IETF Logo Mail Archive

Re: RA Option Guidelines

Mark ZZZ Smith <markzzzsmith@yahoo.com.au> Fri, 03 April 2015 00:52 UTC

Return-Path: <markzzzsmith@yahoo.com.au>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13F3B1A8A10 for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2015 17:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.501
X-Spam-Level:
X-Spam-Status: No, score=0.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HK_RANDOM_REPLYTO=0.999, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCsEqG_e5qpa for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2015 17:52:05 -0700 (PDT)
Received: from nm49-vm10.bullet.mail.bf1.yahoo.com (nm49-vm10.bullet.mail.bf1.yahoo.com [216.109.114.251]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B92B01A8A11 for <ipv6@ietf.org>; Thu, 2 Apr 2015 17:52:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.au; s=s2048; t=1428022323; bh=J9rgQ96CAVcgqblWZ45TI+PwQ5NiH6tKRAXuyB37+/4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=rbTTKs5Zpaz92JEH48L+nKLuXKlMvFs2x8y+dQ4pNro7tmUN8Oj5cyV3+w0yaxi9gyDKJdMvilL+G+3StbodtLKDWb/PVdxY/Ic0WZ77ej/6zuEEbVpScwEc1siQh6T7tLx7q8hN48msCvxtaxb9JCm4bBvES3mx80hYcdDEhiME8MvFlIIoBwQMHddv7W5zRB2U+WnsputGTBoCAIcqc6za399hd4ITWLKVVTZjep1eg5xX2nK4nZesKvd1Q90/2rjKkVpUgSMqE0a6nYixb/kEOqD/6AusNeqZ71vElxpZi0K5jhpbn3H7r0YbqhFeaTulUQ9FRtJ5Dd/PL6OrNQ==
Received: from [98.139.215.143] by nm49.bullet.mail.bf1.yahoo.com with NNFMP; 03 Apr 2015 00:52:03 -0000
Received: from [98.139.212.229] by tm14.bullet.mail.bf1.yahoo.com with NNFMP; 03 Apr 2015 00:52:03 -0000
Received: from [127.0.0.1] by omp1038.mail.bf1.yahoo.com with NNFMP; 03 Apr 2015 00:52:03 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 821881.64155.bm@omp1038.mail.bf1.yahoo.com
X-YMail-OSG: 5hhYvDIVM1lQqWkscfbAub6LYxoCWMvo.Q9HeUdS0JYfEqKikzh60jjEueUMdqO HF8rkvganLRpXgswYJf.egvbZhB9JcomXSJz3qifzoNUJBJpCH1qOHqt26CdEka94zXKfGMdvh40 XYPL_HzEjhUE3_gnWb5f47XJaajQG_UFbNQqSGir.Xd4lTqGCxm8_55ZuRlyclUNJNkMkgyxZi8O HhQT531znifyUf6_YbV7fGqU04q7VlORH0.O5VFAd8pHmCcMVlf7SYVet5QDBKkmMbaqrp0TJLqq qPT9hC5NHSekFHByWU4wkp_2d75R6izl.HiPcyr7g_FCFsVbGIFGGQj4riZvvuML7i5703KVVb3w n3TA_MRN2vKCwmq4jkDOWonyzixqpww4nqM_kKuvnpnce04l48Cwrh8HQyNJs7OPMm8s6Xyx7SdF RrKG0A0foRlA0U.QLiIDR_ICcGskR5fzi4z1Kr0zz4RgnINQi7vlrtmbRhtZXlqK2TvNcltCeMKD eSQTUFpnH.EkORjQUeyAi6RM16RGca1F4j_wMr4qK
Received: by 76.13.26.110; Fri, 03 Apr 2015 00:52:03 +0000
Date: Fri, 03 Apr 2015 00:52:02 +0000
From: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
To: "sarikaya@ieee.org" <sarikaya@ieee.org>
Message-ID: <362433359.4884562.1428022322318.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <CAC8QAcdQuZ+re33QUq4eD1HXz=mNG49EbmccFHpzfNT359kovQ@mail.gmail.com>
References: <CAC8QAcdQuZ+re33QUq4eD1HXz=mNG49EbmccFHpzfNT359kovQ@mail.gmail.com>
Subject: Re: RA Option Guidelines
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/3-2rfIb8tDVIyCFsMXxMO6uD4ns>
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 00:52:08 -0000

Hi Behcet,




________________________________
From: Behcet Sarikaya <sarikaya2012@gmail.com>
To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au> 
Cc: "STARK, BARBARA H" <bs7652@att.com>; Hemant Singh (shemant) <shemant@cisco.com>; "ipv6@ietf.org" <ipv6@ietf.org> 
Sent: Friday, 3 April 2015, 3:53
Subject: Re: RA Option Guidelines


On Wed, Apr 1, 2015 at 6:23 PM, Mark ZZZ Smith
<markzzzsmith@yahoo.com.au> wrote:
> Hi Behcet,
>
>
> ----- Original Message -----
> From: Behcet Sarikaya <sarikaya2012@gmail.com>
> To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
> Cc: "STARK, BARBARA H" <bs7652@att.com>; Hemant Singh (shemant) <shemant@cisco.com>; "ipv6@ietf.org" <ipv6@ietf.org>
> Sent: Thursday, 2 April 2015, 6:21
> Subject: Re: RA Option Guidelines
>
> I don't understand why DHCPv6 is being discussed under RA Option Guidelines?
> If DHCPv6 is being used instead of RA, like in Australia, that
> supports our position that we should also define DHCPv6 options for
> SADR.
>
> / DHCPv6 isn't being used instead of RAs in Australia.
>
> / I think the fundamental problem is people are considering RAs and DHCPv6 to be functional equivalents (like e.g., OSPF vs IS-IS), and therefore thinking that DHCPv6 options should be imported into RAs and vice versa.
>

No, I don't think anybody proposed that, not at myself.
I think you are missing the context here.


/ I think when ever there is a proposal to add options to RAs and to DHCPv6 to carry literally the same values, then I think people are considering them to be functional equivalents, even though they aren't.

> / There are critical operational limitations that RAs have that DHCPv6 doesn't (because the RA mechanisms are much simpler), and by trying to use RAs for the same purpose as DHCPv6,

No, I don't know how you got this? I am sure it is not from SADR discussions.

/ I thought this thread was about what should and shouldn't go into RA options. 

> all the problems already solved for DHCPv6 would have to be solved again for RAs. The desired simplicity of using RAs only would disappear because the complexity of replicating DHCPv6 mechanisms, and the additional significant operational overheads of constant firmware upgrades to routers to add RA options.
>

Yes, there are some parallels like DHCP option guidelines document. I
think that you are blowing it out of proportion.
If it were like you thought then one would say whatever DHCP
guidelines says applies to RA options also and that's it.

The context as I see it is that there are new RA options that are
being defined, maybe it is time to come up with some guidelines. I
view it is natural that this is happening because IPv6 is being
deployed more and more.

/ Right. I agree with guidelines. What I'm pointing out is that the decision on what to put in RAs or not is strongly influenced by factors people seem to not commonly be recognising, including one as fundamental as Internet application transparency. 


DHCP options in this context came about because some people say maybe
we should define the corresponding DHCP options not vice versa. Please
see
http://tools.ietf.org/wg/mif/draft-ietf-mif-mpvd-arch/

and
https://tools.ietf.org/html/draft-ietf-mif-mpvd-ndp-support-01
https://tools.ietf.org/html/draft-ietf-mif-mpvd-dhcp-support-01

/ I'll have a more thorough read to better understand the problem, however the fundamental question I have is are those provisioning domain parameters (which may be useful to consider more generally in an RA guidelines document)

(a) link specific (meaning that every attached host is part of the same provisioning domain, and more explicitly, different hosts can't be part of different provisioning domains when they're attached to the same link)?

(b) host specific (meaning different hosts attached to the same link can be part of different provisioning domains, even if commonly they might be part of the same provisioning domain when attached to the same link)?

If the answer is (a), then I think those options are probably appropriate in RAs, as RA contents can't or can't easily be made host specific (i.e., in the later case you have to stop multicasting RAs, and build host specific unicast RAs, and you only have link-local or MAC addresses to identify the individual hosts). DHCPv6 might still be a better place for them because it is a more flexible protocol, and allows host by host piecemeal deployment of new options.

If the answer is (b), then DHCPv6 is the more appropriate location, because DHCPv6 is fundamentally designed to provide host specific parameters e.g., through the use of host specific attributes such as Client Identification Option, the Vendor Class Option or the Vendor-specific Information Option.


Looking at the example in MPVD architecture, with my limited understanding, I think the answer is both (a) and (b) above, but not duplication across both:


"Typical examples of information in a provisioning domain learned
from the network are:

*  Source address prefixes for use by connections within the
provisioning domain

*  IP address(es) of DNS server(s)

*  Name of HTTP proxy server (if available)

*  DNS suffixes associated with the network

*  Default gateway address"



- Source address prefixes for use by connections within the provisioning domain and Default gateway address are link specific (the same for all hosts attached to the link), so should be conveyed in PV specific RAs options


-  DNS server addresses, proxy servers, DNS suffixes are can be host specific, so should be conveyed in PV specific DHCPv6 options


That break down might not be correct, if all of those parameters are host specific, then they should be conveyed in DHCPv6 because DHCPv6 has the mechanisms to do host specific parameters.

I always think it is important to fall back to this fundamental principle from RFC1958, "Architectural Principles of the Internet", which is why I think it is a choice between RA options or DHCPv6 options, rather than doing both:


"3.2 If there are several ways of doing the same thing, choose one.
If a previous design, in the Internet context or elsewhere, has
successfully solved the same problem, choose the same solution unless
there is a good technical reason not to.  Duplication of the same
protocol functionality should be avoided as far as possible, without
of course using this argument to reject improvements."

I suspect the argument for putting DHCPv6-like information into RAs is fundamentally, "what if there isn't a DHCPv6 server (relay) to use". My answer would be that if you want to do XYZ, then you need a DHCPv6 server (instead of overloading RAs with DHCPv6 functionality.)



Regards,
Mark.




Regards,




Behcet


> Regards,
>
> Mark.
>
>
>
> Regards,
> Behcet
>
>
> On Tue, Mar 31, 2015 at 9:33 PM, Mark ZZZ Smith
> <markzzzsmith@yahoo.com.au> wrote:
>> Hi Barbara,
>>
>> ________________________________
>> From: "STARK, BARBARA H" <bs7652@att.com>
>> To: Hemant Singh (shemant) <shemant@cisco.com>; Mark ZZZ Smith
>> <markzzzsmith@yahoo.com.au>; Brian Haberman <brian@innovationslab.net>;
>> "ipv6@ietf.org" <ipv6@ietf.org>
>> Sent: Wednesday, 1 April 2015, 0:24
>> Subject: RE: RA Option Guidelines
>>
>>
>>
>>> The problem that Mark  raised and also provided a solution for is to add
>>> DHCPv6 relay functionality to the CE router.  He is also correct that RFC
>>> 6204
>>> does not include DHCPv6 relay agent functionality in the CE router.
>>>
>>> The other choice for a solution is to include the DHCPv6 options in the
>>> RA.
>>> For this solution to work the SP will send new DHCPv6 options in the RA to
>>> the CE router WAN.  The RA terminates at the CE WAN.  The CE generates a
>>> new RA for the LAN.  RFC 6204 does not include functionality to bridge the
>>> SP
>>> RA received on the CE WAN to the CE LAN.  So even for the RA solution to
>>> work, a new requirement would need to be added to RFC 6204.  Did I miss
>>> anything in the RA solution I described above?  If not, either way, one
>>> adds a
>>> new requirement to the CE router and if it's DHCPv6 options, let DHCPv6
>>> protocol deal with it.
>>
>>
>> RFC 7084 already says:
>>   L-12:  The IPv6 CE router SHOULD make available a subset of DHCPv6
>>           options (as listed in Section 5.3 of [RFC3736]) received from
>>           the DHCPv6 client on its WAN interface to its LAN-side DHCPv6
>>           server.
>> Where the RFC3736 list of options is for DNS Recursive Name Servers, DNS
>> search list, and SIP Servers.
>>
>> My personal, as-a-consumer, freaking-out-about-privacy opinion is that the
>> idea of my ISPs (both of them, but potentially 3) sending any configuration
>> options they feel like down to my personal and private LAN host devices is
>> not to my liking. I realize that some people are blithely happy to turn over
>> their privacy to ISPs. So maybe relay of all unrecognized options could be
>> something an ISP puts into CE routers they supply to their customers. I
>> prefer for it not to be in the retail ones I purchase, and I would be
>> adamant about it not being on by default in such retail CE routers. So let
>> such relay requirements go into eRouter or BBF specs, but please keep them
>> out of IETF and homenet specs.
>>
>> / I think you're already trusting your ISP possibly much more than you might
>> realise. They're already supplying you with the Internet addressing you use,
>> you're probably using their DNS resolvers, you may be using their email
>> servers, and of course they can tap your clear text traffic without you
>> knowing.
>>
>> / Even if you only used their addressing and encrypted all of your traffic
>> over a tunnel through their infrastructure, you'd still then be trusting the
>> remote tunnel endpoint provider, likely to be another party other than
>> yourself.
>>
>> Since I'm in the process of setting up my new homenet router (Pierre flashed
>> my new router for me last week) to connect upstream to both my ISPs (one
>> cable provider and one telco), I also really don't want dueling relayed
>> options reaching my LAN hosts. I do think that in the future a significant
>> number of people will choose to subscribe to multiple providers -- as long
>> as it's easy to do. The ISPs get to configure the CE router WAN interfaces
>> to work with their access networks -- and that needs to be the extent of
>> their reach unless I specifically give them conscious permission to do more.
>> If they want to configure devices inside my LAN, I think they should use a
>> higher layer configuration protocol with mandatory and default-on security
>> (which neither RA nor DHCPv6 have).
>>
>> / So I think the world is moving in the other direction. People have been
>> outsourcing the maintenance of their devices in droves as they adopt
>> smartphones and tablets, and more recently with devices like Google's
>> Chromebooks. They're giving up control rather than desiring more of it, for
>> the gains of more convenience and lower costs.
>>
>> / Regards,
>> Mark.
>>
>>
>> Barbara
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>

v2.23.0 | Report a Bug | By Email