> > From: Alper Yegin, November 07, 2007 6:04 AM > > > > First of all, there is no way use of PANA would lead to more > > DHCP traffic. > > ? You say below "full dhcp, pana, another full dhcp". Sounds like > doubling the DHCP traffic to me.
If you compare it with EAP/DHCP, which adds at least two additional round-trips to usual DHCP, then you'd see even in that worst case (for PANA) scenario, the DHCP traffic using PANA is same as that of EAP/DHCP solution. > But there is another issue. It is very normal for AAA servers to take > time for all the sessions to authenticate after a BRAS reboot or > pop-wide power failure. PANA has the potential to introduce a large > amount of additional DHCP traffic simply due to short lease timer renews > being requested prior to authentication completion. You seem to assume the short leases are too short. > This sounds like a pretty effective distributed denial of service attack > to me. > > > How can that be true when carrying EAP over DHCP always at > > the minimum contribute 2 additional round-trips just for the > > sake of transporting EAP? > > I was trying to make the EAP method equivalent between the two cases. > Am I missing something? Yes. Ric said dedicated DHCP messages will carry EAP and in the very best case that means two additional round-trips of DHCP for the sake of shuttling EAP. > > In the worst case (DHCP-configured pre-PANA address), there > > are two round trips for that 1st DHCP. Even in that case PANA > > is no worse than DHCP-auth. > > > > And then there are better cases, e.g. use of link-local > > address as pre-PANA address, rapid commit, etc. > > > > As for your 11-msg PANA call flow count, the example you used > > is the most verbose one. If you turn on the optimizations > > (agent-side initiation, > > piggybacking) it reduces to 2 round trips. > > I chose the best message flow I could find within > draft-ietf-pana-pana-18. As I read your words above, I cannot match all > the potential variations to the DSLF requirements. Is there another What requirements are you referring to? The ones that DSLF provided to IETF does not really seem to talk about variations you are referring to. > documented DHCP+PANA message flow somewhere which meets the DSLF > requirements which I should use instead? Have you read the PANA spec? All these optimizations are documented there. Of course you cannot find call flows depicting every possible scenario in this IETF document. Alper > > Eric > > > > > So, in the worst case scenario (full dhcp, pana, another full > > dhcp), PANA has additional 2 round-trips. By kicking in more > > optimized deployment choices, this difference can be diminished. > > > > > > Alper > > > > > -----Original Message----- > > > From: Eric Voit (evoit) [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, November 07, 2007 5:40 AM > > > To: Ralph Droms (rdroms) > > > Cc: [EMAIL PROTECTED]; Internet Area > > > Subject: RE: [Int-area] Re: [dhcwg] Discussion of dhc WG > > rechartering > > > forDHCPauthentication > > > > > > > From: Ralph Droms, November 05, 2007 9:37 PM > > > > > > > > Does the short lease/long lease scenario scale the DHCP > > server load > > > > by more than a factor of two? > > > > > > Ralph, > > > > > > The messages the DHCP servers will double. > > > The messages with L3 edge (BRAS) will more than double. > > > The messages with the CPE will more than triple. > > > > > > (Below is some rough math. I might have missed a message or > > two, but > > > the general trend is what I am trying to show.) > > > > > > ----------------------------------------- > > > CPE Messages > > > ----------------------------------------- > > > DHCP Auth, assuming a 2 message EAP Method, the messages > > used by EAP > > > would be equal > > > + 6 Messages (draft-pruss-dhcp-auth-dsl-01) > > > > > > PANA+DHCP Method > > > + 4 Messages: DHCP 1st IP address > > > ~ (+2) DHCP renews per 60 seconds until authenticated > > > + 11 Messages PANA with BRAS (draft-ietf-pana-pana-18, section 4.1) > > > + 4 Messages: DHCP 2nd IP address > > > > > > ----------------------------------------- > > > L3 Edge (BRAS) Messages > > > ----------------------------------------- > > > DHCP Auth, EAP Method > > > + 8 Messages (draft-pruss-dhcp-auth-dsl-01) > > > > > > PANA Method > > > + 4 Messages: DHCP 1st IP address > > > ~ (+2) DHCP renews per 60 seconds until authenticated > > > + 11 Messages PANA with CPE (draft-ietf-pana-pana-18, section 4.1) > > > + 2 messages min for validating with EAP Server > > > + 4 Messages: DHCP 2nd IP address > > > > > > ----------------------------------------- > > > L2 Edge (DSLAM or Access Switch) Messages > > > ----------------------------------------- > > > DHCP Auth, EAP Method > > > + 6 Messages snooped (draft-pruss-dhcp-auth-dsl-01) > > > > > > PANA+DHCP Method > > > + 4 Messages Snooped: DHCP 1st IP address > > > ~ (+2) DHCP renews per 60 seconds until authenticated If > > snooping: 11 > > > Messages PANA (draft-ietf-pana-pana-18, section 4.1) Else > > if explicit > > > policy distribution like ANCP, ~4 messages (one policy per address) > > > + 4 Messages Snooped: DHCP 2nd IP address > > > > > > > > > Eric > > > > > > > > > > - Ralph > > > > > > > > > > > > > _______________________________________________ > > > Int-area mailing list > > > [email protected] > > > https://www1.ietf.org/mailman/listinfo/int-area > > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
