Hello, Dale,
Thanks so much for your feedback! Please find my responses in-line....
On 30/8/20 22:14, Dale Worley via Datatracker wrote:
Reviewer: Dale Worley
Review result: Ready with Nits
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.
For more information, please see the FAQ at
<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
Document: draft-ietf-v6ops-slaac-renum-03
Reviewer: Dale R. Worley
Review Date:
IETF LC End Date: 2020-09-09
IESG Telechat date: [not set]
Summary:
This draft is basically ready for publication, but has nits that
should be fixed before publication.
Overall, the draft is fine, but there are various places where the
wording could be amplified or improved to make matters clearer to the
less-well-prepared reader (like me).
Minor issues:
There is one technical aspect that doesn't seem to be addressed
explicitly: Given that a router should never advertise a prefix via
SLAAC that extends beyond the lease time it has received via DHCP,
even if the router is restarted and it receives a new prefix via DHCP,
the old prefix remains delegated to the network for the remainder of
its lease time, and in a way, it remains *valid* for the hosts to use
addresses derived from the old prefix for the remainder of the
lifetime they received from SLAAC. The existence of this document
shows that such usage does not work well, but perhaps there is some
place early in the discussion where it can be made clear that validity
is not sufficient in practice.
Flash renumbering essentially breaks that premise.
In all of the scenarios discussed in Section 1, a prefix that was
originally valid, has become invalid.
In principle, when a prefix is advertised via SLAAC, it means "you can
use this prefix for 'Valid Lifetime', unless you hear otherwise from
me". For a number of reasons, hosts may not hear otherwise from the
router -- whether because the router fails to signal that condition, or
because hosts fail to receive that notification. Besides, as noted in
the document, the current spec prevents hosts from honoring Valid
Lifetimes smaller than two hours.
Nits/editorial comments:
1. Introduction
[...] but will normally retain and actively employ the addresses
configured for the previously-advertised prefix, since their
associated Preferred Lifetime and Valid Lifetime allow them to do
so.
Naively, it seems like the new prefix will almost always have longer
lifetime values than the old prefix, and given that this seems to be
how orderly renumbering causes hosts to transition from using the old
prefix to the new prefix, it's not clear how hosts "will normally
... actively employ the addresses configured for the
previously-advertised prefix". Naively, hosts only seem to be
permitted to employ the old prefix, but the preferred behavior would
be to use the new prefix whenever possible.
Not really. Different routers may employ different lifetimes for the
prefixes they advertise. And a given router may also employ different
lifetimes for the different prefixes it advertises. So comparing the
advertised lifetimes of two different prefixes is not meaningful.
Please see:
https://tools.ietf.org/html/draft-ietf-6man-slaac-renum-01#appendix-A.2
for further details.
o During the planned network renumbering, a router may be configured
to send an RA with the Preferred Lifetime for the "old" Prefix
Information Option (PIO) set to zero and the new PIO having non-
zero Preferred Lifetime.
This sentence reminds me: There are a number of places where PIO is
mentioned. My understanding from here is that PIO is only used in RA,
so for simplicity/clarity, mentions of PIO should always include that
they are within RAs, so that the reader remember that all prefix
announcements are either RAs or SLAAC. Conversely, if PIOs are used
both by SLAAC and RAs, that should be emphasized early on, so the
reader knows that later mentions of PIOs apply to both protocols
equally. Then again, perhaps RAs are messages within SLAAC, in which
case that should be made clear. In any case, the document should
state the relationship between SLAAC, RA, and PIO.
FWIW, I would expect that part to be somehow addressed by including
RFC4861 and RFC4862 as normative references.
That said, I guess one could add something like this to the Intro:
"IPv6 Stateless address autoconfiguration (SLAAC) [RFC4862] conveys
information about prefixes to be employed for address configuration via
Prefix Information Options (PIOs) sent in Router Advertisement (RA)
messages".
Would that do?
o Automated device config management system performs periodic config
pushes to network devices. If such a push results in changing the
subnet configured on a particular network, hosts attached to that
network would not get notified about the subnet change, and their
addresses from the "old" prefix will not be deprecated.
Naively it seems than when a router receives such a config push, it
would as a matter of course tell the attached hosts that the prefix it
gave to the hosts is no longer configured, as indeed, that prefix is
no longer configured. I think you want to add some statement that
when routers receive config pushes they often(?) simply immediately
forget their previous configuration, rather than withdrawing it
gracefully.
Will do.
In various places, "timely" and derived words are used. In some
places, the text asserts that certain intervals are not timely (in an
absolute sense) without any discussion about what the standard of
timeliness is. It seems that some such discussion needs to be made,
or a statement made that such a discussion needs to be undertaken as
part of the work.
There's not really a standard for timeliness. Throughout the document,
whenever we refer to something as "timely" we mean: "a period of time
that seems sensible to the user".
For example, at come I use this:
Prefix : xxxxxxxxxxxxxxxx::/64
On-link : Yes
Autonomous address conf.: Yes
Valid time : 1800 (0x00000708) seconds
Pref. time : 900 (0x00000384) seconds
That is, 30 minutes for the valid lifetime, and 15 minutes for the
preferred lifetime.
I have experienced the problem described in our document recently.
However, it only happens (if it does), when I reboot my router. Since
that, whether explicitly or implicitly (as a result of a blackout) is
not happening frequently 15' (at most) to prefer a newer address or 30'
(at most) to completely get rid of old addresses is good enough.
If the problem happened more frequently, I would certainly reduce such
values probably to a half of the current values.
Some devices have implemented ad-hoc mechanisms to address this
problem, such as sending RAs to invalidate apparently-stale
prefixes [...]
This seems to contradict the statement in section 2.3 that an RA
cannot effectively reduce the Valid Lifetime of a prefix (as
maintained by a host) to zero: "Item e) [...] specifies that an RA
may never reduce the "RemainingLifetime" to less than two hours."
Indeed, a crux of this document is that there is no way for a router
to immediately invalidate the use of a prefix on a network whose
addressing it configures. So the described mechanism needs to be
clarified.
How about s/invalidate/deprecate/?
2.2. Default Timer Values in IPv6 Stateless Address Autoconfiguration
For obvious reasons, the whole point of using timers in this way is
that, in problematic scenarios, they trigger some recovery action.
I think you want to expand this by saying "This action should minimize
the time the fault is visible to higher levels of the protocol stack,
or ideally, prevent it from becoming visible." Possibly move this
above the preceding paragraph, and extend that paragraph with
"Ideally, retransmission enables the higher-level protocol to proceed
without disruption, only delay."
FWIW, we're not really delving into such details, but rather simply
noting that, whenever you use a timer in a protocol, you do it in a way
that the timer goes off at a time when there's direct correlation with
an associated event (e.g. "something is wrong") - that's irrespective of
whether the fault is visible by the upper layers or not.
Put another way: there is no point in setting a timer if the timer will
go off at a time that will likely have no correlation with the event
that caused the timer to go off, or at a time where addressing the issue
that caused the timer to go off does not make sense anymore.
e.g., you wouldn't set TCP's RTO to 30 days...
Under normal network conditions, these timers will be reset/refreshed
to the default values. However, under problematic circumstances,
It seems like the first sentence is not to the point of this
paragraph, and it would be clearer just starting with "Under problematic
circumstances ...".
Not sure what you mean. Could you clarify?
2.4. Lack of Explicit Signaling about Stale Information
[...] such signaling would be mostly ignored.
This needs clarification why it is "mostly" rather than "always".
Here we mean that, in practice, the signal is ignored. (the packet *is*
received and processed, but as per the current specs, hosts would reduce
the Valid Lifetime further than two hours). Nowadays, there are
implementations that are not compliant with the specs in this respect..
so some implementations would honor the signal, while others would not.
3.2. SLAAC Parameter Tweaking
However, while the aforementioned values are an improvement
over the default values specified in [RFC4861], they will not
lead to a timely recovery from the problem discussed in this
document.
As mentioned above, this implies an absolute standard of timeliness,
but no such standard has been discussed. > It's also unclear why this
document chose the particular values listed, given that it considers
them too long. Why not just propose values that would give acceptable
behavior?
Please see my note about regarding "timeliness".
The values represent a tradeoff. As you reduce them, you increase
responsiveness, but also typically lower robustness with respect to
packet loss. And if you retransmit RAs more frequently, you e.g. harm
battery life of mobile devices.
So this are values that result in prefixes being deprecated in a
timelier manner, while being within the current specs and BCPs
(RFC4861/RFC7772). If needed, we could note this, or add a reference to
[draft-ietf-v6ops-cpe-slaac-renum] where we discuss this.
Thanks!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call