Re: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt
"Guang Yao" <yaoguang@cernet.edu.cn> Tue, 01 April 2014 07:28 UTC
Return-Path: <yaoguang@cernet.edu.cn>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F099F1A6FF4 for <savi@ietfa.amsl.com>; Tue, 1 Apr 2014 00:28:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZkP4LAaJfcZ for <savi@ietfa.amsl.com>; Tue, 1 Apr 2014 00:28:01 -0700 (PDT)
Received: from cernet.edu.cn (mail.cernet.edu.cn [202.112.39.2]) by ietfa.amsl.com (Postfix) with ESMTP id 664831A07CA for <savi@ietf.org>; Tue, 1 Apr 2014 00:28:00 -0700 (PDT)
Received: from AndrewYaoPC (unknown [166.111.132.217]) by centos (Coremail) with SMTP id AQAAf3C7FQRyajpThfEbAA--.2482S2; Tue, 01 Apr 2014 15:27:46 +0800 (CST)
From: Guang Yao <yaoguang@cernet.edu.cn>
To: 'Leaf Yeh' <leaf.yeh.sdo@gmail.com>
References: <20140331054839.12951.1562.idtracker@ietfa.amsl.com> <533a1b73.0382440a.6009.ffffb32a@mx.google.com>
In-Reply-To: <533a1b73.0382440a.6009.ffffb32a@mx.google.com>
Date: Tue, 01 Apr 2014 15:27:47 +0800
Message-ID: <000501cf4d7b$e18af450$a4a0dcf0$@cernet.edu.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQH2W92cm8JJdKosbkMcCGTh4OHxCgI61sxxmpxn5CA=
Content-Language: zh-cn
X-CM-TRANSID: AQAAf3C7FQRyajpThfEbAA--.2482S2
X-Coremail-Antispam: 1UD129KBjvJXoWxur4furyxAw47Kw1ktw1UWrg_yoWrtw1Upa yftrW7Kw1Dt3WxG397u340vryku3y3XFW7AF15Gr17A398Cas5trWFy3y5A347Xr95G3WI qrZ0934Dt393X3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUyG14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84ACjcxK6xIIjxv20xvE14 v26r4j6ryUM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j6F4UM28EF7xvwVC2z280aVAF wI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Cr1j6rxdM2AIxVAIcxkEcVAq07 x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18 McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr4 1lF7xvr2IYc2Ij64vIr40E4x8a64kEw24lF7I21c0EjII2zVCS5cI20VAGYxC7MxkIecxE wVAFwVW8CwCF04k20xvY0x0EwIxGrwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4 vE14v26r106r1rMI8E67AF67kF1VAFwI0_JF0_Jw1lIxkGc2Ij64vIr41lIxAIcVC0I7IY x2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26c xKx2IYs7xG6rWUJVWrZr1UMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7Cj xVAFwI0_Jr0_GrUvcSsGvfC2KfnxnUUI43ZEXa7VUUiiSPUUUUU==
X-CM-SenderInfo: 51drw3xdqjquphuqv3oohg3hdfq/
Archived-At: http://mailarchive.ietf.org/arch/msg/savi/BpDe_uSNJOCjfnt0AvuNDsYzgJs
X-Mailman-Approved-At: Tue, 01 Apr 2014 08:25:05 -0700
Cc: savi@ietf.org, 'Ted Lemon' <ted.lemon@nominum.com>
Subject: Re: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi/>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2014 07:28:04 -0000
Hi Leaf, Thank you very much for these comments! The replies are as follows. 1. Q19. I am not sure the reason why there is a new link between SAVI Device C to SAVI Device B in Fig.1. The relation between the SAVI Device A and the SAVI Device B looks more like the case described in the Fig.1 of SAVI arch. (RFC7039). R19: We found there is no direct link between SAVI devices, thus we add a new link to illustrate this situation. 2. Q20. As to DHCP-Trust Attribute, in section 4.2.2, <quote> The "DHCP-Trust Attribute" indicates the DHCP Server-Client messages from the corresponding attachment is trustable. ... </quote> , in section 4.3.2 <quote> (5) Configure DHCP-Trust attribute on the direct attachments of trusted DHCP relays/servers. ... DHCP-Trust attribute is only configured on the inside links of the perimeter. Only DHCP server-client messages originated in the perimeter is trusted. </quote> When the port of SAVI-switch connected to the trusted DHCP relays/servers (in the SAVI-perimeter) is configured DHCP-Trust attribute, how about the data packet forwarding when it is received on this port? I guess the switch will forward the packet as the normal without checking, right? May you need a statement on this case in section 8.1? R20: Thank you for this comment. Since DHCP relay and server are only supposed to send DHCP messages, data packets are not expected from them. If they also send data packet, their roles are changed. How to process the data packet depends on the the role which sends the data packet. We will specify this point in the revision. -----Original Message----- From: Leaf Yeh [mailto:leaf.yeh.sdo@gmail.com] Sent: Tuesday, April 01, 2014 9:51 AM To: 'Guang Yao' Cc: savi@ietf.org; 'Jun Bi'; 'Ted Lemon' Subject: RE: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt Hi Guang, Q19. I am not sure the reason why there is a new link between SAVI Device C to SAVI Device B in Fig.1. The relation between the SAVI Device A and the SAVI Device B looks more like the case described in the Fig.1 of SAVI arch. (RFC7039). Q20. As to DHCP-Trust Attribute, in section 4.2.2, <quote> The "DHCP-Trust Attribute" indicates the DHCP Server-Client messages from the corresponding attachment is trustable. ... </quote> , in section 4.3.2 <quote> (5) Configure DHCP-Trust attribute on the direct attachments of trusted DHCP relays/servers. ... DHCP-Trust attribute is only configured on the inside links of the perimeter. Only DHCP server-client messages originated in the perimeter is trusted. </quote> When the port of SAVI-switch connected to the trusted DHCP relays/servers (in the SAVI-perimeter) is configured DHCP-Trust attribute, how about the data packet forwarding when it is received on this port? I guess the switch will forward the packet as the normal without checking, right? May you need a statement on this case in section 8.1? Best Regards, Leaf -----Original Message----- From: savi [mailto:savi-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Monday, March 31, 2014 1:49 PM To: i-d-announce@ietf.org Cc: savi@ietf.org Subject: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Source Address Validation Improvements Working Group of the IETF. Title : SAVI Solution for DHCP Authors : Jun Bi Jianping Wu Guang Yao Fred Baker Filename : draft-ietf-savi-dhcp-21.txt Pages : 43 Date : 2014-03-30 Abstract: This document specifies the procedure for creating a binding between a DHCPv4/DHCPv6 assigned IP address and a binding anchor on a SAVI (Source Address Validation Improvements) device. The bindings set up by this procedure can be used to filter out packets with forged source IP address in DHCP scenario. This mechanism is proposed as a complement to ingress filtering to provide finer-grained source IP address validation. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-savi-dhcp/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-savi-dhcp-21 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-savi-dhcp-21 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ savi mailing list savi@ietf.org https://www.ietf.org/mailman/listinfo/savi
- Re: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt Leaf Yeh
- [savi] I-D Action: draft-ietf-savi-dhcp-21.txt internet-drafts
- Re: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt Leaf Yeh
- Re: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt Guang Yao
- Re: [savi] I-D Action: draft-ietf-savi-dhcp-21.txt Guang Yao