Re: WG last call on draft-ietf-dhc-relay-agent-flags-00.txt

Ralph Droms wrote:
> There was consensus at the dhc WG meeting in Montreal that
> draft-ietf-dhc-relay-agent-flags-00.txt is now ready for WG last call.  This
> document addresses some concerns raised during the review of
> draft-ietf-dhc-server-override-03.txt.  The two documents will be advanced
> to the IESG together.  We need to confirm on the WG mailing list that there
> is WG consensus for a WG last call.  Please respond to the mailing list by
> Friday, 2006-08-04 if you do NOT think
> draft-ietf-dhc-relay-agent-flags-00.txt is ready for WG last call.

I would like to see my comments sent to the list on July 13 accomodated. 
This might be done as part of wglc though, so I still believe it is ready.

Just my personal opinion, I urge anyone that think it's NOT ready to 
speak up.

Stig

> 
> - Ralph
> 
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg <at> ietf.org
> https://www1.ietf.org/mailman/listinfo/dhcwg

Authentication for DHCP messages

_______________________________________________
dhcwg mailing list
dhcwg <at> ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

Re: Authentication for DHCP messages

Vijayalakshmi Seshadri wrote:
> Hi all
> 
> I have setup dhcp host and client using the code available in 
> http://www.isc.org/     (dhcp-3.0pl1)
> 
>  
> 
> I want the message to encoded and sent between the dhcp host and client 
> according to the RFC 3118 Authentication for DHCP messages.
> 
> What is the options or extra lines to be added in dhcpd.conf or 
> dhclient.conf to have this features .
> 
> If you have any pointers , that will be quite useful too .

AFAIK, supporting the authentication requires code to be written, both on the 
client and the server (and on the relay agent too, if you want to authenticate 
that using RFC 4030).

There is no way to support DHCP authentication just by putting extra lines in 
the configuration files. Sorry!

--
Shane

Consensus for wg last call for draft-ietf-dhc-paa-option-03

As was mentioned in the dhc wg meeting in Montreal, we would like to do 
a wg last call for "DHCP options for PANA Authentication Agents"
<draft-ietf-dhc-paa-option-03.txt> soon.

If there are no objections posted to the dhc wg mailing list by 
2006-08-11, the chairs will start a wg last call for this draft.

The plan is to do a pana wg last call in parallel with the dhc wg one.

Stig

Re: WG last call on draft-ietf-dhc-timezone-option-02.txt

On Sun, Jul 30, 2006 at 06:28:11AM -0400, Ralph Droms wrote:
> The authors have published draft-ietf-dhc-timezone-option-02.txt.  The
> Microsoft timezone option has been removed from this revision, as it has
> been found to be unnecessary.

Minor editorial nit; the document specifies two example strings for
the two options, and does so using "'s.  In one case it separates
the example from the paragraph:

   POSIX string is a string suitable for the TZ variable as specified by
   [1] in Section 8.3, with the exception that a string may not begin
   with a colon (":").  This string is NOT terminated by an ASCII NULL.
   An example might be as follows:

   "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"

In the other, it includes it in its own paragraph:

   TZ Name is the name of a Zone entry in the database commonly referred
   to as the TZ database.  In order for this option to be useful, the
   client must already have a copy of the database.  This string is NOT
   terminated with an ASCII NULL.

   An example string would be "Europe/Zurich".

It may or may not be clear to a reader wether the " characters
are expected to be part of the option contents.

I think if the string and paragraph are separated, such as in the
first case, "'s should not be used (and an extra indent would be
good).  If the string and paragraph are conjoined, as in the second
case, I think the use of "'s is correct and desirable.

Consistency between the two would be good also.

I think this is a minor editorial nit if the author chooses to respond
to it; a beautification excercise, and so I support WG last call on
this document.

--

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		you'll just have to do it again."
Internet Systems Consortium, Inc.	-- Jack T. Hankins

_______________________________________________
dhcwg mailing list
dhcwg <at> ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

New draft for leasequery extension

Hi,

We've incorporated review comments suggested during the WG meeting at Montreal and also from the
discussions on the mailing list. A new draft is available for the same at

http://www.ietf.org/internet-drafts/draft-joshi-dhcp-lease-query-ext-01.txt

Please review the same and provide your comments/suggestions.

Thanks,
Pavan

Pavan Kumar Kurapati
Infosys Technologies Ltd,
Bangalore

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the
addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the
original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any
other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every
reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of
any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or
attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from
this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

Re: Proposed solutions to broadcast issue in Leasequery ext

Andre Kostur wrote:
> pavan_kurapati wrote:
> 
>>>> The solutions that we proposed were
>>>>       1. Create a new option for Access-Concentrator-MAC
>>>>       2. Create a new sub-option in Option 82 for 
>>>> Access-Concentrator-MAC
>>>>       
>>
>>
>> Agreed that (2) is complex and owing to the issues caused by the 
>> change in MAC address(as described in the presentation) and other 
>> issues that you pointed out I think using a new Option  (1) is a 
>> better choice.  I feel that going for both might not be required. If 
>> we can get a new 'option' the same can be used for both normal DHCP 
>> messages as well as Leasequery. L2 relay agent would need to send both 
>> Option 82 and the new option in normal messages and only the new 
>> option in leasequery. Server must echo/append both Option 82 as well 
>> as this new option in its replies.
>>
>>   
> 
> 
> Relays aren't allowed to add extra options to a DHCP packet at will.  
> Option 82 was specially crafted to be allowed to be added by relays 
> (which is also why 82 must be the last option in the packet, exception 
> option 255).  Also, it would be superfluous information in the packet to 
> do (1) & (2) at the same time.  The L2 relay agent would only need to 
> send the sub-opt in normal DHCP relayed packets (allows the DHCP server 
> to be aware of what L2 relay the client passed through, in case it 
> cares), and the L2 relay would only need to add the option into 
> Leasequeries that it originates.

I've finally studied this in detail, I know it's a bit late to enter the 
discussion...

I think it could be made to work with just option 82. For relayed 
messages (non-leasequery) the L2 relay agent could add option 82 with 
the L2 address etc. as you say.

For leasequery you won't have to add any options at all if my 
understanding is correct. The responses to the leasequery should contain 
the value of option 82 that was in the original request. The L3 relay 
can then make use of this. Maybe a bit ugly, but introducing a new 
option requires new server behaviour which is kind of bad as well.

One thing I started to wonder about. The leasequery message should have 
no option 82 when originated by the L2 relay agent. Is it possible that 
the L3 relay might add option 82, causing problems when the server is 
supposed to both echo that back and add the value of option 82 from the 
original request?

Stig

RE: Proposed solutions to broadcast issue in Leasequery ext

Hi Stig,

Please find replies inline

Thanks,
Pavan

Andre Kostur wrote:
>> pavan_kurapati wrote:
>>
>>>>> The solutions that we proposed were
>>>>>       1. Create a new option for Access-Concentrator-MAC
>>>>>       2. Create a new sub-option in Option 82 for
>>>>> Access-Concentrator-MAC
>>>>>     
>>>
>>>
>>> Agreed that (2) is complex and owing to the issues caused by the
>>> change in MAC address(as described in the presentation) and other
>>> issues that you pointed out I think using a new Option  (1) is a
>>> better choice.  I feel that going for both might not be required. If
>>> we can get a new 'option' the same can be used for both normal DHCP
>>> messages as well as Leasequery. L2 relay agent would need to send both
>>> Option 82 and the new option in normal messages and only the new
>>> option in leasequery. Server must echo/append both Option 82 as well
>>> as this new option in its replies.
>>>
>>> 
>>
>>
>> Relays aren't allowed to add extra options to a DHCP packet at will.
>> Option 82 was specially crafted to be allowed to be added by relays
>> (which is also why 82 must be the last option in the packet, exception
>> option 255).  Also, it would be superfluous information in the packet to
>> do (1) & (2) at the same time.  The L2 relay agent would only need to
>> send the sub-opt in normal DHCP relayed packets (allows the DHCP server
>> to be aware of what L2 relay the client passed through, in case it
>> cares), and the L2 relay would only need to add the option into
>> Leasequeries that it originates.

>I've finally studied this in detail, I know it's a bit late to enter the
>discussion...

>I think it could be made to work with just option 82. For relayed
>messages (non-leasequery) the L2 relay agent could add option 82 with
>the L2 address etc. as you say.

Yes, for non-leasequery we can just add another sub-option in Option 82 with a known MAC address to the
network. We were asked to bring this as a new draft. Myself and Stefaan are in the process of creating one.
Will send it out in couple of days

>For leasequery you won't have to add any options at all if my
>understanding is correct. The responses to the leasequery should contain
>the value of option 82 that was in the original request. The L3 relay
>can then make use of this. Maybe a bit ugly, but introducing a new
>option requires new server behaviour which is kind of bad as well.

The problem is that in case of  'non-leasequery' the MAC address that we put in the sub-option is dependent on
whether Access Concentrator does MAC translation or not. If AC does MAC translation then the sub-option
will have MAC address of Access Concentrator. If it is acting as a pure bridge, it will have MAC address of
the client. So, an L3 RA cannot pickup this MAC in LEASEQUERY response and assume that it is AC's MAC
address.  Moreover, how about LEASEUNKNOWN or LEASEUNASSIGNED. They both will not have any option 82 in
them. They will be flooded again in the network.

I think we need to add  a point in the draft saying that if the new option 'access-concentrator-hw-address'
as well as the new sub-option is present (In case of LEASEACTIVE message) the new option should take
precendence over sub-option in L3 RA.

>One thing I started to wonder about. The leasequery message should have
>no option 82 when originated by the L2 relay agent. Is it possible that
>the L3 relay might add option 82, causing problems when the server is
>supposed to both echo that back and add the value of option 82 from the
>original request?

Exactly. I think adding two Option 82s, might not be proper solution.

>Stig

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the
addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the
original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any
other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every
reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of
any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or
attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from
this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

KC Meng/Endicott/IBM is out of the office.

I will be out of the office starting  08/07/2006 and will not return until
08/14/2006.

I will respond to your message when I return.

Does a DHCPv6 Server have to be able to communicate with a Relay Agent?

Hi all,

I have a question regarding DHCPv6 Server vs. Relay Agent.

Does a DHCPv6 Server usually have to be able to communicate with a Relay Agent?
Ex. Even if a DHCPv6 Server uses only on-link.
Does almost all DHCPv6 Server venders implement the functions that are sending Relay-Relpy and receiving
Relay-foward message?

What do you think?

Best Regards,
--

-- 
*************************************
Hideshi Enokihara
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation