IETF Logo Mail Archive

RE: I-D Action: draft-ietf-6man-rfc6434-bis-01.txt

Morizot Timothy S <Timothy.S.Morizot@irs.gov> Sun, 16 July 2017 15:37 UTC

Return-Path: <Timothy.S.Morizot@irs.gov>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E15BF127010 for <ipv6@ietfa.amsl.com>; Sun, 16 Jul 2017 08:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6ehBzP3K4Fp for <ipv6@ietfa.amsl.com>; Sun, 16 Jul 2017 08:37:08 -0700 (PDT)
Received: from EMG3.irs.gov (emg3.irs.gov [IPv6:2610:30:4000:25::91]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67EE2126CC7 for <ipv6@ietf.org>; Sun, 16 Jul 2017 08:37:08 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="5.40,370,1496116800"; d="scan'208,217"; a="85893773"
Received: from unknown (HELO mem0200vprelay3.is.irs.gov) ([10.207.43.147]) by mtb0120emg3.mcc.irs.gov with ESMTP; 16 Jul 2017 11:37:04 -0400
Received: from MTB0120PPEXB020.ds.irsnet.gov (mtb0120ppexb020.ds.irsnet.gov [10.207.136.38]) by mem0200vprelay3.is.irs.gov (8.13.8/8.13.8) with ESMTP id v6GFb0Uu031710 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 16 Jul 2017 10:37:00 -0500
Received: from MTB0120PPEXB060.ds.irsnet.gov (10.207.136.42) by MTB0120PPEXB020.ds.irsnet.gov (10.207.136.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.845.34; Sun, 16 Jul 2017 11:36:59 -0400
Received: from MTB0120PPEXB060.ds.irsnet.gov ([fe80::8dd6:c2b6:71a0:5969]) by MTB0120PPEXB060.ds.irsnet.gov ([fe80::8dd6:c2b6:71a0:5969%19]) with mapi id 15.01.0845.034; Sun, 16 Jul 2017 11:37:00 -0400
From: Morizot Timothy S <Timothy.S.Morizot@irs.gov>
To: Lorenzo Colitti <lorenzo@google.com>, Nick Hilliard <nick@foobar.org>
CC: "draft-ietf-6man-rfc6434-bis@tools.ietf.org" <draft-ietf-6man-rfc6434-bis@tools.ietf.org>, IETF IPv6 Mailing List <ipv6@ietf.org>
Subject: RE: I-D Action: draft-ietf-6man-rfc6434-bis-01.txt
Thread-Topic: I-D Action: draft-ietf-6man-rfc6434-bis-01.txt
Thread-Index: AQHS/hZUERf+nZtCPEClFdRvoEWdG6JWkc+AgAABcACAAA2nAIAAGiiA///PKtA=
Date: Sun, 16 Jul 2017 15:36:59 +0000
Message-ID: <2068324e08614e4abae0a7417c9225eb@irs.gov>
References: <149909644776.22718.16227939850699261560@ietfa.amsl.com> <CAKD1Yr25jk22qTTqJ-RoxOVTu7=e=vQWWLQZnek-HGCKaZgU=w@mail.gmail.com> <596B4BE1.7020807@foobar.org> <CAKD1Yr1W0+d-Bj9daqXUsyAEaNE6RHHZBwJ_6SzT0sGhZXdDMw@mail.gmail.com> <596B588A.2010701@foobar.org> <CAKD1Yr0eE0A4TbFNEKszVuKjc3rE_EW=51x-KrSWeQ0DrSBPdg@mail.gmail.com>
In-Reply-To: <CAKD1Yr0eE0A4TbFNEKszVuKjc3rE_EW=51x-KrSWeQ0DrSBPdg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.207.132.68]
Content-Type: multipart/alternative; boundary="_000_2068324e08614e4abae0a7417c9225ebirsgov_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/1VINsAsCeHo374DhVbsIwXGO8Cw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jul 2017 15:37:11 -0000

I’ve commented on this topic in the past, but will simply make one more observation on this specific point. The RFC is informational, so isn’t a matter of huge concern as it has no impact on product selection or the procurement process. If the manufacturer/developer of a host decides they don’t want to make a product they can sell to enterprises utilizing DHCPv6 only host networks (except perhaps in some very limited, restricted capacity), that’s fine. Plenty of other companies will. However, I do agree the recommendation should be updated to reflect reality, otherwise I suppose it could lead developers of such host products that DHCPv6 support is actually optional. In some environments it is. In others it is not. But then, I also believe the developers of such hosts understand their markets and are unlikely to be misled by an informational RFC.

It does, however, strike me as somewhat silly for the IETF to continue to “NOT RECOMMEND” (as I gather from the appendix of changes was the case way back in 4294) a use case that complies with the standards, has been deployed, is being deployed, and will continue to be used in the future. It’s not even a matter of whether or not connection security is deployed or neighbor tables (or arp for v4) and other data are collected from network devices. (At the sorts of organizations and networks with which I’m familiar, both are often true. There are even networks where nothing but manually configured devices are allowed and switch ports must be manually enabled.) Rather, the security monitoring and analysis processes (automated and manual) are in part built around dhcp for basic client networks. It’s a relatively small lift to extend those processes to DHCPv6. It would be a much larger lift to develop entirely new, parallel ones using different data, even though that alternative data are likely also collected and available. It’s particularly unwieldy while IPv4, with its existing processes, is in use on some or all of those networks.

Perhaps in the future, if there’s ever a compelling use case for widespread deployment of SLAAC on general purpose host data networks and IPv4 has mostly been retired from the network outside enclaves where it’s still required for one reason or another, those processes can and probably will be revisited, especially as deployed tools are updated or replaced. Until such time, I know for certain that at least on certain sorts of large enterprise networks DHCPv6-only has been, is, and will continue to be deployed and used, at least on most general purpose host data networks in the enterprise. Those companies that wish to develop general purpose host devices they can sell for use on such networks will support that use case whatever informational recommendations the IETF chooses to publish. Specialty networks for IOT devices (sensors, cameras, lighting, or whatever) are a different matter. Those sorts of things are already segregated into their own networks when using IPv4. If they have special network requirements and otherwise meet our capability requirements, those always have been and will continue to be accommodated.

The enterprise space varies a lot according to the sort of enterprise, but it’s never going to really look like a general hosting company or generic user ISP. Enterprises can and do restrict what connects and functions on their networks. Enterprise networks do not have to support every kind of device or every configuration option. And most large ones probably won’t. But many companies developing host devices would still like to sell them to large enterprises. And if they want to do so, they should certainly consider supporting DHCPv6. It seems to me the IETF recommendation should reflect that reality.

Scott

Lorenzo Colitti lorenzo@google.com<mailto:lorenzo@google.com> wrote:
The "SHOULD" that you quoted in rfc7934 refers to how an opinion about
people ought to run their networks, but does not conflict with the
SHOULD in 6434bis, which refers to what the IETF is proposing ought to
be supported on host devices.  These two things are very different indeed.

This document says that hosts SHOULD support DHCPv6 because operators might use it. But our current recommendations say that:

  1.  Such hosts SHOULD prefer SLAAC over DHCPv6
  2.  DHCPv6-only networks are NOT RECOMMENDED

v2.23.0 | Report a Bug | By Email