Re: [mif] RA vs DHCPv6 config (was Review requested: draft-ietf-mif-dhcpv6-route-option)

Tomasz Mrugalski <tomasz.mrugalski@gmail.com> Mon, 31 October 2011 11:06 UTC

Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49B321F8D0F for <mif@ietfa.amsl.com>; Mon, 31 Oct 2011 04:06:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIm1yV2HP2PK for <mif@ietfa.amsl.com>; Mon, 31 Oct 2011 04:06:11 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id D017121F8C61 for <mif@ietf.org>; Mon, 31 Oct 2011 04:06:10 -0700 (PDT)
Received: by wwi36 with SMTP id 36so814882wwi.13 for <mif@ietf.org>; Mon, 31 Oct 2011 04:06:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-tagtoolbar-keys:content-type :content-transfer-encoding; bh=ozPYW/s5cm4b1rbY897RH1bG3M7fJzyQxFZUDOPp/b8=; b=w0TPsN9wbkpPSviZ4S9HIa5jQTYOYE9jGuTFEBMkPEvDVBz02E2HFOPAXY5Uys7YPp 6/wRWGryC17U+yAp7OdsiOl08/RKNoHGM9ZLHlEu42i90Ey8A8XqmX8Rf+RqH8QN4eqX 1BpkjjcWZrnOuDiuy5WNgE18inyUDDf31U5YM=
Received: by 10.216.229.223 with SMTP id h73mr4126775weq.79.1320059169960; Mon, 31 Oct 2011 04:06:09 -0700 (PDT)
Received: from [10.0.0.100] (host-109-107-11-157.ip.jarsat.pl. [109.107.11.157]) by mx.google.com with ESMTPS id ff6sm31779971wbb.10.2011.10.31.04.06.06 (version=SSLv3 cipher=OTHER); Mon, 31 Oct 2011 04:06:08 -0700 (PDT)
Message-ID: <4EAE811A.1030005@gmail.com>
Date: Mon, 31 Oct 2011 12:06:02 +0100
From: Tomasz Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Lightning/1.0b2 Thunderbird/3.1.15
MIME-Version: 1.0
To: Ted Lemon <Ted.Lemon@nominum.com>
References: <4EAAA9FE.9030600@innovationslab.net> <CAD06408.17DC0D%wbeebee@cisco.com>, <5B6B2B64C9FE2A489045EEEADDAFF2C3032A71C3@XMB-RCD-109.cisco.com> <COL118-W380DB46BD2C899FA745788B1D30@phx.gbl> <4EAD833E.1020204@gmail.com> <A28D1C9D-0227-48E8-A9B0-EDB769AFD5AA@nominum.com>, <4EADB4F5.3030804@gmail.com> <091A2980-DC47-403E-BDF9-96EC955815C5@nominum.com>
In-Reply-To: <091A2980-DC47-403E-BDF9-96EC955815C5@nominum.com>
X-TagToolbar-Keys: D20111031120602446
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "<mif@ietf.org>" <mif@ietf.org>
Subject: Re: [mif] RA vs DHCPv6 config (was Review requested: draft-ietf-mif-dhcpv6-route-option)
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2011 11:06:11 -0000

On 30.10.2011 22:38, Ted Lemon wrote:
> On Oct 30, 2011, at 4:35 PM, "Brian E Carpenter"
> <brian.e.carpenter@gmail.com> wrote:
>> It makes my head hurt a bit to give RA config priority in one
>> context and DHCPv6 config priority in another context. I think this
>> point requires a wider discussion; you could find opinions about
>> this in (at least) 6man, v6ops, homenet, and 6renum.
> 
> I really don't see how we can manage that.   That's five different
> mailing lists, not even counting the DHC mailing list.   The way I
> deal with this is to be on all those mailing lists.
> 
> As for your head hurting, you have my sympathy.   In reality, I think
> that if DHCP and RA disagree, that is a configuration error, and so
> it doesn't particularly matter which one is given priority.   They
> should agree.
How about a different perspective on RA and DHCP disagreement? RA
provides generic mechanism for all hosts in a network. DHCP allows to
provision routing information on per host basis. Therefore you can
deliver additional configuration to selected subset of hosts. That's why
I would prefer DHCP over RA as a way to override "default" configuration.

There's another aspect and I'm not sure if mentioning this will open can
of worms. What about security aspect of it? While is possible to
establish security relationship between DHCP server and clients, I'm not
aware of any such mechanism for RA. (There's SEND, but that is a
different matter. My understanding is that we are talking about "plain"
RA). I would propose to favor DHCP over RA, because it may be less prone
to attacks. I admit that this may be very strong or very weak (almost
nobody uses security in DHCPv6 nowadays) argument, depending on which
perspective you take on it.

Brian,
Thanks for pointers to other groups. Unfortunately, due to other
obligations I'm unable to handle additional traffic. I will,
occasionally, keep checking out occasionally what is happening in those
groups. I'm afraid that if I asked on each group separately, I may get
different answer every time. Reaching a consensus on this one may be tricky.

Tomek