Re: [dhcwg] Remote DHCPv6 configuration
"David W. Hankins" <David_Hankins@isc.org> Thu, 28 October 2010 21:50 UTC
Return-Path: <David_Hankins@isc.org>
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F03E83A68B1 for <dhcwg@core3.amsl.com>; Thu, 28 Oct 2010 14:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.576
X-Spam-Level:
X-Spam-Status: No, score=-6.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BcVew+DSa6F2 for <dhcwg@core3.amsl.com>; Thu, 28 Oct 2010 14:50:45 -0700 (PDT)
Received: from hankinsfamily.info (the.hankinsfamily.info [204.152.186.148]) by core3.amsl.com (Postfix) with ESMTP id BAEA63A67B3 for <dhcwg@ietf.org>; Thu, 28 Oct 2010 14:50:45 -0700 (PDT)
Received: from david.isc.org (dhcp-94.sql1.isc.org [149.20.50.94]) (authenticated bits=0) by hankinsfamily.info (8.13.8/8.13.8) with ESMTP id o9SLqEE7011417 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dhcwg@ietf.org>; Thu, 28 Oct 2010 14:52:15 -0700
Received: by david.isc.org (Postfix, from userid 10200) id 6F19416CD6D; Thu, 28 Oct 2010 14:52:38 -0700 (PDT)
Date: Thu, 28 Oct 2010 14:52:38 -0700
From: "David W. Hankins" <David_Hankins@isc.org>
To: DHC WG <dhcwg@ietf.org>
Message-ID: <20101028215238.GF6960@isc.org>
References: <AANLkTimnag=GdbjiXXBPWaxUvLT_KfPPWW0M9qg8fE-f@mail.gmail.com> <3E5C337A-97A7-40B5-8E3F-2C976177C2A6@nominum.com> <AANLkTik_xSovqxP0ux7WcK2KDb1er+ia1UdeSkfER9Rb@mail.gmail.com> <0C96A96B-73ED-4A33-9473-A8B60F2C0087@nominum.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="AH+kv8CCoFf6qPuz"
Content-Disposition: inline
In-Reply-To: <0C96A96B-73ED-4A33-9473-A8B60F2C0087@nominum.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [dhcwg] Remote DHCPv6 configuration
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2010 21:50:47 -0000
On Thu, Oct 28, 2010 at 12:49:32PM -0400, Ted Lemon wrote:
> The server uses the location of the client to make the address allocation
> decision.
Yes, in the case where the server is permitting incoming Unicasts, it
uses the source IPv6 address of the DHCPv6 packet from the client to
fill in the blanks and understand where the client is connected. This
works because even if the client isn't actually connected to the
network they are using as a source address, they will not receive the
server's reply as it will be routed elsewhere.
I think however if you extend DHCPv6 relay agents to allow unicasts
from clients, and list relay agents as the neighbor addresses in
Tomasz' neighbors option, that the relay agent would fill the link-
address field correctly, and the peer-address would be the client's
working global IPv6 address on the previous broadcast domain. So it
would work trivially; the query and reply would follow the usual relay
semantics except the reply would be unicast from the final relay to
the client on its old network.
This is even preferable because sometimes DHCPv6 state is snooped in
Relay Agent implementations for beneficial operational purposes. It
would be better to include the new Relay Agent in the exchange than
to try and rebuild state around Confirm/Reply messages when the client
makes the hand-over (such as through Lease-Query).
If there is no relay agent, however, there comes a problem. I think
various extensions are possible (the most obvious to me is a new
message ("Remote-Forward"?) to replicate the Relay-Forward link-
address field, and then encapsulate the client's Solicit or Request
or others under that.
But I wonder if this may be over-complete:
1) There is no reason why a relay agent may not be co-resident on a
system with a DHCPv6 server that desires this "remote mode"
deployment. It could be configured to listen on a specific unicast
IPv6 address, and not the servers-and-agents multicast address.
2) Mobile IPv6 deployments seem unlikely to me to connect DHCPv6
servers to many (if any) actual client-loaded broadcast domains
directly.
Also, this doesn't seem to solve for ICMPv6 Router Advertisement
pre-loading. The client would have a /128 allocated by DHCPv6, but
would not know the local prefix or what default routers are present.
I think there would have to be some other extensions to pre-load this
information as well.
Another alternative is to allow the client to establish a tunnel to
the new network (presented as being bridged into the new network's
broadcast domain), perform configuration, and then transfer state from
the tunnel interface to the physical interface at a hand-off.
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
- [dhcwg] Remote DHCPv6 configuration Tomasz Mrugalski
- Re: [dhcwg] Remote DHCPv6 configuration Ted Lemon
- Re: [dhcwg] Remote DHCPv6 configuration Tomasz Mrugalski
- Re: [dhcwg] Remote DHCPv6 configuration Ted Lemon
- Re: [dhcwg] Remote DHCPv6 configuration David W. Hankins