13.cisco.com (xhc-rcd-x13.cisco.com [173.37.183.87]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id rB6F5UhA004424 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 6 Dec 2013 15:05:30 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.232]) by xhc-rcd-x13.cisco.com ([173.37.183.87]) with mapi id 14.03.0123.003; Fri, 6 Dec 2013 09:05:30 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: WGLC for draft-ietf-dhc-dhcpv4-over-dhcpv6-03 - Respond by Dec 9, 2013
Thread-Index: Ac7pYNYYaEg536DmSXaLna21+HapNwJLQwCw
Date: Fri, 6 Dec 2013 15:05:29 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1ADD590C@xmb-rcd-x04.cisco.com>
References: <489D13FBFA9B3E41812EA89F188F018E1ADA99A8@xmb-rcd-x04.cisco.com>
In-Reply-To: <489D13FBFA9B3E41812EA89F188F018E1ADA99A8@xmb-rcd-x04.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.244.216]
Content-Type: multipart/alternative; boundary="_000_489D13FBFA9B3E41812EA89F188F018E1ADD590Cxmbrcdx04ciscoc_"
MIME-Version: 1.0
X-Mailman-Approved-At: Fri, 06 Dec 2013 07:09:27 -0800
Cc: "draft-ietf-dhc-dhcpv4-over-dhcpv6@tools.ietf.org" <draft-ietf-dhc-dhcpv4-over-dhcpv6@tools.ietf.org>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-dhcpv4-over-dhcpv6-03 - Respond by Dec 9, 2013
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2013 15:05:42 -0000

Hi:

As the assigned document shepherd for this work, I have reviewed it fairly carefully. And, I have the follow more significant comments regarding this draft:


1.       I've already commented on the two vs. one option issue. I think simplifying this to use a single option which is returned by the server to enable this feature and, optionally, specify a list of IPv6 addresses to which to send the packets.

2.       I think we should rename the messages to be BOOTP, not BOOT. BOOTPREQUESTV6 and BOOTPREPLYV6 (and Bootp-request-v6, Bootp-reply-v6). (I also wonder whether we really need the v6, but it may help in clarifying this from standard BOOTP packets, so OK to leave it.)

3.       At the end of section 7 (Use of the Boot-request-v6 Unicast flag), I think it would be useful to add a note to make it clear that this flag represents how the DHCPv4 packet would have been sent, not how the v6 packet is sent. (Note: The "Unicast" flag reflects the how the DHCPv4 packet would have been sent; not how the DHCPv6 packet itself is sent.)

4.       In section 8 (4o6 DHCP Client Behavior), should we be clear that everything is 'interface' specific? 'Client' here is a bit open to its meaning. Though on the other hand, everything with respect to DHCP is typically interface specific so perhaps clarifying this isn't that critical.

5.       Also in section 8, it may be useful to add something about IPv6 source address considerations ... Section 13 of RFC3315 doesn't mention the IPv6 source address, but it is important that packets sent to a global address have sufficient scope. Though in most cases, this can be left to the kernel (if the source address is unspecified).

6.       Also in section 8, for "There are no explicit transmission parameters associated with a Boot[p]-request-v6 message." I think adding ", as this is governed by the DHCPv4, [RFC2131], "state machine"." Or something like that.

7.       In section 10, 2nd paragraph, I wonder if "...broadcast or unicast address if DHCPv4 protocol was used" should be "broadcast or unicast address if IPv4 has been used." The packet is transmitted over IPv4. But this is minor.

8.       In section 12 (IANA Considerations), please improve this to make it clear exactly what registry. You may want to look at the SOLMAX draft text:

IANA is requested to assign one option code each for OPTION_SOL_MAX_RT and OPTION_INF_MAX_RT from the "DHCP Option Codes" table of the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Registry.

There have been a few cases where IANA used the wrong table; while we will hopefully catch that ...

You could even provide the URL for the table (http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xml).

9.       A general issue ... I wonder whether we have a kind of catch-22. As DHCP is interface specific, and the tunnel interface may not be able to 'come up' until after the address is assigned, what interface is this 'DHCPv4' (4o6) client associated with? Is it the v6 interface? Or a 'provisional' tunnel interface? Or, is this left up to the implementation to deal with (since in one sense it probably doesn't matter much - except of course if one was trying to bring up multiple tunnel interfaces over the same v6 interface; but that requires other special logic so may not be a concern).


As well as the following minor nits (note that I did NOT apply changes to the message names as indicated in 2 above):

In section 1, Introduction:

   This document describes a transport mechanism to carry DHCPv4
   messages using DHCPv6 protocol, for the dynamic provisioning of IPv4
   addresses and other DHCPv4 specific configuration parameters across
   IPv6-only networks.  It leverages the existing infrastructure for
   DHCPv4, e.g. failover, DNS updates, leasequery, etc.

Line 2, should be (add the, remove comma):

   messages using the DHCPv6 protocol for the dynamic provisioning of IPv4

In section 3, Terminology:


   CPE:                  Customer Premises Equipment (also known as

                         Customer Provided Equipment), which provides

                         the access of devices connected to Local Area

                         Network (typically at customer's site/home) to

                         Internet Service Provider's network.
Should be (add a and the twice):


   CPE:                  Customer Premises Equipment (also known as

                         Customer Provided Equipment), which provides

                         the access of devices connected to a Local Area

                         Network (typically at the customer's site/home) to

                         The Internet Service Provider's network.

In section 4, Architecture Overview:


   Typically, a 4o6 DHCP client communicates with the 4o6 DHCP servers

   using well-known All_DHCP_Relay_Agents_and_Servers multicast address.

Should be (add the):


   Typically, a 4o6 DHCP client communicates with the 4o6 DHCP servers

   Using the well-known All_DHCP_Relay_Agents_and_Servers multicast address.

And also:


   Client SHOULD request the 4o6 Server Address Option from a DHCPv6

   server and the server may be configured to respond to the client with

   one such option that contains one or more unicast addresses of the

   4o6 DHCP Servers.  The server includes 4o6 Server Address Option in

   Advertise and Reply messages.  The format of the option is defined in

   Section 6.3<http://tools.ietf.org/html/draft-ietf-dhc-dhcpv4-over-dhcpv6-03#section-6.3>.3>.

Should be (add the twice):


   The client SHOULD request the 4o6 Server Address Option from a DHCPv6

   server and the server may be configured to respond to the client with

   one such option that contains one or more unicast addresses of the

   4o6 DHCP Servers.  The server includes the 4o6 Server Address Option in

   Advertise and Reply messages.  The format of the option is defined in

   Section 6.3<http://tools.ietf.org/html/draft-ietf-dhc-dhcpv4-over-dhcpv6-03#section-6.3>.3>.

In section 5.2, Message formats:


   msg-type        Identifies message type.  It can be either

                   BOOTREQUESTV6 (TBD) or BOOTREPLYV6 (TBD) which

                   corresponds to the Boot-request-v6 or Boot-reply-v6,

                   respectively.

Should be (add the):


   msg-type        Identifies the message type.  It can be either

                   BOOTREQUESTV6 (TBD) or BOOTREPLYV6 (TBD) which

                   corresponds to the Boot-request-v6 or Boot-reply-v6,

                   respectively.

In section 7, Use of the Boot-Request-v4 Unicast Flag


   A DHCPv4 client conforming to the [RFC2131<http://tools.ietf.org/html/rfc2131>] may send its DHCPREQUEST

   message to either broadcast or unicast address depending on its

   state.  For example, the client in the RENEWING state uses a unicast

   address to contact a DHCPv4 server to renew its lease.  The client in

   the REBINDING state uses a broadcast address.  If there is a DHCPv4

   relay agent in the middle, a client in the RENEWING state may send a

   DHCPREQUEST message to the unicast address of the relay agent.  In

   such case the server can't find out whether the client sent a message

   to a unicast or broadcast address and thus it can't determine the

   client's state.  [RFC5010<http://tools.ietf.org/html/rfc5010>] introduced the "Flags Suboption" which

   relay agents add to relayed messages to indicate whether broadcast or

   unicast was used by the client.

Should be (remove the, replace "it can't find out" with "the server may be unable to", replace "can't" with "is unable to"):


   A DHCPv4 client conforming to[RFC2131<http://tools.ietf.org/html/rfc2131>] may send its DHCPREQUEST

   message to either broadcast or unicast address depending on its

   state.  For example, the client in the RENEWING state uses a unicast

   address to contact a DHCPv4 server to renew its lease.  The client in

   the REBINDING state uses a broadcast address.  If there is a DHCPv4

   relay agent in the middle, a client in the RENEWING state may send a

   DHCPREQUEST message to the unicast address of the relay agent.  In

   such case the server is unable to determine whether the client sent a message

   to a unicast or broadcast address and thus the server may be unable to determine the

   client's state.  [RFC5010<http://tools.ietf.org/html/rfc5010>] introduced the "Flags Suboption" which

   relay agents add to relayed messages to indicate whether broadcast or

   unicast was used by the client.

And in the following, drop "the" before the RFC?


   In DHCPv4 over DHCPv6, IPv6 is used to deliver DHCPv4 messages to the

   4o6 DHCP Server.  There is no relation between the outer IPv6 address

   and the inner DHCPv4 message.  So the server is not able to know

   whether the DHCPv4 messages should have been sent using broadcast or

   unicast in IPv4 by checking the IPv6 address.  This is similar to the

   case addressed by the [RFC5010<http://tools.ietf.org/html/rfc5010>]0>].

And in the following add "The" before Client (The client MUST...):


   In order to allow the server to determine the client's state, the

   "Unicast" flag is carried in the Boot-request-v6 message.  Client

   MUST set this flag to 1 when the DHCPv4 message would have been sent

In section 8, 4o6 DHCP Client Behavior:

In the first bullet, change doesn't to does not.

And:


   o  If the client receives both options, it SHOULD enable the DHCPv4

      -over-DHCPv6 function and send requests to the unicast address(es)

      in the 4o6 Server Address Option.

Should be (add SHOULD and add each of):


   o  If the client receives both options, it SHOULD enable the DHCPv4

      -over-DHCPv6 function and SHOULD send requests to each of the unicast address(es)

      in the 4o6 Server Address Option.

Add "the" before "DHCP protocol" in:


   The client signaled by the server to use DHCPv4 over DHCPv6 SHOULD

   cease to send DHCPv4 messages using DHCP protocol described in

Also:


   Client MUST follow rules defined in Section 7<http://tools.ietf.org/html/draft-ietf-dhc-dhcpv4-over-dhcpv6-03#section-7> when setting Unicast

   flag.

May be improved by adding "based on the DHCPv4 destination):


   Client MUST follow rules defined in Section 7<http://tools.ietf.org/html/draft-ietf-dhc-dhcpv4-over-dhcpv6-03#section-7> when setting Unicast

   Flag based on the DHCPv4 destination.

And in:


   On receiving a Boot-reply-v6 message, the client MUST look for the

   BOOTP Message option within this message.  If this option is not

   found, the Boot-reply-v6 message is discarded.  If the BOOTP Message

   Option presents, the client extracts the DHCPv4 message it contains

   and processes it as described in section 4.4 of [RFC2131]<http://tools.ietf.org/html/rfc2131#section-4.4>.4>.

The "presents" is odd. Did you mean "is present"?

And finally, in section 11:


   which can cause an amplification attack.  To avoid this, the client

   MUST check if there are repeated IPv6 addresses in a 4o6 Server

   Address Option when receiving one.  The client MUST ignore those

   duplicated unicast IPv6 addresses.

Perhaps change 'repeated' to 'duplicate'? As you use that in the next sentence, so better to be consistent?


-          Bernie

From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Bernie Volz (volz)
Sent: Sunday, November 24, 2013 5:03 PM
To: dhcwg@ietf.org
Subject: [dhcwg] WGLC for draft-ietf-dhc-dhcpv4-over-dhcpv6-03 - Respond by Dec 9, 2013


Folks, the authors of draft-ietf-dhc-dhcpv4-over-dhcpv6-03 (http://tools.ietf.org/html/draft-ietf-dhc-dhcpv4-over-dhcpv6-03.txt) believe it is ready for working group last call. Please review this draft and indicate whether or not you feel it is ready to be published. Your input is important! Please respond by Dec 9th, 2013.



At the time of this writing, there is no IPR reported against this draft.



Bernie will be the document shepherd.



Thanks,


-          Tomek & Bernie