[dhcwg] draft-stenberg-pd-route-maintenance
"David W. Hankins" <David_Hankins@isc.org> Tue, 14 November 2006 00:35 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GjmGV-0005i3-KW; Mon, 13 Nov 2006 19:35:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GjmGV-0005hy-61 for dhcwg@ietf.org; Mon, 13 Nov 2006 19:35:03 -0500
Received: from [2001:4f8:3:bb:20c:76ff:fe16:4040] (helo=goliath.isc.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GjmGU-00049q-9i for dhcwg@ietf.org; Mon, 13 Nov 2006 19:35:03 -0500
Received: by goliath.isc.org (Postfix, from userid 10200) id 567BB7D29; Mon, 13 Nov 2006 16:34:55 -0800 (PST)
Date: Mon, 13 Nov 2006 16:34:55 -0800
From: "David W. Hankins" <David_Hankins@isc.org>
To: dhcwg@ietf.org
Message-ID: <20061114003455.GB5873@isc.org>
Mime-Version: 1.0
User-Agent: Mutt/1.5.9i
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 3971661e40967acfc35f708dd5f33760
Subject: [dhcwg] draft-stenberg-pd-route-maintenance
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0432159159=="
Errors-To: dhcwg-bounces@ietf.org
As threatened in the WG meeting, some comments to work on section 2.1 of this document, offered in a playful spirit even if my writing style doesn't convey that. In general, I'd like to see this document try and imagine the "best" deployment of the described architecture, and then point out flaws in it, rather than to imagine all the worst ideas and point out just how bad it could get if you really tried. I get the idea also that while writing this section, the author switched between the idea of, say, perl scripts writing DR configuration syntax down an SSH channel, and a routing protocol approach. I think in that case you should separate this into two different sections (as the first few bulletpoints apply to the former but not the latter). Considering the backend provisioning system is the only component in the system that actually requires significant amount of nonvolatile storage, from data system point of view it would be ideal to have the backend provisioning system responsible for maintaining the routing state as well. Consider also: the provisioning system is usually colocated or in direct communication (providing configuration state for) the DHCP server. This puts it in a unique position: it is authoritative for what prefix is assigned to what purpose. By definintion it is the one thing that is never 'confused' due to out-of-order delivery or similar, there are also fewer "protocol components" involved (system->routing vs system->dhcpv6->routing). Beyond that I think the summary of this approach's advantages is well stated. I basically don't agree with, or think they are too broadly stated, with any of the bulletpoints. I can do a blow- by-blow if you think that's helpful, but I suspect it would be easier to go the other route and say how I would have written this section and you can point out what that misses (proposed draft text in quotes): 1) A DR might be a more 'physical' layered device that does its best work ("core competency") at the physical layer, and really only manages marginally to do the minimum required at any subsequent layers. To ask such a device to implement everything required from a full IP/TCP/UDP stack on up to BGP (or "some routing protocol") is really asking quite a lot. It is amazing enough as it is that they manage 'static routing', and might even be 'pinged' without crashing. Let's not talk about SNMP. Simply stated, it is a bad idea to ask CMTS manufacturers to implement BGP. The resulting abomination would be a horror. "Routing may not be the DR manufacturer's core competency, so using a full routing protocol may exceed reasonable expectations in software development investment." 2) The groups of people responsible for DHCP network deployments are generally not the same group of people for the ISP's core network. Simply stated, Sysadmins very rarely know the lay of the BGP land, and probably would lose their fingers if they touched its state in any way. "The existence of multiple administrative sub-domains within a network that are responsible for the design and operation of core versus edge components complicates integration of DR devices with the core network's routing protocol. DR operators rarely have either direct access to their network's routing protocols, or experience with using or troubleshooting them, as these are roles usually relegated to another office." 3) A DR may be expected to implement a kind of extra sensory perception for the RR. For example, let us imagine that the 'Network' and 'RR' are attached via VLANs, transported by DR's. This ensures that every RR (which might be a customer-premise device) is in a broadcast domain with no other-customer RR's, and only shares the broadcast domain with a 'router' in the "Network" box in your ASCII art. This may even be the most desirable scenario, but it necessitates that the DR construct the VLAN connection, and again we have all kinds of issues entering into detecting remote reboots and remote configuration state among fault-tolerant endpoints. DHCPv6 is a good idea for such configuration state, and some mechanism for the DR to get its brains back if it shifts roles or reboots is necessary. So the point here is that even with such a mechanism covering the routing state, we still need a mechanism to recover DR configuration state. "Even if the routing state is carried via a technique such as this, it may not remove the need for a means for DR devices to re-acquire their RR-specific configuration state. It also presents a form of de-centralization to convey this information in two different places, which may not be desirable." 4? In the 3) scenario it's probably also wasteful to apply a globally routable prefix to every Network<->RR connection (using only two addresses), so the RR is only going to have a global address if it chooses one from the delegated prefix. I think this bridge is usually gapped in IPv6 networks using link state routing protocols (so BGP points a prefix to an address that is found to have a route over a locally-addressed link). Conceding to point 1 above, we have to require a much more simple means to allow a DR to be the bridge in this locally-addressed gap. I don't know a lot about this scenario, so I'm hesitant to try and say more. I'm already out on the proverbial limb in terms of my own experiences. I find it strangely curious that for the second time today on two different topics, I am making a distinction between 'configuration' state and 'routing' state being carried by DHCPv6. At any rate, with those three points alone, and the introductory paragraph you already have, the idea is generally well documented that although the technique might work well in certain deployments (you cover the main 'good' points in that introduction paragraph), it is not a universal solution, and there's a documented need to fulfill requirements in other use cases. The 4th thing is probably a quagmire getting far too close to the details. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
_______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] draft-stenberg-pd-route-maintenance David W. Hankins
- Re: [dhcwg] draft-stenberg-pd-route-maintenance Markus Stenberg