IETF Logo Mail Archive

Re: [v6ops] IA_PD bit in RA

Owen DeLong <owen@delong.com> Fri, 13 December 2013 22:03 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1D21ADFC7; Fri, 13 Dec 2013 14:03:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.991
X-Spam-Level:
X-Spam-Status: No, score=-0.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVmckKHpSWv0; Fri, 13 Dec 2013 14:03:08 -0800 (PST)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id AA4501AE41A; Fri, 13 Dec 2013 14:03:08 -0800 (PST)
Received: from [50.94.79.230] ([50.94.79.230]) (authenticated bits=0) by owen.delong.com (8.14.2/8.14.2) with ESMTP id rBDM1Sfp024656 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 13 Dec 2013 14:01:39 -0800
X-DKIM: Sendmail DKIM Filter v2.8.3 owen.delong.com rBDM1Sfp024656
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=delong.com; s=mail; t=1386972099; bh=Yq59ZHBxccaD/gRBaa4O1tAtoBI=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=wUaTidl6X2RCFEk22aFIQAuq7hECHUnIr/0XpFY+YxhvhI35hX3sGhUss5mRqmFMf zWdujF1BT/fakugGBomhrYUejQr0KEXR2ZXYd04Lj3EcQoyZpR5jv25EXa1MmTOwZz O6tbejrk0Opf1E8UPTImM/b1lo676qL6PzTB0S60=
Content-Type: multipart/alternative; boundary="Apple-Mail=_894A71C7-6DD4-480E-B6DF-1EDB63E8C52F"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <52AB7BB6.2080002@gmail.com>
Date: Fri, 13 Dec 2013 14:01:19 -0800
Message-Id: <8FD5ECFA-A4E6-484D-8A5C-F8C6BC1AEDCC@delong.com>
References: <96747494E3D74D41B20907035DB1E48DC7BB@MOPESMBX03.eu.thmulti.com> <96747494E3D74D41B20907035DB1E48DCD72@MOPESMBX03.eu.thmulti.com> <alpine.DEB.2.02.1312100803370.24602@uplift.swm.pp.se> <F92E1B55-C74B-400C-B83E-6B50D175D121@steffann.nl> <7B4820C5-B562-4BE7-8C6A-CBCDABC39728@nominum.com> <A583EFC3-71BB-4962-875C-4AB775D13491@delong.com> <46BE373C-D476-4D83-B014-56B77FD3D67E@nominum.com> <39280481-09C5-41ED-B79E-99DBBD329F44@employees.org> <52A8343C.3040202@gmail.com> <CAAedzxq6ym-uZJQVC7JTMgKnETpGiNt3JCmkJeGW2MVnw+sixA@mail.gmail.com> <52A83C92.4020204@gmail.com> <A1A3DD00-96D8-4D73-B5F1-1CA705196689@delong.com> <52A9A93F.8050804@gmail.com> <9CB9D172-BA78-492B-B836-D7A9C6CB11A5@delong.com> <52AAEDDA.6010504@gmail.com> <FED11C95-5D12-410E-8D8C-CB8A9F5D79C1@delong.com> <52AB318C.2050704@gmail.com> <D6167580-AFC2-404D-8077-229226F2EB5C@delong.com> <52AB4716.4040902@gmail.com> <D1841BDB-6670-43CF-A4F9-A3C2A04B2A42@delong.com> <52AB7BB6.2080002@gmail.com>
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>
X-Mailer: Apple Mail (2.1822)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0rc1 (owen.delong.com [192.159.10.2]); Fri, 13 Dec 2013 14:01:39 -0800 (PST)
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, 6man WG <ipv6@ietf.org>
Subject: Re: [v6ops] IA_PD bit in RA
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2013 22:03:10 -0000

>> I would think that the rational thing to do in an environment where
>> you want to provide DHCP-PD and not other information via DHCP
>> (which is hard for me to imagine why, but let's ignore that for the
>> moment) would be to advertise an O bit and then answer with empty or
>> negative responses for non PD requests.
> 
> Right - reset M, set O and answer negatively to non-PD DHCP requests.
> 
> But how about when the Delegated Prefix is available,
> but via 'other other' means than DHCP such as Radius, or via PPP?  There
> is no bit for that either.  The 'O' and 'M' bits apply only to DHCP.

There’s no support for this, nor do I think I would expect there to be support for this in RA.

In the cases of PPP and RADIUS, you are already having an authentication or other negotiation process with the server and I would presume that there would be mechanisms in those negotiations to handle this. For example, in RADIUS, the prefix(es) should be sent as additional attribute/value pairs. In PPP, I presume it would be part of the IPCP6 process, but I admit I haven’t looked at those details.

> It would be clearer if there were 1 bit for each of the fundamental
> addressing aspects (address, default route, delegated prefix, etc.) and
> each would be 'O' - Address available by other means than this RA,
> Default route available by other means than this RA, Delegated prefix
> available by other means than this RA, etc.

I don’t see the advantage to this way of approaching it. Please present a use case where this offers a clear advantage over the existing mechanisms which would warrant an incompatible modification to everyone else’s expectations and existing software. Absent a compelling advantage to such a change, I just don’t think the risk/reward proposition makes sesne.

>> If you can't be sure the flows expired (easy with TCP, harder with
>> other protocols), then you use the Valid timer and you're done.
> 
> I haven't seen this done elsewhere…

The neighbor discovery RFC is pretty clear about it from my reading. What is unique in what I propose is that you stop resetting the client-side valid-time and desired-time timers when you receive a service-side RA that would normally result in resetting them. However, for renumbering the client side from 64share to delegated prefix, it seems to me that it is very reasonable to immediately poison the desired time and then withdraw the prefix from subsequent RAs. This will allow the clients to preserve their existing flows until the valid timer counts down to zero. The router can remove the prefix from the interface at time <t_last_ra_issued>+<valid_time_in_last_ra_issued>.

Owen

v2.23.0 | Report a Bug | By Email