RE: [dhcwg] Leasequery: should it be standardized?
"Kevin A. Noll" <kevin.noll@perfectorder.com> Wed, 26 February 2003 21:15 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25959 for <dhcwg-archive@odin.ietf.org>; Wed, 26 Feb 2003 16:15:13 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h1QLOr711801 for dhcwg-archive@odin.ietf.org; Wed, 26 Feb 2003 16:24:53 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1QLOrp11798 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 26 Feb 2003 16:24:53 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25933 for <dhcwg-web-archive@ietf.org>; Wed, 26 Feb 2003 16:14:41 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1QKMwp07179; Wed, 26 Feb 2003 15:22:58 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1QKL9p07125 for <dhcwg@optimus.ietf.org>; Wed, 26 Feb 2003 15:21:09 -0500
Received: from grizzly (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA22398 for <dhcwg@ietf.org>; Wed, 26 Feb 2003 15:10:58 -0500 (EST)
Received: from endeavor.poss.com ([198.70.184.137]) by grizzly; Wed, 26 Feb 2003 15:08:48 -0500 (EST)
Received: from knoll (user56.net384.nc.sprint-hsd.net [65.40.69.56]) by endeavor.poss.com (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002)) with ESMTPA id <0HAX00KP3MWNMR@endeavor.poss.com> for dhcwg@ietf.org; Wed, 26 Feb 2003 15:14:50 -0500 (EST)
Date: Wed, 26 Feb 2003 15:17:20 -0500
From: "Kevin A. Noll" <kevin.noll@perfectorder.com>
Subject: RE: [dhcwg] Leasequery: should it be standardized?
In-reply-to: <4.3.2.7.2.20030226120723.025d5628@goblet.cisco.com>
To: Kim Kinnear <kkinnear@cisco.com>, dhcwg@ietf.org
Cc: Ralph Droms <rdroms@cisco.com>, Thomas Narten <narten@us.ibm.com>
Message-id: <PPEKLDPHBHOIHMHKFGLLMELOCHAA.kevin.noll@perfectorder.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Kim, At the risk of sounding foolish since I'm not an active participant in the WG... I think there is a need to standardize leasequery. It seems to me that the problem statement is the real issue. LeaseQuery should not be positioned in any way as an access control mechanism or *necessarily* involved in such, especially since there are other uses for this information. Leasequery is just what the name implies - a *standard* method for external entities (whether they be routers or some other system) to query the DHCP server for lease information. As it is today, there is no *standard* backend DHCP database that can be queried. Some use text files, some use LDAP, some use proprietary databases, etc. Therefore, the ability to query a DHCP server for lease information does not exist except through proprietary methods. This limits interoperability of the various vendors systems. For example, there is no way for vendor X to query vendor Y's DHCP server unless they cooperate outside the standards bodies. This functionality is not limited to routers (or other devices) using the information for access control. There are cases (not necessarily well documented) where systems external to the DHCP server need to find out about a lease for network management or troubleshooting reasons. One example is a helpdesk staffer trying to find out whether a device is up or down, but only knows the MAC address of the device. How does he/she find out the IP? Okay, DNS could be consulted, but it isn't authoritative for information regarding MAC-to-IP mapping, only NAME-to-IP mapping. There have been various schemes to store this information in DNS (e.g. the NAME is easily derived given the MAC, etc), but there are all kinds of issues that arise with this solution (what if we don't *want* that information in DNS, etc.) The stable storage statements in the current problem statement aren't necessarily relevant, either. My suggestion is that the problem statement be centered around making the DHCP server the *authority* for lease information. An alternative would be to write a new draft (maybe not within this WG) that would define a way to make some existing network database (probably DNS) authoritative for this information. I think we could come up with a better problem statement that would get your leasequery draft further down the road. Anyway, that's my 2 cents worth. --kan-- -- Kevin A. Noll, KD4WOZ Kevin.Noll@perfectorder.com CCIE,CCDP Perfect Order, Inc. 717-796-1936 -----Original Message----- From: dhcwg-admin@ietf.org [mailto:dhcwg-admin@ietf.org]On Behalf Of Kim Kinnear Sent: Wednesday, 26 February, 2003 12:37 PM To: dhcwg@ietf.org Cc: Ralph Droms; Thomas Narten; Kim Kinnear Subject: [dhcwg] Leasequery: should it be standardized? Folks, We have come to something of a impasse on the leasequery draft, and I need *your* support if you believe we should continue to pursue this draft. =============================================================== Without considerable support from the DHC WG, we will halt work on the leasequery draft and all attempts to bring this work to standard status. =============================================================== If you believe that there is any value in standardizing the leasequery capability, please at least respond to this list ASAP with your positive support. If you have the time and expertise, please read the rest of this email and see if you can offer cogent arguments as to why this is work that the DHC working group should be pursuing. If we don't standardize the leasequery capability, each vendor of access concentrators and DHCP products that wish to use this approach will then need to work together (possibly in some other forum) to try to get their products to be compatible. Of course, it may well be that we are the only folks who see this as a useful capability, and so that may not be an issue at all. Thanks -- Kim ----------------------- Summary ----------------------- In case you haven't been following the email between Thomas Narten and myself, he has been questioning the problem statement of the leasequery draft. Ralph proposed a new problem statement, but Thomas feels that this whole capability is questionable. You are invited to respond to Thomas' arguments, which I have distilled as follows: 1. Doing anything in the DHC WG like supporting "access control in router type devices" is out of scope for the working group, and doesn't fit its current charter. 2. Access control in router type devices is not well enough understood to be sure that: a) leasequery is the right solution. b) any DHC-based approach is the "right" approach to solve this problem. 3. Until we are sure of 2(a), then we should not proceed with this work (I believe that this statement is implicit in Thomas' comments.) ----------------------- Background --------------------------- Here is Ralph's proposed problem statement: Router-type devices which want to enforce some level of access control over which IP addresses are allowed on their links need to maintain information concerning IP<-MAC/client-id mappings. One way in which these devices can obtain information about IP<-MAC/client-id bindings is through "DHCP gleaning", in which the device extracts useful information from DHCP messages exchanged between hosts and DHCP servers. However, these devices don't typically have stable storage sufficient to keep this information over reloads. There may be additional information that is useful to the device that cannot be obtained through DHCP gleaning. The leasequery request message described in this document allows a device to obtain information about IP<-MAC/client-id bindings from a DHCP server. This information may include currently active bindings, bindings involving previously assigned addresses for which the lease on the address has expired and static bindings for devices that are otherwise configured and not using DHCP for address assignment. Thomas' concerns center on the second paragraph above, and he says: Note, that above is pretty vague and doesn't say what information the access device needs. It's hard to look at the problem statement and say "yes, I understand the boundaries of the problem" and then "and the solution seems like a good match for the problem". Popping up a level, how is it even appropriate for the DHC WG to be doing work on "access control in router type devices"? One can argue that work of this broad a scope is well out-of-scope for this WG (e.g., look at the recently approved charter). I'm far from clear that work of this scope should be done in DHC or that the problem is well enough understood to conclude that DHC lease query is the right solution or that any DHC-based solution is the right one. What about routers wanting to do access control that don't use DHC, for instance? And note, I'm not raising these issue just to be a PITA. These are questions that I expect that the IESG would ask if I brought the document forward. Thus, I need to have reasonable responses to those questions. Otherwise, I can predict the likely outcome. My response to Thomas was: This approach to access control was developed by joint work with the folks building our access concentrators and several of us in the DHCP implementation group. They found that the functionality delivered to actual users was of sufficient value to those users to be worth the cost of engineering this particular solution. We supported them in moving the implementation forward. The solution was not based on the charter of the DHC working group either then or now -- it was based on a rather pragmatic approach to meeting the needs of users, which it has seemed to do. In my view at least, it fits within spirit of the DHC WG activities, and was a logical extension of the those activities. It isn't a comprehensive approach to any sort of security (nor was it designed to be such) -- it is a supporting piece of technology to one limited form of access control. Thanks for your interest in the leasequery capability. Kim _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Thomas Narten
- RE: [dhcwg] lease query question Cosmo, Patrick
- Re: [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Ralph Droms
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- [dhcwg] Leasequery: should it be standardized? Kim Kinnear
- Re: [dhcwg] Leasequery: should it be standardized? Ted Lemon
- Re: [dhcwg] Leasequery: should it be standardized? Thomas Narten
- Re: [dhcwg] Leasequery: should it be standardized? Kim Kinnear
- RE: [dhcwg] Leasequery: should it be standardized? Kevin A. Noll
- RE: [dhcwg] Leasequery: should it be standardized? Kevin A. Noll
- RE: [dhcwg] Leasequery: should it be standardized? Barr Hibbs
- Re: [dhcwg] Leasequery: should it be standardized? Richard Johnson