IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023

Daryll Swer <contact@daryllswer.com> Sun, 24 December 2023 18:01 UTC

Return-Path: <contact@daryllswer.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC385C14F5E5 for <dhcwg@ietfa.amsl.com>; Sun, 24 Dec 2023 10:01:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=daryllswer.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jC01kF4SkdKV for <dhcwg@ietfa.amsl.com>; Sun, 24 Dec 2023 10:01:16 -0800 (PST)
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAB56C14E515 for <dhcwg@ietf.org>; Sun, 24 Dec 2023 10:01:15 -0800 (PST)
Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-1d3e6c86868so26506375ad.1 for <dhcwg@ietf.org>; Sun, 24 Dec 2023 10:01:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daryllswer.com; s=google; t=1703440875; x=1704045675; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZDOs8ugeoy215g2xLEl4twiHeYgp0RAY19w11M+vcHo=; b=eq2ySGXncTaBxK48MnCUWfleCN85A1bUFehE+qbDanc1k9roeZKYRJLmlW5YLoGWfz 0yx0+TXCD1q0oa0qSCJHGgmY9PLGCyAQLeDQGRsBXB3Tj9fyNBb/JcU0Hu4McPHjAx+1 7F2TgH+WDiTDIx++DA1zpywIj/EiXwT7Bf6J3uuHgNDyfNj2nqQw7qqqGxNOdnt9QU24 6S2DVKyqChTADZz0X0JsvFFSvhrLKdDxataOiMyX1BxbCFmhXA9sage55k0bY5ILxxX6 y0S+1jO5TCEP+ci74TKekefKqjAoCLIrg5CPsJdi4JcjWEbPLiMaQRkGe/as716Ifa7P 4e/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703440875; x=1704045675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZDOs8ugeoy215g2xLEl4twiHeYgp0RAY19w11M+vcHo=; b=PaHJTqIohzjIh+zBUKvk5SSX5KkaaPTOIWAH6wi2Wh2RybY0w/iqAlYT3UfevEn8pv 8TbmREHH7OcHa7NsrLvZomeUrpSmQsUwFQWzBJ5smBxotdH1aSlut/iwD2kE1y5RulK8 Jhg10eZzLWB88nXgo5UEbzXW4PlvLFnbSSVuzU9rnSp/3RRtLpko17wcwRtRLlgdezq9 zCtOgJWmqfwiLOCzxkOdW20R/QIi1YZCX9yhmnULDvrueWe1+gy8h57uKfj89rZKVanj 3dwRd7IPV0M7LwD3Dx+t2GXKdnzPAsBXe/Gsmjqk2gO2IioZyLePeU41Kks6fzowbbCO Ni0w==
X-Gm-Message-State: AOJu0YwDdgZeQNcR6B4SFFPwQappiiS/4169T+eoTrb/M8bY3PYsQ48K LZGfFEewPXJCA65MMywAIdeZFQ+WTBnO3p4z5mm9p5p7dcnfCA==
X-Google-Smtp-Source: AGHT+IHNoJVLTFdOeCdHD02ik07VU5zcgLMJXQtFTPIAHyJm9IgHG0bdp+rC+5ZUvOnkdBDKAPCfeA==
X-Received: by 2002:a17:902:d2cb:b0:1d4:2836:63dd with SMTP id n11-20020a170902d2cb00b001d4283663ddmr4363654plc.103.1703440874546; Sun, 24 Dec 2023 10:01:14 -0800 (PST)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com. [209.85.214.170]) by smtp.gmail.com with ESMTPSA id pg6-20020a17090b1e0600b0028c30430deesm2861510pjb.33.2023.12.24.10.01.14 for <dhcwg@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 24 Dec 2023 10:01:14 -0800 (PST)
Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1d3ed1ca402so26513695ad.2 for <dhcwg@ietf.org>; Sun, 24 Dec 2023 10:01:14 -0800 (PST)
X-Received: by 2002:a17:903:234a:b0:1d3:eaac:f014 with SMTP id c10-20020a170903234a00b001d3eaacf014mr4542486plh.73.1703440873844; Sun, 24 Dec 2023 10:01:13 -0800 (PST)
MIME-Version: 1.0
References: <CACyFTPE0+aV35JgVCL62T3NKL_tFkxuvM=Wfq0xpcw5_Ra-u_A@mail.gmail.com> <15477.1703435979@localhost>
In-Reply-To: <15477.1703435979@localhost>
From: Daryll Swer <contact@daryllswer.com>
Date: Sun, 24 Dec 2023 23:31:02 +0530
X-Gmail-Original-Message-ID: <CACyFTPFDEmx3CBRoB6Ta8CyQs7pvbZPpW5XX8UPtRt5fx+EO9Q@mail.gmail.com>
Message-ID: <CACyFTPFDEmx3CBRoB6Ta8CyQs7pvbZPpW5XX8UPtRt5fx+EO9Q@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dhcwg@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002e786b060d453c59"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/gczS1JDCd4htT5Qcva37RO3GsMQ>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Dec 2023 18:01:20 -0000

Now that I think about it. This 'can', could get very complicated.

In a service provider network, we definitely don't care what host or
anything else that's happens beyond the customer router, regardless if it's
enterprise or residential. Our legal liability stops at customer KYC,
meaning, if my router gives them a /56 or /48 PD, and this PD information
is logged via AAA/RADIUS, that's enough for an SP to comply with the law.
So yes, an option to disable/ignore addr-reg fully, should be available. Or
better yet, have it disabled by default on server-side. Customer edge
router side should probably be disabled by default too.

However, you're right that there are some enterprises that use stock random
CPEs for branches etc. And this is where we'll run into problems. If there
are say n number of hierarchical routers, that are doing exactly what you
described, are we supposed to "proxy" it all the way from the bottom of the
hierarchy to the top most DHCPv6 server? That sounds terrible and a good
way to create problems with BUM traffic in a network (Just M in IPv6).

I think this responsibility should fall on the operator. I.e, we should
grant the same standardised DHCPv6 server functionality to CPEs which
includes this addr-reg. Meaning now the CPE running DHCPv6 server for its
LAN, will maintain the local table of addr-reg info. The enterprise can
then pull this information via various available methods from the CPE
vendor.

I think the "proxy" idea overcomplicates things vs letting the
responsibility fall upon the enterprise operator.

I'm still not clear overall, how the configuration of this addr-info on
server side would look like, while I understand the M flag, should my link
prefix /64 still be "autonomous" or not though?

--
Sent from my iPhone


On Sun, 24 Dec 2023 at 10:09 PM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> It seems to me that a DHCPv6 server, which has received it's prefix via
> DHCPv6-PD *could* turn around and forward any ADDR-REG-INFORM it received
> up
> one level.  I think it need to reform ("proxy", application-level) the
> messages and take responsability for them itself.  It should not blindly
> forward or rely upon the "end" client to stop and/or retransmit.
>
> While an RFC7084 fits squarely into the "gets DHCPv6-PD", and might even
> delegate DHCPv6-PD, I strongly think that it should never, in the
> residential
> situation, send ADDR-REG-INFORM from the home lan to the ISP.
>
> There are a bunch of enterprise-y situations where an enterprise acts as an
> ISP for it's branch offices, and use stock CPEs. But, in those cases, the
> enterprise usually has some kind of management interface (TR[3]69) that
> would
> allow it to turn this behaviour on.
>
> We have a way for the upstream to turn ADDR-REG-INFORM on/off
> (OPTION_ADDR_REG_ENABLE), and we should recommend that ISPs turn it off.
> We
> should also recommend that CPE routers ignore upstream requests to report
> by
> default.  But, MAY be configured otherwise.
>
> Meanwhile any non-edge home routers, which might get deployed in the home
> (including SNAC Stub routers) should probably proxy the information
> upwards.
>
> The challenge here is that we have to send one ADDR-REG-INFORM message for
> each downstream host, and we have to do that from the address of the host!
> I think we should rethink this in some way.
>
> I wrote some text at:
>   https://github.com/wkumari/draft-wkumari-dhc-addr-notification/pull/68
>
> and I'm sorry to open this can of worms, but I don't think that enterprises
> will be happy without this.  In particular, our desire to enable more
> (permissionless) DHCPv6-PD downstream will get the same pushback that has
> lead to this document.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> [image: dad806703346ec960ea2f67237f882ea1db0de4d]
​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

v2.23.0 | Report a Bug | By Email