Re: [Int-area] dhcp-auth

To: "'Richard Pruss'" <ric at cisco.com>
Subject: Re: [Int-area] dhcp-auth
From: "Alper Yegin" <alper.yegin at yegin.org>
Date: Sat, 26 Jul 2008 02:28:00 +0300
Cc: dhcwg at ietf.org, int-area at ietf.org
Delivered-to: ietfarch-int-area-web-archive at core3.amsl.com
Delivered-to: int-area at core3.amsl.com
In-reply-to: <875433DD-3B96-40FC-9556-53FFAB3F9ACE@cisco.com>
List-archive: <http://www.ietf.org/pipermail/int-area>
List-help: <mailto:int-area-request@ietf.org?subject=help>
List-id: IETF Internet Area Mailing List <int-area.ietf.org>
List-post: <mailto:int-area@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
Sender: int-area-bounces at ietf.org
Thread-index: Acjt4djAyVJupxnTRCO5yxmfkSoRoQAyegzg

I don't appreciate your comments. Let's stay on the technical course.

> > Let's start just looking at the issues about Figure 3...
> >
> > - What is the DHCP-wise functionality of the NAS? Text claims it is
> > a "DHCP
> > relay" but I see it terminating some of the DHCP messages and also
> > generating some other messages. This is not compliant with DHCP.
> >
> 
> As we explained to you many times most vendors BRAS's act as a DHCP
> proxy and terminate all messages and look like a server to the client.


That's not accurate according to Figure 3. I see "some" DHCP messages
terminating on the NAS (e.g., DHCPEAP*) and "others" going through (e.g.,
DHCPDISCOVER) within the same DHCP flow.

I don't think it is as simple as your two-sentence explanation anyways. As
requested earlier, IETF needs to see a document where this DHCP proxy model
is defined. I'm aware of one DHCP proxy model and it is nothing like what
your document is suggesting. 

Can you please send us a document that describes the DHCP proxy model? IETF
needs to buy in the DHCP proxy model before any other proposal built on top
of that gets accepted.


> > - How does the NAS handle EAP retransmissions? It needs to send
> > unsolicited
> > DHCP messages to the DHCP client. This is not compliant with DHCP.
> >
> Actually that issue is open and we can discuss what a compliant
> implementation would mean in terms of retransmission timers so that
> right thing always happens at the right layer.

OK, please explain.


> > - I see NAS inserting additional DHCP option (EAP Success) on
> > DHCPOFFER as
> > it forwards that message from DHCP server to DHCP client. This again
> > breaks
> > DHCP.
> >
> As we explained to you many times most vendors BRAS's act as a DHCP
> proxy and terminate all messages and look like a server to the client.

Again, NAS does not really terminate "all" messages (see above). And this
"box in the middle" inserting DHCP options towards the DHCP client breaks
DHCP.

> Lets take this to the dhcwg list as that is where the review happens
> next week.

Really? What happened to the escalation of this discussion to int-area and
the outcome of the poll from last IETF? I hope Jari can clarify this. 

Alper







> 
> - Ric
> 
> 
> 
> >
> > Alper
> >
> >
> > _______________________________________________
> > Int-area mailing list
> > Int-area at ietf.org
> > https://www.ietf.org/mailman/listinfo/int-area


_______________________________________________
Int-area mailing list
Int-area at ietf.org
https://www.ietf.org/mailman/listinfo/int-area

References:
- Re: [Int-area] dhcp-auth
  - From: Richard Pruss

Prev by Date: Re: [Int-area] practical issues with using v4-mapped addresses for nat64
Next by Date: Re: [Int-area] practical issues with using v4-mapped addresses for nat64
Previous by thread: Re: [Int-area] [dhcwg] dhcp-auth
Next by thread: [Int-area] EAP and DHCP end-points
Index(es):
- Date
- Thread

Re: [Int-area] dhcp-auth

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.