IETF Logo Mail Archive

Re: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability

Fernando Gont <fgont@si6networks.com> Thu, 09 April 2015 21:26 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57CE91B3364 for <dhcwg@ietfa.amsl.com>; Thu, 9 Apr 2015 14:26:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iAnqX0XKb4Y for <dhcwg@ietfa.amsl.com>; Thu, 9 Apr 2015 14:26:43 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C10D21B335E for <dhcwg@ietf.org>; Thu, 9 Apr 2015 14:26:43 -0700 (PDT)
Received: from cl-1071.udi-01.br.sixxs.net ([2001:1291:200:42e::2]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fgont@si6networks.com>) id 1YgJyD-0006B9-LT; Thu, 09 Apr 2015 23:26:42 +0200
Message-ID: <5526D45A.9020701@si6networks.com>
Date: Thu, 09 Apr 2015 16:34:50 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: "Bernie Volz (volz)" <volz@cisco.com>
References: <489D13FBFA9B3E41812EA89F188F018E1CA32071@xmb-rcd-x04.cisco.com> <489D13FBFA9B3E41812EA89F188F018E1CA321EE@xmb-rcd-x04.cisco.com> <6D7A465E-6EBE-4B69-9B65-BAC7BF2A9873@nominum.com> <489D13FBFA9B3E41812EA89F188F018E1CA3229F@xmb-rcd-x04.cisco.com> <55214802.1070305@si6networks.com> <CAKD1Yr3UYT0yPEqftEXpN8zmk=-dka_NMcu3rbb_GG+YSnk2ZQ@mail.gmail.com> <5524D09B.3090706@si6networks.com> <CAKD1Yr2Ztzoys+xKBzsEHU5hqJmfGpn-GeWPEqNCHRuWOTgsJQ@mail.gmail.com> <55250911.30100@si6networks.com> <CAKD1Yr0ojVmk-ctUO313zvAx01P=B-A2zVuwDm73+dLgVwDLOw@mail.gmail.com> <55250DF2.8050001@si6networks.com> <CAKD1Yr33wFmjjqjYu8YEpqYvnn=kh9oJhe1YAC7UEzacQFBaWg@mail.gmail.com> <55251EFA.4000204@si6networks.com> <CAKD1Yr0XK-DQkcJKwTYmiWzCzZs4pubCme9rAgoZ_ig-P5MgsQ@mail.gmail.com> <55253F14.6000706@si6networks.com> <CAKD1Yr0Q2634Rfw0_9NiU+-S_yfD2RwPs7uPWAbTuOADyx8bHg@mail.gmail.com> <5526B5F9.9090707@si6networks.com> <489D13FBFA9B3E41812EA89F188F018E1CA499A7@xmb-rcd-x04.cisco.com>
In-Reply-To: <489D13FBFA9B3E41812EA89F188F018E1CA499A7@xmb-rcd-x04.cisco.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/s291gnFWHGQsbP-98ISd33Gw9y0>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 21:26:50 -0000

On 04/09/2015 03:29 PM, Bernie Volz (volz) wrote:
>> So the clear benefit is that you can have multiple DHCPv6 servers
>> operating on the same network, and you get address stability
>> without an additional protocol.
> 
> This concept is flawed if the servers aren't cooperating. If there
> are multiple servers that don't share lease data, how does server 1
> know whether the lease was leased to another client or renewed, if
> server 2 ends up communicating with the client? 

Usually, you need servers to communicate because there's no way to tell
which address each server may have assigned to which client. But that's
not the case with this method.

Let me provide another example:

Let's assume that servers were to implement e method by which they
select the IID by embedding the client's MAC address in the IID (that
is, the server essentially generates a SLACC address for the client).

If you have multiple servers, and you have access to the client's MAC,
then there's no need for black magic to tell which addres will be leased
to which client.


The method specified in this document is similar in that respect, with
the only difference in that the IIDs are unpredictable.



> Server 1 may also
> expire the lease (and remove FQDN or other data). Or when a
> leasequery is done, the servers will return conflicting data (one
> says not leased, other says leased).

In all cases, the servers will compute the same address. -- that's the
whole point of the expression we use, and of the servers sharing the
same secret key.


> I just don't buy that is has any real benefit.
> 
> But I am going to refrain from discussing this topic any further as
> my position (not as co-chair, but as an individual) is clear. Once we
> get different people to weight in (either on the mailing list or at
> IETF-93) to determine consensus we can figure out the appropriate
> next step.

That's fine. I'd just like folks to decide based on the properties of
the method. Some of the assertions you've made about it are incorrect,
though.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email