IETF Logo Mail Archive

Re: [mif] Route option for DHCPv6 - next steps?

Lorenzo Colitti <lorenzo@google.com> Wed, 28 March 2012 08:55 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC0B21F8995 for <mif@ietfa.amsl.com>; Wed, 28 Mar 2012 01:55:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.534
X-Spam-Level:
X-Spam-Status: No, score=-102.534 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KY-L5Z1FNTvU for <mif@ietfa.amsl.com>; Wed, 28 Mar 2012 01:55:27 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 48ADB21F899C for <mif@ietf.org>; Wed, 28 Mar 2012 01:55:26 -0700 (PDT)
Received: by obbtb4 with SMTP id tb4so1236879obb.31 for <mif@ietf.org>; Wed, 28 Mar 2012 01:55:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-system-of-record; bh=3lQCnMEy7YzrtQlosdMH6LmfVxUTL2c3QTFg4O62jS4=; b=U+S2UznN55bDSo+wICpRNOAJOHmYJypNG9i2HsOpFcKAF7qYt4sCGM2W7wOLf9HlPg bjTxX3+Gs/1+XJi0cXasB5LrEpLnAQRHHF5TqQ7XRco/iKjhX/vFRLQnX8lBgu8xg8EV uJBjXn/L/iGYayFLd3J8lnlapivC6orBeuoZtDT121ehsxsmwcJ3RXpfrikaztPFD8fX 26SWa70ok37V3gzbW/X2QquZE3UURjlWGPNnGMNVEGcFUVhVJdy121ES88EyoZz07YU9 zULUDz0n+6ZX8KiDIQj7ffL+M1CCZ5WAgGyey57dKmYtPGxfYzj8snsrHjhcti7w7rQ4 s/Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=3lQCnMEy7YzrtQlosdMH6LmfVxUTL2c3QTFg4O62jS4=; b=gLljbPCHUaM7bwHOru6uyunyxHV0TobeVYxncNlXUD94KUoExFd8MMgN6+VyivFtaM WW+qQSVXZPD+VYfH1TtFCtG88WkXSAdONYnoo4ZFWJtF+DUpa4jdIKAE1SbtRB0VoeeM bFe452VlOVgqY7hzaxJ6QhLbu0hXbenS18c2vPKzko0SPbTM7wO7ye00jOU830jlgrdn d6kQ3S5TYVOp5F06DArfoxdBZI+RWA7gp1DB5Y3EPSgwXZzAazZS49lAnGJX6eq+byIm PHmicq9ofTa7jZqWC4pgylQXpJV6wWWuypG8bkgpxeUiZVKw/2Ea3MdRcK29iFmhPFOJ Zt1g==
Received: by 10.182.36.3 with SMTP id m3mr36771654obj.8.1332924925896; Wed, 28 Mar 2012 01:55:25 -0700 (PDT)
Received: by 10.182.36.3 with SMTP id m3mr36771608obj.8.1332924925666; Wed, 28 Mar 2012 01:55:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.63.231 with HTTP; Wed, 28 Mar 2012 01:55:05 -0700 (PDT)
In-Reply-To: <4F72CD22.3080604@gmail.com>
References: <75459BC2-E733-45C0-BC1C-25A19BBA1137@gmail.com> <CAE97176.17DF4%wdec@cisco.com> <CANF0JMD_zfXGcfMy+rCOFXS1aCZ3RPHoRtkBeS8kDgOFcfQ8Fg@mail.gmail.com> <75D251D1-9828-4AFE-9BEF-B376E97133C7@nominum.com> <CANF0JMBbhrF0G=hSvcvyZAddAMW7oSO5KpzUmcJXCtwcnmyWOw@mail.gmail.com> <4A221CE5-ECF0-4E07-9329-E6BAA3F06A96@nominum.com> <4EC4AADB.8030803@piuha.net> <DD1241D5-B794-49C3-A3A2-4294248DDD10@gmail.com> <4F719186.3060507@gmail.com> <CAKD1Yr3tSoDPcheriWdZEeKyhqpDANCP7Co0wVVqK5+mXc7e5A@mail.gmail.com> <4F72CD22.3080604@gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Wed, 28 Mar 2012 10:55:05 +0200
Message-ID: <CAKD1Yr3RUUthiawKrmxjSNqzEbJcOLpHvDGb9XLtdiU-tfEYyw@mail.gmail.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
Content-Type: multipart/alternative; boundary="f46d04447f9fb4e4e904bc49c446"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnsWkgRhLs6qkzn+FztWkWx1FKQ0sXiRIxhNtAWX2eogKavSL2ffPK9eh6I6Z5eKzRBghEFJVrz00rMGl+rebufe4kwFscs3BPrLXZehLZbaFJ8BTYcP9FvHFl6LbtmR7kW0ltu
X-Mailman-Approved-At: Wed, 28 Mar 2012 04:10:30 -0700
Cc: Stuart Cheshire <cheshire@apple.com>, Brian Haberman <brian@innovationslab.net>, mif@ietf.org, Ron Bonica <rbonica@juniper.net>, Margaret Wasserman <margaretw42@gmail.com>, Dave Thaler <dthaler@microsoft.com>, Tim Chown <tjc@ecs.soton.ac.uk>, "narten@us.ibm.com Narten" <narten@us.ibm.com>, Mark Townsley <townsley@cisco.com>, Wojciech Dec <wdec@cisco.com>
Subject: Re: [mif] Route option for DHCPv6 - next steps?
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 08:55:27 -0000

[Putting mif back into CC, since now we're talking about the merits of the
proposal]

On Wed, Mar 28, 2012 at 10:34, Tomek Mrugalski
<tomasz.mrugalski@gmail.com>wrote:

> Let me comment on the deprecation a bit more. You mentioned previously
> that you are concerned about route entries becoming invalid. Let me
> explain how we plan this to defend against it:
> - if a host detects link flap, it must flush all routes installed
> - host verifies that router is reachable using ND, before using it
> - host detects that router died using NUD
>

And then what does the host? Ask the server again for another default
route? Why would the server return anything different than what it already
returned? After all, the server doesn't share state with the router, so it
has not idea that the host can't reach it.


> - you also expressed concerns about new server not being able to
> invalidate old server's configuration in case of old server crash. That
> is actually an invalid argument. Failure of the server does not imply
> failure of the router. Furthermore, it is possible to invalidate old
> server's information. If you want to do this, your new server can
> announce route to become obsolete by announcing it with lifetime of 0.
>
> Do you have any other deprecation mode in mind that is not covered?
>

Example A:
1. There are two routers on the link connected to a switch.
2. You get a default route from a DHCPv6 server pointing at one of them.
3. The router crashes or is taken out of service. You default route is not
working any more. The server doesn't know this, and so doesn't validate
your route
4. You have no default route.

Example B:
1. There are two routers on the link connected to a switch.
2. You get a default route from a DHCPv6 server pointing at one of them.
3. The server crashes or is unreachable.
4. The router is taken out of service for planned maintenance.
5. You have no default route, and nobody can invalidate your route, since
only the crashed / unreachable server has the nonce.

In IPv4, the typical solution to these problems are NOT "use reconfigure
accept", but "run VRRP". With RAs, we can get rid of VRRP; we just won't
have the problem.

In the homenet, where stuff can go away permanently at any time, things get
even worse.

> DHCPv6 servers often don't share fate with the routers.
> So? There are over 65 options defined for DHCPv6, much more will be
> defined. Do you expect server to share fate with all announced services?
>

No. I'm saying we already have a way to do this that shares fate, and that
it's more reliable, and that we don't need another way.


> This mechanism may affect many groups: MIF, DHC, homenet, shim6, 6man
> and v6ops. Do you expect us to ask for adoption of this draft to all of
> those groups in turn? My idea is that this mechanism may affect many
> WGs, but such document must be adopted somewhere.
>

Agreed, it needs a place to live. I believe MIF is not the right place,
because 11 of the 14 use cases are not about multiple interfaces. I believe
that 6man is the right place, because this option provides a complete
replacement for the basic way in which hosts learn about routers.

If you take this to 6man and get consensus there, then that's fine.

Cheers,
Lorenzo

v2.23.0 | Report a Bug | By Email