Re: DHCPv6 PD & Routing Questions

[Mark Andrews <marka () isc org>]

In message <E82EA149-2530-41FF-9CE0-670E6CD7D097 () delong com>, Owen DeLong writes:
> > On Nov 25, 2015, at 15:59 , Mark Andrews <marka () isc org> wrote:
> >
> >
> > In message
> <CAMWxDfrh+O=SPZwPmAZhYnvAEeK2eMFw3CD0qf34Fkbb=-SaPw () mail gmail com>,
> Brian Knight writes:
> > > On Tue, Nov 24, 2015 at 6:34 PM, Baldur Norddahl
> > > <baldur.norddahl () gmail com> wrote:
> > > > DHCPv6-PD allows multiple PD requests. But did anyone actually
> implement
> > > > that? I am not aware of any device that will hand out sub delegations
> on
> > > > one interface, notice that it is out of address space and then go
> request
> > > > more space from the upstream router (*).
> > > >
> > > > DHCPv6-PD allows size hints, but it is often ignored. Also there is no
> > > > guidance for what prefix sizes you should ask for. Many CPEs will ask for
> > > > /48. If you got a /48 you will give out that /48 and then not honor any
> > > > further requests, because only one /48 per site is allowed. If you are an
> > > > ISP that gives out /48 and your customers CPE asks for a /56 you will
> > > > still ignore his size hint and give him /48.
> > >
> > > Or, worse, the ISP's DHCPv6 server honors the new request and issues
> > > the larger prefix, but refuses to route it.  Ran into that myself when
> > > I replaced my home CPE router, and changed the prefix hint to ask for
> > > a /60 block (expanded from /64) at the same time.  That made for a
> > > frustrating few days without IPv6 service, waiting for my original
> > > delegation to expire.  (Tech support, of course, had no clue and
> > > blamed my router.)
> > >
> > > In retrospect I should have perhaps had my original CPE generate a
> > > DHCP release message for that prefix before disconnecting it.  But I
> > > won't be the last person to fail to generate that.
> > >
> > > -Brian
> >
> > Well the requesting router could announce the route.  ISC's client
> > has hooks that allow this to be done.  That is, after all, how
> > routing is designed to work.  The DHCP server usually is sitting
> > in a data center on the other side of the country with zero ability
> > to inject approptiate routes.
>
> Are you really suggesting that a residential ISP accept routes advertised
> from their customer’s CPE? Really?

PD is used internally as well as externally, and with a little bit
of crypto to prove the assigned address belongs to them there really
isn't a reason a CPE device couldn't announce a address to a ISP.
It would also allow BCP38 filters to be built rather than using RFP
which is only a approximate solution.

> That’s about the most ridiculous thing I’ve heard on NANOG in a long time
> and that’s saying something.
>
> > The DHCP relay could also have injected routes but that is a second
> > class solution.
>
> Maybe, but in an ISP/Customer PD environment, it’s certainly preferable
> to what you consider a “first class” solution.

Actually it is still a second class solution. Have the CPE generate
the routes and use information from the relay as a acceptance filter.

That way the device that was delegated the prefix decides what it
announced.

> Owen
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org