Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-tunnel-01.txt

Tomek Mrugalski <tomasz.mrugalski@gmail.com> Thu, 27 September 2012 21:15 UTC

Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A7FE21F851A for <dhcwg@ietfa.amsl.com>; Thu, 27 Sep 2012 14:15:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGzy15hDf+Lr for <dhcwg@ietfa.amsl.com>; Thu, 27 Sep 2012 14:15:06 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id D748121F84FE for <dhcwg@ietf.org>; Thu, 27 Sep 2012 14:15:05 -0700 (PDT)
Received: by bkcjc3 with SMTP id jc3so2593800bkc.31 for <dhcwg@ietf.org>; Thu, 27 Sep 2012 14:15:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=0rsiAOemqHNZ7bNQ3oqdWyRHQ/dWARdurwE1n9OzZn8=; b=Xm4Tkh8ZMzqy6QMwe6eJZBKcjvIcKkdIBLFOjjTYglclKZaH1KXWsXXlFM0lyKA3++ 0xBqgzn95Mxf2Fzjja5kCq5QAcdS2MgRzHLUEFVBME80CkOJMDoIMtBHVE+9000MilYZ yUFFOvvor42rg3gKaF8JpzwaaH488DP+owrBqGHFKcKcqJlVkFvQKQGadUWGzcUghyPz qx/SNGc11FUN2i0LUfj7eIunyKOldS9RYPsQRZt57F6zPO4UeihRt9V/1OcD2C3KxVYz QEx+1At5f8GKqQmrNHLmMven+YSjY6y+GCY9rv5sSzcBNNs4LZ6U/79s3nQZkSkn31Pq gGpw==
Received: by 10.204.151.81 with SMTP id b17mr2867814bkw.95.1348780504725; Thu, 27 Sep 2012 14:15:04 -0700 (PDT)
Received: from tomek.local (host-109-107-11-157.ip.jarsat.pl. [109.107.11.157]) by mx.google.com with ESMTPS id z22sm5580797bkw.2.2012.09.27.14.15.03 (version=SSLv3 cipher=OTHER); Thu, 27 Sep 2012 14:15:04 -0700 (PDT)
Message-ID: <5064C1D6.6070201@gmail.com>
Date: Thu, 27 Sep 2012 23:15:02 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: dhcwg@ietf.org
References: <4D779082-B182-4728-9534-39456573682E@nominum.com>
In-Reply-To: <4D779082-B182-4728-9534-39456573682E@nominum.com>
X-Enigmail-Version: 1.4.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-tunnel-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2012 21:15:07 -0000

On 12-08-10 14:42, Ted Lemon wrote:
> The authors of this draft have requested a working group last call.
> The draft explains how DHCP clients operate in an environment where
> the interface being configured doesn't support multicast (e.g., 6RD).
> If this is a matter of interest to you, please review the draft and
> send comments to the list.
> 
> If you are in favor of advancing the draft, please say so on the
> list; if nobody supports it, it won't advance.   If you oppose
> advancing it, please also say so.   We will determine consensus on
> August 24.
Hi,

I'm terribly sorry for not joining the discussion earlier. I'm in favor
of advancing the draft, but not in its current form.

In my opinion allowing the client to send every message encapsulated in
relay-forw will not give you much, but will just bring more problems. In
particular:

- What would you put in the peer-addr and link-addr fields of the
relay-forw message? Bernie's suggestion for putting 0s in peer-addr
makes sense, but what about link-addr? Would you put CE's global unicast
address there? That would work, but in many cases it would scale up
poorly. If you have 1000 CEs in your network, you would potentially need
to configure 1000 subnets as the server is supposed to use link-addr to
find out those links. Some servers require explicit network topology
information (i.e. listing all links that the server is supposed to
support). On the other hand, you can define one large subnet that covers
all your 6rd CE's global addresses, but that would not work in certain
implementations. This leads to a question if the server is supposed to
treat all CEs as being the same or different links.

- This draft mentions DNS, SIP and NTP options. Are we talking stateless
or stateful (or both) here? That should be clarified.

- The argument for not having to update 3315 is weak. There are couple
inconsistencies in it and there's 3315 bis planned anyway. To be more
specific, This statement "client MUST use link-local address..." from
3315 is in direct contradiction with a another sentence from section
18.1 of 3315: "If the client has a source address of sufficient scope
that can be used by the server as a return address, and the client has
received a Server Unicast option (section 22.12) from the server, the
client SHOULD unicast any Request, Renew, Release and Decline messages
to the server."

Have you considered a different approach? Something like this:

1. Say that any DHCPv6 solution working over tunnels (or non-multicast,
no link-local interfaces in general) MUST support server unicast.
2. Make the 6rd CE send normal messages (not relayed) from its global
address to 6rd BR anycast address.
3. Extend the server unicast to work on solicit, confirm, rebind and
inf-request. (update 3315, section 15, second paragraph).
4. Optionally update 3315 to point out inconsistencies regarding source
address ("MUST use link-local address..." in section 16 vs. 18.1 "If the
client has a source address of sufficient scope..."). That is really
optional, as any server that implements server unicast already disobeys
that rule.

This will work on all servers that adhere to sections 17.2.2 (advertise)
and 18.2.8 (reply): " If the Solicit message was received directly by
the server, the server unicasts the Advertise message directly to the
client using the address in the source address field from the IP
datagram in which the Solicit message was received.".

I understand that you want to have it deployed as soon as possible, but
we have 3315bis work planned anyway, so there will be changes and that
is unavoidable. And with the server-unicast approach, it really isn't
that big change.

Step 4 will happen anyway. So it's a matter of updating section 15:

"A server MUST discard any Solicit, Confirm, Rebind or
Information-request messages it receives with a unicast destination
address."

to

"A server MUST discard any Solicit, Confirm, Rebind or
Information-request messages it receives with a unicast destination
address, unless explicitly configured to use server unicast option with
that address.".

If we are concerned of any possible side effects in normal deployment
scenarios, we may work out some extra safety checks (add "... and the
receiving interface does not support multicast nor link-local addresses").

Sure, expecting the client to magically know server address when sending
the first solicit is odd, but if we want to make DHCPv6 work on
non-multicast, no link-local interfaces, we need to make some
compromises. I very much prefer that approach, compared to the server
reporting that there are 1000s of new relays or server starting to
blindly accepting unicast messages.

On the other hand, there's RFC6276 that talks about co-locating relay
and PD client, so the effort to avoid it is already lost.

Editorial comment:
"The 6rd CE DHCPv6 relay agent SHOULD use the 6rd BR IPv6 anycast
address as the destination address, section 20 of [RFC3315]". That
reference to section 20 of RFC3315 is strange. Section 20 describes
relay operation. What exactly authors want to point to in this context?

Hope that helps,
Tomek

p.s.
Where are we with the 3315bis plans? I know that it is a major work, so
it is not easy to commit to it, but there are more and more things that
require update. I'm already overburdened with the failover work and
other stuff, but for such a grand purpose I will find some time.