IETF Logo Mail Archive

[pcp] draft-ietf-pcp-dhcp: multiple pcp servers

<mohamed.boucadair@orange.com> Tue, 13 August 2013 06:26 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E41E521E80C4 for <pcp@ietfa.amsl.com>; Mon, 12 Aug 2013 23:26:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.948
X-Spam-Level:
X-Spam-Status: No, score=-1.948 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HELO_EQ_FR=0.35, J_CHICKENPOX_43=0.6, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nveD0Yn0kfKD for <pcp@ietfa.amsl.com>; Mon, 12 Aug 2013 23:26:23 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id 92EC821E80BB for <pcp@ietf.org>; Mon, 12 Aug 2013 23:26:23 -0700 (PDT)
Received: from omfedm06.si.francetelecom.fr (unknown [xx.xx.xx.2]) by omfedm09.si.francetelecom.fr (ESMTP service) with ESMTP id 8B60A2DC343 for <pcp@ietf.org>; Tue, 13 Aug 2013 08:26:22 +0200 (CEST)
Received: from PUEXCH81.nanterre.francetelecom.fr (unknown [10.101.44.34]) by omfedm06.si.francetelecom.fr (ESMTP service) with ESMTP id 730E127C05B for <pcp@ietf.org>; Tue, 13 Aug 2013 08:26:22 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.12]) by PUEXCH81.nanterre.francetelecom.fr ([10.101.44.34]) with mapi; Tue, 13 Aug 2013 08:26:22 +0200
From: mohamed.boucadair@orange.com
To: "pcp@ietf.org" <pcp@ietf.org>
Date: Tue, 13 Aug 2013 08:26:20 +0200
Thread-Topic: draft-ietf-pcp-dhcp: multiple pcp servers
Thread-Index: Ac6X7gQ2XmMDKA+0QwG2szzsANBXzQ==
Message-ID: <94C682931C08B048B7A8645303FDC9F36EEC7E9894@PUEXCB1B.nanterre.francetelecom.fr>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.8.13.54217
Subject: [pcp] draft-ietf-pcp-dhcp: multiple pcp servers
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 06:26:28 -0000

Dear all,

The design of the DHCP PCP option (http://tools.ietf.org/html/draft-ietf-pcp-dhcp-08) assumes:
(1) multiple pcp servers may be received from the same DHCP server.
(2) one pcp server may be reachable with multiple IP addresses. 
(3) when multiple pcp servers are returned, the pcp client will need to contact all these servers.  
(4) It is up to an administrative entity to return one or multiple pcp servers. No restriction is made by design.

FWIW, this design was in the draft since -02.

Dave is echo'ing a comment which objects this design and advocates for restricting the design to return only one pcp server and it is up to the administrative entity to sync the state in all enabled PCP servers. IMO, this objection is not technically sound, at least for the following reasons:

(1) The protocol cannot discover in one single request all external IP addresses and port numbers. Imagine the case where a NPTv6 and NAT64 boxes are deployed. The PCP client has no means to learn with one single request to a single PCP server both the external IPv4 address (assigned by the NAT64 device) and the external IPv6 address assigned by the NPTv6 box. The same issue is encountered when multiple NAT configured with distinct pool are in place. 
  
(2) A host connected to a multi-homed domain, in which FW are located at the border router in front of each adjacent domain, will need to open pinholes in these FW if it want to receive incoming traffic from a remote peer. 

(3) The protocol does not specify how state synchronization is to be achieved between several PCP servers. The task is even complex when these pcp servers are controlling functions of distinct types (e.g., NAT44, FW, NAT64, Port Range Router, etc.). Other issues are raised (see to the pcp-server-selection thread)

(4) Mandating one and only one pcp server is to be returned is really deployment-specific. This assumption will induce a lot of complexity at the network side

For those who are objecting the design as currently documented in -07, it is time to raise your concern (preferably with the technical arguments that motivate your point). If no technical argument is made, the current design will be maintained as it is. 

Cheers,
Med

-----Message d'origine-----
De : BOUCADAIR Mohamed OLNC/OLN 
Envoyé : lundi 12 août 2013 07:56
À : 'Dave Thaler'; Ted Lemon
Cc : Reinaldo Penno (repenno) (repenno@cisco.com); Dan Wing (dwing@cisco.com)
Objet : RE: PCP DHCP I-D: your feedback is needed

Hi Dave,

I disagree to put the constraint on the network deploying many PCP servers to coordinate state instantiating. This is a deployment specific assumption which is not trivial to honor. 

A domain may deploy various pcp server controlling functions which are not of the same nature, e.g., a domain may deploy:
* one or multiple nat64 provisioned to IPv6-only hosts
* one or multiple nptv6 provisioned to IPv6-only and dual stack hosts
* one or multiple nat44 provisioned to IPv4-only and dual stack hosts
* one or multiple IPv4 fw 
* one or multiple IPv6 fw
* multiple flow-based access routers
* etc.

The design as currently document in the pcp server selection draft (and its dhcp instantiation) does not make any deployment assumption. As such:
* an administrative entity can return one single IP address but instead it must ensure state are installed in other servers.
* an administrative entity can return multiple servers; it is up to the client to contact these servers to install the state. 

This is much more better than constraining the design by non-valid deployment assumptions.

I agree, this should be discussed in the list.

Cheers,
Med

>-----Message d'origine-----
>De : Dave Thaler [mailto:dthaler@microsoft.com]
>Envoyé : mercredi 7 août 2013 19:56
>À : Ted Lemon; BOUCADAIR Mohamed OLNC/OLN
>Cc : Reinaldo Penno (repenno) (repenno@cisco.com); Dan Wing
>(dwing@cisco.com)
>Objet : RE: PCP DHCP I-D: your feedback is needed
>
>I think this thread should move to the main WG mailing list, so Ted if you
>agree,
>please forward/respond on this thread there.
>
>This is related to my comments on draft-ietf-pcp-server-selection-01.txt.
>
>If the app needs semantics of "contact each PCP server" then you need to
>know
>how to distinguish PCP servers.  Now more recently various members of the
>WG (e.g. Stuart) have disputed the notion that an app needs to "contact
>each PCP
>server" and so we do not have consensus that this is required.   Stuart
>proposed
>that it's the PCP server's job to coordinate with any other servers managed
>by
>the same entity (or to steal a term from MIF... within the same
>provisioning domain).
>No one has given a counter argument, and so I said in email we should start
>with that
>assumption.
>
>You do need to distinguish provisioning domains (for reasons discussed in
>MIF that
>apply to PCP like they do to anything else).   So the only remaining
>interesting case
>I think is figure 2 in section A.2 of draft-ietf-pcp-server-selection-
>01.txt where if
>you have a local gateway with a DHCP server (e.g. a home gateway) that's
>multi-homed
>to two external provisioning domains each with their own PCP server(s),
>what do you
>get from DHCP?  I think the best answer here is to make the local gateway
>be a
>PCP proxy, and so DHCP just gives you its address.
>
>In such a solution, I believe there is no need to differentiate between
>multiple
>IPs of the same server vs multiple IPs of different servers.  That is, you
>communicate
>with any one server IP, and you assume that it will take care of making
>sure that
>all servers with any of those IPs get the info.
>
>I believe this then removes any new concepts from DHCP and requires no
>additional support in DHCP servers.
>
>-Dave
>
>> -----Original Message-----
>> From: Ted Lemon [mailto:Ted.Lemon@nominum.com]
>> Sent: Wednesday, August 7, 2013 8:26 AM
>> To: mohamed.boucadair@orange.com
>> Cc: Dave Thaler; Reinaldo Penno (repenno) (repenno@cisco.com); Dan Wing
>> (dwing@cisco.com)
>> Subject: Re: PCP DHCP I-D: your feedback is needed
>>
>> On Aug 7, 2013, at 3:00 AM, mohamed.boucadair@orange.com wrote:
>> > Ok, done.
>>
>> Thanks.
>>
>> Can you explain your motivation for adding new text differentiating
>between
>> multiple IP addresses that refer to the same PCP server, and multiple IP
>> addresses that refer to different PCP servers?   Is this something the
>working
>> group asked to have added to the document?   I think this is a new
>concept in
>> the current document, and of course, it requires special support in the
>DHCP
>> server and DHCP client just for PCP.
>>
>> This is not the only issue with your current set of edits to the
>document, but
>> I'd just like to get clarity on this one issue before proceeding on to
>the next.
>>
>
>

v2.23.0 | Report a Bug | By Email