[dhcwg] Spencer Dawkins' No Objection on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with COMMENT)
"Spencer Dawkins" <spencerdawkins.ietf@gmail.com> Wed, 30 September 2015 19:43 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6564F1A89FD; Wed, 30 Sep 2015 12:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDfMSWny27HC; Wed, 30 Sep 2015 12:43:13 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AFB31A89E9; Wed, 30 Sep 2015 12:43:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.4.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150930194313.3703.1816.idtracker@ietfa.amsl.com>
Date: Wed, 30 Sep 2015 12:43:13 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/oxkL1Ppk1m9nEO0gxCOIcxL1Y6g>
Cc: dhcwg@ietf.org
Subject: [dhcwg] Spencer Dawkins' No Objection on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 19:43:15 -0000
Spencer Dawkins has entered the following ballot position for draft-ietf-dhc-dhcpv4-active-leasequery-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv4-active-leasequery/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for including a lot of TCP-awareness in this specification. I had a few questions, but nothing at Discuss level. If you have questions about my questions, please ask, of course. In this text, A requestor attempts to establish a TCP connection to a DHCPv4 Server in order to initiate a Leasequery exchange. If the attempt fails, the Requestor MAY retry. you might want to give some guidance about reasonable intervals to wait before retrying, randomizing retry intervals, and/or backing off retry intervals to some conservative maximum value. This isn't a general-purpose client-server protocol, and you understand the use case better than I do (and I wouldn't try to offer defaults), so please just consider whether this would be helpful. In this text, In any of the first three possibilities, the DHCPv4 server can be assumed to not support TLS. In this case, the requestor MUST close the connection. is the assumption that all three possibilities would happen again if you retried the attempt with the same server? I wondered especially about the second possibility (server side TCP connection close, as a possible load-shedding strategy to reject a connection request that might work at another time). In this text, The Requestor attempts to read a DHCPv4 leasequery reply message from the TCP connection. If the stream of replies becomes blocked, the Requestor SHOULD terminate the connection after ACTIVE_LQ_RCV_TIMEOUT, and MAY begin retry processing if configured to do so. I'm not sure what "becomes blocked" means from the Requestor's perspective. I'm guessing the following paragraph, describing interaction with DHCPLEASEQUERYSTATUS, is the clue I'm missing, but if so, reversing the order of the paragraphs, and tying that more tightly ("becomes blocked, with no DHCPLEASEQUERYSTATUS messaging", or whatever the clue I'm missing is), would likely be clearer. I have pretty much the same question about the corresponding text for the server side in 8.1, If the TCP connection becomes blocked while the server is accepting a connection or reading a query, it SHOULD terminate the connection after a BULK_LQ_DATA_TIMEOUT. We make this recommendation to allow servers to control the period of time they are willing to wait before abandoning an inactive connection, independent of the TCP implementations they may be using. and in 8.2, If the connection becomes blocked while the server is attempting to send reply messages, the server SHOULD terminate the TCP connection after ACTIVE_LQ_SEND_TIMEOUT. This timeout governs how long the DHCPv4 server is prepared to wait for the requestor to read and process enough information to unblock the TCP connection. The default is two minutes, which means that if more than two minutes goes by without the requestor reading enough information to unblock the TCP connection, the DHCPv4 server SHOULD close the TCP connection. This text 8.3. Multiple or Parallel Queries Every Active Leasequery request MUST be made on a single TCP connection where there is no other request active at the time the request is made. Note that this is different than what was allowed in [RFC6926] section 7.7 for Bulk Leasequery requests. and the following two paragraphs are good, but I didn't see any corresponding description of whether parallel queries were allowed on a single TCP connection in Section 7, for Requestor behavior, and the Requestor would be the entity that does this wrong, wouldn't it? Or did I miss it? I've seen some use cases described in IESG evaluation e-mail that sounds like the Requestor and DHCPv4 server are close enough for a human to touch both at the same time, but Kathleen commented that some ISPs provide DHCP service to customer edge routers. Is it worth saying anything about firewalls and NATs treating TCP differently? Or would even those cases be part of a trusted network path, so no firewalls or NATs?
- [dhcwg] Spencer Dawkins' No Objection on draft-ie… Spencer Dawkins
- Re: [dhcwg] Spencer Dawkins' No Objection on draf… Kim Kinnear
- Re: [dhcwg] Spencer Dawkins' No Objection on draf… Spencer Dawkins at IETF
- Re: [dhcwg] Spencer Dawkins' No Objection on draf… Kim Kinnear