IETF Logo Mail Archive

Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt

"Bernie Volz (volz)" <volz@cisco.com> Wed, 08 April 2020 15:58 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 656E93A0C1A; Wed, 8 Apr 2020 08:58:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AJpCDRAt; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=V4qXLKqy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27wppgnJ7bEf; Wed, 8 Apr 2020 08:58:49 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 247243A0C19; Wed, 8 Apr 2020 08:58:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18372; q=dns/txt; s=iport; t=1586361529; x=1587571129; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=LonDejQ2IgzLle1ib7FiEBY76QfOeT10JWSuD6fonlc=; b=AJpCDRAteUobFSYHFrJDbEXVIP0LTRkQptxDc6owuXx8WllKvamU54Ya WaVMK5yRLJw58lA2emu4Aggll7NUsX1KJnqUZTt3GS/QrFrWIjTghPSWn pnYwMScLTHZaP4pJNCP/w0aYCAcBnJBnOS6PAaop1v8/oON+GQkslzvsT c=;
IronPort-PHdr: 9a23:dqQSoBBX4Im6Bb+3mSi6UyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qgw3kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMdRXUgMdz8AfngguGsmAXFP8KOzCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DYAABi9I1e/5FdJa1mGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBAYF7gSUvUAVsWCAECyoKhBKDRQOKa4Jfk0CEYIJSA1QKAQEBDAEBLQIEAQGERAIXgXAkOBMCAwEBCwEBBQEBAQIBBQRthVYMhXABAQEBAgESEQoTAQE3AQQLAgEIDgMEAQEBJwMCAgIwFAkIAgQBDQUIGoMFgX5NAw4gAaV8AoE5iGJ1gTKCfwEBBYVNGIINCYE4jDMaggCBEUOCTT6CHoIHKzSCXDKCLJENhgWZKHoKgj2XUpwIjzycKwIEAgQFAg4BAQWBaSKBV3AVgyRQGA2BRY9dg3OKVXSBKYtmgTMBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.72,359,1580774400"; d="scan'208,217";a="743710566"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2020 15:58:41 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 038Fwfqd022100 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 8 Apr 2020 15:58:41 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 8 Apr 2020 10:58:41 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 8 Apr 2020 10:58:40 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 8 Apr 2020 10:58:40 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lt5SDKfwF2+xrZ3A2ymdTqXesARzj45Rdb24/jYieeG5ha2JIqxGbS5SXhIkEQ6VXX7dWFL4hloRV5tHkjewjXfRDGRwqj7DlV+h4PGkCgg8+FYEyu1r8CWEZDzR8uwBs/VYCuJefElOdmoiuZQe7pWCeymvu0tgBpgG4bfdc7hIcSiKnTyssj6e/mLfbhIfp33N5r+9ygB3X4H7RCxEbIlbuxxDXHwnLVRmmmQfmCSclukKPmTsv3b7Pf+FsG/mpGj5yDyg9f5P0SDCzBCFDQkQCLKkS3ZEGu7gk1GdGmzGFpV0gxtQ/VpqoDiMHLB522G6cVfMqHF9XVzif0qGtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LonDejQ2IgzLle1ib7FiEBY76QfOeT10JWSuD6fonlc=; b=Nhr+SwTLtcTTE8hkfgYZO1CL8XrZ2h18gi7fq/hh/ZFreWJ+1GllVIwWtiNVSaMZAk18s0rYeKUXo6Lnq3ZUzVo3n4AvaTdCu39DttdiS52dYAWvx+/PZsf9IqlQU2ATLv73iMBDq401/puDTqLIlzjc7tYtoB5vj9JZTEOFZVb3G3uSPJeBpsYhpVfXi5qO3UElVnqEXCja1giE7Rypy6zjRKcDk1tl20GAFnQ57RK6l1J3O2pCiANhOTP3qR/3mK2XuI+UIeMXSmYLyoCLax0e+iK3JImRHwZdTEgWXJqlGLqCApa6nuuydlTzf5ruaiX1Dn/b811/eKX/DybpnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LonDejQ2IgzLle1ib7FiEBY76QfOeT10JWSuD6fonlc=; b=V4qXLKqyliqYcrmYgrDA8SOaOZGg7018jBcEQrnJeiII9AXsMUOjqRjJgIsIKvQgSDTIPP64y+n2M71Lvqu2u+ZUfE14s3eZy1BjXPoAqxOehs319scbCW3lvQ7F8PwjrlmANbu+Jhxw6AXhpPD94NvkouIf+x8b36FLy/ROTM4=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN7PR11MB2531.namprd11.prod.outlook.com (2603:10b6:406:ba::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Wed, 8 Apr 2020 15:58:39 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::29d4:9c08:fa95:c26e]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::29d4:9c08:fa95:c26e%7]) with mapi id 15.20.2878.018; Wed, 8 Apr 2020 15:58:39 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Timothy Winters <tim@qacafe.com>, "ianfarrer@gmx.com" <ianfarrer@gmx.com>
CC: Ole Troan <otroan@employees.org>, "draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org" <draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt
Thread-Index: AQHV98bEC9/aF5Xkw028jQpGj8sRqKhDn3CQgAGc4gD//8IOgIARUXJQgANV7eCAAY4agP//65+AgAmXzwCAAALb0IAKp6oAgAAHjaCAAAajgIAACWFPgAANH4CAAAUMgIAAAJRA
Date: Wed, 08 Apr 2020 15:58:38 +0000
Message-ID: <BN7PR11MB25477D6719A473C96CA8F7FFCFC00@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <158346050095.14620.2547383825421375669@ietfa.amsl.com> <CANFmOt=21NNyYom9KtVQ7x5mTE6rR2GAAg8DwAdaptuOWAJLrQ@mail.gmail.com> <BN7PR11MB2547E17639F673343B5210BBCFFC0@BN7PR11MB2547.namprd11.prod.outlook.com> <CANFmOtnWHJzNtw8-aj+Dqgbqh0aeDMVtXcnib0RC4Bpi+OW0eg@mail.gmail.com> <43727BCE-732F-4629-8BCD-EBCDE2507B82@cisco.com> <BN7PR11MB2547273DA5E1D5F39F26629ACFF00@BN7PR11MB2547.namprd11.prod.outlook.com> <BN7PR11MB254754D841622448F49B021ACFCE0@BN7PR11MB2547.namprd11.prod.outlook.com> <98E34F29-CAB3-4FC3-9B53-AB17AF811683@gmx.com> <75369E25-F0D9-47A5-A94C-EF40736656FC@cisco.com> <D847C596-F3D0-4165-BA5B-32E0D4E7BA35@gmx.com> <BN7PR11MB254768A96E2FCD8A56C92138CFC90@BN7PR11MB2547.namprd11.prod.outlook.com> <CAJgLMKs+v-NF4n7Jg+2LxA965e=FtYt-i9OA7XuWMFkum9VC+w@mail.gmail.com> <BN7PR11MB254798D6651138C6A1614072CFC00@BN7PR11MB2547.namprd11.prod.outlook.com> <DD7C9190-F204-42BE-A210-BEFD3B6AE534@employees.org> <CAJgLMKvv2ao2zLzVFyOoD8suhS_4FJ-jN5fZNCSYt69cNq=ijg@mail.gmail.com> <CAJgLMKvB7eNLArPhsL-XkFjR3qVLBEQKQRu9fCFaM6siSWn13w@mail.gmail.com> <C986677E-8F48-4284-94DD-24F9B2E0CCDB@gmx.com> <CAJgLMKvwmt02FRNyUOhsRoxYVrEx+-A2f-EvsVsUvpiZPb3O9w@mail.gmail.com>
In-Reply-To: <CAJgLMKvwmt02FRNyUOhsRoxYVrEx+-A2f-EvsVsUvpiZPb3O9w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2a0f377b-e46f-4c80-c74c-08d7dbd5b411
x-ms-traffictypediagnostic: BN7PR11MB2531:
x-microsoft-antispam-prvs: <BN7PR11MB2531A86F9AA4CBE861DF8ABCCFC00@BN7PR11MB2531.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0367A50BB1
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(136003)(346002)(366004)(376002)(396003)(316002)(33656002)(54906003)(66574012)(8676002)(8936002)(6506007)(4326008)(478600001)(81156014)(81166007)(71200400001)(66476007)(186003)(2906002)(86362001)(52536014)(76116006)(26005)(66446008)(66556008)(53546011)(55016002)(64756008)(5660300002)(9686003)(110136005)(66946007)(7696005)(518174003); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kgj6EgKXlNfJDZnAXYEDzex4i/siLkh6Ylc9G344LvauTUDJMtDFWF5WaRsCD/5NGiR6HjorTjjNgqHkmgL12edjxiB8gvlQ5kAHAyqvLgMM36By6YmITkLmLWjtT6FeRuhkZou6HkApXsKKT/SQERDOXPawJP33Lx8BgGBqbC1KaPkcJaotri5UncCgZqTVlpcCZaHsfF4ZiXwqUEONVWgUlQU5ssFbIhBza3wjOjF00IOdnwZ9PrJjJ26t/EqpXO9iQCA+bdzRmdjqp9OUFhJEoJt5sv7NibqWkm8ICRfzlPCogZBU9wAYrrOoDHXUT1GqCj4Hz5cjfSKq9dfMcTGEnQY6mpKWIQqSekiJvEVjyUz9M/RpGdk4X4JmBh3R/EtrUBUpGA2FKmMoVDZFYwwfIOr5a7wnzwkYeLVaxahR5M3JWSdCsw2uLhq7+b1ePzICE/FOTlikS5MiSQp4djGa+U+kTOuaUyhHYfzu5Kbb/5Ff42QJ8DBPCOx8NWYN
x-ms-exchange-antispam-messagedata: CggVrqDcRIkXvQgXfHp5LHBXXyCIwoPEolli+yomjZm1ck9CL+nP/dH7eSts2ok6zZ9yWoxzZftKT07+b+7JwE7SKiUi7M2J/6dwgDvUveJF4s6ne6I/se994dv7ZsZrYstVC0eHDgjTOFmK5GYC6g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB25477D6719A473C96CA8F7FFCFC00BN7PR11MB2547namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2a0f377b-e46f-4c80-c74c-08d7dbd5b411
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2020 15:58:38.9826 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FSbAys6r0aAhP+DD5PaC5ohIVrhCr7XiA/Z9OTXaS0WNOgcM4+V0Ytpq4Xab1ycG
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2531
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/r6OoH8eNwk6hscUuij171xIbRRc>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2020 15:58:52 -0000

I’m not sure how that R-4 text helps as there is no “delegated prefix” yet (assuming the CPE has rebooted and has no saved state regarding previous delegated prefixes)?


  *   Bernie

From: Timothy Winters <tim@qacafe.com>
Sent: Wednesday, April 8, 2020 11:51 AM
To: ianfarrer@gmx.com
Cc: Ole Troan <otroan@employees.org>; Bernie Volz (volz) <volz@cisco.com>; draft-ietf-dhc-dhcpv6-pd-relay-requirements@ietf.org; dhcwg@ietf.org
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-dhcpv6-pd-relay-requirements-00.txt

Hi Ian,

  We've seen it on our setups when we reboot a device and forget about connection to a LAN clicent.   Oddly we aren't trying to test the forwarding loop so I would say it happens.

I think that text resolves my issue perfectly.

~Tim

On Wed, Apr 8, 2020 at 11:33 AM <ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>> wrote:
Hi Tim,

Have you seen this in the wild?

What about the following:

   R-4:    If the relay has an existing route for a delegated prefix via an interface, and receives ingress traffic on this interface with a destination address from the delegated prefix (not configured on the relay), then it MUST be dropped.

Thanks,
Ian



On 8. Apr 2020, at 16:38, Timothy Winters <tim@qacafe.com<mailto:tim@qacafe..com>> wrote:

Hi Ole,

I think the issue in all of these cases is the CPE doesn't know it had the prefix previously.  So 3633 won't cover this case, as to the CPE it just seems like IPv6 packets.  It routes them out it's default route, which happens to be the same interface it got them.

~Tim

On Wed, Apr 8, 2020 at 10:29 AM Timothy Winters <tim@qacafe.com<mailto:tim@qacafe.com>> wrote:
Hi Ole,

We have a rule for this when it's delegated to the CPE, WPD-5 to blackhole PDs not assigned.  In this case the CPE had no idea it had it.   G-3 disallows LAN to WAN forwarding before getting an address.  I think this case is WAN to WAN forwarding.   It's not in 7084 to my knowledge, as for 3633 I'm not so sure about.  Let me have a look.

~Tim

On Wed, Apr 8, 2020 at 10:12 AM <otroan@employees.org<mailto:otroan@employees.org>> wrote:
> Sounds like a useful issue to try to address – the DHC connection is because of the DHCP issues.
>
> And, I assume looping occurs because packets cycle between SP router and CPE until TTL/HOP expires?
>
> Do you have a suggestion as to what the CPE should do in this case? For example, are you suggesting that the CPE drop received traffic (except for DHCP and perhaps some other limited traffic addressed to it)?

A CPE should never provide transit.
I.e it should never forward a packet received on it's WAN interface back out the WAN interface.

A more specific rule for that is in 7084 and possibly in 3633, requiring a blockhole route on the requesting router for the delegated prefix.

Ole

v2.23.0 | Report a Bug | By Email