DHCPv6 Failover Requirements
draft-ietf-dhc-dhcpv6-failover-requirements-07

[Ballot comment]
My DISCUSS was:
This DISCUSS resolution might be a simple as educating a clueless AD, having a forward pointer (from the intro to section 6), reorganizing the sections, or clearly explaining what is specific to DHCPv6 versus common to DHCPv4/DHCPv6.
"Why are these requirementis specific to DHCPv6?" I asked myself while reading this document.
All of section 3, 4, and 5 (except maybe 4.5 and 4.6) is common for IPv4 and IPv6, right?
It's only when I arrived at section 6 that I somehow understood. I should have paid more attention to the table of content. Proposal: the introduction could introduce a sentence or two, with a forward reference to section 6.
However, I was wondering "There is surely a RFC for DHCPv4 failover!", but I could not find anything, except an old draft http://tools.ietf.org/html/draft-ietf-dhc-failover-12.
Slightly confused, should be missing something ...

I cleared my DISCUSS on the basis that the following text is in.

      The DHCPv6 failover concept borrows heavily from its DHCPv4
      counterpart [dhcpv4-failover] that never completed standardization
      process, but has several successful, operationally proven vendor-
      specific implementations. For a discussion about commonalities and
      differences, see Section 6.

What would be very nice (more of a COMMENT type of feedback) is to label which sections/requirements are specific to IPv6.

- Question: have you been thinking about all operational questions/requirements from RFC 5706 appendix A?

-
      A binding (or client binding) is a group of server data records
      containing the information the server has about the addresses in
      an IA or configuration information explicitly assigned to the
      client.

What is "an IA"?

-  "A notable example is a PXE scenario where hosts require an address during boot."
No idea what a PXE scenario is

- in order to match the statement

2.  For each prefix or address pool, a server must not participate
        in more than one failover relationship.

I believe you want
OLD:
  4.  Servers participating in multiple failover relationships for any
      given pool.

NEW:
  4.  Servers participating in multiple failover relationships for any
      given prefix or address pool.

[Ballot discuss]

(1) Section 8 says that security is only required to be
specified. Why would BCP61 not apply here? That would
require that a security solution is implemented but can
still be turned off in a deployment.

(2) 4.6: I hate the example at the end which seems to
represent an abuse of DHCP and not a valid use for DHCP.
I don't think we should be designing for that requirement
at all. Please remove that example or replace it with
something that's not an abuse of IETF protocols. I
realise people might do these kinds of things, but we
should not be designing protocols that are designed to
make e2e hard.

[Ballot comment]

- s2: expand IA on 1st use

- s3: I have no idea why a set of documents of increasing
specificity is considered a good thing. In particular I
don't see why a design document is needed myself but
whatever.

- 3.1.1: what's PXE?

- 3.1.3: wouldn't one also care about security here as
well? I think just saying that is enough here.

- 4.4: nit: m-to-m would be better as m-to-n IMO

- 4.7: Is this meant to motivate a requirement? If so,
then why not state the requirement? Or this might be
intended to rule that scenario out of scope, in which
case you should also say so.

- s7, what does "secure" mean? integrity,
confidentiality, non-replay? I'd suggest you might want
roughly the same services as are offered by TLS or IPsec.

[Ballot discuss]
This DISCUSS resolution might be a simple as educating a clueless AD, having a forward pointer (from the intro to section 6), reorganizing the sections, or clearly explaining what is specific to DHCPv6 versus common to DHCPv4/DHCPv6.
"Why are these requirementis specific to DHCPv6?" I asked myself while reading this document.
All of section 3, 4, and 5 (except maybe 4.5 and 4.6) is common for IPv4 and IPv6, right?
It's only when I arrived at section 6 that I somehow understood. I should have paid more attention to the table of content. Proposal: the introduction could introduce a sentence or two, with a forward reference to section 6.
However, I was wondering "There is surely a RFC for DHCPv4 failover!", but I could not find anything, except an old draft http://tools.ietf.org/html/draft-ietf-dhc-failover-12.

Slightly confused, should be missing something ...

[Ballot comment]
- Question: have you been thinking about all operational questions/requirements from RFC 5706 appendix A?

-

      A binding (or client binding) is a group of server data records
      containing the information the server has about the addresses in
      an IA or configuration information explicitly assigned to the
      client.

What is "an IA"?

-  "A notable example is a PXE scenario where hosts require an address during boot."
No idea what a PXE scenario is

- in order to match the statement

2.  For each prefix or address pool, a server must not participate
        in more than one failover relationship.

I believe you want
OLD:
  4.  Servers participating in multiple failover relationships for any
      given pool.

NEW:
  4.  Servers participating in multiple failover relationships for any
      given prefix or address pool.

[Ballot comment]
I have no issues with the publication of this document.  I do have some comments that I think will make it stronger.

1. There are instances of acronyms without expansion on the first use (e.g., PXE).

2. The models described in sections 4.1 & 4.2 talk about two servers remaining in contact with one another.  I assume this is through messages outside of DHCP.  If that is the case, it may be worthwhile to explicitly state that.

3. For completeness, are there scenarios that would involve cold (or warm) standby servers?

4. The discussion in 5.2.2 misses a key point.  Lazy updates paired with Split Prefixes can be very efficient since there is little risk in overlapping assignments.

5. I find the wording in section 7, a little distressing.  This document is just "an attempt to define requirements"?

6. Requirement 1 in section 7 is confusing for several reasons.  The first sentence makes it sound like a DHCP server can have 2 failover partners.  The next sentence says that a particular resource is protected by a pair-wise relationship between two servers.  I don't understand the rationale for limiting the number of failover partners in a requirements statement.  Additionally, this requirement is confusing given that section 4.4. talked about having m-to-m failover relationships.

7. It is unclear why section 7.1 is in this document.  The requirements in section 7 describe the *minimum* set of functionality that has to be in the protocol.  Why rule out other functionality?

IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-dhc-dhcpv6-failover-requirements-06, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any IANA actions.

If this assessment is not accurate, please respond as soon as possible.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (DHCPv6 Failover Requirements) to Informational RFC


The IESG has received a request from the Dynamic Host Configuration WG
(dhc) to consider the following document:
- 'DHCPv6 Failover Requirements'
  as Informational
RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2013-07-17. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The DHCPv6 protocol, defined in [RFC3315] allows for multiple servers
  to operate on a single network, however it does not define any way
  the servers could share information about currently active clients
  and their leases.  Some sites are interested in running multiple
  servers in such a way as to provide increased availability in case of
  server failure.  In order for this to work reliably, the cooperating
  primary and secondary servers must maintain a consistent database of
  the lease information.  [RFC3315] allows for but does not define any
  redundancy or failover mechanisms.  This document outlines
  requirements for DHCPv6 failover, enumerates related problems, and
  discusses the proposed scope of work to be conducted.  This document
  does not define a DHCPv6 failover protocol.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv6-failover-requirements/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv6-failover-requirements/ballot/


No IPR declarations have been submitted directly on this I-D.

Write up for draft-ietf-dhcpv6-failover-requirements:

(1) What type of RFC is being requested (BCP, Proposed Standard,
    Internet Standard, Informational, Experimental, or Historic)? Why
    is this the proper type of RFC? Is this type of RFC indicated in
    the title page header?

Informational. This is the proper type because this document specifies
requirements for a failover protocol for DHCPv6. It does not define the
protocol itself. This is indicated in the header (Intended status).

(2) The IESG approval announcement includes a Document Announcement
    Write-Up. Please provide such a Document Announcement
    Write-Up. Recent examples can be found in the "Action"
    announcements for approved documents. The approval announcement
    contains the following sections:

Technical Summary:

This document outlines the requirements for DHCPv6 failover, enumerates
related problems, and discusses the proposed scope of work to be
conducted. This document does not define a DHCPv6 failover protocol.

Working Group Summary:

The need for a DHCPv6 failover protocol had been discussed by the WG
ever since RFC 3315 was published. After some discussion on how to
approach this work given the lack of progress for the DHCPv4 draft
(draft-ietf-dhc-failover), work was begun in June 2011 on the first
of a possible series of documents. And adopted by the WG in October
2011. The document has good support from key individuals (those that
worked on or implemented the DHCPv4 failover draft), but does lack
broad support - though no one raised any objection to the work.

Document Quality:

The document builds on earlier DHCPv4 work (draft-ietf-dhc-failover).
The document has had a thorough review by a small number of very
interested and knowledgable folks (mentioned in the acknowledgements
section). There were no significant points of difficulty or
controversy, primarily as this work builds on earlier DHCPv4 work.

Personnel:

Bernie Volz is the document shepherd. Ted Lemon is the responsible AD.

(3) Briefly describe the review of this document that was performed by
    the Document Shepherd. If this version of the document is not
    ready for publication, please explain why the document is being
    forwarded to the IESG.

I read the document thoroughly, and submitted quite a few editorial
suggestions to the authors, which they implemented.  The differences
between the -03 and -05 versions of the document reflect this review.


(4) Does the document Shepherd have any concerns about the depth or
    breadth of the reviews that have been performed?

No, the document has had a good deal of careful review.

(5) Do portions of the document need review from a particular or from
    broader perspective, e.g., security, operational complexity, AAA,
    DNS, DHCP, XML, or internationalization? If so, describe the
    review that took place.

This is strictly a DHCP document, and has had sufficient review from
DHCP experts.

(6) Describe any specific concerns or issues that the Document
    Shepherd has with this document that the Responsible Area Director
    and/or the IESG should be aware of? For example, perhaps he or she
    is uncomfortable with certain parts of the document, or has
    concerns whether there really is a need for it. In any event, if
    the WG has discussed those issues and has indicated that it still
    wishes to advance the document, detail those concerns here.

I think the document is good as written, and serves a useful purpose
and will be useful for future work on DHCPv6 failover.

(7) Has each author confirmed that any and all appropriate IPR
    disclosures required for full conformance with the provisions of
    BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes, the authors did confirm that they are not aware of any IPR.

(8) Has an IPR disclosure been filed that references this document? If
    so, summarize any WG discussion and conclusion regarding the IPR
    disclosures.

No.

(9) How solid is the WG consensus behind this document? Does it
    represent the strong concurrence of a few individuals, with others
    being silent, or does the WG as a whole understand and agree with it?

There is a strong consensus behind this document and in particular from
very active WG participants (i.e. "DHCP experts").

(10) Has anyone threatened an appeal or otherwise indicated extreme
    discontent? If so, please summarise the areas of conflict in
    separate email messages to the Responsible Area Director. (It
    should be in a separate email because this questionnaire is
    publicly available.)

No, and nobody's indicated that they were against the WGLC or had
any issues with the document advancing.

(11) Identify any ID nits the Document Shepherd has found in this
    document. (See http://www.ietf.org/tools/idnits/ and the
    Internet-Drafts Checklist). Boilerplate checks are not enough;
    this check needs to be thorough.

The document passes idnits with no errors and review using the
checklist did not turn up any issues.

(12) Describe how the document meets any required formal review
    criteria, such as the MIB Doctor, media type, and URI type
    reviews.

The document contains nothing like this.

(13) Have all references within this document been identified as
    either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready
    for advancement or are otherwise in an unclear state? If such
    normative references exist, what is the plan for their
    completion?

No, all the normative references are to RFCs.

(15) Are there downward normative references references (see RFC
    3967)? If so, list these downward references to support the Area
    Director in the Last Call procedure.

No.

(16) Will publication of this document change the status of any
    existing RFCs? Are those RFCs listed on the title page header,
    listed in the abstract, and discussed in the introduction? If the
    RFCs are not listed in the Abstract and Introduction, explain
    why, and point to the part of the document where the relationship
    of this document to the other RFCs is discussed. If this
    information is not in the document, explain why the WG considers
    it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA
    considerations section, especially with regard to its consistency
    with the body of the document. Confirm that all protocol
    extensions that the document makes are associated with the
    appropriate reservations in IANA registries. Confirm that any
    referenced IANA registries have been clearly identified. Confirm
    that newly created IANA registries include a detailed
    specification of the initial contents for the registry, that
    allocations procedures for future registrations are defined, and
    a reasonable name for the new registry has been suggested (see
    RFC 5226).

I reviewed the IANA Considerations section and it is fine and clear -
there are no IANA actions needed.

(18) List any new IANA registries that require Expert Review for
    future allocations. Provide any public guidance that the IESG
    would find useful in selecting the IANA Experts for these new
    registries.

None.

(19) Describe reviews and automated checks performed by the Document
    Shepherd to validate sections of the document written in a formal
    language, such as XML code, BNF rules, MIB definitions, etc.

There are no such parts to the document.