Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 published
Alexandru Petrescu <alexandru.petrescu@gmail.com> Tue, 27 March 2012 12:38 UTC
Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBFEC21E8129 for <mif@ietfa.amsl.com>; Tue, 27 Mar 2012 05:38:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jqt2KYbhPA9O for <mif@ietfa.amsl.com>; Tue, 27 Mar 2012 05:38:31 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 03A0221E8087 for <mif@ietf.org>; Tue, 27 Mar 2012 05:38:30 -0700 (PDT)
Received: by wgbdr13 with SMTP id dr13so3279001wgb.13 for <mif@ietf.org>; Tue, 27 Mar 2012 05:38:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=n91FaDq6CH33ntI3Qmkag8DzKvmxxCiOKla6BY0Mx78=; b=zYkfubb6bYP+XtvOJcXv+1W+CrseYVtKTIB+sDXIAREuCb8sWf5VIpzWSNkf0Y8Tpg TRcxk7oqHMTrGb1jYtC+x/QJ53MskJmQHtJBHZVkItYE2clkn8k2f/NGncsIhVzfOzzS 7tyLoBpGfyNe7yyPZMQ1JEZMdPFFRqI6g6xWzpsJRDGNmPk5YEbm62OpPFgrPfqLtlNi hMMhlIFPR12ODJ/YeFbndmrx0XNr3Ev9Tpy43LLmLA7ZCvPHPsLirAFNhRC4V2OTfHVn bTQ8MpMsaUNY/jGT3vN7LWlY55r4FlNv7lb/5yu7baNQ5U+kUXtyUCHWtw5V429nVwLP Tq5g==
Received: by 10.180.94.33 with SMTP id cz1mr27481528wib.13.1332851910193; Tue, 27 Mar 2012 05:38:30 -0700 (PDT)
Received: from [130.129.22.135] (dhcp-1687.meeting.ietf.org. [130.129.22.135]) by mx.google.com with ESMTPS id k7sm80782769wia.5.2012.03.27.05.38.29 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Mar 2012 05:38:29 -0700 (PDT)
Message-ID: <4F71B4BF.9000303@gmail.com>
Date: Tue, 27 Mar 2012 14:38:23 +0200
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: Marc Blanchet <marc.blanchet@viagenie.ca>
References: <20120224101611.22703.52041.idtracker@ietfa.amsl.com> <4F47688B.10508@gmail.com> <4F5E2F61.9040009@gmail.com> <CAAedzxqSPqPp1f34Z1Fm1h87mOB0aESfivZQMZmYAh7DNLv1ZQ@mail.gmail.com> <4F71A8D1.6000807@gmail.com> <3BA5CC86-1D2F-4DC1-8117-2C55218224BA@viagenie.ca>
In-Reply-To: <3BA5CC86-1D2F-4DC1-8117-2C55218224BA@viagenie.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: mif@ietf.org
Subject: Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 published
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 12:38:32 -0000
Le 27/03/2012 14:05, Marc Blanchet a écrit :
> Le 2012-03-27 à 13:47, Alexandru Petrescu a écrit :
>>
>> When setting up routes one would like to make sure they're right
>> and they lead somewhere at least most of the time. At the smart end
>> node and dumb network, there should always exist a fallback and
>> that fallback is typically the default route ("when everything else
>> fails").
>>
>> In this sense, if the end node sets up its routes with DHCP, it
>> would like to be sure they're right most of the time, otherwise use
>> the default route.
>>
>> But when the default route _and_ the other more specific routes
>> are provided by DHCP, and if failing, then there is a risk of
>> misconfiguration.
>
> yes and no. ipv6 stack is pretty good in actively tracking if routers
> are up.
>
> in fact, having the default route or not does not change the basic
> issue, which is, to me, a trust issue.
>
> say for example that you have two different types as you suggest: one
> for more specific routes and one for default route. well, if the
> dhcpv6 server sends you a specific route such as 2000::/3, it is
> almost a default route, and moreover, it will be preferred over the
> (good,appropriate) default routes.
We could specify the specific routes part to MUST NOT send 2000::/3 as
route. Would this solve that?
> Therefore, a specific type does not help the problem.
>
> So your proposal does not help the root issue which is, to me, does
> the node trust the dhcpv6 server for routes insertions.
In a sense yes. But this seems to me you mention a security (trust)
issue, not necessarily a misconfiguration.
I think protocol specification may guide the way the dhcpd.conf is
written and, if there are different types for specific routes vs default
routes, then there could be different sections in that file as well,
helping a bit to set aside the default routes.
Alex
>
> Marc.
>
>
>>
>> Something that could be done about this is the use of different
>> Types in DHCP (ORO) for specific routes and a different Type for
>> default routes. This would mean not only that the config file owuld
>> have different sections for default routes vs specific routes (thus
>> guide the Server's administrator to double check the default part)
>> but also the DHCP Client implementation to have separate software
>> sections for specific routes vs default routes. Some lighter DHCP
>> Clients may choose to implement _only_ the default route option
>> part (and not the specific route part).
>>
>> With respect to this there was also a question about compliance
>> with specs - if a stack doesn implement eg ICMP Redirect then it's
>> not compliant. Do we want to ensure the same level of strength in
>> compliance with DHCP? Even for low end devices?
>>
>> Alex
>>
>> _______________________________________________ mif mailing list
>> mif@ietf.org <mailto:mif@ietf.org>
>> https://www.ietf.org/mailman/listinfo/mif
>
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- [mif] I-D Action: draft-ietf-mif-dhcpv6-route-opt… internet-drafts
- [mif] draft-ietf-mif-dhcpv6-route-option-04 publi… Tomek Mrugalski
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Brian E Carpenter
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Ted Lemon
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Ted Lemon
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Erik Kline
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Tao Sun
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Erik Kline
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Marc Blanchet
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Marc Blanchet
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Lorenzo Colitti
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Ted Lemon
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Alexandru Petrescu
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Ted Lemon
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Brian E Carpenter
- Re: [mif] draft-ietf-mif-dhcpv6-route-option-04 p… Paul Ebersman