IETF Logo Mail Archive

[dhcwg] recommendation on DHCP6 source port numbers

Tomoyuki Sahara <tsahara@iij.ad.jp> Mon, 26 February 2024 06:00 UTC

Return-Path: <tsahara@iij.ad.jp>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B78E3C14F5F2 for <dhcwg@ietfa.amsl.com>; Sun, 25 Feb 2024 22:00:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iij.ad.jp
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fCz05TfHWX22 for <dhcwg@ietfa.amsl.com>; Sun, 25 Feb 2024 22:00:23 -0800 (PST)
Received: from omgo.iij.ad.jp (mo1121.iij.ad.jp [202.232.173.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 857F4C14F5EC for <dhcwg@ietf.org>; Sun, 25 Feb 2024 22:00:23 -0800 (PST)
DKIM-Signature: v=1;a=rsa-sha256;c=relaxed/simple;d=iij.ad.jp;h=Date: Message-Id:To:Subject:From:Mime-Version:Content-Type: Content-Transfer-Encoding;i=tsahara@iij.ad.jp;s=omgo2;t=1708927221;x= 1710136821; bh=wA01QJNP4s0PPy+yp3Fko7bBO6ouELLFLsVl9PXL3rg=; b=My65w1i9s9zRwN/I rJun2Z+XA5AUQ88/LGR0BJT1g9OO0wrhLxGqlpXz0vAZNCZuozn9atY3Qaa+F6WAHoJaBZAXZNAMq l4p7hZ1KjQHuOOMw8hRyUog4Wv97fzZ5Fn0ujh8C2Z+PMjPoFM5Fig+7p9KNrElfVbia8XP5NzbkC bjcxSjWy59I/TVHeFDLITWB2KYHgUVtZod2Pmw1Xcf8F7XIEhgF8Pv12zixTdMbr+9h6udTGArNVY bcxmUkSdjcRiD5z6zrb1HOUNqEevONi0swkP+YNhBDajFfHkRHjYZ8HTvYHuBGgHhH84ixglfIG0Q Rgv5KykbOZvS1Y31Ew==;
Received: by omgo.iij.ad.jp (of-mo1121) id 41Q60Lqq3204044; Mon, 26 Feb 2024 15:00:21 +0900
X-ENVID: IIJ
X-Iguazu-Qid: C8OKDsljnacLP5kDia
X-Iguazu-QSIG: v=2; s=0; t=1708927221; q=C8Oj52lBmRVMiL2F04; m=HVYN/R6R2vb9l0VdOR8mrY4NFacjuYoLTD0pjAVgJmU=
Date: Mon, 26 Feb 2024 15:00:17 +0900
Message-Id: <20240226.150017.738223219320498350.tsahara@iij.ad.jp>
To: dhcwg@ietf.org
From: Tomoyuki Sahara <tsahara@iij.ad.jp>
X-Mailer: Mew version 6.9 on Emacs 28.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/YQhd2Mocy3M0bseLG7cR4isZfpw>
Subject: [dhcwg] recommendation on DHCP6 source port numbers
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2024 06:00:28 -0000

Hi, DHC wg members:

Can we make recommendations on source port numbers of DHCP6 messages
in rfc8415bis?

DHCP6 specification says that DHCP6 clients and servers listen on UDP
port 546 and 547 respectively, in RFC8415 section 7.2.  It implies
that DHCP6 clients MUST send messages to UDP port 547 (server port) and
servers MUST send messages to UDP port 546 (client port) to work with
their counterpart correctly (though restrictions can be relaxed with
RFC8357 for relays).
  
But it says nothing about source port numbers.  Without any
restrictions, some implementations use ephemeral source port
(e.g. 12345) to send their messages.  DHCP6 conversations look like:

  1. client send Solicit    fe80::2#49876    -> ff02::1:2#547
  2. server send Advertise  fe80::1#547      -> fe80::2#546 (!)
  3. client send Request    fe80::2#49877(?) -> ff02::1:2#547
  4. server send Confirm    fe80::1#547      -> fe80::2#546

This behavior is not prohibited by the specification but makes
confusions for DHCP6 implementer and network/firewall operators (*1).
Most Internet protocols nowadays assume that servers send response
messages from the port number they received on.
(*1 e.g. https://bugzilla.redhat.com/show_bug.cgi?id=952126 )

In my humble opinion, it is too late to require that DHCP6 client and
server MUST send messages from the fixed port number (546/547) because
there are too many DHCP6 implementations in the wild.  But making a
recommendation is helpful for new implementations/deployments of DHCP6.

An idea to make such recommendation is adding a text in rfc8415bis:

  OLD:
    7.2. UDP Ports
      Clients listen for DHCP messages on UDP port 546.  Servers and
      relay agents listen for DHCP messages on UDP port 547.

  NEW:
    7.2. UDP Ports
      Clients listen for DHCP messages on UDP port 546.  Servers and
      relay agents listen for DHCP messages on UDP port 547.

      Clients are RECOMMENDED to send DHCP messages from UDP port 546.
      Servers and relay agents are RECOMMENDED to send DHCP messages
      from UDP port 547 (unless relay agent includes Relay Source Port
      Option for DHCP6 [RFC8357]).

I know WGLC has been concluded but I believe the recommendations above
encourage new implementations to use the standard DHCP6 port numbers
on UDP source port.


Best regards,
Tomoyuki Sahara

v2.29.0 | Report a Bug | By Email | System Status