draft-ietf-dhc-dhcpv6-relay-supplied-options-06.txt   draft-ietf-dhc-dhcpv6-relay-supplied-options-07.txt 
dhc T. Lemon dhc T. Lemon
Internet-Draft Nominum Internet-Draft Nominum
Intended status: Standards Track Q. Wu Updates: 3315 (if approved) Q. Wu
Expires: November 10, 2011 Huawei Intended status: Standards Track Huawei
May 9, 2011 Expires: January 12, 2012 July 11, 2011
Relay-Supplied DHCP Options Relay-Supplied DHCP Options
draft-ietf-dhc-dhcpv6-relay-supplied-options-06 draft-ietf-dhc-dhcpv6-relay-supplied-options-07
Abstract Abstract
This document describes a mechanism whereby a DHCPv6 relay agent can DHCPv6 relay agents can not communicate with DHCPv6 clients directly.
provide options to a DHCPv6 server that the DHCPv6 server can then However, in some cases, the relay agent possesses some information
provide to the DHCPv6 client in certain restricted cases where this that would be useful to the DHCPv6 client. This document describes a
is necessary. mechanism whereby the DHCPv6 relay agent can provide such information
to the DHCPv6 server, which can, in turn, pass this information on to
the DHCP client.
This document updates RFC3315 (DHCPv6) by making explicit the
implicit requirement that relay agents not modify the content of
encapsulation payloads as they are relayed back toward clients.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 10, 2011. This Internet-Draft will expire on January 12, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 19 skipping to change at page 2, line 25
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 3
3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. RSOO-enabled options . . . . . . . . . . . . . . . . . . . . . 4 4. RSOO-enabled options . . . . . . . . . . . . . . . . . . . . . 4
5. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 5 5. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 5
6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 5 6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
The DHCPv6 specification [RFC3315] allows DHCP relay agents to The DHCPv6 specification [RFC3315] allows DHCP relay agents to
forward DHCPv6 messages between clients and servers that are not on forward DHCPv6 messages between clients and servers that are not on
the same IPv6 link. In some cases the DHCP relay agent has the same IPv6 link. In some cases the DHCP relay agent has
information not available to the DHCP server that would be useful to information not available to the DHCP server that would be useful to
provide to a DHCP client. For example, the DHCP client may need to provide to a DHCP client. For example, the DHCP client may need to
learn the EAP local domain name [I.D-ietf-hokey-ldn-discovery] for learn the EAP local domain name [I.D-ietf-hokey-ldn-discovery] for
skipping to change at page 3, line 45 skipping to change at page 3, line 45
The following terms and acronyms are used in this document: The following terms and acronyms are used in this document:
DHCP Dynamic Host Configuration Protocol Version 6 [RFC3315] DHCP Dynamic Host Configuration Protocol Version 6 [RFC3315]
RSOO Relay-Supplied Options option RSOO Relay-Supplied Options option
2. Protocol Summary 2. Protocol Summary
DHCP clients do not support a mechanism for receiving options from DHCP clients do not support a mechanism for receiving options from
relay agents--the function of the relay agent is simply to deliver relay agents--the relay agent is required to deliver the payload from
the payload from the server. Consequently, in order for the DHCP the DHCP server to the DHCP client without changing it. In order for
relay agent to provide options to the client, it sends those options the DHCP relay agent to provide options to the client, it sends those
to the DHCP server, encapsulated in a Relay-Supplied Options option. options to the DHCP server, encapsulated in a Relay-Supplied Options
The DHCP server can then choose to place those options in the option. The DHCP server can then choose to place those options in
response it sends to the client. the response it sends to the client.
3. Encoding 3. Encoding
In order to supply options for the DHCP server to send to the client, In order to supply options for the DHCP server to send to the client,
the relay agent sends a Relay-Supplied Options option in the Relay- the relay agent sends a Relay-Supplied Options option in the Relay-
Forward message. This option encapsulates whatever options the relay Forward message. This option encapsulates whatever options the relay
agent wishes to provide to the DHCPv6 server. agent wishes to provide to the DHCPv6 server.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 4, line 34 skipping to change at page 4, line 34
option-length option-length
Length of Relay-Supplied Options option. Length of Relay-Supplied Options option.
options options
One or more DHCPv6 options. One or more DHCPv6 options.
4. RSOO-enabled options 4. RSOO-enabled options
Unless specifically called out as an RSOO-enabled option, no DHCP The RSOO MUST NOT contain any option that is not specifically called
option should appear in an RSOO. Specifications that describe RSOO- out as an RSOO-enabled option. Specifications that describe RSOO-
enabled options MUST reference this specification, and MUST state enabled options MUST reference this specification, and MUST state
that the option they define is RSOO-enabled. No DHCP option that the option they define is RSOO-enabled. No DHCP option
specified prior to the issuance of this specification is RSOO- specified prior to the issuance of this specification is RSOO-
enabled. enabled.
A current list of RSOO-enabled options can be found in the list A current list of RSOO-enabled options can be found in the list
titled "Options Permitted in the Relay-Supplied Options option" titled "Options Permitted in the Relay-Supplied Options option"
maintained at http://www.iana.org/assignments/dhcpv6-parameters. maintained at http://www.iana.org/assignments/dhcpv6-parameters.
DHCP option specifications that define RSOO-enabled options MUST add DHCP option specifications that define RSOO-enabled options MUST add
skipping to change at page 5, line 9 skipping to change at page 5, line 9
"random relay option" should be replaced with the name of the option "random relay option" should be replaced with the name of the option
being defined in the specification: being defined in the specification:
We request that IANA add the name "random relay option" to the We request that IANA add the name "random relay option" to the
registry titled "Options Permitted in the Relay-Supplied Options registry titled "Options Permitted in the Relay-Supplied Options
Option" maintained at Option" maintained at
http://www.iana.org/assignments/dhcpv6-parameters. http://www.iana.org/assignments/dhcpv6-parameters.
5. DHCP Relay Agent Behavior 5. DHCP Relay Agent Behavior
DHCP relay agents that implement this specification MUST be
configurable not to send the Relay-Supplied Options option.
Relay agents MAY include a Relay-Supplied Options option in the Relay agents MAY include a Relay-Supplied Options option in the
option payload of a Relay-Forward message. Relay agents MUST NOT option payload of a Relay-Forward message being sent toward a DHCP
modify the contents of any message before forwarding it to the DHCP server. When relaying the payload of Relay-Reply messages toward
client. clients, Relay agents MUST NOT modify the payload.
Relay agents MUST NOT send non-RSOO-enabled options in the Relay- Relay agents MUST NOT send non-RSOO-enabled options in the Relay-
Supplied Options option. Supplied Options option.
Relay agents implementing this specification SHOULD have a Implementors of relay agents that support Relay-Supplied DHCP Options
configuration parameter that determines whether or not they will are strongly urged to implement a configuration parameter that
relay a Relay-Forward message toward the DHCP server if it contains a determines whether or not they will relay a Relay-Forward message
Relay-Supplied Options option. toward the DHCP server if it contains a Relay-Supplied Options
option.
Relay agents that have this configuration parameter and that are Relay agents that have this configuration parameter and that are
configured to enable this behavior MUST silently discard any Relay- configured to disable forwarding of Relay-Forward messages that
Forward packet that contains a Relay-Supplied Options option. contain a Relay-Supplied Options option MUST silently discard any
such message.
Implementations that can be configured in this way MUST examine all Implementations that can be configured in this way MUST examine all
Relay-Forward encapsulations, not just the outer encapsulation. Relay-Forward encapsulations, not just the outer encapsulation.
6. DHCP Server Behavior 6. DHCP Server Behavior
DHCP servers that implement this specification MUST examine each DHCP servers that implement Relay-Supplied DHCP Options MUST examine
option contained in an RSOO to see if it is an RSOO-enabled option. each option contained in an RSOO to see if it is an RSOO-enabled
DHCP servers MUST silently discard any option contained in an RSOO option. DHCP servers MUST silently discard any option contained in
that is not RSOO-enabled. DHCP server implementations SHOULD have a an RSOO that is not RSOO-enabled. DHCP server implementations SHOULD
user-configurable list of RSOO-enabled options, so that new RSOO- have an administrator-configurable list of RSOO-enabled options, so
enabled options do not require software to be updated. that new RSOO-enabled options do not require software to be updated.
DHCP servers normally construct a list of options that are candidates DHCP servers normally construct a list of options that are candidates
to send to the DHCP client, and then construct the DHCP packet to send to the DHCP client, and then construct the DHCP packet
according to section 17.2.2 of DHCPv6 [RFC3315]. according to section 17.2.2 of DHCPv6 [RFC3315].
If the server implementing this specificaton receives an RSOO, it If the server implementing Relay-Supplied DHCP Options receives an
SHOULD add any options that appear in the RSOO for which it has no RSOO, it SHOULD add any options that appear in the RSOO for which it
internal candidate to the list of options that are candidates to send has no internal candidate to the list of options that are candidates
to the DHCP client. The server SHOULD discard any options that to send to the DHCP client. The server SHOULD discard any options
appear in the RSOO for which it already has one or more candidates. that appear in the RSOO for which it already has one or more
candidates.
Aside from the addition of options from the RSOO, the DHCP server Aside from the addition of options from the RSOO, the DHCP server
should then construct a DHCP packet as it normally would, and should then construct a DHCP packet as it normally would, and
transmit it to the DHCP client as described in DHCPv6 [RFC3315]. transmit it to the DHCP client as described in DHCPv6 [RFC3315].
DHCP servers may receive multiply-nested Relay-Forward messages DHCP servers may receive multiply-nested Relay-Forward messages
containing conflicting values for options contained in Relay Supplied containing conflicting values for options contained in Relay Supplied
Options options in these messages. Options options in these messages.
When such a conflict exists, the DHCP server MUST choose no more than When such a conflict exists, the DHCP server MUST choose no more than
skipping to change at page 6, line 43 skipping to change at page 6, line 43
In the event that some new RSOO-enabled option is specified that can In the event that some new RSOO-enabled option is specified that can
originate from either the server or the relay agent, this should be originate from either the server or the relay agent, this should be
addressed in the security considerations section of the document that addressed in the security considerations section of the document that
specifies the use of that option. specifies the use of that option.
In some environments, there is an interface on one side of which is In some environments, there is an interface on one side of which is
the client, and zero or more routers, and on the other side of which the client, and zero or more routers, and on the other side of which
is a network managed by a monolithic or effectively monolithic is a network managed by a monolithic or effectively monolithic
administrative entity. Nodes and routers on the client side of the administrative entity. Nodes and routers on the client side of the
interface are not controlled by this entity, and are considered interface are not controlled by this entity, and are considered
"untrusted." Nodes and routers on the other side of this interface "untrusted." Nodes and routers on the network side of this interface
are considered trusted. are considered trusted.
It is possible for a relay agent on the untrusted side of this It is possible for a malicious node acting as a relay agent on the
interface to supply a Relay-Supplied Options option containing one or untrusted side of this interface to supply a Relay-Supplied Options
more RSOO-enabled options that would override the same option or option containing one or more RSOO-enabled options that would
options that were provided by a relay agent on the trusted side of override the same option or options that were provided by a relay
the interface. agent on the trusted side of the interface.
In environments where this is a possibility, network administrators In environments where this is a possibility, network administrators
are advised to use relay agents that are capable of dropping Relay- are advised to use relay agents that are capable of dropping Relay-
Forward messages containing the Relay-Supplied Options option, and Forward messages containing the Relay-Supplied Options option, and
are advised to configure those relays to drop such messages. are advised to configure those relays to drop such messages.
Note, however, that this will only be effective if the message from Note, however, that this will only be effective if the message from
the DHCP server to the DHCP client is authenticated as specified in the DHCP server to the DHCP client is authenticated as specified in
Section 21 of DHCP Version 6 [RFC3315], or using some similar Section 21 of DHCP Version 6 [RFC3315], or using some similar
mechanism. Without this authentication, the relay agent on the mechanism. Without this authentication, the malicious node on the
untrusted portion of the network can simply modify the DHCP server's untrusted portion of the network can simply modify the DHCP server's
response in transit back to the DHCP client, and there is no way for response in transit back to the DHCP client, and there is no way for
the client to detect that this has happened. the client to detect that this has happened.
8. IANA Considerations 8. IANA Considerations
We request that IANA assign one new option code from the registry of We request that IANA assign one new registry code from the registry
DHCP Option Codes maintained at of DHCP Option Codes maintained at
http://www.iana.org/assignments/dhcpv6-parameters. This option code http://www.iana.org/assignments/dhcpv6-parameters. This registry
will be assigned to the Relay-Supplied Options option. code will be assigned to the Relay-Supplied Options option.
We request that the IANA create a new registry on the same We request that the IANA create a new registry on the same
assignments page, titled "Options Permitted in the Relay-Supplied assignments page, titled "Options Permitted in the Relay-Supplied
Options Option". This option will contain a list of names of options Options Option". This option will contain a list of names of options
from the DHCP Option Codes list. Currently, the list is empty. from the DHCP Option Codes list. Currently, the list is empty.
Options may be added to this list either as a result of protocol Options may be added to this list after IETF Review[RFC5226].
action or expert review. Expert review may either be in the form of
a working group review and consensus call, or IESG review in IETF Review should include careful consideration of the security
consultation with the DHC working group chair or chairs. implications of allowing a relay agent to provide a value for the
option being considered for addition to this registry. In the case
where an IETF working group chartered to review DHCP protocol
extensions exists, it is not sufficient for some other working group
to review the registry addition.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
9.2. Informative References 9.2. Informative References
[I.D-ietf-hokey-ldn-discovery] [I.D-ietf-hokey-ldn-discovery]
Zorn, G., Wu, Q., and Y. Wang, "The ERP Local Domain Name Zorn, G., Wu, Q., and Y. Wang, "The ERP Local Domain Name
DHCPv6 Option", draft-ietf-hokey-ldn-discovery-10 (work in DHCPv6 Option", draft-ietf-hokey-ldn-discovery-10 (work in
progress), April 2011. progress), April 2011.
[RFC5296] Narayanan, V. and L. Dondeti, "EAP Extensions for EAP Re- [RFC5296] Narayanan, V. and L. Dondeti, "EAP Extensions for EAP Re-
authentication Protocol (ERP)", RFC 5296, August 2008. authentication Protocol (ERP)", RFC 5296, August 2008.
 End of changes. 19 change blocks. 
56 lines changed or deleted 70 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/