[dhcwg] Comments on draft-ietf-dhc-dhcpv4-over-dhcpv6
Tomek Mrugalski <tomasz.mrugalski@gmail.com> Sun, 03 November 2013 11:56 UTC
Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B036911E8219 for <dhcwg@ietfa.amsl.com>; Sun, 3 Nov 2013 03:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgIYtqyxR0S0 for <dhcwg@ietfa.amsl.com>; Sun, 3 Nov 2013 03:55:44 -0800 (PST)
Received: from mail-bk0-x22c.google.com (mail-bk0-x22c.google.com [IPv6:2a00:1450:4008:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id CC95611E81C8 for <dhcwg@ietf.org>; Sun, 3 Nov 2013 03:55:39 -0800 (PST)
Received: by mail-bk0-f44.google.com with SMTP id mx10so1061591bkb.17 for <dhcwg@ietf.org>; Sun, 03 Nov 2013 03:55:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=cvMTnYGOh4Xo9n+zxz3/SBPLIpUjj82hZ4fn4R2gz8M=; b=gJgmhgI06zj2ej1jWaNc4lC9RWy1+dIL6N80O1nFytfYabWZopNG6J41959nzCVEPr Fm061qH28XmixR7qFOf3P406OWDqM6bPtp+EQEeTpfZcyly9WI/X9HFrlO5C5h5q3lwH 2+1s5WasMbnC4d0cIj3SGlWdzPIFSNJJ5VWjVXtmavmr/bV3B25o0Lvyhi0lET6l4y4S 4iuNLZuezVIWH8FiMkBQzPfeDWQEdlHcykVsMuBPfH9e9OKFvQmrQxI6elCUizHGWb2+ Xdj5QxrbsOGz79Fw2RvnjlqpaOS67ugaioo4I8uIKd9M+Pg+1GAPAzKq2RTXjDZa73Ez UIZw==
X-Received: by 10.205.32.193 with SMTP id sl1mr6116803bkb.24.1383479737145; Sun, 03 Nov 2013 03:55:37 -0800 (PST)
Received: from dhcp-97d1.meeting.ietf.org (dhcp-97d1.meeting.ietf.org. [31.133.151.209]) by mx.google.com with ESMTPSA id a4sm11381123bko.11.2013.11.03.03.55.34 for <dhcwg@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 03 Nov 2013 03:55:35 -0800 (PST)
Message-ID: <527639B5.1060401@gmail.com>
Date: Sun, 03 Nov 2013 03:55:33 -0800
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: DHC WG <dhcwg@ietf.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [dhcwg] Comments on draft-ietf-dhc-dhcpv4-over-dhcpv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2013 11:56:20 -0000
With my chair hat off. I reviewed -02 of this draft. It is in quite good shape. I have several comments, but most of them are editorial in nature. One major comment I have (about the ability to turn off 4o6) should be addressed. Another one (about covering stateless) is something to consider. I won't insist on it if you think it's a bad idea. Here are my comments: Can 4o6 be used by clients that use stateless DHCPv6? It would be stateless v6 and stateful v4. In my opinion that would be uncommon, but a valid scenario. If authors agree, the text should be modified to say that the server puts 4o6 Enable and 4o6 Address options in any server response. As a server implementor, I can say that it's very easy to do. Both options just become a regular options that client asks for and server provides. I had a discussion with Marcin about this. One issue with the draft is that there is no defined way to revoke the "4o6 available" status. Consider a case when administrator has 4o6 available, but decides to turn it off. The client will renew its IPv6 lease eventually and may then learn that 4o6 is no longer available. The problem with this is that it creates an artificial link between 4o6 availability and IPv6 lease lifetime. So I think there are couple things that should be added: - a clarification that the client interested in running in 4o6 mode MUST request 4o6 Enabled and 4o6 Addresses options in every Solicit, Request and Renew messages - when client requested 4o6 Enabled option, but did not receive it, it must disable its 4o6 functionality (possibly sending DHCPRELEASE before shutting down) - you need to solve somehow the fact that 4o6 service availability status cannot be updated (revoked) easily. The most obvious example is a stateless DHCPv6 client, but also a stateful client in a network with very long valid lifetimes. You may want to look at RFC4242 and see if it help. Perhaps referencing it and saying that clients that implement 4o6 MUST use information refresh time option as well. Just to be clear - I'm not saying that you really should do this. Just consider it and see if it solves the problem. More specific comments about the draft. Abstract: This draft defines options, not (one) option. Authors may consider changing terminology regarding a client that supports both DHCPv6 and DHCPv4-over-DHCPv6. Current proposed name is 'DHCP client'. Although the definition is presented in a clear way, it is somewhat counter-intuitive. All other DHCP drafts/RFCs assume that 'DHCP client' means a client that can be either DHCPv4 client, DHCPv6 client or both. Perhaps a better name would be "4o6 DHCP client"? Section 4 could mention that DHCPv4 message is a special type of BOOTP message. Figure 1: Please make it explicit whether this is v4, v6 or 4o6 Relay Agent. "The server replies with a DHCPv6 response, which is a new DHCPv6 message called Boot-reply-v6." - That sentence is a bit odd. It would sound better as "The server replies with Boot-reply-v6, which is a new type of DHCPv6 message." "If the client is configured to use DHCPv6 to obtain its IPv6 configuration, the DHCPv6 server MAY include the DHCPv4 -over-DHCPv6 Enable Option in its Reply message to indicate that client SHOULD use the DHCPv4-over-DHCPv6 protocol to obtain additional configuration." That doesn't sound right. There's one condition missing in this sentence. The client that supports DHCPv4-over-DHCPv6, SHOULD request DHCPv4-over-DHCPv6 Enable Option by sending its code in ORO. "If a DHCPv6 server is configured to do so, it MAY send unicast addresses of the 4o6 Servers to the client during the client's configuration using DHCPv6.". This sentence missed "... and client requested it in ORO". "The unicast addresses are carried in the 4o6 Server Addresses Option encapsulated in the Reply message". Please don't use word "encapsulated" here. This word has special meaning in DHCP context (options put inside other options). "included in the Reply message" sounds better. And it should be "included in Advertise and Reply messages". Section 5.1, BOOTREQUESTV6 and BOOTREPLYV6 descriptions. Please be more explicit about which client you have in mind. This should be 4v6 DHCP client. Section 5.2. I do not like introducing new message format. Why can't you make flags a regular option? All DHCPv6 implementors have proven code for parsing DHCPv6 messages. They use 2 formats: the regular one (msg-type followed by options) and relay-forw/reply (msg-type, hop-count, link-address, peer-address followed by options). It is possible to introduce new formats, but there should be a very good reason for that. I don't see one here. Section 5.3. Why do you need to have 24 bits field if you use only one bit? Do you envision so many additional flags to be defined, so 24 bits are necessary? I think you just assume that aligning msg-type and flags to 32 bits boundary would look nice. It is on paper, but since the options have various sizes, not necessarily divisible by 4, there usually won't be any alignment. A generic question to the WG about bit fields. What is your preference for showing bit fields in an I-D? Should they be listed in most to least significant or least to most significant order? Section 5.4. Please add "and client MUST ignore its content". Do you envision any flags to be defined at a later time in boot-reply-v6? If not, consider dropping the flags field and just use regular message format. Sections 6.2 and 6.3 should say that server includes those options if requested by client. Normative language is not necessary here, because that behaviour is already defined in RFC3315, sections 17.2.2 and 18.2. You should add that client MUST not send either of those options. Is it defined somewhere how to use content of the 4o6 Servers address option? In particular, how to use more than one address? For example, if there are 3 unicast addresses are sent, the client will send each DHCPv4 message in 3 copies, right? I'm fine with that, but it be mentioned explicitly. And probably discussed in security considerations. What if I set my rogue server that will announce 80 unicasts, with the same address repeated? This will serve as a nice amplification attack, right? Section 6.3 in its current form allows 0 addresses to be configured. The wording should be improved to say something like "one or more addresses". There should be a discussion about a case when only 4o6 Server Address option is provided, but not 4o6 Enable option. That is a configuration error, but it should be explained that client MUST ignore 4o6 Server Address option if 4o6 Enable option was not received. Section 8: "A client MUST set the Unicast flag as specified in Section 7." I would rephrase that sentence. In its current form it may be understood as "client must set th unicast flag always (as was specified in 7)". It would be better to say "A client MUST follow rules defined in Section 7 when setting Unicast flag.". Section 9: Please remove this sentence " A DHCPv6 relay agent MUST implement the Relay behaviour described in section 20.1.1 of [RFC3315].". It does not add anything, this is a redundant statement. Relay agent is by definition a node that fulfills requirements defined in 3315, including section 20.1.1". If you really want to keep this text, please write is without normative language. Something along the lines of "Relay agent that supports 4o6 is a regular DHCPv6 Relay Agent (follows all requirements specified in RFC3315), but also performs additional functions." Although it is not strictly necessary, I would add a clarification sentence in bullet 1 in section 9 that the packet is relayed as normal DHCPv6 (i.e. DHCPv6/UDP/IPv6) packet. Are you sure that dhc-dhcpv6-unknown-msg is a normative reference? I think it would be more appropriate to use informative reference, but it won't object it you keep it as it is now. ietf-dhc-dhcpv4-over-ipv6 is a reference that is not used in the text. Please either use or remove it. I have no further comments. This is a useful draft and I think it is almost ready to move forward. Thank you for doing this work. Tomek
- [dhcwg] Comments on draft-ietf-dhc-dhcpv4-over-dh… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv4-ove… Tomek Mrugalski