Re: [dhcwg] Re: Renumbering DNS with stateless DHCPv6 - bug?
Stig Venaas <Stig.Venaas@uninett.no> Wed, 19 November 2003 00:27 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27539 for <dhcwg-archive@odin.ietf.org>; Tue, 18 Nov 2003 19:27:37 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AMGBb-0003sp-N7 for dhcwg-archive@odin.ietf.org; Tue, 18 Nov 2003 19:27:20 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hAJ0RBgX014921 for dhcwg-archive@odin.ietf.org; Tue, 18 Nov 2003 19:27:11 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AMGBb-0003sG-Ji for dhcwg-web-archive@optimus.ietf.org; Tue, 18 Nov 2003 19:27:11 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27455 for <dhcwg-web-archive@ietf.org>; Tue, 18 Nov 2003 19:26:55 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AMGBW-0003eF-00 for dhcwg-web-archive@ietf.org; Tue, 18 Nov 2003 19:27:06 -0500
Received: from [132.151.1.19] (helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AMGBV-0003e6-00 for dhcwg-web-archive@ietf.org; Tue, 18 Nov 2003 19:27:06 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AMGBS-0003oK-Ly; Tue, 18 Nov 2003 19:27:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ALs9B-0004Yg-So for dhcwg@optimus.ietf.org; Mon, 17 Nov 2003 17:47:06 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10858 for <dhcwg@ietf.org>; Mon, 17 Nov 2003 17:46:52 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1ALs99-0000cT-00 for dhcwg@ietf.org; Mon, 17 Nov 2003 17:47:03 -0500
Received: from tyholt.uninett.no ([158.38.60.10]) by ietf-mx with esmtp (Exim 4.12) id 1ALs98-0000bC-00 for dhcwg@ietf.org; Mon, 17 Nov 2003 17:47:02 -0500
Received: from sverresborg.uninett.no (sverresborg.uninett.no [IPv6:2001:700:e000:0:204:75ff:fee4:423b]) by tyholt.uninett.no (8.12.10/8.12.10) with ESMTP id hAHMkOpI019732; Mon, 17 Nov 2003 23:46:24 +0100
Received: from sverresborg.uninett.no (localhost.localdomain [127.0.0.1]) by sverresborg.uninett.no (8.12.8/8.12.9) with ESMTP id hAHMkOR7004984; Mon, 17 Nov 2003 23:46:24 +0100
Received: (from venaas@localhost) by sverresborg.uninett.no (8.12.8/8.12.8/Submit) id hAHMkNdP004983; Mon, 17 Nov 2003 23:46:23 +0100
X-Authentication-Warning: sverresborg.uninett.no: venaas set sender to Stig.Venaas@uninett.no using -f
Date: Mon, 17 Nov 2003 23:46:23 +0100
From: Stig Venaas <Stig.Venaas@uninett.no>
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc: Tim Chown <tjc@ecs.soton.ac.uk>, dhcwg@ietf.org
Subject: Re: [dhcwg] Re: Renumbering DNS with stateless DHCPv6 - bug?
Message-ID: <20031117224623.GC4875@sverresborg.uninett.no>
References: <20031113191145.GS3473@login.ecs.soton.ac.uk> <3FB40486.8020608@necom830.hpcl.titech.ac.jp> <20031116113524.GB2256@sverresborg.uninett.no> <3FB8EFCD.9080008@necom830.hpcl.titech.ac.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3FB8EFCD.9080008@necom830.hpcl.titech.ac.jp>
User-Agent: Mutt/1.4.1i
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
On Tue, Nov 18, 2003 at 12:57:01AM +0900, Masataka Ohta wrote: > >I suggest for server to send reconfigure to clients via relays. After some thinking I see that this is much harder than I first anticipated (like always...). I'm still thinking about it, but it's not easy. > >>From server to relay: > > > > If multicast routing available in the site: > > "site" is not a useful concept for autoconfiguration, when > the "site" is really small, which is, perhaps, the primary > target case of "stateless", which is why I asked multicast > over site boundaries. Yes, I also see cases where it wouldn't work. Unicast to relays have advantages, also wrt to security. Only issue is that server will need to know their addresses. > > unicast to each relay, server has a list of relays > > is a rational approach for either case. I may agree. I'm trying to think of good ways to do reconfigure. For now I think I'll do more thinking of that before I go into possible solutions. As I said above it seems to be rather complex. > Of course, the server have a stable storage. > > However, some says "has a list of relays" is a "stateful" > approach and is no good. Yes, my feeling too. > Lack of well definedness of "stateless" is making design and > discussion very hard. Yes. I would say that the DHCP server has configuration state, but no dynamic state. A static list of relays is not ideal, but might be ok. There are levels of dynamic state too though, it should be avoided, but I feel the most essential is to not require state through restarts/reboots. If reconfigure requires state, it may be better to forget it. > >Then from relay to client you can always use multicast on link. > > It is unreliable that relays also should have lists of clients > and stable storages or the server directly take care of the > clients, in either of which case, unicast is good enough. Yes, relays should not have lists of clients. I'm not insisting on multicast in itself, but multicast is the only way I see to avoid having per client state. > >Reconfigure messages should be protected due to possible DoS > >attacks. I didn't consider that at first. I think that can be > >done using public key crypto. Server has a single key pair. > >Clients get public key together with the config info, and the > >reconfigure message is signed with the private key. > > Sorry, public key crypto is computationary expensive that it > rather amplifies than prevents DoS effect. Yes, that is a good point. > With your case, reconfigure messages with bogus signature will > force clients perform expensive public key crypto computation. Yes. It can avoid DoS attack on DHCP server (because all clients do reconfigure), but it puts a big burden on clients. This is a problem. > >>W.r.t. inter-link multicast, what multicast protocols is intended > >>to be used by people in DHC WG? > > >I'm not sure that should be specified. At least as long as it > >isn't SSM, the DHCP infrastructure is completely independent > >of which multicast protocols are used, just like other > >multicast applications. > > I asked not "specified" but "intended". I can't speak for people's intentions, but I don't expect people to have given it much thought. I may be wrong. But SSM will not work with current spec. Current spec allows site multicast to be used, but doesn't require it. So I would say it's up to the implementor and administrator. > >Interesting question. It's relatively easy with standard > >PIM-SM. You only need to reconfigure the RP address on the > >routers, and if you use say BSR, you only need to change on > >the c-BSRs and c-RPs. > > It is more straight forward to change addresses of a DHCP server > on relayes to be used for unicast relaying. However, a DHCP server > is a single point of failure. I don't agree on this. And if you have multicast deployed, you will make sure that works as well. > >Discussion on multicast reliability and renumbering could be > >a good topic for mboned wg. It doesn't belong here. > > I'm afraid it is not an attractive idea to involve yet another > WG in the thread. I agree, and I'm removing dnsop from this one. I don't think they are interested in these details. But if you want to discuss multicast and renumbering in general, you could if you like create a new thread on mboned and not mention DHCP. Well, just a suggestion. My point is that discussions on that problem is much better in that group. There is more expertise there, and I'm not sure how interested people are in dhc... > >For SSM, relays would need to know unicast addresses of DHCP > >servers, and if you do reconfigure with multicast, you also > >need servers to know unicast addresses of relays. Then you > >might as well use unicast. > > Yup. But, is it "stateless"? Not sure, I would like to avoid it though. It for sure adds complexity to implementation. > >>Is a well known unicast address is assigned to a primary and > >>a back-up CORE/RP/SS, which means ANYCAST. > > >Anycast might be used > > An interesting fact is that there are someone who don't want to > use "anycast" for DNS servers, because it intermingles DNS and > routing system. However DNS servers by DHCP with multicast is > already eaqually bad. Then, are we having DHCP with multicast > with anycast CORE/RP/SS? I'm not too sure about using anycast myself. But if you use anycast for RP, that's limited to the network. But let's not discuss how to make multicast reliable here. > Sure. However, mboned is the worst place to discuss "multicast > does not work at all". Well yes, people may not like it (; But there are people there that think that multicast could be improved. And I'm not sure renumbering has been given much thought. > My intention here is to demonstrate that, with multicast, routing > and DHCP are intermingled. I would say that multicast and routing is in the network, while DHCP is an application making use of multicast and routing. DHCP may use site-scoped multicast if available, but it's not required. However link-local multicast is required for IPv6 in general, also DHCP. Stig _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Renumbering DNS with stateless DHCPv6 - b… Tim Chown
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Tim Chown
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Stig Venaas
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Iljitsch van Beijnum
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Stig Venaas
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- RE: [dhcwg] Renumbering DNS with stateless DHCPv6… Bernie Volz
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Masataka Ohta
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Thomas Narten
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Tim Chown
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Masataka Ohta
- RE: [dhcwg] Re: Renumbering DNS with stateless DH… Bernie Volz
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Masataka Ohta
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- RE: [dhcwg] Re: Renumbering DNS with stateless DH… Bernie Volz
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- RE: [dhcwg] Re: Renumbering DNS with stateless DH… Bernie Volz