IETF Logo Mail Archive

Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt

Timothy Winters <tim@qacafe.com> Wed, 08 April 2020 15:51 UTC

Return-Path: <tim@qacafe.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 709DA3A0F54 for <dhcwg@ietfa.amsl.com>; Wed, 8 Apr 2020 08:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qacafe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SWyCIJln6ItD for <dhcwg@ietfa.amsl.com>; Wed, 8 Apr 2020 08:51:35 -0700 (PDT)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A6C3A0F1E for <dhcwg@ietf.org>; Wed, 8 Apr 2020 08:51:33 -0700 (PDT)
Received: by mail-wr1-x435.google.com with SMTP id c15so8350016wro.11 for <dhcwg@ietf.org>; Wed, 08 Apr 2020 08:51:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qacafe.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5RL3O2LlZ3zIQptVQglxFYONCCcyiwuj1GFjnRCtmVM=; b=M44283n+26RSZSeGc6IBhSiGCZ5bghg5UaJJnKocLFvO2W+Xr/B0WgC+SAr4+KPlWr f4kmLLBlnxcReQEXkqoGXyx5oU4SPogLA1SZBaLM2FtePaH82xjcMHEZpj4RZMaLS5PP cdddsdkP/+IvYsbE8T8C/JnySAyU+BCoSTG/Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5RL3O2LlZ3zIQptVQglxFYONCCcyiwuj1GFjnRCtmVM=; b=JizAUKFOG2Qsa7sLqSNnoMI+hnkP5vjI8sx01660StiuiTuNK44DSGFKsoquH52X9m m+7hX+QBCkMvnCZHN9YB8pycol8GpY1v74ubghgBqKdAOBPvBiMDPJidDs8PHjTVneHS SaNl8IyHq4v+VtJyFo1BKfxLzb+GOUiMqNRt4ubpm80e0X3z/oQpR4pkowzyVqpZi1zi sAxTjSwZ8xyzHSMOkF6qZGZRHL3+a+vdM5BU6FY5ReuryKcM89KC+wT+R2Ob0DmsPYk2 LxFPPdZoL71SF3xeAp24Qzi+zo4zuQWmHskTUrXvMDLP6iWdlQbNbjhFcTybcBt8cqnm ZYnw==
X-Gm-Message-State: AGi0PuaBISnKVIVLyUJ4/MK3IXbBTBPrpRTuUsbu89Xwz+onSIC3HKdT hdhPzghRNTJrIQ99GvixK2JCe3c5K2MLEIUiTT8gYWAzfKY=
X-Google-Smtp-Source: APiQypK5yNu+LusZigtHYRD4W71rW7IXoqXL05HTUwM4ToZjyIqnLHI6zLk7QNvn+pO6ok1OYmRdDo2fWInDG/ii4tQ=
X-Received: by 2002:adf:ed52:: with SMTP id u18mr4634260wro.377.1586361091631; Wed, 08 Apr 2020 08:51:31 -0700 (PDT)
MIME-Version: 1.0
References: <158346050095.14620.2547383825421375669@ietfa.amsl.com> <CANFmOt=21NNyYom9KtVQ7x5mTE6rR2GAAg8DwAdaptuOWAJLrQ@mail.gmail.com> <BN7PR11MB2547E17639F673343B5210BBCFFC0@BN7PR11MB2547.namprd11.prod.outlook.com> <CANFmOtnWHJzNtw8-aj+Dqgbqh0aeDMVtXcnib0RC4Bpi+OW0eg@mail.gmail.com> <43727BCE-732F-4629-8BCD-EBCDE2507B82@cisco.com> <BN7PR11MB2547273DA5E1D5F39F26629ACFF00@BN7PR11MB2547.namprd11.prod.outlook.com> <BN7PR11MB254754D841622448F49B021ACFCE0@BN7PR11MB2547.namprd11.prod.outlook.com> <98E34F29-CAB3-4FC3-9B53-AB17AF811683@gmx.com> <75369E25-F0D9-47A5-A94C-EF40736656FC@cisco.com> <D847C596-F3D0-4165-BA5B-32E0D4E7BA35@gmx.com> <BN7PR11MB254768A96E2FCD8A56C92138CFC90@BN7PR11MB2547.namprd11.prod.outlook.com> <CAJgLMKs+v-NF4n7Jg+2LxA965e=FtYt-i9OA7XuWMFkum9VC+w@mail.gmail.com> <BN7PR11MB254798D6651138C6A1614072CFC00@BN7PR11MB2547.namprd11.prod.outlook.com> <DD7C9190-F204-42BE-A210-BEFD3B6AE534@employees.org> <CAJgLMKvv2ao2zLzVFyOoD8suhS_4FJ-jN5fZNCSYt69cNq=ijg@mail.gmail.com> <CAJgLMKvB7eNLArPhsL-XkFjR3qVLBEQKQRu9fCFaM6siSWn13w@mail.gmail.com> <C986677E-8F48-4284-94DD-24F9B2E0CCDB@gmx.com>
In-Reply-To: <C986677E-8F48-4284-94DD-24F9B2E0CCDB@gmx.com>
From: Timothy Winters <tim@qacafe.com>
Date: Wed, 08 Apr 2020 11:51:19 -0400
Message-ID: <CAJgLMKvwmt02FRNyUOhsRoxYVrEx+-A2f-EvsVsUvpiZPb3O9w@mail.gmail.com>
To: ianfarrer@gmx.com
Cc: Ole Troan <otroan@employees.org>, "Bernie Volz (volz)" <volz=40cisco.com@dmarc.ietf.org>, "draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org" <draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005a3f9a05a2c97907"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/YFzxT7ZycQ-SGR4z9yIhMUk2NlM>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2020 15:51:42 -0000

Hi Ian,

  We've seen it on our setups when we reboot a device and forget about
connection to a LAN clicent.   Oddly we aren't trying to test the
forwarding loop so I would say it happens.

I think that text resolves my issue perfectly.

~Tim

On Wed, Apr 8, 2020 at 11:33 AM <ianfarrer@gmx.com> wrote:

> Hi Tim,
>
> Have you seen this in the wild?
>
> What about the following:
>
>    R-4:    If the relay has an existing route for a delegated prefix via
> an interface, and receives ingress traffic on this interface with a
> destination address from the delegated prefix (not configured on the
> relay), then it MUST be dropped.
>
> Thanks,
> Ian
>
>
> On 8. Apr 2020, at 16:38, Timothy Winters <tim@qacafe.com> wrote:
>
> Hi Ole,
>
> I think the issue in all of these cases is the CPE doesn't know it had the
> prefix previously.  So 3633 won't cover this case, as to the CPE it just
> seems like IPv6 packets.  It routes them out it's default route, which
> happens to be the same interface it got them.
>
> ~Tim
>
> On Wed, Apr 8, 2020 at 10:29 AM Timothy Winters <tim@qacafe.com> wrote:
>
>> Hi Ole,
>>
>> We have a rule for this when it's delegated to the CPE, WPD-5 to
>> blackhole PDs not assigned.  In this case the CPE had no idea it had it.
>>  G-3 disallows LAN to WAN forwarding before getting an address.  I think
>> this case is WAN to WAN forwarding.   It's not in 7084 to my knowledge, as
>> for 3633 I'm not so sure about.  Let me have a look.
>>
>> ~Tim
>>
>> On Wed, Apr 8, 2020 at 10:12 AM <otroan@employees.org> wrote:
>>
>>> > Sounds like a useful issue to try to address – the DHC connection is
>>> because of the DHCP issues.
>>> >
>>> > And, I assume looping occurs because packets cycle between SP router
>>> and CPE until TTL/HOP expires?
>>> >
>>> > Do you have a suggestion as to what the CPE should do in this case?
>>> For example, are you suggesting that the CPE drop received traffic (except
>>> for DHCP and perhaps some other limited traffic addressed to it)?
>>>
>>> A CPE should never provide transit.
>>> I.e it should never forward a packet received on it's WAN interface back
>>> out the WAN interface.
>>>
>>> A more specific rule for that is in 7084 and possibly in 3633, requiring
>>> a blockhole route on the requesting router for the delegated prefix.
>>>
>>> Ole
>>>
>>>
>

v2.23.0 | Report a Bug | By Email