Re: [pcp] Comments on draft-ietf-pcp-dhcp-03
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 07 August 2012 02:10 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CE5121F84EB for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 19:10:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.399
X-Spam-Level:
X-Spam-Status: No, score=-9.399 tagged_above=-999 required=5 tests=[AWL=-1.200, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, J_CHICKENPOX_15=0.6, J_CHICKENPOX_24=0.6, J_CHICKENPOX_25=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrnGetOm0uQN for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 19:10:19 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 9A84C21F8661 for <pcp@ietf.org>; Mon, 6 Aug 2012 19:10:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=tireddy@cisco.com; l=8403; q=dns/txt; s=iport; t=1344305418; x=1345515018; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=ZH9129EABGKOAysXO/lekAJJJ36lgGz0aPHk7hByFjA=; b=kc7QbToPcmGHZ904frUc5jQ+Gr7GIJzhl6sdH7aYyCLJmFIPEapxzQ2y fEqzjZcclRiqxvAnX4NvzuV91WLADtokJk4wF2ilNuLUcK6HeBpXqhdXZ dUNTvMeVt3mdzdV0V3Yt7P+Z/ych2tIzzhQGb8Y1TbYbHwMsa8bo8EKap g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAJV4IFCtJXHB/2dsb2JhbABFuVGBB4IgAQEBAwESASdEBwQCAQgOAwQBAQEKFAkHMhQJCAIEARIIGodlBgubFaBBi0qGDWADll2NEoFmgl8
X-IronPort-AV: E=Sophos;i="4.77,724,1336348800"; d="scan'208";a="109019059"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-8.cisco.com with ESMTP; 07 Aug 2012 02:10:18 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com [173.36.12.81]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id q772AH6g011205 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 7 Aug 2012 02:10:17 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.216]) by xhc-aln-x07.cisco.com ([173.36.12.81]) with mapi id 14.02.0298.004; Mon, 6 Aug 2012 21:10:17 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Dave Thaler <dthaler@microsoft.com>, "Reinaldo Penno (repenno)" <repenno@cisco.com>, "pcp@ietf.org" <pcp@ietf.org>
Thread-Topic: [pcp] Comments on draft-ietf-pcp-dhcp-03
Thread-Index: AQHNcnNckAHLzaHHt0W3VNgj76hdP5dLnPPQgAJLlQD//64KoA==
Date: Tue, 07 Aug 2012 02:10:17 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A1477DD69@xmb-rcd-x10.cisco.com>
References: <9B57C850BB53634CACEC56EF4853FF653B7380B2@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <CC416268.88D8%repenno@cisco.com> <9B57C850BB53634CACEC56EF4853FF653B73881F@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <913383AAA69FF945B8F946018B75898A1477C15D@xmb-rcd-x10.cisco.com> <9B57C850BB53634CACEC56EF4853FF653B73D410@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <9B57C850BB53634CACEC56EF4853FF653B73D410@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.78.199]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19090.001
x-tm-as-result: No--65.078600-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [pcp] Comments on draft-ietf-pcp-dhcp-03
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 02:10:24 -0000
> A small number of examples might be nice, but I don't think it can ever > be complete, > and so we shouldn't try to enumerate all possible cases. Yes, we need some examples. --Tiru. > -----Original Message----- > From: Dave Thaler [mailto:dthaler@microsoft.com] > Sent: Tuesday, August 07, 2012 7:05 AM > To: Tirumaleswar Reddy (tireddy); Reinaldo Penno (repenno); > pcp@ietf.org > Subject: RE: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > > -----Original Message----- > > From: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > > Sent: Sunday, August 5, 2012 2:46 PM > > To: Dave Thaler; Reinaldo Penno (repenno); pcp@ietf.org > > Subject: RE: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > > > Hi - > > > > I think we need to clarify in the draft when multiple PCP server > names/IP > > addresses will be returned by the DHCP server, for example like > multi-homing > > case. > > A small number of examples might be nice, but I don't think it can ever > be complete, > and so we shouldn't try to enumerate all possible cases. > > > Considering various other cases other than multi-homing > > > > [1]In High Availability mode of NAT/Firewall devices (Active/Passive > Mode), > > PCP client still gets just one IP address. > > > > [2] For example in the draft http://tools.ietf.org/html/draft-rpcw- > pcp-pmipv6- > > serv-discovery-00 where selected traffic is offload at the local > access network. > > Mobile Node is provided only the PCP server address in the Local > Access > > Network and MAG decides if the PCP request will be handled by Home > network > > or Local Access Network. > > > > [3] In Enterprise use case there could be two to three different > possibilities > > > > a)All the traffic from the branches tunneled back to the head office > where > > there is a NAT/Firewall device. > > > > b)Split Tunneling - In this case branch site itself would have > NAT/Firewall to > > handle traffic to Internet. > > How will the DHCP server be populated with the right Firewall/NAT IP > > addresses in this case ? > > > > [4] > > Finally we will also need to solve the problem with just IPv6 (NPTv6, > Firewall) > > where there is no DHCPv6 server. > > From RFC6106 > > "RA-based DNS configuration is a useful alternative in networks where > an IPv6 > > host's address is auto-configured through IPv6 stateless address > auto- > > configuration and where there is either no DHCPv6 infrastructure at > all or > > some hosts do not have a DHCPv6 client" > > I (with no hats) disagree that a no-DHCPv6 server case needs to be > solved by this WG. > > -Dave > > > --Tiru. > > > > > -----Original Message----- > > > From: Dave Thaler [mailto:dthaler@microsoft.com] > > > Sent: Friday, August 03, 2012 2:30 PM > > > To: Reinaldo Penno (repenno); pcp@ietf.org > > > Subject: Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > > > > > Responding on list for benefit of others, although we already > talked > > > in person... > > > > > > > -----Original Message----- > > > > From: Reinaldo Penno (repenno) [mailto:repenno@cisco.com] > > > > Sent: Friday, August 03, 2012 11:18 AM > > > > To: Dave Thaler; pcp@ietf.org > > > > Subject: Re: Comments on draft-ietf-pcp-dhcp-03 > > > > > > > > On 8/3/12 10:53 AM, "Dave Thaler" <dthaler@microsoft.com> wrote: > > > > > > > > >> -----Original Message----- > > > > >> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On > > > > >> Behalf > > > Of > > > > >> Reinaldo Penno (repenno) > > > > >> Sent: Friday, August 03, 2012 10:45 AM > > > > >> To: pcp@ietf.org > > > > >> Subject: [pcp] Comments on draft-ietf-pcp-dhcp-03 > > > > >> > > > > >> After reviewing draft-ietf-pcp-dhcp-03 I believe there are > some > > > > >> things I believe we need to tie up. > > > > > > > > > >I agree. > > > > > > > > > >> When a PCP Client contacts PCP Servers in parallel, say, IPx1, > > > IPy1 > > > > >> and > > > > >> IPz1 as mentioned in draft and all respond then: > > > > >> > > > > >> 1 - What happens to the state in y1 and z1 if PCP Client > chooses > > > x1 > > > > >> to communicate? Probably let it age out or delete mappings. > > > > > > > > > >What do you mean by "chooses x1"? > > > > > > > > That's what we find in section 6.2 > > > > > > Yes but the text is lacking, as this exchange shows. > > > > > > > >if we're talking about MAP (for a > > > > >listening application) do you mean when x, y, and y are all NATs > > > rather > > > > >than FWs, and the client app can only deal with one external IP > > > > >address? > > > > > > > > The draft says as soon as one PCP Server responds successfully it > > > sticks to it. > > > > So, I'm assuming other PCP Server are not contacted further and > > > mappings > > > > will time out or need to be deleted. > > > > > > > > As a side effect why would an app get 3 external IP:ports for the > > > same > > > > purpose and consume three times the state. It seems to me a side > > > effect of > > > > the wording more than something the app really needs. > > > > > > Two reasons (cases): > > > a) there's different networks it's providing the same service on, > e.g. > > > via the Internet and via some other network. > > > b) for failover purposes. For example, if it uses SRV records, > it'd > > > have > > > 3 SRV records. If one NAT goes down, the other end will > > > automatically > > > use a different IP:port pair (which might be via a different > ISP). > > > Otherwise > > > the failover time is capped at the TTL of the SRV record, and we > > > know > > > DNS TTLs below around 30 seconds aren't respected by many DNS > > > servers. > > > So having multiple records provides sub-30-second failover. > > > > > > > >If they're firewalls (so the external IP address/port isn't > > > different), > > > > >or if the client app can deal with multiple external IP/ports, > then > > > I > > > > >don't think it would choose one. > > > > > > > > What's the use case for three? > > > > > > Answered above. Note I'm not saying three is appropriate in all > > > cases. > > > Only that there is a use case, and the choice is up to the client, > > > which is the only entity that knows the use case. > > > > > > > Anyway, this exchange is telling in light of > > > > > > > > "Once the PCP Client has successfully > > > > received a response from a PCP Server on that interface, it > sends > > > > subsequent PCP requests to that same server until that PCP > Server > > > > becomes non-responsive," > > > > > > > > > > > > > >> 2 - If there is a failure on x1 and PCP Client decides to > > > communicate > > > > >>with y1, there might be some 'leftover' mappings for internal > > > IP:port > > > > >>(see 1). > > > > >> PCP Client will need to delete or reuse existing state in y1. > > > > >>Important to notice that there is no way to guarantee that PCP > > > Server > > > > >>will allocate same external IP:ports. > > > > >> > > > > >> 3 - I guess it is assumed that if PCP Server is co-located > with > > > NAT, > > > > >>if > > > > >>x1 fails, > > > > >> traffic (PCP and data) will be diverted to y1. > > > > > > > > > >Unclear which model you're referring to (different external > IP:port > > > or > > > > >same external IP:port), can you clarify your question? > > > > > > > > The app needs one external IP:port to announce on the external > world > > > > through, say, DynDDNS client. Why it would need three > _different_? > > > > If > > > it > > > > needs them, fine, not sure about use case. But if it gets 3 as a > > > collateral effect > > > > of the bootstrap procedure there is no way to guarantee they will > be > > > the > > > > same. > > > > > > Answered above. > > > > > > -Dave > > > > > > > >> 4 - Related (2). The draft says that when a PCP Server is > > > unreachable > > > > >>(say, y1) PCP Client will continue to try to communicate even > > > though > > > > >>other PCP Server are available. The only way to 'communicate' > is > > > > >>sending a request, which might create state. So, when y1 is > back > > > up. > > > > >>y1 might allocate a different external IP:port than other > server. > > > > >> > > > > >> Thanks, > > > > >> > > > > >> Reinaldo > > > > > > > > >
- [pcp] Comments on draft-ietf-pcp-dhcp-03 Reinaldo Penno (repenno)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Reinaldo Penno (repenno)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-dhcp-03 Tirumaleswar Reddy (tireddy)