IETF Logo Mail Archive

[dhcwg] IESG Discuss on draft-ietf-dhc-mac-assign

"Bernie Volz (volz)" <volz@cisco.com> Thu, 13 August 2020 15:00 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B310E3A0CFB for <dhcwg@ietfa.amsl.com>; Thu, 13 Aug 2020 08:00:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HjxmwETs; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ceMhb5sh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQQrAGwDdNMG for <dhcwg@ietfa.amsl.com>; Thu, 13 Aug 2020 08:00:25 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E553A0D17 for <dhcwg@ietf.org>; Thu, 13 Aug 2020 08:00:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15705; q=dns/txt; s=iport; t=1597330824; x=1598540424; h=from:to:subject:date:message-id:mime-version; bh=UnZ6Yxs3L3YpgAu2+6JeANjwzUoRkBcZSAKThCBhbos=; b=HjxmwETscD2Nlp3j4FllkCXcffZcl372tMB3AF6qOsE/FwyphnhucwKY 3Na8hD/HLCTXXPm9B5VO6VtMCwzaRr+Fd6ucEzW/r60h4u9mCBy0fBKxg jFvmz3EdjdjXwU0PxrnNNGd2wDbkkY3onqIiJWMjuidFlyQo2mc8wGzFe A=;
IronPort-PHdr: 9a23:5KCy/BVnYLBrwhFRtiQfctQtpFfV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBNyHuflFkOHR9avnXD9I7ZWAtSUEd5pBH18AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7Zo2a56ngZHRCsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AZBgAtVTVf/4ENJK1fHgEBCxIMQIE/C4EjLyMGKAdwWC8sCodyA6FShG2BLoElA1ULAQEBDAEBLQIEAQGETAKCQAIkNAkOAgMBAQsBAQUBAQECAQYEbYUvCCUMhgobEwEBOBEBgQAmAQQBGhqDBYF+TQMuAachAoE5iGF0gTSDAQEBBYUfGIIOCYE4gnGCUkuHAxqCAIEQAUOHMBqDSIItj0EXCQ2JcoMfmCWBCAqCYodjh0qLEJQyi2OSNJsRhCUCBAIEBQIOAQEFgVM6gVdwFTuCaVAXAg2BNIxrgSUBAoJJilZ0NwIGCgEBAwl8jxsBMV8BAQ
X-IronPort-AV: E=Sophos;i="5.76,308,1592870400"; d="scan'208,217";a="802097060"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Aug 2020 15:00:12 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 07DF0Ci5018066 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <dhcwg@ietf.org>; Thu, 13 Aug 2020 15:00:12 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 13 Aug 2020 10:00:12 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 13 Aug 2020 11:00:11 -0400
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 13 Aug 2020 10:00:11 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XZ/oeuCzhldyB8hWAXqRCQdi1rQRjh89DpmQuo5ZF9sVbDMgtwOi2Al59RanDSIGxwGtJ0PSSo/6vSQpKi2SWw0WVyS/sJMlAvSdMKwixKgf68VxAYuR4kG+F1rfNLbVI+MhSd/G/AWjC9OFBRVKPqjihOHutTDo+fgHpeSmUM7K2vUBfldxngSzk86wi/3doCM5AjmYnd/PDEpZDmtLf+JJ0diox5HO3Tl0sDFhfsXiAw//A2pu6BIM4rgVefql3d+xASjBw+GgIiWGN/XjMQ9txFxycanbeqscMPWcWh07e/HOKF5WOLAikFkL6eqffdQNE72pPIdJN7hZ8DmOAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nC2LBKYVnH4DblsA8PTEi/n1qy+S6e5w5gWVlEt3Hpw=; b=HxwConBudLzE/dBfJWmurjx/UQAv009oudfbRljMrfug+zEyWyl9SqzG/cClDnqC58ZZ0k3hOpJF8jxvKjPAAae1q63TjCKjhUlPeeKsBldrPKsLL6IzgHyf8yzg2coNi03Ro7BfonGgeOdH1XA1nMStuV1lLrtPBKi8HQfnNVF/RHWzFh2aIPLeoPiIhf7UnGz5irKyNEBfRMN+qEJDsfpF5Z9rhO9325+J48GJqHeUDcCSFPhd9eQ78Jga4dyf8Yb+oy3hJ4DfgGABM6wgWkeTiiuG1PVw3qorSaIo4kr6MVdq0fplLi26iu8+UFrv3Oawxc3TSTbBPlr9D6sAlA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nC2LBKYVnH4DblsA8PTEi/n1qy+S6e5w5gWVlEt3Hpw=; b=ceMhb5shgMQD6TGL8KLqYQe/oKac0zJTLFD1EUy/7vbHZmY+fTzFrXIN61Scuhi5r0q+wad4Dawr5s14kHjcu/Cqk/6+5Cpt8pua3fVMVv+UxV0KsHFM2VckG26IwgKtA2xB/5fzYdEu8m+ooIV3L+WrzImFGCBO1OpFt07Co1M=
Received: from BYAPR11MB2549.namprd11.prod.outlook.com (2603:10b6:a02:c4::33) by BYAPR11MB3288.namprd11.prod.outlook.com (2603:10b6:a03:7e::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.20; Thu, 13 Aug 2020 15:00:09 +0000
Received: from BYAPR11MB2549.namprd11.prod.outlook.com ([fe80::4def:531c:68ed:5e2c]) by BYAPR11MB2549.namprd11.prod.outlook.com ([fe80::4def:531c:68ed:5e2c%4]) with mapi id 15.20.3261.024; Thu, 13 Aug 2020 15:00:09 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: IESG Discuss on draft-ietf-dhc-mac-assign
Thread-Index: AdZxfU4stYZWbK6XSxS6GPykxZ2Log==
Date: Thu, 13 Aug 2020 15:00:09 +0000
Message-ID: <BYAPR11MB254931A67153209F909A084DCF430@BYAPR11MB2549.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 85ca82b8-a359-4ed6-8d15-08d83f9992db
x-ms-traffictypediagnostic: BYAPR11MB3288:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR11MB32885B8E920FF8197C17E2F6CF430@BYAPR11MB3288.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XlUo9hfn8hSyf5s5koWWIvkiNMUGThVcnF4++Qo6KJCfCCa/d9tu91Hr4avXrL+9dxxbAd5qqwonSG6xkkdAtXHMMUScnTjcsvZ1FgbdOXOlU+TkxRMFlKDiGVxRRTjJf0GOK529w88nbF5tHF/p+8SefZhehF5AbkRbmhfCuWlMBY3rq3qSeOKGV9mmtUxKRBlWloJbvs8FKEiTScdP6+7x7PP43ccok2rFBFlGS1RIvmL8dRxYmgC5yvoLye+9/D4OK8XJIMcsArTIT5J8ZLX98biJ4yPJPIK/Hs5D0uP6e/CNetG6I8S2REe9dLHa
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2549.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(136003)(376002)(346002)(396003)(39860400002)(478600001)(110136005)(86362001)(33656002)(316002)(55016002)(71200400001)(7696005)(186003)(6506007)(83380400001)(64756008)(66476007)(5660300002)(26005)(2906002)(76116006)(66946007)(66446008)(8676002)(9686003)(52536014)(66556008)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: jVKz6f68qmZxAcSs6FLMDnJT5g8JiyiZ+7YJALQdFGFVKnglvMfB7CZFYyJWkEHC3Do/qC34LlbRFJGlo9X7fMAyAq5Cu2kz9DCNQK8mXSF6jFPDEXz26hRr5nIh4s4F07peL6IV7vmqZBtj6YqrT6FTf9Mq4r2xhuhiwxyBmVN/88aQSb9Nd90y3mDB0Q8oWmwlAX54dFxJmi5lC/AfGx6fCzkAzRI+GNtG5djux6s54OGLAu1b61GH85CYhJpsa5Rv77QKJEfWNaHxy7uEPjmOXjTSAuKTaaBiDyW98WJthqICzMBNOLoVED+82SlzHhED2LXdtmWmvu4Cjho+0L3g+9NJyxDWk8DiEZHP+oAnoroY/A/Ip5ahSiDMYOByGteLWsHAJM8qJUhuQ6+4F5I2EUCNd400to35iII5b6C0d2/xAKwo1a4LXasXcVNPlzoGc4fpjRkIHqrI7fzqQ5gdR9zndoqlYXcPUtfQk19CfPt+XBD5/6if1IDEalx2EElo0kKE7NXI2Bu7M8eEFxw4wYDAaxHh0uRncD26ZWAALI5q/E0plNGMeifoEOnLVD4WGd9CeZNw3FygFi1DIw7eNvf+TmNdZygJvmPSJ1DqrcL56d+rjIEI7gJubi0dHmbP1QDXbNMxJ32g1PGZOg==
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB254931A67153209F909A084DCF430BYAPR11MB2549namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2549.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 85ca82b8-a359-4ed6-8d15-08d83f9992db
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2020 15:00:09.8044 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eJ2p0W4SW9GsY7DX1ORSeZ6z1JoDOmxVNxlRRgjzAGnhXaiONgJpsxTVc3IRapqa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3288
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/VSym1s4yuw8aUcotdIP9yuo9m3Q>
Subject: [dhcwg] IESG Discuss on draft-ietf-dhc-mac-assign
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 15:00:28 -0000

Hello:

Regarding your discuss issues ... I offer the following comments (inline with BV>):

Client SHOULD, server MUST ignore.  In a couple of places in the document (sections 6, 10.1, 10.2), it states that the client SHOULD set 0.  To allow the protocol to evolve in future, I believe that it would be better if the SHOULD is changed to a MUST.

BV> I believe I have correct these items in the latest version of the draft (08).

There doesn't appear to be any specification of how an OPTION_IA_LL should be handled if there are no IA_LL-options, or it contains an IA_LL-option that is not understood by the server.  The text does also not specify if IA_LL-options can contain multiple options, and if so how those are encoded (presumably as an array/list of option values), perhaps this is already covered by the DHCPv6 spec?  Similar comments also apply to the LLaddr-options field.

BV> RFC8415, I believe, also doesn't mention how IA_NA-options is to be handled if there are none. Technically there is no requirement to provide an LLADDR option (an empty IA_LL-option field is usually interpreted as a request for assignment of an (link-layer) address). For example, for RFC8415, an empty IA_NA-options or IA_PD-options means to assign addresses (usually 1 but it depends on the server's configuration - as there could be multiple prefixes active on the link to which the client is connected) or delegated prefixes (again, usually 1 but it depends on the server's configuration). If you feel it would add clarity, I can add text to clarify this. Perhaps adding the following paragraph in section 10.1:


   The IA_LL-options field typically contains one or more LLADDR

   options (see Section 10.2). If a client does not include a

   LLADDR option in a Solicit or Request message, the server MUST

   treat this as a request for a single address and that the

   client has no hint as to the address it would like.

9. Releasing Addresses

Once a block of addresses have been released, can they immediately be allocated to a different client?  Or should they avoid being reused straight away if possible?  Perhaps this consideration is already covered by DHCPv6, but it probably makes sense to say something about this, either in section 9, and/or maybe in the security considerations.

BV> This section refers the reader to Section 18.2.7 of [RFC8415]. That text states " The client MUST stop using all of the leases being released before the client begins the Release message exchange process". But this does create an interesting issue in case of the link-layer address as it is not clear how the client can transmit the message if the link-local address it is using is based on the to be released link-layer address. For the hypervisor case, this is not an issue because it is presumed that the hypervisor itself has its own link-layer address. It is an issue for a client. Perhaps we need to clarify this a bit with something like the following.

Note: If the client is releasing the link-layer address it is
using, it MUST stop using this address before sending the
Release message (as per [RFC8415]). In order to send the
Release message, the client MUST use another address (such as
what it used to initiate DHCPv6 to obtain the address).

BV> Regarding your point about reuse, I think this answers that - as the client MUST have stopped using the address, it is perfectly OK for the server to immediately reuse that address. I will however note that at least for DHCPv4 and DHCPv6 (v6 address/prefix delegation), server's often support a configuration parameter to delay reuse of an address (either if release or it has expired - for the expired case, this is more usual as clocks may not be synchronized).


  *   Bernie

v2.23.0 | Report a Bug | By Email