RE: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection

"Kostur, Andre" <Andre@incognito.com> Wed, 09 October 2002 20:05 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA02296 for <dhcwg-archive@odin.ietf.org>; Wed, 9 Oct 2002 16:05:37 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g99K7Js14644 for dhcwg-archive@odin.ietf.org; Wed, 9 Oct 2002 16:07:19 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g99K7Jv14637 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 9 Oct 2002 16:07:19 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA02270 for <dhcwg-web-archive@ietf.org>; Wed, 9 Oct 2002 16:05:06 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g99K5Av14163; Wed, 9 Oct 2002 16:05:10 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g99K4Qv14108 for <dhcwg@optimus.ietf.org>; Wed, 9 Oct 2002 16:04:26 -0400
Received: from chimera.incognito.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01929 for <dhcwg@ietf.org>; Wed, 9 Oct 2002 16:02:13 -0400 (EDT)
Received: from homerdmz.incognito.com ([207.102.214.106] helo=homer.incognito.com.) by chimera.incognito.com with smtp (Exim 3.35 #1 (Debian)) id 17zN4B-00024L-00; Wed, 09 Oct 2002 13:04:23 -0700
Received: by homer.incognito.com. with Internet Mail Service (5.5.2653.19) id <42494AKG>; Wed, 9 Oct 2002 13:05:25 -0700
Message-ID: <4FB49E60CFBA724E88867317DAA3D198A67484@homer.incognito.com.>
From: "Kostur, Andre" <Andre@incognito.com>
To: "'Thomas Narten'" <narten@us.ibm.com>, Ralph Droms <rdroms@cisco.com>
Cc: Ted Lemon <Ted.Lemon@nominum.com>, "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>, Kim Kinnear <kkinnear@cisco.com>, dhcwg@ietf.org
Subject: RE: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
Date: Wed, 9 Oct 2002 13:05:21 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C26FCF.3259BB10"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

Not necessarily.  The giaddr is required to be the IP address of the
interface upon which the original packet was heard, but I don't recall an
actual restriction on what IP the relayed packet must be sourced from.  If
you have a multiple interface router doing the relaying, the giaddr could be
different than the source IP....

However, the DHCP server is required to send the answer back to the giaddr,
and not the source IP.

-----Original Message-----
From: Thomas Narten [mailto:narten@us.ibm.com]
Sent: Wednesday, October 09, 2002 12:40 PM
To: Ralph Droms
Cc: Ted Lemon; Bernie Volz (EUD); Kim Kinnear; dhcwg@ietf.org
Subject: Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection 


> The message from the relay agent to the server uses the relay agent's 
> address as the source address.  The relay agent modifies and sends the
DHCP 
> message as the payload in a UDP message that appears to originate from the

> relay agent.  Section 4 of RFC1542 gives more details.  The difference 
> between DHCPv4 and DHCPv6 is in the way in which the client message is 
> processed by the relay agent (in DHCPv6, the message is encapsulated in a 
> new message generated by the relay agent).

OK. I misunderstood how this worked. Because the relay agent mucks
with the giaddr field, I had never understood that the relay agent is
in fact sourcing a packet with its own source address (which contains
the same info as the giaddr field). I guess back then, getting the
source address of a packet out of the API was deemed to hard or
something?

So yes, I agree IPsec could be used to secure the relay-agent - server
path.

Thomas
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg