RE: [v6ops] Combining IPv6 ND and DHCPv6 into a single, unified function

"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 22 November 2017 15:52 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3A412940E; Wed, 22 Nov 2017 07:52:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.219
X-Spam-Level:
X-Spam-Status: No, score=-4.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7_X2hvRou0g; Wed, 22 Nov 2017 07:52:30 -0800 (PST)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A1B212945D; Wed, 22 Nov 2017 07:52:30 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id vAMFqSE7013292; Wed, 22 Nov 2017 08:52:28 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id vAMFqMhA013247 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Wed, 22 Nov 2017 08:52:22 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-11.nw.nos.boeing.com (2002:8988:efdc::8988:efdc) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 22 Nov 2017 07:52:21 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1320.000; Wed, 22 Nov 2017 07:52:21 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Lorenzo Colitti <lorenzo@google.com>
CC: "6man@ietf.org" <6man@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: RE: [v6ops] Combining IPv6 ND and DHCPv6 into a single, unified function
Thread-Topic: [v6ops] Combining IPv6 ND and DHCPv6 into a single, unified function
Thread-Index: AdNiReoj4OrwrQYST+iGtIF1uM57NgAkcdkAADO+44A=
Date: Wed, 22 Nov 2017 15:52:21 +0000
Message-ID: <4e01cd6cc5234daca2f7be55b8cc28b0@XCH15-06-08.nw.nos.boeing.com>
References: <9debb1672e3d4f0d89d672d64e0fe579@XCH15-06-08.nw.nos.boeing.com> <CAKD1Yr1+a+Bg3N=pX5_X2vhvkf50hY7N_Ay=aQQyq5ogsEWWMw@mail.gmail.com>
In-Reply-To: <CAKD1Yr1+a+Bg3N=pX5_X2vhvkf50hY7N_Ay=aQQyq5ogsEWWMw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_4e01cd6cc5234daca2f7be55b8cc28b0XCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/G6isSS9rTUjRJHykxBQe6kkBUWU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 15:52:32 -0000

Hi Lorenzo,

I respect your taking the time to post this useful critique, and expect that others
with a deeper background in the DHCPv6 architecture would want to respond in
detail. Thank you for sharing your thoughts.

For myself, In my environment I have mobile node clients with many routers
on the link – each of which implements the DHCPv6 relay and/or server. The
link is NBMA, meaning that multicast is not supported natively, so that the
client has to send the DHCPv6 Solicit to one or a couple of routers via LL
multicast to L2 unicast mapping. The client gets the exact same service
regardless of which router or routers it picks.

As long as the client remains on the link, it can continue to maintain the
prefix delegations it has received from its routers, and can even change to
a different set of routers if it thinks that would give better service. This is
true even if the client’s L2 addresses change, which is signaled by sending
unsolicited NAs to the routers the same as specified in RFC4861.

Again, this is just what I am doing in my environment and it gives a very
satisfactory service. What my draft is proposing is a unification of IPv6 ND
and DHCPv6 to give the best functions of both stateless and stateful
auconfiguration in a single unified package. And, if DHCPv6 would not
be suitable for supporting the stateful function, then we would have to
define something new that is.

Thanks - Fred

From: Lorenzo Colitti [mailto:lorenzo@google.com]
Sent: Monday, November 20, 2017 10:48 PM
To: Templin, Fred L <Fred.L.Templin@boeing.com>;
Cc: 6man@ietf.org; v6ops@ietf.org; dhcwg@ietf.org
Subject: Re: [v6ops] Combining IPv6 ND and DHCPv6 into a single, unified function

On Tue, Nov 21, 2017 at 6:40 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
I would ask these discussion lists to consider what is it that you really don't
like about DHCPv6. Maybe you think it is ugly.

As generally implemented and deployed, I think the main things that are wrong with DHCPv6 are as follows. Note that these are not necessarily limits imposed the protocol itself, but they are definitely limits imposed by the implementations and how people typically deploy them. As such, the following are not required to be true, but are only true in practice in the vast majority of deployments.

  *   In stateful form:

     *   Inability to support multiple sources of information (the client picks the first lease it gets).
     *   Very difficult to update devices when network changes because it's fundamentally based on leases and renews and RECONFIGURE is not (widely) implemented.
     *   Makes possible stateful address assignment of individual IP addresses. It's really not a good idea to rely only on this for IP addressing, but there are decades of operational practice around it in IPv4 and old habits (and legacy deployed systems) die hard.
     *   Typically deployed using relays and centralized assignment, which is very unsuited to topology changes.

        *   If all you have is a central addressing server, you don't want to bother that server with constant topology updates from all over the network so it can update the hosts.
        *   Also, if the topology changes enough, the server might even be unreachable from some hosts.

  *   In stateless form:

     *   Very hard to update devices when anything changes on the network. The minimum in the stateless DHCPv6 RFC is 10 minutes, which is *way* too long for certain types of networks like mobile hotspots.
The inability to update hosts with new network information is a crucial weakness because it forces networks to appear to hosts as if they never change. But networks change all the time. If you can't update the hosts on a timely basis about a changes, either you never change the network, or you have an outage, or you lie to the hosts. So we end up with things like VRRP and NAT to ensure the host never sees the network change.

NAT, of course, is the ultimate way of never changing anything - you could deploy IPv4 by assigning every host on every network 192.168.1.2 (gateway and DNS server 192.16.1.1) and just NATing everything with layer-2 aware NAT.