IETF Logo Mail Archive

Re: [pcp] Comments on draft-ietf-pcp-dhcp-03

Dave Thaler <dthaler@microsoft.com> Tue, 07 August 2012 01:34 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0789321F8691 for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 18:34:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.496
X-Spam-Level:
X-Spam-Status: No, score=-102.496 tagged_above=-999 required=5 tests=[AWL=-1.297, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, J_CHICKENPOX_15=0.6, J_CHICKENPOX_24=0.6, J_CHICKENPOX_25=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SXWBjjFvkvj for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 18:34:44 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id D67F121F867F for <pcp@ietf.org>; Mon, 6 Aug 2012 18:34:43 -0700 (PDT)
Received: from mail56-ch1-R.bigfish.com (10.43.68.235) by CH1EHSOBE014.bigfish.com (10.43.70.64) with Microsoft SMTP Server id 14.1.225.23; Tue, 7 Aug 2012 01:34:42 +0000
Received: from mail56-ch1 (localhost [127.0.0.1]) by mail56-ch1-R.bigfish.com (Postfix) with ESMTP id AF14A3002C5; Tue, 7 Aug 2012 01:34:42 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -31
X-BigFish: VS-31(zzbb2dI98dI9371I146fI542M1432I4015Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail56-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dthaler@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail56-ch1 (localhost.localdomain [127.0.0.1]) by mail56-ch1 (MessageSwitch) id 134430328128187_13122; Tue, 7 Aug 2012 01:34:41 +0000 (UTC)
Received: from CH1EHSMHS005.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.252]) by mail56-ch1.bigfish.com (Postfix) with ESMTP id 0501A3800F8; Tue, 7 Aug 2012 01:34:41 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS005.bigfish.com (10.43.70.5) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 7 Aug 2012 01:34:40 +0000
Received: from TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com (157.54.24.14) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.2.309.3; Tue, 7 Aug 2012 01:34:39 +0000
Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com (157.54.24.14) with Microsoft SMTP Server (TLS) id 14.2.309.3; Mon, 6 Aug 2012 18:34:39 -0700
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.170]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi id 14.02.0309.003; Mon, 6 Aug 2012 18:34:39 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, "Reinaldo Penno (repenno)" <repenno@cisco.com>, "pcp@ietf.org" <pcp@ietf.org>
Thread-Topic: [pcp] Comments on draft-ietf-pcp-dhcp-03
Thread-Index: AQHNcZ+sIMSFRn6eBkOpyqHfeftPVJdIXN9Q///nFoCAAERGIIADsTUAgAFcHhA=
Date: Tue, 07 Aug 2012 01:34:38 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B73D410@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
References: <9B57C850BB53634CACEC56EF4853FF653B7380B2@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <CC416268.88D8%repenno@cisco.com> <9B57C850BB53634CACEC56EF4853FF653B73881F@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <913383AAA69FF945B8F946018B75898A1477C15D@xmb-rcd-x10.cisco.com>
In-Reply-To: <913383AAA69FF945B8F946018B75898A1477C15D@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.90]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [pcp] Comments on draft-ietf-pcp-dhcp-03
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 01:34:45 -0000

> -----Original Message-----
> From: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com]
> Sent: Sunday, August 5, 2012 2:46 PM
> To: Dave Thaler; Reinaldo Penno (repenno); pcp@ietf.org
> Subject: RE: [pcp] Comments on draft-ietf-pcp-dhcp-03
> 
> Hi -
> 
> I think we need to clarify in the draft when multiple PCP server names/IP
> addresses will be returned by the DHCP server, for example like multi-homing
> case.

A small number of examples might be nice, but I don't think it can ever be complete,
and so we shouldn't try to enumerate all possible cases.

> Considering various other cases other than multi-homing
> 
> [1]In High Availability mode of NAT/Firewall devices (Active/Passive Mode),
> PCP client still gets just one IP address.
> 
> [2] For example in the draft http://tools.ietf.org/html/draft-rpcw-pcp-pmipv6-
> serv-discovery-00 where selected traffic is offload at the local access network.
> Mobile Node is provided only the PCP server address in the Local Access
> Network and MAG decides if the PCP request will be handled by Home network
> or Local Access Network.
> 
> [3] In Enterprise use case there could be two to three different possibilities
> 
> a)All the traffic from the branches tunneled back to the head office where
> there is a NAT/Firewall device.
> 
> b)Split Tunneling - In this case branch site itself would have NAT/Firewall to
> handle traffic to Internet.
> How will the DHCP server be populated with the right Firewall/NAT IP
> addresses in this case ?
> 
> [4]
> Finally we will also need to solve the problem with just IPv6 (NPTv6, Firewall)
> where there is no DHCPv6 server.
> From RFC6106
> "RA-based DNS configuration is a useful alternative in networks where an IPv6
> host's address is auto-configured through IPv6 stateless address auto-
> configuration and where there is either no DHCPv6 infrastructure at all or
> some hosts do not have a DHCPv6 client"

I (with no hats) disagree that a no-DHCPv6 server case needs to be solved by this WG.

-Dave
 
> --Tiru.
> 
> > -----Original Message-----
> > From: Dave Thaler [mailto:dthaler@microsoft.com]
> > Sent: Friday, August 03, 2012 2:30 PM
> > To: Reinaldo Penno (repenno); pcp@ietf.org
> > Subject: Re: [pcp] Comments on draft-ietf-pcp-dhcp-03
> >
> > Responding on list for benefit of others, although we already talked
> > in person...
> >
> > > -----Original Message-----
> > > From: Reinaldo Penno (repenno) [mailto:repenno@cisco.com]
> > > Sent: Friday, August 03, 2012 11:18 AM
> > > To: Dave Thaler; pcp@ietf.org
> > > Subject: Re: Comments on draft-ietf-pcp-dhcp-03
> > >
> > > On 8/3/12 10:53 AM, "Dave Thaler" <dthaler@microsoft.com> wrote:
> > >
> > > >> -----Original Message-----
> > > >> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On
> > > >> Behalf
> > Of
> > > >> Reinaldo Penno (repenno)
> > > >> Sent: Friday, August 03, 2012 10:45 AM
> > > >> To: pcp@ietf.org
> > > >> Subject: [pcp] Comments on draft-ietf-pcp-dhcp-03
> > > >>
> > > >> After reviewing draft-ietf-pcp-dhcp-03 I believe there are some
> > > >> things I believe we need to tie up.
> > > >
> > > >I agree.
> > > >
> > > >> When a PCP Client contacts PCP Servers in parallel, say, IPx1,
> > IPy1
> > > >> and
> > > >> IPz1 as mentioned in draft and all respond then:
> > > >>
> > > >> 1 - What happens to the state in y1 and z1 if PCP Client chooses
> > x1
> > > >> to communicate? Probably let it age out or delete mappings.
> > > >
> > > >What do you mean by "chooses x1"?
> > >
> > > That's what we find in section 6.2
> >
> > Yes but the text is lacking, as this exchange shows.
> >
> > > >if we're talking about MAP (for a
> > > >listening application) do you mean when x, y, and y are all NATs
> > rather
> > > >than FWs, and the client app can only deal with one external IP
> > > >address?
> > >
> > > The draft says as soon as one PCP Server responds successfully it
> > sticks to it.
> > > So, I'm assuming other PCP Server are not contacted further and
> > mappings
> > > will time out or need to be deleted.
> > >
> > > As a side effect why would an app get 3 external IP:ports for the
> > same
> > > purpose and consume three times the state. It seems to me a side
> > effect of
> > > the wording more than something the app really needs.
> >
> > Two reasons (cases):
> > a) there's different networks it's providing the same service on, e.g.
> >     via the Internet and via some other network.
> > b) for failover purposes.   For example, if it uses SRV records, it'd
> > have
> >    3 SRV records.   If one NAT goes down, the other end will
> > automatically
> >    use a different IP:port pair (which might be via a different ISP).
> > Otherwise
> >    the failover time is capped at the TTL of the SRV record, and we
> > know
> >    DNS TTLs below around 30 seconds aren't respected by many DNS
> > servers.
> >    So having multiple records provides sub-30-second failover.
> >
> > > >If they're firewalls (so the external IP address/port isn't
> > different),
> > > >or if the client app can deal with multiple external IP/ports, then
> > I
> > > >don't think it would choose one.
> > >
> > > What's the use case for three?
> >
> > Answered above.   Note I'm not saying three is appropriate in all
> > cases.
> > Only that there is a use case, and the choice is up to the client,
> > which is the only entity that knows the use case.
> >
> > > Anyway, this exchange is telling in light of
> > >
> > > "Once the PCP Client has successfully
> > >    received a response from a PCP Server on that interface, it sends
> > >    subsequent PCP requests to that same server until that PCP Server
> > > becomes non-responsive,"
> > >
> > > >
> > > >> 2 - If there is a failure on x1 and PCP Client decides to
> > communicate
> > > >>with y1,  there might be some 'leftover' mappings for internal
> > IP:port
> > > >>(see 1).
> > > >> PCP Client will need to delete or reuse existing state in y1.
> > > >>Important to  notice that there is no way to guarantee that PCP
> > Server
> > > >>will allocate same  external IP:ports.
> > > >>
> > > >> 3 - I guess it is assumed that if PCP Server is co-located with
> > NAT,
> > > >>if
> > > >>x1 fails,
> > > >> traffic (PCP and data) will be diverted to y1.
> > > >
> > > >Unclear which model you're referring to (different external IP:port
> > or
> > > >same external IP:port), can you clarify your question?
> > >
> > > The app needs one external IP:port to announce on the external world
> > > through, say, DynDDNS client. Why it would need three _different_?
> > > If
> > it
> > > needs them, fine, not sure about use case. But if it gets 3 as a
> > collateral effect
> > > of the bootstrap procedure there is no way to guarantee they will be
> > the
> > > same.
> >
> > Answered above.
> >
> > -Dave
> >
> > > >> 4 - Related (2). The draft says that when a PCP Server is
> > unreachable
> > > >>(say, y1)  PCP Client will continue to try to communicate even
> > though
> > > >>other PCP Server  are available.  The only way to 'communicate' is
> > > >>sending a request, which  might create state. So, when y1 is back
> > up.
> > > >>y1 might allocate a different  external IP:port than other server.
> > > >>
> > > >> Thanks,
> > > >>
> > > >> Reinaldo
> >
> >
>

v2.23.0 | Report a Bug | By Email