Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt-netboot-05
Jarrod Johnson <jarrod.b.johnson+dhcwg@gmail.com> Mon, 12 October 2009 12:42 UTC
Return-Path: <jarrod.b.johnson@gmail.com>
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECFCA28C10B for <dhcwg@core3.amsl.com>; Mon, 12 Oct 2009 05:42:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y14b6c9MhUYR for <dhcwg@core3.amsl.com>; Mon, 12 Oct 2009 05:42:48 -0700 (PDT)
Received: from mail-gx0-f212.google.com (mail-gx0-f212.google.com [209.85.217.212]) by core3.amsl.com (Postfix) with ESMTP id 3B92A3A63EC for <dhcwg@ietf.org>; Mon, 12 Oct 2009 05:42:48 -0700 (PDT)
Received: by gxk4 with SMTP id 4so9950849gxk.8 for <dhcwg@ietf.org>; Mon, 12 Oct 2009 05:42:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=urxx3Ms++xaDKySe1GMqrg0S0L9T+kD0tFSJ3YVw7wo=; b=aYRuRyu+v3DvfhyNjwc2pH9osCmg4YJz79RqlSfhbsrIqVrV2PuL+zyJWTXkq5ZUgD M4q8Z8vQEDwkUblgjkddL6kZUThce9ZzjHwAM1/TnI5H9v9BcVnHxS6A2WfSlZ76QPIO 2I/Ayjnpt9fL4vxvaeH8bnYIVFAxfvgHB378s=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=wXHHRM3faetUs7GtQhYGdtu1VGyLcyuCcWsLc5sfkkAI2hfXFyxVZGAcIwkqwhfSQi bIHon2gCny3MJuXIxjwWVQ1Dc5Y4bWfO2vY3/hvqGftFYVirE0N4CZBMY7bJ+Yz/Q2Kb /rRoMUjT6hLQEFqFDwMoqIGVE75ehO549v9iE=
MIME-Version: 1.0
Sender: jarrod.b.johnson@gmail.com
Received: by 10.150.237.4 with SMTP id k4mr10124443ybh.93.1255351365109; Mon, 12 Oct 2009 05:42:45 -0700 (PDT)
In-Reply-To: <23CEFBAC26A6814695D4872E1CE3B1AC131E3E0F97@exchange-10.WIN.NOMINUM.COM>
References: <994ABFCB-3ABF-484C-9855-1EEACC663CF4@nominum.com> <200910061918.n96JI5Nv005405@cichlid.raleigh.ibm.com> <42BCDBAE-673E-44FA-B44C-42A8149D6838@nominum.com> <200910072139.12968.budm@weird-solutions.com> <OF7C528424.182656B7-ONC125764B.004D3670-C125764B.004E7472@de.ibm.com> <fab4e42a0910101253l20e35a97m96f5032d59cf8b80@mail.gmail.com> <EA87973C-CDB0-44FB-A67E-EEC1BC903018@nominum.com> <fab4e42a0910111012q5c716fd9w9e65910902fddad9@mail.gmail.com> <23CEFBAC26A6814695D4872E1CE3B1AC131E3E0F97@exchange-10.WIN.NOMINUM.COM>
Date: Mon, 12 Oct 2009 08:42:45 -0400
X-Google-Sender-Auth: 21d095d451d3c7e1
Message-ID: <fab4e42a0910120542s25e6ddd1q1fe9f9294abace64@mail.gmail.com>
From: Jarrod Johnson <jarrod.b.johnson+dhcwg@gmail.com>
To: Ted Lemon <Ted.Lemon@nominum.com>, dhcwg@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt-netboot-05
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2009 12:42:50 -0000
On Sun, Oct 11, 2009 at 8:55 PM, Ted Lemon <Ted.Lemon@nominum.com> wrote: >> There are two problems with RFC 4361 section 7 for me: >> -Practically speaking, I see no specific standards in place for the >> various architectures to implement the prescribed communication path >> between OS and firmware. > > That's because we can't do anything about that. We can't tell firmware vendors what to do. Indeed, generally speaking, they don't even follow the protocol specifications anyway - we're lucky if what they do roughly interoperates with conforming implementations. > > It wasn't my intention in RFC4361 to say that the O.S. or the firmware should be in charge, but rather to say that they should collude to present the same identifier. As far as I know nobody's implemented that, though. > FYI, the wording that made me feel it implied OS control was: "Such clients should provide a way for the operating system DHCP client to configure a DUID to use in subsequent boots" which I took to mean that if the OS mismatched, that it should be considered that it is the firmware that needs to be rectified. After some thought, I actually think precisely the opposite would be true. Anyway, perhaps with some specific recommendations, this draft should reference RFC4361 to ensure that firmware developers have this in mind and hopefully some standards get pushed in the correct places (just like iBFT exists to facilitate RFC4173). If appropriate, I have some thoughts on how it can be resolved to my satisfaction (but not Chuck's) and probably keep people who like the DUID moving with the hard drive happy: -Firmware should provide a DUID of it's choosing (likely DUID-EN) at any time through a mechanism of their choosing (i.e. openfirmware properties, DMI tables in x86, whatever is appropriate). However, unless specifically configured to do otherwise, DHCP clients should ignore this information. -If netboot firmware actually executes a boot, it should make the DHCPv6 reply packet available in some form that the OS and bootloader can read. (openfirmware, for example, would almost certainly do it just like they stick the bootp-response in /chosen today). In x86, maybe they'd implement it in a similar way they do iBFT, but the format should be just the raw packet, since the consuming software would certainly already have code to parse a DHCP reply packet, and an intermediate format would just be a headache for everyone). -If netboot is started, but ultimately aborted (i.e. pxelinux.cfg's 'localboot' directive, or a non-existant boot file), it should not retain any DHCPv6 reply packet and the OS need not try coordinating with boot firmware. -If the OS dhcp implementation sees that the firmware has populated the DHCPv6 reply structure, it should ignore (but may retain for future use) any DUID it might have saved and instead configure itself to always read DUID from firmware structures instead of system disk (this way, if a hard drive is deployed in this manner, it won't clone a DUID-EN and risk making it non-unique by moving it to a system that isn't deployed in the same fashion). If that drive appears in a system with no firmware provided DUID, it would have to generate a new DUID or revert to the DUID it had generated previously. -The OS need not have a way to write back a DUID in a standard way as it is not very important and further mitigates the risk of duplicate DUIDs by avoiding cloning them with the risk of future disassociation. The thoughts behind this are that the scenario for netboot include: -network boot of the OS. In this case, the layer2<->layer3 identity mapping has already been proven to make the correct association. So if the OS sees that firmware has one, and it happens to have a different one, it knows one has been proven and one has not been, so it makes sense to always use the one already validated. -network deploy of the OS. A no brainer here, there is/should be no meaningful DUID other than the firmware. If image deployment is being done, they would already have to wipe DUID to make it a generalized image anyway. -network boot starts, but chain to a local disk (i.e. syslinux chain.c32). This could be the most controversial case, but I think it fair to presume that the network loader infrastructure implying it has that much knowledge of the managed system means it is pre-configured specifically for this, and therefore the boot time DUID should be considered the correct one. -network boot, but exit to local boot instead. I think it's fair to say this could imply that the DUID in use is not specifically validated and therefore is not worth implying it should be used over other DUID. In my case, when this occurs, the OS had previously recorded the DUID from the boot firmware and is using it, so I don't lose control. An alternative would be for OS to always source DUID from firmware tables if available (i.e. DMI tables in x86) regardless of boot state, however I think that would be detrimental to those who enjoy retaining their IPv6 identity when they move their hard drives to a new set of equipment in a decentralized scenario.
- [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt-net… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Huth
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Narten
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Ted Lemon
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Narten
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Ted Lemon
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Narten
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Damien Neil
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Ted Lemon
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Stephen Jacob
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Alfred Hönes
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Ted Lemon
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Huth
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Bud Millwood
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Huth
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Jarrod Johnson
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Jarrod Johnson
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Jarrod Johnson
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Jarrod Johnson
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Bud Millwood
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Jarrod Johnson
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Huth
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Jarrod Johnson
- Re: [dhcwg] Comments on draft-ietf-dhc-dhcpv6-opt… Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Niall.oReilly+lists
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Chuck Anderson
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … H. Peter Anvin
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Niall.oReilly+lists
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Narten
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … jarrod.b.johnson@gmail.com
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Woundy, Richard
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Narten
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Woundy, Richard
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Thomas Narten
- Re: [dhcwg] netboot load balancing (was: draft-ie… Thomas Huth
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … Ted Lemon
- Re: [dhcwg] draft-ietf-dhc-dhcpv6-opt-netboot-05 … H. Peter Anvin