Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem

Mark ZZZ Smith <markzzzsmith@yahoo.com.au> Thu, 24 October 2013 19:44 UTC

Return-Path: <markzzzsmith@yahoo.com.au>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C218511E81DC for <v6ops@ietfa.amsl.com>; Thu, 24 Oct 2013 12:44:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.785
X-Spam-Level:
X-Spam-Status: No, score=-1.785 tagged_above=-999 required=5 tests=[AWL=0.314, BAYES_00=-2.599, FROM_LOCAL_NOVOWEL=0.5]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQweMCGUX8oG for <v6ops@ietfa.amsl.com>; Thu, 24 Oct 2013 12:44:28 -0700 (PDT)
Received: from nm39-vm9.bullet.mail.bf1.yahoo.com (nm39-vm9.bullet.mail.bf1.yahoo.com [72.30.239.153]) by ietfa.amsl.com (Postfix) with ESMTP id 2586011E8209 for <v6ops@ietf.org>; Thu, 24 Oct 2013 12:44:20 -0700 (PDT)
Received: from [98.139.215.140] by nm39.bullet.mail.bf1.yahoo.com with NNFMP; 24 Oct 2013 19:44:20 -0000
Received: from [98.139.212.215] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 24 Oct 2013 19:44:20 -0000
Received: from [127.0.0.1] by omp1024.mail.bf1.yahoo.com with NNFMP; 24 Oct 2013 19:44:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 86529.3286.bm@omp1024.mail.bf1.yahoo.com
Received: (qmail 42297 invoked by uid 60001); 24 Oct 2013 19:44:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.au; s=s1024; t=1382643859; bh=5gZmKSjSvTChVWxPsf45i8IuwB6Hvy5bAhTtpKWzxKs=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=mK/rIp5/Q/KzWPdM6qxQ9rZR5FGKi5ZSFBiVtDuC0H3Uf8w21pDAEr4P6i5FvHyaIBblIshSMfbEseN6xDX4GWScyjh4m2st1zlTILce1+3NyYrk5YhYeBqFbOPW8PfabUodrbez3OVnKaISZQElS963dybCEr1XbuqUnbR+sUc=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.au; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=AK8wylmoFNTho7mdJ4OmdzslBE7w7Rn1KlNke2+cZokPssQeE9Duy4oGdYMluUi6yqQlc5neLCkZm+SZ0Yqf0tfybl3QEWd2Y0XLwhltqPuVjv4SZaWR0E3UIehAKhJgL2jpxg68jOv4wUuzFQRi3hT3JthR2KTPzlct8RUXSYE=;
X-YMail-OSG: rIuyjAMVM1kFTbjddKH41dYo_PbhST3B_Ei1sQhzi.nSaQ9 E7kMfAc7.7uMuh_Thj212u5eHLUVxnlKuaa6N_DX2jrBb3bAybs__7aMW139 US9bJErFaB.6Np_oCRC_1S66kvM7KaROLTeqmDeIyvrIO2dhVuKiIaDyyfiO P5kI.G2U9Pd69n8pZlyjfn3KJH1NCyLrSRgcon2LqBJE3kPlcICROhkvfCsA etUMUMnm_7i_IZZDRzX36hZFA31ASz5_9eyPRp9kejmj8DO73B6UiXlAmShe DqLtok_Ag8b6NBN6jzjfwswiSJpNfsrIdKrDKBKenAsLr28pdU4rBTvnyeCb D.YFlx3rrf0R5qNKu8sHbHd8PMBh.ZN0W8OCAFV5Mo4zisqzgb.hLjzZMNiM _38DXkOI2ULRbPGAw.4.pydpA2CSSOdufVYZ6W8biTj_VCKPUjSVQnBjXduB abqRo6F04cdoy9FifSzTPpn2NMDRPbOY8UhklVD7WwoR3PlvU7FViWdn0jtF NiYgxAUhzTDEwrjyvUI8mWSDyd57KhsSGcW.P7d4EV5WsNqmotgG0p0nw6Pi H.j6w5y4Fg4_5m8ipW_B2GCWAFJsUghweoU6CitUY0g--
Received: from [150.101.221.237] by web142503.mail.bf1.yahoo.com via HTTP; Thu, 24 Oct 2013 12:44:18 PDT
X-Rocket-MIMEInfo: 002.001, CgoKCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0KPiBGcm9tOiBOaWNrIEhpbGxpYXJkIDxuaWNrQGluZXguaWU.Cj4gVG86IE1hcmsgWlpaIFNtaXRoIDxtYXJrenp6c21pdGhAeWFob28uY29tLmF1PjsgT2xlIFRyb2FuIChvdHJvYW4pIDxvdHJvYW5AY2lzY28uY29tPgo.IENjOiAidjZvcHNAaWV0Zi5vcmciIDx2Nm9wc0BpZXRmLm9yZz47ICJkcmFmdC1saXUtYm9uaWNhLXY2b3BzLWRoY3B2Ni1zbGFhYy1wcm9ibGVtQHRvb2xzLmlldGYub3JnIiA8ZHJhZnQtbGl1LWJvbmljYS12Nm9wcy1kaGNwdjYBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.160.587
References: <201310211245.r9LCj0B29668@ftpeng-update.cisco.com> <alpine.DEB.2.02.1310211454090.26825@uplift.swm.pp.se> <8AE0F17B87264D4CAC7DE0AA6C406F453D7CC14B@nkgeml506-mbx.china.huawei.com> <alpine.DEB.2.02.1310221511520.8663@uplift.swm.pp.se> <1382469405.56346.YahooMailNeo@web142504.mail.bf1.yahoo.com> <alpine.DEB.2.02.1310230533340.1838@uplift.swm.pp.se> <1382519509.39565.YahooMailNeo@web142502.mail.bf1.yahoo.com> <55F2A998-0417-4C19-B248-AA2A80EBF29C@cisco.com> <52679F9F.7040403@inex.ie> <1382556056.28376.YahooMailNeo@web142505.mail.bf1.yahoo.com> <52689EE0.3030201@inex.ie>
Message-ID: <1382643858.41679.YahooMailNeo@web142503.mail.bf1.yahoo.com>
Date: Thu, 24 Oct 2013 12:44:18 -0700 (PDT)
From: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
To: Nick Hilliard <nick@inex.ie>, "Ole Troan \(otroan\)" <otroan@cisco.com>
In-Reply-To: <52689EE0.3030201@inex.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-liu-bonica-v6ops-dhcpv6-slaac-problem@tools.ietf.org" <draft-liu-bonica-v6ops-dhcpv6-slaac-problem@tools.ietf.org>
Subject: Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 19:44:33 -0000




----- Original Message -----
> From: Nick Hilliard <nick@inex.ie>
> To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>au>; Ole Troan (otroan) <otroan@cisco.com>
> Cc: "v6ops@ietf.org" <v6ops@ietf.org>rg>; "draft-liu-bonica-v6ops-dhcpv6-slaac-problem@tools.ietf.org" <draft-liu-bonica-v6ops-dhcpv6-slaac-problem@tools.ietf.org>
> Sent: Thursday, 24 October 2013 3:15 PM
> Subject: Re: [v6ops] DHCPv6/SLAAC Make Hosts Confusing-//RE: new draft: draft-liu-bonica-v6ops-dhcpv6-slaac-problem
> 
> On 24/10/2013 03:20, Mark ZZZ Smith wrote:
>>  RAs are prehaps misnamed. They're not really router advertisements,
>>  they're advertisements (typically) sent from routers. View them as 
> layer
>>  3 configuration protocol packets, because they do far more than
>>  advertise a default router, and don't even need to advertise a default
>>  router to be useful.
> 
> I know what RAs are.  Both protocols provide info to network hosts
> necessary for functional ipv6 connectivity.  They have different
> approaches, but they are both lan configuration protocols.
> 
> If you feel that SLAAC+DHCPv6 or SLAAC only is the right thing for you,
> then that's great and I'm really happy for you.
> 
> There is a tiny amount of protocol glue missing which would allow dhcpv6 to
> act as a fully functional standalone protocol

No, there is lots of glue missing. You'd have to define DHCPv6 options for all of the functions I listed. You'd also have to define an option conflict resolution method or methods for those options, when they happen to be supplied by both RAs and DHCPv6. It may be argued that an network operator shouldn't be doing this, but it might happen accidentally, because your mother is not a network operator, and in the interests of robustness, and more importantly Internet user satisfaction (also your mother), the IETF must not ignore those consequences.

By leaving these RA options out of DHCPv6, the IETF is doing better - it is preventing this problem ever occurring, rather than having to then solve it after having then just creating it. I don't think this problem has been solved for DNS options in RAs (duplication in the other direction), so I won't be confident people would get around to solving it if RA options are put in DHCPv6.


>, and the various attempts to
> introduce this glue have been shot down repeatedly,
> mostly on the basis of

> arguments like "how do you expect your network to work when critical
> components of your network are broken?", "we don't like 
> duplication of
> functionality at the IETF (but we'll ignore all the other duplicated
> functionality in other ietf protocols)"

So you solve the problem of excess duplication by creating more? 

> or "polling sucks".

> 
> None of these points address the core issue which is that there are a lot
> of operators who have a strong preference to use a single lan configuration
> protocol instead of two protocols with strongly overlapping functionality

If you take address configuration out of DHCPv6, there is no overlapping functionality. Address configuration in DHCPv6 is the thing that is not correctly placed in my opinion, not the existence RAs. 


RAs should be limited to configuring layer 3 IPv6 parameters only, solving the network layer configuration problem, on a per link/subnet basis. Different links can have different layer 3 parameters, so the place to provide those parameters is on a per-link basis, using a link-local protocol.

DHCPv6 should be limited to providing primarily application parameters (and perhaps layer 4 parameters) to hosts, solving the end-to-end configuration problem. This problem exists regardless of the network layer parameters, and the parameters for applications are not restricted to being subnet specific, they're more likely to be global across the network, so a solution needs to be subnet/link-local protocol independent.

http://tools.ietf.org/html/draft-smith-v6ops-ce-dhcpv6-transparency-00#section-2



If you shove everything into DHCPv6, you now start having a circular dependency problem - DHCPv6 requires UDP to work, which requires IPv6 to work, which requires DHCPv6 to work, which requires UDP to work etc., etc.,

> and an ambiguous and poorly defined interaction model.
> 
> There is no reason for DHCP not to to be standalone-capable, so that
> operators can make up their own minds about what to use on their networks.
> 
> I completely understand that you want to use SLAAC on your networks: please
> stop insisting that I run it on mine.
> 

I'm not thinking of you, you're capable of running a network and fixing complicated problems with it. I'm thinking of my mother. How can she build a working IPv6 network without bothering me. Appletalk and IPX achieved this 20 years ago, it is time the Internet protocols met their standards of user friendliness. Avoiding duplication and function conflict visible to end-users is one of the best ways to achieve that.

> Incidentally a couple of minutes ago, Andrew Sullivan just spoke these
> words about the IETF at IGF2013 in Bali:
> 
> "We're not in the business of telling people how to run their 
> networks".
> 

That's true if you don't have to care about interoperability and ease of use.

Less is more. Complex equals more things that can break.


> 
> Nick
> 
>>  They can be use for:
>> 
>>  - changing host MTUs, instead of individual manual configuration on each 
> host
>>  - announce on-link presence of prefixes, exclusive of whether hosts have 
> addresses within the prefix, instead of individual manual configuration on each 
> host
>>  - adjust neighbor discovery parameters (e.g., timers), instead of 
> individual manual configuration on each host
>>  - announce prefix(es) to be used to generate SLAAC addresses, instead of 
> individual manual configuration on each host
>>  - indicate to hosts whether to use DHCPv6 or SLAAC or both (during a 
> transition between SLAAC/DHCPv6 or vice-versa), instead of individual manual 
> configuration on each host
>>  - advertise a default router, and an associated lifetime, instead of 
> individual manual configuration on each host
>> 
>> 
>> 
>> 
>>>  networks.
>>> 
>>>  Nick
>>> 
>> 
>