IETF Logo Mail Archive

Re: [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-dhcpv6-prefix-length-hint-issue

"H. Peter Anvin" <hpa@zytor.com> Thu, 19 May 2016 08:29 UTC

Return-Path: <hpa@zytor.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 094CB12B05D for <dhcwg@ietfa.amsl.com>; Thu, 19 May 2016 01:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-naKDbKI0wK for <dhcwg@ietfa.amsl.com>; Thu, 19 May 2016 01:29:08 -0700 (PDT)
Received: from mail.zytor.com (unknown [IPv6:2001:1868:205::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74E9412B03F for <dhcwg@ietf.org>; Thu, 19 May 2016 01:29:08 -0700 (PDT)
Received: from carbon-x1.hos.anvin.org ([IPv6:2601:646:8802:e381:a634:d9ff:fecc:ca04]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.14.5) with ESMTPSA id u4J8T1Ae005335 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 19 May 2016 01:29:03 -0700
To: "Bernie Volz (volz)" <volz@cisco.com>, 神明達哉 <jinmei@wide.ad.jp>, tianxiang li <peter416733@gmail.com>
References: <0a8817dba2ea46c88ca67334a11c956d@XCH-ALN-003.cisco.com> <CAJE_bqedsyBNLscViu+C9JSRm0sDtnGBjk+4SCPtZ5cKnDanYA@mail.gmail.com> <CAFx+hEMmAbEPq6F_Uh4x5jX7pLXyO7pjaq8_DB+dhQhQUpXBJw@mail.gmail.com> <CAJE_bqeX6TbKgGHSi_k5+R6ML+b7uhm5h_N9e3R5q45jKuAjbA@mail.gmail.com> <3436638ada5242bf970a30897a8fbd93@XCH-ALN-003.cisco.com>
From: "H. Peter Anvin" <hpa@zytor.com>
Message-ID: <18373b06-bfdf-7bad-d872-a3bafe3748c5@zytor.com>
Date: Thu, 19 May 2016 01:28:56 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <3436638ada5242bf970a30897a8fbd93@XCH-ALN-003.cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/oMl9V2Xuri6QkTBbQiAhUaILf7c>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-dhcpv6-prefix-length-hint-issue
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 08:29:09 -0000

On 05/02/16 10:57, Bernie Volz (volz) wrote:
> Jinmei:
> 
> Here's I think a simple example ...
> 
> Requesting router solicits for a /56.  Delegating router has none to
> offer (perhaps temporary issue or the configuration doesn't currently
> allow). So, delegating router returns a /60. The requesting router
> uses this.
> 
> Now, it does periodic renewals. If it just sends the delegated-prefix
> (/60) in the IA_PD, the server will keep renewing this. Since the
> delegating router has no other information.
> 
> The current RFC3633 never says that the requesting router should
> continue to include a ::/56 as a hint in the renewal (though it also
> doesn't prohibit it).
> 
> Thus, even if the delegating router is reconfigured (or the temporary
> issue is resolved), the requesting router would continue to use the
> /60 (perhaps not being able to operate fully). Yet, if the requesting
> router included the ::/56 as a hint (in addition to the /60
> delegated-prefix), the delegating router COULD assign it a /56 when
> it was able to.
> 
> There's also a separate issue of if the requesting router where to
> Solicit (and say for the /56 hint), should the server abandon the /60
> that it might still have leased or prefer a /56 (or something shorter
> than a /60 it has)? That might be less of an issue for this case as
> that would generally just be up to the server's policy (as to how
> strong the hint it treated).
> 
> To handle the case I mentioned above, we did resort in our server to
> remembering the hint the client provided during the Solicit so that
> we can re-evaluate as to whether to keep renewing the current
> delegated prefix or re-evaluate whether we had something "better" to
> offer the client.
> 
> Note that this works both ways - a delegating router might only have
> had a /56 to delegated when the client requested a /60, but that
> generally is a less interesting case because the requesting router
> can just use the longer prefix.
> 

Funny enough, I just went to this list with the explicit intent to ask
some of the questions that I believe this document ought to answer, but
quite frankly it doesn't look from my reading that it does.

I am concerned about client behavior personally, so this is from this
perspective.  This comes from my having written a patchset (which I need
to update) for ISC dhclient to do prefix requests.

My concern is when the ::/n prefix hint should be included.  My
assumption has always been that a single IA_PD always correspond to
prefixes that are to be configured together, whereas multiple IA_PD
delegations would mean prefixes for separate entities.  If this is NOT
the intent it probably needs to be clarified.

It is also worth noting that a server which receives requests for
multiple IA_PD delegations is free to aggregate those if appropriate,
although I have no idea if actual servers in the field do.  It is still
unclear to me if it would be better for the client to push multiple
IA_PD options upstream -- giving the server the option to delegate or
not delegate -- or if it should forcibly aggregate at the client level.

Bernie raises several of the same issues that I tripped over, not
surprising.


Now, what I think IS clear from the client point of view:

a) When creating a SOLICIT message, and there currently is no lease for
an existing prefix of the required length, the SOLICIT message SHOULD
include the ::/n hint for the desired prefix length.

b) When creating a SOLICIT message and there are prefixes which have
been used in the past, they SHOULD be included even if they are too narrow.

Thus, an IA_PD request might look like:

	2001:db8:85a3:2345::/64
	::/60

meaning "please give me a /60 if you can, otherwise please give me
2001:db8:85a3:2345::/64 [again]".


What I think is NOT clear from the client point of view:

a) When creating a SOLICIT message, and we have had at least one prefix
of sufficient length, SHOULD ::/n be included?  That is, should an IA_PD
request look like:

	2001:db8:85a3:7890::/60
	::/60

... or is the latter implied by the former, even if that specific prefix
is unavailable?  What is the request looks like:

	2001:db8:85a3:7890::/60
	2001:db8:85a3:2345::/64

b) Are there messages *other* than SOLICIT where the hint SHOULD get
included?

c) Whether or not the client SHOULD be encouraged to transmit a hint if
it has a *wider* prefix assigned than it needs?

[My feeling is that we want to encourage the client to send the hint for
the preferred prefix length, longer or shorer, in SOLICIT, RENEW and
REBIND messages unless servers in the field are known to malfuction that
way.]

d) If the client MUST/SHOULD to forcibly do aggregation or not, in the
case that it is OK for the client side to deal with multiple disjoint
prefixes.

[I suspect that current servers will not deal well with client
nonaggregation.]

e) If the client SHOULD or SHOULD NOT to respond to a narrower prefix
than requested by issuing a new request for multiple prefixes (via
multiple IA_PD options).

f) If there is ever a reason to NOT send a prefix hint?  Would that
implicitly mean ::/64, and if so, should that be documented?

	-hpa

v2.23.0 | Report a Bug | By Email