draft-ietf-dhc-dhcpv6-relay-supplied-options-02.txt   draft-ietf-dhc-dhcpv6-relay-supplied-options-03.txt 
dhc T. Lemon dhc T. Lemon
Internet-Draft Nominum Internet-Draft Nominum
Intended status: Standards Track Q. Wu Intended status: Standards Track Q. Wu
Expires: April 2, 2011 Huawei Expires: April 14, 2011 Huawei
September 29, 2010 October 11, 2010
Relay-Supplied DHCP Options Relay-Supplied DHCP Options
draft-ietf-dhc-dhcpv6-relay-supplied-options-02 draft-ietf-dhc-dhcpv6-relay-supplied-options-03
Abstract Abstract
This document describes a general mechanism whereby a DHCPv6 relay This document describes a mechanism whereby a DHCPv6 relay agent can
agent can provide options to a DHCPv6 server that the DHCPv6 server provide options to a DHCPv6 server that the DHCPv6 server can then
can then provide to the DHCPv6 client. provide to the DHCPv6 client in certain restricted cases where this
is necessary.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 2, 2011. This Internet-Draft will expire on April 14, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 11 skipping to change at page 2, line 11
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 3
3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. RSOO-enabled options . . . . . . . . . . . . . . . . . . . . . 4 4. RSOO-enabled options . . . . . . . . . . . . . . . . . . . . . 4
5. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 4 5. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 5
6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 4 6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
The DHCPv6 specification [RFC3315] allows DHCP relay agents to The DHCPv6 specification [RFC3315] allows DHCP relay agents to
forward DHCPv6 messages between clients and servers that are not on forward DHCPv6 messages between clients and servers that are not on
the same IPv6 link. In some cases the DHCP relay agent has the same IPv6 link. In some cases the DHCP relay agent has
information the DHCP server does not have that would be useful to information not available to the DHCP server that would be useful to
provide to a DHCP client. For example, the DHCP client may need to provide to a DHCP client. For example, the DHCP client may need to
learn the EAP local domain name [I.D-ietf-hokey-ldn-discovery] for learn the EAP local domain name [I.D-ietf-hokey-ldn-discovery] for
use in EAP re-authentication [RFC5296], which is known to the relay use in EAP re-authentication [RFC5296], which is known to the relay
agent but not the server. The DHCPv6 protocol specification does not agent but not the server.
provide a mechanism whereby the relay agent can provide options to
the client. This document extends DHCP with a mechanism that allows The DHCPv6 protocol specification does not provide a mechanism
DHCP relay agents to propose options for the server to send to DHCP whereby the relay agent can provide options to the client. This
clients. document extends DHCP with a mechanism that allows DHCP relay agents
to propose options for the server to send to DHCP clients.
This document is not intended to provide a general mechanism for
storing client configuration information in the relay agent. Rather,
it is intended to address specific use cases where only the relay
agent has information needed by the client. This extension is not
applicable to DHCP options in general, but rather provided as a
mechanism for new specifications that require this functionality.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Terminology 1.2. Terminology
The following terms and acronyms are used in this document: The following terms and acronyms are used in this document:
DHCP - Dynamic Host Configuration Protocol Version 6 [RFC3315] DHCP Dynamic Host Configuration Protocol Version 6 [RFC3315]
RSOO - Relay-Supplied Options option RSOO Relay-Supplied Options option
2. Protocol Summary 2. Protocol Summary
DHCP clients do not support a mechanism for receiving options from DHCP clients do not support a mechanism for receiving options from
relay agents--the function of the relay agent is simply to deliver relay agents--the function of the relay agent is simply to deliver
the payload from the server. Consequently, in order for the DHCP the payload from the server. Consequently, in order for the DHCP
relay agent to provide options to the client, it sends those options relay agent to provide options to the client, it sends those options
to the DHCP server, encapsulated in a Relay-Supplied Options option. to the DHCP server, encapsulated in a Relay-Supplied Options option.
The DHCP server can then choose to place those options in the The DHCP server can then choose to place those options in the
response it sends to the client. response it sends to the client.
3. Encoding 3. Encoding
In order to supply options for the DHCP server, the relay agent sends In order to supply options for the DHCP server to send to the client,
a Relay-Supplied Options option in the Relay-Forward message. This the relay agent sends a Relay-Supplied Options option in the Relay-
option encapsulates whatever options the relay agent wishes to Forward message. This option encapsulates whatever options the relay
provide to the DHCPv6 server. agent wishes to provide to the DHCPv6 server.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_RSOO | option-length | | OPTION_RSOO | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| suboptions... | suboptions...
+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+
OPTION_RSOO Relay-Supplied Options code (TBD). OPTION_RSOO Relay-Supplied Options code (TBD).
option-length Length of Relay-Supplied Options option. option-length Length of Relay-Supplied Options option.
suboptions One or more DHCPv6 options. suboptions One or more DHCPv6 options.
4. RSOO-enabled options 4. RSOO-enabled options
Unless specifically called out as an RSOO-enabled option, no DHCP Unless specifically called out as an RSOO-enabled option, no DHCP
option should appear in an RSOO. Specifications that describe RSOO- option should appear in an RSOO. Specifications that describe RSOO-
enabled options MUST reference this specification, and MUST state enabled options MUST reference this specification, and MUST state
that the option they define is RSOO-enabled. that the option they define is RSOO-enabled. No DHCP option
specified prior to the issuance of this specification is RSOO-
enabled.
A current list of RSOO-enabled options can be found in the list
titled "Options Permitted in the Relay-Supplied Options option"
maintained at http://www.iana.org/assignments/dhcpv6-parameters.
DHCP option specifications that define RSOO-enabled options MUST add
text similar to the following to their IANA considerations section;
"random relay option" should be replaced with the name of the option
being defined in the specification:
We request that IANA add the name "random relay option" to the
registry titled "Options Permitted in the Relay-Supplied Options
Option" maintained at
http://www.iana.org/assignments/dhcpv6-parameters.
5. DHCP Relay Agent Behavior 5. DHCP Relay Agent Behavior
DHCP relay agents that implement this specification MUST be
configurable not to send the Relay-Supplied Options option.
Relay agents MAY include a Relay-Supplied Options option in the Relay agents MAY include a Relay-Supplied Options option in the
option payload of a Relay-Forward message. Relay agents MUST NOT option payload of a Relay-Forward message. Relay agents MUST NOT
modify the contents of any message before forwarding it to the DHCP modify the contents of any message before forwarding it to the DHCP
client. client.
Relay agents MUST NOT send non-RSOO-enabled options in the Relay-
Supplied Options option.
Relay agents implementing this specification SHOULD have a
configuration parameter that determines whether or not they will
relay a Relay-Forward message toward the DHCP server if it contains a
Relay-Supplied Options option.
Relay agents that have this configuration parameter and that are
configured to enable this behavior MUST silently discard any Relay-
Forward packet that contains a Relay-Supplied Options option.
Implementations that can be configured in this way MUST examine all
Relay-Forward encapsulations, not just the outer encapsulation.
6. DHCP Server Behavior 6. DHCP Server Behavior
DHCP servers that implement this specification MUST examine each DHCP servers that implement this specification MUST examine each
option contained in an RSOO to see if it is an RSOO-enabled option. option contained in an RSOO to see if it is an RSOO-enabled option.
DHCP servers MUST silently discard any option contained in an RSOO DHCP servers MUST silently discard any option contained in an RSOO
that is not RSOO-enabled. DHCP server implementations SHOULD have a that is not RSOO-enabled. DHCP server implementations SHOULD have a
user-configurable list of RSOO-enabled options, so that new RSOO- user-configurable list of RSOO-enabled options, so that new RSOO-
enabled options do not require software to be updated. enabled options do not require software to be updated.
DHCP servers normally construct a list of options that are candidates DHCP servers normally construct a list of options that are candidates
to send to the DHCP client, and then construct the DHCP packet to send to the DHCP client, and then construct the DHCP packet
according to section 17.2.2 of DHCPv6 [RFC3315]. according to section 17.2.2 of DHCPv6 [RFC3315].
If the server receives an RSOO and is configured to accept it, it If the server implementing this specificaton receives an RSOO, it
SHOULD add any options that appear in the RSOO for which it has no SHOULD add any options that appear in the RSOO for which it has no
internal candidate to the list of options that are candidates to send internal candidate to the list of options that are candidates to send
to the DHCP client. The server SHOULD discard any options that to the DHCP client. The server SHOULD discard any options that
appear in the RSOO for which it already has one or more candidates. appear in the RSOO for which it already has one or more candidates.
If the server receives more than one RSOO, it SHOULD not foward
multiple versions of the same option from different RSOOs to the DHCP
client.
Aside from the addition of options from the RSOO, the DHCP server Aside from the addition of options from the RSOO, the DHCP server
should then construct a DHCP packet as it normally would, and should then construct a DHCP packet as it normally would, and
transmit it to the DHCP client as described in DHCPv6 [RFC3315]. transmit it to the DHCP client as described in DHCPv6 [RFC3315].
DHCP Server implementations MAY discard options deemed inappropriate DHCP servers may receive multiply-nested Relay-Forward messages
to forward. For example, it would never be appropriate for the DHCP containing conflicting values for options contained in Relay Supplied
server to forward an IA option. The list of options that will be Options options in these messages.
discarded SHOULD be configurable by the administrator.
When such a conflict exists, the DHCP server MUST choose no more than
one of these options to forward to the client. The DHCP server MUST
not forward more than one of these options to the client.
By default, the DHCP server MUST choose the innermost value--the
value supplied by the relay agent closest to the DHCP client, to
forward to the DHCP client.
DHCP server implementations MAY provide other heuristics for choosing
which one of a set of such conflicting options to forward to the
client, as long as the specified behavior is the default behavior.
7. Security Considerations 7. Security Considerations
This document provides a mechanism whereby a relay agent can inject This document provides a mechanism whereby a relay agent can inject
options into the response the DHCP server sends to the DHCP client. options into the response the DHCP server sends to the DHCP client.
Because the DHCP server prefers its own configured options to those In general it is expected that RSOO-enabled options will be specified
supplied by the relay agent, this can't be used as a means for because they only make sense when originating from the relay agent.
overriding server-supplied options. However, it is still possible in This is true of existing use cases.
some configurations for a rogue DHCP relay agent to supply additional
options to the DHCP client.
Because the relay agent is supplying options which the DHCP server In the event that some new RSOO-enabled option is specified that can
might then sign, this provides a mechanism whereby an attacker could originate from either the server or the relay agent, this should be
get the DHCP server to authenticate a message that the attacker could addressed in the security considerations section of the document that
not itself forge to the client. specifies the use of that option.
For this reason, DHCP servers in environments where a rogue relay In some environments, there is an interface on one side of which is
could interpose itself into the packet flow SHOULD authenticate the the client, and zero or more routers, and on the other side of which
relay agent as described in section 21.1 of DHCPv6 [RFC3315]. is a network managed by a monolithic or effectively monolithic
administrative entity. Nodes and routers on the client side of the
interface are not controlled by this entity, and are considered
"untrusted." Nodes and routers on the other side of this interface
are considered trusted.
Note, however, that this attack is only useful if the DHCP server is It is possible for a relay agent on the untrusted side of this
using the DHCPv6 authentication mechanism to authenticate the message interface to supply a Relay-Supplied Options option containing one or
that it sends to the DHCP client. If the message from the server to more RSOO-enabled options that would override the same option or
the client is not authenticated, the relay agent can simply add options that were provided by a relay agent on the trusted side of
whatever options it wants to the message for the client, rather than the interface.
using this more complicated mechanism to provide the same option by
way of the server.
Furthermore, because DHCP servers will discard non-RSOO-enabled In environments where this is a possibility, network administrators
options provided by relay agents, the risk is limited to options that are advised to use relay agents that are capable of dropping Relay-
are specifically designed to be provided by relay agents, so the set Forward messages containing the Relay-Supplied Options option, and
of options that could be provided in such an attack is very are advised to configure those relays to drop such messages.
restricted.
Note, however, that this will only be effective if the message from
the DHCP server to the DHCP client is authenticated as specified in
Section 21 of DHCP Version 6 [RFC3315], or using some similar
mechanism. Without this authentication, the relay agent on the
untrusted portion of the network can simply modify the DHCP server's
response in transit back to the DHCP client, and there is no way for
the client to detect that this has happened.
8. IANA Considerations 8. IANA Considerations
We request that IANA assign one new option code from the registry of We request that IANA assign one new option code from the registry of
DHCP Option Codes maintained at DHCP Option Codes maintained at
http://www.iana.org/assignments/dhcpv6-parameters. This option code http://www.iana.org/assignments/dhcpv6-parameters. This option code
will be assigned to the Relay-Supplied Options option. will be assigned to the Relay-Supplied Options option.
We request that the IANA create a new registry on the same
assignments page, titled "Options Permitted in the Relay-Supplied
Options Option". This option will contain a list of names of options
from the DHCP Option Codes list. Currently, the list is empty.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
 End of changes. 26 change blocks. 
64 lines changed or deleted 127 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/