IETF Logo Mail Archive

Re: [dhcwg] recommendation on DHCP6 source port numbers

Ole Troan <otroan@employees.org> Wed, 28 February 2024 07:47 UTC

Return-Path: <otroan@employees.org>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E6AC151095 for <dhcwg@ietfa.amsl.com>; Tue, 27 Feb 2024 23:47:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id btEn3BdQzW7s for <dhcwg@ietfa.amsl.com>; Tue, 27 Feb 2024 23:47:29 -0800 (PST)
Received: from proxmox01.kjsl.com (proxmox01.kjsl.com [204.87.183.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCF19C14F70E for <dhcwg@ietf.org>; Tue, 27 Feb 2024 23:47:29 -0800 (PST)
Received: from proxmox01.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox01.kjsl.com (Proxmox) with ESMTP id 5C1B3E29CB; Wed, 28 Feb 2024 07:47:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=GACExTsD1Ks3qUyV fTfcN1vLoDK8qJwgucSsAaHFH84=; b=QoM/ENx2PzC56RN1/2XkTcE0pQ+6ck7C NR1xQDNnhe9zErUwQwQBvBvCINfaGWcnvFNRNOryBckyY+CTledFH0RP+u0vk0ig 4KXgI/Tml3ACYOgtKMTDMw6RzbsQRrei/jKBViW6iDhyvjEXMvhEOoxOSdjKVJKp WYUsOFqHJhpHtDtcIClGJp5qeN9xLHVsYu28yc+oL/lfQ4i/xK5CyNb+sKTzZ0b5 KXV+pq9SVI1VdTErnKokNcZrtcDV+5GtOs9bhruQJWtEFrJPXeefeKAcQtGg9AJP fpxlvz8rmmEeG/kKC0V/3seTC6D6C2mQ16IAwHeL1cGkKTyw5IOYKQ==
Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox01.kjsl.com (Proxmox) with ESMTPS id 3A4F5E29C6; Wed, 28 Feb 2024 07:47:29 +0000 (UTC)
Received: from smtpclient.apple (ti0389q160-5480.bb.online.no [95.34.1.168]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 7BF154E11B5D; Wed, 28 Feb 2024 07:47:28 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <57DFF11C-CA3B-4528-A318-F0A01E82AC80@gmail.com>
Date: Wed, 28 Feb 2024 08:47:16 +0100
Cc: Tomoyuki Sahara <tsahara=40iij.ad.jp@dmarc.ietf.org>, dhcwg <dhcwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD90C58C-76E1-40D6-8489-5011D840FC7E@employees.org>
References: <20240226.150017.738223219320498350.tsahara@iij.ad.jp> <57DFF11C-CA3B-4528-A318-F0A01E82AC80@gmail.com>
To: Bernie Volz <bevolz@gmail.com>
X-Mailer: Apple Mail (2.3774.400.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/rj15AQD0BMe-IlFCpO1k8FLJU9E>
Subject: Re: [dhcwg] recommendation on DHCP6 source port numbers
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 07:47:33 -0000

Bernie,

> No. Normal UDP communication rules apply. A client sends traffic to a well-known destination port and it is free to select whatever port number it likes as the source port. The server’s response is sent from that well known port (as source port) and sent to the client’s selected port (as destination port). This is normal communication and dhcpv6 follows it. That is why nothing is said or needs to be said about the client source port.

I’m with Tomoyuki here.

"
7.2. UDP Ports

Clients listen for DHCP messages on UDP port 546. Servers and relay
agents listen for DHCP messages on UDP port 547.

“

Just checked my little scapy based DHCPv6 server and I do:

       reply = (Ether(src=self.interface_info.mac, dst=request[Ether].src) /
                    IPv6(src=self.interface_info.ip6ll, dst=request[IPv6].src) /
                    UDP(sport=547, dport=546) /
                    DHCP6_Reply(trid=trid) /
                    DHCP6OptServerId(duid=self.duid) /
                    DHCP6OptClientId(duid=clientduid) /
                    DHCP6OptIA_NA(iaid=request[DHCP6OptIA_NA].iaid, T1=t1, T2=t2,
                                  ianaopts = DHCP6OptIAAddress(addr=ipv6,
                                                               preflft=self.preflft,
                                                               validlft=self.validlft)
                    )


I couldn’t find any text supporting your position Bernie. Although I would be fine if that was also the outcome.
As another implementor I cannot figure out what the correct behaviour is from the RFC.

Cheers,
Ole



> - Bernie Volz
> 
>> On Feb 26, 2024, at 1:00 AM, Tomoyuki Sahara <tsahara=40iij.ad.jp@dmarc.ietf.org> wrote:
>> 
>> Hi, DHC wg members:
>> 
>> Can we make recommendations on source port numbers of DHCP6 messages
>> in rfc8415bis?
>> 
>> DHCP6 specification says that DHCP6 clients and servers listen on UDP
>> port 546 and 547 respectively, in RFC8415 section 7.2.  It implies
>> that DHCP6 clients MUST send messages to UDP port 547 (server port) and
>> servers MUST send messages to UDP port 546 (client port) to work with
>> their counterpart correctly (though restrictions can be relaxed with
>> RFC8357 for relays).
>> 
>> But it says nothing about source port numbers.  Without any
>> restrictions, some implementations use ephemeral source port
>> (e.g. 12345) to send their messages.  DHCP6 conversations look like:
>> 
>> 1. client send Solicit    fe80::2#49876    -> ff02::1:2#547
>> 2. server send Advertise  fe80::1#547      -> fe80::2#546 (!)
>> 3. client send Request    fe80::2#49877(?) -> ff02::1:2#547
>> 4. server send Confirm    fe80::1#547      -> fe80::2#546
>> 
>> This behavior is not prohibited by the specification but makes
>> confusions for DHCP6 implementer and network/firewall operators (*1).
>> Most Internet protocols nowadays assume that servers send response
>> messages from the port number they received on.
>> (*1 e.g. https://bugzilla.redhat.com/show_bug.cgi?id=952126 )
>> 
>> In my humble opinion, it is too late to require that DHCP6 client and
>> server MUST send messages from the fixed port number (546/547) because
>> there are too many DHCP6 implementations in the wild.  But making a
>> recommendation is helpful for new implementations/deployments of DHCP6.
>> 
>> An idea to make such recommendation is adding a text in rfc8415bis:
>> 
>> OLD:
>>   7.2. UDP Ports
>>     Clients listen for DHCP messages on UDP port 546.  Servers and
>>     relay agents listen for DHCP messages on UDP port 547.
>> 
>> NEW:
>>   7.2. UDP Ports
>>     Clients listen for DHCP messages on UDP port 546.  Servers and
>>     relay agents listen for DHCP messages on UDP port 547.
>> 
>>     Clients are RECOMMENDED to send DHCP messages from UDP port 546.
>>     Servers and relay agents are RECOMMENDED to send DHCP messages
>>     from UDP port 547 (unless relay agent includes Relay Source Port
>>     Option for DHCP6 [RFC8357]).
>> 
>> I know WGLC has been concluded but I believe the recommendations above
>> encourage new implementations to use the standard DHCP6 port numbers
>> on UDP source port.
>> 
>> 
>> Best regards,
>> Tomoyuki Sahara
>> 
>> 
>> _______________________________________________
>> dhcwg mailing list
>> dhcwg@ietf.org
>> https://www.ietf.org/mailman/listinfo/dhcwg
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg

v2.29.0 | Report a Bug | By Email | System Status