Re: [dhcwg] lease query question
Kim Kinnear <kkinnear@cisco.com> Wed, 12 February 2003 15:48 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06851 for <dhcwg-archive@odin.ietf.org>; Wed, 12 Feb 2003 10:48:06 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h1CFvWM25651 for dhcwg-archive@odin.ietf.org; Wed, 12 Feb 2003 10:57:32 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1CFvWp25648 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 12 Feb 2003 10:57:32 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06843 for <dhcwg-web-archive@ietf.org>; Wed, 12 Feb 2003 10:47:35 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1CFtmp25574; Wed, 12 Feb 2003 10:55:48 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1CFsep25514 for <dhcwg@optimus.ietf.org>; Wed, 12 Feb 2003 10:54:40 -0500
Received: from rtp-core-2.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06776 for <dhcwg@ietf.org>; Wed, 12 Feb 2003 10:44:43 -0500 (EST)
Received: from goblet.cisco.com (IDENT:mirapoint@goblet.cisco.com [161.44.168.80]) by rtp-core-2.cisco.com (8.12.6/8.12.6) with ESMTP id h1CFmNNh028269; Wed, 12 Feb 2003 10:48:23 -0500 (EST)
Received: from KKINNEAR-W2K.cisco.com (ch2-dhcp150-41.cisco.com [161.44.150.41]) by goblet.cisco.com (Mirapoint) with ESMTP id ACP42116; Wed, 12 Feb 2003 10:48:22 -0500 (EST)
Message-Id: <4.3.2.7.2.20030212102523.0238be88@goblet.cisco.com>
X-Sender: kkinnear@goblet.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 12 Feb 2003 10:48:21 -0500
To: Thomas Narten <narten@us.ibm.com>, "Cosmo, Patrick" <Patrick@incognito.com>
From: Kim Kinnear <kkinnear@cisco.com>
Subject: Re: [dhcwg] lease query question
Cc: Kim Kinnear <kkinnear@cisco.com>, dhcwg@ietf.org, rdroms@cisco.com, "Woundy, Richard" <Richard_Woundy@cable.comcast.com>
In-Reply-To: <200302120300.h1C30ML02918@cichlid.adsl.duke.edu>
References: <Message from Patrick@incognito.com of "Tue, 11 Feb 2003 13:41:38 PST." <4FB49E60CFBA724E88867317DAA3D198E1DED2@homer.incognito.com.>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Thomas,
Patrick did an excellent job of explaining the motivation behind
this particular part of the problem statement in the leasequery
draft (from the second point on page 2):
2. The access concentrator can perform IP source address verifica-
tion of datagrams received from the access network. The verif-
ication may be based on the datagram source hardware address,
the incoming access network port, the incoming virtual circuit,
and/or the transmitting modem.
I have some additional comments, indented, below.
At 10:00 PM 2/11/2003, Thomas Narten wrote:
>"Cosmo, Patrick" <Patrick@incognito.com> writes:
>
>> >Thus, knowing that an address is reserved, but
>> >not currently in use, doesn't seem to be info the
>> >relay agent really needs. Am I missing some other
>> >important detail here?
>
>> Here's one example:
>
>> some relay agents provide an "Host Authentication" feature where they only
>> fwd data from an device using an IP address that the device "really does
>> own". This is an attempt to prevent IP spoofing. The relay agent determines
>> who "owns" an IP address (who was actually leased the address) by gleaning
>> the DHCP messages that pass through it, or through DHCP lease query.
>
>I understand and agree with everything so far.
>
>> In the case where a device is manually configured with an IP and is
>> not performing DHCP, the DHCP service may be configured with a
>> "static address" for the device to indicate that the device really
>> does "own" that IP address. The relay agent can determine and
>> recognize this fact through the use of DHCP lease query.
>
>So, the client isn't using DHC, but we're going to configure the DHC
>server about that client anyway and the relay agent is going to use
>leasequery to get info from the DHC server about those addresses,
>even though DHC (as in the RFC 2131) isn't even being used for these
>addresses?
Yes, since the utility of this "host authentication"
feature or "source address verification" feature (call it
what you will) has been found to be less broadly
applicable in practice than it was in theory. It is
certainly useful, but it would be more useful if it
worked on networks which were not configured solely using
DHCP enabled clients.
Thus, practical experience has shown that the solution we
originally architected and deployed would be even more
useful if we added some small things to the leasequery
capability. That was the source of my comment about this
becoming a second generation capability -- it has truly
evolved over time.
>Is this indeed part of the problem statement?
Yes, it is now.
>I'll note also that the above problem can't be solved by DHC gleaning,
>since the client isn't using DHC. So, the above isn't just about
>restoring gleaned information after losing state.
You are correct.
>But having said that, couldn't the DHC server just respond with "I
>have a lease" for the hardcoded configuration information, even if it
>(in some sense) doesn't?
Yes, and this is what it does.
> What the relay agent presumably cares about
>is whether an address is in use on a certain link. It doesn't really
>care _how_ the DHC server knows about those addresses. Right?
It may well be that an access concentrator will use the
reservation to decide that it will allow this IP address
to work from any port, but then remember that port and
not allow it from any other port. This is because there
may not be option-82 information configured for that
reservation. In this case, the fact that it is a
reservation may well be key to the access concentrator's
ability to allow the IP address to be used.
On the other hand, we don't know for sure that someone
won't create an access concentrator that might want to
prohibit leasequery information for any *but* real DHCP
clients, we decided to put this bit of information into
the leasequery capability.
Indeed, there may well be other decisions an access
concentrator might with to make based on this information
that I haven't even imagined at this time.
I believe that our job is to create capabilities that
serve a well defined need in a clear and easily
implemented (to be interoperable) manner. I *also*
happen to believe that if we do our jobs right, people
will use these capabilities in ways that we have not yet
imagined to do things that are innovative and useful for
end-users. Thus, I believe that in a capability such as
leasequery where the primary goal is to return
information to an access concentrator, we would be
missing the point if we failed to deliver something as
simple and possibly basic as the source of the rest of
the information.
It isn't as though we had to invent a new message
exchange or anything -- that would have been overkill.
However, since we have the information it seems foolish
to withhold it on some philosophical grounds given we are
talking about one bit, and we can certainly imagine ways
in which it might well be useful.
Kim
>Thomas
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Thomas Narten
- RE: [dhcwg] lease query question Cosmo, Patrick
- Re: [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Ralph Droms
- Re: [dhcwg] lease query question Kim Kinnear
- Re: [dhcwg] lease query question Thomas Narten
- Re: [dhcwg] lease query question Kim Kinnear
- [dhcwg] Leasequery: should it be standardized? Kim Kinnear
- Re: [dhcwg] Leasequery: should it be standardized? Ted Lemon
- Re: [dhcwg] Leasequery: should it be standardized? Thomas Narten
- Re: [dhcwg] Leasequery: should it be standardized? Kim Kinnear
- RE: [dhcwg] Leasequery: should it be standardized? Kevin A. Noll
- RE: [dhcwg] Leasequery: should it be standardized? Kevin A. Noll
- RE: [dhcwg] Leasequery: should it be standardized? Barr Hibbs
- Re: [dhcwg] Leasequery: should it be standardized? Richard Johnson