IETF Logo Mail Archive

Re: [mif] Route option for DHCPv6 - next steps?

Wojciech Dec <wdec.ietf@gmail.com> Tue, 10 April 2012 15:09 UTC

Return-Path: <wdec.ietf@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4020F11E80EF for <mif@ietfa.amsl.com>; Tue, 10 Apr 2012 08:09:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.415
X-Spam-Level:
X-Spam-Status: No, score=-3.415 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U7KMdfdLWjwi for <mif@ietfa.amsl.com>; Tue, 10 Apr 2012 08:09:51 -0700 (PDT)
Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) by ietfa.amsl.com (Postfix) with ESMTP id 3EEC321F84D6 for <mif@ietf.org>; Tue, 10 Apr 2012 08:09:51 -0700 (PDT)
Received: by qafi31 with SMTP id i31so2716826qaf.15 for <mif@ietf.org>; Tue, 10 Apr 2012 08:09:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=uc/jW2LJsXry78IvCHFJFnZFbpANQplGm/0JCmCy6xU=; b=M4uIbOQrG6yoJALl73iPh5DNZDBknhuCJkCMh5N+G8034QAdpxSB7Nf6gPqedSvKMV e0/8gP3sVbe8UPBCMsi7zAUAKFGWXK5MyR05w65XpfLdMpDLTeMD7fHdffRMC34atnka LkrXrRG7/veZ2NRTMdk3qlwSUXkqPKjZag0UFXRH2yStsoRkBgNWWH7TS8FEEvyK+CA1 7uBYa4HSdiLiPaJ4omJTlUwXO+O9mV7MqUnS3FJYmID7ygrMw99L8WiU1LlFRv0+3hdX D3VHNp6Wv0REEmo45jwFEKOFOgokajPQRqRodQlFsNhMoePqOqYqeCgZ8pocb49As5us ZlfA==
MIME-Version: 1.0
Received: by 10.229.75.215 with SMTP id z23mr4602033qcj.111.1334070590729; Tue, 10 Apr 2012 08:09:50 -0700 (PDT)
Received: by 10.229.95.199 with HTTP; Tue, 10 Apr 2012 08:09:50 -0700 (PDT)
In-Reply-To: <97D4F82A-6321-403F-9097-F7B48601DCD5@gmail.com>
References: <75459BC2-E733-45C0-BC1C-25A19BBA1137@gmail.com> <CAE97176.17DF4%wdec@cisco.com> <CANF0JMD_zfXGcfMy+rCOFXS1aCZ3RPHoRtkBeS8kDgOFcfQ8Fg@mail.gmail.com> <75D251D1-9828-4AFE-9BEF-B376E97133C7@nominum.com> <CANF0JMBbhrF0G=hSvcvyZAddAMW7oSO5KpzUmcJXCtwcnmyWOw@mail.gmail.com> <4A221CE5-ECF0-4E07-9329-E6BAA3F06A96@nominum.com> <4EC4AADB.8030803@piuha.net> <DD1241D5-B794-49C3-A3A2-4294248DDD10@gmail.com> <4F719186.3060507@gmail.com> <CAKD1Yr3tSoDPcheriWdZEeKyhqpDANCP7Co0wVVqK5+mXc7e5A@mail.gmail.com> <4F72CD22.3080604@gmail.com> <CAKD1Yr3RUUthiawKrmxjSNqzEbJcOLpHvDGb9XLtdiU-tfEYyw@mail.gmail.com> <4F744831.3070406@gmail.com> <8D23D4052ABE7A4490E77B1A012B6307472D4175@mbx-01.win.nominum.com> <4F7453FC.3010502@gmail.com> <4F74546D.4060808@gmail.com> <72C42575-6BE2-4F27-B7F4-AA4539DA7EF9@lilacglade.org> <8D23D4052ABE7A4490E77B1A012B6307472D43A1@mbx-01.win.nominum.com> <069301cd0dd2$5954df00$0bfe9d00$@tndh.net> <550B9F79-1642-469F-9ED3-96DA26AA40AB@lilacglade.org> <CAAedzxpMtu_7jWuES5=EKK4oqsFsvt4tPpu0J4fy3Uz4-TEt6Q@mail.gmail.com> <97D4F82A-6321-403F-9097-F7B48601DCD5@gmail.com>
Date: Tue, 10 Apr 2012 17:09:50 +0200
Message-ID: <CAFFjW4hkGMm+mLSzpdWPcFLUcY3Hkyb+BDxh+5910YtfZxGD-A@mail.gmail.com>
From: Wojciech Dec <wdec.ietf@gmail.com>
To: "mif@ietf.org" <mif@ietf.org>
Content-Type: multipart/alternative; boundary="002354470c5caa6fef04bd548325"
Subject: Re: [mif] Route option for DHCPv6 - next steps?
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 15:09:52 -0000

Folks,

before we get carried away on the "let's use Radius to provision the edge
router" solution, allow me to say that:
a) this is already standardized if not actually practised today
b) it does not solve the problem of the operators who do not directly
control the access edge router (eg think wholesale)
c) it requires not only a specific type of Radius infrastructure, that some
operators choose not to have, but also a specific type of stateful NAS
router (eg a BRAS) that others still also do not want to have.

Beyond the above, and in much the same way as has been argued previously, a
Radius client on the end device solution variant could also be used to
provision the route on the client (or SNMP, or a script, etc).

In theory thus, all of the Radius variants, are all perfectly good
solutions, and standards based too. The practicality of them is a different
matter, and this problem is all about per host configuration and
operational practicality. At least personally, I humbly think that there is
no one size fits all solution in this domain, and "perfectly good
theoretical solutions" are not necessarily practical ones; operators would
much rather have a choice of tools and an understanding of their tradeoffs,
rather than an SDO diktat in terms of how to operate their networks.

My 2c,
-Woj.


On 5 April 2012 22:27, jouni korhonen <jouni.nospam@gmail.com> wrote:

>
> RADEXT is working on
> http://tools.ietf.org/html/draft-ietf-radext-ipv6-access-06
> which adds attributes for RFC4191 use, for example. That is then also
> implicitly
> available for Diameter.
>
> Assuming unicast RA would be doable using just RFC6085, then there should
> not
> be much, if anything, to do protocol wise. The router that gets
> provisioned per
> host via AAA knows the l2-l3 mapping already.. and the AAA server also
> learns
> it. For dynamic changes of routes, AAA server can use e.g. l2 or l3
> addresses
> for a session identification when it sends a change of authorization..
>
> The assumption here is that each host gets separately authorized when they
> attach
> the network, which might be an issue on some links & deployments. However,
> some
> network architectures with multiple routers/gateways (can) already use AAA
> for
> centralized address management at per host granularity.
>
> - Jouni
>
>
> On Apr 4, 2012, at 4:53 AM, Erik Kline wrote:
>
> >> It's true, as Jari said, that this can be accomplished in other ways,
> and maybe it would be better if it would.   If there were some better
> central management solution for populating unicast RA mappings on the
> router, then unicast RA would indeed address the exact use case that I
> think we care about.   But without the mechanism for populating routers, we
> still have a poorly-addressed use case.   And then the question is, do we
> want to develop a whole new protocol just to solve this one small problem?
> >>
> >> It might be worth developing the protocol just to put this issue to bed.
> >
> > Is RADIUS suitable for this?  At one point it was the general
> > non-client provisioning protocol of choice, I thought.  I have not
> > been following any of the evolving diameter work, but would a RADIUS
> > option suffice?
> > _______________________________________________
> > mif mailing list
> > mif@ietf.org
> > https://www.ietf.org/mailman/listinfo/mif
>
> _______________________________________________
> mif mailing list
> mif@ietf.org
> https://www.ietf.org/mailman/listinfo/mif
>

v2.23.0 | Report a Bug | By Email