Re: [savi] Some findings in the darft-ietf-savi-dhcp-20
"Guang Yao" <yaoguang@cernet.edu.cn> Mon, 31 March 2014 09:33 UTC
Return-Path: <yaoguang@cernet.edu.cn>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF92D1A0901 for <savi@ietfa.amsl.com>; Mon, 31 Mar 2014 02:33:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.39
X-Spam-Level: *
X-Spam-Status: No, score=1.39 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_15=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OW27qu4FLRV4 for <savi@ietfa.amsl.com>; Mon, 31 Mar 2014 02:33:17 -0700 (PDT)
Received: from cernet.edu.cn (cernet.edu.cn [202.112.39.2]) by ietfa.amsl.com (Postfix) with ESMTP id DBBFA1A07A1 for <savi@ietf.org>; Mon, 31 Mar 2014 02:33:16 -0700 (PDT)
Received: from AndrewYaoPC (unknown [166.111.132.217]) by centos (Coremail) with SMTP id AQAAf3BbWQJQNjlTarUbAA--.800S2; Mon, 31 Mar 2014 17:33:04 +0800 (CST)
From: Guang Yao <yaoguang@cernet.edu.cn>
To: 'Leaf Yeh' <leaf.yeh.sdo@gmail.com>, 'Jun Bi' <junbi@cernet.edu.cn>, 'Jun Bi' <junbi@tsinghua.edu.cn>
References: <53345a28.e15f440a.76a1.430a@mx.google.com>
In-Reply-To: <53345a28.e15f440a.76a1.430a@mx.google.com>
Date: Mon, 31 Mar 2014 17:33:05 +0800
Message-ID: <000c01cf4cc4$382c92e0$a885b8a0$@cernet.edu.cn>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_000D_01CF4D07.46513270"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHXgVSJEKldWHfW8Xp2lGM95er5l5rqg3LA
Content-Language: zh-cn
X-CM-TRANSID: AQAAf3BbWQJQNjlTarUbAA--.800S2
X-Coremail-Antispam: 1UD129KBjvAXoWfWr43uFyUKry3AFW8GFWDXFb_yoW8uF4fJo Z3uw4rA3Z7tr47GFZ5KFykGayDGFW09F17Jr1UGr15Gas2qayaqw4UGanrWF98JrW5Krsr X34fXas8Kr1qvF95n29KB7ZKAUJUUUU8529EdanIXcx71UUUUU7v73VFW2AGmfu7bjvjm3 AaLaJ3UjIYCTnIWjp_UUUY77AC8VAFwI0_Jr0_Gr1l1xkIjI8I6I8E6xAIw20EY4v20xva j40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28EF7xvwVC0I7IYx2IY67 AKxVWUCVW8JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIE 14v26r4UJVWxJr1l84ACjcxK6I8E87Iv6xkF7I0E14v26F4UJVW0owAa7VASzI0EjI02j7 AqF2xKxVCjxxvEa2IrM2AIxVAIcxkEcVAq07x20xvEncxIr21le4C267I2x7xF54xIwI1l 5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7 v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lF7xvr2IYc2Ij64vIr40E4x8a64kEw24lF7I21c0E jII2zVCS5cI20VAGYxC7MxkIecxEwVAFwVW8uwCF04k20xvY0x0EwIxGrwC20s026c02F4 0E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_JF0_Jw1l IxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxV AFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6rWUJVWrZr1UMIIF0xvEx4A2jsIE14v2 6r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_GrUvcSsGvfC2KfnxnUUI43ZEXa7VU8 nL05UUUUU==
X-CM-SenderInfo: 51drw3xdqjquphuqv3oohg3hdfq/
Archived-At: http://mailarchive.ietf.org/arch/msg/savi/-QsasmveL2m9FeaCaXuA7nNprjo
X-Mailman-Approved-At: Mon, 31 Mar 2014 08:07:21 -0700
Cc: savi@ietf.org, 'Ted Lemon' <ted.lemon@nominum.com>
Subject: Re: [savi] Some findings in the darft-ietf-savi-dhcp-20
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi/>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2014 09:33:22 -0000
Dear Leaf,
Thank you very much for your comments!
Your comments are very important and valuable. We have revised the doc accordingly and submitted a new version. The responses are both at the behind of this mail and in the attachment.
If you have any more comments, please let us know.
Best regards,
Guang
1. In the 1st paragraph of Page 11,
<quote>
For example, in Figure 1, the attachment from the Non-SAVI Device 1 to the SAVI Device B should be configured with no attribute.
</quote>
But in Fig.1, Non-SAVI Device 1 is not directly connected to SAVI Device B. I suppose the draft really means ‘SAVI Device C’ here.
***
R1:
Thank you very much!
We have made some modifications to the scenario diagram. It seems a part of the text is not updated accordingly. We have modified such sentences, including the following one.
2. In the last paragraph of page 11,
<quote>
In Figure 1, the attachment from the DHCP Relay to the SAVI Device B, and the attachment from the DHCP Server B to the SAVI Device B should be configured with this attribute.
</quote> (for DHCP-Trust Attribute)
But in Fig.1, DHCP Relay is not directly connected to SAVI Device B. I suppose the draft really means ‘SAVI Device A’ here.
***
R2.1:
Thanks. We have revised the sentence.
As to Fig.1, question for clarification : It sounds to set up a filter (as the requirement of DHCP-Trust Attribute) inside the SAVI-perimeter. I guess if the Relay or Server B is directly connected to SAVI Device and outside the SAVI-perimeter, we still need to set up DHCP-Trust Attribute for the port of SAVI Device A and B, right? If yes, does it means the Fig.1 can let the Relay or Server B outside the SAVI-perimeter?
R2.2:
Thank you for this comment.
Indeed, there is no problem if letting the Relay or Server B outside the perimeter. In fact, in the ealier versions, they are outside the perimeter.
However, in recent versions, we decide to include them into the perimeter. On one hand, it is used to distinguish the DHCP server A(which is outside the perimeter) and the DHCP server B/Relay. On the other hand, we think the perimeter should be used to separating the trusted area and the untrusted area. The Relay and Server B should be trusted, and they are actually the sources of trust.
Besides, to confirm with other solutions, perimeter is the place to perform data packet filtering. Thus, only the attach points with validating attribute are on the perimeter.
3. Question of clarification on the text in the 3rd paragraph of section 4.3.1,
<quote>
In this case, SAVI device B doesn’t create a binding for client A. SAVI device A doesn’t create a binding for client B. But the SAVI device B is still protected from spoofing from client A and the SAVI device A is still protected from spoofing from client B.
</quote>
What does “SAVI device B is still protected from spoofing from client A” exactly mean? How can SAVI device B protects from spoofing from client A? It sounds a little confused.
R3:
Thank you for this comment.
It means, "SAVI device B can avoid receiving spoofing traffic from client A.".
4. Question of clarification on the text in section 4.3.2,
<quote>
(6) Optional: configure filters on the upstream links to filter out
spoofing of local addresses from other networks.
</quote>
Per the definition of ‘Upstream link’ and ‘Downstream link’ in section 3, upstream is for other network (with gateway router), downstream is for local network. I guess the text here might mean ‘filter out spoofing of source addresses from other networks.’
R4:
Thank you for this comment.
We cannot prevent other networks from spoofing each other. Thus, we can just requre local addresses (addresses assigned to local network) will not be spoofed by the other networks.
5. Question of clarification on the text in the last paragraph of section 4.3.2,
<quote>
In this way, the points of attachments with Validating attribute (and
generally together with attachments of upstream devices) on SAVI
devices can form a perimeter separating DHCP clients and trusted
devices.
</quote>
The above sentence sounds SAVI devices always form perimeter for upstream devices. But in general thinking, we always trust devices in the upstream network. In Fig.1, we should not configure ‘DHCP-Trust attribute’ on the port of SAVI Device C for the Server A through Non-SAVI Device 1, which might means the Client A and Client B can’t get address assignment from Server A of the upstream network. Does the above sounds a little confused?
R5:
Thank you for this comment.
This problem is discussed in section4.3.3 P3.
We should not trust devices in the upstream network by default unless some other securty mechanisms are enforced. Client A and Client B can get address assignment from Server A indirectly from the Relay.
6. Question of clarification on the text in the last paragraph of section 4.3.2,
<quote>
DHCP-Trust attribute is only configured on the inside links of the perimeter.
</quote>
The above sentence sounds, even in the SAVI-perimeter, we still need set up filter for some devices, including relay and server. It sounds we couldn’t trust the relay and server in the SAVI-perimeter; and after we configure the DHCP-Trust attribute on the port of the SAVI-device which connect the relay or server, we start to trust them. But in general thinking, we always trust devices in the perimeter, and we don’t need additional SAVI-device to connect some kind of device in the perimeter. Does the above sounds a little confused?
R6:
Thank you for this comment.
Maybe this comment has been responed by R2.2?
7. Question of clarification on table 3 of BST in section 5:
<quote>
+---------+----------+----------+-----------+-------+
| Anchor | Address | State | Lifetime |TID |
+---------+----------+----------+-----------+-------+
| A | IP_1 | BOUND | 65535 |TID_1 |
+---------+----------+----------+-----------+-------+
| A | IP_2 | BOUND | 10000 |TID_2 |
+---------+----------+----------+-----------+-------+
| B | IP_3 |INIT_BIND | 1 |TID_3 |
+---------+----------+----------+-----------+-------+
</quote> for Binding State Table
It is not quite sure about ‘A’ and ‘B’ in the column of Anchor stands for. Does ‘A’ stands for the Client A? It must not stand for SAVI-Device A. ☺
Per the definition of ‘Binding anchor’ in section 3, the anchor is the link-layer property of Clients. It sound usually be the port of SAVI-device which connect Client A, right?
R7.1:
Thank you for this comment.
'A' and 'B' do not stand for any element in the diagram. They just denote some anchor of the clients.
On the other hand, I guess the ‘Creation Time’ of the entry looks like a field in this table per the usage described in the section 9. For the reason of consistency, we also have the field of ‘Creation Time’ in the FCFS-SAVI DataBase (i.e. SAVI-SLAAC DB, section 3.1 of RFC6620).
R7.2:
Thank you for this comment.
It is a good suggestion. But I think "Creation Time" is not requried in binding set up and traffic filtering. For the usage in section 9, the system time of the store operation is enough. There is no need to recording the "Creation Time" in binding set up. Besides, adding a new field in the table will introduce too many modifications...
8. In section 6.3,
<quote>
EVE_DHCP_OPTION_RC: A DHCPv6 Solicitation message with Rapid Commit
option is received.
</quote>
I guess looks better than ‘EVE_DHCP_OPTION_RC, though I don’t really like the prefix of ‘EVE_’ here. ☺ The prefix of ‘EVE_’ must stand for Event here, supposed it really means the additional valid check defined in section 6.3.2.
R8:
Thank you for this comment.
We have changed ‘EVE_DHCP_SOLICIT_RC’ to ‘EVE_DHCP_OPTION_RC'. Yes, ‘EVE_’ stands for Event. We need some terms to denote events to be handled.
9. For Section 6.4.1, I think we could replace its title ‘From NO_BIND to Other States’ to be ‘From NO_BIND to INIT_BIND’.
R9:
Thank you for this comment.
Well, we find it is alright to make this modification.
10. In Section 6.4.3.2
<quote>
If the message is DHCPv6 Reply, the SAVI device checks each IA
Address option in each IA option.
</quote>
<quote>
The related binding entry can be determined based on
the address in the IAADDR option in the Leasequery-reply message.
</quote>
I personally like ‘IA Address option’ and ‘IAADDR option’ could written in the same.
R10:
Thank you for this comment.
We have changed them to 'IA Address option'.
11. In Section 7.1,
<quote>
Data packets
without matching binding entry may trigger this process to set up
bindings.
</quote>
<quote>
This process is not intended to set up a binding whenever a data
packet without matched binding entry is received.
</quote>
Does the above 2 sentence sound a little conflict?
R10:
Thank you for this comment.
"Data packets
without matching binding entry _may_ trigger this process to set up
bindings."
We use a "may" to mean this is probable.
12. For Section 7.5.1, I think we could replace its title ‘From NO_BIND to Other States’ to be ‘From NO_BIND to DETECTION’.
R12:
Thank you for this comment.
Well, we find it is alright to make this modification, too.:)
13. In Section 7.5.3.2, about ‘IPv6 address’ on page 32,
<quote>
Send a Neighbor Solicitation message with the target address set
to the IP address in the corresponding entry. The Neighbor
Solicitation is only sent to the attachment which triggers the
binding. If there is no response after DAD_TIMEOUT, send
another Neighbor Solicitation.
</quote>
Could this additional DAD process be added in Fig.13?
R12:
Thank you for this comment. But it is there:
+-------------+
| |
/---------| NO_BIND |<--------\
| ------>| | | TIMEOUT
| | +-------------+ |(2nd LQ_DELAY)
EVE_DATA_UNMATCH | | |
| | |
| | |
***1st DAD_TIMEOUT | | | 1st LQ_DELAY
/------\ | | | /---------\
| | | | EVE_DATA_CONFLICT | | |
| v v | | v |
| +-------------+ TIMEOUT +------------+ |
| | | ***(2nd DAD_TIMEOUT) | | |
\----| DETECTION ------------------------>| RECOVERY ----/
| | | |
+-------------+ +------------+
EVE_DATA_LEASEQUERY|
/----------\ |
EVE_DHCP_RENEW| | |
EVE_DHCP_REBIND| +-----v-------+ |
| | | |
\----| BOUND |<----------/
| |
+-------------+
14. In Section 7.5.3.2, about ‘IPv6 address’ in page 32,
<quote>
If there is only
one identical response, get the source hardware address from the
response. Check if the ’chaddr’ field (hardware address) of the
LEASEQUERY-REPLY message matches the source hardware address.
If the two addresses do not match, the following actions will
not be performed. If there is more than one response, if any of
the source hardware addresses matches the ’chaddr’ field
(hardware address) of the LEASEQUERY-REPLY message, the
following actions are to be performed.
</quote>
If the LEASEQUERY-REPLY message mentioned here is defined in RFC5007, I supposed we can’t find the ’chaddr’ field in this message.
***
R14:
We are sorry this is a careless copy from IPv4 para. LEASEQUERY-REPLY provides no additional information about the link-layer address or physical address of the client. Thus we remove this para.
15. Section 7.6, just after Fig. 12
<quote>
LQ_DELAY: MAX_LEASEQUERY_DELAY
</quote>
This ‘LQ_DELAY’ looks not a note for Fig. 12, but a note for Fig. 13, right? If yes, should it be placed after Fig. 13?
R15:
Thank you for this comment.
It has been done.
16. Section 14.2,
<quote>
[savi-fcfs]
Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFSSAVI:
First-Come First-Serve Source-Address Validation for
Locally Assigned Addresses", RFC 6620, May 2012.
</quote>
I prefer to replace [savi-fcfs] to be [RFC 6620].
R16:
Thank you for this comment.
It has been done.
17. Section 14.2,
<quote>
[savi-framework]
Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed.,
"Source Address Validation Improvement Framework",
draft-ietf-savi-framework-06 (work in progress),
</quote>
I prefer to replace [savi-framework] to be [RFC 7039]. It is not is in the status of ‘work in progress’ any more. ☺
R17:
Thank you for this comment.
It is great!
18. I guess the darft-ietf-savi-dhcp-20 has not support DHCPv6-PD (RFC3633) for SAVI on the delegated prefix by now, right?
R18:
Thank you for this comment.
Actually, DHCPv6-PD is covered in the very early version of this draft. But it is moved to the section 7 of SAVI-Framework.
-----Original Message-----
From: Leaf Yeh [mailto:leaf.yeh.sdo@gmail.com]
Sent: Friday, March 28, 2014 1:05 AM
To: 'Jun Bi'; 'Jun Bi'; yaoguang@cernet.edu.cn
Cc: 'Ted Lemon'; savi@ietf.org
Subject: Some findings in the darft-ietf-savi-dhcp-20
Dear Prof. Bi & authors,
I’ve read the main part of the darft-ietf-savi-dhcp-20, and probably got the following findings:
1. In the 1st paragraph of Page 11,
<quote>
For example, in Figure 1, the attachment from the Non-SAVI Device 1 to the SAVI Device B should be configured with no attribute.
</quote>
But in Fig.1, Non-SAVI Device 1 is not directly connected to SAVI Device B. I suppose the draft really means ‘SAVI Device C’ here.
***
2. In the last paragraph of page 11,
<quote>
In Figure 1, the attachment from the DHCP Relay to the SAVI Device B, and the attachment from the DHCP Server B to the SAVI Device B should be configured with this attribute.
</quote> (for DHCP-Trust Attribute)
But in Fig.1, DHCP Relay is not directly connected to SAVI Device B. I suppose the draft really means ‘SAVI Device A’ here.
***
As to Fig.1, question for clarification : It sounds to set up a filter (as the requirement of DHCP-Trust Attribute) inside the SAVI-perimeter. I guess if the Relay or Server B is directly connected to SAVI Device and outside the SAVI-perimeter, we still need to set up DHCP-Trust Attribute for the port of SAVI Device A and B, right? If yes, does it means the Fig.1 can let the Relay or Server B outside the SAVI-perimeter?
3. Question of clarification on the text in the 3rd paragraph of section 4.3.1, <quote> In this case, SAVI device B doesn’t create a binding for client A. SAVI device A doesn’t create a binding for client B. But the SAVI device B is still protected from spoofing from client A and the SAVI device A is still protected from spoofing from client B.
</quote>
What does “SAVI device B is still protected from spoofing from client A” exactly mean? How can SAVI device B protects from spoofing from client A? It sounds a little confused.
4. Question of clarification on the text in section 4.3.2, <quote>
(6) Optional: configure filters on the upstream links to filter out spoofing of local addresses from other networks.
</quote>
Per the definition of ‘Upstream link’ and ‘Downstream link’ in section 3, upstream is for other network (with gateway router), downstream is for local network. I guess the text here might mean ‘filter out spoofing of source addresses from other networks.’
5. Question of clarification on the text in the last paragraph of section 4.3.2, <quote> In this way, the points of attachments with Validating attribute (and generally together with attachments of upstream devices) on SAVI devices can form a perimeter separating DHCP clients and trusted devices.
</quote>
The above sentence sounds SAVI devices always form perimeter for upstream devices. But in general thinking, we always trust devices in the upstream network. In Fig.1, we should not configure ‘DHCP-Trust attribute’ on the port of SAVI Device C for the Server A through Non-SAVI Device 1, which might means the Client A and Client B can’t get address assignment from Server A of the upstream network. Does the above sounds a little confused?
6. Question of clarification on the text in the last paragraph of section 4.3.2, <quote> DHCP-Trust attribute is only configured on the inside links of the perimeter.
</quote>
The above sentence sounds, even in the SAVI-perimeter, we still need set up filter for some devices, including relay and server. It sounds we couldn’t trust the relay and server in the SAVI-perimeter; and after we configure the DHCP-Trust attribute on the port of the SAVI-device which connect the relay or server, we start to trust them. But in general thinking, we always trust devices in the perimeter, and we don’t need additional SAVI-device to connect some kind of device in the perimeter. Does the above sounds a little confused?
7. Question of clarification on table 3 of BST in section 5:
<quote>
+---------+----------+----------+-----------+-------+
| Anchor | Address | State | Lifetime |TID |
+---------+----------+----------+-----------+-------+
| A | IP_1 | BOUND | 65535 |TID_1 |
+---------+----------+----------+-----------+-------+
| A | IP_2 | BOUND | 10000 |TID_2 |
+---------+----------+----------+-----------+-------+
| B | IP_3 |INIT_BIND | 1 |TID_3 |
+---------+----------+----------+-----------+-------+
</quote> for Binding State Table
It is not quite sure about ‘A’ and ‘B’ in the column of Anchor stands for. Does ‘A’ stands for the Client A? It must not stand for SAVI-Device A. ☺ Per the definition of ‘Binding anchor’ in section 3, the anchor is the link-layer property of Clients. It sound usually be the port of SAVI-device which connect Client A, right?
On the other hand, I guess the ‘Creation Time’ of the entry looks like a field in this table per the usage described in the section 9. For the reason of consistency, we also have the field of ‘Creation Time’ in the FCFS-SAVI DataBase (i.e. SAVI-SLAAC DB, section 3.1 of RFC6620).
8. In section 6.3,
<quote>
EVE_DHCP_OPTION_RC: A DHCPv6 Solicitation message with Rapid Commit option is received.
</quote>
I guess ‘EVE_DHCP_SOLICIT_RC’ looks better than ‘EVE_DHCP_OPTION_RC, though I don’t really like the prefix of ‘EVE_’ here. ☺ The prefix of ‘EVE_’ must stand for Event here, supposed it really means the additional valid check defined in section 6.3.2.
9. For Section 6.4.1, I think we could replace its title ‘From NO_BIND to Other States’ to be ‘From NO_BIND to INIT_BIND’.
10. In Section 6.4.3.2
<quote>
If the message is DHCPv6 Reply, the SAVI device checks each IA Address option in each IA option.
</quote>
<quote>
The related binding entry can be determined based on the address in the IAADDR option in the Leasequery-reply message.
</quote>
I personally like ‘IA Address option’ and ‘IAADDR option’ could written in the same.
11. In Section 7.1,
<quote>
Data packets
without matching binding entry may trigger this process to set up bindings.
</quote>
<quote>
This process is not intended to set up a binding whenever a data packet without matched binding entry is received.
</quote>
Does the above 2 sentence sound a little conflict?
12. For Section 7.5.1, I think we could replace its title ‘From NO_BIND to Other States’ to be ‘From NO_BIND to DETECTION’.
13. In Section 7.5.3.2, about ‘IPv6 address’ on page 32, <quote> Send a Neighbor Solicitation message with the target address set to the IP address in the corresponding entry. The Neighbor Solicitation is only sent to the attachment which triggers the binding. If there is no response after DAD_TIMEOUT, send another Neighbor Solicitation.
</quote>
Could this additional DAD process be added in Fig.13?
14. In Section 7.5.3.2, about ‘IPv6 address’ in page 32, <quote> If there is only one identical response, get the source hardware address from the response. Check if the ’chaddr’ field (hardware address) of the LEASEQUERY-REPLY message matches the source hardware address.
If the two addresses do not match, the following actions will not be performed. If there is more than one response, if any of the source hardware addresses matches the ’chaddr’ field (hardware address) of the LEASEQUERY-REPLY message, the following actions are to be performed.
</quote>
If the LEASEQUERY-REPLY message mentioned here is defined in RFC5007, I supposed we can’t find the ’chaddr’ field in this message.
***
15. Section 7.6, just after Fig. 12
<quote>
LQ_DELAY: MAX_LEASEQUERY_DELAY
</quote>
This ‘LQ_DELAY’ looks not a note for Fig. 12, but a note for Fig. 13, right? If yes, should it be placed after Fig. 13?
16. Section 14.2,
<quote>
[savi-fcfs]
Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFSSAVI:
First-Come First-Serve Source-Address Validation for Locally Assigned Addresses", RFC 6620, May 2012.
</quote>
I prefer to replace [savi-fcfs] to be [RFC 6620].
17. Section 14.2,
<quote>
[savi-framework]
Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., "Source Address Validation Improvement Framework",
draft-ietf-savi-framework-06 (work in progress), </quote>
I prefer to replace [savi-framework] to be [RFC 7039]. It is not is in the status of ‘work in progress’ any more. ☺
18. I guess the darft-ietf-savi-dhcp-20 has not support DHCPv6-PD (RFC3633) for SAVI on the delegated prefix by now, right?
Anyway, I am not yet aware the discussion history in SAVI-WG before; the above might be some additional comments, might be something discussed before. Hope some of the above could be a help for the text in this draft, and I am really looking forwarding to the advance of this draft-ietf-savi-dhcp.
Best Regards,
Leaf
- [savi] Some findings in the darft-ietf-savi-dhcp-… Leaf Yeh
- Re: [savi] Some findings in the darft-ietf-savi-d… Guang Yao
- Re: [savi] Some findings in the darft-ietf-savi-d… Leaf Yeh
- Re: [savi] Some findings in the darft-ietf-savi-d… Guang Yao
- Re: [savi] Some findings in the darft-ietf-savi-d… Leaf Yeh
- Re: [savi] Some findings in the darft-ietf-savi-d… Guang Yao