Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-port-01.txt

"Bernie Volz (volz)" <volz@cisco.com> Wed, 18 January 2017 21:54 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A7BD1294E6 for <dhcwg@ietfa.amsl.com>; Wed, 18 Jan 2017 13:54:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.721
X-Spam-Level:
X-Spam-Status: No, score=-17.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4EuXkwxuJl0c for <dhcwg@ietfa.amsl.com>; Wed, 18 Jan 2017 13:54:36 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9714B129437 for <dhcwg@ietf.org>; Wed, 18 Jan 2017 13:54:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20088; q=dns/txt; s=iport; t=1484776476; x=1485986076; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=O0CS0EDUxNjH/laKgO3/8T0l7Irw7IUKgbq1en6wjQE=; b=LB2MQDhxTdXBF+pEmBrXdfYQ5wacfHZTBGlFZSDo1dksJCnFAmYhztOe ARCws/nmNUotAKjbFcXZs9MW8juwGfy6fGe+9HxC+3oBumi8yEa/BOT/F tsQ7BtFpGg5qmqbHRMZs3xIjAcz/j89lVLV3dhbXxYyVmDSWpetVHHB8d 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AdAQCf439Y/4sNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzkBAQEBAR9geBEHg0qKCJIClSyCCx8NhXYCGoFqPxgBAgEBAQE?= =?us-ascii?q?BAQFjKIRpAQEBAwEBASEEDToLBQcEAgEIEQQBAQECAiMDAgICJQsUAQgIAgQOB?= =?us-ascii?q?QgBiHIIDrAYgWs6ikEBAQEBAQEBAQEBAQEBAQEBAQEBAQEdgQuJJYEJgwyBJx0?= =?us-ascii?q?zgkyCXgWPJ4waAYZegxeHY4IAUYQ9iDCBOIgcgiGIMQEfOIFEFRgihjNzAYdzg?= =?us-ascii?q?Q0BAQE?=
X-IronPort-AV: E=Sophos;i="5.33,250,1477958400"; d="scan'208";a="196755376"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Jan 2017 21:54:35 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v0ILsZO1016447 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <dhcwg@ietf.org>; Wed, 18 Jan 2017 21:54:35 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 18 Jan 2017 15:54:34 -0600
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Wed, 18 Jan 2017 15:54:34 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Naiming Shen (naiming)" <naiming@cisco.com>
Thread-Topic: I-D Action: draft-ietf-dhc-relay-port-01.txt
Thread-Index: AQHSaG9D0XfUeEfxw0Sn9ambzTJNZaE1P/BQgAn0tQD//6EFoA==
Date: Wed, 18 Jan 2017 21:54:34 +0000
Message-ID: <5841cbedc07e485d8499006469968bb1@XCH-ALN-003.cisco.com>
References: <148374230973.17537.14402355403407250708.idtracker@ietfa.amsl.com> <843031F0-B818-4C19-8120-78EE7D531E06@cisco.com> <4328855a5add4c3a9f044689171156f7@XCH-ALN-003.cisco.com> <15E46807-72A1-49FC-8E67-A1967243EFA0@cisco.com>
In-Reply-To: <15E46807-72A1-49FC-8E67-A1967243EFA0@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.131.32.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/T-0b91_BWrkrwXxPKuzChcvFCzk>
Cc: dhcwg <dhcwg@ietf.org>, "Enke Chen \(enkechen\)" <enkechen@cisco.com>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-port-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 21:54:38 -0000

I'll look at the 02 draft when you do publish it.

I agree that upsteam/downsteam is very confusing (as it depends on perspective) and hence why I think you should just call the option something simple (relay-port)? By keeping it a simple name, the complexity can be in how it is used and the name gets less in the way.

See more below (BV>).

- Bernie

-----Original Message-----
From: Naiming Shen (naiming) 
Sent: Wednesday, January 18, 2017 4:19 PM
To: Bernie Volz (volz) <volz@cisco.com>;
Cc: dhcwg <dhcwg@ietf.org>;; Enke Chen (enkechen) <enkechen@cisco.com>;
Subject: Re: I-D Action: draft-ietf-dhc-relay-port-01.txt


Hi Bernie,

Thanks for the review and comments.

BTW, I made the latest draft changes due to I found it's necessary duration my implementation (using ISC dhcp code base). I have coded the feature for both relay agent and the server for V4 and V6. I have tested with my implementation with:

1) DHCPv4 simple relay case using non-standard port
2) DHCPv6 cascaded relay case with all the V6 relay agents using non-standard ports
3) DHCP 4to6 with cascaded V6 relay agents using non-standard ports 

The main reason why this ‘port’ field of DHCPv6 option needs to be a ‘downstream’
port number instead of previous version we thought as local non-standard port, just think the example of option “Interface-ID” to contrast with. In the case of option “Interface-ID”, the relay-x includes this in it’s Relay-Forw options, when it gets back in the Relay-Reply to relay-x, it needs to find out the ‘interface-id’ to use for the operation 'ON THIS relay-x’; But for relay UDP port option, when it gets back the Relay-Reply to relay-x, it has no use of this non-standard UDP port number of its own, since this DHCPv6 packet has already reached this device, this non-standard UDP port really is for relay-x’s upstream devices to use in order to get to this ‘relay-x’ device. I hope this point is clear.

Please see more replies inline with [NS] tag.

> On Jan 12, 2017, at 11:42 AM, Bernie Volz (volz) <volz@cisco.com>; wrote:
> 
> Hi:
> 
> I don't think the DHCPv6 Relay handing is correct.
> 
> The only relay that needs to add this is the relay that is using a non-standard port. Other relays in the chain only need to add this if they too are using a non-standard port.
> 
> Thus the text:
> 
>   Also when a DHCPv6 relay agent
>   detects that the downstream relay agent relays uses a non-DHCP UDP port in
>   the packet, it MUST record the port number in the Downstream UDP
>   Source Port field of this option.  If this option is included to
>   indicate only the local non-DHCP UDP port usage and there is no
>   downstream relay agent's non-DHCP UDP port usage, the field
>   Downstream UDP Source Port MUST be set to zero.
> 
> Is not appropriate. I'm not even sure how a relay agent could detect this (other than by looking in the received Relayed packet for the option).
> 
> The concept is that a relay that Relays a packet to a server (i.e., generates a Relay-Forw) should ONLY add this option to the generated Relay-Forw if IT is using a non-standard port. Otherwise no option is added (just don't add the option; not an option with 0 value).
> 
> When a server generates Relay-Reply packets from the Relay-Forw chain, it copies this option from the Relay-Forw into the Relay-Reply. And, if the "outermost" Relay-Reply has this option, it sets its destination port number to that port for the packet to be sent.
> 
> The most simple case is:
> 
> Client -> Relay at port 2000 -> Server
> 
> Relay message send to server is then:
> 
> Relay-Forw
>    Option: UDP Port = 2000
>    Option: Relay Message:
>           <Client request message>
> 
> The server will then generate a Relay-Reply:
> 
> Relay-Reply
>    Option: UDP Port = 2000
>    Option: Relay Message:
>           <Client response message>
> 
> And send the packet to the relay at port 2000.
> 
> The relay will then send the client message to the client.
> 
> Note: The above only includes the basic items needed to demonstrate this.

[NS starts]

Correct. And more precisely let me make a distinction for the port 2000 is for upstream server to use. Now In my new version of the draft:

- DHCPv4 case

  relay1 will include relay-agent option for UDP PORT and send to the server.
  The server notices there is a relay-agent option for UDP PORT (without port
  number here), and finds its UDP RELAY-FORW packet has the port
  number of 2000. When sending back the RELAY-REPLY, the server
  uses the destination UDP port 2000 to send to relay1.

- DHCPv6 case

  Basically the same. In our new version of the draft, the relay1 will include
  the Relay Port option and sets the ‘downstream UDP port’ to zero. The
  DHCPv6 server receives this packet, and notices there is a Relay Port option,
  then it finds the UDP port of this packet being 2000. When sending back
  to relay1, the UDP port number will be 2000. 

Both cases are almost identical. There is no number number passed in both options.
[NS ends]

BV> OK, while you could implement it this way -- saying that the presence of the option in the Relay's packet (with a 0 value) is an indication that the port number is not the default and therefore the RECEIVER must insert it (replace the 0 value with the non-zero value based on the source port), I think this is NOT a good idea. I think the sender (that wants to response on the non-standard port) should be the one that adds the option with the correct port number. In DHCPv6, changing some other entities message is frown upon (hence why we encapsulate). And, I think it is simpler and less work for the receiver. There's also a security mechanism that the receiver can use to CONFIRM that the port is the indicated port.

BV> I guess the ONE benefit of doing it your way is that a server COULD detect if there are relays in the mix that don't support this, as when it copies the Relay-Forw's port option to the Relay-Reply, if the value is 0 it could report that the response will not get back to the client since a relay doesn't support the return path. But I don't see that benefit to be very large (since you already require that all entities must support this feature to use it).

> 
> 
> A more complex case:
> 
> Client -> Relay at port 1000 -> Relay at standard port -> Relay at 
> port 2000 -> Server
> 
> Thus the Relay-Forw received at a server might look like:
> 
> Relay-Forw
>    Option: UDP Port = 1000
>    Option : Relay Message:
>         Message: Relay-Forw
>               Option: Relay Message:
>                      Message: Relay-Forw
>                             Option: UDP Port = 2000
>                             Option: Relay Message:
>                                    <Client request message>
> 
> The server then generates:
> 
> Relay-Reply
>    Option: UDP Port = 1000
>    Option : Relay Message: 
>         Message: Relay-Reply
>               Option: Relay Message:
>                      Message: Relay-Reply
>                             Option: UDP Port = 2000
>                             Option: Relay Message:
>                                    <Client response message>
> 
> And sends this to the relay at port 1000.
> 
> The relay will then process this by removing the outer most relay message hence end up with:
> 
> Relay-Reply
>       Option: Relay Message:
>              Message: Relay-Reply
>                    Option: UDP Port = 2000
>                    Option: Relay Message:
>                         <Client response message>
> 
> It will then send this to the next relay at the STANDARD Port (no UDP Port in outermost message):
> 
> That relay will then process this by removing the outer most relay message and hence end up with:
> 
> Relay-Reply
>           Option: UDP Port = 2000
>           Option: Relay Message:
>                 <Client response message>
> 
> It will then send this to the next relay at port 2000.
> 
> That final relay will send the client message to the client (at the standard port).

[NS starts]
Also lets be more precise here to name the cascaded relay agents to be ‘relay-1’ and relay-2’.
relay-1 has the source UDP port of 1000 talking to upstream relay-2, and relay-2 has the source UDP port of 2000 talking to upstream server.

- client sends request msg to relay-1

- relay-1 Relay-Forw msg

  it puts on the Relay UDP Port option and set the ‘downstream udp port’ to zero.
Relay-Forw
   Option: UDP Port, downstream-port=0
   Option: Relay message
    <client request message>

- relay-2 Relay-Forw msg

  Relay-2 notices the Relay-Forw previous hop has the option of UDP PORT,
  it then finds out the inbound packet has UDP port number 1000.
  It puts on the Relay UDP Port option and set the ‘downstream udp port’ to 1000.
  (because relay-2 needs to use this value 1000 later in order to send reply packet 
   back to relay-1).

Relay-Forw
  Option: UDP Port, downstream-port=1000
  Option: Relay message
      Option: UDP Port, downstream-port=0
      Option: Relay message
         <client request message>

- server Relay-Reply msg

  The server notices the Relay-Forw previous hop has the option of UDP PORT,
  and it then finds out the inbound packet has UDP port number of 2000.
  It sends back the Relay-Reply message to relay-2 using the UDP port of 2000.

Relay-Reply
  Option: UDP Port, downstream-port=1000
  Option: Relay message
      Option: UDP Port, downstream-port=0
      Option: Relay message
         <client reply message>

- relay-2 Relay-Relay msg

  Relay-2 finds the UDP Port option, and finds the ‘downstream udp port’ to
  be 1000. It formats the message and sends to relay-1 using the UDP port
  of 1000. (to the downstream relay agent)

Relay-Reply
      Option: Relay message
        Option: UDP Port, downstream-port=0
        Option: Relay message
           <client reply message>

- relay-1 Relay-Relay msg

  Relay-1 finds the UDP Port option, and finds the ‘downstream udp port’ to
  be zero. It formats the message and sends to client with standard UDP port.

Relay-Reply
      Option: Relay message
         <client reply message>

- Client gets the relay message.
[NS ends]

> 
> 
> You also need to clean up the text as you are using "Relay Source Port 
> Option" and "Downstream UDP Source Port"? I think having a

[NS starts]
I’ll look through this again, and as explained above, this ‘port field’ really represents the ‘downstream UDP source port’. But I will try to see if there is something can be improved and consistency is certainly needed.
[NS ends]

> bit more consistent naming would be useful. I think because this is where the "response" should be sent, perhaps best to the "Relay Reply Port Option" or perhaps even "Relay-Reply Port Option" (as in Relay-Reply message). But I'm less concerned about the exact name, just that more consistence exists. I also think that "port" or something simple in the option field definitions would be sufficient rather than using a long name. i.e.:
> 
>      Option-Code:  OPTION_RELAY_REPLY_PORT. 16 bits value, to be assigned by IANA.
> 
>      Option-Len:  16 bits value to be set to 2.
> 
>      Port:  16 bits value.  To be set by to the port to which
>      the Reply-Reply should be sent to (by the upstream
>      relay-agent or server).
> 
> Another issue is that you should give the option a name (OPTION_...) - see http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml#dhcpv6-parameters-2 as all options have such a name and this is not something IANA does -- you need to have it in your draft. (This is less important for v4, though several drafts have been doing this using too - see http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options).

[NS starts]
Will do.

thanks.
- Naiming

[NS ends]

> 
> - Bernie
> 
> -----Original Message-----
> From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Naiming Shen 
> (naiming)
> Sent: Friday, January 06, 2017 5:50 PM
> To: dhcwg <dhcwg@ietf.org>;
> Cc: Enke Chen (enkechen) <enkechen@cisco.com>;
> Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-port-01.txt
> 
> 
> Hi,
> 
> We have updated the dhc-relay-port draft.
> 
> The main update is on the DHCPv6 Relay Agent Source Port option, with 
> the change to the definition of UDP port field from previously of 
> ‘local' UDP source port to 'downstream relay' UDP source port, this is 
> for the cascaded DHCPv6 relay case.
> 
> And added more requirements on server side and relay agent handling of 
> this DHCPv6 option.
> 
> Please review and comment.
> 
> thanks.
> - Naiming
> 
>> On Jan 6, 2017, at 2:38 PM, internet-drafts@ietf.org wrote:
>> 
>> 
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Dynamic Host Configuration of the IETF.
>> 
>>       Title           : Generalized Source UDP Port of DHCP Relay
>>       Authors         : Naiming Shen
>>                         Enke Chen
>> 	Filename        : draft-ietf-dhc-relay-port-01.txt
>> 	Pages           : 8
>> 	Date            : 2017-01-06
>> 
>> Abstract:
>>  This document extends the DHCP and DHCPv6 protocols for the UDP  
>> transport from relay agent to server and allows the port to be any  
>> valid number on the DHCP relay system.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-port/
>> 
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-dhc-relay-port-01
>> 
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-relay-port-01
>> 
>> 
>> Please note that it may take a couple of minutes from the time of 
>> submission until the htmlized version and diff are available at tools.ietf.org.
>> 
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html or 
>> ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg