IETF Logo Mail Archive

Re: [dhcwg] [v6ops] SLAAC renum: Problem Statement & Operational workarounds

"Bernie Volz (volz)" <volz@cisco.com> Wed, 30 October 2019 22:23 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8623120121; Wed, 30 Oct 2019 15:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Ww8mgSP3; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=G87x05j9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2HBR_YwrhglM; Wed, 30 Oct 2019 15:23:53 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DBF1120105; Wed, 30 Oct 2019 15:23:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7948; q=dns/txt; s=iport; t=1572474232; x=1573683832; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YVQvi9nBmp7Nm7itycHOlZQJqA4VUK+2ewA8ijbI3no=; b=Ww8mgSP3QmuJCuy1n/HIK1BZu0t2u3D09Wb1K+dT+jHbH708UPiRmK2u SZa1RsVu2WnP3YHNwQzhXQHL8owiCM++ZGfi9I0MYwtJgajsF7a4h0RZ2 FgxbB3/0aP0he4nOcm41aGK3hEe/J3HwOlUX4/R2TVlFSjjlwGMKdeEEJ U=;
IronPort-PHdr: 9a23:hBLshRAG/S8FX3Db+xRGUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qgw3kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMdRXUgMdz8AfngguGsmAXFP8KOzCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DAAAAdDLpd/5JdJa1lGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBAYF9gUspJwVsUAggBAsqCoQeg0YDinOCOSWXa4JSA1QJAQEBDAEBGA0IAgEBhEACF4NPJDgTAgMJAQEEAQEBAgEFBG2FNwyFUQEBAQECAQEBEBERDAEBLAsBBAsCAQgYAgImAgICJQsVEAIEDgUbB4MAAYJGAw4gAQ6oCwKBOIhgdYEygn4BAQWBNAGBFIJPGIIXAwaBDiiFGIZ5GIF/gRAoDBOCTD6CYgEBAgGBQgYCFIMQMoIsjHMYCBqCUId1lgAKgiSHEI4hG4I8jAiLGoRXhhOBaIoajCmEeQIEAgQFAg4BAQWBaSKBWHAVOyoBgg0BM1AQFIMGDBeBBAEJgkKFFIU/dAGBJ4sGgTABL14BAQ
X-IronPort-AV: E=Sophos;i="5.68,248,1569283200"; d="scan'208";a="652783848"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Oct 2019 22:23:51 +0000
Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x9UMNprp030368 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 30 Oct 2019 22:23:51 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Oct 2019 17:23:50 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Oct 2019 17:23:50 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 30 Oct 2019 18:23:49 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Kftm7QmgaJZ/EA0tPpRPrPLOI10AupPi0DA8Z+zqGoDql+aiSOVRzF7RgR7wLDUZQElZcf4nVRJyUhs/7en2c97m4P5YUdjVyLpLvnIAEGILjcFxVDdeixfPg8dNKxnVBJpQxZ4cgCXyZ5xrYZJKYPjWiQgqc13lr3NoXotXgaQ5tfBVqib4x4rOPF4vlkZrL6YLJPg8GY9GzpqUfAU20siEo1WdKOVcdrbh6c/eGEHMXI2tW8/2tycd836NUfKdvN+OV6H4+z2TXib50D4C6ApcK0P37RALUAQL8a6SNpDCyFaBWt/nRK0TeKFHUgsx2OPag0MEqQOKrVgFk5mT6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YVQvi9nBmp7Nm7itycHOlZQJqA4VUK+2ewA8ijbI3no=; b=F0J0y/m5XUpXwZupasVocOBWgwYzkWK0WHgjohnWsCWhnKoLb+Ew8ITgJ2SQzvqcrFO01NRI2zhR/GlL30Az3Om8QnaL4cKKiFay/GxDorwnHfirdS4j4YL1En9Og+/2OfynekF/4+y0nO2zVVU118D1ibyN2A2mtlBiOqgwODJac9ZObgbRkePpMlJvu01KbVwZMlQWSD7cj/lz0WOceGasAdluBD/efoaujw//gg5NvdFsSWaOQasDiik1NggFJqmbQHlYPGlIcrZKC1INeFD7DZu60swpknRTTLDsO4YKmeCJw6quR8gc9RkLVjJZOUJNQhjtSa4jWQedSlcnbw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YVQvi9nBmp7Nm7itycHOlZQJqA4VUK+2ewA8ijbI3no=; b=G87x05j9uRUVqQIMCZw3Nj91tMXCxQCD4XwHoXUcVXawB0hDiyZ4FCL/IEgvrfhQNmY9qH986CNq4HaRgRiTFMI61MjKxClX4VOsdZLwnL/7xWfzlFhGYIuKeVdnnKda8THjj8ivrZ9w+zJRni0pl6dCJXqAvBrFUeVRYw6xLcY=
Received: from MWHPR1101MB2288.namprd11.prod.outlook.com (10.174.97.139) by MWHPR1101MB2288.namprd11.prod.outlook.com (10.174.97.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Wed, 30 Oct 2019 22:23:48 +0000
Received: from MWHPR1101MB2288.namprd11.prod.outlook.com ([fe80::808:4d44:a5d1:c7f6]) by MWHPR1101MB2288.namprd11.prod.outlook.com ([fe80::808:4d44:a5d1:c7f6%11]) with mapi id 15.20.2387.028; Wed, 30 Oct 2019 22:23:48 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Bud Millwood <budm@weird-solutions.com>
CC: "dhcwg@ietf.org" <dhcwg@ietf.org>, IPv6 Operations <v6ops@ietf.org>
Thread-Topic: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds
Thread-Index: AQHVj3CzWteKsg72/USNDiD4aC/e6w==
Date: Wed, 30 Oct 2019 22:23:48 +0000
Message-ID: <8755B40E-4075-4AAC-BF59-19B6DF9BA6D1@cisco.com>
References: <MWHPR1101MB2288616D545F3DAD1D1734A1CF600@MWHPR1101MB2288.namprd11.prod.outlook.com> <CAOpJ=k06SRAHR7S+UmvFu=zvyk8j_uica2gdbBij+5pr+Jykww@mail.gmail.com> <C0A66DA1-29DE-456A-934D-7ECC07575336@cisco.com>
In-Reply-To: <C0A66DA1-29DE-456A-934D-7ECC07575336@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [24.233.121.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9bd29daf-b5b7-4a40-34ed-08d75d87d5e7
x-ms-traffictypediagnostic: MWHPR1101MB2288:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <MWHPR1101MB2288E8BB79D454F1AB24C076CF600@MWHPR1101MB2288.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(376002)(366004)(136003)(39860400002)(54094003)(189003)(199004)(66556008)(53546011)(186003)(64756008)(102836004)(6512007)(66946007)(6506007)(76116006)(26005)(66476007)(86362001)(91956017)(36756003)(71200400001)(66066001)(71190400001)(4326008)(99286004)(66446008)(76176011)(6436002)(6306002)(229853002)(6916009)(256004)(14444005)(446003)(6246003)(2906002)(8936002)(476003)(2616005)(7736002)(6486002)(305945005)(486006)(81156014)(25786009)(81166006)(8676002)(6116002)(54906003)(316002)(3846002)(5660300002)(478600001)(33656002)(966005)(14454004)(11346002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR1101MB2288; H:MWHPR1101MB2288.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 382cumZhi2NGoU0rsxxmv23l5ZFVbyDViWL5Y7mihT+vHLQVQU4Y0jLREgmqck3rB7oCE1QdeCCp8Xg+Tkq6PQ8oikT/OtDkfRqjBSqbSj9uPxW83lQG5AdPrKAo8S2Xvzc++iPJkR0zqxEdAx4VXVGsvz2I6uCl4fLC8U0vGO6PItzNA2tbelxjwa7FUz8L/f1U03mip//cZ0nSQD4dk0rSge5nVbo6v/cm6HwUUiQMmnAusBNowHGs4gTALphytJLznreKUi8EKdAfALFettMlCu7cGTYB0P8A/a9MOuwNbFVq6gnu3qXvnO9b60XcxuFAsxtrBKoyac/86OzcocIIq6d6c14T6b3U8sswe/6BYaRQtecF+Fqrd7M0jjKRxiRM944qZH6m/AciK+IolJ9g8g0yuqKVzLd4MbrU6fGXRVI3Yy+x6q9uCm+wGyeYt+QTWgNPd1yrTRTBrOKCxkbUVn98NgrNos4xaywsvb8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <D7CB3F42F22E814AAC1AAF9FADD578EA@cisco.onmicrosoft.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9bd29daf-b5b7-4a40-34ed-08d75d87d5e7
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 22:23:48.5662 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lB03uup9pLfTKxeRpIdw32s9Zlfld39+XH4gvDuoByDYEt4oRUM5dWoy+qk/pA4B
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2288
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.18, xch-rcd-008.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/TOxOAbj4Rkc9W88k21yp0cEjPKE>
Subject: Re: [dhcwg] [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 22:23:55 -0000

I should point out that having the dhcp server supply this information may not work all the time. It really depends on what configuration changes were made and the server implementation. And of course is useless if you “move” the CPE.

So this isn’t going to be prefect (only storage on CPE will do that), but should improve things and especially for those situations where the SP configures the DHCP server to renumber periodically.

- Bernie

> On Oct 30, 2019, at 6:16 PM, Bernie Volz (volz) <volz@cisco.com> wrote:
> 
> See Ted’s message ...
> 
> Regarding (3), I was thinking that you might configure it server wide to do this, but if you had specific broken clients, those could be excluded (perhaps based on a class, such as from a specific manufacturer, or by explicit duid). There’s probably never an issuing in providing configuration knobs ... most likely it is just the default behavior that is important.
> 
> I’m less inclined to break what is working, so I’d be a bit more cautious than Ted. Also, the “now” broken CPE will cause a customer service call and could be expensive to the SP. SP support teams also would likely need to know that they might see an increase in customer issues, which probably isn’t easy to know (how many people read release notes carefully)?
> 
> - Bernie
> 
>> On Oct 30, 2019, at 5:53 PM, Bud Millwood <budm@weird-solutions.com> wrote:
>> 
>> Hi Bernie:
>> 
>> If suggestion (1) or (2), an older CPE that borks over two delegated
>> prefixes would stay borked until the old prefix expired. And it seems
>> like suggestion (3) still runs the risk of catching that older CPE.
>> Configuring that knob at the client level seems like a lot of
>> management overhead.
>> 
>> I wonder if introducing suggestions (1) or (2) aren't pushing existing
>> clients to expose new bugs they may have? Suggestion (4) seems
>> reasonable to me.
>> 
>> - Bud
>> 
>> 
>> 
>> 
>> 
>> 
>>> On Wed, Oct 30, 2019 at 10:02 PM Bernie Volz (volz) <volz@cisco.com> wrote:
>>> 
>>> Hello:
>>> 
>>> 
>>> 
>>> DHC folks may want to check out the recent discussion on the v6ops mailing list (https://mailarchive.ietf.org/arch/browse/v6ops/) with the “SLAAC renum: Problem Statement & Operational workarounds” subject.
>>> 
>>> 
>>> 
>>> Basically, one issue that appears to happen in networks where CPEs receive delegated prefixes and are renumbered when a CPE cycles power – why the renumbering occurs is not material. The issue is that some of the devices serviced by the CPE may still have configuration (i.e., from Prefix Information Options received via RAs or perhaps even DHCP) based on the original delegated prefix and if the CPE does not have stable storage (into which it stored the old delegated prefix), nothing initiates deprecating this information. This is because everyone is honoring the lifetimes, but the renumbering caused the SP DHCP server to provide a totally new delegated prefix and there’s no record in the CPE of the old.
>>> 
>>> 
>>> 
>>> For a CPE that has stable storage, it could initiate steps to deprecate the old delegated prefix.
>>> 
>>> 
>>> 
>>> Note that this issue is discussed in https://tools.ietf.org/html/draft-fkhp-dhc-dhcpv6-pd-relay-requirements-00#section-3.2 and also in section 4.3 (S-1) of that draft.
>>> 
>>> 
>>> 
>>> One idea that I suggested is that the SP DHCP server can provide this information to the CPE. The DHCP server should still have a record of the previous delegated prefix (as it has not yet expired for the binding) and it could therefore send this, with 0 lifetimes, in the Reply to the Request (as it would do in a Renew). This would avoid the need for the CPE to keep this information in stable storage.
>>> 
>>> 
>>> 
>>> There isn’t any direct mention of sending IA_PD (or IA_NA) with 0 lifetimes in the processing of Requests, but it isn’t a stretch to consider this. And, without something, it isn’t obvious that servers should (or would) do this?
>>> 
>>> 
>>> 
>>> Some possibilities are (from least conservative to most):
>>> 
>>> Always have the server do this (sending 0 lifetimes) for a Reply to a Request for this condition.
>>> (1) but only for Relayed messages.
>>> Have a server configuration knob (at whatever granularities desired – global, prefix, client, …).
>>> Define a new option that a client would include in (Solicit/)Request to request this behavior. Note that (3) could always override.
>>> 
>>> 
>>> 
>>> Hopefully existing clients would handle this correctly, though they likely would not take the action to deprecate the old delegated prefix. But we don’t know (and at least early in the DHCPv6 days, clients weren’t always happy when they received multiple delegated prefixes). Hence, how conservative should we be?
>>> 
>>> 
>>> 
>>> Perhaps we can discuss as part of draft-fkhp-dhc-dhcpv6-pd-relay-requirements (which is on the agenda for IETF-106), or I could request a separate slot for it - if we need a higher bandwidth discussion.
>>> 
>>> 
>>> 
>>> We can also just discuss here on the mailing list as it may be possible to resolve fairly quickly.
>>> 
>>> 
>>> 
>>> It will require a short draft as it is something that would need to be folded into a RFC8415 bis or continue on it own. Probably adding it to draft-fkhp-dhc-dhcpv6-pd-relay-requirements is not best since these are the delegating relay, not server, requirements.
>>> 
>>> 
>>> 
>>> Bernie
>>> 
>>> _______________________________________________
>>> dhcwg mailing list
>>> dhcwg@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dhcwg
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email