Re: [pcp] Comments on draft-ietf-pcp-dhcp-03
Dave Thaler <dthaler@microsoft.com> Tue, 07 August 2012 01:34 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0789321F8691 for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 18:34:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.496
X-Spam-Level:
X-Spam-Status: No, score=-102.496 tagged_above=-999 required=5 tests=[AWL=-1.297, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, J_CHICKENPOX_15=0.6, J_CHICKENPOX_24=0.6, J_CHICKENPOX_25=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SXWBjjFvkvj for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 18:34:44 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id D67F121F867F for <pcp@ietf.org>; Mon, 6 Aug 2012 18:34:43 -0700 (PDT)
Received: from mail56-ch1-R.bigfish.com (10.43.68.235) by CH1EHSOBE014.bigfish.com (10.43.70.64) with Microsoft SMTP Server id 14.1.225.23; Tue, 7 Aug 2012 01:34:42 +0000
Received: from mail56-ch1 (localhost [127.0.0.1]) by mail56-ch1-R.bigfish.com (Postfix) with ESMTP id AF14A3002C5; Tue, 7 Aug 2012 01:34:42 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -31
X-BigFish: VS-31(zzbb2dI98dI9371I146fI542M1432I4015Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail56-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dthaler@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail56-ch1 (localhost.localdomain [127.0.0.1]) by mail56-ch1 (MessageSwitch) id 134430328128187_13122; Tue, 7 Aug 2012 01:34:41 +0000 (UTC)
Received: from CH1EHSMHS005.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.252]) by mail56-ch1.bigfish.com (Postfix) with ESMTP id 0501A3800F8; Tue, 7 Aug 2012 01:34:41 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS005.bigfish.com (10.43.70.5) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 7 Aug 2012 01:34:40 +0000
Received: from TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com (157.54.24.14) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.2.309.3; Tue, 7 Aug 2012 01:34:39 +0000
Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com (157.54.24.14) with Microsoft SMTP Server (TLS) id 14.2.309.3; Mon, 6 Aug 2012 18:34:39 -0700
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.170]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi id 14.02.0309.003; Mon, 6 Aug 2012 18:34:39 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, "Reinaldo Penno (repenno)" <repenno@cisco.com>, "pcp@ietf.org" <pcp@ietf.org>
Thread-Topic: [pcp] Comments on draft-ietf-pcp-dhcp-03
Thread-Index: AQHNcZ+sIMSFRn6eBkOpyqHfeftPVJdIXN9Q///nFoCAAERGIIADsTUAgAFcHhA=
Date: Tue, 07 Aug 2012 01:34:38 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B73D410@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
References: <9B57C850BB53634CACEC56EF4853FF653B7380B2@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <CC416268.88D8%repenno@cisco.com> <9B57C850BB53634CACEC56EF4853FF653B73881F@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <913383AAA69FF945B8F946018B75898A1477C15D@xmb-rcd-x10.cisco.com>
In-Reply-To: <913383AAA69FF945B8F946018B75898A1477C15D@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.90]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [pcp] Comments on draft-ietf-pcp-dhcp-03
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 01:34:45 -0000
> -----Original Message----- > From: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > Sent: Sunday, August 5, 2012 2:46 PM > To: Dave Thaler; Reinaldo Penno (repenno); pcp@ietf.org > Subject: RE: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > Hi - > > I think we need to clarify in the draft when multiple PCP server names/IP > addresses will be returned by the DHCP server, for example like multi-homing > case. A small number of examples might be nice, but I don't think it can ever be complete, and so we shouldn't try to enumerate all possible cases. > Considering various other cases other than multi-homing > > [1]In High Availability mode of NAT/Firewall devices (Active/Passive Mode), > PCP client still gets just one IP address. > > [2] For example in the draft http://tools.ietf.org/html/draft-rpcw-pcp-pmipv6- > serv-discovery-00 where selected traffic is offload at the local access network. > Mobile Node is provided only the PCP server address in the Local Access > Network and MAG decides if the PCP request will be handled by Home network > or Local Access Network. > > [3] In Enterprise use case there could be two to three different possibilities > > a)All the traffic from the branches tunneled back to the head office where > there is a NAT/Firewall device. > > b)Split Tunneling - In this case branch site itself would have NAT/Firewall to > handle traffic to Internet. > How will the DHCP server be populated with the right Firewall/NAT IP > addresses in this case ? > > [4] > Finally we will also need to solve the problem with just IPv6 (NPTv6, Firewall) > where there is no DHCPv6 server. > From RFC6106 > "RA-based DNS configuration is a useful alternative in networks where an IPv6 > host's address is auto-configured through IPv6 stateless address auto- > configuration and where there is either no DHCPv6 infrastructure at all or > some hosts do not have a DHCPv6 client" I (with no hats) disagree that a no-DHCPv6 server case needs to be solved by this WG. -Dave > --Tiru. > > > -----Original Message----- > > From: Dave Thaler [mailto:dthaler@microsoft.com] > > Sent: Friday, August 03, 2012 2:30 PM > > To: Reinaldo Penno (repenno); pcp@ietf.org > > Subject: Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > > > Responding on list for benefit of others, although we already talked > > in person... > > > > > -----Original Message----- > > > From: Reinaldo Penno (repenno) [mailto:repenno@cisco.com] > > > Sent: Friday, August 03, 2012 11:18 AM > > > To: Dave Thaler; pcp@ietf.org > > > Subject: Re: Comments on draft-ietf-pcp-dhcp-03 > > > > > > On 8/3/12 10:53 AM, "Dave Thaler" <dthaler@microsoft.com> wrote: > > > > > > >> -----Original Message----- > > > >> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On > > > >> Behalf > > Of > > > >> Reinaldo Penno (repenno) > > > >> Sent: Friday, August 03, 2012 10:45 AM > > > >> To: pcp@ietf.org > > > >> Subject: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > > >> > > > >> After reviewing draft-ietf-pcp-dhcp-03 I believe there are some > > > >> things I believe we need to tie up. > > > > > > > >I agree. > > > > > > > >> When a PCP Client contacts PCP Servers in parallel, say, IPx1, > > IPy1 > > > >> and > > > >> IPz1 as mentioned in draft and all respond then: > > > >> > > > >> 1 - What happens to the state in y1 and z1 if PCP Client chooses > > x1 > > > >> to communicate? Probably let it age out or delete mappings. > > > > > > > >What do you mean by "chooses x1"? > > > > > > That's what we find in section 6.2 > > > > Yes but the text is lacking, as this exchange shows. > > > > > >if we're talking about MAP (for a > > > >listening application) do you mean when x, y, and y are all NATs > > rather > > > >than FWs, and the client app can only deal with one external IP > > > >address? > > > > > > The draft says as soon as one PCP Server responds successfully it > > sticks to it. > > > So, I'm assuming other PCP Server are not contacted further and > > mappings > > > will time out or need to be deleted. > > > > > > As a side effect why would an app get 3 external IP:ports for the > > same > > > purpose and consume three times the state. It seems to me a side > > effect of > > > the wording more than something the app really needs. > > > > Two reasons (cases): > > a) there's different networks it's providing the same service on, e.g. > > via the Internet and via some other network. > > b) for failover purposes. For example, if it uses SRV records, it'd > > have > > 3 SRV records. If one NAT goes down, the other end will > > automatically > > use a different IP:port pair (which might be via a different ISP). > > Otherwise > > the failover time is capped at the TTL of the SRV record, and we > > know > > DNS TTLs below around 30 seconds aren't respected by many DNS > > servers. > > So having multiple records provides sub-30-second failover. > > > > > >If they're firewalls (so the external IP address/port isn't > > different), > > > >or if the client app can deal with multiple external IP/ports, then > > I > > > >don't think it would choose one. > > > > > > What's the use case for three? > > > > Answered above. Note I'm not saying three is appropriate in all > > cases. > > Only that there is a use case, and the choice is up to the client, > > which is the only entity that knows the use case. > > > > > Anyway, this exchange is telling in light of > > > > > > "Once the PCP Client has successfully > > > received a response from a PCP Server on that interface, it sends > > > subsequent PCP requests to that same server until that PCP Server > > > becomes non-responsive," > > > > > > > > > > >> 2 - If there is a failure on x1 and PCP Client decides to > > communicate > > > >>with y1, there might be some 'leftover' mappings for internal > > IP:port > > > >>(see 1). > > > >> PCP Client will need to delete or reuse existing state in y1. > > > >>Important to notice that there is no way to guarantee that PCP > > Server > > > >>will allocate same external IP:ports. > > > >> > > > >> 3 - I guess it is assumed that if PCP Server is co-located with > > NAT, > > > >>if > > > >>x1 fails, > > > >> traffic (PCP and data) will be diverted to y1. > > > > > > > >Unclear which model you're referring to (different external IP:port > > or > > > >same external IP:port), can you clarify your question? > > > > > > The app needs one external IP:port to announce on the external world > > > through, say, DynDDNS client. Why it would need three _different_? > > > If > > it > > > needs them, fine, not sure about use case. But if it gets 3 as a > > collateral effect > > > of the bootstrap procedure there is no way to guarantee they will be > > the > > > same. > > > > Answered above. > > > > -Dave > > > > > >> 4 - Related (2). The draft says that when a PCP Server is > > unreachable > > > >>(say, y1) PCP Client will continue to try to communicate even > > though > > > >>other PCP Server are available. The only way to 'communicate' is > > > >>sending a request, which might create state. So, when y1 is back > > up. > > > >>y1 might allocate a different external IP:port than other server. > > > >> > > > >> Thanks, > > > >> > > > >> Reinaldo > > > > >
- [pcp] Comments on draft-ietf-pcp-dhcp-03 Reinaldo Penno (repenno)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Reinaldo Penno (repenno)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Tirumaleswar Reddy (tireddy)