IETF Logo Mail Archive

Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation - src LL vs GUA

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 20 October 2017 20:46 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7411132D79 for <dhcwg@ietfa.amsl.com>; Fri, 20 Oct 2017 13:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZTFwpK4memR for <dhcwg@ietfa.amsl.com>; Fri, 20 Oct 2017 13:46:44 -0700 (PDT)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DE9D13305F for <dhcwg@ietf.org>; Fri, 20 Oct 2017 13:46:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v9KKkiw4057869; Fri, 20 Oct 2017 13:46:44 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v9KKkXsk057422 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 20 Oct 2017 13:46:33 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-11.nw.nos.boeing.com (2002:8988:efdc::8988:efdc) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 20 Oct 2017 13:46:32 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1320.000; Fri, 20 Oct 2017 13:46:32 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Bernie Volz (volz)" <volz@cisco.com>, Alexandre Petrescu <alexandre.petrescu@gmail.com>
CC: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation - src LL vs GUA
Thread-Index: AQHTSLnBoUSoiuDof0qTYY4Ba4GewaLrlquAgAGggeA=
Date: Fri, 20 Oct 2017 20:46:32 +0000
Message-ID: <9bad26dc5b2d42ee9cca47adb32eedc0@XCH15-06-08.nw.nos.boeing.com>
References: <149869621720.6575.278128190348174876@ietfa.amsl.com> <08e4e953-3a68-d6cb-6066-f60514ef0ac5@gmail.com> <3285281858d043649d507b6bda7b8646@XCH-ALN-003.cisco.com> <1f94b780-59c1-42ce-936d-0c8a71143444@gmail.com> <37917a26062f4e4c9715d324604e4d01@XCH-ALN-003.cisco.com> <d944ac55-d67d-d7d4-8eeb-f60438fdda2d@gmail.com> <35558A79-C176-4D71-9E91-4BDB19DDD006@cisco.com> <67ba54d2-d53f-82bf-93c9-1b92631ef4e8@gmail.com> <86409a9acb7846ddbdff42c58328e7d6@XCH-ALN-003.cisco.com> <eccd5dd2-3542-fdbc-89a2-7d13d563163d@gmail.com> <2fbc8325961c49a1944e3ee216fcb032@XCH-ALN-003.cisco.com> <a3f9cd45-403a-c6f6-6e9a-98a9b651a339@gmail.com> <4c25045f863a4e368f58a5a4a3917bde@XCH-ALN-003.cisco.com> <37918108-c5ed-a82d-2d97-227388ec25d0@gmail.com> <1A785964-1088-4081-B7DC-58E3CD9B0605@cisco.com>
In-Reply-To: <1A785964-1088-4081-B7DC-58E3CD9B0605@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/X8FP6T4-2DXiEtCqweYqa2fiLEk>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation - src LL vs GUA
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 20:46:47 -0000

Sorry I am late to this discussion, but AERO uses link-local source address for
all DHCPv6 PD messaging. It works in the public domain implementations I
have been working with.

Thanks - Fred

> -----Original Message-----
> From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Bernie Volz (volz)
> Sent: Thursday, October 19, 2017 5:54 AM
> To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
> Cc: dhcwg@ietf.org
> Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation - src LL vs GUA
> 
> I wasn’t restricting my discussion of source address to just the Solicit case. In the Solicit case, the Server-Unicast option cannot have
> been received by the client so obviously that situation does not apply – hence, multicast destination must be used.
> 
> - Bernie
> 
> On 10/19/17, 5:07 AM, "Alexandre Petrescu" <alexandre.petrescu@gmail.com> wrote:
> 
>     Le 18/10/2017 à 22:35, Bernie Volz (volz) a écrit :
>     > The server vendor is in error here ... as far as I know, clients use
>     > the link-local address.
> 
>     Noted.  I will continue using the LL address in src of DHCPv6 Solicit.
> 
>     > The issue for the server vendor may be then how does the server tell
>     > where the client is ... and, in that case, you do what was done for
>     > DHCPv4 before -- you use the (non link-local) address of the
>     > interface on which the request was received (since that it the
>     > network on which the client is located). That's exactly what section
>     > 13.1 states:
>     >
>     >>> *  If the server receives the message directly from the client
>     >>> and the source address in the IP datagram in which the message
>     >>> was received is a link-local address, then the client is on the
>     >>> same link to which the interface over which the message was
>     >>> received is attached.
>     >
>     > Note that the DHCP Client test equipment vendor also appears not to
>     > be following standard transmission rules (i.e., to use a link-local
>     > address). But, you haven't indicated (I don't think) what the
>     > destination address for these DHCPv6 requests are - perhaps they
>     > were configured to be a GUA (and then it makes sense for the clients
>     > to use a GUA).
> 
>     The dst address is the link-scoped multicast address.
> 
>     The capture of address header of a successful DHCPv6 Solicit and DHCPv6
>     Advertise executed on a simulator client and simulator server is the
>     following:
> 
>     GUA_prefix::2:0:0:4e:2201.546 > ff02::1:2.547:  [udp sum ok]
>     [...]
>     fe80::IID.547 > GUA_prefix::2:0:0:4e:2201.546:  [udp sum ok]
> 
>     > To summarize: - If destination of client is link-local [multicast]
>     > address, source SHOULD be link-local.
> 
>     Agreed.
> 
>     > (This probably could be a MUST but there might be some odd instances
>     >  where this is not appropriate - such as point-to-point links.
> 
>     These odd instances should be described.
> 
>     > Note also that I don't think there's a restriction that a source
>     > address may have wider scope than a destination address.)
> 
>     I think there may be an RFC about matching scopes of addresses in a same
>     packet.
> 
>     > - If destination of client is GLA, source MUST be GLA (otherwise,
>     > replies cannot be returned to the client).
> 
>     But the dst of a Solicit MUST NOT be a GLA (what I call GUA:
>     Globally-Unique Address).
> 
>     [...]
> 
>     > Again, the NORMAL case for this particular Server, is to show
>     > GUA-in-src, not LL-in-src.  It is a simulator from a large equipment
>     > manufacturer.  That simulator is pretended to work accordingly to the
>     > real network.
>     >
>     > BV> This seems wrong on the simulator's part. But again, please
>     > specify what the destination address is.
> 
>     It is ff02::1:2.547.
> 
>     [...]
> 
>     >> I could see that if a client used a GLA and the server was the
>     >> first hop (no relay),
> 
>     YEs, the Server and Client are normally 'on the same link'.  There is no
>     Relay.
> 
>     However, that link is not the typical Ethernet link.  It is a cellular link.
> 
>     This link has the following nodes: User Equipment, eNodeB, SGW and PGW.
> 
>     The protocol on User Equipment is native IPv6.  But this is encapsulated
>     by SGW and PGW in another protocol called GTP.  The GTP protocol is an
>     IPv4 protocol.  Further, it is an UDP protocol too.
> 
>     >> it could drop it if the GLA address as it could mean it has no
>     >> configuration for that "location". Remember the text from 13.1:
>     >>
>     >>> *  If the server receives the message directly from the client
>     >>> and the source address in the IP datagram in which the message
>     >>> was received is not a link-local address, then the client is on
>     >>> the link identified by the source address in the IP datagram
> 
>     Er, a link is identified by the src address?  I think this is wrong.  A
>     link could be identified by a prefix.
> 
>     >>> (note that this situation can occur only if the server has
>     >>> enabled the use of unicast message delivery by the client and
>     >>> the client has sent a message for which unicast delivery is
>     >>> allowed).
> 
>     Er, I think it is forbidden to use unicast addresses in dst of DHCPv6
>     Solicit.  You seem to say this is configurable.  But the PGW cant do it.
> 
>     >> Also, some servers could respond with Use Multicast unless
>     >> server-unicast option has been configured.
> 
>     So there is a server-unicast option?  Does this option mean that the
>     Solicit could be sent to the unicast address to the server, instead of
>     multicast?
> 
>     This could solve many problems related to multicast.
> 
>     >> It may be that they use the source address to determine this
>     >> (rather than the destination address, which as you say really
>     >> should be used when server receives packet directly)?
>     >>
>     >>
>     >> I'm confused as I think you are saying in:
>     >>
>     >>> I explain why: about 4 distinct clients use LL in src.  If I want
>     >>> these clients to use GUA then I must delete the LL from the
>     >>> interface.
>     >>
>     >> That you actually want the global unicast address to be used by the
>     >> client, not the link-local?
>     >
>     > I want to not modify the Clients.  The 4 Clients all use LL-in-src.
>     > But the Server examples use GUA-in-src.  A Server example is a
>     > packet trace executed on a simulator that pretends to be like in
>     > reality. That simulator uses GUA-in-src.  So, I am told, if I want to
>     > be interoperable to that Server, I must do what that simulator does:
>     > put GUA-in-src.  So I delete the LL from the interface on the
>     > Client.
>     >
>     > Do you think it is normal to delete the LL from the interface?
>     >
>     > BV> That seems rather bizarre to me ... not sure how other IPv6
>     > services (ND, DAD, etc.) might be impacted? BV> My recommendation is
>     > to get the server vendor to fix it
> 
>     I agree.
> 
>     > as this is rather broken and others will have problem as well. If
>     > the server vendor wants to sell their server, they will need to
>     > correct it.
> 
>     The server is already sold.  I think if they want to sell more of them
>     then they must be compatible with existing clients.
> 
>     It is not by using client and server from same manufacturer that
>     interoperability is guaranteed.
> 
>     >> For what it is worth, the server I work on doesn't care what the
>     >> client's source address is. We monitor the destination address
>     >> (when packet is received).
>     >
>     > "Does not care" - ok.
>     >
>     > But does it accept a Solicit with LL-in-src?
>     >
>     > BV> Yes. That is what 100% of the clients I've ever seen send so our
>     > server would not be servicing millions of IPv6 clients if it dropped
>     > those packets. (And, yes, it is millions based on just one single
>     > customer deployment -- and we have many more customers that are
>     > using IPv6.)
> 
>     I agree, I see the same.
> 
>     Alex
>     [...]
> 
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email