Re: [Babel-users] ahcp ipv6 prefix delegation?

[Juliusz Chroboczek]

 I've been planning to implement it on the server side, but other
 things have been coming up.

 No worries.

Let me know if you have plans to do something with it, and I can reorder
my todo list.

 As one of many examples of tricky policy issues

As usual, Dave, you're overcomplicating things.  It's not *that* bad.

 I don't see a way how to do ahcp-pd right without all the servers
 maintaining some shared global state

No, the address space is partitioned between servers, there's no shared
state.  That's an important design criterion.

 and/or potentially naking or adding a state like I can help you but
 perhaps someone else has better data, get back to me later - to an
 initial pd request.

That's done on the client side.  When a client receives an OFFER from
a server, it can decide whether the offer is good enough (in which case
it sends a REQUEST), or whether it prefers to continue the
increasing-diameter search.

 Then there's ugh - security.

Yeah, but that's orthogonal to policy -- AHCP, just like DHCP, is
a completely insecure protocol.  (You may have a strict policy in an
insecure system, as you can have a lax policy that's enforced securely.)

 Then the relay problem

Eh?  What relay problem?

-- Juliusz

___
Babel-users mailing list
Babel-users@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users

Re: [Babel-users] ahcp ipv6 prefix delegation?

[Dave Taht]

On Fri, Apr 6, 2012 at 7:19 AM, Juliusz Chroboczek j...@pps.jussieu.fr wrote:
 I went looking to see how ahcpd did it, only to discover that it only
 sort of did, in that there is some support for client side delegation
 but no server side support in the code at present.

 That's right.  I've been planning to implement it on the server side,
 but other things have been coming up.

No worries.

 Am I intuiting the intent correctly?

 Yes, except that there are tricky policy issues you appear to be
 ignoring.

No, I was simplifying those out for purposes of clarifying the first
bit. I glad that I understood the intent in that part of the state
machine.

I am as of this month, rather painfully aware of how dhcpv6-pd does
it, and all the intricacies required.

As one of many examples of tricky policy issues, I don't see a way how
to do ahcp-pd right without all the servers maintaining some shared
global state and/or potentially naking or adding a state like I can
help you but perhaps someone else has better data, get back to me
later - to an initial pd request.

Then there's ugh - security. Then the relay problem... ah, I shant go
into it further.

However I note that thinking about the pd problem with a clean slate
such as ahcp, rather than the decades of accumulated crutft that is
dhcp, is helping to clarify my thinking, and thank you for that.


 -- Juliusz




-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net

___
Babel-users mailing list
Babel-users@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users