IETF Logo Mail Archive

Re: Comments on draft-yourtchenko-colitti-nd-reduce-multicast

Erik Nordmark <nordmark@acm.org> Mon, 24 February 2014 23:04 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3951A02CD for <ipv6@ietfa.amsl.com>; Mon, 24 Feb 2014 15:04:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.465
X-Spam-Level: *
X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdbSKHqAjbK8 for <ipv6@ietfa.amsl.com>; Mon, 24 Feb 2014 15:04:36 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) by ietfa.amsl.com (Postfix) with ESMTP id 2A63F1A01CB for <ipv6@ietf.org>; Mon, 24 Feb 2014 15:04:36 -0800 (PST)
Received: from [192.168.10.18] ([78.204.24.4]) (authenticated bits=0) by c.mail.sonic.net (8.14.4/8.14.4) with ESMTP id s1ON2SL3001861 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 24 Feb 2014 15:02:29 -0800
Message-ID: <530BCF83.4090500@acm.org>
Date: Mon, 24 Feb 2014 15:02:27 -0800
From: Erik Nordmark <nordmark@acm.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Ole Troan <otroan@employees.org>, Erik Nordmark <nordmark@acm.org>
Subject: Re: Comments on draft-yourtchenko-colitti-nd-reduce-multicast
References: <5305AF13.5060201@acm.org> <7461F3DA-FB05-400D-9C54-2F30C73DE2B9@employees.org>
In-Reply-To: <7461F3DA-FB05-400D-9C54-2F30C73DE2B9@employees.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Sonic-ID: C;qPl8u6ed4xGYANseCY+HFQ== M;hksfvKed4xGYANseCY+HFQ==
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/FtXp_5s1gHlv0v8l0gGArA38P2Q
Cc: Andrew Yourtchenko <ayourtch@cisco.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 23:04:37 -0000

On 2/20/14 6:43 AM, Ole Troan wrote:
> <nochair>
>
>> 4.8 seems to conflate the address assignment with DAD. Just because we might want to centralize the DAD checks doesn't imply that we want to remove the ability for the host to pick its own privacy enhanced interface-IDs to form its addresses.
>>  From a deployment perspective DHCPv6 is available for address assignment, but don't think we want to require that for WiFi or other links which have packet loss. (Packet loss occurs on wired networks as well, but the drop distribution is different - might happen during spanning tree reconvergence etc.)
>> Note that DHCPv6 (RFC 3315) has a SHOULD for doing DAD on the addresses received from the DHCP server - needed since the server could be confused.
> I'd like to explore the difference between DHCP address assignment and ND address registration a little more.
> the state that is required in the network for "efficient ND", why cannot that be created and maintained by DHCP?
>
> there are multiple ways of dealing with DAD in this scenario, including solutions that don't require host changes.
> DHCP also supports temporary addresses btw.
DHCP supports RFC 4941 temporary addresses, but it doesn't support 
others like CGA and stable-privacy-addresses. With IA_TA the DHCP server 
creates the temporary address, and that approach doesn't work with other 
addresses that need to be client-generated for security or privacy reasons.

One could envision changing DHCP to have a separate "please register 
this address" message and/or option, which would check against 
duplicates (of assigned and registered addresses) and then add it to the 
registered addresses in the server. But that would seem like a fair bit 
of new functionality in DHCP.

Currently RFC 3315 separates address assignment and DAD - the client 
SHOULD perform DAD on an address that is assigned by the DHCP server. 
This separation goes back to DHCPv4 where there was a similar check (I 
think using ICMP echo) which I believe is there for the reason that the 
DHCP servers list of assigned addresses could get out of sync with the 
hosts. (If DAD fails the host declines the address hence will get a 
different one.)

I don't see how we can do this without host changes even for the case of 
IA_NA and IA_TA DHCP assigned addresses; the hosts would need to remove 
the code which does the DAD check for DHCP. (And there would be 
additional DHCP protocol changes needed to support CGA and 
stable-privacy-addresses and any future address assignment scheme.)

    Erik

v2.23.0 | Report a Bug | By Email