IETF Logo Mail Archive

Re: [v6ops] IPv6-Only Preferred DHCPv4 option

"Bernie Volz (volz)" <volz@cisco.com> Fri, 06 December 2019 16:18 UTC

Return-Path: <volz@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49E16120843; Fri, 6 Dec 2019 08:18:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=D2pWAgxz; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=G+5PgWf0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a9SbeS7haH_n; Fri, 6 Dec 2019 08:18:39 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2AFC12083D; Fri, 6 Dec 2019 08:18:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24809; q=dns/txt; s=iport; t=1575649118; x=1576858718; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=h3q4/gP/eAfcoBjZuTEWY9UEqRYK3A1eaa3GZSaA8ok=; b=D2pWAgxzQ8cYgsOhNNTC9/vXy2oWeQ4/8RuS1S+GGNNo7Mk/VBL/kkaQ iiA3JHS2Btx/bjkw5s77ckCZbFXc0P6VimrxtAY0qWnxOxhLpyUMAyfls hl0DmA1z0MkODt9BaarBFwIYyflz2osjqbfmQrGLoAGhc+Bo330HCVJv+ I=;
IronPort-PHdr: 9a23:pkNPAhLE/uhWrpIDqdmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeCuKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFKa5lQT1kAgMQSkRYnBZubDknpBPXrdCc9Ws9FUQwt8g==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DYAAAqf+pd/4wNJK1eBhwBAQEBAQcBAREBBAQBAYFsBQEBCwGBGy8pJwVsWCAECyoKhCGDRgOKf4I6JZMihGKBLoEkA1QJAQEBDAEBLQIBAYRAAheBfiQ2Bw4CAw0BAQQBAQECAQUEbYU3DIVSAQEBAQMSER0BATcBDwIBCA4DAwECKAMCAgIwFAkIAgQOBRsHgwABgXlNAy4BAqJLAoE4iGB1gTKCfgEBBYUTGIIXCYE2AYwWGoIAgTgMFIFOfj6EMwguFoJaMoIsjSgIGhmCPoVPgj+VL3AKgi6MRokUG5omqG0CBAIEBQIOAQEFgVkCMIFYcBU7KgGCQVARFIxmB4EgAQmCQopTdIEojX8HI4EHATBfAQE
X-IronPort-AV: E=Sophos;i="5.69,285,1571702400"; d="scan'208,217";a="678347160"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Dec 2019 16:18:31 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id xB6GIVC1020581 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 6 Dec 2019 16:18:31 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 6 Dec 2019 10:18:30 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 6 Dec 2019 11:18:29 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 6 Dec 2019 11:18:29 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T+h8ss5BDpq7It0j0y8dmTtOR9pdi69GCUnFAAyn622ZhPHPvfzxE/JB7uqU8N+BQffZ55nYB7rH17ggTl/e+j5PAGz8wHMh6yGHgu5KZAJstDtdSxMEOE5i7p89dXTkCJFQj29y1McYz3vTMKz0SiH7U15NWhHKjO0eEZZl6TGFH2XunXLfZgu4qIWhmEDykcKvjoFuOOtGK3Pg+MxdQVI2qVPf56E3aIDjyOcOHvgGbO+9svflrnB4zrgXiBiziW/aJqHoLOUE66m8J5IHAarT8U7nbkCg0NLjY7F2gJwWHiAoEPwLySpYSwblDaC5N/6WDdNpNybXxjO71ic8hA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h3q4/gP/eAfcoBjZuTEWY9UEqRYK3A1eaa3GZSaA8ok=; b=IebFLsJCR9x3SowWKyGlI8qOuscYHTVBHNwbmCUlR/Ckd/53DdLwQbHMb8NbwYg7p7dprvhe63SAiJl/XEIY/c+RQ8gUVz67w3HAI3Y21f8g/aZlLpMHgKc+9xOD0tk65kW4uoas5LtPTtDDOR78MDMYthrZ1W9wqP6sLI7gJhNKXrhTJ3wrMYUn8srWRsG7KG/1Z4pmEaUmBo9/bGeRB2on9AFfeDKsMn5m/fSpXsMuonYKOBC8ufrJXSY1zrmC7F8x8OqU4rEzOETA7Uqd8yBbcS6XcCKPOJF0FpLzLhx2MEDpYSf9+zE5D5VVtHe9A/MuLbUaj9thoXtNlk6ZBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h3q4/gP/eAfcoBjZuTEWY9UEqRYK3A1eaa3GZSaA8ok=; b=G+5PgWf0oDi/RqiDgHHqJTEnAVsNKPuZRFLqWRk8cVXl7kewndZP0OHG5wnZaEJHC/PhOo4CGWwWTn/L2h2xNuaYwzBEPtItg9e4+yEjkCT6mFE99uPGUGA23aZuRDAb3J9EtGLOV2iNWJ6rn9LqGZ137QZlruxc0Yi+t/ZE+6U=
Received: from DM6PR11MB4137.namprd11.prod.outlook.com (20.176.126.158) by DM6PR11MB4188.namprd11.prod.outlook.com (20.176.126.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.17; Fri, 6 Dec 2019 16:18:29 +0000
Received: from DM6PR11MB4137.namprd11.prod.outlook.com ([fe80::4194:dade:1d47:2678]) by DM6PR11MB4137.namprd11.prod.outlook.com ([fe80::4194:dade:1d47:2678%6]) with mapi id 15.20.2516.017; Fri, 6 Dec 2019 16:18:29 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Ted Lemon <mellon@fugue.com>
CC: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>, "v6ops@ietf.org" <v6ops@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [v6ops] IPv6-Only Preferred DHCPv4 option
Thread-Index: AQHVrEHbgQve9DKh2EKQEqgwr7Y10qetK3KQgAAZCAD//7DFgA==
Date: Fri, 06 Dec 2019 16:18:28 +0000
Message-ID: <1D8C9B8A-0F46-4B02-9402-2265F86D5F0F@cisco.com>
References: <m1idEJQ-0000KPC@stereo.hq.phicoh.net> <EF1F2FB2-4FA0-4BCC-82B8-948EBE7915A6@fugue.com> <DM6PR11MB413793BCC3AFF44F7B8E101DCF5F0@DM6PR11MB4137.namprd11.prod.outlook.com> <8FD2BAAB-96D1-41F0-97A2-2D16CDAF999E@fugue.com>
In-Reply-To: <8FD2BAAB-96D1-41F0-97A2-2D16CDAF999E@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aad6f863-9430-4daa-1407-08d77a67ee0b
x-ms-traffictypediagnostic: DM6PR11MB4188:
x-microsoft-antispam-prvs: <DM6PR11MB4188E71770192257D9F26C60CF5F0@DM6PR11MB4188.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0243E5FD68
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(366004)(136003)(376002)(39860400002)(189003)(199004)(36756003)(54896002)(2616005)(478600001)(229853002)(6486002)(66476007)(66946007)(2906002)(66556008)(91956017)(66446008)(64756008)(6916009)(76116006)(76176011)(26005)(99286004)(186003)(8936002)(71190400001)(71200400001)(5660300002)(81156014)(81166006)(8676002)(6506007)(53546011)(102836004)(316002)(58126008)(6512007)(86362001)(33656002)(4326008)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB4188; H:DM6PR11MB4137.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rGX7h5YOSU6MLN4PubIzv8hysl62uWvyV3g5SakoIzWAzKsKaSBy/Otm2sYx+tso2qgkQaFXuS55fuhn+lTQE8amJ2J7+csCr3fkrGkH//V0tVCxy6C+v8NQkKxYDwNRA2rEXKD2Lh2L8YsJEEBQUy+zJ/fRSty90qfLmYVfRtPhR7NLKQLL1RxD27qXyEh+zkrxm+JLPV+Vdu+DpmMQvuIKxx4l9III5tsv0wgNMhRdq3unDFb+tw4DOJBuDIhQvsKzRtoDwE4FDbehItZmV46BhZmPxmjmAKnleIpTycw08hV+zegiXWOsR3rG0kg7JCMKsZ+z6BsqlaEcqr1uE8UoP7apm+JyLbFg1PObfts+OWcUg7zYR/NL6k7JKeW1MoAVO775b9A300FkHyIuU60tRbJ+9prBYlV/bEtlURnSRTSvSWR5DU2A3hs0Y0A+
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_1D8C9B8A0F464B0294022265F86D5F0Fciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: aad6f863-9430-4daa-1407-08d77a67ee0b
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2019 16:18:28.6929 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: r8sd1ublT2IRfyil3hxePu+zbhBb/0FYv9TGYXXysWqdfgKJhLXGVHQVa9bv6aGU
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4188
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/BOZ49y0EJ7l5UT4Z7qk4HSvjZ0U>
Subject: Re: [v6ops] IPv6-Only Preferred DHCPv4 option
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 16:18:41 -0000

Comments inline below (BV>).


  *   Bernie

From: Ted Lemon <mellon@fugue.com>
Date: Friday, December 6, 2019 at 11:02 AM
To: Bernie Volz <volz@cisco.com>
Cc: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>, "v6ops@ietf.org" <v6ops@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [v6ops] IPv6-Only Preferred DHCPv4 option

On Dec 6, 2019, at 6:45 AM, Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>> wrote:
which requires fewer changes on the DHCP server implementation

This is almost certainly not true.  In order for this to work, you’re going to have to have some special-purpose code to support it.  Better to do the clean solution than a hack that minimizes changes to the server at the expense of more complication in the client-server interaction.

BV> Why are any changes needed to the server? It’s normal processing will work just fine … if the network segment has the new option configured, it will return it if the client requests it. Then the server will never see the DHCPREQUEST and the address assigned to the client will just “timeout” in a short period (at least on our server, within 2 minutes or whatever an administrator has configured) and be usable by other clients. End of story as client has turned off DHCPv4 and everyone is happy. And, no changes to anything on the server. This is not different than a case where there the client never sends a DHCPREQUEST or selects a DHCPREQUEST from a different server.

BV> If the client does proceed to a DHCPREQUEST, normal processing would happen, and client would get the lease (or perhaps receive a DHCPNAK is some other device was assigned the lease because the short time it had been held expired).

BV> This is all normal DHCPv4 processing and so no changes are needed.

Existing servers can deploy this without ANY changes (provided you have a means to configure the server with whatever option number is finally assigned).

I think it’s okay to require changes to the server.   This is a significant new feature.

BV> Why there is no need? Yes, you could do optimizations to (1) have perhaps a much shorter temporary assignment time or (2) use a “reserved” address for clients that request this option in the PRL. But these are not necessary, and everything works just fine without the changes.

Personally, I would NOT recommend breaking the semantics of a DHCPOFFER and always include an address because you never know how intermediate devices that may be "snooping" this traffic will handle this; for example, the intermediate device might drop what it feels is an invalid packet.

This is definitely not an issue, though, because the network operator is choosing to deploy this.  They can be responsible for ensuring correct behavior if there are any middleboxes intercepting the DHCPv4 traffic and doing stuff with it.   Expecting this to Just Work with no infrastructure changes seems unnecessary.

BV> Why need this testing to confirm that middleboxes aren’t doing bad stuff. If you stick to normal DHCP semantics, nothing needs to be tested or changed in your infrastructure. Yes, I am expecting this to work with no infrastructure changes as this is STANDARD DHCP. The DHCPOFFER just never turns in to a DHCPREQUEST – so what … this can happen today on all DHCP networks if the client stops (powered down, disconnects from network).

There is a reason why DHCP includes a parameter request list option.  If the client doesn’t ask for this newfangled option, it shouldn’t see it.  And so we can know for sure that the client supports this capability, because it asked for it.

Even if a DHCP server sent the option without it being requested, why would the client use it if it didn't ask for it?

If the DHCP server knows the client supports the feature, it can assume that when it sends the option, the client will implement the specified behavior.   If it doesn’t know for sure that the client supports the feature, then you have to deal with a much more complex set of possible behaviors.   Why add that complexity?

And that’s assuming that the client behaves correctly.  If you just send the new option, another possibility is that the client crashes when it doesn’t recognize the option, as we used to see with certain printers I the manufacturer of which I will not mention.   Or that it does some other random thing.  Why chance it?

BV> If a DHCP client crashes when it receives an unknown option, my guess is that it would be quickly fixed as this just is broken behavior. Again, I’m not saying that a server should send this option if it wasn’t requested by a client, but I’m just clarifying your statements that even if a client were to see some arbitrary option that it didn’t request, it shouldn’t be doing anything with it. And, I would suspect that you would be hard pressed to find a client that crashes when it receives an unknown option.

BV> I will say that one issue that could exist with this option that is a bit unusual is that it is currently 0-length. We have only one other zero-length option that I recall, and that is Rapid Commit (which is client to server, not server to client). So, it is possible that there are clients that are unhappy about zero-length options. But again, in the ideal world no client will see this option unless it has requested it (in the PRL).

v2.23.0 | Report a Bug | By Email