Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 13 July 2017 20:01 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE928131777 for <dhcwg@ietfa.amsl.com>; Thu, 13 Jul 2017 13:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.632
X-Spam-Level:
X-Spam-Status: No, score=-2.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4B1OodfnSSEd for <dhcwg@ietfa.amsl.com>; Thu, 13 Jul 2017 13:01:17 -0700 (PDT)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37E5C131778 for <dhcwg@ietf.org>; Thu, 13 Jul 2017 13:01:17 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id v6DK1CwV174429; Thu, 13 Jul 2017 22:01:12 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 52182205A22; Thu, 13 Jul 2017 22:01:12 +0200 (CEST)
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 442ED204D2B; Thu, 13 Jul 2017 22:01:12 +0200 (CEST)
Received: from [132.166.84.92] ([132.166.84.92]) by muguet2.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id v6DK1BFR024175; Thu, 13 Jul 2017 22:01:11 +0200
To: "Bernie Volz (volz)" <volz@cisco.com>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <149869621720.6575.278128190348174876@ietfa.amsl.com> <08e4e953-3a68-d6cb-6066-f60514ef0ac5@gmail.com> <3285281858d043649d507b6bda7b8646@XCH-ALN-003.cisco.com> <1f94b780-59c1-42ce-936d-0c8a71143444@gmail.com> <37917a26062f4e4c9715d324604e4d01@XCH-ALN-003.cisco.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <5fdc7054-7012-30ee-dec7-618f3cd3646f@gmail.com>
Date: Thu, 13 Jul 2017 22:01:10 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <37917a26062f4e4c9715d324604e4d01@XCH-ALN-003.cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/yvZl16UmVnRkRSHrzsMV2XiVyk0>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - questions about Solicit Prefix Delegation
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 20:01:22 -0000
Le 13/07/2017 à 19:38, Bernie Volz (volz) a écrit : > Regarding the hop limit, I don’t have a recommendation; I'd likely > leave it be what the OS defaults it to if I were writing a client. > I'm not sure I'd put this in the 3315bis specification, but the WG > can debate that issue. My oppinion is to make DHCP spec Hop Limit > 1. In order to make sure that the encap/decap of DHCP Solicit in IPv4 GTP happening on a cellular link does not drop it to 0 upon decap. It may be that the decap does or does not decrement HopLimit. I am saying 'may' because I am not sure there is a spec for GTP that encapsulates IPv6 in IPv4 (or there is but I dont know the number). > Note also that the server does not have an easy way to get the hop > count (well, perhaps there is a way but the server I work on doesn't > care what it is) and therefore I doubt any of them check. > > > Regarding Link Local vs GLA in Solicit, I think following the > specification would be recommended. Use link-local. Noted. > For things that use GLA, likely it doesn't matter since if the > Solicit is relayed and then the GLA isn't really used by the server > -- as the link-address in the Relay-Forw. It may matter if the server > is directly on link if it checks. I think that using differing scopes > for source/destination addresses is a bad idea (and certainly sending > with a source of LL and destination of GLA would be very bad). So, I > think the client should stick to using the LL unless it is > unicasting. Noted. > Note also that section 13.1 (for the unicast, GLA case) assumes the > message was not multicast (section 18.4 about UseMulticast Status > talks about "Reception of Unicast Messages"). > > I think section 13.1 was written with the assumption that > determining the destination address of a packet is harder than > obtaining the source address; hence the assumption is that if a GLA > is used as the source address, it was not a multicast [to the > link-local multicast address]. Today, kernels typically provide the > ability to get the destination address, not just the source address > (though it takes a bit more code to do so). > > >> I can say e.g. some (I believe Cisco) client puts a GUA in the src >> of aDHCPv6 Solicit. > > That's a bit of a broad statement as Cisco has many different > devices (and many different operating systems and versions) ... > perhaps if you could indicate which device(s) and software versions > you've found this to be the behavior on, I can perhaps follow up. I cant say which precisely Cisco client. The operator knows. The operator tells me to imitate what the Cisco client does, because that's what works. And that client puts a GUA in the src. I have informed the operator about this and let's see. > I will also add that in many cases when devices are doing DHCPv6, > they will only have a LL so it may also depend on the network > configuration. I agree there are many cases like that. The case I am concerned with wants that the GUA comes from the RA, and the prefix from DHCPv6-PD (a sort NAT-free scalable tethering on cellular connection). Alex > > - Bernie > > -----Original Message----- From: Alexandre Petrescu > [mailto:alexandre.petrescu@gmail.com] Sent: Thursday, July 13, 2017 > 12:01 PM To: Bernie Volz (volz) <volz@cisco.com> Cc: dhcwg@ietf.org > Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.txt - > questions about Solicit Prefix Delegation > > Bernie, > > Le 12/07/2017 à 23:33, Bernie Volz (volz) a écrit : >> Hi: >> >>> What is the Hop Limit that a Solicit should contain in the IPv6 >>> header? >> >> ND uses hop limit of 255 so the destination can check that it is >> 255 on receipt (whereas 1 could have been anything and forwarded >> many times). >> >> But I'm not sure if that is a the best practice when you don't want >> the packet forwarded. I would think that if the destination is a >> link-local multicast, it really doesn't matter as nothing should >> forward the packet (and if something is misconfigured to forward >> the packet, you're probably in deeper trouble than just with >> DHCPv6). >> >> RFC 4861 has: >> >> 11.2. Securing Neighbor Discovery Messages >> >> The protocol reduces the exposure to the above threats in the >> absence of authentication by ignoring ND packets received from >> off-link senders. The Hop Limit field of all received packets is >> verified to contain 255, the maximum legal value. Because routers >> decrement the Hop Limit on all packets they forward, received >> packets containing a Hop Limit of 255 must have originated from a >> neighbor. >> >> I don't know off hand if there's any place this is documented >> (what to use for hop limit with link-local). > > I think your explanation makes sense about ND. > > But, about DHCP, I need to know whether a DHCP Solicit with HopLimit > 1 is valid or not. > > As I said earlier, some DHCP clients set it at 255 whereas others at > 1. > > In some setting, the DHCP Solicit is encapsulated in IPv4. Some of > the decapsulation RFCs say that the HopLimit is decremented. > > In that setting, it is not clear whether decrementing the hop limit > happens, or not. > > But I want to make sure the client which sets HopLimit at 1 > (odhcp6c) is the right way to do. > > I think a good place to clarify this is in the DHCP spec. > > The spec could say that the HopLimit has some preferred value. > >>> Is IA_NA with empty fields a valid option in a Prefix Delegation >>> Solicit, or must IA_NA be absent altogether? (the intention is >>> to only request the Prefix, because the address comes from RA). >> >> Not sure what an "empty" IA_NA is. Whether you include an IA_NA or >> not with IA_PD is the client's choice. If it what's an address >> (such as for management) on the upstream link, than it should >> include an IA_NA. This is covered in the text in 6.3 (IA_PD only) >> vs 6.4 (IA_PD and IA_NA, typically). > > Noted. > >>> Is ORO with empty fields illegal in a Prefix Delegation Solicit? >>> (the intention is to get the DNS server from RA, but some >>> client puts an empty ORO there). >> >> An empty ORO is fine (it should not cause problems, but is >> obviously useless). Though if they are following the rfc3315bis >> and doing what they should, there would not be an empty ORO. > > Noted. > >>> Is it ok to use a GUA in the src address of a Solicit Prefix >>> Delegation? >> >> See 13.1 of draft-ietf-dhc-rfc3315bis-09 ... the source address >> here should be link-local. > > Well, that contradicts some trial. > > I can say e.g. some (I believe Cisco) client puts a GUA in the src > of a DHCPv6 Solicit. Other DHCP clients have this optional between > LLA or GUA. The operator I work with wants it to be a GUA. > > As such, I dont know what is the way forward: should the spec get > updated? shoudl the operator change? should the Cisco > implementation change? > > Alex >
- [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis-09.… internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Vízdal Aleš
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Vízdal Aleš
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Vízdal Aleš
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Vízdal Aleš
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… 神明達哉
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… 神明達哉
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Alexandre Petrescu
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Roy Marples
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Roy Marples
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Roy Marples
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… Ted Lemon
- Re: [dhcwg] I-D Action: draft-ietf-dhc-rfc3315bis… mohamed.boucadair