Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yang-18.txt
ianfarrer@gmx.com Mon, 29 March 2021 08:23 UTC
Return-Path: <ianfarrer@gmx.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC933A34CA for <dhcwg@ietfa.amsl.com>; Mon, 29 Mar 2021 01:23:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UaxdgNzlx06j for <dhcwg@ietfa.amsl.com>; Mon, 29 Mar 2021 01:23:30 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B74BA3A34C9 for <dhcwg@ietf.org>; Mon, 29 Mar 2021 01:23:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1617006205; bh=ajuVt0BtM59Q4FrLYjlyPnhjfH3tDypzHhZXPT2y7Uk=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=kE/OFI6U4sQ7mbotGWO4bzT7mhWg591960f3GvbYCwthInjz9dxA7ZML/FDtV+HuR 20qJt57U0LYmT+8+JjRsTZ47nH7izxgs0Nul2cwYpC2yCrUwKKlI75bTr3rtrKUZsg IRnv74Z4jgWIhy3fvwYT08svfiPjOBiDrzdcs/hc=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from mbp-big-sur-7.fritz.box ([89.0.56.132]) by mail.gmx.net (mrgmx105 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MStCY-1l4KbT2ILW-00UJ1V; Mon, 29 Mar 2021 10:23:25 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: ianfarrer@gmx.com
In-Reply-To: <DB7PR07MB55464BEC59F099DA8F6BCB2CA2649@DB7PR07MB5546.eurprd07.prod.outlook.com>
Date: Mon, 29 Mar 2021 10:23:24 +0200
Cc: dhcwg <dhcwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3CD463BA-5A3B-4DBF-87F1-06B1B918CB17@gmx.com>
References: <6019394A.8010303@btconnect.com> <603E3235.10501@btconnect.com> <6040D4FC.2020903@btconnect.com> <4C148BE5-19FB-47E7-92D3-C4870A174BE7@gmx.com> <DB7PR07MB55464BEC59F099DA8F6BCB2CA2649@DB7PR07MB5546.eurprd07.prod.outlook.com>
To: tom petch <ietfa@btconnect.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Provags-ID: V03:K1:chKvP8FUfdVL1rTiPP287RVGn4LSgDPdEZr7VbwkkrWpxs2tEOt ZrINL6Z2cO3u1qmkyhTtk626spvI3OwyPyvwINdKlJNr+kXIVyvccdTD8iZI9oPw5g2TqJz ERLcJi5gynKapewqOwzhye8T4JDlRt9+hjIrsq4txiPXyw2ERmSEqU1R0XBbz0SfcgATHuU JN38XMoHMqQKytewJw4MA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:OKTg5S8/hEg=:y1PMabOaAVcgh8AGIBbn3E tR30XZwichteGqcE1vse7lSEfcVA+bWBwEOVqnfmUKfJwsKP5vULsIEmZQMxYGvu6+PKRb0KP SDLrxA+kXAZBthnE3hd1eVlUf4uFI61TMA6nGLP3aYJP/FkN6ezA3kPcSPWESEfv9tvB420uu Ev0WC1jRctOTjnopTck/nHA7abJCwUr50coI4imMSk3/r5Nr6NmHZMtM52a/uCXWZ53kebTYX K9rC4Zw9ucDRPS6wbUR8KPX6UWbM9x1reK4ltMAwQs3aIaEKl69pdiHgT2nhq/kD4bnfsX1RM vx9C5RNtQwebyRgV3wZOcpNJ/nmQLJT9jeRaIAfyxPoAdR6Wh79UHW3Ixb35WVvS9U/WgOWPC MW1NhF8RGIoSwfH8JOEg7nTA6j0u/qChF36LJcFvHYo3euS22HWMEai9yfqBlyVXExuQjeqxA a2JuFgDwVreqivxJJst3DsICzKpEj+u6BQkJf9xkDYpL2481gVLb6FochKXhePxj5HfIqvg4t PLfrjddFD2tF/bNUgKoLLtFhkH+QoX+IET2u7sE9mcJpIjNXhdbT2/r2+4qUHUY9bxmIfZ9Fs yl/CYjkIjyT69IdlcDlq94tx6uQkNRm3QCHxmbxg7MwEvUFFKkRE0Tt2htXUrhF+qM4BpFWWC JlmzdzjFEaHIjuxMRJ87F/Sh2JKSqk7KgU25xPvmyVdT2lqwnCunSLTJFUbtBrJkuooeN7RCD JSTeoD0O+d9RtktQfNKk3in7yjigkgWoHTOPNaoX/6VHUMXqTrhU+Pq2e9nKBRXSQW7JkNcLT cu5TAFVVVZ/BNnDBCS4Tvz8KOe91E+dUdIoAizJG9jU7oUUnC/xkOnE+crjMpf+la+K3nPRwl bpFJpfx0mO3xBmwowsmtJrMRLlV2Zpnqt0sUR6vNBeRMelV4hE54sNASUE6O4E85NM/NHXRLS 4QBbshOp9SA/HWAUzp2QfJaiC0pjEmmI+HiaiwVM/E+S36OukRCdokR5zvjstI6cMNHmhyd5z ImWmbElPwYVQX/qkldWOExFE/tmuBT5uGNh6H48q8OIUxGB/xkY1+WZnqWIxbB5rrZ/Hb/sUT iCzB4lyJHHYhB5vQSxT4Z8p9ucbzpz8X9rShYLlnvcYdrB1ooxPAkmpgKHnjjYLu4e4GQlP1v u22dQYi7crft9lfLmwPuelNHR3F1l2+NklYRnixFR9bwDQdAyq6bPPtGPCwu0TCrHCjig=
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/cG22ren6dQkdajBp2oNf54ly_4g>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yang-18.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Mar 2021 08:23:36 -0000
Hi Tom, Good catch on the address count. I’ll change it in the next update. Thanks, Ian > On 23. Mar 2021, at 12:38, tom petch <ietfa@btconnect.com> wrote: > > From: ianfarrer@gmx.com <ianfarrer@gmx.com> > Sent: 17 March 2021 12:57 > > Tom, > > Thanks for your review. I’ve just posted -version -19, please see inline below for details on the changes in this version. > > <tp> > > Looks good. > > On the question of auth information, some use string, some use binary, some use hex, It is a question of what users are used to and how much entropy you can pack into a given space. So, leave it as it is unless someone demands a change. > > One small point. In two places you have > end-address minus start-address > for the total number. Should that be 'plus one'? > ie is 10.1.0.0 to 10.1.0.255 255 or 256? > > Tom Petch > > Ian > > >> On 4. Mar 2021, at 13:39, t petch <ietfa@btconnect.com> wrote: >> >> On 02/03/2021 12:40, t petch wrote: >>> Ian >> >> Ian >> >> I have now been through all four modules and have the following comments in addition to my last message. (A bad habit of mine that I seem unable to break is that I never see everything the first time, or the second, or.... but this is all I have so far:-) >> >> Carrying on with dhcpv6-server, there are parts that I do not understand. Several relate to threshold as defined in common as an integer percentage but I do not know how it is calculated. >> >> leaf max-address-count >> maximum number of addresses >> but it is type threshold not a count, a number and how is it calculated? something over (end-address less start address plus one)? > > [if - Renamed and description updated: > > leaf max-address-utilization { > type dhcpv6-common:threshold; > mandatory true; > description "Maximum amount of the addresses in the > pool which can be simultaneously allocated, > calculated as a percentage of the available > addresses (end-address minus start-address)."; > } > >> >> leaf-max-pd-space-utilization >> if the pool prefix is /48 and client-prefix-length /56, then how do you arrive at an integer percentage if e.g. 173 prefix out of 256 are in use? round up, round down? > > [if - Reworded description as: > > leaf max-pd-space-utilization { > type dhcpv6-common:threshold; > mandatory true; > description "Maximum amount of the prefixes in the > pool which can be simultaneously allocated, > calculated as a percentage of the available > prefixes, rounded up."; > } > ] > >> >> two notification for 'threshold-exceeded' one for address, one for prefix. >> For address, you have three counts, total, max, allocated; how do these relate to the objects defined earlier under address-pools? > > [if - Reworked: > > notification address-pool-utilization-threshold-exceeded { > description "Notification sent when the address pool > utilization exceeds the threshold configured in > max-address-utilization."; > leaf pool-id { > type leafref { > path "/dhcpv6-server/network-ranges/network-range/" + > "address-pools/address-pool/pool-id"; > } > mandatory true; > description "Leafref to the address pool that the notification > is being generated for."; > } > leaf total-pool-addresses { > type uint64; > mandatory true; > description "Total number of addresses in the pool > (end-address minus start-address)."; > } > leaf max-allocated-addresses { > type uint64; > mandatory true; > description "Maximum number of addresses that can be > simultaneously allocated from the pool. This value may be > less than count of total addresses. Calculated as the > max-address-utilization (percentage) of the > total-pool-addresses, rounded up."; > } > leaf allocated-address-count { > type uint64; > mandatory true; > description "Number of addresses allocated from the pool."; > } > } > > ] > >> For prefix, you have max-pd which does point to an earlier definition which is a threshold ie percentage but pd-space-utilization is uint64 and so clearly not a percentage >> I see inconsistency of names and of the objects used in the notifications which so I am confused >> > > [if - Reworked: > > notification prefix-pool-utilization-threshold-exceeded { > if-feature prefix-delegation; > description "Notification sent when the prefix pool > utilization exceeds the threshold configured in > max-pd-space-utilization."; > leaf pool-id { > type leafref { > path "/dhcpv6-server/network-ranges/network-range/" + > "prefix-pools/prefix-pool/pool-id"; > } > mandatory true; > description "Unique identifier for the pool."; > } > leaf total-pool-prefixes { > type uint64; > mandatory true; > description "Total number of prefixes in the pool."; > } > leaf max-allocated-prefixes { > type uint64; > mandatory true; > description "Maximum number of prefixes that can be > simultaneously allocated from the pool. This value may be > less than count of total prefixes. Calculated as the > max-precfix-utilization (percentage) of the > total-pool-prefixes, rounded up."; > } > leaf allocated-prefixes-count { > type uint64; > mandatory true; > description "Number of prefixes allocated from the pool."; > } > } > > ] > >> invalid-client-detected >> I assume this is the result of a message in which case message type would be useful. > > [if - Added an enumeration for the message type] > >> >> delete-address-lease >> should this point to an entry in the database? >> I see that objects named -lease are state data not configuration so I am unclear what is being deleted >> > [if - Now modelled as: > > leaf lease-address-to-delete { > type leafref { > path "../../dhcpv6-server/network-ranges/network-range" + > "/address-pools/address-pool/active-leases/active-lease" + > "/leased-address"; > } > ] > >> delete-prefix-lease >> ditto > [if - Now modelled as: > > leaf lease-prefix-to-delete { > type leafref { > path "../../dhcpv6-server/network-ranges/network-range" + > "/prefix-pools/prefix-pool/active-leases/active-lease" + > "/leased-prefix"; > } > > I’ve also added a leafier in the relay module for the clear-prefix-entry roc: > > leaf lease-prefix { > type leafref { > path "/dhcpv6-relay/relay-if/prefix-delegation/pd-leases/" + > "ia-pd-prefix"; > } > > ] > >> >> >> dhcpv6-relay >> >> feature prefix-delegation >> I think 6.3 a better reference >> > [if - done] > >> leaf link-address >> RFC s.9.1 appears to specify 16 octet, not binary 0..16 > > [if - now modelled as: > > leaf link-address { > type string { > pattern '[0-9a-fA-F]{32}'; > } > ] > >> >> notification relay-event >> the description of this would seem to make it applicable to servers as well as relays > > [if - The configuration of the implementation specific elements of server configuration (including listening interfaces) is only given as an example module in the appendix. Notifications related to server interface / topology changes would be part of this.] > >> >> clear-prefix-entry >> the reference is now RFC8987 which needs to be in the I-D references; this appears in other reference clauses > > [if - updated] > >> >> clear-interface-prefixes >> should the input interface-ref be to part of the DHCP configuration rather than to any interface? > > [if - changed to > path "../../dhcpv6-relay/relay-if/if-name”; > ] > >> >> >> dhcpv6-client >> >> list user-class-data >> list plural, entry singular, but I wonder how many AD know their Latin? > > [if - The list has been renamed to user-class-data-instances with user-class-data-id and user-class-data.] > >> >> container-ia-na-options >> perhaps client may send, rather than will > > [if -changed] > >> >> container-ia-ta-options >> ditto >> > [if -changed] > >> invalid-ia-detected >> I cannot find this in s.18.2.10.1 nor does it seem right to me. This is client module so how does a client find itself to be invalid? >> The description does not help me either! > > [if - It was meant to be for address conflicts. I’ve reworded the description as: > > notification invalid-ia-address-detected { > description "Notification sent when an address received > in an identity association option can be proved to be invalid. > Possible conditions include a duplicate or otherwise illegal > address."; > reference "RFC 8415: Dynamic Host Configuration Protocol for > IPv6 (DHCPv6), Section 18.2.10.1”; > > The rest of the notification has also been re-worked to contain the rest of the info in the address allocation (timers etc.).] > >> >> MRC-exceeded >> MRD-exceeded >> s.7.6 offers a choice for each of these for different counts/timers so I think that the data notification should be more explicit and a message type would help as it would with many such notification > > [if - I’ve reworked the notification as follows: > > notification transmission-failed { > description "Notification sent when the transmission or > retransmission of a message fails."; > reference "RFC 8415: Dynamic Host Configuration Protocol for > IPv6 (DHCPv6), Section 7.6"; > leaf failure-type { > type enumeration { > enum "solicit-timeout" { > description "Max Solicit timeout value (SOL_MAX_RT) > exceeded."; > } > enum "request-timeout" { > description "Max Request timeout value (REQ_MAX_RT) > exceeded."; > } > enum "request-retries-exceeded" { > description "Max Request retry attempts (REC_MAX_RC) > exceeded."; > } > enum "confirm-duration-exceeded" { > description "Max Confirm duration (CNF_MAX_RD) > exceeded."; > } > enum "renew-timeout" { > description "Max Renew timeout value (REN_MAX_RT) > exceeded."; > } > enum "rebind-timeout" { > description "Max Rebind timeout value (REB_MAX_RT) > exceeded."; > } > enum "info-request-timeout" { > description "Max Information-request timeout value > (INF_MAX_RT) exceeded."; > } > enum "release-retries-exceeded" { > description "Max Release retry attempts (REL_MAX_RC) > exceeded."; > } > enum "decline-retries-exceeded" { > description "Max Decline retry attempts (DEC_MAX_RT) > exceeded."; > } > } > mandatory true; > description "Description of the failure."; > } > leaf description { > type string; > description "Information related to the failure, such as > number of retries and timer values."; > } > } > > ] > >> >> server-duid-changed >> a good case for a notification but I cannot see it described in the RFC > > [if - I’ve updated the description and the reference: > > notification server-duid-changed { > description "Notification sent when the client receives a lease > from a server with different DUID to the one currently stored > by the client, e.g. in response to a Rebind message."; > reference "RFC 8415: Dynamic Host Configuration Protocol for > IPv6 (DHCPv6), Section 18.2.5”; > ] > >> >> Tom Petch >> >> >>> I put your last e-mail to me somewhere safe, too safe for me to find >>> just now. So, I am going through -18 and thoughts so far >>> >>> I like the treatment of DUID. >>> >>> IANA status codes needs adding to the I-D references > > [if - Done] > >>> >>> server-module (part-reviewed) >>> prefix-delegation >>> 6.3 would seem a better reference than 6.2 >>> > [if -Changed] > >>> rapid commit >>> 5.1 might be better than 5.2 >>> > [if - Changed] > >>> leaf id >>> Equivalent to subnet ID >>> I do not understand this, nor do the RFC uses of subnet enlighten me > > [If - Description now reads: "Unique identifier for the network range.”] > >>> >>> >>> common module >>> You have a MUST in the common module which means you should have the >>> RFC8174 text in the module as well > > [if - Included] > >>> >>> duid-base >>> why a length of 260? RFC allows 128 which sort of suggests two-byte >>> character sets! > > [If - Replaced the length statement with pattern '^([0-9a-fA-F]{2}){3,130}$’; > > The length is 130 to include the 2 octet type as well. > ] > >>> >>> between 1 and 128 bytes >>> RFC has octets so I think that better > > [if - changed] >>> >>> duid-unstructured >>> I do not understand what the pattern is doing here > > [if - The pattern allows you to define any set of values except ones with 0001-0004 in the DUID-Type field which need to follow the formats for their corresponding defined type type] > >>> >>> OPTION_AUTH >>> the RFC references auth-namespaces so I think that this should too here >>> and in I-D references > > [if - Added references] > >>> >>> I note that this uses HMAC-MD5; I do not know how Security ADs view >>> this; it may need a note in the Security Considerations >>> > [If - I’ve checked RFC8415 and it isn’t mentioned in the Sec. Section there. I’ll add something if it’s flagged at the review stage] > >>> auth-information >>> string or binary? > > [if - The format of the contents depends on the authentication protocol that’s being used. Is binary a better choice here?] > >>> >>> sub-optiondata >>> again string or binary? RFC does not help me here >>> I note that there is a two octet length field ie 65535 max > > [If - I’ve left it as string and reworked as; > > type string { > pattern '([0-9a-zA-F]{2}){,65535}’; > ] > >>> >>> More to come. >>> >>> Tom Petch >>> >
- [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yang-17… internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… ianfarrer
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… t petch
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… ianfarrer
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… t petch
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… t petch
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… ianfarrer
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… tom petch
- Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-yan… ianfarrer