IETF Logo Mail Archive

Re: [dhcwg] Pre-determining DUID

Jarrod Johnson <jarrod.b.johnson@gmail.com> Sat, 31 October 2009 02:26 UTC

Return-Path: <jarrod.b.johnson@gmail.com>
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19F6B3A6861 for <dhcwg@core3.amsl.com>; Fri, 30 Oct 2009 19:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[AWL=0.604, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k7qDZ2wFUrOE for <dhcwg@core3.amsl.com>; Fri, 30 Oct 2009 19:26:29 -0700 (PDT)
Received: from mail-yx0-f192.google.com (mail-yx0-f192.google.com [209.85.210.192]) by core3.amsl.com (Postfix) with ESMTP id DE4793A6781 for <dhcwg@ietf.org>; Fri, 30 Oct 2009 19:26:28 -0700 (PDT)
Received: by yxe30 with SMTP id 30so3715030yxe.29 for <dhcwg@ietf.org>; Fri, 30 Oct 2009 19:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=C/3iJ4MwONbF4BXAjvJ8PqSy0fjUomVAviLZn0wcwuo=; b=LKserY5FrfAvk0GX46yeejhEraKFgQTb4e2ACN5TH++WQ5UqDM5e/T0nyUq0z72Cko 4sOWxmWdVsmitmNje2aV9yKSNidiT+WWTaKUthnB3IkW5smIw+RlGo+3R4UB9YpgbjlM 2Vc7ETQa/4ueQjnAd+FFK1VWXwFdV8GJ0NV6M=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=vljl7uFn1nA6GQqcxG3ob9JAoG1GoyeYHqmp7RL/wocJCz++2U9/m8XOwVDMRtgVQ+ vw1IWsx0VVaiacFg83DoYmMoONFoNXGEmcgkFQ3WygR4oP6fJl7tpsvWLGier5R9lXlw St+4KnuF4eqsxuhtAEX7qA0de/dISgtmx1PeE=
MIME-Version: 1.0
Received: by 10.150.109.3 with SMTP id h3mr4331349ybc.105.1256956003771; Fri, 30 Oct 2009 19:26:43 -0700 (PDT)
In-Reply-To: <02B85D20-CA25-4AFB-BC8B-72095A4485B1@nominum.com>
References: <fab4e42a0910091810j71fcabd8h12d992be6d28d320@mail.gmail.com> <FFE5030C-7341-471F-9731-EC069F857A01@nominum.com> <20091011002522.GA26560@angus.ind.WPI.EDU> <02B85D20-CA25-4AFB-BC8B-72095A4485B1@nominum.com>
Date: Fri, 30 Oct 2009 22:26:43 -0400
Message-ID: <fab4e42a0910301926h2ab62d9ct963971d81fd7734d@mail.gmail.com>
From: Jarrod Johnson <jarrod.b.johnson@gmail.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, Chuck Anderson <cra@wpi.edu>
Subject: Re: [dhcwg] Pre-determining DUID
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2009 02:26:30 -0000

On Sun, Oct 18, 2009 at 4:55 PM, Ted Lemon <Ted.Lemon@nominum.com> wrote:
>> So these are the motivations behind our desire at least to provide the
>> chaddr in the DHCP packet as a way to identify and classify clients.
>> As I said in my other email, we have a working prototype that does
>> exactly this for ISC dhcrelay.
>
> My only objection to you proposing this is that it's clear to me from some
> of your early statements in this message that you actually intend to use the
> MAC address from the relay agent option as an identifier in place of DUID,
> and not as a hint for your back office system to use in connecting
> DUID-based identifiers to MAC-based identifiers.   This is unnecessary--what
> you're proposing completely solves your problems without requiring any
> change to RFC3315 or RFC4361.
>
> So if you were to propose a protocol extension that included the MAC address
> in the relay agent options, and you were to describe how it could be used as
> a hint to relate DUID-based identifiers to MAC-based identifiers, I would be
> in favor of that.   But to the extent that your proposal essentially
> substitutes this relay-provided identifier for DUID-LLT, this would
> eliminate an identifier that is the same across all interfaces for the same
> device, and I would not support that.
]>
> One bellwether of this would be whether or not you expected a PXE boot
> loader that sends a different identifier than the OS client to get the same
> IP address that the OS client gets, because the relay-supplied MAC address
> is the same.   If you expect this, your spec breaks interoperability.

>From a practical standpoint, for a static host identity that I want to
specifically control, I want this to be possible since the OSes have
already rolled DHCPv6 implementations that won't send the same
identifier as hypothetical boot agents.  I don't want to be required
for a statically declared host to carry multiple layer 3 identities
based on time (one of which I won't know in advance at all).   For a
dynamic host identity within a specific range, I wouldn't care that
addresses change between phases (though it certainly sounds peculiar).
 If there were strategies to assure a firmware selected DUID would be
used by the OS and I got to declare non-support of all DHCPv6 client
OSes that exist today, that would suffice, but I doubt that to be
realistic to hope for.    (but if it were possible, I would think that
ffirmware DHCPv6 actions that succeed set a flag that subsequent OS
bringups can use to know that a firmware populated structure is the
authoritative DUID rather than to generate one on disk).

The problem for me with DUID vs. chaddr is that in practice, there are
huge problems that I don't see being addressed that already are
present in production DHCPv6 stacks.  In theory, it's nice, but then
again, UUID in PXE for IPv4 was nice in theory, but in practice rarely
usable since the OS wouldn't cooperate (and many manufacturers are not
good about ensuring uniqueness of their UUID, which may happen again
with DUID-EN, not because DUID-EN is flawed, but because some
manufacturers lack proper discipline to catch things like that).
Fixing DUID selection to somehow work in a reliable way would be nice,
but it's an option that requires that Microsoft, ISC, and many more
change their DHCPv6 client implementations according to as-yet
unwritten firmware specs (ISC's job is particularly complicated since
they would have to adhere to Openfirmware, UEFI PXE, BIOS PXE, and who
knows what else).  Snooping the layer 2 inforrmation and allowing an
administrator to select on that data is unfortunate, but a backwards
compatible of restoring well-known IPv4 workflows in the cases where
those quirks are more management than the quirks in IPv6 scenarios
introduced by fixing the IPv4 quirks.

I want some way to say a particular host will be fdf4cd4e:6dd0::de,
regardless of it is PXE booting, if it is installing an OS, if it is
netbooting an os, or booting into an OS from a hard drive that has
been installed.  I've outlined the only ways I could see that
happening (either changing existing DHCP clients or allowing static
declarations to key off of chaddr), but if you can think of other ways
to be able to make this guarantee, I'm receptive.
>
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
>

v2.23.0 | Report a Bug | By Email