Re: [dhcwg] draft-forte-dhc-passive-dad-01
Greg Daley <gregd@research.panasonic.com> Fri, 31 March 2006 14:58 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FPL56-000498-E8; Fri, 31 Mar 2006 09:58:32 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FPL55-00048z-PO for dhcwg@ietf.org; Fri, 31 Mar 2006 09:58:31 -0500
Received: from oak.research.panasonic.com ([150.169.1.4]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FPL54-0005tY-DS for dhcwg@ietf.org; Fri, 31 Mar 2006 09:58:31 -0500
Received: from redwood.research.panasonic.com (redwood.research.panasonic.com [150.169.3.3]) by oak.research.panasonic.com (1.1.1/1.1.1) with ESMTP id k2VEw1Gj012486; Fri, 31 Mar 2006 09:58:01 -0500
Received: from [150.169.1.225] (dhcp225.Research.Panasonic.COM [150.169.1.225] (may be forged)) by redwood.research.panasonic.com (MOS 3.7.4b-GA) with ESMTP id AEN02455; Fri, 31 Mar 2006 09:57:05 -0500 (EST)
Message-ID: <442D437C.9050406@research.panasonic.com>
Date: Fri, 31 Mar 2006 09:58:04 -0500
From: Greg Daley <gregd@research.panasonic.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: "Andrea G. Forte" <andreaf@cs.columbia.edu>
Subject: Re: [dhcwg] draft-forte-dhc-passive-dad-01
References: <4416F10C.2000703@cs.columbia.edu> <4419DBD9.7010706@research.panasonic.com> <441CC7C5.20308@cs.columbia.edu>
In-Reply-To: <441CC7C5.20308@cs.columbia.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
Cc: dhcwg@ietf.org, sangho@cs.columbia.edu
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org
Hi Andrea, Sorry about the delay in replying. I appreciate that the system will work if the network is designed to not support autoconfiguration of global addresses. As it stands though, the default configurations of IPv6 address configuration allow SAA addresses to co-exist with DHCPv6 addresses. In this case the guarantees you need don't work. If you write an applicability statement for the IPv6 portion indicating the issue (v. brief), and indicating that the Autonomous configuration (A) flag needs to be unset to force global address configuration using DHCP, this will help a lot. Please be aware that the delays for link-local address configuration will not be curtailed for this system, as a link-local address is required to form a DHCP message. For those addresses Optimistic DAD is still needed. Greg Andrea G. Forte wrote: > Dear Greg, > > first of all I want to thank you for the interesting comments. > I agree with what you say, however I am a little surprised by some of > your points as in the draft I clearly say "pDAD in its present form is > not intended > for supporting the stateless configuration mechanism of DHCPv6". This > means that I do not see pDAD as being applicable where Stateless Address > Allocation is used (mixed or not with Stateful Allocation). > Optimistic DAD most probably is the way to go for IPv6, however I do not > see any harm in suggesting that pDAD could also be used in IPv6 when > only Stateful Address Allocation is used. Furthermore, I think that the > information provided by the AUC could be useful for other things than > just DAD such as intrusion detection ... but this is another story, with > its own set of problems. > I want to look more in detail at Optimistic DAD and see if there are > some performance evaluations of real life deployments. Please let me > know if you or anyone else might have some pointers to it. > > -Andrea > > > Greg Daley wrote: >> Dear Andrea, >> >> At the last IETF session, I mentioned that there is >> previous work in this area for IPv6, which limits >> the applicability of this solution to that protocol. >> >> There are significant issues in IPv6 which cause >> problems with immediate address allocation to a configuring >> host. Particularly, IPv6 addresses can be allocated without >> reference to DHCP servers, and hosts may sit passively >> (without sending Neighbour Discovery packets) after it has >> completed configuration for this address, unless >> someone has a packet destined to them (in that case the >> relay may not see the NA response). >> >> Given that IPv6 addresses configured through Stateless Address >> Allocation (or manual configuration) do not have an explicit >> expiry time, and may be constructed without reference to DHCP >> addressing pools, any reboot of the passive AUC, DHCP server, >> or even just unavailability at the time of Stateless Address >> Autoconfiguration can cause the passive DAD service to assume >> that an address is valid even though it is legitimately held >> by an IPv6 host. >> >> Alternatives have been proposed in the past, which either >> actively DAD check allocatable addresses in advance >> (draft-han-mobileip-adad-01.txt) or force responses from >> each address holder on the link (draft-daley-ipv6-mcast-dad-02.txt). >> These allow an agent to either say a particular reserved address >> is available, or that a particular requested address is definitely >> not on a link. >> >> Saying that the pDAD will work for IPv6 now is incorrect, >> as it cannot definitively say that the address is available, >> and there's no way to "Retract" the allocation after a duplicate >> address has been found, if it was inaccurate. >> >> Additionally, the cost of DAD in IPv6 is significantly reduced >> due to Optimistic Duplicate Address Detection >> (draft-ietf-ipv6-optimistic-dad-07.txt), which is in AUTH48 in >> the RFC editor's queue. >> >> People will use Optimistic Duplicate Address Detection because it >> is safe and it works with no modifications to peers or network >> infrastructure, without the time expense you're trying to >> counter. >> >> So please leave out IPv6 from your description. >> >> Greg >> >> >> Andrea G Forte wrote: >> >>> Dear all, >>> >>> we have submitted the new version of the pDAD draft. >>> You can find it here: >>> https://datatracker.ietf.org/public/idindex.cgi?command=id_detail&id=13702 >>> >>> >>> We have also taken some measurements to show the traffic load between >>> AUC and DHCP server. >>> Please note that the measurements were taken using the old architecture >>> (from draft 00) without client ID support. >>> A short technical report regarding this can be found here: >>> http://mice.cs.columbia.edu/getTechreport.php?techreportID=392&format=pdf& >>> >>> >>> I am looking forward to discuss it more in detail at the next IETF >>> meeting. >>> Thank you for all your feedback. >>> >>> -Andrea >>> >>> >>> >>> _______________________________________________ >>> dhcwg mailing list >>> dhcwg@ietf.org >>> https://www1.ietf.org/mailman/listinfo/dhcwg >>> > > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www1.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] draft-forte-dhc-passive-dad-01 Andrea G Forte
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Greg Daley
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Ted Lemon
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Greg Daley
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Soohong Daniel Park
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Andrea G. Forte
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Greg Daley
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Andrea G Forte
- Re: [dhcwg] draft-forte-dhc-passive-dad-01 Greg Daley