IETF Logo Mail Archive

Re: [dhcwg] [radext] [homenet] PPP, DHCPv6 and Prefix Delegation

Athanasios Douitsis <aduitsis@gmail.com> Wed, 20 November 2013 14:59 UTC

Return-Path: <aduitsis@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4901AE338; Wed, 20 Nov 2013 06:59:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dElmJAF3d4qb; Wed, 20 Nov 2013 06:59:11 -0800 (PST)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5051ADFF5; Wed, 20 Nov 2013 06:59:11 -0800 (PST)
Received: by mail-ie0-f174.google.com with SMTP id at1so7722517iec.19 for <multiple recipients>; Wed, 20 Nov 2013 06:59:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iSBe4EBGoMAlAaqRzs66aHCBQUmtr4XCSeQBkowbwfc=; b=kgJMaewIY1+O5Fec7hEcwYyVBw6dA5PeZj6vX5YMUeKqEfak+SLZdfOp74oDD1ofjV K34EvZAJX+JY8fCskK9j6sTtFMHp6V2FqpEmUYvxa23PUCtOAlX+XO0Umn4b1FuD7kY/ +GkHmIiO3W73hUyLKjNNp0As8idfoOIb8DxeDy/WZ9cL8uVTLfpsmhUpvPdcQTSajD3n FSBuogxsa6Y8hhwSdJyfGtJftKRZOwtx/mt4uf3TEeLOIQfIR2hSAbuGAAwSifYeDXXM YOJnCyb3I+NXuWY6CFwE8sOkc2NwWDpZU3/Hus+I+WRZLfAp3ZLWtkSbGr8CCMf96tv4 HIyA==
MIME-Version: 1.0
X-Received: by 10.43.98.202 with SMTP id cp10mr732967icc.28.1384959544995; Wed, 20 Nov 2013 06:59:04 -0800 (PST)
Received: by 10.64.227.168 with HTTP; Wed, 20 Nov 2013 06:59:04 -0800 (PST)
In-Reply-To: <14253.1384956516@sandelman.ca>
References: <11836.1384276281@sandelman.ca> <CAKOT5Ko2OO=U_0jADb6R88JiFh59BLDSe4P0haqgaBr2M7HobA@mail.gmail.com> <3673.1384528283@sandelman.ca> <CAKOT5Kpp0dCqbZyFzwtjTh9UJ5hGHUMN0ZGQHUL35+mkO9VRrA@mail.gmail.com> <CABT9mj-rw5bsVa7UAiraxu-U2t1QGqPronYj3Fx6ZxoPWo0Zow@mail.gmail.com> <CABT9mj-sQbfiNyfUZDxVmCg7SYWaJXcp+pNbyUSj64iFSA5fuA@mail.gmail.com> <70913413-2B68-4703-84E3-F7CC47E1A0E2@cisco.com> <CABT9mj9Jg-5pM4JKKOOgqszarFj6eDHji_rHZkTw3Eknddaqdw@mail.gmail.com> <489D13FBFA9B3E41812EA89F188F018E1AD9CDF7@xmb-rcd-x04.cisco.com> <B10FDF95-9612-4DD7-8C3E-9361CCBCA4E3@gmail.com> <CABT9mj-p3tjamspMo-F5vJRSCAWEVkvBEogFjAFrr4jL3p9vpw@mail.gmail.com> <489D13FBFA9B3E41812EA89F188F018E1AD9D36C@xmb-rcd-x04.cisco.com> <CABT9mj8Gt==+m-JL2foTvZnU49EhSODN0595cb-P1jn9YQgE6Q@mail.gmail.com> <57C3345230A4F94C9B2F5CFA05D7F2BD1D4ED850@xmb-rcd-x01.cisco.com> <659AA1B8-BA47-420F-A452-24DB776B3061@gmail.com> <57C3345230A4F94C9B2F5CFA05D7F2BD1D4EDB99@xmb-rcd-x01.cisco.com> <CABT9mj-eZ2Xz24YXT7dBvY9jLwyZyuCCFzNoD4YqG7Vz37YuSw@mail.gmail.com> <14253.1384956516@sandelman.ca>
Date: Wed, 20 Nov 2013 16:59:04 +0200
Message-ID: <CABT9mj_+Q7DKQfXMsPW6N79fC_4==q0JtahDiEF9Un05xD9uqA@mail.gmail.com>
From: Athanasios Douitsis <aduitsis@gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="bcaec5171911b53e4d04eb9d0569"
Cc: "radext@ietf.org" <radext@ietf.org>, "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org WG" <dhcwg@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>
Subject: Re: [dhcwg] [radext] [homenet] PPP, DHCPv6 and Prefix Delegation
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 14:59:14 -0000

On Wed, Nov 20, 2013 at 4:08 PM, Michael Richardson
<mcr+ietf@sandelman.ca>wrote:

> Athanasios Douitsis <aduitsis@gmail.com> wrote:
>     > Indeed in a scenario where all the requesting routers connecting to a
>     > delegating router (BNG) would have PD_EXCLUDE capability, using the
>     > Framed-IPv6-Prefix to infer what to put into the OPTION_PD_EXCLUDE
> field is
>     > sufficient.
>
>     > But if there is a mix of PD_EXCLUDE-capable and not capable
> requesting clients,
>     > the situation becomes more complex. The fundamental problem is that
> Prefix
>     > Delegation usually happens after the RADIUS exchange, so the RADIUS
> server
>     > cannot really know whether the customer is exclude-capable or not.
>
> Note that CPEs ought to be smart enough to exclude the subnet that their
> WAN
> link is in, but it's certainly the case that many are not yet that smart.
> (the dnsmasq PD implementation was missing related smarts at first)
>
>     > If, for example, the client is not exclude-capable, then having the
> RADIUS
>     > return a Framed-IPv6-Prefix that is part of the  (greater)
>     > Delegated-IPv6-Prefix is problematic for obvious reasons. In fact,
> I, for one,
>     > cannot wrap my head around a way to cover both cases
> (exclude-capable and
>     > non-exclude-capable) using only the two existing RADIUS attributes
> *and* at the
>     > same time maintain backwards compatibility with old customers.
>
> If the CPE is not EXCLUDE capable, and not smart enough to avoid the WAN
> link, then it doesn't matter what the set of attributes returned is, does
> it?
> Assuming simple minded prefix assignment by CPEs, if they start at subnet
> "1", then using subnet "0" probably works.  But, using subnet "ff" for the
> WAN link is perhaps simpler.



Hello Michael,

When I said "problematic" yesterday, I meant problematic for the delegating
router. If the other side (requesting router - CPE) is not exclude-capable
then is it not illegal for the delegating router to delegate a prefix and
at the same time use part of it to enumerate one its interfaces? So a set
of attributes where the Framed-IPv6-Prefix is contained in the
Delegated-IPv6-Prefix may result in error.

Apologies if I didn't understand correctly what you are saying.

Kind regards,
-- 
Athanasios Douitsis

v2.23.0 | Report a Bug | By Email