draft-ietf-dhc-dhcpv6-relay-supplied-options-09.txt   rfc6422.txt 
dhc T. Lemon Internet Engineering Task Force (IETF) T. Lemon
Internet-Draft Nominum Request for Comments: 6422 Nominum
Updates: 3315 (if approved) Q. Wu Updates: 3315 Q. Wu
Intended status: Standards Track Huawei Category: Standards Track Huawei
Expires: March 9, 2012 September 6, 2011 ISSN: 2070-1721 December 2011
Relay-Supplied DHCP Options Relay-Supplied DHCP Options
draft-ietf-dhc-dhcpv6-relay-supplied-options-09
Abstract Abstract
DHCPv6 relay agents can not communicate with DHCPv6 clients directly. DHCPv6 relay agents cannot communicate with DHCPv6 clients directly.
However, in some cases, the relay agent possesses some information However, in some cases, the relay agent possesses some information
that would be useful to the DHCPv6 client. This document describes a that would be useful to the DHCPv6 client. This document describes a
mechanism whereby the DHCPv6 relay agent can provide such information mechanism whereby the DHCPv6 relay agent can provide such information
to the DHCPv6 server, which can, in turn, pass this information on to to the DHCPv6 server, which can, in turn, pass this information on to
the DHCP client. the DHCP client.
This document updates RFC3315 (DHCPv6) by making explicit the This document updates RFC 3315 (DHCPv6) by making explicit the
implicit requirement that relay agents not modify the content of implicit requirement that relay agents not modify the content of
encapsulation payloads as they are relayed back toward clients. encapsulation payloads as they are relayed back toward clients.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This is an Internet Standards Track document.
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on March 9, 2012. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6422.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language ......................................3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology ................................................3
2. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol Summary ................................................3
3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Encoding ........................................................3
4. RSOO-enabled options . . . . . . . . . . . . . . . . . . . . . 4 4. RSOO-Enabled Options ............................................4
5. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 5 5. DHCP Relay Agent Behavior .......................................4
6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 5 6. DHCP Server Behavior ............................................5
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations .........................................6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations .............................................7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9. References ......................................................7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References .......................................7
9.2. Informative References . . . . . . . . . . . . . . . . . . 8 9.2. Informative References .....................................7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
The DHCPv6 specification [RFC3315] allows DHCP relay agents to The DHCPv6 specification [RFC3315] allows DHCP relay agents to
forward DHCPv6 messages between clients and servers that are not on forward DHCPv6 messages between clients and servers that are not on
the same IPv6 link. In some cases the DHCP relay agent has the same IPv6 link. In some cases, the DHCP relay agent has
information not available to the DHCP server that would be useful to information not available to the DHCP server that would be useful to
provide to a DHCP client. For example, the DHCP client may need to provide to a DHCP client. For example, the DHCP client may need to
learn the EAP local domain name [I.D-ietf-hokey-ldn-discovery] for learn the EAP Re-authentication Protocol (ERP) local domain name
use in EAP re-authentication [RFC5296], which is known to the relay [RFC6440] for use in EAP re-authentication [RFC5296], which is known
agent but not the server. to the relay agent but not the server.
The DHCPv6 protocol specification does not provide a mechanism The DHCPv6 protocol specification does not provide a mechanism
whereby the relay agent can provide options to the client. This whereby the relay agent can provide options to the client. This
document extends DHCP with a mechanism that allows DHCP relay agents document extends DHCP with a mechanism that allows DHCP relay agents
to propose options for the server to send to DHCP clients. to propose options for the server to send to DHCP clients.
This document is not intended to provide a general mechanism for This document is not intended to provide a general mechanism for
storing client configuration information in the relay agent. Rather, storing client configuration information in the relay agent. Rather,
it is intended to address specific use cases where only the relay it is intended to address specific use cases where only the relay
agent has information needed by the client. This extension is not agent has information needed by the client. This extension is not
skipping to change at page 3, line 38 skipping to change at page 3, line 22
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Terminology 1.2. Terminology
The following terms and acronyms are used in this document: The following terms and acronyms are used in this document:
DHCP Dynamic Host Configuration Protocol Version 6 [RFC3315] o DHCP: Dynamic Host Configuration Protocol Version 6 [RFC3315]
RSOO Relay-Supplied Options option o RSOO: Relay-Supplied Options option
2. Protocol Summary 2. Protocol Summary
DHCP clients do not support a mechanism for receiving options from DHCP clients do not support a mechanism for receiving options from
relay agents--the relay agent is required to deliver the payload from relay agents -- the relay agent is required to deliver the payload
the DHCP server to the DHCP client without changing it. In order for from the DHCP server to the DHCP client without changing it. In
the DHCP relay agent to provide options to the client, it sends those order for the DHCP relay agent to provide options to the client, it
options to the DHCP server, encapsulated in a Relay-Supplied Options sends those options to the DHCP server, encapsulated in an RSOO. The
option. The DHCP server can then choose to place those options in DHCP server can then choose to place those options in the response it
the response it sends to the client. sends to the client.
3. Encoding 3. Encoding
In order to supply options for the DHCP server to send to the client, In order to supply options for the DHCP server to send to the client,
the relay agent sends a Relay-Supplied Options option in the Relay- the relay agent sends an RSOO in the Relay-Forward message. This
Forward message. This option encapsulates whatever options the relay option encapsulates whatever options the relay agent wishes to
agent wishes to provide to the DHCPv6 server. provide to the DHCPv6 server.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_RSOO | option-length | | OPTION_RSOO | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| options... | options...
+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+
OPTION_RSOO OPTION_RSOO
Relay-Supplied Options code (TBD). Relay-Supplied Options code (66).
option-length option-length
Length of Relay-Supplied Options option. Length of the RSOO.
options options
One or more DHCPv6 options. One or more DHCPv6 options.
4. RSOO-enabled options 4. RSOO-Enabled Options
The RSOO MUST NOT contain any option that is not specifically called The RSOO MUST NOT contain any option that is not specifically called
out as an RSOO-enabled option. Specifications that describe RSOO- out as an RSOO-enabled option. Specifications that describe RSOO-
enabled options MUST reference this specification, and MUST state enabled options MUST reference this specification, and MUST state
that the option they define is RSOO-enabled. No DHCP option that the option they define is RSOO-enabled. No DHCP option
specified prior to the issuance of this specification is RSOO- specified prior to the issuance of this specification is RSOO-
enabled. enabled.
A current list of RSOO-enabled options can be found in the list A current list of RSOO-enabled options can be found in the list
titled "Options Permitted in the Relay-Supplied Options option" titled "Options Permitted in the Relay-Supplied Options Option"
maintained at http://www.iana.org/assignments/dhcpv6-parameters. maintained at http://www.iana.org/.
DHCP option specifications that define RSOO-enabled options MUST add DHCP option specifications that define RSOO-enabled options MUST add
text similar to the following to their IANA considerations section; text similar to the following to their IANA Considerations section;
"random relay option" should be replaced with the name of the option "random relay option" should be replaced with the name of the option
being defined in the specification: being defined in the specification:
We request that IANA add the name "random relay option" to the We request that IANA add the name "random relay option" to the
registry titled "Options Permitted in the Relay-Supplied Options registry titled "Options Permitted in the Relay-Supplied Options
Option" maintained at Option" maintained at http://www.iana.org/.
http://www.iana.org/assignments/dhcpv6-parameters.
5. DHCP Relay Agent Behavior 5. DHCP Relay Agent Behavior
Relay agents MAY include a Relay-Supplied Options option in the Relay agents MAY include an RSOO in the option payload of a Relay-
option payload of a Relay-Forward message being sent toward a DHCP Forward message being sent toward a DHCP server. When relaying the
server. When relaying the payload of Relay-Reply messages toward payload of Relay-Reply messages toward clients, relay agents MUST NOT
clients, Relay agents MUST NOT modify the payload. modify the payload.
Relay agents MUST NOT send non-RSOO-enabled options in the Relay- Relay agents MUST NOT send non-RSOO-enabled options in the Relay-
Supplied Options option. Supplied Options option.
In order to allow network administrators to control the flow of RSOO In order to allow network administrators to control the flow of RSOO
options onto the network, relay agents that implement the Relay options onto the network, relay agents that implement the Relay-
Supplied Options Option need to have a configuration parameter that Supplied Options option need to have a configuration parameter that
determines to whether or not they will relay RSOO-containing Relay- determines whether or not they will relay Relay-Forward messages
Forward messages. containing RSOOs.
Relay agents that have this configuration parameter and that are Relay agents that have this configuration parameter and that are
configured to disable forwarding of Relay-Forward messages that configured to disable forwarding of a Relay-Forward message
contain a Relay-Supplied Options option MUST silently discard any containing an RSOO MUST silently discard any such message.
such message.
Implementations that can be configured in this way MUST examine all Implementations that can be configured in this way MUST examine all
Relay-Forward encapsulations, not just the outer encapsulation. Relay-Forward encapsulations, not just the outer encapsulation.
6. DHCP Server Behavior 6. DHCP Server Behavior
DHCP servers that implement Relay-Supplied DHCP Options MUST examine DHCP servers that implement this protocol specification MUST examine
each option contained in an RSOO to see if it is an RSOO-enabled each option contained in an RSOO to see if it is an RSOO-enabled
option. DHCP servers MUST silently discard any option contained in option. DHCP servers MUST silently discard any option contained in
an RSOO that is not RSOO-enabled. DHCP server implementations SHOULD an RSOO that is not RSOO-enabled. DHCP server implementations SHOULD
have an administrator-configurable list of RSOO-enabled options, so have an administrator-configurable list of RSOO-enabled options, so
that new RSOO-enabled options do not require software to be updated. that new RSOO-enabled options do not require software to be updated.
DHCP servers normally construct a list of options that are candidates DHCP servers normally construct a list of options that are candidates
to send to the DHCP client, and then construct the DHCP packet to send to the DHCP client, and then construct the DHCP packet
according to section 17.2.2 of DHCPv6 [RFC3315]. according to Section 17.2.2 of the DHCPv6 specification [RFC3315].
If the server implementing Relay-Supplied DHCP Options receives an If the server implementing this protocol specification receives an
RSOO, it SHOULD add any options that appear in the RSOO for which it RSOO, it SHOULD add any options that appear in the RSOO for which it
has no internal candidate to the list of options that are candidates has no internal candidate to the list of options that are candidates
to send to the DHCP client. The server SHOULD discard any options to send to the DHCP client. The server SHOULD discard any options
that appear in the RSOO for which it already has one or more that appear in the RSOO for which it already has one or more
candidates. candidates.
Aside from the addition of options from the RSOO, the DHCP server Aside from the addition of options from the RSOO, the DHCP server
should then construct a DHCP packet as it normally would, and should then construct a DHCP packet as it normally would, and
transmit it to the DHCP client as described in DHCPv6 [RFC3315]. transmit it to the DHCP client as described in [RFC3315].
DHCP servers may receive multiply-nested Relay-Forward messages DHCP servers may receive multiply-nested Relay-Forward messages
containing conflicting values for options contained in Relay Supplied containing conflicting values for options contained in RSOOs in these
Options options in these messages. messages.
When such a conflict exists, the DHCP server MUST choose no more than When such a conflict exists, the DHCP server MUST choose no more than
one of these options to forward to the client. The DHCP server MUST one of these options to forward to the client. The DHCP server MUST
NOT forward more than one of these options to the client. NOT forward more than one of these options to the client.
By default, the DHCP server MUST choose the innermost value--the By default, the DHCP server MUST choose the innermost value -- the
value supplied by the relay agent closest to the DHCP client, to value supplied by the relay agent closest to the DHCP client -- to
forward to the DHCP client. forward to the DHCP client.
DHCP server implementations MAY provide other heuristics for choosing DHCP server implementations MAY provide other heuristics for choosing
which one of a set of such conflicting options to forward to the which one of a set of such conflicting options to forward to the
client, as long as the specified behavior is the default behavior. client, as long as the specified behavior is the default behavior.
7. Security Considerations 7. Security Considerations
This document provides a mechanism whereby a relay agent can inject This document provides a mechanism whereby a relay agent can inject
options into the response the DHCP server sends to the DHCP client. options into the response the DHCP server sends to the DHCP client.
In general it is expected that RSOO-enabled options will be specified In currently known use cases -- for example, the ERP Local Domain
because they only make sense when originating from the relay agent. Option [RFC6440] -- RSOO-enabled options are options that will only
This is true of existing use cases. ever originate on a relay agent, and do not make sense when
originating on a DHCP server.
In the event that some new RSOO-enabled option is specified that can In the event that some new RSOO-enabled option is specified that can
originate from either the server or the relay agent, this should be originate from either the server or the relay agent, this should be
addressed in the security considerations section of the document that addressed in the Security Considerations section of the document that
specifies the use of that option. specifies the use of that option.
In some environments, there is an interface on one side of which is In some environments, there is an interface on one side of which is
the client, and zero or more routers, and on the other side of which the client, and zero or more routers, and on the other side of which
is a network managed by a monolithic or effectively monolithic is a network managed by a monolithic or effectively monolithic
administrative entity. Nodes and routers on the client side of the administrative entity. Nodes and routers on the client side of the
interface are not controlled by this entity, and are considered interface are not controlled by this entity, and are considered
"untrusted." Nodes and routers on the network side of this interface "untrusted". Nodes and routers on the network side of this interface
are considered trusted. are considered trusted.
It is possible for a malicious node acting as a relay agent on the It is possible for a malicious node acting as a relay agent on the
untrusted side of this interface to supply a Relay-Supplied Options untrusted side of this interface to supply an RSOO containing one or
option containing one or more RSOO-enabled options that would more RSOO-enabled options that would override the same option or
override the same option or options that were provided by a relay options that were provided by a relay agent on the trusted side of
agent on the trusted side of the interface. the interface.
In environments where this is a possibility, network administrators In environments where this is a possibility, network administrators
are advised to use relay agents that are capable of dropping Relay- are advised to use relay agents that are capable of dropping Relay-
Forward messages containing the Relay-Supplied Options option, and Forward messages containing the RSOO, and are advised to configure
are advised to configure those relays to drop such messages. those relay agents to drop such messages.
Note, however, that this will only be effective if the message from Note, however, that this will only be effective if the message from
the DHCP server to the DHCP client is authenticated as specified in the DHCP server to the DHCP client is authenticated as specified in
Section 21 of DHCP Version 6 [RFC3315], or using some similar Section 21 of [RFC3315], or using some similar mechanism. Without
mechanism. Without this authentication, the malicious node on the this authentication, the malicious node on the untrusted portion of
untrusted portion of the network can simply modify the DHCP server's the network can simply modify the DHCP server's response in transit
response in transit back to the DHCP client, and there is no way for back to the DHCP client, and there is no way for the client to detect
the client to detect that this has happened. that this has happened.
8. IANA Considerations 8. IANA Considerations
IANA is requested to assign one new DHCPv6 option code from the IANA has assigned one new DHCPv6 option code from the registry of
registry of DHCP Option Codes maintained at DHCP Option Codes maintained at http://www.iana.org/. The option
http://www.iana.org/assignments/dhcpv6-parameters. The option code code 66 (OPTION_RSOO) has been assigned to the Relay-Supplied Options
OPTION_RSOO will be assigned to the Relay-Supplied Options option. option.
IANA is also requested to create a new registry on the same IANA has created a new registry on the same assignments page, titled
assignments page, titled "Options Permitted in the Relay-Supplied "Options Permitted in the Relay-Supplied Options Option". This
Options Option". This registry will contain a list of DHCPv6 option registry will enumerate the set of all code points from the DHCP
codes from the DHCP Option Codes list at Option Codes table for options that may appear in the RSOO. Options
http://www.iana.org/assignments/dhcpv6-parameters as suboptions of may be added to this list after IETF Review [RFC5226]. When adding
the Relay-Supplied Options option. Currently, the list is empty. options to the list, please ensure that the description for the code
Options may be added to this list after IETF Review[RFC5226]. added matches the description in the DHCP Option Codes table for that
code. Option codes that have not been requested to be added
according to the stated procedure should not be mentioned at all in
the table, and should not be listed as "reserved" or "unassigned".
IETF Review should include careful consideration of the security IETF Review should include careful consideration of the security
implications of allowing a relay agent to provide a value for the implications of allowing a relay agent to provide a value for the
option being considered for addition to this registry. In the case option being considered for addition to this registry. In the case
where an IETF working group chartered to review DHCP protocol where an IETF working group chartered to review DHCP protocol
extensions exists, it is not sufficient for some other working group extensions exists, it is not sufficient for some other working group
to review the registry addition. to review the registry addition.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
and M. Carney, "Dynamic Host Configuration Protocol for C., and M. Carney, "Dynamic Host Configuration Protocol
IPv6 (DHCPv6)", RFC 3315, July 2003. for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
9.2. Informative References 9.2. Informative References
[I.D-ietf-hokey-ldn-discovery] [RFC5296] Narayanan, V. and L. Dondeti, "EAP Extensions for EAP
Zorn, G., Wu, Q., and Y. Wang, "The ERP Local Domain Name Re-authentication Protocol (ERP)", RFC 5296, August 2008.
DHCPv6 Option", draft-ietf-hokey-ldn-discovery-10 (work in
progress), April 2011.
[RFC5296] Narayanan, V. and L. Dondeti, "EAP Extensions for EAP Re- [RFC6440] Zorn, G., Wu, Q., and Y. Wang, "The EAP Re-authentication
authentication Protocol (ERP)", RFC 5296, August 2008. Protocol (ERP) Local Domain Name DHCPv6 Option", RFC 6440,
December 2011.
Authors' Addresses Authors' Addresses
Ted Lemon Ted Lemon
Nominum Nominum
2000 Seaport Blvd 2000 Seaport Blvd.
Redwood City, CA 94063 Redwood City, CA 94063
USA USA
Phone: +1 650 381 6000 Phone: +1 650 381 6000
Email: mellon@nominum.com EMail: mellon@nominum.com
Qin Wu Qin Wu
Huawei Technologies Co., Ltd. Huawei Technologies Co., Ltd.
101 Software Avenue, Yuhua District 101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012 Nanjing, Jiangsu 210012
China China
Email: sunseawq@huawei.com Phone: +86-25-56623633
EMail: sunseawq@huawei.com
 End of changes. 44 change blocks. 
115 lines changed or deleted 111 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/