Re: [dhcwg] passing relay info back to client
kkinnear <kkinnear@cisco.com> Mon, 08 January 2018 16:03 UTC
Return-Path: <kkinnear@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A383B129966; Mon, 8 Jan 2018 08:03:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0li3VvSXIGnI; Mon, 8 Jan 2018 08:03:04 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD8FD126579; Mon, 8 Jan 2018 08:03:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3617; q=dns/txt; s=iport; t=1515427383; x=1516636983; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=pm09F6cKZd9JrRCPcKiAZMsjthn7XbyrPgxJPit7F50=; b=cLs1JXoE9A9rOq9VpdXZ9iMQfBn7htI10gjzhQSz3i22C1ivK1LHWqPP NZUv7+qDQdj9hy9lat6OlPqn4ZYUdWYfJ4MH4JYp2xaFMtK0xo1I/ORLl Kh+hLlS2ieDX9JrfhVf+kpOw27qQPZyrQPDUyKglGZt9p0iuMI+K6bj6m I=;
X-IronPort-AV: E=Sophos;i="5.46,330,1511827200"; d="scan'208";a="334362894"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jan 2018 16:03:03 +0000
Received: from dhcp-161-44-67-113.cisco.com (dhcp-161-44-67-113.cisco.com [161.44.67.113]) (authenticated bits=0) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w08G323L021578 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 8 Jan 2018 16:03:02 GMT
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: kkinnear <kkinnear@cisco.com>
In-Reply-To: <538FCED7-3077-418C-A830-C07998CE0573@juniper.net>
Date: Mon, 08 Jan 2018 11:04:20 -0500
Cc: Kim Kinnear <kkinnear@cisco.com>, Ted Lemon <mellon@fugue.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-netconf-zerotouch@ietf.org" <draft-ietf-netconf-zerotouch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <35F339A2-370E-41C1-9747-A48020926184@cisco.com>
References: <88649CAA-99B6-48FA-8E47-6D386BD50FFD@contoso.com> <6C753DD6-D6E4-426B-ABE5-78F8C85AB66C@fugue.com> <538FCED7-3077-418C-A830-C07998CE0573@juniper.net>
To: Kent Watsen <kwatsen@juniper.net>
X-Mailer: Apple Mail (2.3273)
X-Authenticated-User: kkinnear@cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/iHMU2UnVI5yPB9WMFAj7pu0FmhU>
Subject: Re: [dhcwg] passing relay info back to client
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 16:03:06 -0000
Kent, When the NMS receives the "call home message", instead of using the location information passed by the device (which it seems not to have), why doesn't the NMS ask the DHCP server for the relevant information (using the device's IP address)? The NMS could send a leasequery to the DHCP server, or it could query the DHCP server in a product-dependent way. At least some DHCP servers store the relay agent information, and will return it if asked nicely. Just a thought... Kim > On Jan 4, 2018, at 4:41 PM, Kent Watsen <kwatsen@juniper.net> wrote: > > Hi Ted, > > Thanks for the speedy reply and the pointer to RFC 6422. Yes, that seems to do it, but looking at the IANA registry, I see that OPTION_ERP_LOCAL_DOMAIN_NAME is the only option that is supported thus far, so we'd have to add the Remote-ID and Interface-ID options if needed… > > The problem I'm trying to solve is one whereby an operator has a number of devices in storage, any one of which may be retrieved and placed somewhere in their network. The goal is for the device to bootstrap itself with the correct configuration for its given location in the network. Normally, a device would "call home", identifying itself via its serial number (i.e., IDevID certificate), for which the NMS is preconfigured to know the device's location, and hence sends the correct configuration (for that location in the network) to the device. However, some operators don't want to implement the backend tracking logic to know which serial number goes where; instead, they want to rely on values such as remote-id and circuit-id to identify the device's location. In this case, the device's call home message is something like "this is my serial number, and this is where I'm located". The NMS receiving the call home message can still verify that the device is a valid device (i.e., its serial number is allowed on the network), but rather than rely on preconfiguration to know where the device is located, it instead uses the location information passed by the device. Both scenarios lead to the same initial configuration being passed back to the device, they only differ in the steps take to determine where the device is located. Makes sense? > > BTW, in case it's unclear, this zerotouch bootstrapping (call home) step is envisioned to be something that happens just the very first time the device boots. The NMS would record/bind the device (serial number) to the given location, and hence does not need to be informed of its location ever again. > > Thanks again, > Kent > > > On 1/4/18, 2:57 PM, "Ted Lemon" <mellon@fugue.com> wrote: > > RFC 6422 addresses this issue for DHCPv6. There's no solution for DHCPv4. In general, we don't want the relay to be adding options to the packet on the way to the client, so it would have to be special-case behavior. There's no reason why something like RFC 6422 couldn't be done for DHCPv4—it's just that it's a legacy protocol, so we aren't doing work on it. > > That said, can you talk about the actual problem you're trying to solve here? What you said you want to do doesn't actually make sense to me, so either I'm missing something, or you're thinking of doing something with DHCP that doesn't actually make sense in the greater context of DHCP. > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] passing relay info back to client Kent Watsen
- Re: [dhcwg] passing relay info back to client Ted Lemon
- Re: [dhcwg] passing relay info back to client Kent Watsen
- Re: [dhcwg] passing relay info back to client Bernie Volz (volz)
- Re: [dhcwg] passing relay info back to client kkinnear