RE: [dhcwg] Genart last call review of draft-ietf-dhc-dhcp4o6-saddr-opt-04

"Bernie Volz (volz)" <volz@cisco.com> Wed, 12 September 2018 20:32 UTC

Return-Path: <volz@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDCB6130EC8; Wed, 12 Sep 2018 13:32:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X7HQYknovz0C; Wed, 12 Sep 2018 13:32:13 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55C89130EB2; Wed, 12 Sep 2018 13:32:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8100; q=dns/txt; s=iport; t=1536784333; x=1537993933; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=1mWxkt6IlsvfRNQE7Eiq3nW4EnMf0Ij4K4nXYS4llCc=; b=F3mvqpbZoKZ4uTNQ5pBzEkfiqgQtAvriAhx/jUYdUuD/ULJePvDgzK9v xew0mfap1g6ErkxBdpf+NJyr5tbY3RkBV+LZKjP6qj1JP/bScOzTWF0nh hdk1OqhLOtIe+rBvQUwg4Fi3mBH+fmKMRRoTfgkuDSPw0ZqO5KFPpgVSu I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C8AABcd5lb/4YNJK1cGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYFOgV4qgWQoCoNoiBWOKYM9kwCBegsshEACF4M2ITQYAQI?= =?us-ascii?q?BAQIBAQJtKIU4AQEBAQIBDhURMRQFBwQCAQgRBAEBAwImAgICMBUICAIEAQ0?= =?us-ascii?q?FCIUDAw0IpV2BLooPgQuHFIJIF4IAgRKDEoJWggIQLYJqglcCiCGGXoxVTAk?= =?us-ascii?q?CkAAfgUGNOohPiyoCERSBJR04J4EucBWDJ4IiGnoBCY0Tb4EWixsBJAeBAQG?= =?us-ascii?q?BHQEB?=
X-IronPort-AV: E=Sophos;i="5.53,366,1531785600"; d="scan'208";a="449477463"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Sep 2018 20:32:12 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id w8CKWC1c006962 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 12 Sep 2018 20:32:12 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 12 Sep 2018 15:32:11 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1395.000; Wed, 12 Sep 2018 15:32:11 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "ianfarrer@gmx.com" <ianfarrer@gmx.com>, Elwyn Davies <elwynd@dial.pipex.com>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-dhc-dhcp4o6-saddr-opt.all@ietf.org" <draft-ietf-dhc-dhcp4o6-saddr-opt.all@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: [dhcwg] Genart last call review of draft-ietf-dhc-dhcp4o6-saddr-opt-04
Thread-Topic: [dhcwg] Genart last call review of draft-ietf-dhc-dhcp4o6-saddr-opt-04
Thread-Index: AQHURff+E8kSNy3Q7kSzQj4he0oZzKTrULcAgAHQEtA=
Date: Wed, 12 Sep 2018 20:32:11 +0000
Message-ID: <8ca4b196b44e4b4fbf84261a2c09ef1d@XCH-ALN-003.cisco.com>
References: <153624844917.11686.4272080791788503923@ietfa.amsl.com> <BA799353-174B-4C32-82A4-3C0F1CA2576A@gmx.com>
In-Reply-To: <BA799353-174B-4C32-82A4-3C0F1CA2576A@gmx.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [161.44.67.110]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/3txjuN2WRqlN7WaCO_aq5UsXwX8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2018 20:32:17 -0000

Hi.

One comment (as DHC WG co-chair and shepherd). See inline below (BV>).

Other comments/responses seem OK.

- Bernie

-----Original Message-----
From: ianfarrer@gmx.com <ianfarrer@gmx.com>; 
Sent: Tuesday, September 11, 2018 7:42 AM
To: Elwyn Davies <elwynd@dial.pipex.com>;
Cc: gen-art@ietf.org; draft-ietf-dhc-dhcp4o6-saddr-opt.all@ietf.org; dhcwg@ietf.org; ietf@ietf.org
Subject: Re: [dhcwg] Genart last call review of draft-ietf-dhc-dhcp4o6-saddr-opt-04

Hi 

Many thanks for your review. Most of your comments are straightforward and I’ve prepared a version which incorporates them. I’ve got a couple of suggestions/proposals in line below.

Cheers,
Ian

> 
> Minor issues:
> s7.4:
>>   o  The received bindprefix6-len value is not larger than the number
>>      of bytes, divided by 8, received in the bind-ipv6-prefix field.
>>      (e.g. the bindprefix6-len is 128 but the bind-ipv6-prefix field is
>>      only 8 bytes long).
> Given that s6.1 gives a deterministic algorithm for calculating the length of
> the bind-ipv6-prefix field, I don't understand why the validation does not
> check that the length of the field is exactly as specified by this algorithm
> rather than using it as a lower limit.

[if - Suggested re-word for the s7.4 bullet point:

   o  The number of bytes received in the bind-ipv6-prefix field is consistent
with the received bindprefix6-len value (calculated as described in Section 6.1).
]


> s7.5 and s8 (last para): Given that the time constraints and number of retries
> will interact and are implemented in different devices, I think these two
> values need some sensible defaults defined so that devices from different
> sources should interoperate successfully out of the box.

[if - I think this is a reasonable suggestion, the question is what’s a sensible
default? As I see it, the following things need to be considered:

1, If the client is trying to update the server because it’s IPV6 address has changed,
therefore, the client’s 4 over 6 tunnel cannot function (new address is in use at the client, old address in the server
and tunnel concentrators). A default on the lower side make sense here to try
and get service restored as quickly as possible.

2, If the client is trying to update its IPv6 address and is not getting back a DHCPACK from
the server, this is for one of two reasons - either the server is not available, or this is the
2nd attempt to update the address in less than the server’s update interval policy. In the
first instance, going back to DHCPDISCOVER gives the client the best chance of finding a
working server. In the second instance, it may be safe to a

3, The update interval on the server side is to deal with the second case - to stop clients from
constantly sending updates (which may need to trigger other back-end provisioning
functions) enabling a DOS attack, so needs to be long enough to reasonably protect
against this.

Trying to balance the above, I propose the following defaults for client and server:

The client does 6 retries using the RFC2131 backoff interval 
timers. This means a minimum time of 182 seconds ((4-1)+(8-1)+(16-1)+(32-1)+(64-1)+(64-1)),
and 180 seconds at the server side. If the 6th retry is not successful, the client resets to 
DHCPDISCOVER.

I’d appreciate any thoughts on the above proposal.

BV> How about just following RFC2131, section 3.1 (step 5):

     The client times out and retransmits the DHCPREQUEST message if the
     client receives neither a DHCPACK or a DHCPNAK message.  The client
     retransmits the DHCPREQUEST according to the retransmission
     algorithm in section 4.1.  The client should choose to retransmit
     the DHCPREQUEST enough times to give adequate probability of
     contacting the server without causing the client (and the user of
     that client) to wait overly long before giving up; e.g., a client
     retransmitting as described in section 4.1 might retransmit the
     DHCPREQUEST message four times, for a total delay of 60 seconds,
     before restarting the initialization procedure.  If the client
     receives neither a DHCPACK or a DHCPNAK message after employing the
     retransmission algorithm, the client reverts to INIT state and
     restarts the initialization process.  The client SHOULD notify the
     user that the initialization process has failed and is restarting.


> 
> Abstract: Add mention of RFC 6346 and RFC 7598 for explanation of softwire
> scheme.

[if - I’m not sure why you suggest RFC6346 here as that describes A+P based 
routing. This draft is compatible with A+P routing provisioning using DHCP 4o6
(RFC7618, referenced in Sec. 7.6 of the draft), but it’s not essential to how
it works and can be used without A+P. RFC4925 was the original softwire
problem statement but that doesn’t really describe enough detail as to
how the different mechanisms evolved. 

What about the following update to the first sentence to reference the specific
mechanisms that this works with:

DHCPv4 over DHCPv6 (RFC7341) is a mechanism for dynamically 
 configuring IPv4 over an IPv6-only network. For DHCPv4 over DHCPv6 
 (DHCP 4o6) to function with some IPv4-over-IPv6 softwire mechanisms
and deployment scenarios (e.g. RFC7596 or RFC7597),
the operator...

-

Regarding RFC7598, what about the following updated paragraph in the 
Abstract to be more clear ab out the relevance of RFC7598?:

"DHCPv6 Options for Configuration of Softwire Address and Port-Mapped Clients”
(RFC7598), describes a deterministic DHCPv6 based mechanism for
provisioning softwires. This document updates (RFC7598) allowing 
OPTION_S46_BR (90) to be enumerated in the DHCPv6 client's Option Request
Option (ORO) request and appear directly within subsequent messages
sent by the DHCPv6 server.
]