Re: [dhcwg] Pre-determining DUID
Jarrod Johnson <jarrod.b.johnson@gmail.com> Sat, 31 October 2009 02:26 UTC
Return-Path: <jarrod.b.johnson@gmail.com>
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19F6B3A6861 for <dhcwg@core3.amsl.com>; Fri, 30 Oct 2009 19:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[AWL=0.604, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k7qDZ2wFUrOE for <dhcwg@core3.amsl.com>; Fri, 30 Oct 2009 19:26:29 -0700 (PDT)
Received: from mail-yx0-f192.google.com (mail-yx0-f192.google.com [209.85.210.192]) by core3.amsl.com (Postfix) with ESMTP id DE4793A6781 for <dhcwg@ietf.org>; Fri, 30 Oct 2009 19:26:28 -0700 (PDT)
Received: by yxe30 with SMTP id 30so3715030yxe.29 for <dhcwg@ietf.org>; Fri, 30 Oct 2009 19:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=C/3iJ4MwONbF4BXAjvJ8PqSy0fjUomVAviLZn0wcwuo=; b=LKserY5FrfAvk0GX46yeejhEraKFgQTb4e2ACN5TH++WQ5UqDM5e/T0nyUq0z72Cko 4sOWxmWdVsmitmNje2aV9yKSNidiT+WWTaKUthnB3IkW5smIw+RlGo+3R4UB9YpgbjlM 2Vc7ETQa/4ueQjnAd+FFK1VWXwFdV8GJ0NV6M=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=vljl7uFn1nA6GQqcxG3ob9JAoG1GoyeYHqmp7RL/wocJCz++2U9/m8XOwVDMRtgVQ+ vw1IWsx0VVaiacFg83DoYmMoONFoNXGEmcgkFQ3WygR4oP6fJl7tpsvWLGier5R9lXlw St+4KnuF4eqsxuhtAEX7qA0de/dISgtmx1PeE=
MIME-Version: 1.0
Received: by 10.150.109.3 with SMTP id h3mr4331349ybc.105.1256956003771; Fri, 30 Oct 2009 19:26:43 -0700 (PDT)
In-Reply-To: <02B85D20-CA25-4AFB-BC8B-72095A4485B1@nominum.com>
References: <fab4e42a0910091810j71fcabd8h12d992be6d28d320@mail.gmail.com> <FFE5030C-7341-471F-9731-EC069F857A01@nominum.com> <20091011002522.GA26560@angus.ind.WPI.EDU> <02B85D20-CA25-4AFB-BC8B-72095A4485B1@nominum.com>
Date: Fri, 30 Oct 2009 22:26:43 -0400
Message-ID: <fab4e42a0910301926h2ab62d9ct963971d81fd7734d@mail.gmail.com>
From: Jarrod Johnson <jarrod.b.johnson@gmail.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, Chuck Anderson <cra@wpi.edu>
Subject: Re: [dhcwg] Pre-determining DUID
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2009 02:26:30 -0000
On Sun, Oct 18, 2009 at 4:55 PM, Ted Lemon <Ted.Lemon@nominum.com> wrote: >> So these are the motivations behind our desire at least to provide the >> chaddr in the DHCP packet as a way to identify and classify clients. >> As I said in my other email, we have a working prototype that does >> exactly this for ISC dhcrelay. > > My only objection to you proposing this is that it's clear to me from some > of your early statements in this message that you actually intend to use the > MAC address from the relay agent option as an identifier in place of DUID, > and not as a hint for your back office system to use in connecting > DUID-based identifiers to MAC-based identifiers. This is unnecessary--what > you're proposing completely solves your problems without requiring any > change to RFC3315 or RFC4361. > > So if you were to propose a protocol extension that included the MAC address > in the relay agent options, and you were to describe how it could be used as > a hint to relate DUID-based identifiers to MAC-based identifiers, I would be > in favor of that. But to the extent that your proposal essentially > substitutes this relay-provided identifier for DUID-LLT, this would > eliminate an identifier that is the same across all interfaces for the same > device, and I would not support that. ]> > One bellwether of this would be whether or not you expected a PXE boot > loader that sends a different identifier than the OS client to get the same > IP address that the OS client gets, because the relay-supplied MAC address > is the same. If you expect this, your spec breaks interoperability. >From a practical standpoint, for a static host identity that I want to specifically control, I want this to be possible since the OSes have already rolled DHCPv6 implementations that won't send the same identifier as hypothetical boot agents. I don't want to be required for a statically declared host to carry multiple layer 3 identities based on time (one of which I won't know in advance at all). For a dynamic host identity within a specific range, I wouldn't care that addresses change between phases (though it certainly sounds peculiar). If there were strategies to assure a firmware selected DUID would be used by the OS and I got to declare non-support of all DHCPv6 client OSes that exist today, that would suffice, but I doubt that to be realistic to hope for. (but if it were possible, I would think that ffirmware DHCPv6 actions that succeed set a flag that subsequent OS bringups can use to know that a firmware populated structure is the authoritative DUID rather than to generate one on disk). The problem for me with DUID vs. chaddr is that in practice, there are huge problems that I don't see being addressed that already are present in production DHCPv6 stacks. In theory, it's nice, but then again, UUID in PXE for IPv4 was nice in theory, but in practice rarely usable since the OS wouldn't cooperate (and many manufacturers are not good about ensuring uniqueness of their UUID, which may happen again with DUID-EN, not because DUID-EN is flawed, but because some manufacturers lack proper discipline to catch things like that). Fixing DUID selection to somehow work in a reliable way would be nice, but it's an option that requires that Microsoft, ISC, and many more change their DHCPv6 client implementations according to as-yet unwritten firmware specs (ISC's job is particularly complicated since they would have to adhere to Openfirmware, UEFI PXE, BIOS PXE, and who knows what else). Snooping the layer 2 inforrmation and allowing an administrator to select on that data is unfortunate, but a backwards compatible of restoring well-known IPv4 workflows in the cases where those quirks are more management than the quirks in IPv6 scenarios introduced by fixing the IPv4 quirks. I want some way to say a particular host will be fdf4cd4e:6dd0::de, regardless of it is PXE booting, if it is installing an OS, if it is netbooting an os, or booting into an OS from a hard drive that has been installed. I've outlined the only ways I could see that happening (either changing existing DHCP clients or allowing static declarations to key off of chaddr), but if you can think of other ways to be able to make this guarantee, I'm receptive. > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] Pre-determining DUID Jarrod Johnson
- Re: [dhcwg] Pre-determining DUID Chuck Anderson
- Re: [dhcwg] Pre-determining DUID Ted Lemon
- Re: [dhcwg] Pre-determining DUID Chuck Anderson
- Re: [dhcwg] Pre-determining DUID Tim Chown
- Re: [dhcwg] Pre-determining DUID Bernie Volz (volz)
- Re: [dhcwg] Pre-determining DUID Ted Lemon
- Re: [dhcwg] Pre-determining DUID Bud Millwood
- Re: [dhcwg] Pre-determining DUID Jarrod Johnson
- Re: [dhcwg] Pre-determining DUID Ted Lemon
- Re: [dhcwg] Pre-determining DUID Bud Millwood
- [dhcwg] Pre-determining DUID Jarrod Johnson
- [dhcwg] Bringing DHCPv6 to DHCPv4-feature-complet… David W. Hankins