Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem

Andrew Yourtchenko <ayourtch@cisco.com> Mon, 28 October 2013 19:17 UTC

Return-Path: <ayourtch@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6FD611E80E7 for <v6ops@ietfa.amsl.com>; Mon, 28 Oct 2013 12:17:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f9SqnYZe4v8v for <v6ops@ietfa.amsl.com>; Mon, 28 Oct 2013 12:17:36 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 80AD511E81C8 for <v6ops@ietf.org>; Mon, 28 Oct 2013 12:17:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5968; q=dns/txt; s=iport; t=1382987855; x=1384197455; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=KL2MC9mM9JyQG9e72G7ZqG3KhJxJPSLTwiYjYgao09E=; b=jt7S1OMiFk6/4Xwj9nEDcrimoEl2tjzNDHs0UXsNkFSSTy0Xn7nEzso0 4M/9YzRDJLkLSE+aldFCIZ8qju43LXb/L7zRBSRvx0YxtFjEUU42+89S7 lROc5UD/dsPaz2bM0hsNFU3kaO68mkw0B8llkc9I2fWy5IyvSysK5czuq Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ai8FAA+3blKtJV2a/2dsb2JhbABZgweBDL5kgSkWdIIlAQEBAwE4Aj8FCwsOHw4LSQENBg6IBga4Wo9VBwqEIgOeRYtMgWiBP4Ip
X-IronPort-AV: E=Sophos;i="4.93,587,1378857600"; d="scan'208";a="277636690"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-2.cisco.com with ESMTP; 28 Oct 2013 19:17:35 +0000
Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r9SJHY4H013108 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 28 Oct 2013 19:17:34 GMT
Received: from [10.61.212.63] (10.61.212.63) by xhc-rcd-x10.cisco.com (173.37.183.84) with Microsoft SMTP Server (TLS) id 14.2.318.4; Mon, 28 Oct 2013 14:17:33 -0500
Date: Mon, 28 Oct 2013 20:17:12 +0100
From: Andrew Yourtchenko <ayourtch@cisco.com>
X-X-Sender: ayourtch@ayourtch-mac
To: Ted Lemon <mellon@fugue.com>
In-Reply-To: <06601039-CAFD-49B0-918B-A8ACD51B978D@fugue.com>
Message-ID: <alpine.OSX.2.00.1310281905440.11422@ayourtch-mac>
References: <CE8E8EC3.59F3A%victor@jvknet.com> <06601039-CAFD-49B0-918B-A8ACD51B978D@fugue.com>
User-Agent: Alpine 2.00 (OSX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="US-ASCII"
X-Originating-IP: [10.61.212.63]
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Dave Thaler <dthaler@microsoft.com>, "Ole Troan \(otroan\)" <otroan@cisco.com>, "draft-liu-bonica-v6ops-dhcpv6-slaac-problem@tools.ietf.org" <draft-liu-bonica-v6ops-dhcpv6-slaac-problem@tools.ietf.org>
Subject: Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 19:17:46 -0000

On Thu, 24 Oct 2013, Ted Lemon wrote:

> Anyway, that's the rhetorical position I'm going to stake out for now. 
> I'm curious to see if anybody can come up with a reason to disagree that 
> doesn't simplify to either "I hate RA" or "I hate DHCP."

I'll take a shot at outlining the differences as I see them between the 
two, and the factors that may influence the "I hate RA" or "I hate DHCP" 
reply in each particular case...

1) Interworking with different L2 topologies

RA is "server-initiated, send once, receive many, no confirmation" 
abstraction - something that works well on the 10base2-type shared bus 
and even the today's wired ethernet, but looks quite miserable on the 
WiFi media without the ugly special tricks (802.11 provides reliable 
delivery for unicast frames, and does not provide one for multicast 
frames, also the physical speeds are different and even the contention 
management and the speed/modulation can be different as well).

DHCPv6 is "client-initiated, send once, receive once, confirmation" 
abstraction. This may be wasteful on the low-bandwidth links that provide 
bus topology, but maps extremely well onto scenarios like WiFi - as it 
allows to maintain somewhat familiar mode of operation to wired ethernet.

This is where the p2p, acknowledged nature of DHCPv6 may be beneficial - 
on a crowded large-scale WiFi, without dirty tricks, you simply will not 
get the SLAAC working because the multicast RAs will get crunched by the 
interference.

Alternatively, in a very mobile environment and the RFC-compliant router, 
multicast solicited RAs might make a significant portion of your traffic - 
which, due to a difference in modulation, etc. may eat way more bandwidth 
than if they were sent unicast.

2) Acknowledged vs. unacknowledged

DHCPv6 needs at least 2 packets. RA is just one packet.

RA Plus: RA is quicker

RA Minus: you have to take care that it is legitimate router and not your 
evil neighbor sending you the RAs you take the configuration from.

DHCPv6 Plus: works well in the noisy/lossy environments

DHCPv6 minus: takes at least 1 RTT to the server.


3) Client initiated vs. server initiated

Despite of the division above, RA can be client-initiated, to some extent, 
with RS, and DHCPv6 can be server-initiated, to some extent, with 
"Reconfigure" messages.

If we treat these as "nudge" messages, the behavior of the sending 
and receiving parties is similar - the "nudge" message 
causes the orderly protocol exchange to occur before the due time.

The part that is different, though, is that RA, due to its "send once, 
receive many" nature, can aggregate the "nudge" messages, so intuitively 
seems best for a scenario with a very large number of the hosts, as it 
should have self-stabilizing properties, compared to DHCPv6.

This "self-stabilizing" property intuitively seems to make RA safer to 
use, IFF it is used in purely "multicast" fashion.
However, refer to (1) for the interaction with the underlying media.

4) Centralized coordination vs. distributed coordination

RA, due to its "send once, receive many" nature, in its pure 
form necessarily can not dictate a per-client settings, but rather 
can only advise the domain the client would pick from (SLAAC).

DHCPv6 on the other hand, due to its p2p nature is by default well suited 
for the individual per-client tweaking.

The distributed nature can be a blessing if you do not care about who gets 
which address and a curse if you need to account everyone strictly.

NB: address assignment does not mean that the hosts will always use those 
addresses - e.g. it's perfectly possible to statically configure a 
different address, but we talk just homogenous standards-compliant 
well-behaved hosts for simplicity sake).

That's why I do not use the word "control" but use the word 
"coordination".

5) Involvement or not into routing

RAs are a mechanism to provide some form of reliability for the routing in 
an independent fashion to the reasonably unsophisticated hosts. DHCPv6 was 
specifically denied any involvement in the routing.

While architecturally "pure", the reliability and timing of the routing 
resiliency provided by the RAs is far below those achieved by FHRP 
protocols which are used in today's networks predominantly.

This might create a dissonance between those who want to ensure RAs are 
used for routing, and those who do not see any use of them in that regard - 
with the corresponding contention of adding anything routing-related into 
DHCPv6.


6) Server locality

Both DHCPv6 and RA are inherently link-local mechanisms, however DHCPv6 
has a means to "jump" over multiple hops by use of the relays. This means 
RA *has* to be distributed, while DHCPv6 can be both centralized and 
distributed. Frequently it is made centralized because of other benefits 
that centralized administration brings, but almost any router today can 
run a DHCPv6 server on the box with no problem.

7) Programming: UDP vs. ICMP

For a random programmer today, coding a server to receive the data on a 
UDP socket is a more familiar exercise than working with ICMP. 
Disclaimer: the value of "random" was chosen to be "me" for arbitrary 
reasons. This point is more of a rathole and a personal preference, 
probably. I think I remember Dave Thaler saying one of the mechanisms in 
Windows was way easier to extend than the other, but I do not remember 
which.

8) Separate vs. unified management

If DHCPv4 and routing is managed by the different groups in the 
organization, then conceivably the "server" people will not like to have 
their work go away and similarly "router" guys are happy to get rid of yet 
another point of coordination and argument. This is where the "I hate 
$protocol" should definitely pop up. Add here the concerns from the 
previous 7 points.

HTH.


--a