IETF Logo Mail Archive

Re: [v6ops] IPv6-Only Preferred DHCPv4 option

Ted Lemon <mellon@fugue.com> Fri, 06 December 2019 18:55 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2967120059 for <v6ops@ietfa.amsl.com>; Fri, 6 Dec 2019 10:55:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNA4YDLoOIjO for <v6ops@ietfa.amsl.com>; Fri, 6 Dec 2019 10:55:07 -0800 (PST)
Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D769D12004A for <v6ops@ietf.org>; Fri, 6 Dec 2019 10:55:07 -0800 (PST)
Received: by mail-pf1-x42c.google.com with SMTP id q8so3775829pfh.7 for <v6ops@ietf.org>; Fri, 06 Dec 2019 10:55:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=D0VIDHDokhujXqnqc4/mYAGY0ECi6RDB7zRvigYt7aU=; b=N5fcw6mX+IEMVyzRvcUHSNBG8Q1TM0qEkK2OEgNOMGj3gYuA2bh6IxPsL8vBrvAoPJ N0zjIdV2YHWwbibNKaHAIydK/npj8l3Dfkqm8c+mjpwgdk/PmrjJK/AMqQAC+tgrX++Z WPtQOJzf5wtdoQizH7G9f66XjKGsTYg1ZkkmdIUMSs73AKBVxv8vtzV9LYcXZs07M16r RYntTckMBK7ZOqREOD2+Yjh7JjSwLjQnqZ0l45PSS+bjAWxGFjHz1Z7MefHESE6PiuVo 4xzP5LgwQGOX0bevTbEaQfLI3C4UPs49PGIybpNGaD4iYudUhQn0UDNtSoaZWtBbVgeh Zr6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=D0VIDHDokhujXqnqc4/mYAGY0ECi6RDB7zRvigYt7aU=; b=kgOZ0JHMQ0RNAq/E6tzWUqMbrk3Xa0scm2NM2CrjP2BdKwc36Z4b+7cEY+SHFOBFKP aDJiTyNQzNAZnki3l0Efu1ZMgGDnSoY59RUTndV+Ixrn5KF4UOwWFpz05TYgWhHJNhLE piOU0QIbfjU9vLbiwdapDLmqecEdOnUUAk0//XDLoPaoX0WjDicJrEL8X94e4mEKtb0m vgdOqbKeCHtafDie8IRcvZKxC18+w133ECdbYUdQA4mXTnw5odFqw1vGyNwcpDBUn9jC GHrd+WHuZHNqvnD0l3/fnuLkFkLPgyxxNI3j39VpRGrq15Ro2OiMYW2ZxkQnj0k2jAu1 4ipg==
X-Gm-Message-State: APjAAAXt19dWazbpxzD5GP6TSMjdmibXjq58ur5Ljfcbs6i42NiErmXN dr9ODZsVts81lOgG+HqBihZ9eA==
X-Google-Smtp-Source: APXvYqwVp2NhLd8lgW9hYTHd9wVgkFhP0QONXYXPxGA28xESnHo/e6B2I7Y1G0X5A8uasvkaDfJ6CA==
X-Received: by 2002:a62:3141:: with SMTP id x62mr16306354pfx.214.1575658507298; Fri, 06 Dec 2019 10:55:07 -0800 (PST)
Received: from [17.230.159.70] ([17.230.159.70]) by smtp.gmail.com with ESMTPSA id z30sm17011527pff.131.2019.12.06.10.55.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 06 Dec 2019 10:55:06 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-060F0663-9B3D-4C3E-B270-FD92C7D65330"
Content-Transfer-Encoding: 7bit
From: Ted Lemon <mellon@fugue.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 06 Dec 2019 10:55:05 -0800
Message-Id: <1D60C687-E163-4C66-874C-1349F7219740@fugue.com>
References: <CAKD1Yr2Vo4Q+q=kAhAcr4F2Xn6u3uMNRWZ+AHBo4jw7VVoPxXg@mail.gmail.com>
Cc: "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
In-Reply-To: <CAKD1Yr2Vo4Q+q=kAhAcr4F2Xn6u3uMNRWZ+AHBo4jw7VVoPxXg@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
X-Mailer: iPhone Mail (17E180a)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/5qxlc7fMi5kPhxzsQIYnmwC10Rc>
Subject: Re: [v6ops] IPv6-Only Preferred DHCPv4 option
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 18:55:11 -0000

Lorenzo, it might help for you to make explicit why you do not want to require changes on the server. This seems like a short sicher choice for a solution that’s going to be deployed for a long time. Why not do it right given we’re going to have to live with it for decades?

> On Dec 6, 2019, at 08:35, Lorenzo Colitti <lorenzo@google.com> wrote:
> 
> 
> On Sat, Dec 7, 2019 at 1:02 AM Ted Lemon <mellon@fugue.com> wrote:
>>> which requires fewer changes on the DHCP server implementation
>> 
>> This is almost certainly not true.  In order for this to work, you’re going to have to have some special-purpose code to support it.  Better to do the clean solution than a hack that minimizes changes to the server at the expense of more complication in the client-server interaction.
> 
> I don't think this option requires any server changes other than the code to parse and serialize the option. That the server doesn't even need to know or care whether the client supports the option or not. At worst, it can simply blindly include the option on any pool that is configured to send it. Obviously, in the presence of buggy clients, the server should only send the option if it was requested, but servers typically already do that. The offer behaviour can stay the same: if the server gets a discover, it picks an address and responds with an offer from the pool. Per RFC 2131 section 3.1, that address need not be reserved, but it could be reserved for a brief time as well. Either works. If the client gets the option and decides it doesn't need IPv4, it won't send a request; after a while, the server can free the address if it had briefly reserved it. If the client wants IPv4, it will send a request and get an ack.
> 
> As Bernie says, if the pool is too small for the number of clients (which it will be, if this option is to be useful), and too many clients send discovers simultaneously (e.g., they're rebooted all at the same time), then the server will either not respond with offers to some of them, or will respond with offers and be forced to nak if two clients request the same address. Things continue to work.
> 
> The current text in the draft proposes an optimization on top of that:
> 
>    If the pool is explicitly configured with a dedicated IPv4
>    address to be returned to IPv6-only capable clients the server MUST
>    specify that address as the client's network address and MUST NOT
>    verify its uniqueness.  Otherwise the server SHOULD follow the
>    recommendations in [RFC2131].  The client is not expected to use that
>    IPv4 address so if the client responds with the DHCPREQUEST message
>    for that address the server SHOULD respond with DHCPNAK.
> 
> This does indeed require code changes on the server side. But I think it would be good if such changes were optional. Additionally, this optimization creates the problem that if the client and responds to the nak with a discover, and the server replies with the same offer as before, then the client could gets stuck in a loop.
> 
>>> Personally, I would NOT recommend breaking the semantics of a DHCPOFFER and always include an address because you never know how intermediate devices that may be "snooping" this traffic will handle this; for example, the intermediate device might drop what it feels is an invalid packet.
>> 
>> This is definitely not an issue, though, because the network operator is choosing to deploy this.  They can be responsible for ensuring correct behavior if there are any middleboxes intercepting the DHCPv4 traffic and doing stuff with it.   Expecting this to Just Work with no infrastructure changes seems unnecessary.
> 
> I don't think this is a good justification for doing things that could break compatibility. It's true that the network operator is choosing to deploy this. But the network operator may not fully control all the devices on the network, and even if they do, fixing bugs is expensive: the bug needs to be reported, the vendor (assuming they're still around) might need to be convinced that it's a bug, code changes need to be made, the device may need to be updated to a substantially newer version, software needs to be re-qualified, etc. I agree with Bernie that if we can avoid changing the observed behaviour, that would be better.

v2.23.0 | Report a Bug | By Email