Re: [dhcwg] DHCP Relay and Prefix Delegation

"Bernie Volz (volz)" <volz@cisco.com> Wed, 27 July 2016 21:08 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8200112DBE3 for <dhcwg@ietfa.amsl.com>; Wed, 27 Jul 2016 14:08:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.808
X-Spam-Level:
X-Spam-Status: No, score=-15.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wM-OWz7nx0IC for <dhcwg@ietfa.amsl.com>; Wed, 27 Jul 2016 14:08:36 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B93512D5BE for <dhcwg@ietf.org>; Wed, 27 Jul 2016 14:08:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4386; q=dns/txt; s=iport; t=1469653707; x=1470863307; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=RZbeSl+IWUCEgwJIcysTuvQFm/X92P2biyq6SOsy9Ho=; b=NV3He9FyE6ETBN9AO7erIeZ6yiH3kw3G3VQcOq/tp3znZtfXPqu5XiOs ciNuEAKt8NXmyt/tggGVJPdW6VWdgoQm1sg4YbeZ/vRcHWm32Eb1IiXqO aPxDEiIyUDQZJQ1m7L4ZFsIT5cp4OR8fr2+7QuWOZ1C+QcmnMSQOlQHVS s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BTAgDSIZlX/5tdJa1dgz9WfAasTYwhg?= =?us-ascii?q?X0khXkCHIEbOBQBAQEBAQEBXSeEXAEBBAEBASEROhAHBAIBCBEBAwEBAQICIwM?= =?us-ascii?q?CAgIfBgsUAQIGCAIEARIIiA8DDwgOrk6JMw2EDgEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBARcFgQGJdoJDgU0aLYJqgloFmH00AYYXhjKCK49HiCiEBYN3AR42g3huhnx?= =?us-ascii?q?FfwEBAQ?=
X-IronPort-AV: E=Sophos;i="5.28,431,1464652800"; d="scan'208";a="133547595"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jul 2016 21:08:26 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u6RL8Qfx002140 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Jul 2016 21:08:26 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 27 Jul 2016 16:08:25 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Wed, 27 Jul 2016 16:08:25 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>, Ian Farrer <ianfarrer@gmx.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] DHCP Relay and Prefix Delegation
Thread-Index: AQHR4peHFsKfCVK5LEKpehiZewsJ86Apm16AgAF9w4CAAbbwEA==
Date: Wed, 27 Jul 2016 21:08:25 +0000
Message-ID: <880d749ea25b4573a0a0e816b24bcc32@XCH-ALN-003.cisco.com>
References: <577FDCCE.5090107@gmail.com> <CAKD1Yr16-awybeDPHjk7uRkesDtn8UfDewJ9_AwA3uxzR3KjhQ@mail.gmail.com> <54cb972a-7fe3-0637-f6b1-7ac01ec794ef@gmail.com> <CAKD1Yr1g5THruFQ30gLPK5XDaXLDJLLQeU2ZtzkMVZpwz5Svag@mail.gmail.com> <a0f4c01a-c59a-1435-398d-ecdea87e6f15@gmail.com> <3ffaddf5-41fe-12e6-5225-2a7c2cd45f40@gmail.com> <598C23F2-8104-47AC-A3EB-0193B11B1D0B@gmx.com> <dd8a0130-7eae-f60a-9c4e-4062727af8fd@gmail.com>
In-Reply-To: <dd8a0130-7eae-f60a-9c4e-4062727af8fd@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.131.77.197]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/mOtv5CzIIwKtbnfO6rgKQetOi1M>
Subject: Re: [dhcwg] DHCP Relay and Prefix Delegation
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2016 21:08:39 -0000

BTW: There may also be something in the CableLabs DOCSIS specifications, but I'm not sure it was detailed.

Also, depending on what happens with seDHCPv6, we may need to dust of earlier work, such as https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-agentopt-delegate, as snooping would be difficult for the relay(s) when the client/server interactions is encrypted.

- Bernie

-----Original Message-----
From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Alexandre Petrescu
Sent: Tuesday, July 26, 2016 9:55 AM
To: Ian Farrer <ianfarrer@gmx.com>om>; dhcwg@ietf.org
Subject: Re: [dhcwg] DHCP Relay and Prefix Delegation

Hi Ian,

Le 25/07/2016 à 17:08, Ian Farrer a écrit :
> Hi Alexandru,
>
> Thanks for the pointer to the document. I’ve had a look through it
> and whilst it’s certainly related, the specific problem that I’m
> seeing in vendor’s implementations is only really touched upon in
> Section 5.1. Yes, snooping is implemented, but the way that this is
> implemented, the messages that do/don’t get forwarded and the errors
>  that get generated when things are not working are pretty much
> variable from vendor to vendor (and in one case, there are two
> different implementations in the same platform with differing
> behaviours).
>
> I would like to see an effort to define this behaviour better and
> volunteer to work on it. I’m not sure whether this draft is
> necessarily the right starting point as it’s more concerned with the
>  route advertisement part of the problem and enumerating ways that
> this could be performed, but it really depends on how this problem is
> scoped.

Our concern is mostly related to routing (may need routing table
insertion/deletion upon prefix allocation, depending on the addressing
architecture).

At the same time I agree other aspects than just routing need to be
considered at Relay during the Prefix Delegation operation.

In that sense I am interested if new draft gets started.

> I’m also aware that RFC7513 section 6 has quite some detail of how
> DHCPv6 snooping works in SAVI for DHCP. I haven’t been through this
> in detail yet, but it’s probably got useful stuff in there.

Would need to check how SAVI relates to the dynamically allocated prefix.

Further, I wonder (1) what the security considerations section would
contain and (2) which platform vendor has equipment supporting Prefix
Delegation.

Alex

>
> Cheers, Ian
>
>> On 20 Jul 2016, at 17:00, Alexandre Petrescu
>> <alexandre.petrescu@gmail.com> wrote:
>>
>> Hello,
>>
>> There was a discussion today in the DHC WG meeting about the
>> DHCPv6bis XML.  One issue raised was that maybe a clarification was
>> needed about the problem of a Relay in a DHCPv6 Prefix Delegation
>> setting.
>>
>> We wrote a draft earlier on a problem in this setting:
>> draft-petrescu-relay-route-pd-problem-00
>>
>> Alex
>>
>> _______________________________________________ dhcwg mailing list
>> dhcwg@ietf.org https://www.ietf.org/mailman/listinfo/dhcwg
>
>

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg