IETF Logo Mail Archive

Re: [v6ops] draft-templin-v6ops-pdhost a working group draft?

Mark Smith <markzzzsmith@gmail.com> Mon, 18 December 2017 19:28 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD067120454 for <v6ops@ietfa.amsl.com>; Mon, 18 Dec 2017 11:28:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.026
X-Spam-Level: *
X-Spam-Status: No, score=1.026 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.626, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFVgqmhM9Ne5 for <v6ops@ietfa.amsl.com>; Mon, 18 Dec 2017 11:28:33 -0800 (PST)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43A9112D860 for <v6ops@ietf.org>; Mon, 18 Dec 2017 11:28:33 -0800 (PST)
Received: by mail-ua0-x22f.google.com with SMTP id l36so11442355uae.4 for <v6ops@ietf.org>; Mon, 18 Dec 2017 11:28:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=T3Kc5b1X6rpLgu0ra9htRT/wKpFpEUAL3CP8FDvC69I=; b=QeclbUermoQurFTdTgrSfqErsB6VvHFbU5masQ7Ab1mexzuIbrVOLjX0EqVUW0zA/k YUskFT8RXnN+Zq4i8arXjGpMPr6W5nGULsuPv8MvW/IwQ+3ba5cJEioypeMRbKIftllk egHrMkVTjQAx10S9pHoIZiZCyVxJ85YLChvuMTu1yMOPizHw0/N1atFcPv/iy4lyiIhD Bl/hqYE8tLeavKEQJcx2Qt+81wDvxOxK7stLyv2bS+QClexfl6lwbu6fG2oHIphxG3en i6qA074VwPR7Doi+Jb+1gytyc/HO9755HwQj/1O2c32r+9fl6lHLdu9OJE7D8g2/fKZH Wh2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=T3Kc5b1X6rpLgu0ra9htRT/wKpFpEUAL3CP8FDvC69I=; b=Z+QmwW80NL3D/RglQyZaAZld8aE65RwdObL8SzRV/48rw1mYHLqlySGUST2brhyDZk ikGEijjYez0pf2InodApAcqUAG4TUS1KR8DSp4vcp4J+bfiVx4buLiLU+klXdDN0vIu1 6RjD9OzipLgKkCAB6OPbE0rmUiQKj7g1VNNeOnSkJQSTgw87HkSeqvD+2TwDzJacl1xA XQbIntiHN7OhfwpxGLawnvEQXlxGBdzK5tXL3lo6zrDdAGgpGSzBshvnIEb3dVDUMo60 QrnIIWOMp+X9BXT+/Em9EcAhYf0rXfcdcmPgf9RJxSMSZj2Hk25ciC4m/8jPkGlFj6sY qULg==
X-Gm-Message-State: AKGB3mID5l2EHzB8/Cq52z658btUtClBL5yoJxSurl3gyG67iwi7qKL8 zi6WaR1izm3GnCHoMAouE3joRpJ/P4cQ9cvD0RI=
X-Google-Smtp-Source: ACJfBouhgatVrRwJzMjZh6tEXVX2YYyxQfiYx8cQbqgb+efNg8nhXX3k24KLj34r+5IeXMMnrxENZIgcwd97cEyTIxc=
X-Received: by 10.176.78.17 with SMTP id g17mr882215uah.169.1513625312044; Mon, 18 Dec 2017 11:28:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.56.218 with HTTP; Mon, 18 Dec 2017 11:28:01 -0800 (PST)
In-Reply-To: <A63D4282-02EA-45C2-B3E1-6CD345CCE0EA@employees.org>
References: <b9e5919554204ad48f33740eaac4ccb8@XCH15-06-08.nw.nos.boeing.com> <DB4EE076-6231-4305-8514-0CC165C9EFD9@gmail.com> <827FCFAE-6A5A-4BC8-AF20-0A7D65F4EEB1@employees.org> <e1590482-b8ce-ccf1-1d71-873e1b6d7285@gmail.com> <0FF2EE3E-C839-48AC-B169-B39B5E01C95A@employees.org> <26114dec-a4a7-d96d-a925-bef0100d80cf@gmail.com> <fdcac9d5c361485986575f522d0d9f21@XCH15-06-08.nw.nos.boeing.com> <CAO42Z2yZijv_VZ7BqTo8ALD4faZKnHXX1YxxiwuJFK5TPgZczg@mail.gmail.com> <263a3201-fc29-2662-4abd-971272f33e5b@gmail.com> <CAO42Z2xLeBFs44LmhuOksGJV_HvPiRX=o06pkocQtrNKW5YnUQ@mail.gmail.com> <A63D4282-02EA-45C2-B3E1-6CD345CCE0EA@employees.org>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 19 Dec 2017 06:28:01 +1100
Message-ID: <CAO42Z2yxJxBaCAvfL3C707_ZXqi4960ZymwqHMYY6qgjwGnoSg@mail.gmail.com>
To: Ole Troan <otroan@employees.org>
Cc: Alexandre Petrescu <alexandre.petrescu@gmail.com>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/tK9CpOVdP6GFGn_VyD0mehiwe2A>
Subject: Re: [v6ops] draft-templin-v6ops-pdhost a working group draft?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2017 19:28:35 -0000

Hi Ole,

On 17 December 2017 at 21:20, Ole Troan <otroan@employees.org> wrote:
> Mark,
>

<snip>

>>>> This "route injection" BGP router(s) would need to somehow learn of the
>>>> host assigned prefixes when they're assigned to then inject the assigned
>>>> host prefixes.
>>>
>>>
>>> But then, how that 'route injection' BGP router learns these prefixes?
>>> If the 'route injection' BGP router is the DHCP Relay, then it is very
>>> easy: they are processes on the same filesystem and they can coordinate
>>> easily.
>>>
>>
>> In some unspecified way. Point I'm making is that it isn't a necessity
>> that the first hop router is the one that injects the route. In a
>> large network running BGP there can be value in more centralising
>> functions such as route advertisement e.g. BGP Route Reflectors.
>>
>> e.g if you have centralised DHCP server infrastructure, a few BGP
>> routers adjacent to the DHCP servers that are injecting routes would
>> reduce the need to have each and every first hop router perform that
>> function.
>
> If hand waving is all that’s required, sure. :-)
> - how do you “know” the next-hop address of first-hop or last-hop?

If DHCPv6 is being used with the first hop router as a Relay, then the
Relay address could be used as the BGP NEXT_HOP address. Similarly, if
RADIUS accounting records assignment of prefixes to hosts, then the
RADIUS NAS address could be used as the BGP NEXT_HOP address for the
prefix.

If the assignment of prefixes is entirely local to the first hop
router, with no involvement of or reporting to an external service,
then it would be necessary for that first hop router to announce the
host prefix. However, in that case there would likely be a pool of
prefixes to assign to hosts, known to be assigned to a particular
first hop router, so BGP could be used to inject that route somewhere
other than at the first hop router.

> - how do you program the fib of the first-hop router?

In most cases I would expect the first hop router to put the host
assigned prefix in its own FIB, as it was involved in assigning it.

However, if the first hop link has a GUA or ULA prefix, and the host's
address on that link is known externally, as well as the assigned
prefix via RADIUS, then BGP could also be used to program the first
hop router's FIB - the prefix would be injected with the BGP NEXT_HOP
set to the individual hosts' first hop link GUA or ULA address.

Some of these examples are convoluted and unlikely to be used. Others
could be useful depending on goals or network architecture. I
commented really just to show that an absolute statement that the
first hop router must announce the host assigned prefix(es) into the
routing domain isn't necessarily correct if BGP is being used.

Regards,
Mark.


>
> Sure, you can do that with some out-of-band mechanism, but you’re still only hand waving.
>
> Cheers
> Ole
>
>
>>
>>> (the DHCP Relay must be the first-hop router from the perspective of the
>>> pdhost).
>>>
>>>> Haven't thought enough about whether it would be worth doing this
>>>> way or not. It might be operationally better or simpler to have a
>>>> smaller set of routers do this type of injection on a network rather
>>>> than having all first hop routers, which could, for example, number
>>>> in the 1000s, do it.
>>>
>>>
>>> A question is who triggers the 'route injection' BGP router to inject:
>>> is it the Server or the Relay?  If it is the Relay, then one may end up
>>> with 1000s of Relays not doing route injection, but triggering 1000
>>> messages to the 'route injection' BGP router which in turn would inject
>>> routes.
>>>
>>> (as a side note, in a certain deployment there is no DHCP Relay, and the
>>> DHCP Server is a unique and big machine that executes also BGP and does
>>> the BGP route injection too upon prefix delegation).
>>
>> That's a possible model, although I don't like "big machines" because
>> the consequence of their failure as also usually big.
>>
>> It's finding the right balance between highly distributed and highly
>> centralised, weighing up the trade-offs between.
>>
>>
>>>
>>> Alex
>>>
>>>>
>>>> Regards, Mark.
>>>>
>>>>> It also has to honor route lifetimes, route revocations and
>>>>> link-layer address changes of the requesting router.
>>>>>
>>>>> I think this latter point is one that may need some further
>>>>> consideration. If the requesting router's link-layer address
>>>>> changes, and the requesting router signals the first-hop router by
>>>>> sending unsolicited NAs, wouldn't it be much easier if the
>>>>> first-hop router were also an active participant in the prefix
>>>>> delegation process? Because, an off-link entity would never see the
>>>>> NAs.
>>>>>
>>>>>>> If you do not topologically restrict the problem, how do you
>>>>>>> solve it? Among separate administrative domains.
>>>>>>
>>>>>>
>>>>>> Agreed. It can get very tricky. I just prefer the language in the
>>>>>> draft not to be restrictive.
>>>>>
>>>>>
>>>>> I think the language can be relaxed, but I go back to the point
>>>>> about the first-hop router also being an active participant in the
>>>>> PD exchange. AFAICT, the first-hop router is the only node that can
>>>>> both inject the prefix and observe the on-link behavior of the
>>>>> requesting router.
>>>>>
>>>>> Thanks - Fred
>>>>>
>>>>>> Brian
>>>>>>
>>>>>>>
>>>>>>> Ole
>>>>>>>
>>>>>>>> On 15 Dec 2017, at bu20:07, Brian E Carpenter
>>>>>>>> <brian.e.carpenter@gmail.com> wrote:
>>>>>>>>
>>>>>>>> On 16/12/2017 02:21, Ole Troan wrote:
>>>>>>>>>>>
>>>>>>>>>>> Please review and send any new comments to the list,
>>>>>>>>>>> and please confirm whether earlier comments have been
>>>>>>>>>>> addressed.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> It continue to describe the entity delegating the prefix
>>>>>>>>>> as a "Delegating Router 'D'". The IPAM (IP address
>>>>>>>>>> Management, and by
>>>>>>
>>>>>> extension IP Prefix Management) software can be implemented in a
>>>>>> computer sold as a router, but there is no requirement that it
>>>>>> be, and it usually is not. As a matter of fact, if a router is a
>>>>>> system that forwards messages directed to addresses other than
>>>>>> its own, in the context of an application such as a DHCPv6
>>>>>> address/prefix management process, it is acting as a host, not a
>>>>>> router.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Prefix delegation, more so than address assignment is
>>>>>>>>> coupled with the routing system. Which is why RFC3633 only
>>>>>>>>> described a model where the delegating router and
>>>>>>>>> requesting router was directly connected.
>>>>>>>>
>>>>>>>>
>>>>>>>> They're coupled, but it isn't logically required that the
>>>>>>>> entity that gives prefix P to a device is also the upstream
>>>>>>>> router that will include P in an aggregate. I agree that's a
>>>>>>>> natural implementation, but it isn't the only one. IPAMs and
>>>>>>>> their generalisation in CASM, and
>>>>>>>> draft-ietf-anima-prefix-management, are alternatives.
>>>>>>>>
>>>>>>>> So I agree - it is a false assumption that the prefix
>>>>>>>> delegator is a router, and that the delegation mechanism is
>>>>>>>> RFC3633.
>>>>>>>>
>>>>>>>> As far as the draft goes, I'd like to see this qualified:
>>>>>>>>
>>>>>>>> "An example IPv6 PD service is the Dynamic Host Configuration
>>>>>>>> Protocol for IPv6 (DHCPv6) [RFC3315][RFC3633].  An alternative service
>>>>>>>> based solely on IPv6 ND messaging has
>>>>>>>> also been proposed [I-D.pioxfolks-6man-pio-exclusive-bit]."
>>>>>>>>
>>>>>>>> Maybe by adding that other, non-router, mechanisms may
>>>>>>>> exist, such as proprietary IPAMs,
>>>>>>>> draft-ietf-anima-prefix-management and
>>>>>>>> draft-sun-casm-address-pool-management-yang (expired).
>>>>>>>>
>>>>>>>> Brian
>>>>>>>>
>>>>>>>> _______________________________________________ v6ops mailing
>>>>>>>> list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________ v6ops mailing
>>>>>> list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________ v6ops mailing list
>>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>
>>>>
>>>> _______________________________________________ v6ops mailing list
>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>
>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email