IETF Logo Mail Archive

Re: [savi] WGLC: draft-ietf-savi-dhcp-22

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 23 April 2014 12:01 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 938061A0353 for <savi@ietfa.amsl.com>; Wed, 23 Apr 2014 05:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.773
X-Spam-Level:
X-Spam-Status: No, score=-14.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYtoK1iahDz6 for <savi@ietfa.amsl.com>; Wed, 23 Apr 2014 05:01:31 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 3D19A1A034A for <savi@ietf.org>; Wed, 23 Apr 2014 05:01:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2946; q=dns/txt; s=iport; t=1398254486; x=1399464086; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NKiD2e+UU7z/RDHv6w/A0BGkflBZ5joVCGaqtJjr8C0=; b=DvC2se1BQL+teQ1waN7RriUO6oPIHByNOlOxHFqpiKOVK5RCRxvvKVsp n7LtTej19pvfkhfrrdO541vvavDZPNENHQx3biVwk6RgoENsIcUMctoeR 0cIvBbt8eOX/dMfhKUkF2a5d6J5AMT+3RN6r6WXFq0wY+pyUNB+TLgWSN 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmUFAEqrV1OtJA2B/2dsb2JhbABZgwZPV7x6hzqBGBZ0giUBAQEDAQEBATc0CwULAgEIDhQUECcLJQIEAQ0FCIgxCA3PIhMEjicxB4MkgRUElQSWRoMxgWsfBRw
X-IronPort-AV: E=Sophos;i="4.97,911,1389744000"; d="scan'208";a="319743631"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-8.cisco.com with ESMTP; 23 Apr 2014 12:01:25 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id s3NC1P9K031693 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 23 Apr 2014 12:01:25 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.229]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.03.0123.003; Wed, 23 Apr 2014 07:01:24 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Ted Lemon <mellon@fugue.com>, "Eric Levy- Abegnoli (elevyabe)" <elevyabe@cisco.com>
Thread-Topic: [savi] WGLC: draft-ietf-savi-dhcp-22
Thread-Index: AQHPXgwtN38N06KZ3k+UXesy9jYewpsd110AgAEwLCA=
Date: Wed, 23 Apr 2014 12:01:24 +0000
Deferred-Delivery: Wed, 23 Apr 2014 12:01:00 +0000
Message-ID: <E045AECD98228444A58C61C200AE1BD842614572@xmb-rcd-x01.cisco.com>
References: <CF7BFCD2.38EA7%elevyabe@cisco.com> <52D2BDC7-9E55-43BC-8248-23C43DCDEF96@fugue.com>
In-Reply-To: <52D2BDC7-9E55-43BC-8248-23C43DCDEF96@fugue.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.22.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/savi/cddOWZ6FGUNS4T-E84Vqg3maYqE
Cc: "draft-ietf-savi-dhcp@tools.ietf.org" <draft-ietf-savi-dhcp@tools.ietf.org>, Guang Yao <yaoguang@cernet.edu.cn>, SAVI Mailing List <savi@ietf.org>, Jean-Michel Combes <jeanmichel.combes@gmail.com>
Subject: Re: [savi] WGLC: draft-ietf-savi-dhcp-22
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi/>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 12:01:37 -0000

Hello Ted:

> IOW the switch can't have a link-local address per subnet?

[PT] 

I've never fully made up my mind that a vlan is a subnet. E.g., we use private vlans that segregate the subnet in order to isolate some clients or defeat some unwanted linklocal scope broadcast storms (because as we know there's no such a thing as a workable linkscope MLD snooping). This is one of these multilink subnets that are not supposed to exist... 

Anyway; whether they are private or not, there can be a great many vlans and it can become a real hassle to configure one SVI per vlan. On top of the operator work for CLI and management, there's also all the CPU and memory involved. It's not that the switch can't do it but rather that it's not necessarily a good idea to force the admin to configure an SVI on all vlans.

> Again, if it's a managed switch, it doesn't make sense that you wouldn't want
> it to have a routable L3 address.   You might want to constrain what L3
> address it has, and yes, there are operational ramifications to this.   But are
> you saying that you aren't managing the switch?

[PT] I actually implemented a client to lease query in our SAVI switches, that will revalidate an address as learnt through DHCP.
It turned out that a function like that can rapidly become a real hassle to configure, with dependencies between otherwise unrelated CLIs. 
So yes, there is at least one vlan with an SVI on it in a managed switch, and yes we can use it to source LQ. But it does not mean that it is an easy thing to deploy.
 
> > . It is currently not very common to
> > deploy DHCP on access switches when the L2/L3 boundary is one layer up
> > (on aggregation/distribution). And I am not talking about the one you
> > have at home.
> 
> Of course not.   Mine doesn't do leasequery or SAVI.   I was using it as an
> example of the minimum functionality one might expect in a switch that
> _does_ do SAVI.

[PT] I would not complain that the switch is expected to support the LQ based validation function, though adding a dhcpv6 client to a switch image does not necessarily come for free. It seems to me that the draft goes very deep into the implementation of the guts of the FSM as opposed to the externally observable behavior, and I'm not sure that this particular FSM is the only way to implement the function and get all the necessary interoperation. At least there should be enough options to implement some user policies such as use LQ or not to validate the SAVI state, which, all in all, looks a lot like an operator decision. 

I agree with Guang's proposed change, and maybe we should be documenting the value / risk involved in using LQ or not?

Cheers,

Pascal

> _______________________________________________
> savi mailing list
> savi@ietf.org
> https://www.ietf.org/mailman/listinfo/savi

v2.8.7 | Report a Bug | By Email