IETF Logo Mail Archive

Re: [dhcwg] Call for Adoption: draft-yeh-dhc-dhcpv6-prefix-pool-opt-08

Tomek Mrugalski <tomasz.mrugalski@gmail.com> Mon, 03 September 2012 14:48 UTC

Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E6A21F8666 for <dhcwg@ietfa.amsl.com>; Mon, 3 Sep 2012 07:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6zq8OLBCO+Z for <dhcwg@ietfa.amsl.com>; Mon, 3 Sep 2012 07:48:52 -0700 (PDT)
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id EA09921F865E for <dhcwg@ietf.org>; Mon, 3 Sep 2012 07:48:51 -0700 (PDT)
Received: by eekb45 with SMTP id b45so2054293eek.31 for <dhcwg@ietf.org>; Mon, 03 Sep 2012 07:48:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-tagtoolbar-keys:content-type :content-transfer-encoding; bh=19Zs6KHtZsH3Y0zYRKoS2eb7xd0YK0tThgfoh3gtJOo=; b=FSws5A954On3vNfKbc1StK81ARsEUpkQbgAI+LXsVNCN8twGMDlR0VVdhUyf51N5R9 JP+rF/NXraE5Am/1jlaywvfEupkV3JBJWOgaCwJM+vlOV3kpa7BGYdwzI4Nz/BqkqzAQ CUtHcole15ubHA/eXK+1yzud1/2AOr0GPNRx1KCFiS2OFaZ2KSbxRU0BgrqZbqGranMB ZZT7eaNa6Xj00DqkBX1fOjrFYZjuSCzX5GVtFYaC2/RMSN9A2Y0OvAlD/2KnBEF69I34 +rw532L4Rv3V/BAAmc75b5GgSfwcdtICpGyvPyBZDarEcl93ps17jAPBqsKQz8ghyhHf VCLw==
Received: by 10.14.199.67 with SMTP id w43mr21909339een.33.1346683730966; Mon, 03 Sep 2012 07:48:50 -0700 (PDT)
Received: from ?IPv6:2001:470:6061:1:c6f:7fc7:4c78:2f7e? ([2001:470:6061:1:c6f:7fc7:4c78:2f7e]) by mx.google.com with ESMTPS id k49sm37171999een.4.2012.09.03.07.48.49 (version=SSLv3 cipher=OTHER); Mon, 03 Sep 2012 07:48:50 -0700 (PDT)
Message-ID: <5044C350.4010403@gmail.com>
Date: Mon, 03 Sep 2012 16:48:48 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: dhcwg@ietf.org
References: <91484F36-D059-4D90-8BFE-60434864A579@nominum.com> <6B6C7CCC-0971-4CD1-BC2F-849F6BDC1863@employees.org>
In-Reply-To: <6B6C7CCC-0971-4CD1-BC2F-849F6BDC1863@employees.org>
X-TagToolbar-Keys: D20120903164848462
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Subject: Re: [dhcwg] Call for Adoption: draft-yeh-dhc-dhcpv6-prefix-pool-opt-08
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2012 14:48:52 -0000

On 03.09.2012 10:03, Ole Trøan wrote:
>> [...] 
>> If you think this work should be adopted by the working
>> group, please reply to this message saying so.   If you think this
>> work should not be adopted by the working group, please reply to
>> this message saying so.   We will evaluate consensus on September
>> 7.
> 
> I'm generally uncomfortable with piggybacking on the client
> initiated protocol, to manage a DHCPv6 relay sitting in the middle of
> the conversation.
Piggybacking is not very elegant, but the alternatives are worse. If you
chose not to piggyback, you would have to use some form (something like)
leasequery + active pushback from the server to notify relays that
something has changed. Such a protocol would add new message types, new
connections, perhaps even new state in the server. What is such
hypothetical prefix-pool-queries came from outside your network (or any
unathorized source)? So new attack vectors would have to be considered
and possible protected against.

With prefix pool option in RELAY_REPL that contains PD REPLY, your
server already decided that is ok to respond. No extra connections, no
extra message types, no new state. So in my opinion piggybacking is not
the most elegant solution, but the alternatives are much worse.

One thing that should probably improved is handing of the case when
server policy changes. Right now the draft says to trigger reconfigure
and force a client to start reconfigure process. The client won't get
any new or changed configuration. Also, there may be a network does not
have any client that supports reconfigure (which is optional). So in my
opinion that part of the draft requires some extra work. Does it mean
that we should throw away the whole concept? In my opinion - definitely not.

> I do not think it is a good idea to require DHCPv6 relays to rewrite 
> DHCPv6 client messages.
Nobody suggested such a thing. Relays would consume some options put in
RELAY-REPL. The decapsulation process would work as it is now - take
contents of RELAY-MSG option and send it downlink (be it the next relay
or the client - it doesn't matter).

> does this work with DHCPv6 authentication?
It doesn't affect it at all. Servers that auhenticate their responses
are signing REPLY message that is in turn encapsulated in RELAY-REPL.
THe prefix-pool option is insterted in RELAY-REPL and the REPLY inside
is never modified. prefix-pool never reaches the client. If that is was
your impression after reading the draft, perhaps it should be clarified
in the text?

Tomek

v2.23.0 | Report a Bug | By Email