Re: [dhcwg] WGLC for draft-ietf-dhc-rfc3315bis-08 - Respond by May 30th, 2017

"Bernie Volz (volz)" <volz@cisco.com> Sat, 17 June 2017 02:27 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24E4F12EAB1 for <dhcwg@ietfa.amsl.com>; Fri, 16 Jun 2017 19:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gh8y8w-JS0Ug for <dhcwg@ietfa.amsl.com>; Fri, 16 Jun 2017 19:27:47 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4884412EAA7 for <dhcwg@ietf.org>; Fri, 16 Jun 2017 19:27:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8450; q=dns/txt; s=iport; t=1497666461; x=1498876061; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=fwXurzW9RzNMdEXsru43+RQE4VtChW/TwW1VX2ObOU8=; b=XNHZlJxWmcZBA3o1gcmKlOZVdTfUh31f4YmhVPs5VDyAe0LTDQxFvFKq Oco3lgw9RJyHUos0cE3JSyfrawl2IAL8QfDRkN+T+NxJtGRtWayd7ak8R T84C3lwAyE98xDpSGe+DWIB6g0YOyOizrunY+mhxZ9HE50f0a1PInuKoT E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CcAAB2kkRZ/4gNJK1cGQEBAQEBAQEBAQEBBwEBAQEBg1iBbweDZIoZkXyDI4UIjUyCEYYkAhqCUD8YAQIBAQEBAQEBayiFGQEEASMRRRACAQYCGgImAgICHxEVEAIEDgWKFAMNCIxUnWGCJoc7DYQlAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYELhzcBK4J4gTyBG4ISF4J7MIIxAQSJSYhQjAQ7Ao50hGeSDYtXiS4BHziBCnQVWwGEegwQgWZ2iHiBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.39,349,1493683200"; d="scan'208";a="436709539"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Jun 2017 02:27:40 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v5H2Re26010424 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 17 Jun 2017 02:27:40 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 16 Jun 2017 21:27:39 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Fri, 16 Jun 2017 21:27:39 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: 神明達哉 <jinmei@wide.ad.jp>
CC: "dhcwg@ietf.org" <dhcwg@ietf.org>, Ralph Droms <rdroms.ietf@gmail.com>
Thread-Topic: [dhcwg] WGLC for draft-ietf-dhc-rfc3315bis-08 - Respond by May 30th, 2017
Thread-Index: AdLI0aZmS0Xgn7D6S1m3YZ8hZorkbQLWe7cAAIVlReABPEJZgAKF0ckgAGu0AYAACFfvgA==
Date: Sat, 17 Jun 2017 02:27:39 +0000
Message-ID: <3227281E-1FC2-448F-A9D2-9E7603A24E15@cisco.com>
References: <8418750467ae490ea50e342380a565be@XCH-ALN-003.cisco.com> <CAJE_bqcMLz7JBaSA2h6_xiB3AyxQzkMGfL87WeqKzwxKoSeD-w@mail.gmail.com> <67c761541b674041ba5a2eb0b9ea41fa@XCH-ALN-003.cisco.com> <CAJE_bqeBg-va5zr=4HNrecECg_mmGpWECAc8V5UL0ckhHnJcNQ@mail.gmail.com> <7f897317e79e4576bebc772c45edb703@XCH-ALN-003.cisco.com> <CAJE_bqd72=wKwe3_i3=rArJys1eWLizVdn_q+Dz9yaHFouP_WA@mail.gmail.com>
In-Reply-To: <CAJE_bqd72=wKwe3_i3=rArJys1eWLizVdn_q+Dz9yaHFouP_WA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.22.0.170515
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.1.195]
Content-Type: text/plain; charset="utf-8"
Content-ID: <76FCC89F28D4B64AB84FF1D092F04FEC@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/cHRdZ0RwejTkrcoRQtiI2II0tlo>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-rfc3315bis-08 - Respond by May 30th, 2017
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jun 2017 02:27:49 -0000

Jinmei:

My reaction is you are wrong – the PIO would, whenever sent, be sent with the preferred and valid lifetime REMAINING on the PD lease. So, sure a PIO sent just after the PD lease started would have (close) to the full values, but the values sent an hour later would be 1 hour less than they were.

Thus, I don’t see a problem as the preferred and valid lifetime of the PIO run down as the time of the lease runs down. At T1 (if 50 % of the preferred lifetime), a PIO sent would have ½ preferred lifetime (preferred lifetime – T1) and a valid lifetime of the original valid lifetime – T1.

This is different than if you explicit configured a manual prefix on a router with preferred/valid lifetimes – those would always be advertised in PIOs with the same values. But, when a lease is involved, the values run down and thus the PIO must contain just the remaining times.

Thus, it all works out nicely?

I will take another look at the IAPREFIX preferred/valid lifetime definitions as perhaps we need to tweak them a bit.

- Bernie

On 6/16/17, 2:28 PM, "jinmei.tatuya@gmail.com on behalf of 神明達哉" <jinmei.tatuya@gmail.com on behalf of jinmei@wide.ad.jp> wrote:

    At Wed, 14 Jun 2017 20:13:56 +0000,
    "Bernie Volz (volz)" <volz@cisco.com> wrote:
    
    > We are working to get the -09 version out before the July 3rd
    > IETF-99 cutoff. And, I think we're waiting on text for you regarding
    > one item:
    
    I don't think I promised I would offer text :-) but I admit I should
    have provided some followup much earlier.
    
    > > > BV> Unless you provide text, I think we'll leave this alone as
    > > > mentioned earlier we feel that this document is not the one that
    > > > should describe how these lifetimes are to be used.
    >
    > > This is not just about wording.  It's about actual protocol
    > > behavior, and I don't even know if we have common consensus on it.
    > > I also think we can't simply ignore the issue by being silence,
    > > since it could result in a bad situation like a site keeps
    > > advertising a prefix in RA as a preferred one even when it's
    > > already "deprecated" or even "invalidated" in terms of prefix
    > > delegation.  I'll see if I can offer something more concrete, but
    > > I'd like to raise it as a possible blocking issue.
    
    As I said before (in the quoted text) I actually suspect it's
    premature to talk about specific text before discussion.  So let me
    talk about what I think is an issue more specifically.
    
    First off, what's this preferred lifetime in the first place?  Section
    21.22 simply says:
    
          preferred-lifetime   The recommended preferred lifetime for the
                               prefix in the option, expressed in units of
                               seconds.  A value of 0xFFFFFFFF represents
                               infinity.
    
    What does this "recommended" mean?  As far as I can see it's not
    explained anywhere else in the draft.  But one possible, or likely,
    interpretation would be that it's a recommendation for addresses
    configured from this prefix.  More specifically, it would be to use it
    as the preferred lifetime of a prefix information option (PIO) of RA
    for the delegated prefix (or prefixes derived from the delegated
    prefix).  Assuming that, consider some more concrete issue:
    
    Assume a PD client gets an /64 IA_PD prefix with preferred lifetime
    being 1 week (an arbitrary choice).  If T1/T2 of the IA_PD follows the
    recommended value of Section 21.21, the client will try to renew it in
    3.5 days.
    
    Meanwhile, this prefix is typically advertised in the downstream link
    in the prefix information option (PIO) of RA.  Assuming the above
    interpretation of "recommendation", a straightforward implementation
    of it is to set the preferred lifetime of the PIO to 6 days.  End
    hosts receiving this prefix will configure their addresses, resetting
    its preferred lifetime to 6 days every time it receives the PIO (which
    is periodically advertised, usually every several minutes).
    
    In 3.5 days the PD client starts renewing the prefix.  But, now suppose
    this exchange doesn't succeed (even after the client switches to
    REBOUND).  Then what should happen in 6 days?  Should the delegated
    prefix now be considered "deprecated"?  And what would that mean?
    Should the preferred lifetime value of the corresponding RA PIO be
    reset to 0 from this point?
    
    And, what if the PD client can't even RENEW/REBOUND until the valid
    lifetime expires?  If, like above, the valid lifetime value is copied
    from IA_PD prefix to RA PIO, end hosts will have an address with a
    pretty large valid lifetime (in this example scenario, at least 6
    days) at the time of expiration due to the periodic RA advertisements.
    And, even if the advertised PIO valid lifetime is set to 0 at that
    point, end clients will still keep using the address for two hours
    (see RFC4862).
    
    I actually don't know whether/how existing implementations deal with
    cases like this, but I wouldn't be surprised if there are naive
    implementation that simply copies the preferred/valid lifetimes from
    PD to RA, potentially having the problems described above.  I suspect
    we've not heard problem reports in the actual deployment simply
    because the lifetimes are sufficiently long compared to possible
    network outage periods, and also perhaps because if this problem
    happens because the upstream becomes unreachable, then it doesn't
    matter much anyway if the end clients keep using "expired" addresses.
    Still, as a protocol design I think it's a kind of defect and we
    cannot just rely on the operational conditions.
    
    So, can we agree there's a potential problem as some of the
    definitions and the usage are not clear enough, aside from whether
    that should be addressed in rfc3315bis?
    
    --
    JINMEI, Tatuya