Re: [dhcwg] Pre-determining DUID

Ted Lemon <Ted.Lemon@nominum.com> Sun, 18 October 2009 20:55 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 87CF03A67DA for <dhcwg@core3.amsl.com>; Sun, 18 Oct 2009 13:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.854
X-Spam-Level:
X-Spam-Status: No, score=-5.854 tagged_above=-999 required=5 tests=[AWL=0.744, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ar4C-7vYNWuK for <dhcwg@core3.amsl.com>; Sun, 18 Oct 2009 13:55:05 -0700 (PDT)
Received: from exprod7og103.obsmtp.com (exprod7og103.obsmtp.com [64.18.2.159]) by core3.amsl.com (Postfix) with ESMTP id A844C3A67C2 for <dhcwg@ietf.org>; Sun, 18 Oct 2009 13:54:59 -0700 (PDT)
Received: from source ([64.89.228.229]) (using TLSv1) by exprod7ob103.postini.com ([64.18.6.12]) with SMTP ID DSNKStuAqd/M5HjqpNZc9uNPYO3li4kbQpKU@postini.com; Sun, 18 Oct 2009 13:55:12 PDT
Received: from webmail.nominum.com (webmail.nominum.com [64.89.228.50]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "webmail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 41DF01B8282; Sun, 18 Oct 2009 13:55:13 -0700 (PDT)
Received: from [192.168.1.103] (206.128.65.126) by exchange-01.win.nominum.com (64.89.228.50) with Microsoft SMTP Server (TLS) id 8.1.393.1; Sun, 18 Oct 2009 13:55:04 -0700
MIME-Version: 1.0 (Apple Message framework v1076)
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <20091011002522.GA26560@angus.ind.WPI.EDU>
Date: Sun, 18 Oct 2009 13:55:03 -0700
Content-Transfer-Encoding: 7bit
Message-ID: <02B85D20-CA25-4AFB-BC8B-72095A4485B1@nominum.com>
References: <fab4e42a0910091810j71fcabd8h12d992be6d28d320@mail.gmail.com> <FFE5030C-7341-471F-9731-EC069F857A01@nominum.com> <20091011002522.GA26560@angus.ind.WPI.EDU>
To: Chuck Anderson <cra@WPI.EDU>
X-Mailer: Apple Mail (2.1076)
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Pre-determining DUID
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Oct 2009 20:55:06 -0000

> So these are the motivations behind our desire at least to provide the
> chaddr in the DHCP packet as a way to identify and classify clients.
> As I said in my other email, we have a working prototype that does
> exactly this for ISC dhcrelay.
My only objection to you proposing this is that it's clear to me from  
some of your early statements in this message that you actually intend  
to use the MAC address from the relay agent option as an identifier in  
place of DUID, and not as a hint for your back office system to use in  
connecting DUID-based identifiers to MAC-based identifiers.   This is  
unnecessary--what you're proposing completely solves your problems  
without requiring any change to RFC3315 or RFC4361.

So if you were to propose a protocol extension that included the MAC  
address in the relay agent options, and you were to describe how it  
could be used as a hint to relate DUID-based identifiers to MAC-based  
identifiers, I would be in favor of that.   But to the extent that  
your proposal essentially substitutes this relay-provided identifier  
for DUID-LLT, this would eliminate an identifier that is the same  
across all interfaces for the same device, and I would not support that.

One bellwether of this would be whether or not you expected a PXE boot  
loader that sends a different identifier than the OS client to get the  
same IP address that the OS client gets, because the relay-supplied  
MAC address is the same.   If you expect this, your spec breaks  
interoperability.