Re: [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-dhcpv6-prefix-length-hint-issue
"H. Peter Anvin" <hpa@zytor.com> Thu, 19 May 2016 08:29 UTC
Return-Path: <hpa@zytor.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 094CB12B05D for <dhcwg@ietfa.amsl.com>; Thu, 19 May 2016 01:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-naKDbKI0wK for <dhcwg@ietfa.amsl.com>; Thu, 19 May 2016 01:29:08 -0700 (PDT)
Received: from mail.zytor.com (unknown [IPv6:2001:1868:205::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74E9412B03F for <dhcwg@ietf.org>; Thu, 19 May 2016 01:29:08 -0700 (PDT)
Received: from carbon-x1.hos.anvin.org ([IPv6:2601:646:8802:e381:a634:d9ff:fecc:ca04]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.14.5) with ESMTPSA id u4J8T1Ae005335 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 19 May 2016 01:29:03 -0700
To: "Bernie Volz (volz)" <volz@cisco.com>, 神明達哉 <jinmei@wide.ad.jp>, tianxiang li <peter416733@gmail.com>
References: <0a8817dba2ea46c88ca67334a11c956d@XCH-ALN-003.cisco.com> <CAJE_bqedsyBNLscViu+C9JSRm0sDtnGBjk+4SCPtZ5cKnDanYA@mail.gmail.com> <CAFx+hEMmAbEPq6F_Uh4x5jX7pLXyO7pjaq8_DB+dhQhQUpXBJw@mail.gmail.com> <CAJE_bqeX6TbKgGHSi_k5+R6ML+b7uhm5h_N9e3R5q45jKuAjbA@mail.gmail.com> <3436638ada5242bf970a30897a8fbd93@XCH-ALN-003.cisco.com>
From: "H. Peter Anvin" <hpa@zytor.com>
Message-ID: <18373b06-bfdf-7bad-d872-a3bafe3748c5@zytor.com>
Date: Thu, 19 May 2016 01:28:56 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <3436638ada5242bf970a30897a8fbd93@XCH-ALN-003.cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/oMl9V2Xuri6QkTBbQiAhUaILf7c>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-dhcpv6-prefix-length-hint-issue
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 08:29:09 -0000
On 05/02/16 10:57, Bernie Volz (volz) wrote: > Jinmei: > > Here's I think a simple example ... > > Requesting router solicits for a /56. Delegating router has none to > offer (perhaps temporary issue or the configuration doesn't currently > allow). So, delegating router returns a /60. The requesting router > uses this. > > Now, it does periodic renewals. If it just sends the delegated-prefix > (/60) in the IA_PD, the server will keep renewing this. Since the > delegating router has no other information. > > The current RFC3633 never says that the requesting router should > continue to include a ::/56 as a hint in the renewal (though it also > doesn't prohibit it). > > Thus, even if the delegating router is reconfigured (or the temporary > issue is resolved), the requesting router would continue to use the > /60 (perhaps not being able to operate fully). Yet, if the requesting > router included the ::/56 as a hint (in addition to the /60 > delegated-prefix), the delegating router COULD assign it a /56 when > it was able to. > > There's also a separate issue of if the requesting router where to > Solicit (and say for the /56 hint), should the server abandon the /60 > that it might still have leased or prefer a /56 (or something shorter > than a /60 it has)? That might be less of an issue for this case as > that would generally just be up to the server's policy (as to how > strong the hint it treated). > > To handle the case I mentioned above, we did resort in our server to > remembering the hint the client provided during the Solicit so that > we can re-evaluate as to whether to keep renewing the current > delegated prefix or re-evaluate whether we had something "better" to > offer the client. > > Note that this works both ways - a delegating router might only have > had a /56 to delegated when the client requested a /60, but that > generally is a less interesting case because the requesting router > can just use the longer prefix. > Funny enough, I just went to this list with the explicit intent to ask some of the questions that I believe this document ought to answer, but quite frankly it doesn't look from my reading that it does. I am concerned about client behavior personally, so this is from this perspective. This comes from my having written a patchset (which I need to update) for ISC dhclient to do prefix requests. My concern is when the ::/n prefix hint should be included. My assumption has always been that a single IA_PD always correspond to prefixes that are to be configured together, whereas multiple IA_PD delegations would mean prefixes for separate entities. If this is NOT the intent it probably needs to be clarified. It is also worth noting that a server which receives requests for multiple IA_PD delegations is free to aggregate those if appropriate, although I have no idea if actual servers in the field do. It is still unclear to me if it would be better for the client to push multiple IA_PD options upstream -- giving the server the option to delegate or not delegate -- or if it should forcibly aggregate at the client level. Bernie raises several of the same issues that I tripped over, not surprising. Now, what I think IS clear from the client point of view: a) When creating a SOLICIT message, and there currently is no lease for an existing prefix of the required length, the SOLICIT message SHOULD include the ::/n hint for the desired prefix length. b) When creating a SOLICIT message and there are prefixes which have been used in the past, they SHOULD be included even if they are too narrow. Thus, an IA_PD request might look like: 2001:db8:85a3:2345::/64 ::/60 meaning "please give me a /60 if you can, otherwise please give me 2001:db8:85a3:2345::/64 [again]". What I think is NOT clear from the client point of view: a) When creating a SOLICIT message, and we have had at least one prefix of sufficient length, SHOULD ::/n be included? That is, should an IA_PD request look like: 2001:db8:85a3:7890::/60 ::/60 ... or is the latter implied by the former, even if that specific prefix is unavailable? What is the request looks like: 2001:db8:85a3:7890::/60 2001:db8:85a3:2345::/64 b) Are there messages *other* than SOLICIT where the hint SHOULD get included? c) Whether or not the client SHOULD be encouraged to transmit a hint if it has a *wider* prefix assigned than it needs? [My feeling is that we want to encourage the client to send the hint for the preferred prefix length, longer or shorer, in SOLICIT, RENEW and REBIND messages unless servers in the field are known to malfuction that way.] d) If the client MUST/SHOULD to forcibly do aggregation or not, in the case that it is OK for the client side to deal with multiple disjoint prefixes. [I suspect that current servers will not deal well with client nonaggregation.] e) If the client SHOULD or SHOULD NOT to respond to a narrower prefix than requested by issuing a new request for multiple prefixes (via multiple IA_PD options). f) If there is ever a reason to NOT send a prefix hint? Would that implicitly mean ::/64, and if so, should that be documented? -hpa
- [dhcwg] Follow up from IETF-95 - draft-ietf-dhc-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Francis Dupont
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Marcin Siodelski
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Francis Dupont
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… otroan
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… otroan
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ian Farrer
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Francis Dupont
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… yogendra pal
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… tianxiang li
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… tianxiang li
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… 神明達哉
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… H. Peter Anvin
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… tianxiang li
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… H. Peter Anvin
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Ted Lemon
- Re: [dhcwg] Follow up from IETF-95 - draft-ietf-d… Bernie Volz (volz)