Re: [savi] WGLC: draft-ietf-savi-dhcp-22
"Eric Levy- Abegnoli (elevyabe)" <elevyabe@cisco.com> Wed, 23 April 2014 15:11 UTC
Return-Path: <elevyabe@cisco.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 754931A02B5 for <savi@ietfa.amsl.com>; Wed, 23 Apr 2014 08:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.772
X-Spam-Level:
X-Spam-Status: No, score=-9.772 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id va1wVAb372qM for <savi@ietfa.amsl.com>; Wed, 23 Apr 2014 08:11:00 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) by ietfa.amsl.com (Postfix) with ESMTP id 9072D1A03DA for <savi@ietf.org>; Wed, 23 Apr 2014 08:10:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=40220; q=dns/txt; s=iport; t=1398265847; x=1399475447; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=ARMdlicqy38h2yjdh2zupiUUrLnAYcPhv3nNbil6le8=; b=ic0RGVeFP+kOQVag9xLQeFLWQ79aVio7sucRJKp9N87NuJJdeVLCKVKG nxs7X7qsGBv4AmYuo3OXKUDmsaFWMF9Iiff1iFIq5+t6e+umSn1paSTei tngX5MfQk2OBQzx+em8wwBcbSvDl14d8GP/uyYQQtdpILPwWl8ATgJAZj o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AncFAOnWV1OtJA2M/2dsb2JhbABZDoI0RE9XuzmIeoEaFnSCJQEBAQQtQQsSAQgRAwEBASEBBigRFAkIAgQBDQUbiBIDEQ3IPw2GVBeMQIIHEQYBhDkElwWBcIE3i0uFU4JxQIFrJBw
X-IronPort-AV: E=Sophos; i="4.97,912,1389744000"; d="scan'208,217"; a="38092033"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-1.cisco.com with ESMTP; 23 Apr 2014 15:10:46 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s3NFAkXL011839 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 23 Apr 2014 15:10:46 GMT
Received: from xmb-rcd-x06.cisco.com ([169.254.6.41]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.03.0123.003; Wed, 23 Apr 2014 10:10:45 -0500
From: "Eric Levy- Abegnoli (elevyabe)" <elevyabe@cisco.com>
To: Guang Yao <yaoguang@cernet.edu.cn>, 'Jean-Michel Combes' <jeanmichel.combes@gmail.com>, 'SAVI Mailing List' <savi@ietf.org>
Thread-Topic: [savi] WGLC: draft-ietf-savi-dhcp-22
Thread-Index: AQHPXwYz8FdOhs9nvUWZJnpcp77q9A==
Date: Wed, 23 Apr 2014 15:10:45 +0000
Message-ID: <CF7DA1D3.390B5%elevyabe@cisco.com>
In-Reply-To: <000e01cf5d0a$4a279d40$de76d7c0$@cernet.edu.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.2.130206
x-originating-ip: [10.49.80.39]
Content-Type: multipart/alternative; boundary="_000_CF7DA1D3390B5elevyabeciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/savi/oO5d4bLCBG9xLYnhWoPqo4Wj91I
Cc: "draft-ietf-savi-dhcp@tools.ietf.org" <draft-ietf-savi-dhcp@tools.ietf.org>, 'Ted Lemon' <mellon@fugue.com>
Subject: Re: [savi] WGLC: draft-ietf-savi-dhcp-22
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi/>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 15:11:07 -0000
Hi Guang,
I find the below section very confusing. SAVI devices are switches, hence they have other means to punt any traffic they want to inspect to cpu level. They would not "join multicast groups". A wild guess on the intention is to get around the case where some MLD snooping device is at stake in the network. Works for addresses that you know but can't possibly work for addresses that you don't know yet and that are being DAD'ed. MLD snooping is just incompatible with SAVI, and if we accept that fact, joining MLD solicited group is not needed.
And it has the same issue I raised: access switches cannot reasonably have a layer-3 interface on every subnet (link/vlan) they operate on, which could be thousands.
Sorry that I missed that in 6620.
Eric
From: Guang Yao <yaoguang@cernet.edu.cn<mailto:yaoguang@cernet.edu.cn>>
Date: lundi 21 avril 2014 04:34
To: elevyabe levy-abegnoli <elevyabe@cisco.com<mailto:elevyabe@cisco.com>>, 'Jean-Michel Combes' <jeanmichel.combes@gmail.com<mailto:jeanmichel.combes@gmail.com>>, 'SAVI Mailing List' <savi@ietf.org<mailto:savi@ietf.org>>
Cc: "draft-ietf-savi-dhcp@tools.ietf.org<mailto:draft-ietf-savi-dhcp@tools.ietf.org>" <draft-ietf-savi-dhcp@tools.ietf.org<mailto:draft-ietf-savi-dhcp@tools.ietf.org>>, 'Ted Lemon' <mellon@fugue.com<mailto:mellon@fugue.com>>
Subject: RE: [savi] WGLC: draft-ietf-savi-dhcp-22
Hi, Eric
Before we begin modifying the SAVI-DHCP, we find some related text in RFC6620:
1.
“ MLD Considerations
The FCFS SAVI device MUST join the solicited node multicast group for
all the addresses with a state other than NO_BIND. This is needed to
make sure that the FCFS SAVI device will receive the DAD_NS for those
addresses. Please note that it may not be enough to rely on the host
behind the Validating Port to do so, since the node may move, and
after a while, the packets for that particular solicited node
multicast group will no longer be forwarded to the FCFS SAVI device.
Therefore, the FCFS SAVI device MUST join the solicited node
multicast groups for all the addresses that are in a state other than
NO_BIND.
”
2.
“Upon the reception through a Validating Port (VP) of a DATA packet
containing IPAddr as the source address, the SAVI device SHOULD
execute the process of sending Neighbor Solicitation messages of
the Duplicate Address Detection process as described in Section
5.4.2 of [RFC4862]
”
Maybe such designs also violate your comments? Thank you very much!
Best regards,
Guang
From: Guang Yao [mailto:yaoguang@cernet.edu.cn]
Sent: Monday, April 21, 2014 10:20 AM
To: 'Eric Levy- Abegnoli (elevyabe)'; 'Jean-Michel Combes'; 'SAVI Mailing List'
Cc: '<draft-ietf-savi-dhcp@tools.ietf.org<mailto:draft-ietf-savi-dhcp@tools.ietf.org>>'; 'Ted Lemon'
Subject: RE: [savi] WGLC: draft-ietf-savi-dhcp-22
Hi, Eric
Thank you very much for the comments!
1.
For the first one, considering the whole “data snooping process” is actually a “conditional should”(s7.1), the DHCP lease query process is actually no more than a “conditional should”. The “MUST” just specifies if the data snooping process is to be implemented, the lease query process will be a MUST.
Besides, it seems there is no good alternative method to set up bindings without DHCP lease query; however, if DHCP lease query cannot be performed, the whole data snooping process is meaningless. Thus, we choose “MUST” on DHCP lease query process.
2.
We fully accept the second comment and will revise the doc accordingly.
Best regards,
Guang
From: Eric Levy- Abegnoli (elevyabe) [mailto:elevyabe@cisco.com]
Sent: Thursday, April 17, 2014 8:09 PM
To: Jean-Michel Combes; SAVI Mailing List
Cc: <draft-ietf-savi-dhcp@tools.ietf.org<mailto:draft-ietf-savi-dhcp@tools.ietf.org>>; Ted Lemon
Subject: Re: [savi] WGLC: draft-ietf-savi-dhcp-22
Hi,
In general, the document looks good. I spot a few substantial issues listed below:
1) There seem to be a requirement in several places of the document (see below) to send LEASEQUERY to the DHCP server. That is certainly useful to do so, but switches are sometimes pure layer-2 switches, and don't implement a DHCP stack not they have a layer-3 address to source traffic from.
Even when the switches have a layer-3 leg, setting then to reach out the DHCP server is not a trivial operation, and not one which is typically done on layer-2 access switches.
Whenever the LEASEQUERY is mandated, I'd rather have it as a SHOULD, with some alternate behavior (delete the entry for instance).
Section 6.4.2.2, paragrap 2.1:
the SAVI device MUST send a LEASEQUERY [RFC5007]
Section 7.5.2.1
IPv4 address: Send a DHCPLEASEQUERY [RFC4388]
IPv6 address: Send a LEASEQUERY [RFC5007]
2) Section 7.1 & 7.2
"To perform this process, the SAVI device MUST join the Solicited Node
Multicast group of the source address of triggering IPv6 data packet
whenever performing duplicate detection."
* I don't think a layer-2 switch can and need to join the Solicited Node Multicast group of the source address. It does not have a layer-3 stack on top of every link it is bridging/switching. It has to snoop ND traffic, like it snoops DHCP traffic.
Section 7.5.1.2
* I wonder what would be the end-result if the switch send a DAD or and ARP and the legitimate owner interpret it as "someone already has the address" (always possible depending on its current state). That would seriously break DAD or ACD (rfc5227). I think we need a way to distinguish between the packets issued by the switch and normal DAD or ACD packets. (some field in the header? But that would be a protocol change…).
Eric
From: Jean-Michel Combes <jeanmichel.combes@gmail.com<mailto:jeanmichel.combes@gmail.com>>
Date: mardi 8 avril 2014 12:15
To: SAVI Mailing List <savi@ietf.org<mailto:savi@ietf.org>>
Cc: "<draft-ietf-savi-dhcp@tools.ietf.org<mailto:draft-ietf-savi-dhcp@tools.ietf.org>>" <draft-ietf-savi-dhcp@tools.ietf.org<mailto:draft-ietf-savi-dhcp@tools.ietf.org>>, Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Subject: [savi] WGLC: draft-ietf-savi-dhcp-22
Folks,
As it has been deeply modified since the last WGLC (version -06), this is a new two weeks WGLC for the following document: "SAVI Solution for DHCP" (http://tools.ietf.org/html/draft-ietf-savi-dhcp-22).
Please, don't hesitate to give your opinion (i.e., agreement/disagreement to move forward the document, comments, etc.)!
Thanks in advance.
Best regards,
JMC.
- [savi] WGLC: draft-ietf-savi-dhcp-22 Jean-Michel Combes
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Jean-Michel Combes
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Eric Levy- Abegnoli (elevyabe)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Leaf Yeh
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Leaf Yeh
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Eric Levy- Abegnoli (elevyabe)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Ted Lemon
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Ted Lemon
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Pascal Thubert (pthubert)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Eric Levy- Abegnoli (elevyabe)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Eric Levy- Abegnoli (elevyabe)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Ted Lemon
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Eric Levy- Abegnoli (elevyabe)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Leaf Yeh
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Leaf Yeh
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Ted Lemon
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Pascal Thubert (pthubert)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Jun Bi
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Guang Yao
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Ted Lemon
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Jun Bi
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Fred Baker (fred)
- Re: [savi] WGLC: draft-ietf-savi-dhcp-22 Fred Baker (fred)