IETF Logo Mail Archive

Re: [mif] Route option for DHCPv6 - next steps?

"Tony Hain" <alh-ietf@tndh.net> Tue, 03 April 2012 16:24 UTC

Return-Path: <alh-ietf@tndh.net>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D11811E815A for <mif@ietfa.amsl.com>; Tue, 3 Apr 2012 09:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.084
X-Spam-Level:
X-Spam-Status: No, score=0.084 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QjT2NrOZ+Cmk for <mif@ietfa.amsl.com>; Tue, 3 Apr 2012 09:24:14 -0700 (PDT)
Received: from tndh.net (75-149-170-53-Washington.hfc.comcastbusiness.net [75.149.170.53]) by ietfa.amsl.com (Postfix) with ESMTP id 2F0DE11E8157 for <mif@ietf.org>; Tue, 3 Apr 2012 09:24:13 -0700 (PDT)
X-AuthUser: alh-ietf@tndh.net
Received: from eaglet ([172.20.144.31]:37878) by tndh.net with [XMail 1.27 ESMTP Server] id <S19201DF> for <mif@ietf.org> from <alh-ietf@tndh.net>; Tue, 3 Apr 2012 09:24:11 -0700
From: Tony Hain <alh-ietf@tndh.net>
To: 'Ted Lemon' <Ted.Lemon@nominum.com>
References: <75459BC2-E733-45C0-BC1C-25A19BBA1137@gmail.com> <CAE97176.17DF4%wdec@cisco.com> <CANF0JMD_zfXGcfMy+rCOFXS1aCZ3RPHoRtkBeS8kDgOFcfQ8Fg@mail.gmail.com> <75D251D1-9828-4AFE-9BEF-B376E97133C7@nominum.com> <CANF0JMBbhrF0G=hSvcvyZAddAMW7oSO5KpzUmcJXCtwcnmyWOw@mail.gmail.com> <4A221CE5-ECF0-4E07-9329-E6BAA3F06A96@nominum.com> <4EC4AADB.8030803@piuha.net> <DD1241D5-B794-49C3-A3A2-4294248DDD10@gmail.com> <4F719186.3060507@gmail.com> <CAKD1Yr3tSoDPcheriWdZEeKyhqpDANCP7Co0wVVqK5+mXc7e5A@mail.gmail.com> <4F72CD22.3080604@gmail.com> <CAKD1Yr3RUUthiawKrmxjSNqzEbJcOLpHvDGb9XLtdiU-tfEYyw@mail.gmail.com>, <4F744831.3070406@gmail.com> <8D23D4052ABE7A4490E77B1A012B6307472D4175@mbx-01.win.nominum.com> <4F7453FC.3010502@gmail.com> <4F74546D.4060808@gmail.com>, <72C42575-6BE2-4F27-B7F4-AA4539DA7EF9@lilacglade.org> <8D23D4052ABE7A4490E77B1A012B6307472D43A1@mbx-01.win.nominum.com>, <069301cd0dd2$5954df00$0bfe9d00$@tndh.net> <8D23D4052ABE7A4490E77B1A012B6307472D45F6@mbx-01.win.nominum.com> , <075201cd0f8e$94cb81 7 0$be628450$@tndh.net> <8D23D4052ABE7A4490E77B1A012B6307472D5C5B@mbx-01.win.nominum.com>, <00c301cd10ec$46f39ff0$d4dadfd0$@tndh.net> <8D23D4052ABE7A4490E77B1A012B6307472D608D@mbx-01.win.nominum.com>
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B6307472D608D@mbx-01.win.nominum.com>
Date: Tue, 03 Apr 2012 09:24:09 -0700
Message-ID: <01a601cd11b6$34522090$9cf661b0$@tndh.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGYocXPKzopiDhicKFSNXe3ky5PRQFWcj/vAj3jZD8CE4SQEAM8EDN1Aal2DB8CuqDa4AGu3TE6AouFInYBmOpBUgHiAfgSAabbPDMCVhY93gK9RQNgAaU+fSYBVklIJAKKPEcuAtiEBeIBI67GfQHRMw/lAPKIJtsCiVre6wGxPjrQAeJ5bLGVgUcx8A==
Content-Language: en-us
Cc: mif@ietf.org
Subject: Re: [mif] Route option for DHCPv6 - next steps?
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 16:24:15 -0000

Ted Lemon wrote:
> > I agree that you don't do something just because it was done in IPv4,
> >but  your response is exactly the same as your complaint about the
> >public  lynching. Just because your local network is not using this
> >mechanism is no reason to deny others from having it for theirs.
> 
> Lynching was a poor choice of words.   In any case, my point is that if
you
> have a real need for this functionality on your network, you should be
able to
> articulate that in a convincing way, and there should be some reason why
> DHCPv6 is a better solution than RA.   It shouldn't be the case that you'd
just
> rather use DHCPv6.

It appears you missed my point that my personal preference is to avoid using
DHCPv6 for this single function, because I have no other ongoing need. At
the same time, as I said my personal preference doesn't matter, and I will
defend the right of others to have the tools they expect. Like it or not,
there are people that wouldn't know what to do with their network without
the centralized point of all operational knowledge in their DHCP server. In
some cases this is due to internal politics, where the end system
administrators operate the DHCP service, and they refuse to turn over
control to the evil network ops team and whatever they might do.  In other
cases the network ops team operates DHCP with the explicit intent to assert
some control over those evil end systems. 

> 
> > people do operate VPNs with split tunneling, and need a way to push
> > the internal routes to the client. The operational pain will occur
> > when there is no option 121 for those networks that use it for IPv4.
> > The alternative is what I am doing; manually running a static route
> > script every time the vpn goes up and another when it goes down to
> > pull them back out.
> 
> What's missing from this description is "RA doesn't work well in this
situation
> because..."

One size does not fit all ...  The reason that operations is such a mess
right now is the ongoing and unnecessary war about which operational model
is "right", resulting in the absurd need to do logically associated things
in different places. There should be a mechanism that makes this work well
via RA, but that does not mean the DHCP approach is wrong. The IETF needs to
create a complete tool set for operating networks both with and without
DHCP. Again, one size does not fit all ...

When we started this IPv6 effort DHCP was just getting started, and going
through growing pains. At this point an entire generation of network
operators don't know any different and would be lost if you told them their
point of control in DHCP is gone. While a well-functioning RA mechanism is
needed, that is simply inadequate for people that don't know anything but
DHCP.

> 
> > Widespread deployment requires that people have the tools they want to
> > use for managing their local network.
> 
> Widespread deployment requires that people have tools that work well to
> manage their local network.  If the tools that we have given them thus far
do
> not work well, it should be easy to say why.   It's not the IETF's job,
nor
> should it be, to give them specific tools just because those are the ones
they
> want, any more than the building code should allow you to use deck screws
> in a shear wall just because you happen to prefer an impact driver to a
nail
> gun.=

Following that analogy, a large percentage of the network operators out
there have a hammer. It doesn't matter if you give them screws or nails,
they are going to  use the hammer they know. At the end of the day one of
those choices is more efficient and less frustrating than the other, but
both can get the job done. At the same time, leaving the screws and a
screwdriver laying alongside the nails will lead many to realize there may
be a better fit for their needs. When you meet people where they are
mentally, you have a better chance of discussing alternatives than if you
insist they leave their comfort zone and follow your 'one true way' into the
vast unknown. 

Tony

v2.23.0 | Report a Bug | By Email