Re: SLAAC/DHCPv6 sharing prefix(es) legitimate?
Ole Troan <otroan@employees.org> Mon, 10 August 2015 16:04 UTC
Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95E51B3774 for <ipv6@ietfa.amsl.com>; Mon, 10 Aug 2015 09:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xC5PnAYCsFXU for <ipv6@ietfa.amsl.com>; Mon, 10 Aug 2015 09:03:59 -0700 (PDT)
Received: from banjo.employees.org (banjo.employees.org [198.137.202.19]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2BD1B374F for <ipv6@ietf.org>; Mon, 10 Aug 2015 09:03:59 -0700 (PDT)
Received: from banjo.employees.org (localhost [127.0.0.1]) by banjo.employees.org (Postfix) with ESMTP id 90DA46129; Mon, 10 Aug 2015 09:03:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; s=selector1; bh=gqcR2Epmn0lNodrpPB40kQF8D0g=; b= iOy6qfv2xKd/q6A1ptXKmXMfi0Oloii65euwP+pxW9TMvOFDQ90Cqtlgr1AxYRcl LQ0Gpdcu1IdsdOZbgNXRZbxVzbCF7MmEqUqL4PKsBChFXzN4dd4b03cgk5NyO2/f 0MEzDYKGDc9z3QWcDqGq6tuVu2TV2KMeD9bHtfkGiic=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; q=dns; s=selector1; b=lrBnCmgUukzavGAY5H1PA8T16O 7qgIUO/zxk1rS5SkyR2L0EwJHNMcZiNG4KTobNh+pp+mL+PYHASdSnpT8fv2mPTH iaNYH/AVU+jOZw2O3RyQO2l8qIwwKByBzvQUQpiv6oeuJQkg5zSY1gufb0cyUBER 1qM9jdh934vO117s4=
Received: from gomlefisk.localdomain (cm-84.215.10.233.getinternet.no [84.215.10.233]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by banjo.employees.org (Postfix) with ESMTPSA id E454A613D; Mon, 10 Aug 2015 09:03:40 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by gomlefisk.localdomain (Postfix) with ESMTP id 1E6074A69DB2; Mon, 10 Aug 2015 18:03:37 +0200 (CEST)
Subject: Re: SLAAC/DHCPv6 sharing prefix(es) legitimate?
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_AFDF7B7B-BDFA-4F17-9783-D9CB535A54B7"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5
From: Ole Troan <otroan@employees.org>
In-Reply-To: <D1EE16E9.3362B%d.sturek@att.net>
Date: Mon, 10 Aug 2015 18:03:36 +0200
Message-Id: <E43C4151-8215-43DB-92AD-4AA037C62B9E@employees.org>
References: <CAO42Z2yTECGUfoJazTV3U16ypyP+T3rCVQN1UbJ-vpBHp8Oeiw@mail.gmail.com> <20150810074536.511e2e98@echo.ms.redpill-linpro.com> <CAKD1Yr3jHTc7cBx1g+_X0B7mDEx8FGHkTmot0ou5H-1t_P8Hzw@mail.gmail.com> <CAO42Z2xvQZvpHG6wjWUAxrF_apsPBfyHN3aAOAPvp0gR=6Qx-A@mail.gmail.com> <E045AECD98228444A58C61C200AE1BD84A0025D4@xmb-rcd-x01.cisco.com> <3B5175C4-8472-4E01-B3F6-80877385325A@umn.edu> <D1EE0992.3361B%d.sturek@att.net> <FD202BB8-EEE0-4517-8C98-0B5989AB71C8@umn.edu> <D1EE16E9.3362B%d.sturek@att.net>
To: Don Sturek <d.sturek@att.net>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/XGbAf4DV1UTgbeh9ummhTJEonaA>
Cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, Tore Anderson <tore@fud.no>, 6man WG <ipv6@ietf.org>, Ralph Droms <rdroms.ietf@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 16:04:02 -0000
Don, if you think bandwidth usage (one single packet on connecting to the link by default) is too high, then please get that issue added to http://tools.ietf.org/html/draft-yourtchenko-6man-dad-issues David F: which by the way makes a reasonable case for DAD being brittle. I’d certainly wouldn’t have bought my seat belts, if they were designed by the same people that designed DAD. ;-) cheers, Ole > On 10 Aug 2015, at 17:58 , Don Sturek <d.sturek@att.net> wrote: > > Hi David, > > I then think there is a place for new I-D to tame the bandwidth use of DAD > (something similar to what RFC 6775 did for RFC 4861). > > Don > > On 8/10/15 8:43 AM, "David Farmer" <farmer@umn.edu> wrote: > >> >>> On Aug 10, 2015, at 09:59, Don Sturek <d.sturek@att.net> wrote: >>> >>> Hi David, >>> >>> Could not disagree with you more. For many mesh deployments using >>> technologies like IEEE 802.15.4/6LoWPAN, etc., NOT performing DAD is the >>> norm. I would expect that most Automatic Metering, smart cities, etc >>> applications that deploy mesh routing will disallow DAD. >>> >>> You are right that address allocation/management must be carefully >>> performed in such networks. However, with strict use of SLAAC (for >>> smaller networks), DHCPv6 for larger networks and certification testing >>> you will find that DAD does nothing but occupy valuable bandwidth in >>> these >>> "stub" networks. >> >> You just made my point, if everything is done perfectly and nothing goes >> wrong, you are fine, we agree. But that is called brittle. Robustness >> assumes things will go wrong and that people will make mistakes. >> >> What happens when the DHCP sever is accidentally rebooted and the >> previous addressing state is not saved? And the DHCP server starts >> telling devices to use an address used by another device, because it >> forgot it told the other device to use that address? >> >> Can you build a robust system with out DAD, probably, but just tuning off >> DAD with DHCP as currently specified is not robust. >> >> Is there a cost for that robustness sure, and in some situations does the >> cost out ways it's benefit, maybe. If you assume everything is done >> correctly, then DAD is unnecessary. >> >> But here is the problem I have; I've got building systems engineers that >> think they can attach just attach their IEEE 802.15.4/6LoWPAN, etc... >> networks to my campus network willy-nilly, and it will work just fine. >> Well it won't, because my campus networks, and most of the devices on >> them, assume that DAD is there to protect them. >> >> So, just like you believe I'm not accounting for the costs associated >> with DAD, I believe you are not accounting for the costs associated with >> having to operate IEEE 802.15.4/6LoWPAN, etc... networks differently from >> the thousands of other networks I have to operate. >> >>> Don Sturek >>> >>> >>> >>> On 8/10/15 7:44 AM, "ipv6 on behalf of David Farmer" >>> <ipv6-bounces@ietf.org on behalf of farmer@umn.edu> wrote: >>> >>>> >>>> >>>>> On Aug 10, 2015, at 04:34, Pascal Thubert (pthubert) >>>>> <pthubert@cisco.com> wrote: >>>>> >>>>> There are deployments in IOT that use DHCP only or reserve some space >>>>> for DHCP so that DHCP addresses do not collision with anything else by >>>>> network design. Such deployments can reach thousands of nodes over low >>>>> power lossy mesh networks. >>>>> >>>>> In a case like this, DAD is omitted voluntarily. It would be >>>>> unwelcome >>>>> from the IETF to change the rule in 3315 brutally without >>>>> consideration >>>>> for the impact in such cases. >>>> >>>> Any omission of DAD, for what ever reason, makes an IPv6 network >>>> brittle. >>>> Are there situations where a network will function without DAD, sure. >>>> But those situations are not robust, simple and fairly normal changes >>>> to >>>> such a network can easily cause duplicate addresses. Use of IPv6 >>>> without >>>> DAD requires extreme caution and is intrinsically unstable and brittle. >>>> >>>>> I like Ralph's approach, that adds words around the SHOULD to discuss >>>>> cases where it seems acceptable to ignore the general rule. So if >>>>> there's a new 3315; my suggestion would be to keep the SHOULD, explain >>>>> that DAD MAY be avoided for instance if the DHCP server owns some >>>>> address range, so collisions with other assignment techniques such as >>>>> manual, SLAAC and 6LoWPAN ND, are not possible. The text could add >>>>> that >>>>> large IOT meshes with such range isolation is a case where DAD is >>>>> actually NOT RECOMMENDED. This would enable IoT people, for once, to >>>>> feel good about what they have to implement, rather than adding >>>>> another >>>>> SHOULD to the long list that they ignore with their fingers crossed. >>>> >>>> Sorry, but no one should feel good about not implementing DAD, not >>>> implementing DAD maybe the lesser of two evils, and even necessary in >>>> some limited situations. But not implementing DAD is like not using >>>> seat-belts in a car. Most days you will get away with it just fine, >>>> but >>>> in the long run its a bad idea. >>>> >>>>> Cheers, >>>>> >>>>> Pascal >>>>> >>>>>> -----Original Message----- >>>>>> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Mark Smith >>>>>> Sent: lundi 10 août 2015 09:05 >>>>>> To: Lorenzo Colitti <lorenzo@google.com> >>>>>> Cc: Tore Anderson <tore@fud.no>; 6man WG <ipv6@ietf.org> >>>>>> Subject: Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? >>>>>> >>>>>>> On 10 August 2015 at 17:00, Lorenzo Colitti <lorenzo@google.com> >>>>>>> wrote: >>>>>>>> On Mon, Aug 10, 2015 at 2:45 PM, Tore Anderson <tore@fud.no> wrote: >>>>>>>> >>>>>>>> Section 5.6: >>>>>>>> >>>>>>>> It is possible for hosts to obtain address information using both >>>>>>>> stateless autoconfiguration and DHCPv6 since both may be enabled >>>>>>>> at >>>>>>>> the same time. [...] Hosts accept the union of all information >>>>>>>> received via Neighbor Discovery and DHCPv6. >>>>>> >>>>>> +static/manually configured addresses. >>>>>> >>>>>> >>>>>>> >>>>>>> If we want that to work, then hosts must perform DAD for all DHCPv6 >>>>>>> addresses and DECLINE them if DAD fails. If so, then we need to >>>>>>> update >>>>>>> RFC3315 from SHOULD do DAD to MUST do DAD. Yes? >>>>>> >>>>>> I would think so. >>>>>> >>>>>> There does seem to be a RFC3315bis in development. >> >> -- >> =============================================== >> David Farmer Email: farmer@umn.edu >> Office of Information Technology >> University of Minnesota >> 2218 University Ave SE Phone: +1-612-626-0815 >> Minneapolis, MN 55414-3029 Cell: +1-612-812-9952 >> =============================================== >> > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Tore Anderson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Brian E Carpenter
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Lorenzo Colitti
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Tore Anderson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Tore Anderson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Lorenzo Colitti
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mikael Abrahamsson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mikael Abrahamsson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Tore Anderson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Lorenzo Colitti
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mark Smith
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mikael Abrahamsson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Mikael Abrahamsson
- RE: SLAAC/DHCPv6 sharing prefix(es) legitimate? Pascal Thubert (pthubert)
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Turner, Randy
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Lorenzo Colitti
- RE: SLAAC/DHCPv6 sharing prefix(es) legitimate? Pascal Thubert (pthubert)
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? David Farmer
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Don Sturek
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? David Farmer
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Philip Homburg
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Don Sturek
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Ole Troan
- RE: SLAAC/DHCPv6 sharing prefix(es) legitimate? Pascal Thubert (pthubert)
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? Tore Anderson
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? 神明達哉
- Re: SLAAC/DHCPv6 sharing prefix(es) legitimate? 神明達哉