Re: [dhcwg] Re: Renumbering DNS with stateless DHCPv6 - bug?
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Wed, 19 November 2003 00:27 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27557 for <dhcwg-archive@odin.ietf.org>; Tue, 18 Nov 2003 19:27:39 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AMGBZ-0003sT-1R for dhcwg-archive@odin.ietf.org; Tue, 18 Nov 2003 19:27:21 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hAJ0R91Q014902 for dhcwg-archive@odin.ietf.org; Tue, 18 Nov 2003 19:27:09 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AMGBY-0003sH-Sy for dhcwg-web-archive@optimus.ietf.org; Tue, 18 Nov 2003 19:27:08 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27451 for <dhcwg-web-archive@ietf.org>; Tue, 18 Nov 2003 19:26:55 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AMGBW-0003eC-00 for dhcwg-web-archive@ietf.org; Tue, 18 Nov 2003 19:27:06 -0500
Received: from [132.151.1.19] (helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AMGBV-0003e5-00 for dhcwg-web-archive@ietf.org; Tue, 18 Nov 2003 19:27:05 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AMGBS-0003oC-8v; Tue, 18 Nov 2003 19:27:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ALlig-0005ca-Qz for dhcwg@optimus.ietf.org; Mon, 17 Nov 2003 10:55:19 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA17007 for <dhcwg@ietf.org>; Mon, 17 Nov 2003 10:55:04 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1ALlie-0000Rz-00 for dhcwg@ietf.org; Mon, 17 Nov 2003 10:55:16 -0500
Received: from necom830.hpcl.titech.ac.jp ([131.112.32.132]) by ietf-mx with smtp (Exim 4.12) id 1ALlic-0000Rw-00 for dhcwg@ietf.org; Mon, 17 Nov 2003 10:55:15 -0500
Received: (qmail 86124 invoked from network); 17 Nov 2003 16:04:07 -0000
Received: from h219-110-032-001.catv01.itscom.jp (HELO necom830.hpcl.titech.ac.jp) (219.110.32.1) by necom830.hpcl.titech.ac.jp with SMTP; 17 Nov 2003 16:04:07 -0000
Message-ID: <3FB8EFCD.9080008@necom830.hpcl.titech.ac.jp>
Date: Tue, 18 Nov 2003 00:57:01 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: ja, en-us, en
MIME-Version: 1.0
To: Stig Venaas <Stig.Venaas@uninett.no>
CC: Tim Chown <tjc@ecs.soton.ac.uk>, dnsop@cafax.se, dhcwg@ietf.org
Subject: Re: [dhcwg] Re: Renumbering DNS with stateless DHCPv6 - bug?
References: <20031113191145.GS3473@login.ecs.soton.ac.uk> <3FB40486.8020608@necom830.hpcl.titech.ac.jp> <20031116113524.GB2256@sverresborg.uninett.no>
In-Reply-To: <20031116113524.GB2256@sverresborg.uninett.no>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Stig; >>>One option for passing the new DNS options from the DHCPv6 Light server >>>to the client is a multicast Reconfigure message. That would work >>>if the DHCPv6 Light server is on link, but if relays are used and there >>>is no multicast routing on site, this seems to be a gap (and a case for >>>the RA method - though of course with RA method you still need to >>>reconfigure the router for the new RA...) > I'll comment on your mail, but let me first present how I suggest > it be done. Thanks. > I suggest for server to send reconfigure to clients via relays. > >>From server to relay: > > If multicast routing available in the site: "site" is not a useful concept for autoconfiguration, when the "site" is really small, which is, perhaps, the primary target case of "stateless", which is why I asked multicast over site boundaries. Note also that "site" local unicast addresses are to be deprecated. Moreover, multicast is unreliable unless the server have a list of relays, unless unicast ACK is returned from each relay. And, then, use of multicast reduces the number of traffic by half (ignoring frequent multicast control traffic some are broadcast over a domain), which is not essential. So, > If multicast routing not available in the site: > > unicast to each relay, server has a list of relays is a rational approach for either case. Of course, the server have a stable storage. However, some says "has a list of relays" is a "stateful" approach and is no good. Lack of well definedness of "stateless" is making design and discussion very hard. > Then from relay to client you can always use multicast on link. It is unreliable that relays also should have lists of clients and stable storages or the server directly take care of the clients, in either of which case, unicast is good enough. > Reconfigure messages should be protected due to possible DoS > attacks. I didn't consider that at first. I think that can be > done using public key crypto. Server has a single key pair. > Clients get public key together with the config info, and the > reconfigure message is signed with the private key. Sorry, public key crypto is computationary expensive that it rather amplifies than prevents DoS effect. With your case, reconfigure messages with bogus signature will force clients perform expensive public key crypto computation. >>W.r.t. inter-link multicast, what multicast protocols is intended >>to be used by people in DHC WG? > I'm not sure that should be specified. At least as long as it > isn't SSM, the DHCP infrastructure is completely independent > of which multicast protocols are used, just like other > multicast applications. I asked not "specified" but "intended". When we want to analyse specific application, we must take into account all the layers to calculate number of packets, periods of delay, redundancy, security etc. >>If it is CBT, PIM-SM or SSM, what happens if CORE, RP or SS crashes >>or is renumbered? > Interesting question. It's relatively easy with standard > PIM-SM. You only need to reconfigure the RP address on the > routers, and if you use say BSR, you only need to change on > the c-BSRs and c-RPs. It is more straight forward to change addresses of a DHCP server on relayes to be used for unicast relaying. However, a DHCP server is a single point of failure. > And only within the site. "site" is not a good idea. > There are > also ways to secure multicast against RP crashes etc. This type of approach improve reliability for certain types of failure but does not improve or rather disimprove reliability for other types. > Discussion on multicast reliability and renumbering could be > a good topic for mboned wg. It doesn't belong here. I'm afraid it is not an attractive idea to involve yet another WG in the thread. > For SSM, relays would need to know unicast addresses of DHCP > servers, and if you do reconfigure with multicast, you also > need servers to know unicast addresses of relays. Then you > might as well use unicast. Yup. But, is it "stateless"? >>Is a well known unicast address is assigned to a primary and >>a back-up CORE/RP/SS, which means ANYCAST. > Anycast might be used An interesting fact is that there are someone who don't want to use "anycast" for DNS servers, because it intermingles DNS and routing system. However DNS servers by DHCP with multicast is already eaqually bad. Then, are we having DHCP with multicast with anycast CORE/RP/SS? >>Or, will we wait until yet another multicast protocol is >>standardized, hoping that it will solve all the problems? >> >>Assuming that some multicast protocol solves all the >>problems, another question is on multicast address. > I think multicast works pretty well, but this should rather > be discussed in mboned. Sure. However, mboned is the worst place to discuss "multicast does not work at all". >>Is it a well known multicast address? If so, is there any > > > Yes > > >>configuration necessary at a site (or something like that) >>border router? If so, what happens if a customer want to relay >>DHCP request to ISP's DHCP server? What happens the border >>router is wrongly configured? > > > Of course things can be wrongly configured, but most things > can break then. Yes. My intention here is to demonstrate that, with multicast, routing and DHCP are intermingled. > If you want to relay DHCP requests out of the > site, the best is to use unicast between relay and server I > think, using site multicast is only an option. And, multicast is not a useful option, which means we need something for redundancy. Masataka Ohta _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Renumbering DNS with stateless DHCPv6 - b… Tim Chown
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Tim Chown
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Stig Venaas
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Iljitsch van Beijnum
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Stig Venaas
- Re: [dhcwg] Renumbering DNS with stateless DHCPv6… Vijayabhaskar A K
- RE: [dhcwg] Renumbering DNS with stateless DHCPv6… Bernie Volz
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Masataka Ohta
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Thomas Narten
- [dhcwg] Re: Renumbering DNS with stateless DHCPv6… Tim Chown
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Masataka Ohta
- RE: [dhcwg] Re: Renumbering DNS with stateless DH… Bernie Volz
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Masataka Ohta
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- RE: [dhcwg] Re: Renumbering DNS with stateless DH… Bernie Volz
- Re: [dhcwg] Re: Renumbering DNS with stateless DH… Stig Venaas
- RE: [dhcwg] Re: Renumbering DNS with stateless DH… Bernie Volz