Re: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements

"Bernie Volz (volz)" <volz@cisco.com> Fri, 09 October 2020 00:52 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9CD3A0BF2; Thu, 8 Oct 2020 17:52:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gR8CZP+U; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=FpgvSDrg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOFpYkmxYyB1; Thu, 8 Oct 2020 17:52:15 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB8E23A0A7E; Thu, 8 Oct 2020 17:52:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12526; q=dns/txt; s=iport; t=1602204735; x=1603414335; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NAbZQA1X2iwWhr1163BsOX5VwDWt9NWCI+qF4vuXX08=; b=gR8CZP+UiKx39MSVD1nleHsxqjeexqA22vE3yvIPZSz1oxLl1nWHlXGZ b1Y3mzKi9yotLiuXN3MxpE/of98sa9lvRsvGqnYoInoBauEzV/8Z+3j3i gTQl+EUO978mfzyu9rMji0g1+NJ3iIpVPIY/j4ohdyPLJOwe6aYfyBtsg M=;
IronPort-PHdr: =?us-ascii?q?9a23=3AwcUU3hUZ2PA35CutEBEOeyMgjMzV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSBNyDuf1Bm6zdtKWzEWAD4JPUtncEfdQMUh?= =?us-ascii?q?IekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutaFjC5Ha16G1aFh?= =?us-ascii?q?D2LwEgIOPzF8bbhNi20Obn/ZrVbk1IiTOxbKk0Ig+xqFDat9Idhs1pLaNixw?= =?us-ascii?q?=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DPBQASs39f/4MNJK1gHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgU+BUlEHcFkvLAqEM4NGA41SmHuBQoERA1ULAQEBDQEBGAs?= =?us-ascii?q?KAgQBAYRKAheBcwIlOBMCAwEBCwEBBQEBAQIBBgRthS8IJQyFcgEBAQMBAQE?= =?us-ascii?q?QEREMAQEsCwEEBwQCAQgRBAEBAQICHwQDAgICJQsUAQgIAgQOBSJEgkABgks?= =?us-ascii?q?DDiABDp4VAoE5iCw1doEygwEBAQWBMwGDcBiCEAMGgQ4qgnKDbYJEhBIbggC?= =?us-ascii?q?BESccgU9+PoIaQgEBgSAnGAczgl0zgi2PfiQHgxuSJZF0CoJommcDH4MTiga?= =?us-ascii?q?FP4oJhE+zOAIEAgQFAg4BAQWBayOBV3AVOyoBgj5QFwINil6DQQwXFIM6hRS?= =?us-ascii?q?FQnQCNQIGAQkBAQMJfIw7AYEQAQE?=
X-IronPort-AV: E=Sophos;i="5.77,353,1596499200"; d="scan'208";a="742713711"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Oct 2020 00:52:13 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 0990qD1u028074 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 9 Oct 2020 00:52:13 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 8 Oct 2020 19:52:12 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 8 Oct 2020 20:52:12 -0400
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 8 Oct 2020 20:52:12 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZIC3aCNFO8naPM2uPwdmmL4ZCQxAVBydNuNjetFPqh/3/y/C++4uqdB4h58hD242HUEKfTXswryS64+8sR16Vnp71XhLjMiiZfP1UCUXEVmdybmt5vl4QbSrDQXK+0fz0XMXXyL0GnVp8cU+rhFNOaQKp5zhsYXj6yVFbk1AmXD1/WKCuf56l7mA17Irdw/UtEX9aX8961Ao0FJ8KhungpRSY+LmCf8u/13ftd0UkKaj1Y+KO4M8uaLYkohowyy15e0CbOwv1zXN1ghRkSYuncAEUvHrkAK4pvPJkMrLD4ZtTtB/X9b5JymVYrakDLDeGxfjGlilsnK3q+883wH7mA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NAbZQA1X2iwWhr1163BsOX5VwDWt9NWCI+qF4vuXX08=; b=lijTqf9FkY7Vse2Lp4razmeucVPETQfmAhwC0lCsQnMSuQXFaiDuVmgjEW2nQuYDQw7LkfeW1yHpURByvvnGuZwVudPxtfNYDUq8NVjI7s/McRRUzqV43lCyFfgOK17A50wjOa5r5wt8v/814g5JF9wVcoCj4UL5jSDgfRDt3Egt0c3/1Hk4+1yb/uEz8O4gpRfUWrp7yG2GorFCesbu4sUX/Qfq/4EMdDyhRtub+lU6ls+ZpdtsWqZwue7TCkjgkZZCfV+9n8SZBctaFFJ2mLiubwl1ZjIwQDaOlMDlfIlBXqP/gAHKQGKRt9hxUA8kjHcX5qU1zM+VToIOCU6kKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NAbZQA1X2iwWhr1163BsOX5VwDWt9NWCI+qF4vuXX08=; b=FpgvSDrgGdA/yQ2vfu281+Co1fSVEiHsRQtAMfRMk6O+x2+NAQvMexu6xUB2lANYkyOH9IWaKwy8HQFxcoAfqJf2QlUAaY7nmKCCh+49G5gAkMTC8jrqxo8LFdW5hSX9fIXgsFChz59jd7PU72LhO+5f5sPbuvu9vQHnofi90ns=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN6PR11MB1713.namprd11.prod.outlook.com (2603:10b6:404:3c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21; Fri, 9 Oct 2020 00:52:10 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::2180:35e4:fe29:e470]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::2180:35e4:fe29:e470%3]) with mapi id 15.20.3455.024; Fri, 9 Oct 2020 00:52:10 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
CC: "ianfarrer@gmx.com" <ianfarrer@gmx.com>, dhcwg <dhcwg@ietf.org>, 6man <ipv6@ietf.org>, v6ops list <v6ops@ietf.org>
Thread-Topic: [v6ops] [EXTERNAL] Re: [dhcwg] Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
Thread-Index: AQHWnY5pT1BZPqcqAkuJPITGjT8WRqmONFtwgAALvQCAADGh6A==
Date: Fri, 9 Oct 2020 00:52:10 +0000
Message-ID: <A0B74F43-07A4-47C2-B773-3F2071CFCED3@cisco.com>
References: <5F6947F2-F7DF-4907-8DD5-28C2B20A91DE@gmx.com> <CAFU7BAT87uhUKZM-G9MjCgtmGbdCwXorP3SfMJm7_Ax7pvwDjg@mail.gmail.com> <f2a9e0188cd84f52adce279cfb04cbcc@boeing.com> <D259F559-8528-428A-A9DF-0D9FB07E6BE4@gmx.com> <BN7PR11MB2547029C572CB32F3C593AD7CF0B0@BN7PR11MB2547.namprd11.prod.outlook.com>, <ff36a6d9f0834b5bbf331c6c40df16b8@boeing.com>
In-Reply-To: <ff36a6d9f0834b5bbf331c6c40df16b8@boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.com; dkim=none (message not signed) header.d=none;gmx.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [24.233.121.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6f76fd7a-f523-42db-5ff8-08d86bed8e02
x-ms-traffictypediagnostic: BN6PR11MB1713:
x-microsoft-antispam-prvs: <BN6PR11MB17131C7EC6ADE1A7AA5F07C6CF080@BN6PR11MB1713.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: N26+O9VD4NrObSLjIVfPjJEXfDbwDwfe1UJn374AJtluP35s4bMyrIl5M1r25OT6DRbp+87Bk5dXTU9ZqJSgPAmoRstS5qwhoqNYM+qs+B+yjOMcRiKXVPaJXKpWkVF/hCqaKSFXoxbaodWX0I6//rZ7AwupuqETKHbDHTt6JiytvYd+i4/VR5fkjIoTuDJJs1shT1gwzK8Rdm5J8QNMYEF/T5eUAoSkGrNxuvgTTJT+8CS8ywzrGAJBeocTs1N+pNiScxmTnJjK8Klbwy06Vr1TWKD4pssNPgR407vQq3HD2IZPvneRnRhkDP/KUekwjy1nQ1oTsDNeYWtpKwAK8tySogedsnp3+FIZhetYMVwD/RBqpB6KaLf5vqWsqcoNeBD2XskWMokvhX8GvavF9vOOS01Iw2fAhlCE9i2IhKiDdvpvG7rmcxnXAKs5gFtZHcRKu3GsAfDXZ5jSm5bTng==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(366004)(136003)(396003)(39860400002)(6512007)(33656002)(54906003)(83080400001)(2616005)(64756008)(66446008)(66556008)(91956017)(66476007)(186003)(26005)(71200400001)(66946007)(4326008)(5660300002)(76116006)(8676002)(66574015)(316002)(53546011)(6506007)(2906002)(8936002)(478600001)(6916009)(83380400001)(36756003)(86362001)(966005)(6486002)(518174003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 6FEcrcWRHUwEqubwWefsRJgqV4IE/Dr9sL8U1cSMjpZsc3hKdmZ0RVzPVSF3dGbuOcl0KZ45nOf3Mj9aq5pWOr+9CTZAs/pfFB71PjE3SEQ4D+nZJkgGfPdgQ7ZTlOQ/eDlFpEMpVZ7vRdczVQUAne4/V5DYbmfvGGlXnkwRHerMarov2d+DlbRFl++c2o+FQcx2Q25hS3mOOQ+LG1jji74CCKClphz6TRBRouA0WMC9KuUILixmGZxftNfoTPdscATIxSaTux9ZeJ/EB3G0lICmD1poUVfEjX6kqsd5yeu25m+JXfbh+EpuHWl/IhDi2uE4BTMZfQMRfJ6TJ5YX1uGDE4r7ZuaX4j0prUKmJoiYijNZR8/7jFYj3js7qf/BbKoga8BZxJYhdQUVHLQU0keDhP0TSTRepjNG2kVQ7HYZg6d1e2Pj2VkoNf8S8h3lN/5LFGDvedOk5gCg/idu5P5a3uO4LZvUNoFJyPPehFUgIyEiIU4vjwfzP/YL5ZHQVner18SH5gymdqUuVGCkvv6ecQa/6raBBYZfRf779FJWBOLkalGO0tWrM9qzh3oFs7GJt76mH0kpC1xIM6toYY7aBfraxC8I9NUea2Y01PeNVjdNcVlUllxPBaW4EnGQ8G/h7z0JssutBwDuVxX7Hw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2547.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f76fd7a-f523-42db-5ff8-08d86bed8e02
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2020 00:52:10.5397 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EL7ZqwE31th6ngjuQzWNctUHW0GGuiwe86Cigl6zOIjQ9R9U69Ki3qNkFfPLBbrt
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1713
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/vVuTnDsXElB0EhPHDBp8wMTbSZg>
Subject: Re: [dhcwg] [v6ops] [EXTERNAL] Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2020 00:52:20 -0000

And of course connectivity is not going to work even if R-4 rule were not implemented, and seems best to drop packet early?

If you take PD out of the picture and did this same (mis)configuration, what would happen? I was asking earlier about this issue as to what happens with “normal” routing and why this needs to do more or better?

Perhaps the missing piece of the rule is don’t send it back to where it came from, based on link layer addresses (or link if point-to-point). But that seems more like a standard routing rule?

It also seems odd that the rule says:
         An ICMPv6 Type
         1, Code 6 (Destination Unreachable, reject route to
         destination) error message MAY be sent back to the client.

Shouldn’t the ICMPv6 be sent to the sender? In the scenario Jen and you are discussing, there are two clients? So, which client may the ICMPv6 be sent to?

And, perhaps if there is only “the client”, Ian’s case is different?

- Bernie

> On Oct 8, 2020, at 5:54 PM, Templin (US), Fred L <Fred.L.Templin@boeing.com> wrote:
> 
> Bernie,
> 
> Let's say two clients A and B are connected to a switch which is then connected to
> relay R. Clients A and B receive PDs from the DHCPv6 service that are relayed by
> R, and R establishes routes for the delegated prefixes A and B. A and B both regard
> R as a default router.
> 
> Now, suppose two things:
> 
> - client B discovers through some means (e.g., DNS) the IP address of a service
>   endpoint within prefix A
> - client A somehow "forgets" that it received the prefix delegation A
> 
> Now, client B sends packets destined to an address in A to R, and R forwards the
> packets to client A since it still has a route for A. When the packets arrive at A,
> however, A forwards them back to R since it has "forgotten" that it holds the
> prefix A. When R receives the packets from A with destination address also
> from prefix A, it must drop them instead of forwarding them back to A to
> avoid looping.
> 
> Note: If R had sent a Redirect to B, the same scenario would play out except
> that B would send its subsequent packets directly to A. But then, A would again
> still forward them to R which must drop instead of forwarding back to A.
> 
> Fred
> 
>> -----Original Message-----
>> From: Bernie Volz (volz) [mailto:volz@cisco.com]
>> Sent: Thursday, October 08, 2020 2:19 PM
>> To: ianfarrer@gmx.com; Templin (US), Fred L <Fred.L.Templin@boeing.com>
>> Cc: dhcwg <dhcwg@ietf.org>rg>; 6man <ipv6@ietf.org>rg>; v6ops list <v6ops@ietf.org>
>> Subject: RE: [v6ops] [EXTERNAL] Re: [dhcwg] Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-
>> requirements
>> 
>> 
>> Is this a model where in your Figure 1, you have a switch between the PD Client and Delegating Relay and you might have other
>> devices off that switch?
>> 
>> In that case, why would any of the devices off that switch be using the prefix given the PD Client? How would they learn this? I don't
>> think the PD Client nor Delegating Relay should be doing RAs with the PD prefix in them (or a sub-prefix).
>> 
>> If the PD Client is doing that, then any devices off the switch would be using it as the default router for that prefix and not the
>> delegating relay? And, hence no traffic should be doing to the delegating relay with the PD destination address.
>> 
>> Or, do I have this model wrong?
>> 
>> - Bernie
>> 
>> -----Original Message-----
>> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of ianfarrer@gmx.com
>> Sent: Thursday, October 8, 2020 12:16 PM
>> To: Templin (US), Fred L <Fred.L.Templin@boeing.com>
>> Cc: dhcwg <dhcwg@ietf.org>rg>; 6man <ipv6@ietf.org>rg>; v6ops list <v6ops@ietf.org>
>> Subject: Re: [v6ops] [EXTERNAL] Re: [dhcwg] Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-
>> requirements
>> 
>> Hi Fred / Jen
>> 
>> Please see inline below.
>> 
>> Thanks,
>> Ian
>> 
>>>> On 8. Oct 2020, at 17:51, Templin (US), Fred L <Fred.L.Templin@boeing.com> wrote:
>>> 
>>> Jen,
>>> 
>>>> What would happen if the *second* device sends traffic towards the
>>>> delegated prefix? As that device is usig the relay as its default
>>>> gateway, the traffic would be sent there.
>>>> If I read the draft correctly, instead of forwarding the traffic and
>>>> maybe sending the redirect, the relay is expected to drop it?
>>> 
>>> The way that I interpret it, when the second device sends the traffic
>>> to the relay, the relay would still forward the traffic to the client,
>>> which would then forward the traffic back to the relay, then at that
>>> point the relay would drop the traffic. Unless the second node somehow
>>> has a way of knowing that the client has entered into an amnesiac
>>> state and then does a malicious "flood-ping", we can expect
>>> applications to quickly learn that the IP addresses of the client are
>>> no longer reachable. Plus, these amnesiac conditions can be expected
>>> to be rare and transient; not steady-state.
>>> 
>>> Fred
>> 
>> [if - If I understand Jen’s question correctly, it’s related to the ‘working’ case.
>> i.e. the client has completed PD, installed the routes and the relay has the relevant lease info/routes.
>> 
>> When the second device sends via the default route with a destination address in the delegated prefix, R-4 in it’s current form would
>> cause the traffic to be dropped.
>> As the relay doesn’t forward the packet, it can’t send a redirect (per RFC4681), so the second device can’t forward.
>> 
>> Looking at this, I think there are deployment scenarios where R-4 isn’t going to work.
>> 
>> My suggestion would be to make R-4 disable-able.]
>> 
>> 
>> 
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Jen Linkova
>>>> Sent: Wednesday, October 07, 2020 6:25 PM
>>>> To: ianfarrer@gmx.com
>>>> Cc: dhcwg <dhcwg@ietf.org>rg>; v6ops list <v6ops@ietf.org>rg>; 6man
>>>> <ipv6@ietf.org>
>>>> Subject: [EXTERNAL] Re: [dhcwg] Question to DHCPv6 Relay Implementors
>>>> regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
>>>> 
>>>> This message was sent from outside of Boeing. Please do not click
>>>> links or open attachments unless you recognize the sender and know that the content is safe.
>>>> 
>>>> 
>>>> On Wed, Oct 7, 2020 at 9:25 PM <ianfarrer@gmx.com> wrote:
>>>>> We are currently finishing WGLC for this draft. It describes
>>>>> requirements for a 'DHCPv6 Delegating Relay' - this is a router
>>>>> functioning
>>>> as the L3 edge and DHCPv6 relay (only) with prefix delegation. This
>>>> is a common deployment scenario, but RFC3633/8415 only really
>>>> describes PD using a Delegating Router - i.e the L3 edge also
>>>> functions as a DHCPv6 server with no relay. When the relay and server
>>>> functions are performed by separate devices a number of problems with
>>>> how relays behave have
>>>>> been observed, so this document addresses them.
>>>>> 
>>>>> During WGLC for this, Ole raised a comment related to one of the routing requirements:
>>>>> 
>>>>> R-4:    If the relay has learned a route for a delegated prefix via a
>>>>>          given interface, and receives traffic on this interface with
>>>>>          a destination address within the delegated prefix (that is
>>>>>          not an on-link prefix for the relay), then it MUST be
>>>>>          dropped.  This is to prevent routing loops.  An ICMPv6 Type
>>>>>          1, Code 6 (Destination Unreachable, reject route to
>>>>>          destination) error message MAY be sent back to the client.
>>>>>          The ICMP policy SHOULD be configurable.
>>>>> 
>>>>> The problem that this is trying to solve is:
>>>>> 
>>>>> 3.5.  Forwarding Loops between Client and Relay
>>>> 
>>>> I might be missing smth but...
>>>> Let's say I have a relay and it's 'south' (client-facing) interface
>>>> is connected to a switch. The client AND second device (another
>>>> router or a host) are connected to the same segment.
>>>> The client gets a prefix, the relay 'learned' (or shall we call it
>>>> 'install'?) the route for the delegated prefix pointing to its 'south'
>>>> interface with the client address as a next-hop.
>>>> What would happen if the *second* device sends traffic towards the
>>>> delegated prefix? As that device is usig the relay as its default
>>>> gateway, the traffic would be sent there.
>>>> If I read the draft correctly, instead of forwarding the traffic and
>>>> maybe sending the redirect, the relay is expected to drop it?
>>>> 
>>>> --
>>>> SY, Jen Linkova aka Furry
>>>> 
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>> 
>> 
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops