Re: [dhcwg] Benjamin Kaduk's No Objection on draft-ietf-dhc-slap-quadrant-09: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Fri, 31 July 2020 18:08 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF6E3A0C1D; Fri, 31 Jul 2020 11:08:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0K0mUjKCQpt; Fri, 31 Jul 2020 11:08:11 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CB293A0C17; Fri, 31 Jul 2020 11:08:10 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 06VI7w0v016658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 31 Jul 2020 14:08:01 -0400
Date: Fri, 31 Jul 2020 11:07:57 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: CARLOS JESUS BERNARDOS CANO <cjbc@it.uc3m.es>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dhc-slap-quadrant@ietf.org, dhc-chairs@ietf.org, dhcwg <dhcwg@ietf.org>, Tomek Mrugalski <tomasz.mrugalski@gmail.com>, Ian Farrer <ianfarrer@gmx.com>
Message-ID: <20200731180757.GR92412@kduck.mit.edu>
References: <159165604132.26829.1388964748461575487@ietfa.amsl.com> <CALypLp8RruBgJ35sudHf6xzUk3J+917Z=8_86cDt-jB2wXaNxw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CALypLp8RruBgJ35sudHf6xzUk3J+917Z=8_86cDt-jB2wXaNxw@mail.gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/trC1oB2TrS761JpZeeBijZpIzPc>
Subject: Re: [dhcwg] Benjamin Kaduk's No Objection on draft-ietf-dhc-slap-quadrant-09: (with COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 18:08:16 -0000
Hi Carlos, Thanks for the follow-up and updates. Just a couple things inline... On Fri, Jul 31, 2020 at 02:44:03PM +0200, CARLOS JESUS BERNARDOS CANO wrote: > Hi Benjamin, > > Thanks a lot for your review, and apologies for the belated reply. > > Please see below inline some comments. All changes are applied to -10, to > be posted soon. > > On Tue, Jun 9, 2020 at 12:40 AM Benjamin Kaduk via Datatracker < > noreply@ietf.org> wrote: > > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-dhc-slap-quadrant-09: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-dhc-slap-quadrant/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I had a little bit of a hard time understanding how all the given > > examples benefit from using a specific quadrant for their allocations, > > but that may just be my lack of background, and in any case is not a > > reason to hold up the document. > > > > Section 1.1.1 > > > > o IoT (Internet of Things): where there are a lot of cheap, > > sometimes short lived and disposable devices. Examples of this > > include: sensors and actuators for health or home automation > > applications. In this scenario, it is common that upon a first > > boot, the device uses a temporary MAC address, to send initial > > DHCP packets to available DHCP servers. IoT devices typically > > request a single MAC address for each available network interface. > > > > I'm a bit confused by the use of present tense here ("it is common"), > > given that AFAIK the companion document draft-ietf-dhc-mac-assign is the > > first mechanism for DHCP-based MAC address assignment. > > > > [Carlos] You are right. We have rewritten it using "In this scenario, a > reasonable > behavior would be that, upon a first boot, [...]" > > > > temporary MAC address. This type of device is typically not > > moving. In general, any type of SLAP quadrant would be good for > > assigning addresses from, but ELI/SAI quadrants might be more > > suitable in some scenarios, such as if the addresses need to > > belong to the CID assigned to the IoT communication device vendor. > > > > side note: I'm curious what kind of case would require that the address > > belong to the CID of the device's vendor. > > > > [Carlos] This also comes from IEEE feedback. It seems realistic that some > devices cannot come with a burned-in address, but still want to use a local > address using the CID of the device's vendor. Makes sense; thanks. > > > > > Section 2 > > > > Interesting that we say that client+server support IA_LL and LLADDR but > > nothing about QUAD :) > > > > [Carlos] Good point. We've fixed it. Thanks. > > > > Section 3 > > > > change address several times). This information includes, but it is > > not limited to: > > > > o Type of network the device is connected: public, work, home. > > > > o Trusted network? Y/N. > > [...] > > > > nit: it might be nice to use a parallel structure for all of the bullet > > points ('?' vs ':', prose discussion vs short answer, etc.) > > > > [Carlos] OK, done. Though some of the prose discussion has been kept as I > believe it was needed (the points were not straightforward to follow). > > > > > > o Mobility? Y/N. > > > > A few more words about what sense "mobility" is used in might be in > > order. > > > > [Carlos] Done. > > > > > > quadrants. If the device is not moving and attached to a trusted > > network (e.g. at work), then it is probably best to select the ELI > > > > side note: it's not entirely clear that "at work" implies "not moving" > > -- in some environments it's common to move between desk and conference > > room, potentially on a different floor or in a different building. > > > > [Carlos] Thanks, good points. I've massaged a bit the text in that part. > > > > Last, if we consider the data center scenario, a hypervisor might > > request local MAC addresses to be assigned to virtual machines. As > > in the previous scenarios, the hypervisor might select the preferred > > SLAP quadrant using information provided by the cloud management > > system (CMS) or virtualization infrastructure manager (VIM) running > > on top of the hypervisor. This information might include, but is not > > limited to: > > > > As was (IIRC) noted by a directorate reviewer, we don't use "CMS" or > > "VIM" again, and since at least "CMS" collides with another well-known > > IETF acronym, there seems to be little or negative value in including > > the acronyms here. > > > > [Carlos] Fixed. I've removed the acronym and now use the expanded term. > > > > > > Section 4.1 > > > > I suggest using "IA_LL(LLADDR,QUAD)" in step 1 of Figure 3, as is done > > for the other lines, to match the prose text's MUST-level requirement to > > include LLADDR. > > > > [Carlos] Done. > > > > > > option. In order to indicate the preferred SLAP quadrant(s), the > > IA_LL option includes the new OPTION_SLAP_QUAD option in the > > IA_LL-option field (with the LLAADR option). > > > > Even though QUAD does not give provision for nested options, it would > > perhaps be better to use "alongside" or "as a sibling of" or similar, > > rather than "with", to describe the relationship between QUAD and > > LLADDR. > > > > [Carlos] OK, thanks. I've picked "alongside". > > > > Also, nit: s/LLAADR/LLADDR/. > > > > [Carlos] Thanks, fixed. > > > > > > an LLADDR option that specifies the addresses being offered. If > > the server supports the new QUAD IA_LL-option, and manages a > > block of addresses belonging to the requested quadrant(s), the > > addresses being offered MUST belong to the requested quadrant(s). > > > > nit: I don't expect a single block of addresses to span quadrant > > boundaries, so perhaps "belonging to a requested quadrant" and "MUST > > belong to a requested quadrant" would be more appropriate. > > > > [Carlos] OK, thanks. > > > > > > 3. The client waits for available servers to send Advertise > > responses and picks one server as defined in Section 18.2.9 of > > [RFC8415]. The client SHOULD NOT pick a server that does not > > advertise an address in the requested quadrant. The client then > > > > Perhaps "quadrant(s)" or "a requested quadrant", to match the previous > > discussion? > > > > [Carlos] OK, thanks, picked "quadrant(s)". > > > > > > sends a Request message that includes the IA_LL container option > > with the LLADDR option copied from the Advertise message sent by > > the chosen server. It includes the preferred SLAP quadrant(s) in > > the new QUAD IA_LL-option. > > > > nit: I think s/the new/a new/ is better, since we have not discussed a > > new QUAD option in the Request yet. > > > > [Carlos] OK, thanks. > > > > > > The client SHOULD check if the received MAC address comes from one of > > the requested quadrants. Otherwise, the client SHOULD NOT configure > > the obtained address. It MAY repeat the process selecting a > > different DHCP server. > > > > "repeat the process" sounds like sending the same Renew to a different > > server, that is, different from the server that assigned the address > > whose renewal is being requested. Is that expected to be effective > > (either in renewing the current assignment or in getting a new > > allocation in a Reply, as opposed to an "I don't know about that" error > > response)? > > > > [Carlos] We have changed this, based on feedback received at both IETF and > IEEE, and now reads as follows: > > The client SHOULD check if the received MAC address comes from one of > the requested quadrants. It MAY repeat the process selecting a > different DHCP server. > > The idea is that the client might pick a different server from those that > sent and Advertise and try. > > > > Section 4.2 > > > > side note: It's interesting to me that QUAD is not included in a > > Relay-reply(Advertise()) but is included in a regular Advertise() when > > no proxy is involved. (Likewise for wrapped Reply().) > > > > payload. Depending on the server's policy, the instance(s) of > > the option to process is selected. For each of the entries in > > > > Just to check: this is intended to allow both "use only one, and if both > > are present which to use is up to local policy" and "apply the > > intersection of both requests [with some local policy for which priority > > to respect]"? I note that later on we have some text that makes it > > RECOMMENDED to prefer the client's, in a discussion that does not cover > > the "intersection" option at all. So perhaps the "intersection" option > > is not intended to be available? > > > > [Carlos] The intended idea is "use only one, and if both are present which > to use is up to local policy". In that case, I'd suggest to just say "instance" and not "instance(s)", since only one instance is actually processed by the server (if I understand correctly). > > > > > in a Relay-reply message. If the server supports the semantics > > of the preferred quadrant included in the QUAD option, and > > manages a block of addresses belonging to the requested > > quadrant(s), then the addresses being offered MUST belong to the > > requested quadrant(s). The server SHOULD apply the contents of > > > > [same nit as for §4.1] > > > > [Carlos] OK, fixed. > > > > > > 10. This message is forwarded by the Relay in a Relay-forward > > message, including a QUAD IA_LL-option with the preferred > > quadrant. > > > > I would consider repeating the mention from above about how the QUAD is > > included here in case the server has to make a new assignment, to make > > sure that the client (well, proxy's) preference is available in such > > cases. > > > > [Carlos] Not sure I got your point here. Do you mean using the text in #2? Sorry, I see now that this comment was too vague. What I meant was that up in Section 4.1, when we talk about what seems to be a similar situation, we say: It includes the preferred SLAP quadrant(s) in the new QUAD IA_LL-option, so in case the server is unable to extend the lifetime on the existing address(es), the preferred quadrants are known for the allocation of any "new" (i.e., different) addresses. I was wondering if there was value in including a similar statement in this location. ("No value" is a perfectly valid answer!) > > > > > Section 5.1 > > > > quadrant-n Identifier of the quadrant (0: AAI, 1: ELI, 2: > > Reserved, 3: SAI). Each quadrant MUST only appear > > once at most in the option. A 1-byte field. > > > > Perhaps note that this is Reserved in the sense of the IEEE quadrant, > > not the usual IETF/IANA "reserved" usage? > > > > [Carlos] Good point, thanks. I've used "Reserved by IEEE" and a ref > to [IEEEStd802c]) > > > > assigned preference). Note that a quadrant - preference tuple is > > > > nit: earlier we spell this a "(quadrant, preference) pair". Using > > consistent notation/terminology seems advisable. > > > > [Carlos] Thanks. This specific paragraph has been revised as a result of > another comment we received. Now only "pair" is used in the document. > > > > used in this option (instead of using a list of quadrants ordered by > > preference) to support the case whereby a client really has no > > preference between two or three quadrants, leaving the decision to > > the server. > > > > side note: it's not 100% clear to me that we need to exclude the "no > > preference among all four quadrants" case, though I certainly am not > > insisting that we include it. > > > > [Carlos] Well, since at the time of writing this there are only 3 possible > quadrants, we are de-facto considering the case of "no preference among all > possible quadrants". I guess this was your point, no? Probably. (To be honest, I don't remember exactly what my point was...) > > > > > specified quadrants, it SHOULD proceed with the assignment. If the > > server cannot provide an assignment from one of the specified > > quadrant-n fields, it MUST NOT assign any addresses and return a > > status of NoQuadAvail (IANA-2) in the IA_LL Option. > > > > This text seems to lose some of the subtlety around NoQuadAvail vs. > > NoAddrsAvail that is prsent in Section 4.1. It would be good to be > > consistent about how we discuss these cases. > > > > [Carlos] OK, fixed. > > > > > > Section 7 > > > > Do I understand correctly that there is no technical mechanism to > > prevent a relay from inserting a QUAD option inside what is nominally > > the client's IA_LL, as opposed to as a top-level option in Relay-forward > > (which is what it's "supposed to" do)? We should probably say something > > about how the proxy has to be trusted to do the right thing and a > > malicious proxy could change/override the client's preference. > > > > [Carlos] I assume here the considerations described in RFC 8415 would > apply. That seems pretty plausible, good point. > > > > I'm surprised that RFC 7227 is not referenced here. > > > > [Carlos] It is now. We got the same comment from another reviewer ;) > > > > Though it is not referenced (yet?), RFC 7227 says that authors of > > documents defining new DHCP options are "strongly advised to explicitly > > define validation measures" for recipients of such options. I do not > > see much discussion of validation measures in this document (despite > > there being MUST-level requirements on the quadrant-n fields with > > respect to each other), just a mention that "first occurrance wins", > > which is not exactly a validation step but more of a processing one; why > > is there no need to provide more detailed validation measures? > > > > [Carlos] RFC 7227 also states that "However, validation measures already > defined by RFC 3315 or other specifications referenced by the new option > document are redundant and can introduce errors, so authors are equally > strongly advised to refer to the base specification for any such validation > language rather than copying it into the new specification." We refer to > RFC 8415 (which obsoletes 3315), assuming that this is sufficient. Okay, thanks for the extra explanation (and reading 7227 more carefully than me!). > > > > > Section 8 > > > > The work in this draft will be further developed and explored under > > the framework of the H2020 5Growth (Grant 856709) and 5G-DIVE > > projects (Grant 859881). > > > > I'm not 100% sure that we need to speculate about the future here > > (especially given that it would become stale as time passes); would it > > suffice to say that "this work is supported by" the grants in question? > > > > [Carlos] OK, revised. > > > > > > Section 9.1 > > > > It's not entirely clear to me that we reference RFC 8200 in a normative > > fashion. > > > > [Carlos] I agree. I've moved it to informative (also being consistent with > draft-ietf-dhc-mac-assign). > > Thanks a lot! Thank you as well, Ben
- [dhcwg] Benjamin Kaduk's No Objection on draft-ie… Benjamin Kaduk via Datatracker
- Re: [dhcwg] Benjamin Kaduk's No Objection on draf… CARLOS JESUS BERNARDOS CANO
- Re: [dhcwg] Benjamin Kaduk's No Objection on draf… Benjamin Kaduk
- Re: [dhcwg] Benjamin Kaduk's No Objection on draf… CARLOS JESUS BERNARDOS CANO