Re: [dhcwg] Last Call: <draft-ietf-dhc-option-guidelines-14.txt> (Guidelines for Creating New DHCPv6 Options) to Best Current Practice

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Tue, 08 October 2013 20:31 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65FB521F99DD; Tue, 8 Oct 2013 13:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZiLFae1wY0ib; Tue, 8 Oct 2013 13:30:57 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id CC84021F9E6A; Tue, 8 Oct 2013 13:30:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4502; q=dns/txt; s=iport; t=1381264238; x=1382473838; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=O2Skf5ZXfSNfBnucdwDsvEcjTAv7fhWXJ41CeQKOtuI=; b=XPx5inqYFF+H2g07AgEvHiOPmLC2GTXlNCPHM8Re6AwchBV0wPMvmuwC yZXBYbVBdwhKjD7b2n8UAVW2IGxUNpypwpMEIvusEQzvq3aZOQLcqjC7R uEBo+UYLdwQODo5mGeJAVg/jxiwHT7tPpW5qHf48FiHI4O3o1GtOyYnoN 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AowFABRrVFKtJV2c/2dsb2JhbABZgwc4UsEngSMWbQeCJQEBAQMBbgsQAgEIIhkLMhQRAgQOBQiHeAYMulSOCoEFAjEHgx+BBAOZMJBRgWaBPoIq
X-IronPort-AV: E=Sophos;i="4.90,1058,1371081600"; d="scan'208";a="269694375"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-3.cisco.com with ESMTP; 08 Oct 2013 20:30:37 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r98KUb12022768 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 8 Oct 2013 20:30:37 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.143]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.02.0318.004; Tue, 8 Oct 2013 15:30:36 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: Last Call: <draft-ietf-dhc-option-guidelines-14.txt> (Guidelines for Creating New DHCPv6 Options) to Best Current Practice
Thread-Index: AQHOxGU+x36dkMJ3pkem9MOxfSCBUg==
Date: Tue, 08 Oct 2013 20:30:36 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB123C933B2@xmb-aln-x02.cisco.com>
References: <20130919215457.30925.98345.idtracker@ietfa.amsl.com>
In-Reply-To: <20130919215457.30925.98345.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <5275A41775A20145A8667DA6B35F94CD@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Tue, 08 Oct 2013 15:49:41 -0700
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Last Call: <draft-ietf-dhc-option-guidelines-14.txt> (Guidelines for Creating New DHCPv6 Options) to Best Current Practice
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 20:31:04 -0000

(Dear OPs ADs, please read … )


I disagree with the advice in section 8.  Cisco IP phones have been deployed with DHCP options that use FQDN and with options that use IP addresses. For this type of use case the FQDM turned out to be much better from an operational and administration point of view. IT departments are used to making sure that changes of IP addresses on servers are well coordinated with changes to the DNS - they are good at doing that and that and have good tools for it. Conversely, they are not used to coordinating server changes with DHCP changes and do not have good tools for that. Part of why you can't do this with DHCP is that clients are written so that when an IP address fails to work for an application connection, the application re does the DNS and gets the new address (assuming TTL had been moved down during the move). Applications can not tell the  OS to redo DHCP when they fail an application level connection. 

For nearly every case in the real world, the power and RTT and reliability issues are simply not relevant -   regardless of which way you do it, the application is unlikely to work if DNS is down, the extra RTT make no speed difference the user can percieve and the power difference over a day of use of the application is so small it is not measurable. 

FQDN allow usage of things like DNS SRV for load balancing, happy eye balls for v6 transition, and make it easier to get things to geographically close servers. 

I don't think it should come a a shock to anyone that the level of indirection that FQDNs provides turns out to be a really useful tool. Lets use that indirection tool where appropriate. 


Related to this, the advice in section 12 seems a bit off to me. I understand the issues - but keep in mind that many modern applications (browsers and SIP phones for example) do the DNS inside the application instead of using the OS resolvers. Part of the reason for this is asynchronous resolution but part of it is also control of which interface is used for DNS and if multiple interfaces are used, being able to keep the applications traffic on the the appropriate interface for the DNS server that returned the address. So while I agree that 

"Existing nodes cannot be assumed to systematically segregate
   configuration information on the basis of its source;"

Equally true is you can't assume the converse of that. So I think the statement that 

   As a consequence, DNS
   resolution done by the DHCP server is more likely to behave
   predictably than DNS resolution done on a multi-interface or multi-
   homed client.

Is just plain wrong. I think it would be more accurate to say in these cases the results are not always predictable. The issue is the DHCP server may get an DNS answer that contains and server that can not even be reached by the DHCP client. 

As a general rule of thumb, using FQDN in the configuration of a DHCP server is a really bad idea because IT admins assume that if they change the the DNS information, the clients will get the new information. But they don't. 


Cullen







On Sep 19, 2013, at 3:54 PM, The IESG <iesg-secretary@ietf.org> wrote:

> 
> The IESG has received a request from the Dynamic Host Configuration WG
> (dhc) to consider the following document:
> - 'Guidelines for Creating New DHCPv6 Options'
>  <draft-ietf-dhc-option-guidelines-14.txt> as Best Current Practice
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2013-10-03. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
> 
> Abstract
> 
> 
>   This document provides guidance to prospective DHCPv6 Option
>   developers to help them creating option formats that are easily
>   adoptable by existing DHCPv6 software.  This document updates
>   RFC3315.
> 
> 
> 
> 
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-ietf-dhc-option-guidelines/
> 
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-ietf-dhc-option-guidelines/ballot/
> 
> 
> No IPR declarations have been submitted directly on this I-D.
> 
>