IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-dhcpv6-pd-relay-requirements - respond by August 17th, 2020

"Bernie Volz (volz)" <volz@cisco.com> Mon, 14 September 2020 13:35 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA9A3A09BC for <dhcwg@ietfa.amsl.com>; Mon, 14 Sep 2020 06:35:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.619
X-Spam-Level:
X-Spam-Status: No, score=-9.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Wh/tQIsm; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=MGxVRHBH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CqGWaMnTx7nh for <dhcwg@ietfa.amsl.com>; Mon, 14 Sep 2020 06:35:39 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 948813A09B9 for <dhcwg@ietf.org>; Mon, 14 Sep 2020 06:35:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27744; q=dns/txt; s=iport; t=1600090539; x=1601300139; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=+SshVAhUdLToVWCbZ6Hkeh3lwcY+1OQ3yMCWoqdTFss=; b=Wh/tQIsmtAaeDksNUZShfSZaNcfU7djHAfnXy+Eb5eHGrhFM8Qcpp/vw iKsIjSyaT8uxOSlM68SAcwKxQ+Z3QA6ueIDRvXF/DvDrebZzlxSGziFrJ 9O1xW7zU3HmQFtWNMGjAC1fHUFZkD1VV4gUvcj+4Eg+BiZeHRc8k5xYOv s=;
IronPort-PHdr: 9a23:ygbPcxMhJdxYWb+LOSol6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvKw13lDMTcPQ7PcXw+bVsqW1X2sG7N7BtX0Za5VDWlcDjtlehA0vBsOJSCiZZP7nZiA3BoJOAVli+XzoPk1FXs35Yg6arni79zVHHBL5OEJ8Lfj0HYiHicOx2qiy9pTfbh8OiiC6ZOZ5LQ69qkPascxFjA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BaCABYcV9f/4ENJK1gHQEBAQEJARIBBQUBgg+BIy8jLgdwWS8sCoQvg0YDjW6YcoFCgREDVQsBAQENAQEtAgQBAYRLAheCEAIkOBMCAwEBCwEBBQEBAQIBBgRthVwBC4VyAQEBAQMSEQoTAQE3AQ8CAQgRBAEBKAMCAgIwFAkIAgQOBQgagwWBfk0DLgGqPgKBOYhhdoEygwEBAQWFIhiCEAmBOIJxg2mGUhuCAIERQ4JNPoEEgRZCBIFDHDSCYTOCLZMnhnCLcpEBCoJlml6DCYl1hTeIdYVCkl6BcZsQgmICBAIEBQIOAQEFgWsjKoEtcBU7gmlQFwINjh8MFxSDOopWdAI1AgYBCQEBAwl8jQ4HgS4BgRABAQ
X-IronPort-AV: E=Sophos;i="5.76,426,1592870400"; d="scan'208,217";a="558327796"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Sep 2020 13:35:38 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 08EDZcUV008976 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 14 Sep 2020 13:35:38 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 14 Sep 2020 08:35:38 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 14 Sep 2020 09:35:37 -0400
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 14 Sep 2020 08:35:37 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BcSngWCg7oEYRpr9bGap2ItHC9Ec/fU+PpNzorKmE3MPda22JIBTeZc9wbl03CPDk2XCbIOSJMIn9wDsXBV+vuQYQYeEJb6x53Y4iZb96QmBfMsWjfSid5vnakjPU+Kirlz1Hi0UIFsR2YICO6Nt6CbDkn6uFeUOkDNXiYid2FHbFQ+wcJIV6UkIJf7SQ/KdszWBPqVulAMhfWBkSRQc9h1SX07ag3m94Z/LNpJri16+hWIlynoDkc7YJch+epM7SLrfLB9pFp/2akpjFPD27yCpW+vXj5tuX5j4U1MFAj+qGxSQ9F8kIfFZjQboaMAsAZ5Xy7uDlSpP8IZXqw24yQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SshVAhUdLToVWCbZ6Hkeh3lwcY+1OQ3yMCWoqdTFss=; b=K68NaclW9MhfwbPUbZbAsSyrT4O74Q6KwT6SLGvNbDskdafFx9ptxsrKQ+bxxSghOYTMWNCFguDLipyT5B1OJZPLvurJuQRGA8AuTLmA8UHJkq/HNlUj4Io+6LdFXPnEPJS0A7CxzYqK7tZ13tR06gZ6OFEBlIpF4opj5WsG7iVMdBVwPeq9hf2F5DONpqt/7J9y7GhE+5YG+NqjKPyQ6F/0KRYKGW404Pi75qqLouGZRe5pRuKqN3y172UpZGcT3c7NBqijQGAiB5s2EPzTNweF7hM0p7zrdi+NDX0ofCMWtE5yiz97Nj0Hmx+gewXd5s2gR0QpxQvvvlJHJlna/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SshVAhUdLToVWCbZ6Hkeh3lwcY+1OQ3yMCWoqdTFss=; b=MGxVRHBHY9ktWeq4zTzVeRqY8s9eU0r15W94224P3o4PdRMGJngx87FNa5xy8TAMGluerhnKCpgtHR50wPwHWUYALKSYyA6MR8TjR8QVAu1z6YI9+yakXfhTxjq3CMgMj+gxldfQEQqpofxEm2C5ye2kGCZodTK6TujFFaTn9bA=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN6PR11MB0002.namprd11.prod.outlook.com (2603:10b6:405:62::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Mon, 14 Sep 2020 13:35:36 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::4ced:474b:c85e:9533]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::4ced:474b:c85e:9533%7]) with mapi id 15.20.3370.019; Mon, 14 Sep 2020 13:35:36 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "ianfarrer@gmx.com" <ianfarrer@gmx.com>
CC: Ole Troan <otroan@employees.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] WGLC for draft-ietf-dhc-dhcpv6-pd-relay-requirements - respond by August 17th, 2020
Thread-Index: AdZoFVxuAu0BfSLCTG+HCqIezbKcGQHxEU2QAThRN5AAHWyhAAAdlqLgBDksDgAACEEa8AD3zgAAAAO/WKA=
Date: Mon, 14 Sep 2020 13:35:35 +0000
Message-ID: <BN7PR11MB25473F7EBE67E1B51DE7AD46CF230@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <BN7PR11MB254783295780CA79CDA1FAB3CF4F0@BN7PR11MB2547.namprd11.prod.outlook.com> <BN7PR11MB254779A3599EFC466605CD92CF450@BN7PR11MB2547.namprd11.prod.outlook.com> <BN7PR11MB25477ED8552DF78132E2F089CF5F0@BN7PR11MB2547.namprd11.prod.outlook.com> <DFF9367A-5D78-4795-988A-FCD37F3C6377@employees.org> <BN7PR11MB25472678D6ACAB82912141A6CF5C0@BN7PR11MB2547.namprd11.prod.outlook.com> <C503DF9C-7798-43A3-9E7F-7D7E09B0D98B@gmx.com> <BN7PR11MB25475DCDA3E215609BF3D8F5CF260@BN7PR11MB2547.namprd11.prod.outlook.com> <263B0965-AF60-4008-B55C-AF9803EB419F@gmx.com>
In-Reply-To: <263B0965-AF60-4008-B55C-AF9803EB419F@gmx.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.com; dkim=none (message not signed) header.d=none;gmx.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [24.233.121.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 479882c5-e44f-4959-66d5-08d858b30fcf
x-ms-traffictypediagnostic: BN6PR11MB0002:
x-microsoft-antispam-prvs: <BN6PR11MB00028B94578914225237CAAFCF230@BN6PR11MB0002.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jxWtp5mXhP+xuOoQwYCGklFG0YFnGhWnWjT45C+qEnY6pXUkDOgj7oklP6BkNz5Con6LCyGA4+NftZS8hgAf7/MNIh6sHVhWH/ZBiEHUxXdOVghkuPGpgGcYTDyQm9ylpBSdstSNM2WeZZUKw1eZQRTn2Ov9x+8Hos4tSjWE0jAmi0J/VXSsFbofVO5UUg+VKXIIVqbbNsXRgVjwIqEzhffZ8gMlKzs+37TnUVfGBm9HSq6BW6Drfs2glZnzTiEXmffLmPjIEUCS3WDETnvVKg8/e7avT/mDutk8pqkQwr/xk2K9Qu3JOeogzYGkJ9oXLPxTiWkuewrm0i6JznihWp4zyiobqCo1frJ+DtQcBJO2+JJwzVecXTqaZw0xdpTa
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(366004)(376002)(39860400002)(346002)(52536014)(26005)(66946007)(316002)(8936002)(33656002)(53546011)(5660300002)(83380400001)(86362001)(66574015)(2906002)(66476007)(55016002)(76116006)(9686003)(4326008)(186003)(6916009)(64756008)(66446008)(54906003)(71200400001)(66556008)(478600001)(8676002)(7696005)(6506007)(518174003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: otM8CiHkxp+YVQJol8hRbu8Dr0fAp9bQ6jPBtieuRTPIKUtwb5KhmsOZFWdKOUDpCaxs/nmmfF10rDkFvHPpRVCkgsV5xVgxey9sqUvISE5f47jJ4t3QKGAH3sfhzDqbUDNs6OyqeEaPFComG2yDHbzqYzC2kWYxeZnMXVZf5IVMrW/vqgbcEla157gbKLIs4S0S6WRWhZrTj5xwm6x5XF6NGm0/WhsZq4MKNg/ZpTdwmuCFrMlTrC6fbgz8HVO1g7WHZQMUtQRcciahejsBh+eUf28wFuIlJE0N5AxIKDMGrld0WEX5kcDfoN45yKTKxHY7EOgcLH9vqhH4PUxgHZLVBivabGJtkBbAzRCxaLohrpqxU3Cv0YszlltcyjrX5HIGNBYpVqw9a2sJXzdJ95Sz3RFT6R5JoHk1hgeKV65rabu9zF800cMj+kj7o4C753jDB941JV1LwcKjJYPPsrCeeFiL1NaFwkf1PbvP+a/TY9aSzROGJ148XIdZf+6SU6iwKufki/tzn8nLpAJkedxNzkKkmSeXDoZ1GhPuzU5VIjMB8DaZO4PDxMbziIUxlAPlycadummjJyTtEs/acjNw5UocygmCZ+77Xiy+/gASWceAHgoEMXvZtCTt46JMmEokMx9qcaebWS8b97qIEQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB25473F7EBE67E1B51DE7AD46CF230BN7PR11MB2547namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2547.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 479882c5-e44f-4959-66d5-08d858b30fcf
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2020 13:35:35.9276 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Dfsbqk5Kmo0FQY6NvDnQIqhZ9Aw+NA8K9MhvyeuVOcwBM0Rv8mxoqvldwt3EaRSF
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB0002
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/w4kOIlPDTryAIGSSTF-EA1dsPow>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-dhcpv6-pd-relay-requirements - respond by August 17th, 2020
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 13:35:43 -0000

Hi.

See below (BV2>).


  *   Bernie

From: ianfarrer@gmx.com <ianfarrer@gmx.com>
Sent: Monday, September 14, 2020 7:41 AM
To: Bernie Volz (volz) <volz@cisco.com>
Cc: Ole Troan <otroan@employees.org>; dhcwg@ietf.org
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-dhcpv6-pd-relay-requirements - respond by August 17th, 2020

Hi Bernie,

Thanks for your response. Please see inline below.

Thanks,
Ian




On 19. Aug 2020, at 00:15, Bernie Volz (volz) <volz=40cisco.com@dmarc.ietf.org<mailto:volz=40cisco.com@dmarc.ietf.org>> wrote:

Thanks Ole ... I had also flagged that requirement as an issue in my shepherd review as it is not very clear.

I think the not configured on the relay means that the destination address hasn't been assigned as an address on one of the relay's interfaces.

I do wonder though what the "normal" router behavior would be - would it not just send the packet back and also send an ICMP redirect? And, why does this needs to be called out specially isn't clear?

[if - Yes,

The requirement is intended to hand the case where, for whatever reason, the client’s routing traffic towards the delegating relay with a destination in the prefix that it’s been delegated. i.e. something’s wrong with the client’s routing. The obvious exception to this is if the link between the client and delegating relay has a prefix that is part of the delegation (e.g. the PD exclude case).

The current wording is pretty unclear. How about:

old:
If the relay has an existing route for a delegated prefix via  an interface, and receives ingress traffic on this interface  with a destination address from the delegated prefix (not configured on the relay), then it MUST be dropped.

new:
If the relay has learned a route for a delegated prefix via a given interface, and receives traffic on this interface with a destination address within the delegated prefix (but not directly connected to the relay), then it MUST be dropped.  This is to prevent routing loops.

BV> "(but not directly connected to the relay)" is a bit odd ... perhaps "where this address is not assigned to the relay" (remove the parentheses).

[if - I wondered about using something like this, but it only really makes sense if the client / relay are on a p-t-p link. If it’s a shared / NBMA link then other devices could be attached to segment and addressed from this prefix. Really, it’s an on-link prefix, so what about:

"and receives traffic on this interface with a destination address within the delegated prefix (that is not an on-link prefix for the relay), then it MUST be dropped."

BV2> Hum … Perhaps Ole has some thought. Not sure that really covers it.


BV> Additional question ... RFC7084 has WPD-5 and they added an (a) about ICMPv6 Destination Unreachable ... do you want to say anything about whether to send ICMPv6 or not (probably not)?

[if - I think it makes sense. I’ve added the following to R-4:

An ICMPv6 Type 1, Code 6 (Destination Unreachable, reject
route to destination) error message MAY be sent back to
the client.  The ICMP policy SHOULD be configurable.]

BV2> OK!
----






And, "time synchronization between DHCP functional elements" is really not covered much - it translate into O-3 as best I can gather? Just wondering if it is really worth mentioning in the abstract - but that leaves just "rejection of client's messages and other problems". Perhaps reworking this to provide a list of the main problems is worth considering? FYI  - you could add some kind of data recovery/persistence in case of 'crash'/restart?

[if - It did read ’timer syncronization’ - i.e. related to the times present in DHCP messages, but this text is no longer present.]

BV> So, I'm not sure what the plan is with respect to this text? DHCP has a generic time synchronization problem in that everything is relative to when received (not necessarily transmitted) and resolution is seconds and no strong requirement for clocks to tic consistently. This is often why grace periods are applied to lease expiration times (though in most cases, this is probably also not necessary given that the client is probably not there as otherwise it would have renewed).

[if - I’m a little confused as to which text you’re referring to now. The original comment was related to the ‘..issues such as timer synchronization between..’ wording in the abstract. The abstract text has now been replaced using Ted’s suggested wording and does not mention timers at all. This is the current abstract wording:

    This memo describes operational problems that are known to
    occur when using DHCPv6 relays with Prefix Delegation. These
    problems can prevent successful delegation and result in routing
    failures. To address these problems, this memo provides necessary
    functional requirements for operating DHCPv6 relays with Prefix
    Delegation.

   It is recommended that any network operator that is using DHCPv6
    prefix delegation with relays should ensure that these requirements
    are followed on their networks.

Req G-8 is for DHCP lease timer synchronisation:

    G-8: The delegating relay MUST update the lease
    lifetimes based on the Client Reply messages it forwards to the
    client and only expire the delegated prefixes when the valid
    lifetime has elapsed.]

BV2> OK … Just wanted to make sure the ‘timer synchronization’ bit earlier in the document was either removed or expanded upon; removed is fine.

v2.23.0 | Report a Bug | By Email