IETF Logo Mail Archive

Re: Win7 - no managed flag, DHCP address released?!?

Karl Auer <kauer@biplane.com.au> Mon, 22 October 2012 22:42 UTC

Return-Path: <kauer@biplane.com.au>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 201DB11E80E7 for <ipv6@ietfa.amsl.com>; Mon, 22 Oct 2012 15:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.13
X-Spam-Level:
X-Spam-Status: No, score=-1.13 tagged_above=-999 required=5 tests=[AWL=-0.521, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, PLING_QUERY=1.39]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3kVvWG5MsdX for <ipv6@ietfa.amsl.com>; Mon, 22 Oct 2012 15:42:01 -0700 (PDT)
Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net [IPv6:2001:44b8:8060:ff02:300:1:6:5]) by ietfa.amsl.com (Postfix) with ESMTP id 0374C1F0C49 for <ipv6@ietf.org>; Mon, 22 Oct 2012 15:41:58 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArIBAHbKhVCWZX+7/2dsb2JhbAANOMExgzUBAQEDAWcXCwsYLkkBDRkJh3URqECDKZBJi3KGVQOIJYoajl6IEIFP
Received: from eth4284.nsw.adsl.internode.on.net (HELO [192.168.1.201]) ([150.101.127.187]) by ipmail05.adl6.internode.on.net with ESMTP; 23 Oct 2012 09:11:57 +1030
Message-ID: <1350945715.3457.196.camel@karl>
Subject: Re: Win7 - no managed flag, DHCP address released?!?
From: Karl Auer <kauer@biplane.com.au>
To: ipv6@ietf.org
Date: Tue, 23 Oct 2012 09:41:55 +1100
In-Reply-To: <EMEW3|ea1336ffffe0de2807fe90d923b04132o9LDrs03tjc|ecs.soton.ac.uk|83C07165-A450-4E7D-93FC-E17121D6B593@ecs.soton.ac.uk>
References: <1350563448.2987.14.camel@karl> <1350864259.15057.YahooMailNeo@web32502.mail.mud.yahoo.com> <83C07165-A450-4E7D-93FC-E17121D6B593@ecs.soton.ac.uk> <EMEW3|ea1336ffffe0de2807fe90d923b04132o9LDrs03tjc|ecs.soton.ac.uk|83C07165-A450-4E7D-93FC-E17121D6B593@ecs.soton.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailer: Evolution 3.2.3-0ubuntu6
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2012 22:42:02 -0000

On Mon, 2012-10-22 at 13:53 +0100, Tim Chown wrote:
> This issue has come up recently in 6renum discussions, actually from
> Karl as well :)
> http://www.ietf.org/mail-archive/web/ipv6/current/msg16179.html

In that discussion I said that I thought a host MAY deconfigure an
address if it was configured due to an M flag, but I've changed my mind.
I now feel that a host MUST NOT deconfigure (or even deprecate) an
address solely because the state of the M or O flags changes, even if
from the same sender. Why?

   22.6. IA Address Option

   [...]In a message sent by a server to a
   client, the client MUST use the values in the preferred and valid
   lifetime fields for the preferred and valid lifetimes.

The assignment of a address via DHCPv6 is a contract with the host -
"you may have this address for this many seconds". The lifetimes sent by
the server and their ability to be set by the administrator are the
means of controlling the length of the contract. Once a DHCPv6 address
is configured for a prefix, the M and O flags cease to be relevant
unless or until that address has been deconfigured.

Having read the RFC a few times now :-) I an convinced that there is no
intention, implied or otherwise, that the absence (or disappearance) of
the M or O flags should have any effect at all on a configured address.
However much people may wish for that symmetry, it is not there and is
not necessary.

However, there is also no statement, implied or otherwise, that a host
SHOULD NOT or MUST NOT deconfigure an address whenever it darn well
feels like it. The snippet of code above may suggest otherwise, but I
think it is clear that it is setting a maximum, not a minimum. So I have
to come to the reluctant conclusion that Windows is not doing anything
formally wrong in this regard, it is just doing something very
stupid[1].

And I stand by my opinion that these flags are unnecessary and should be
deprecated as soon as possible.

> The example being considered here with two senders and inconsistent
> settings is a misconfiguration. The inconsistency should be logged and
> corrected, regardless of what the host behaviour is. If the second RA
> is a rogue, then methods for rogue RA suppression should be in place.

All true - but the host should also avoid a trivial DoS by not
"flapping" outside the lifetimes received with the address(es) it
configured.

> A similar discussion could be had if each RA carried different DNS
> resolver addresses in the RFC6106 option. That RFC says
> "configurations where different information is provided by different
> sources may lead to problems. Therefore, the network administrator
> needs to configure DNS options in multiple sources in order to prevent
> such problems from happening." A similar argument.

Similar, yes. But not the same, given the DHCPv6 contract. If a host was
fooled into entering the contract, that's too bad - but being able to
fool it out of the contract is equally bad.

Regards, K.

[1] If indeed it is doing it at all - I still haven't double checked
this.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au)
http://www.biplane.com.au/kauer
http://www.biplane.com.au/blog

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687

v2.23.0 | Report a Bug | By Email