IETF Logo Mail Archive

Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 08 October 2020 18:20 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4BCA3A0BDA; Thu, 8 Oct 2020 11:20:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sy2JHW1B9-Gj; Thu, 8 Oct 2020 11:20:02 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF743A0BD9; Thu, 8 Oct 2020 11:20:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 959F2389C6; Thu, 8 Oct 2020 14:25:27 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id E1jXtybwAhEb; Thu, 8 Oct 2020 14:25:26 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id C4CEA389C0; Thu, 8 Oct 2020 14:25:26 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4A03418B; Thu, 8 Oct 2020 14:19:59 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: ianfarrer@gmx.com, dhcwg <dhcwg@ietf.org>
cc: v6ops list <v6ops@ietf.org>, ipv6@ietf.org
Subject: Re: Question to DHCPv6 Relay Implementors regarding draft-ietf-dhc-dhcpv6-pd-relay-requirements
In-Reply-To: <C8CA95A4-55D8-4397-AC8F-C862C976C953@gmx.com>
References: <5F6947F2-F7DF-4907-8DD5-28C2B20A91DE@gmx.com> <15177.1602095087@localhost> <C8CA95A4-55D8-4397-AC8F-C862C976C953@gmx.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 08 Oct 2020 14:19:59 -0400
Message-ID: <9723.1602181199@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/WETAsreaYnS96NknqwkVgRVpXCo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 18:20:04 -0000

ianfarrer@gmx.com wrote:
    >> The concerning case is, I think, that the client comes up fine, but declines
    >> to do a DHCPv6-PD for some reason.  Maybe the option was turned off and the
    >> CPE device rebooted.   Or maybe it won't do the PD until some event occurs,
    >> like some VM gets started.

    > [if - We didn’t consider this scenario but it could certainly be a problem here.
    > Do you think that the current problem description text and requirement
    > adequately cover this case?]

I'm told that the acceptable/running-code for a bunch of this stuff is that
the relay snoops the DHCP reply.  We were supposed to have DHCP server->relay
options for doing this, but they just didn't get implemented/used.

I think that we are now getting bitten by this.

What I would expect, in an ideal world, is that when the client does their
DHCP renew, that the server would send the relay the current state.
If the PD disappears from that state, then the relay knows it can blackhole
the prefix.

    >> It seems to me that we need some additional protocol where the relay can be
    >> informed to blackhole the traffic by the DHCP server.

    > [if - I’m not sure how that could work. if the relay isn’t aware that the client’s DHCP
    > state is out of sync with its own, how can the server know this to tell the relay to
    > blackhole?]

I think that the server knows if it's just a regular renew or an allocation
of the IA_NA.   Maybe we need to do something with Reconfigure, if a server
notices the client didn't ask for the PD in order to check if it's still in use.
(Sorry, my DHCP terminology has bit-rotted. I'll go read the document to
remember the right terminology...)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email