IETF Logo Mail Archive

Re: SLAAC/DHCPv6 sharing prefix(es) legitimate?

Ole Troan <otroan@employees.org> Mon, 10 August 2015 16:04 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95E51B3774 for <ipv6@ietfa.amsl.com>; Mon, 10 Aug 2015 09:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xC5PnAYCsFXU for <ipv6@ietfa.amsl.com>; Mon, 10 Aug 2015 09:03:59 -0700 (PDT)
Received: from banjo.employees.org (banjo.employees.org [198.137.202.19]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2BD1B374F for <ipv6@ietf.org>; Mon, 10 Aug 2015 09:03:59 -0700 (PDT)
Received: from banjo.employees.org (localhost [127.0.0.1]) by banjo.employees.org (Postfix) with ESMTP id 90DA46129; Mon, 10 Aug 2015 09:03:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; s=selector1; bh=gqcR2Epmn0lNodrpPB40kQF8D0g=; b= iOy6qfv2xKd/q6A1ptXKmXMfi0Oloii65euwP+pxW9TMvOFDQ90Cqtlgr1AxYRcl LQ0Gpdcu1IdsdOZbgNXRZbxVzbCF7MmEqUqL4PKsBChFXzN4dd4b03cgk5NyO2/f 0MEzDYKGDc9z3QWcDqGq6tuVu2TV2KMeD9bHtfkGiic=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; q=dns; s=selector1; b=lrBnCmgUukzavGAY5H1PA8T16O 7qgIUO/zxk1rS5SkyR2L0EwJHNMcZiNG4KTobNh+pp+mL+PYHASdSnpT8fv2mPTH iaNYH/AVU+jOZw2O3RyQO2l8qIwwKByBzvQUQpiv6oeuJQkg5zSY1gufb0cyUBER 1qM9jdh934vO117s4=
Received: from gomlefisk.localdomain (cm-84.215.10.233.getinternet.no [84.215.10.233]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by banjo.employees.org (Postfix) with ESMTPSA id E454A613D; Mon, 10 Aug 2015 09:03:40 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by gomlefisk.localdomain (Postfix) with ESMTP id 1E6074A69DB2; Mon, 10 Aug 2015 18:03:37 +0200 (CEST)
Subject: Re: SLAAC/DHCPv6 sharing prefix(es) legitimate?
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_AFDF7B7B-BDFA-4F17-9783-D9CB535A54B7"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5
From: Ole Troan <otroan@employees.org>
In-Reply-To: <D1EE16E9.3362B%d.sturek@att.net>
Date: Mon, 10 Aug 2015 18:03:36 +0200
Message-Id: <E43C4151-8215-43DB-92AD-4AA037C62B9E@employees.org>
References: <CAO42Z2yTECGUfoJazTV3U16ypyP+T3rCVQN1UbJ-vpBHp8Oeiw@mail.gmail.com> <20150810074536.511e2e98@echo.ms.redpill-linpro.com> <CAKD1Yr3jHTc7cBx1g+_X0B7mDEx8FGHkTmot0ou5H-1t_P8Hzw@mail.gmail.com> <CAO42Z2xvQZvpHG6wjWUAxrF_apsPBfyHN3aAOAPvp0gR=6Qx-A@mail.gmail.com> <E045AECD98228444A58C61C200AE1BD84A0025D4@xmb-rcd-x01.cisco.com> <3B5175C4-8472-4E01-B3F6-80877385325A@umn.edu> <D1EE0992.3361B%d.sturek@att.net> <FD202BB8-EEE0-4517-8C98-0B5989AB71C8@umn.edu> <D1EE16E9.3362B%d.sturek@att.net>
To: Don Sturek <d.sturek@att.net>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/XGbAf4DV1UTgbeh9ummhTJEonaA>
Cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, Tore Anderson <tore@fud.no>, 6man WG <ipv6@ietf.org>, Ralph Droms <rdroms.ietf@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 16:04:02 -0000

Don,

if you think bandwidth usage (one single packet on connecting to the link by default) is too high, then please get that issue added to http://tools.ietf.org/html/draft-yourtchenko-6man-dad-issues

David F: which by the way makes a reasonable case for DAD being brittle. I’d certainly wouldn’t have bought my seat belts, if they were designed by the same people that designed DAD. ;-)

cheers,
Ole


> On 10 Aug 2015, at 17:58 , Don Sturek <d.sturek@att.net> wrote:
> 
> Hi David,
> 
> I then think there is a place for new I-D to tame the bandwidth use of DAD
> (something similar to what RFC 6775 did for RFC 4861).
> 
> Don
> 
> On 8/10/15 8:43 AM, "David Farmer" <farmer@umn.edu> wrote:
> 
>> 
>>> On Aug 10, 2015, at 09:59, Don Sturek <d.sturek@att.net> wrote:
>>> 
>>> Hi David,
>>> 
>>> Could not disagree with you more.   For many mesh deployments using
>>> technologies like IEEE 802.15.4/6LoWPAN, etc., NOT performing DAD is the
>>> norm.  I would expect that most Automatic Metering, smart cities, etc
>>> applications that deploy mesh routing will disallow DAD.
>>> 
>>> You are right that address allocation/management must be carefully
>>> performed in such networks.  However, with strict use of SLAAC (for
>>> smaller networks), DHCPv6 for larger networks and certification testing
>>> you will find that DAD does nothing but occupy valuable bandwidth in
>>> these
>>> "stub" networks.
>> 
>> You just made my point, if everything is done perfectly and nothing goes
>> wrong, you are fine, we agree.  But that is called brittle. Robustness
>> assumes things will go wrong and that people will make mistakes.
>> 
>> What happens when the DHCP sever is accidentally rebooted and the
>> previous addressing state is not saved? And the DHCP server starts
>> telling devices to use an address used by another device, because it
>> forgot it told the other device to use that address?
>> 
>> Can you build a robust system with out DAD, probably, but just tuning off
>> DAD with DHCP as currently specified is not robust.
>> 
>> Is there a cost for that robustness sure, and in some situations does the
>> cost out ways it's benefit, maybe.  If you assume everything is done
>> correctly, then DAD is unnecessary.
>> 
>> But here is the problem I have; I've got building systems engineers that
>> think they can attach just attach their IEEE 802.15.4/6LoWPAN, etc...
>> networks to my campus network willy-nilly, and it will work just fine.
>> Well it won't, because my campus networks, and most of the devices on
>> them, assume that DAD is there to protect them.
>> 
>> So, just like you believe I'm not accounting for the costs associated
>> with DAD, I believe you are not accounting for the costs associated with
>> having to operate IEEE 802.15.4/6LoWPAN, etc... networks differently from
>> the thousands of other networks I have to operate.
>> 
>>> Don Sturek
>>> 
>>> 
>>> 
>>> On 8/10/15 7:44 AM, "ipv6 on behalf of David Farmer"
>>> <ipv6-bounces@ietf.org on behalf of farmer@umn.edu> wrote:
>>> 
>>>> 
>>>> 
>>>>> On Aug 10, 2015, at 04:34, Pascal Thubert (pthubert)
>>>>> <pthubert@cisco.com> wrote:
>>>>> 
>>>>> There are deployments in IOT that use DHCP only or reserve some space
>>>>> for DHCP so that DHCP addresses do not collision with anything else by
>>>>> network design. Such deployments can reach thousands of nodes over low
>>>>> power lossy mesh networks.
>>>>> 
>>>>> In a case like this,  DAD is omitted voluntarily. It would be
>>>>> unwelcome
>>>>> from the IETF to change the rule in 3315 brutally without
>>>>> consideration
>>>>> for the impact in such cases.
>>>> 
>>>> Any omission of DAD, for what ever reason, makes an IPv6 network
>>>> brittle.
>>>> Are there situations where a network will function without DAD, sure.
>>>> But those situations are not robust, simple and fairly normal changes
>>>> to
>>>> such a network can easily cause duplicate addresses.  Use of IPv6
>>>> without
>>>> DAD requires extreme caution and is intrinsically unstable and brittle.
>>>> 
>>>>> I like Ralph's approach, that adds words around the SHOULD to discuss
>>>>> cases where it seems acceptable to ignore the general rule. So if
>>>>> there's a new 3315; my suggestion would be to keep the SHOULD, explain
>>>>> that DAD MAY be avoided for instance if the DHCP server owns some
>>>>> address range, so collisions with other assignment techniques such as
>>>>> manual, SLAAC and 6LoWPAN ND, are not possible. The text could add
>>>>> that
>>>>> large IOT meshes with such range isolation is a case where DAD is
>>>>> actually NOT RECOMMENDED. This would enable IoT people, for once, to
>>>>> feel good about what they have to implement, rather than adding
>>>>> another
>>>>> SHOULD to the long list that they ignore with their fingers crossed.
>>>> 
>>>> Sorry, but no one should feel good about not implementing DAD, not
>>>> implementing DAD maybe the lesser of two evils, and even necessary in
>>>> some limited situations.  But not implementing DAD is like not using
>>>> seat-belts in a car.  Most days you will get away with it just fine,
>>>> but
>>>> in the long run its a bad idea.
>>>> 
>>>>> Cheers,
>>>>> 
>>>>> Pascal
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Mark Smith
>>>>>> Sent: lundi 10 août 2015 09:05
>>>>>> To: Lorenzo Colitti <lorenzo@google.com>
>>>>>> Cc: Tore Anderson <tore@fud.no>; 6man WG <ipv6@ietf.org>
>>>>>> Subject: Re: SLAAC/DHCPv6 sharing prefix(es) legitimate?
>>>>>> 
>>>>>>> On 10 August 2015 at 17:00, Lorenzo Colitti <lorenzo@google.com>
>>>>>>> wrote:
>>>>>>>> On Mon, Aug 10, 2015 at 2:45 PM, Tore Anderson <tore@fud.no> wrote:
>>>>>>>> 
>>>>>>>> Section 5.6:
>>>>>>>> 
>>>>>>>> It is possible for hosts to obtain address information using both
>>>>>>>> stateless autoconfiguration and DHCPv6 since both may be enabled
>>>>>>>> at
>>>>>>>> the same time. [...] Hosts accept the union of all information
>>>>>>>> received via Neighbor Discovery and DHCPv6.
>>>>>> 
>>>>>> +static/manually configured addresses.
>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>>> If we want that to work, then hosts must perform DAD for all DHCPv6
>>>>>>> addresses and DECLINE them if DAD fails. If so, then we need to
>>>>>>> update
>>>>>>> RFC3315 from SHOULD do DAD to MUST do DAD. Yes?
>>>>>> 
>>>>>> I would think so.
>>>>>> 
>>>>>> There does seem to be a RFC3315bis in development.
>> 
>> --
>> ===============================================
>> David Farmer                          Email: farmer@umn.edu
>> Office of Information Technology
>> University of Minnesota
>> 2218 University Ave SE         Phone: +1-612-626-0815
>> Minneapolis, MN 55414-3029   Cell: +1-612-812-9952
>> ===============================================
>> 
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email