Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00

"Bernie Volz (volz)" <volz@cisco.com> Fri, 14 September 2012 13:54 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E576921F8523 for <dhcwg@ietfa.amsl.com>; Fri, 14 Sep 2012 06:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HIq85ku0sAn for <dhcwg@ietfa.amsl.com>; Fri, 14 Sep 2012 06:54:10 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 9A14B21F851E for <dhcwg@ietf.org>; Fri, 14 Sep 2012 06:54:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8973; q=dns/txt; s=iport; t=1347630850; x=1348840450; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MDB5f2+kqinH7LOMnjlzUsr2BQO9mkFL5zTgDycN9PQ=; b=Mf35f2Mk77/rLWD09UNYtp7HVuaG9NRu9q5JHha3I+DIT55UZ8FAebDB QL7kN9W0dlPe8HgQyVnLi94r+PGJWuGviRrQMqQUDllRhTmxZ2692jLIc HIxNmHxsNOd5k/D4v8rSfrVz0TOE+zRm6g3chrTyDnwweZXV62y11QlSU k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EADM2U1CtJXG+/2dsb2JhbABABbt9gQeCIAEBAQMBEgFUCwcFBwQCAQgRBAEBAScHMhQJCAIEDgUUBweHZQabJKAWixUohWBgA4ghjUCOOIFpgmaBYw
X-IronPort-AV: E=Sophos;i="4.80,423,1344211200"; d="scan'208";a="121661594"
Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rcdn-iport-3.cisco.com with ESMTP; 14 Sep 2012 13:53:58 +0000
Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id q8EDrviM015467 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 14 Sep 2012 13:53:57 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.159]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.02.0298.004; Fri, 14 Sep 2012 08:53:57 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Wes Beebee (wbeebee)" <wbeebee@cisco.com>
Thread-Topic: WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00
Thread-Index: AQHNdqZP3dOUnDeDJkKs3MsN2OTAhpd/JdswgAB/xoD//5GrgIAJVTGAgAGG+qw=
Date: Fri, 14 Sep 2012 13:53:56 +0000
Message-ID: <E4C4BB51-6070-4CAD-9232-CD7B9CBBB3A1@cisco.com>
References: <489D13FBFA9B3E41812EA89F188F018E0F4F857F@xmb-rcd-x04.cisco.com>, <CC7757AD.EA05%wbeebee@cisco.com>
In-Reply-To: <CC7757AD.EA05%wbeebee@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19182.004
x-tm-as-result: No--53.193500-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: dhc WG <dhcwg@ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>, "Ole Troan (otroan)" <otroan@cisco.com>
Subject: Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 13:54:12 -0000

Again, one reason is that Advertise response to a Solicit is not necessarily the "final" information the client is allowed to use - Reply is used to communicate that (after Request or Information-Request). And the Request, Renew, Rebind are all about communicating bindings - for example if Solicit/Advertise is same as Information-Request/Reply, if client wants to refresh options, does it use Renew/Reply or Information-Request/Reply.

With the proposed changes we are actually a bit closer to supporting this because if the client wants addresses or bindings but only got other config options earlier, it would perhaps be acceptable to let it Request or Renew or Rebind with the bindings to attempt to get those bindings. But we did not take this step as it would require a few more tweaks. (Rebind may be the best choice here as that allows other servers to respond.) But this needs to be more carefully thought through and I am not sure it is worth it to do this. And in any case, perhaps done as a separate work.

---

Agreed that more review / comments especially from client implementers as to whether the changes proposed in the draft are appropriate. As the CableLabs (DOCSIS) community were pushing for this, we really need more of them to respond. If they don't, perhaps it means there is no issue and this work isn't needed as current client implementations have already figured out how to deal with the situation in an acceptable mannor.

- Bernie

On Sep 13, 2012, at 9:34 AM, "Wes Beebee (wbeebee)" <wbeebee@cisco.com> wrote:

> My comments fall under the category of "optimization".
> 
> Certainly the client can drop the original transaction and issue another
> Information-Request set of messages for the rest of the information
> already contained in the original transaction.  Just out of curiosity, why
> is this behavior mandated?
> 
> While I think this work is very important, I would like to see more
> comments from others on the significant changes to the protocol that are
> contained in the document.
> 
> - Wes
> 
> On 9/7/12 12:18 PM, "Bernie Volz (volz)" <volz@cisco.com> wrote:
> 
>> I believe Wes' and Hemant's issues were:
>> 
>> Wes (message on Thu 8/16/2012):
>> 
>>  Why MUST the client ignore an Advertise message with no bindings?
>>  What if stateful and stateless options are carried in the same message?
>>  Does this mean the stateless options will be ignored just because the
>> stateful Options failed?
>> 
>> ---
>> 
>> Ole's answer was that basically this is how RFC 3315 operates today and
>> we didn't want to change this (we are fixing what happens if IA_NA and
>> IA_PD are requested in a Solicit and only one of these is available) --
>> which is different than the no bindings at all case. RFC 3315 basically
>> expects clients to use Information-Request in this case.
>> 
>> A while back, Ralph and I considered that this might be a good change -
>> especially given the case when M says to use stateful but the server is
>> not configured to give (the requesting client) any stateful bindings.
>> Server could effectively respond with the other configuration options.
>> But an Advertise is not the same as a Reply, so if the client was going
>> to do a Request/Reply, we'd have to change that processing to and so why
>> doesn¹t the client just do an Information-Request? (Sure, if Rapid Commit
>> is requested, server would just Reply and client would be done.)
>> 
>> If the WG feels that would be a useful change, we can certainly do this
>> change. But for this particular work, we didn't feel that change was
>> warranted. And, it might be best to do under a separate document? Or
>> something for a 3315bis?
>> 
>> 
>> Hemant (message on 8/17/2012) and Ole's response (using Ole's email on
>> 8/20/2012):
>> 
>>> +1 to Wes' comment that this document is addressing a very important
>>> problem space and the solutions are needed urgently.  However, more
>>> thought is required for the solutions.
>>> 
>>> In regards to section 4.4, if the server only checks the network
>>> configuration to reply to a Confirm message, how is it possible for most
>>> network configurations that the server determines an IA_PD is on-link?
>>> I suspect that is why RFC 3633 prohibited use of the Confirm for the
>>> IA_PD.  In any case this document should explain why did RFC 3633 have a
>>> restriction on using the Confirm for the IA_PD.  Or does network
>>> configuration include looking up the prefix pool configured on the
>>> server for allocation?  In contrast, to make an on-link determination
>>> for an IA_NA IA_Address, all the server has to do is match
>>> (longest-prefix match) all IPv6 addresses configured on the machine that
>>> the server is running on.  These addresses are clearly network
>>> configuration.  
>> 
>> right, either the server has the binding, or the server has configuration
>> that it can look up in, to verify if the client has moved or not. if it
>> has no information it MUST not reply.
>> 
>>> Section 4.1:  
>>> 
>>> # In relation to the first paragraph the document is addressing the
>>> fact that one server replies with, say, an IA_NA, while another server
>>> replies back with only the IA_PD.   Then why in section 4.7 the case of
>>> section 4.1 is deemed out of scope?   I also do not understand what does
>>> "equal" in section 4.7 mean.  Does it mean each server replies with all
>>> IAs that the deployment needs?
>> 
>> the assumption in 3315/3633 is that a client is connected to a single
>> administrative dhc domain on an interface.
>> scenarios where a client finds two DHCP servers, that are administered by
>> two different entities, are outside of the scope of 3315/3633 and
>> therefore also outside the scope of this update. there is as far as I
>> know separate work in progress on this.
>> 
>>> # In relation to the text in the last paragraph of section 4.1, if the
>>> client does not restart the Solicit retransmissions timers, what does
>>> the client do?
>> 
>> continues with the timers it has.
>> otherwise as the text says, a received advertise with a consequent
>> restart of solicit timers would result in a solicit storm.
>> 
>>> 
>>> # Other comment:  Shouldn't the header of the document have an Updates
>>> tag to signify this document updates RFC 3315?
>> 
>> good point. both 3315 and 3633.
>> 
>> ---
>> 
>> I guess the one change that I see is to assure we update the document
>> header. We can respin the document for this change.
>> 
>> Section 4.4 is just extending the Confirm to include prefixes - this
>> issue is already covered in RFC 3315 for Confirm processing:
>> 
>>                                                              If the
>> server is unable to perform
>>  this test (for example, the server does not have information about
>>  prefixes on the link to which the client is connected), or there were
>>  no addresses in any of the IAs sent by the client, the server MUST
>>  NOT send a reply to the client.
>> 
>> The section 4.1 / 4.7 issue is the single vs multiple provisioning
>> domains - we assume a single in this document.
>> 
>> 
>> If Wes or Hemant would like other changes to clarify any of their
>> concerns, we would appreciate text to be added/modified.
>> 
>> - Bernie
>> 
>> -----Original Message-----
>> From: Ted Lemon [mailto:Ted.Lemon@nominum.com]
>> Sent: Friday, September 07, 2012 11:38 AM
>> To: Bernie Volz (volz)
>> Cc: dhc WG
>> Subject: Re: WGLC: draft-ietf-dhc-dhcpv6-stateful-issues-00
>> 
>> On Sep 7, 2012, at 11:09 AM, Bernie Volz (volz) <volz@cisco.com> wrote:
>>> Where does this Last Call stand? August 24th has passed ...
>> 
>> There were a lot of comments in the WGLC, and lot of support for what is
>> to be accomplished here, but several people raised concerns as well.
>> There were a few responses in favor of advancing the current document;
>> Hemant Singh had some suggestions, to which Ole responded.   I do not
>> know if the responses satisfied Hemant's concerns.   I raised some
>> concerns which were not really addressed.   Wes Beebe raised a concern
>> which Ole responded to, but again I don't know if Wes was satisfied with
>> Ole's response.
>> 
>> 
>> So I think this is borderline.   There's clearly widespread support for
>> what this draft is trying to do; I would like to hear from Hemant and Wes
>> as to whether they are satisfied with Ole's responses.   I tend to agree
>> with Wes' sentiment that we need to think this through very carefully; I
>> would like to see a new draft that addresses Hemant's and Wes' concerns,
>> if possible, and then do a second last call to get more review.   Does
>> that work for the authors?
>