Re: [v6ops] Éric Vyncke's Yes on draft-ietf-v6ops-dhcp-pd-per-device-07: (with COMMENT)
Jen Linkova <furry13@gmail.com> Thu, 04 April 2024 07:20 UTC
Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37D26C14F6FD; Thu, 4 Apr 2024 00:20:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZW__QMdgZYX; Thu, 4 Apr 2024 00:20:51 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A310C14F6A5; Thu, 4 Apr 2024 00:20:51 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2d71765d3e1so7692301fa.0; Thu, 04 Apr 2024 00:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712215249; x=1712820049; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9e9j4ZZdLQFx9MnILmbVevTfaMmBnr4hhwqn8+fpp6k=; b=GK2rkykFwkP5Lve77XLcpbcbRTgept1x/1MWYU8xDSgM3fFn+16NbIaKwOKRIjBLBR cQANygozRduUvaZbkkHaF5UAYk44NabOoBTKrT4g8o4h52b7+K+WYiIa5lLmeQbrQqgD Nd1ZSPrcMr23QcUtVIL5tJ5hpQX2vif/fT2Qu0c1OhBxQfXrRv+VrYxRC2kljv0xWfeK p/5bSWHc5xG0OYkKgve2Hb32RuRrI0AQsBAVStR12AncWDSzEciMuV/HT9js/rNKp67j Nep03BihBFbEqrjgLkUhkLensyF7ZjCK0y8G0ksP8E4VINNeKhLi6Lu3Bhih92OylrGl /JKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712215249; x=1712820049; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9e9j4ZZdLQFx9MnILmbVevTfaMmBnr4hhwqn8+fpp6k=; b=rnXbfw5BxvirXwPHAUwArEkibYQxONaHoTpLAAXCes/P8gyEskVL04p82r1peMshIt Kx7bbAkYQXUttBj4mt+vpxDXcHR3NrBAeqQQ8Yn+MBAC99hYJKFw+Ze+ZcfQpkWclMdx v/UVk0Q1AZW3N9QW1w+bMxWyUUThE7E+6y8IlPTnKxqQJh4yI0i4ITnahV0NvdHQFB1i /l+lxvKi+xtJXWaUaj51DnHk53f3AwliqmomGyCpVmNORrY97r3vQGBs7Hzhovck6wDi gDWsGmLptyEF2iJS9vTUkdPIAfplTPHQrzFzbe+efU3upotVLGdUWfA30aQM6Yze3J4Y J7Ng==
X-Forwarded-Encrypted: i=1; AJvYcCUTYom7kLRptRXXK0BlSkvCvIm9WtGeK1Qc4aDlLa0sqrYDpUmPPxT6z6Rco9ApKRokHhPZ5ImMbkUazHoeHQqR8o/+iwI0LmQYHuwcn8n9t5KJEe206ECQ1rtJwRNnleg5d/i7i9uFdceoGekPqn6la3h2dhAr7S3puxcowScmRGKYaA==
X-Gm-Message-State: AOJu0Yxm96PCxJ0tzoR56IeCQ/CxmHLUJvc/2GgEuMtIt55CSuV284R9 HfJNo5uUIxVnKeP33SD9maeoZnL0DPQ/IqZ2OgcXo726NlTf6MLl+zy3HnX/M5v7+3aBqVPFfxd G/aIdlfgo6hyP3OY76oMtVchm5KE=
X-Google-Smtp-Source: AGHT+IGW/wCJBeUFKjeQculc6hzyZTTb4NLmfMgXmVE/1k8TKu7L8Jkku/aBkfZbIWoLjoPGYUbdl5c8KtnZnGrgZF8=
X-Received: by 2002:a2e:8ed3:0:b0:2d4:744c:24ab with SMTP id e19-20020a2e8ed3000000b002d4744c24abmr1561036ljl.27.1712215248444; Thu, 04 Apr 2024 00:20:48 -0700 (PDT)
MIME-Version: 1.0
References: <171212774719.15825.13411106449950573663@ietfa.amsl.com>
In-Reply-To: <171212774719.15825.13411106449950573663@ietfa.amsl.com>
From: Jen Linkova <furry13@gmail.com>
Date: Thu, 04 Apr 2024 18:20:36 +1100
Message-ID: <CAFU7BARq3pRu45Bdqrt83ZC+qbvpF2cz_QWy8wdpL7-rGEqYdw@mail.gmail.com>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-v6ops-dhcp-pd-per-device@ietf.org, v6ops-chairs@ietf.org, v6ops@ietf.org, tim@qacafe.com, tim.chown@jisc.ac.uk
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/V-iaO99d8Ltd5VZw8gRyDlu-mhI>
Subject: Re: [v6ops] Éric Vyncke's Yes on draft-ietf-v6ops-dhcp-pd-per-device-07: (with COMMENT)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 07:20:52 -0000
Bonjour Eric, Thank you very much for such a detailed review! Comments inline. On Wed, Apr 3, 2024 at 6:02 PM Éric Vyncke via Datatracker <noreply@ietf.org> wrote: > ## Abstract > "client" is rather vague... or was "node" intended ? "client" is only defined > later in the terminology section. Some background: the reason we use 'client' is that the WG discussed extensively the host/node/device terminology, and we decided to use 'client' as it's a DHCPv6 client. However for Abstract and Intro sections it doesn't matter much, so we've changed it to "nodes" and "devices". > Unsure whether "large" is a requirement for this I-D to be used. It’s not a requirement indeed, it’s just the benefits are much more substantial for large networks, where scalability of IPv6<>MAC mapping becomes an issue. Section 5 discusses applicability in more details, but the reason we use ‘large’ here is to address concerns raised by the WGon the list about “a lot of networks can not deploy this as they are small and do not have their own address space”. The proposed deployment model is targeted to large networks, but can be used by any network that has enough address space (however, small networks might face IPv6 address space size issues - that’s the reason for the 6MAN P-flag draft, which allows networks to tell clients whether asking for a prefix is appropriate or not. So we'd rather prefer to keep "large" in the abstract (and in the document name). > ## Section 1 > > Is "large" required in `Often, large broadcast networks` ? Removed. > `individual clients` should it be "individual nodes" or "individual hosts" ? Changed to ‘devices’ > s/prefixes/IPv6 prefixes/ in the first paragraph ? Done. > "(and often requires)" ? Beside link-local, I am not sure whether it is often a > requirement. I used ‘requires’ as ‘almost inevitably happens’ - in cases of stable + privacy addresses or multi-prefix networks. We rephrased it to " Unlike IPv4, IPv6 allows hosts to have multiple addresses, and this is the case in most deployments (see Appendix A for more details)." > s/L2/layer-2/ ? > As this section talks about DHCPv6, please already add a reference to DHCPv6. > s/in this specification/in this document/ as the intended status is > informational. All above fixed. > ## Section 4 > > `The first-hop router acts as a DHCPv6 relay` AFAIK a DHCPv6 relay does not > need to be a router (this point comes up again later). What we describe in that section is a typical topology we expect people to deploy. While in theory DHCPV6 doesn't need to be a router, I can't imagine a practical scenario when it would work that way for PD (installing routes would be tricky). We've rephrased that section a bit, hopefully it's more clear now. > Even if "NUD" is an accepted abbreviation, suggest expanding it. > `required by this specification.` is not suitable for an informational I-D. Fixed. > I love those clear SVG graphics :-) Just a very minor nit on the shared IPv6 > link, there is a cross in the middle rather than a T (unsure whether it is > fixable though) Oh I need to spend more time on it, so it's not yet fixed in -08. > ## Section 5 > > For small networks, `SLAAC is a better and simpler option` is probably too > assertive, suggest removing 'better' and only keep 'simpler'. Changed to "a simpler and often preferred option.". Is it better? > ## Section 6.1 > > Should the routing table size reduction also be a benefit of using a big pool > per link ? If so, let's state it already in this section rather than in the > next ? Done. > ## Section 6.2 > > Is seems to me that one requirement of the proposed solution is that the DHCP > relays *are* the routers, i.e., they can do DHCP snooping to learn the > delegated prefixes. Or is the multicast nature of the DHCP traffic enough? All > in all, I do not think that a separate DHCP relay is a problem but some words > could be added to the text to state that separate DHCP relay(s) (or local DHCP > servers) is also supported. We rephrased section 4 to make it more clear. that the expected topology is when the first-hop routers are either relays or servers. If you have a relay which is not a router, a mechanism would be required to install routes on the first-hop routers. I'm not sure we can recommend this. I guess a network administrator can invent a way to make a topology with a separate relay work, but I'd rather avoid documenting such creative scenarios, as we might come up with an infinite number of them.. > ## Section 7 > > As usual, I am not a big fan of using normative BCP 14 language in an > informational document. To be honest I believe it’s justified in this case. The document is informational as it describes an optional deployment model. However when an administrator chooses to deploy this, some requirements become mandatory (MUST), as otherwise things would get badly broken. Those MUST/SHOULD can be easily translated to MUST/SHOULD in RFPs an administrator would send to their vendors, or to the configuration guidelines. > ## Section 8 > > I can only imagine the amount of discussions about the delegated prefix > length... No need to reply. ;-)) > ## Section 10 > > Unsure whether such reference exists, but adding a reference to uRPF would be a > plus. Done, RFC3704 > Should SLAAC be added to `When all clients are using the same shared link to > form addresses`? I’m not sure it’s SLAAC-specific: NSes and NAs are sent even if addresses are assigned via DHCPv6 IA_NA or statically. > ## Section 11 > > Currently, the IETF cannot publish this document as it includes `To allow the > network to signal DHCPv6-PD support, [I-D.collink-6man-pio-pflag] defines a new > PIO flag` and we do not know the fate of this other I-D yet. While I hope that > it will be published, the sentence should be less assertive or make the 6MAN > I-D normative in order to form a RFC editor cluster. We have shuffled the sentences around, please take a look - I hope it’s less assertive now. As the p-flag draft is an informative reference, it shouldn’t be a blocker. > ## Section 12 > > `Such information is much less dynamic than ND cache` moreover, the DHCP-PD > logs are centralized and easier to collect. I believe we are in violent agreement here: the full sentence states exactly the same: “Such information is much less dynamic than ND cache and therefore it's much easier for an operator to collect and process it.” > ## Section 15 > > `the DHCPv6 server or relay MUST support limiting the number of prefixes > delegated to a given client at any given time` how can this be achieved if the > client spoofs its MAC & link-local IPv6 addresses? Oh that's a very good point, thank you. We added some text, I hope it addresses your consent. -- Cheers, Jen Linkova
- [v6ops] Éric Vyncke's Yes on draft-ietf-v6ops-dhc… Éric Vyncke via Datatracker
- Re: [v6ops] Éric Vyncke's Yes on draft-ietf-v6ops… Jen Linkova