IETF Logo Mail Archive

Re: [v6ops] [dhcwg] IPv6-Only Preferred DHCPv4 option

Tomek Mrugalski <tomasz.mrugalski@gmail.com> Tue, 10 December 2019 00:05 UTC

Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 233C31207FC; Mon, 9 Dec 2019 16:05:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01yc9Sotes_l; Mon, 9 Dec 2019 16:05:47 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92BCE12021C; Mon, 9 Dec 2019 16:05:46 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id c19so17676327lji.11; Mon, 09 Dec 2019 16:05:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=J2HZ3aMRMXomZ/toT+ZhR04uNpZ4M/SPNBlYP6iSqOQ=; b=cmpYeAIJaSiVRKp0h+p3Rq1chCBzfKm32YtOeJtFteqkFEF+Zc6r2h48eRXb10TAFy twqPdIgETyD8MGo0Y+1hBOlekZp4thxdTTko3ux6KHFrwy4TBSR6nHu5HcmRqxF5dmQx Q2421JagV0DlCiZXjMpbg9Dt8ESKjd0e6wxDwCg2LqO9FVS0fqlfA/Fabglngc6ZhE16 RtFklyaCvcmp5fyCpKpP/cov1O6WX5MvuPvlgYe7mnZyECW8IyCBJT6skL1bdXRiBK6U d74sahVDxUWOGxrXizdEwMmyrB10LB9X+0f4IZNCauMFU16IjN0I7V6Kacoh8Wfzx8FU V3sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=J2HZ3aMRMXomZ/toT+ZhR04uNpZ4M/SPNBlYP6iSqOQ=; b=ORCYkfEG8BT5apXv7cUc3glh2HKuGfyomXzVx5gg4+DWq3XgZVcKRba9sazVSFAlKJ cioqGnk+M4VPQOEqhgZA1mF5LL0wCt4I+f64RheuFdHCQhEmMCco7XAqrh0ERQMnOntl FDARU71SzIAtEPsGlItcQAhpRoVukwp/cJ8fW3t8o08H4d/trje0XVdg8mjnj+lA4Siv jjcQhsGUkyMqHSj1UwatgS8MUcyEJJdCAksiB8j0mwoYF8URhvifQKWmV5Z6xDNrKJJM VrVuxEGxttisLhP3/kVDSeF5t+tTJIiCsYLwFtOnzrHBrRcHMH52z9rFyyALOUynYjuw LOjQ==
X-Gm-Message-State: APjAAAU81lay6Fd2yL3trx+DLoBanfsaFZOUH2fy/cI0bNzLF8nlZpvA fLRsLUeA7pw8Esbh79gxf1gk3n6jA682og==
X-Google-Smtp-Source: APXvYqzD/mamozp74acVAkrcX3radUQDPgWugEneEhaCq/QCzV6afPerLATtgSUN94EfSkaoKHMyqg==
X-Received: by 2002:a2e:2201:: with SMTP id i1mr17862361lji.110.1575936344196; Mon, 09 Dec 2019 16:05:44 -0800 (PST)
Received: from [192.168.1.100] (109241079151.gdansk.vectranet.pl. [109.241.79.151]) by smtp.gmail.com with ESMTPSA id b10sm435624lfj.71.2019.12.09.16.05.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 09 Dec 2019 16:05:43 -0800 (PST)
To: Lorenzo Colitti <lorenzo@google.com>, Jen Linkova <furry13@gmail.com>
Cc: David Farmer <farmer@umn.edu>, Michael Richardson <mcr+ietf@sandelman.ca>, dhcwg@ietf.org, V6 Ops List <v6ops@ietf.org>, draft-link-dhc-v6only@ietf.org
References: <CAFU7BAR1JLUZps=CAqJfeQtUf-xQ88RYvgYrPCP+QP0Ter7YFg@mail.gmail.com> <E03BBE6C-3BED-4D49-8F79-0A1B313EFD9D@apple.com> <28594.1575483729@localhost> <CAFU7BAQp2-4EwntFj6Nx+be54-fi+gnQmRgT6yS22p=vYugpzA@mail.gmail.com> <CAN-Dau1L_hdRMiGApa7VKuZ0_f5q1NJ-5sHMeg-dtTWa=Tq6bQ@mail.gmail.com> <CAFU7BAS9iMBWkdQF_hwK7squvG9A5f38miS=sWLNns=ZxK4GCg@mail.gmail.com> <CAN-Dau3WswixgY=B9dPwL-hTtxsjm-X-sJ6iXMtpifUAHF12DQ@mail.gmail.com> <CAFU7BASYFEcUgJZUvxi+m4s_GELUQV-2C=UaJ35pBz+zpG1XzA@mail.gmail.com> <CAKD1Yr3OjCsMNM+P2tt9EPrkXDhP+yMptKg-AG3OA1KNbsrqhQ@mail.gmail.com>
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
Message-ID: <d0eabdd2-903f-f9f8-71c6-e3e9470c5613@gmail.com>
Date: Tue, 10 Dec 2019 01:05:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr3OjCsMNM+P2tt9EPrkXDhP+yMptKg-AG3OA1KNbsrqhQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------8E4131C4B956A3CD8E4984E4"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/IRngv2k8TUPZleI0gov7s51-lCU>
Subject: Re: [v6ops] [dhcwg] IPv6-Only Preferred DHCPv4 option
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 00:05:48 -0000

On 06.12.2019 08:21, Lorenzo Colitti wrote:
> On Fri, Dec 6, 2019 at 4:14 PM Jen Linkova <furry13@gmail.com
> <mailto:furry13@gmail.com>> wrote:
>
>     "If the pool is explicitly configured with a dedicated IPv4
>        address to be returned to IPv6-only capable clients the server MUST
>        specify that address as the client's network address and MUST NOT
>        verify its uniqueness.
>
>
> That seems difficult to implement on the server. Why not just return a
> normal OFFER from the pool? That way, if something unexpected happens
> and the client sends a DHCPREQUEST for it, the server can hand it out
> as normal.
>
> The alternative is risky. If the server uses a bogus OFFER value, and
> some client requests it and the server hands it out, that creates the
> possibility for misconfiguration or bugs to create really bad outcomes
> where multiple hosts have the same IP address, or some things on the
> network (e.g., snooping switches) think that multiple hosts have the
> same IP address. +Tomek Mrugalski
> <mailto:tomasz.mrugalski@gmail.com> any thoughts on whether this can
> be implemented easily and reliably on the server side?

I would go with a normal OFFER from the pool. Some servers (such as Kea)
don't reserve the address at all when sending back OFFERS. This seems
like the most robust approach. Clients that correctly implement the
draft would never send a REQUEST for addresses offered. Buggy clients
that implement the draft in a broken way and request the address, would
simply get the address and the server will continue offering other
addresses to IPv6-only Preferred capable clients. In Kea, sending an
address from a pool would work out of the box and not a single address
would be allocated for ipv6-only preferred clients.

The alternative (bogus address or small pool of just one address) is
much more tricky to set up and there may be messy corner cases. Every
DHCP server I know does various checks if the address belongs to a pool
(so setting something completely out of the range could break down
various mechanisms), it could mess up statistics and thresholds. The
fundamental role every DHCP server is supposed to play is to ensure that
the addresses are not duplicated and there are many mechanisms to help
ensure that. If we decided to go with bogus address shared by all
ipv6-only preferred clients, most (all?) of such mechanisms would have
to be conditionally disabled. Let's not do that.

Tomek

v2.23.0 | Report a Bug | By Email