[dhcwg] AD review of draft-ietf-dhc-dhcpv6-load-balancing
Ted Lemon <Ted.Lemon@nominum.com> Wed, 17 December 2014 20:04 UTC
Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE3911A047A for <dhcwg@ietfa.amsl.com>; Wed, 17 Dec 2014 12:04:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aV9oQQCIXInt for <dhcwg@ietfa.amsl.com>; Wed, 17 Dec 2014 12:04:16 -0800 (PST)
Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4F9F1A7001 for <dhcwg@ietf.org>; Wed, 17 Dec 2014 12:04:16 -0800 (PST)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 20C5DDA0107 for <dhcwg@ietf.org>; Wed, 17 Dec 2014 20:04:20 +0000 (UTC)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 4468B53E07D for <dhcwg@ietf.org>; Wed, 17 Dec 2014 12:03:46 -0800 (PST)
Received: from [10.0.20.107] (71.233.43.215) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.195.1; Wed, 17 Dec 2014 12:03:46 -0800
From: Ted Lemon <Ted.Lemon@nominum.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-ID: <0FE7102D-39A6-4245-A07A-B70C945FAE8F@nominum.com>
Date: Wed, 17 Dec 2014 15:03:28 -0500
To: dhcwg <dhcwg@ietf.org>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-Originating-IP: [71.233.43.215]
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/km0eGopxCGFGMWkW_D56eVw3oiI
Subject: [dhcwg] AD review of draft-ietf-dhc-dhcpv6-load-balancing
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2014 20:04:18 -0000
This document is not ready for publication as a proposed standard. The main problem is that it's woefully underspecified, because RFC 3074 was woefully underspecified, and so it gets some key points wrong. In section 3.2, the text appears to be saying that in a DHCPv6 failover setup, a RENEW with a server identifier should be ignored if the load balancing algorithm doesn't identify the client as belonging to that server. This is problematic, for two reasons. First, it leads to the client attempting to renew multiple times, resulting in an increased load on the server. Second, a REBIND would presumably be answered by both servers, so it wouldn't necessarily correct the problem. But this leads to the reason I think this is not ready for publication: RFC 3074 never actually specifies under what circumstances load balancing is done: it leaves it up to the implementation. It kind of implies that load balancing should be done on all requests. But in fact it only ever mentions DHCPDISCOVER. And indeed, I just looked at the ISC implementation, and it only does load balancing on DHCPDISCOVER. Section 2 of this document suggests that load balancing is done for _all_ client-sourced messages, but that would mean that a REBIND message wouldn't get a response from the non-balancing server, which in turn would mean that the client's lease would have to expire before it could rebind to the correct server. There are a couple of ways this could be addressed. One way would be to just take out section 3.2. Another would be to say in section 3.2 that if the server identifier doesn't match the recipient's server identifier, but the load balancing algorithm says that the server should answer for this client, and the server can answer, it should answer, and leave the rest of the text the same. Of course, there's no way to be sure the _client_ will do the right thing with such a response. Do we have any data about operational problems in this scenario with DHCPv4? Anyway, this needs to be resolved before I can last-call the document. Sorry for not catching this in previous reviews.
- [dhcwg] AD review of draft-ietf-dhc-dhcpv6-load-b… Ted Lemon
- Re: [dhcwg] AD review of draft-ietf-dhc-dhcpv6-lo… Bernie Volz (volz)
- Re: [dhcwg] AD review of draft-ietf-dhc-dhcpv6-lo… Bernie Volz (volz)
- Re: [dhcwg] AD review of draft-ietf-dhc-dhcpv6-lo… Ted Lemon
- Re: [dhcwg] AD review of draft-ietf-dhc-dhcpv6-lo… Andre Kostur