IETF Logo Mail Archive

Re: [dhcwg] Stephen Farrell's Discuss on draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and COMMENT)

"Bernie Volz (volz)" <volz@cisco.com> Thu, 28 May 2015 11:55 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8299B1A88F2; Thu, 28 May 2015 04:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KMJlx8UtyZ7; Thu, 28 May 2015 04:55:29 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B5431A1BA2; Thu, 28 May 2015 04:55:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6274; q=dns/txt; s=iport; t=1432814129; x=1434023729; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=THS3QY48hYDKPd8wXNweI8Y6pJL835jCMv9AKrKZGy8=; b=fIE6RXPWQRMIbAG02GcD3ldNiAXpQJ9Kdsr6O3RIFP29UDqu4rNLLirn D0AyIXtODJIhN43vlNuCZSGnpg4dqPGKDS8514/BZMrDGzJj4VV9AlTME cc2ND9ww4niez1Rj+8ptuiACaatbJjXvxx6zR/v+Pl8ltFLLbAYxKZay9 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D9AwD+AGdV/5FdJa1SAQmDEIEyBoMYvBQJh1ECHIE1OBQBAQEBAQEBgQqEIgEBAQQjEUUMBAIBCBEEAQEBAgIGGQQDAgICMBQBCAgCBA4DAgiIJbAcpA4BAQEBAQEBAQEBAQEBAQEBAQEBAQEXgSGKIoQpAREaFhsHBoJiL4EWAQSTCKI+I2GBBSQcFYE9Qi2BRoEBAQEB
X-IronPort-AV: E=Sophos;i="5.13,513,1427760000"; d="scan'208";a="154122855"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-5.cisco.com with ESMTP; 28 May 2015 11:55:28 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id t4SBtSv8018402 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 28 May 2015 11:55:28 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.169]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.03.0195.001; Thu, 28 May 2015 06:55:28 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [dhcwg] Stephen Farrell's Discuss on draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and COMMENT)
Thread-Index: AQHQmIn49at05oXk7UuFui5qNN4Rh52QhhgAgAEN7ID//68WH4AAV7cA//+sesCAAFT5gP//rE5w
Date: Thu, 28 May 2015 11:55:28 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1CAF5EC1@xmb-rcd-x04.cisco.com>
References: <20150526122630.11294.73575.idtracker@ietfa.amsl.com> <273F8D1F-1674-425D-B455-AD0980D13552@gmail.com> <5565D571.7000607@cs.tcd.ie> <B678DDFC-AB66-4B05-BE77-7FCE08CB6748@nominum.com>, <5566FA8D.5050305@cs.tcd.ie> <85BBF76A-257E-407D-844D-748874CDC340@cisco.com> <55670042.1090700@cs.tcd.ie> <489D13FBFA9B3E41812EA89F188F018E1CAF5DA3@xmb-rcd-x04.cisco.com> <55670179.8030400@cs.tcd.ie>
In-Reply-To: <55670179.8030400@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.98.1.200]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/y_B5Q6Z9uwGDQykhDU_xFgjueV8>
Cc: "<draft-ietf-dhc-dynamic-shared-v4allocation.shepherd@ietf.org>" <draft-ietf-dhc-dynamic-shared-v4allocation.shepherd@ietf.org>, "<dhc-chairs@ietf.org>" <dhc-chairs@ietf.org>, "<draft-ietf-dhc-dynamic-shared-v4allocation@ietf.org>" <draft-ietf-dhc-dynamic-shared-v4allocation@ietf.org>, The IESG <iesg@ietf.org>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, "<draft-ietf-dhc-dynamic-shared-v4allocation.ad@ietf.org>" <draft-ietf-dhc-dynamic-shared-v4allocation.ad@ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] Stephen Farrell's Discuss on draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2015 11:55:31 -0000

It needs a MUST because the DHCP protocol (RFC 2131/2132) specifies that the client-identifier option is OPTIONAL. If not present, the mac-address is used. And as has already been discussed, the mac-address is not a good choice here because of the tunnel interface.

Thus, this document REQUIRES that the client use the client-identifier option when using shared-v4-allocation requests - the option is not optional.

- Bernie
 
-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Thursday, May 28, 2015 7:52 AM
To: Bernie Volz (volz)
Cc: <draft-ietf-dhc-dynamic-shared-v4allocation.ad@ietf.org>; <draft-ietf-dhc-dynamic-shared-v4allocation.shepherd@ietf.org>; <dhc-chairs@ietf.org>; <draft-ietf-dhc-dynamic-shared-v4allocation@ietf.org>; Qi Sun; The IESG; <dhcwg@ietf.org>; Ted Lemon
Subject: Re: [dhcwg] Stephen Farrell's Discuss on draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and COMMENT)



On 28/05/15 12:49, Bernie Volz (volz) wrote:
> The client always most identify itself consistently in all packets sent by the client to the server - and for DHCP that is again either by mac-address or client-identifier option.
> 
> I do not think it appropriate to change how DHCP works in this document.

So that confuses me. If the above is an inherent necessity for dhcp then why does the current document need a 2119 MUST?

S.

> 
> - Bernie
> 
> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Thursday, May 28, 2015 7:47 AM
> To: Bernie Volz (volz)
> Cc: Ted Lemon; Qi Sun; 
> <draft-ietf-dhc-dynamic-shared-v4allocation.ad@ietf.org>; 
> <dhc-chairs@ietf.org>; 
> <draft-ietf-dhc-dynamic-shared-v4allocation@ietf.org>; The IESG; 
> <dhcwg@ietf.org>; 
> <draft-ietf-dhc-dynamic-shared-v4allocation.shepherd@ietf.org>
> Subject: Re: [dhcwg] Stephen Farrell's Discuss on 
> draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and 
> COMMENT)
> 
> 
> 
> On 28/05/15 12:33, Bernie Volz (volz) wrote:
>> There is no PSID at the start of client allocation request
>> (DHCPDISCOVER)
> 
> Maybe I'm mis reading the draft but I thought it was saying client identifier was a MUST in all cases, and not only for DHCPDISCOVER.
> 
> If it said client identifier was needed in case <foo> but otherwise could be omitted (assuming that works) then I think that'd be better.
> 
>> and client id is from the client to the server in DHCP. DHCP client 
>> identity is based on mac-address (already explained why not
>> appropriate) or client id option. Why would we want to change this?
> 
> I'm not suggesting a change like that, but only to omit the identifying information when that's possible.
> 
> S
> 
>>
>> - Bernie
>>
>>> On May 28, 2015, at 7:22 AM, Stephen Farrell 
>>> <stephen.farrell@cs.tcd.ie> wrote:
>>>
>>>
>>> Hi Ted,
>>>
>>>> On 27/05/15 20:16, Ted Lemon wrote: On May 27, 2015, at 10:32 AM, 
>>>> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>>>> I don't believe I saw an answer to the question above. What is the 
>>>>> answer? (I think that is the key thing in figuring out how to 
>>>>> handle the discuss btw.)
>>>>
>>>> The base protocol specification uses either the client identifier 
>>>> option or the client MAC address as an identifier.
>>>> This document is requiring the use of the client identifier option, 
>>>> and excludes the use of the MAC address, which potentially 
>>>> increases user privacy in the event that the DHCP
>>>> privacy profile is used.   If the specification allowed the
>>>> client to use its MAC address alone as an identifier, this would 
>>>> not be possible.
>>>>
>>>> However, I think the actual reason that the client identifier is 
>>>> being required here is that the specific interface that is being 
>>>> configured on the client is not a hardware interface--it's a 
>>>> virtual point-to-point link, which has no hardware address, and 
>>>> thus the client identifier is the only possible identifier to use.
>>>
>>> But isn't the PSID here exactly the idenfier needed (plus the 
>>> address where one's been allocated)?
>>>
>>> S.
>>>
>>>>
>>>> The client identifier or MAC address is used as a database key by 
>>>> the DHCP server to track resources allocated to the client: in
>>>> this case the A+P port set.   Without such a key, there would be
>>>> no way to renew the client's lease on that particular A+P port set, 
>>>> and so TCP connections would be broken each time the client's lease 
>>>> expired.
>>>>

v2.23.0 | Report a Bug | By Email