Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem

Andrew Yourtchenko <ayourtch@cisco.com> Tue, 29 October 2013 22:39 UTC

Return-Path: <ayourtch@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5851011E8214 for <v6ops@ietfa.amsl.com>; Tue, 29 Oct 2013 15:39:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.449
X-Spam-Level:
X-Spam-Status: No, score=-10.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KeiNmZFocxS0 for <v6ops@ietfa.amsl.com>; Tue, 29 Oct 2013 15:39:20 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id A27E611E81CC for <v6ops@ietf.org>; Tue, 29 Oct 2013 15:39:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1529; q=dns/txt; s=iport; t=1383086360; x=1384295960; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=4W7LR7Smjr88kF+1PCUeH59HoG/+rJ8jxDPnqbcaLt4=; b=QPOKQdWT62qE4g/rH7hrw5rLbG6CGn6DX0PtU5Z7ygVSmc5cE5XsvPx/ hlxCJp2yF8C1w0QGAvRqL4APzPaNSB3f213Gi2D79vNOlOOMbGT9wzzqj DfPUADYp2cY9kK9n/YmrynEYNk9+q73Bsv3+vBgsonlo03tSaP0YsDRY1 o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgcFAOc3cFKtJXG+/2dsb2JhbABZgweBDLw+gnqBKxZ0giUBAQEDATgCMg0FCwsYIwtXBg6IBga6c49BB4QsA55Gi0yBaIE/gWkkHA
X-IronPort-AV: E=Sophos;i="4.93,596,1378857600"; d="scan'208";a="278212001"
Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rcdn-iport-8.cisco.com with ESMTP; 29 Oct 2013 22:39:04 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id r9TMd3AF025013 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 29 Oct 2013 22:39:03 GMT
Received: from [10.61.200.140] (10.61.200.140) by xhc-rcd-x04.cisco.com (173.37.183.78) with Microsoft SMTP Server (TLS) id 14.2.318.4; Tue, 29 Oct 2013 17:39:03 -0500
Date: Tue, 29 Oct 2013 23:38:44 +0100
From: Andrew Yourtchenko <ayourtch@cisco.com>
X-X-Sender: ayourtch@ayourtch-mac
To: Nick Hilliard <nick@inex.ie>
In-Reply-To: <527030B7.40206@inex.ie>
Message-ID: <alpine.OSX.2.00.1310292327070.31066@ayourtch-mac>
References: <CE8E8EC3.59F3A%victor@jvknet.com> <06601039-CAFD-49B0-918B-A8ACD51B978D@fugue.com> <alpine.OSX.2.00.1310281905440.11422@ayourtch-mac> <CAKD1Yr0qLd7syFizEUMa6DM2a2LY6Rv5GSFyoQAs4Pir6gcNkA@mail.gmail.com> <1383036443.56704.YahooMailNeo@web142501.mail.bf1.yahoo.com> <alpine.OSX.2.00.1310291443480.31066@ayourtch-mac> <1383074208.73179.YahooMailNeo@web142505.mail.bf1.yahoo.com> <alpine.OSX.2.00.1310292030450.31066@ayourtch-mac> <CAKD1Yr1myWu7BUmcP3sJqPXFtRyGhy=Qqd2yMsYBFQjPce3GUA@mail.gmail.com> <alpine.OSX.2.00.1310292040510.31066@ayourtch-mac> <527019EC.3090508@innovationslab.net> <alpine.OSX.2.00.1310292134210.31066@ayourtch-mac> <527030B7.40206@inex.ie>
User-Agent: Alpine 2.00 (OSX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format=flowed
X-Originating-IP: [10.61.200.140]
Cc: v6ops@ietf.org
Subject: Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 22:39:26 -0000

On Tue, 29 Oct 2013, Nick Hilliard wrote:

> On 29/10/2013 20:52, Andrew Yourtchenko wrote:
>> Thanks. Not sure whether it should actually be another section or not -
>> "Control plane and data plane" - RAs are sent by an entity that is in the
>> path, whereas the DHCPv6 may be sent by an off-path entity...
>
> this brings up another important issue, namely source address validation.
>
> I'm not sure if it's relevant to bring this up in your draft, but the
> requirement to handle snooping two new protocols for effective lan source
> address validation seems to be more than most vendors can handle at the
> moment, which means that as operators we are very exposed to rogue RAs and
> rogue DHCPv6 packets flying around networks.
>
> [Once upon a time, all we needed was vendor support for dhcp snooping and
> ARP inspection.  Now we need an entire IETF working group to handle the
> complication that the IETF has brought upon itself by overthinking ipv6 lan
> requirements.  Is this progress?]

[ It creates the jobs lost due to simplicity gained by the absence of 
NATs. :-) ]

I've captured the non-bracketed part of your comment into a
separate section, even if it is not really a comparison.

Maybe given that all the rest of the bullet points is implicitly "Reasons 
for keeping both of the protocols implemented in the nodes - they are useful 
in different circumstances",  I should create a part "Reasons 
for having only one of the protocols running in a particular network" ?

--a