> From: Alper Yegin, November 07, 2007 6:04 AM > > First of all, there is no way use of PANA would lead to more > DHCP traffic.
? You say below "full dhcp, pana, another full dhcp". Sounds like doubling the DHCP traffic to me. But there is another issue. It is very normal for AAA servers to take time for all the sessions to authenticate after a BRAS reboot or pop-wide power failure. PANA has the potential to introduce a large amount of additional DHCP traffic simply due to short lease timer renews being requested prior to authentication completion. This sounds like a pretty effective distributed denial of service attack to me. > How can that be true when carrying EAP over DHCP always at > the minimum contribute 2 additional round-trips just for the > sake of transporting EAP? I was trying to make the EAP method equivalent between the two cases. Am I missing something? > In the worst case (DHCP-configured pre-PANA address), there > are two round trips for that 1st DHCP. Even in that case PANA > is no worse than DHCP-auth. > > And then there are better cases, e.g. use of link-local > address as pre-PANA address, rapid commit, etc. > > As for your 11-msg PANA call flow count, the example you used > is the most verbose one. If you turn on the optimizations > (agent-side initiation, > piggybacking) it reduces to 2 round trips. I chose the best message flow I could find within draft-ietf-pana-pana-18. As I read your words above, I cannot match all the potential variations to the DSLF requirements. Is there another documented DHCP+PANA message flow somewhere which meets the DSLF requirements which I should use instead? Eric > > So, in the worst case scenario (full dhcp, pana, another full > dhcp), PANA has additional 2 round-trips. By kicking in more > optimized deployment choices, this difference can be diminished. > > > Alper > > > -----Original Message----- > > From: Eric Voit (evoit) [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 07, 2007 5:40 AM > > To: Ralph Droms (rdroms) > > Cc: [EMAIL PROTECTED]; Internet Area > > Subject: RE: [Int-area] Re: [dhcwg] Discussion of dhc WG > rechartering > > forDHCPauthentication > > > > > From: Ralph Droms, November 05, 2007 9:37 PM > > > > > > Does the short lease/long lease scenario scale the DHCP > server load > > > by more than a factor of two? > > > > Ralph, > > > > The messages the DHCP servers will double. > > The messages with L3 edge (BRAS) will more than double. > > The messages with the CPE will more than triple. > > > > (Below is some rough math. I might have missed a message or > two, but > > the general trend is what I am trying to show.) > > > > ----------------------------------------- > > CPE Messages > > ----------------------------------------- > > DHCP Auth, assuming a 2 message EAP Method, the messages > used by EAP > > would be equal > > + 6 Messages (draft-pruss-dhcp-auth-dsl-01) > > > > PANA+DHCP Method > > + 4 Messages: DHCP 1st IP address > > ~ (+2) DHCP renews per 60 seconds until authenticated > > + 11 Messages PANA with BRAS (draft-ietf-pana-pana-18, section 4.1) > > + 4 Messages: DHCP 2nd IP address > > > > ----------------------------------------- > > L3 Edge (BRAS) Messages > > ----------------------------------------- > > DHCP Auth, EAP Method > > + 8 Messages (draft-pruss-dhcp-auth-dsl-01) > > > > PANA Method > > + 4 Messages: DHCP 1st IP address > > ~ (+2) DHCP renews per 60 seconds until authenticated > > + 11 Messages PANA with CPE (draft-ietf-pana-pana-18, section 4.1) > > + 2 messages min for validating with EAP Server > > + 4 Messages: DHCP 2nd IP address > > > > ----------------------------------------- > > L2 Edge (DSLAM or Access Switch) Messages > > ----------------------------------------- > > DHCP Auth, EAP Method > > + 6 Messages snooped (draft-pruss-dhcp-auth-dsl-01) > > > > PANA+DHCP Method > > + 4 Messages Snooped: DHCP 1st IP address > > ~ (+2) DHCP renews per 60 seconds until authenticated If > snooping: 11 > > Messages PANA (draft-ietf-pana-pana-18, section 4.1) Else > if explicit > > policy distribution like ANCP, ~4 messages (one policy per address) > > + 4 Messages Snooped: DHCP 2nd IP address > > > > > > Eric > > > > > > > - Ralph > > > > > > > > > _______________________________________________ > > Int-area mailing list > > [email protected] > > https://www1.ietf.org/mailman/listinfo/int-area > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
