IETF Logo Mail Archive

Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 24 August 2016 18:26 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2304712D11C for <dhcwg@ietfa.amsl.com>; Wed, 24 Aug 2016 11:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnDd6IVTrYCf for <dhcwg@ietfa.amsl.com>; Wed, 24 Aug 2016 11:26:30 -0700 (PDT)
Received: from ewa-mbsout-01.mbs.boeing.net (ewa-mbsout-01.mbs.boeing.net [130.76.20.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB2D512D518 for <dhcwg@ietf.org>; Wed, 24 Aug 2016 11:26:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by ewa-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u7OIQUZ2007122; Wed, 24 Aug 2016 11:26:30 -0700
Received: from XCH15-05-03.nw.nos.boeing.com (xch15-05-03.nw.nos.boeing.com [137.137.100.66]) by ewa-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u7OIQNu8007086 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Wed, 24 Aug 2016 11:26:23 -0700
Received: from XCH15-05-05.nw.nos.boeing.com (2002:8989:6450::8989:6450) by XCH15-05-03.nw.nos.boeing.com (2002:8989:6442::8989:6442) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 24 Aug 2016 11:26:23 -0700
Received: from XCH15-05-05.nw.nos.boeing.com ([137.137.100.80]) by XCH15-05-05.nw.nos.boeing.com ([137.137.100.80]) with mapi id 15.00.1178.000; Wed, 24 Aug 2016 11:26:23 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Ralph Droms (rdroms)" <rdroms@cisco.com>, Ted Lemon <mellon@fugue.com>
Thread-Topic: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
Thread-Index: AdHz4kyO7hzDfzYnSfqWBjHhBsGHFqBGDGeAgAA+lwCAAAn1AIAEKdgAgAH3pgCAAcHfgIABdYgAgAADMICAAPbYAIAGuH0AgAAcCACAAGAdAIAAvucAgAAFvoCAABCsgIAAAW4AgAANBwCgRB0kAA==
Date: Wed, 24 Aug 2016 18:26:23 +0000
Message-ID: <55dcbc0cd1484fffa264b18b2fc3322c@XCH15-05-05.nw.nos.boeing.com>
References: <92dcf2e0cf08452caa5861f7258ea6c5@XCH15-05-05.nw.nos.boeing.com> <201608121919.u7CJJqcS056876@givry.fdupont.fr> <c5303eef3c124228825f32a40f229107@XCH-ALN-003.cisco.com> <ccaff4d4cb5c4eefb05eee0660c2611c@XCH15-05-05.nw.nos.boeing.com> <f46aa91e4cfb41b29dd2d8186f5959f8@XCH-ALN-003.cisco.com> <ba1c8ff573d7466b8c437373e05f1023@XCH15-05-05.nw.nos.boeing.com> <b65e1dd66b634240b3ca164b2c04c20a@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqfb5sxOpkTEXkwZXckKBWof7U1-W6EFzCHk7ijnMjpMMA@mail.gmail.com> <5ec83aaf4e76497aa4b4d465483bdcf5@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqeKqEgLVC2ZZyUCjsrPP5_suRJ8en2NC+g13Q5PyQL1iw@mail.gmail.com> <30c9413c4662476096ef087ac88f6314@XCH-ALN-003.cisco.com> <dc9d2c300d574732a12f7f366f6223c0@XCH15-05-11.nw.nos.boeing.com> <3A5F0B79-8C76-4E82-97E9-FA63657DE6C3@cisco.com> <CAJ3w4NdjgVxvnvuaWjGM=qtOe0qUq4N96fVXsbNrf=YkhiABbQ@mail.gmail.com> <2f45b99b50f84b1280e92ad824e39e26@XCH15-05-05.nw.nos.boeing.com> <9E9A9543-ECB0-4D99-A00F-1AAD813B6522@fugue.com> <091180442e44490ba451874d1543f814@XCH15-05-05.nw.nos.boeing.com> <CAPt1N1=pD7TBrU_NnuyGz61+CiUVp0JiyLLfMUKTz_dgnO59QQ@mail.gmail.com> <AF387F3E-1B64-4E5D-BAF7-EB5BF3ED1EB4@cisco.com>
In-Reply-To: <AF387F3E-1B64-4E5D-BAF7-EB5BF3ED1EB4@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.137.12.6]
Content-Type: multipart/alternative; boundary="_000_55dcbc0cd1484fffa264b18b2fc3322cXCH150505nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/_AvJ00ya6Adm7uW6xWQ9u5c-kG8>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2016 18:26:33 -0000

Hi Ralph,


?  ...which expired back in 2005.  The dhc WG discussed the idea and we ran into

?  concerns that out-of-order packet delivery or delivery through different relay

?  agents might cause the state in the relay agent to be out-of-sync with the state

?  of the assigned addresses or prefixes.  While we tried to engineer solutions to

?  those issues into this mechanism, I call that we conclude the proper solution is

?  for some other mechanism (e.g., today, an SDN controller) to inject the right

?  information into the routers or routing protocol.

I vaguely remember this. I seem to recall that we also felt that relay agents could
glean prefix information by examining the options in the server's Reply message
to the client without needing to include any options in the relay message. That is
exactly what AERO does, and I assume also what other DHCPv6 prefix delegation
use cases do. But, if secdhcpv6 encrypts the Reply message then the prefix
information can no longer be gleaned.


?  If I recall correctly, this is the I-D: draft-draft-droms-dhc-dhcpv6-agentopt-delegate-00.txt

If we could resurrect this draft, it would satisfy my needs. What do you think?

Thanks - Fred

From: Ralph Droms (rdroms) [mailto:rdroms@cisco.com]
Sent: Wednesday, August 24, 2016 10:15 AM
To: Ted Lemon <mellon@fugue.com>
Cc: Templin, Fred L <Fred.L.Templin@boeing.com>; dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)


On Aug 24, 2016, at 12:28 PM 8/24/16, Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:

On Aug 24, 2016 12:23 PM, "Templin, Fred L" <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
> I think possibly so. If the server can feed the relay the IA_PD option then
>
> all is well. In fact, I think this same issue would apply in any other prefix
>
> delegation use case where the relay needs to inspect the IA_PD so it
>
> can inject routing information into the routing system.
>
>
>
> Am I understanding correctly?
Yes. This is the exact use model we need to address. Ralph Droms did some work on it a few years ago but it never got off the ground. The work needs to happen.

If I recall correctly, this is the I-D: draft-draft-droms-dhc-dhcpv6-agentopt-delegate-00.txt

...which expired back in 2005.  The dhc WG discussed the idea and we ran into concerns that out-of-order packet delivery or delivery through different relay agents might cause the state in the relay agent to be out-of-sync with the state of the assigned addresses or prefixes.  While we tried to engineer solutions to those issues into this mechanism, I call that we conclude the proper solution is for some other mechanism (e.g., today, an SDN controller) to inject the right information into the routers or routing protocol.


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org<mailto:dhcwg@ietf.org>
https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email