draft-ietf-dhc-leasequery-by-remote-id-04.txt   draft-ietf-dhc-leasequery-by-remote-id-05.txt 
DHC Working Group P. Kurapati DHC Working Group P. Kurapati
Internet-Draft Internet-Draft Juniper Networks Ltd.
Expires: May 27, 2010 R. Desetti Expires: December 9, 2010 R. Desetti
B. Joshi B. Joshi
Infosys Technologies Ltd. Infosys Technologies Ltd.
November 23, 2009 June 7, 2010
DHCPv4 Leasequery by relay agent remote ID DHCPv4 Leasequery by relay agent remote ID
draft-ietf-dhc-leasequery-by-remote-id-04.txt draft-ietf-dhc-leasequery-by-remote-id-05.txt
Abstract Abstract
Some Relay Agents extract lease information from the DHCP message Some Relay Agents extract lease information from the DHCP messages
exchanged between the client and DHCP server. This lease information exchanged between the client and DHCP server. This lease information
is used by relay agents for various purposes like antispoofing and is used by relay agents for various purposes like antispoofing and
prevention of flooding. RFC 4388 defines a mechanism for relay prevention of flooding. RFC 4388 [RFC4388] defines a mechanism for
agents to retrieve the lease information from the DHCP server as and relay agents to retrieve the lease information from the DHCP server
when this information is lost. The existing leasequery mechanism is as and when this information is lost. The existing leasequery
data driven, which means that a relay agent can initiate the mechanism is data driven, which means that a relay agent can initiate
leasequery only when it starts receiving data from/to the clients. the leasequery only when it starts receiving data from/to the
In certain scenarios, this model is not scalable. This document clients. In certain scenarios, this model is not scalable. This
first looks at issues in existing mechanism and then proposes a new document first looks at issues in existing mechanism and then
query type, query by remote ID, to address these issues. proposes a new query type, query by remote ID, to address these
issues.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on December 9, 2010.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 27, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Design Goals . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . . 8
4.1. Information Acquisition before Data Starts . . . . . . . . 9 4.1. Sending the DHCPLEASEQUERY Message . . . . . . . . . . . . 8
4.2. Reduce Negative Caching . . . . . . . . . . . . . . . . . 9 4.2. Responding to the DHCPLEASEQUERY Message . . . . . . . . . 9
4.3. Antispoofing in 'Fast Path' . . . . . . . . . . . . . . . 9 4.3. Determining the IP address to be used in response . . . . 9
5. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 10 4.4. Building a DHCPLEASEUNKNOWN or DHCPLEASEACTIVE message . . 10
6. Protocol Details . . . . . . . . . . . . . . . . . . . . . . . 11 4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message . . 10
6.1. Sending the DHCPLEASEQUERY Message . . . . . . . . . . . . 11 4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN
6.2. Receiving the DHCPLEASEQUERY Message . . . . . . . . . . . 12 Message . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.3. Responding to the DHCPLEASEQUERY Message . . . . . . . . . 12 4.7. Receiving No Response to the DHCPLEASEQUERY Message . . . 11
6.4. Determining the IP address to be used in the response . . 12 4.8. Lease Binding Data Storage Requirements . . . . . . . . . 11
6.5. Building a DHCPLEASEUNKNOWN or DHCPLEASEACTIVE Message . . 13 4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP
6.6. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message . . 14 Servers . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.7. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message . 15 5. RFC 4388 Considerations . . . . . . . . . . . . . . . . . . . 12
6.8. Receiving No Response to the DHCPLEASEQUERY Message . . . 15 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
6.9. Lease Binding Data Storage Requirements . . . . . . . . . 15 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
6.10. Using the DHCPLEASEQUERY Message with Multiple DHCP 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
Servers . . . . . . . . . . . . . . . . . . . . . . . . . 16 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
7. RFC 4388 Considerations . . . . . . . . . . . . . . . . . . . 17 9.1. Normative Reference . . . . . . . . . . . . . . . . . . . 16
8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9.2. Informative Reference . . . . . . . . . . . . . . . . . . 16
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21
11.1. Normative Reference . . . . . . . . . . . . . . . . . . . 21
11.2. Informative Reference . . . . . . . . . . . . . . . . . . 21
Appendix A. Why a New Leasequery is Required? . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
DHCP relay agents snoop DHCP messages and append a relay agent DHCP relay agents snoop DHCP messages and append a relay agent
information option before relaying them to the configured DHCP information option before relaying them to the configured DHCP
Server. In this process, some relay agents also glean the lease Server. In this process, some relay agents also glean the lease
information sent by the server and maintain this locally. This information sent by the server and maintain this locally. This
information is used to prevent spoofing attempts from clients and information is used to prevent spoofing attempts from clients and
also sometimes to install routing information. When a relay agent also sometimes to install routing information. When a relay agent
reboots, this information is lost. RFC 4388 [RFC4388] has defined a reboots, this information is lost. RFC 4388 [RFC4388] has defined a
skipping to change at page 5, line 37 skipping to change at page 5, line 37
A DHCP relay agent is a third-party agent that transfers Bootstrap A DHCP relay agent is a third-party agent that transfers Bootstrap
Protocol (BOOTP) and DHCP messages between clients and servers Protocol (BOOTP) and DHCP messages between clients and servers
residing on different subnets, per RFC 951 [RFC951] and RFC 1542 residing on different subnets, per RFC 951 [RFC951] and RFC 1542
[RFC1542]. [RFC1542].
o "DHCP server" o "DHCP server"
A DHCP server is an Internet host that returns configuration A DHCP server is an Internet host that returns configuration
parameters to DHCP clients. parameters to DHCP clients.
o "downstream" o "Fast path"
Downstream is the direction from the access concentrator towards the
broadband subscriber.
o "fast path"
Data transfer which happens through Network Processor or an ASIC Data transfer which happens through Network Processor or an ASIC
which are programmed to forward the data at very high speeds. which are programmed to forward the data at very high speeds.
o "gleaning" o "Gleaning"
Gleaning is the extraction of location information from DHCP Gleaning is the extraction of location information from DHCP
messages, as the messages are forwarded by the DHCP relay agent messages, as the messages are forwarded by the DHCP relay agent
function. function.
o "location information" o "Location information"
Location information is information needed by the access concentrator Location information is information needed by the access concentrator
to forward traffic to a broadband-accessible host. This information to forward traffic to a broadband-accessible host. This information
includes knowledge of the host hardware address, the port or virtual includes knowledge of the host hardware address, the port or virtual
circuit that leads to the host, and/or the hardware address of the circuit that leads to the host, and/or the hardware address of the
intervening subscriber modem. intervening subscriber modem.
o "MAC address" o "MAC address"
In the context of a DHCP packet, a MAC address consists of the In the context of a DHCP packet, a MAC address consists of the
following fields: hardware type "htype", hardware length "hlen", and following fields: hardware type "htype", hardware length "hlen", and
client hardware address "chaddr". client hardware address "chaddr".
o "slow path" o "Slow path"
Data transfer which happens through the control plane. Typically Data transfer which happens through the control plane. Typically
this has very limited buffers to store data and the speeds are very this has very limited buffers to store data and the speeds are very
low compared to fast path data transfer. low compared to fast path data transfer.
o "upstream" o "Upstream"
Upstream is the direction from the broadband subscriber towards the Upstream is the direction from the broadband subscriber towards the
access concentrator. access concentrator.
3. Motivation 3. Motivation
Consider a typical access concentrator (e.g., DSLAM) working also as Consider a typical access concentrator (e.g., DSLAM) working also as
a DHCP relay agent. A "Fast path" and a "slow path" generally exist a DHCP relay agent. A "Fast path" and a "slow path" generally exist
in most networking boxes. Fast path processing is done in a network in most networking boxes. Fast path processing is done in a network
processor or an ASIC (Application Specific Integrated Circuit). Slow processor or an ASIC (Application Specific Integrated Circuit). Slow
path processing is done in a normal processor. As much as possible, path processing is done in a normal processor. As much as possible,
regular data handling code should be in the fast path. Slow path regular data forwarding should be done in the fast path. Slow path
processing should be reduced as it may become a bottleneck. processing should be reduced as it may become a bottleneck.
For an access concentrator having multiple access ports, multiple IP For an access concentrator having multiple access ports, multiple IP
addresses may be assigned using DHCP to a single port and the number addresses may be assigned using DHCP to a single port and the number
of clients on a port may be unknown. The access concentrator may of clients on a port may be unknown. The access concentrator may
also not know the network portions of the IP addresses that are also not know the network portions of the IP addresses that are
assigned to its DHCP clients. assigned to its DHCP clients.
The access concentrator gleans IP address or other information from The access concentrator gleans IP address or other information from
DHCP negotiations for antispoofing and other purposes. The DHCP negotiations for antispoofing and other purposes. The
skipping to change at page 7, line 37 skipping to change at page 7, line 37
negotiations have been gleaned by the access concentrator, no negotiations have been gleaned by the access concentrator, no
legitimate packets will be dropped because of antispoofing. In other legitimate packets will be dropped because of antispoofing. In other
words, antispoofing is effective (no legitimate packets are dropped words, antispoofing is effective (no legitimate packets are dropped
and all spoofed packets are dropped) and efficient (antispoofing is and all spoofed packets are dropped) and efficient (antispoofing is
done in the fast path). The intention is to achieve similar done in the fast path). The intention is to achieve similar
effective and efficient antispoofing in the lease query scenario also effective and efficient antispoofing in the lease query scenario also
when an access concentrator loses its gleaned information (for when an access concentrator loses its gleaned information (for
example, because of a reboot). example, because of a reboot).
After a deep analysis, we found that the three existing query types After a deep analysis, we found that the three existing query types
supported by RFC 4388[RFC4388] do not provide effective and efficient supported by RFC 4388 [RFC4388] do not provide effective and
antispoofing for the above scenario and a new mechanism is required. efficient antispoofing for the above scenario and a new mechanism is
required.
The existing query types The existing query types
o necessitate a data-driven approach: the lease queries can only be o necessitate a data-driven approach: the lease queries can only be
done when the access concentrator receives data; that results in done when the access concentrator receives data. This results in
increased outage time for clients; increased outage time for clients
o result in excessive negative caching, consuming a lot of resources
under a spoofing attack;
o result in antispoofing being done in the slow path instead of the
fast path.
The deeper analysis, which led to the above conclusions, itself
appears as an Appendix to this document.
4. Design Goals
The goal of this document is to provide a lightweight mechanism for
an access concentrator to retrieve lease information available in the
DHCP server. The mechanism SHOULD also support an access
concentrator to retrieve consolidated lease information for a
connection/circuit.
4.1. Information Acquisition before Data Starts
The existing data driven approach specified by RFC 4388 [RFC4388]
means that the lease queries can only be performed when the access
concentrator receives data. If there was an approach to initiate
lease queries even before the calls come up, then that would be more
effective. For antispoofing, packets need to be dropped until the
access concentrator gets the lease information from the DHCP server.
If the access concentrator finishes the lease queries before it
receives upstream data, then there is no need to drop legitimate
packets. So, effectively outage time may be reduced. The lease
queries should help in retrieving lease information even before the
data starts flowing and should be independent of data traffic.
4.2. Reduce Negative Caching o results in excessive negative caching, consuming a lot of
resources under a spoofing attack
If lease queries yield negative results that need to be cached, then o results in antispoofing being done in the slow path instead of the
that puts additional overhead on the access concentrator. Negative fast path
caches not only consume precious resources but they also need to be
managed. Hence they should be avoided as much as possible. The
lease queries should reduce the need for negative caching as far as
possible.
4.3. Antispoofing in 'Fast Path' 4. Protocol Details
If antispoofing is not done in the fast path, it will become a This section talks about the protocol details for query by relay
bottleneck and may lead to denial of service of the access agent remote id. Most of the message handlings are similar to RFC
concentrator. The lease queries should make it possible to do 4388 [RFC4388] and this section highlights only the differences.
antispoofing in the fast path. Reader is advised to go through RFC 4388 [RFC4388] before going
through this section for complete understanding of the protocol.
5. Protocol Overview A DHCPLEASEQUERY specified in this document specifies a lease query
by remote ID unless otherwise specified.
RFC 3046 [RFC3046] defines two sub-options for the Relay Agent RFC 3046 [RFC3046] defines two sub-options for the Relay Agent
Information option. Sub-option 1 corresponds to the circuit ID that Information option. Sub-option 1 corresponds to the circuit ID that
identifies the local circuit of the access concentrator. This sub- identifies the local circuit of the access concentrator. This sub-
option is unique to the relay agent. Sub-option 2 corresponds to the option is unique to the relay agent. Sub-option 2 corresponds to the
remote ID that identifies the remote host end of the circuit. This remote ID that identifies the remote host end of the circuit. This
is globally unique in the network. is globally unique in the network.
This document defines a new query type based on the remote ID sub- This document defines a new query type based on the remote ID sub-
option. Suppose that the access concentrator (e.g., DSLAM) lost the option. Suppose that the access concentrator (e.g., DSLAM) lost the
lease information when it was rebooted. When the access concentrator lease information when it was rebooted. When the access concentrator
comes up, it would initiate (for each connection/circuit) a comes up, it would initiate (for each connection/circuit) a dhcp
DHCPLEASEQUERY message containing the Relay Agent Information option lease query by remote-id as defined in this section. For this query,
[RFC3046] with sub-option remote ID. The DHCP server must return an the requester supplies only an option 82 which will include only an
IP address in the ciaddr field if it has any record of the client Agent Remote ID sub-option in the DHCPLEASEQUERY message.
described by the remote ID. In the absence of specific configuration
information to the contrary, it SHOULD be the IP address with the
latest client-last-transaction-time associated with the client
described by the remote ID. The DHCP servers that implement this
document always send a response ( DHCPLEASEACTIVE or
DHCPLEASEUNKNOWN) to the DHCPLEASEQUERY message. The reasons why a
DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message is generated are
explained in the specific query regimes below. Servers that do not
implement DHCPLEASEQUERY based on remote ID SHOULD simply not
respond.
The query regime is described below:
o Query by Agent Remote ID sub-option:
For this query, the requester supplies in the DHCPLEASEQUERY message
only an option 82 which will include only an Agent Remote ID sub-
option. The DHCP server will return any information that it has on
the IP address most recently accessed by a client with that Agent
Remote ID. In addition, it SHOULD supply any additional IP addresses
that have been associated with the Agent Remote ID in different
subnets. Information about these bindings can then be found using
the Query by IP Address, as described in RFC 4388 [RFC4388].
The DHCP server MUST reply with a DHCPLEASEACTIVE message if the
Agent Remote ID in the DHCPLEASEQUERY message currently has an active
lease on an IP address in this DHCP server. Otherwise, the server
MUST reply with a DHCPLEASEUNKNOWN message.
6. Protocol Details
In this section, DHCPLEASEQUERY message refers to DHCPLEASEQUERY The DHCP server MUST reply with a DHCPLEASEACTIVE message if there is
message with query by remote ID. an active lease corresponding to the agent remote-ID that is present
in the DHCPLEASEQUERY message. Otherwise, the server MUST reply with
a DHCPLEASEUNKNOWN message. Servers that do not implement
DHCPLEASEQUERY based on remote ID SHOULD simply not respond.
6.1. Sending the DHCPLEASEQUERY Message 4.1. Sending the DHCPLEASEQUERY Message
The DHCPLEASEQUERY message is typically sent by an access The DHCPLEASEQUERY message is typically sent by an access
concentrator. The DHCPLEASEQUERY message uses the DHCP message concentrator. The DHCPLEASEQUERY message uses the DHCP message
format as described in RFC2131 [RFC2131], and uses message number 10 format as described in RFC 2131 [RFC2131], and uses message number 10
in the DHCP Message Type option (option 53). The DHCPLEASEQUERY in the DHCP Message Type option (option 53). The DHCPLEASEQUERY
message has the following pertinent message contents: message has the following pertinent message contents:
o The giaddr MUST be set to the IP address of the requester (i.e., o The giaddr and Parameter Request List option" are set as explained
the access concentrator). The giaddr is the return address of the in section 6.2 of RFC 4388 [RFC4388].
DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message from the DHCP server.
Note that this use of the giaddr is consistent with the definition
of giaddr in RFC2131 [RFC2131], where the giaddr is always used as
the return address of the DHCP response message. In some (but not
all) contexts in RFC 2131, the address to allocate to a client is
selected based on 'giaddr'.
o The Parameter Request List option (option 55) SHOULD be set to the
options of interest to the requester. It MUST include the Relay
Agent Information option (option 82). The other interesting
options are likely to include the IP Address Lease Time option
(option 51), and possibly the Vendor class identifier option
(option 60). In the absence of a Parameter Request List option,
the server SHOULD return the same options it would return for a
DHCPREQUEST message that didn't contain a Parameter Request List
option (option 55), which includes those mandated by Section 4.3.1
of [RFC2131] as well as any options that the server was configured
to always return to a client.
Additional details concerning different query types are:
o Query by Agent Remote ID sub-option:
* There MUST be a Relay Agent Information option (option 82) with o There MUST be a Relay Agent Information option (option 82) with
only an Agent Remote ID sub-option (sub-option 2) in the only Agent Remote ID sub-option (sub-option 2) in the
DHCPLEASEQUERY message. DHCPLEASEQUERY message.
* The ciaddr field MUST be set to zero. o The "ciaddr" field MUST be set to zero.
* The values of htype, hlen, and chaddr MUST be set to zero. o The values of htype, hlen, and chaddr MUST be set to zero.
* The Client-identifier option (option 61) MUST NOT appear in the o The Client-identifier option (option 61) MUST NOT appear in the
packet. packet.
The DHCPLEASEQUERY message SHOULD be sent to a DHCP server which is The DHCPLEASEQUERY message SHOULD be sent to a DHCP server which is
known to possess authoritative information concerning the remote ID. known to possess authoritative information concerning the remote ID.
The DHCPLEASEQUERY message MAY be sent to more than one DHCP server, The DHCPLEASEQUERY message MAY be sent to more than one DHCP server,
and in the absence of information concerning which DHCP server might and in the absence of information concerning which DHCP server might
possess authoritative information concerning the remote ID, it SHOULD possess authoritative information concerning the remote ID, it SHOULD
be sent to all DHCP servers configured for the associated relay agent be sent to all DHCP servers configured for the associated relay agent
(if any are known). (if any are known).
6.2. Receiving the DHCPLEASEQUERY Message 4.2. Responding to the DHCPLEASEQUERY Message
A DHCPLEASEQUERY message MUST have a non-zero giaddr. The
DHCPLEASEQUERY message MUST have a zero ciaddr, a zero htype/hlen/
chaddr, and no Client-identifier option. The DHCPLEASEQUERY message
MUST have a relay agent option 82 with only a remote ID sub-option.
6.3. Responding to the DHCPLEASEQUERY Message
There are two possible responses to a DHCPLEASEQUERY message: There are two possible responses to a DHCPLEASEQUERY message:
o DHCPLEASEUNKNOWN o DHCPLEASEUNKNOWN
The DHCPLEASEUNKNOWN message indicates that the client specified in The DHCPLEASEUNKNOWN message indicates that the client associated
the DHCPLEASEQUERY message is not allocated any lease or it is not with the agent remote-ID suboption of the DHCPLEASEQUERY message is
managed by the server. not allocated any lease or it is not managed by the server.
o DHCPLEASEACTIVE o DHCPLEASEACTIVE
The DHCPLEASEACTIVE message indicates that the server not only knows The DHCPLEASEACTIVE message indicates that the server not only knows
the client specified in the DHCPLEASEQUERY message, but also knows the client specified in the DHCPLEASEQUERY message, but also knows
that there is an active lease for that client. that there is an active lease for that client.
6.4. Determining the IP address to be used in the response 4.3. Determining the IP address to be used in response
Since the response to a DHCPLEASEQUERY request can only contain full
information about one IP address -- the one that appears in the
ciaddr field -- determination of the IP address about which to
respond is a key issue. Of course, the values of additional IP
addresses for which a client has a lease must also be returned in the
associated-ip option (RFC 4388 [RFC4388], Section 6.1, #3). This is
the only information returned not directly associated with the IP
address in the ciaddr field.
The IP address placed in the ciaddr field of a DHCPLEASEACTIVE The IP address placed in the "ciaddr" field of a DHCPLEASEACTIVE
message MUST be the IP address with the latest client-last- message MUST be the IP address with the latest client-last-
transaction-time associated with the client described by the remote transaction-time associated with the client described by the remote
ID specified in the DHCPLEASEQUERY message. ID specified in the DHCPLEASEQUERY message.
If there is only a single IP address that fulfils this criteria, then If there is only a single IP address that fulfills this criteria,
it MUST be placed in the ciaddr field of the DHCPLEASEACTIVE message. then it MUST be placed in the "ciaddr" field of the DHCPLEASEACTIVE
message.
In the case where more than one IP address has been accessed by the In the case where more than one IP address has been accessed by the
client specified by the Remote ID, then the DHCP server MUST return client specified by the Remote ID, then the DHCP server MUST return
the IP address returned to the client in the most recent transaction the IP address returned to the client in the most recent transaction
with the client unless the DHCP server has been configured by the with the client unless the DHCP server has been configured by the
server administrator to use some other preference mechanism. server administrator to use some other preference mechanism.
6.5. Building a DHCPLEASEUNKNOWN or DHCPLEASEACTIVE Message 4.4. Building a DHCPLEASEUNKNOWN or DHCPLEASEACTIVE message
In a DHCPLEASEUNKNOWN response message, the DHCP server MUST echo the In a DHCPLEASEUNKNOWN response message, the DHCP server MUST echo the
Option 82 received in the DHCPLEASEQUERY message. No other options Option 82 received in the DHCPLEASEQUERY message. No other options
are returned for these messages. With that the processing for a are returned for these messages.
DHCPLEASEUNKNOWN message is complete.
For the DHCPLEASEACTIVE message, the rest of the processing largely
involves returning information about the IP address specified in the
ciaddr field.
The MAC address of the DHCPLEASEACTIVE message MUST be set to the
values that identify the client associated with the IP address in the
ciaddr field of the DHCPLEASEACTIVE message.
If the Client-identifier option (option 61) is specified in the A DHCPLEASEACTIVE message is built by populating information
Parameter Request List option (option 55), then the Client-identifier pertaining to the client associated with the IP address specified in
(if any) of the client associated with the IP address in the ciaddr the "ciaddr" field.
field SHOULD be returned in the DHCPLEASEACTIVE message.
In the case where more than one IP address has been involved in a In the case where more than one IP address has been involved in a
DHCP message exchange with the client specified by the Agent Remote DHCP message exchange with the client specified by the Agent Remote
ID, then the list of all those IP addresses MUST be returned in the ID, then the list of all those IP addresses MUST be returned in the
associated-ip option, whether or not that option was requested as associated-ip option, whether or not that option was requested as
part of the Parameter Request List option. part of the Parameter Request List option.
If the IP Address Lease Time option (option 51) is specified in the For all other options that are specified in Parameter Request List,
Parameter Request List then the DHCP server MUST return this option the processing is same as mentioned in section 6.4.2 of RFC 4388
in the DHCPLEASEACTIVE message with its value equal to the time [RFC4388].
remaining until lease expiration.
A request for the Renewal (T1) Time Value option or the Rebinding
(T2) Time Value option in the Parameter Request List of the
DHCPLEASEQUERY message MUST be handled like the IP Address Lease Time
option is handled. The DHCP server SHOULD return these options (when
requested) with the remaining time until renewal or rebinding,
respectively.
The information contained in the most recent Relay Agent Information
option received from the relay agent associated with this IP address
MUST be included in the DHCPLEASEACTIVE message.
The DHCPLEASEACTIVE message SHOULD include the values of all other
options not specifically discussed above that were requested in the
Parameter Request List of the DHCPLEASEQUERY message and that are
acceptable to return based on the list of "non-sensitive options",
discussed below.
DHCP servers SHOULD be configurable with a list of "non-sensitive
options" that can be returned to the access concentrator when
specified in the Parameter Request List of the DHCPLEASEQUERY
message. Any option not on this list SHOULD NOT be returned to an
access concentrator, even if requested by that access concentrator.
The DHCP server uses information from its lease binding database to
supply the DHCPLEASEACTIVE option values. The values of the options
that were returned to the DHCP client would generally be preferred,
but in the absence of those, options that were sent in DHCP client
requests would be acceptable.
In some cases, the Relay Agent Information option in an incoming
DHCPREQUEST packet is used to help determine the options returned to
the DHCP client that sent the DHCPREQUEST. When responding to a
DHCPLEASEQUERY message, the DHCP server MUST use the saved Relay
Agent Information option just like it did when responding to the DHCP
client in order to determine the values of any options requested by
the DHCPLEASEQUERY message. The goal is to return the same option
values to the DHCPLEASEQUERY as those that were returned to the
DHCPDISCOVER or DHCPREQUEST from the DHCP client (unless otherwise
specified, above).
In the event that two servers are cooperating to provide a high-
availability DHCP server, as supported by [RFC2131], they would have
to communicate some information about IP address bindings to each
other. In order to properly support the DHCPLEASEQUERY message,
these servers MUST ensure that they communicate the Relay Agent
Information option information to each other in addition to any other
IP address binding information.
6.6. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message 4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message
The server expects a giaddr in the DHCPLEASEQUERY message, and The server unicasts the DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message
unicasts the DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message to the to the address specified in giaddr field of DHCPLEASEQUERY message.
giaddr.
6.7. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message 4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message
When a DHCPLEASEACTIVE message is received in response to the When a DHCPLEASEACTIVE message is received in response to the
DHCPLEASEQUERY message, it means that there is a currently active DHCPLEASEQUERY message, it means that there is currently an active
lease for this IP address in this DHCP server. The access lease associated with the remote-id in the DHCP server. The access
concentrator SHOULD use the information in the "htype", "hlen", and concentrator SHOULD use the information in the "htype", "hlen", and
"chaddr" fields of the DHCPLEASEACTIVE as well as Relay Agent "chaddr" fields of the DHCPLEASEACTIVE as well as Relay Agent
Information option information included in the packet to refresh its Information option information included in the packet to refresh its
location information for this IP address. An access concentrator is location information for this IP address. An access concentrator is
likely to query by IP address for all the IP addresses specified in likely to query by IP address for all the IP addresses specified in
the associated-ip option in the response, if any, at this point in the associated-ip option in the response, if any, at this point in
time. time.
When a DHCPLEASEUNKNOWN message is received by an access concentrator When a DHCPLEASEUNKNOWN message is received by an access concentrator
that had sent out a DHCPLEASEQUERY message, it means that the DHCP that had sent out a DHCPLEASEQUERY message, it means that the DHCP
server does not have definitive information concerning the DHCP server does not have definitive information concerning the DHCP
client specified in the Agent Remote ID sub-option of the client specified in the Agent Remote ID sub-option of the
DHCPLEASEQUERY message. The Access Concentrator MAY store this DHCPLEASEQUERY message. The Access Concentrator MAY store this
information for future use. However, a DHCPLEASEQUERY SHOULD NOT be information for future use. However, a DHCPLEASEQUERY SHOULD NOT be
attempted with the same Remote ID sub-option. attempted with the same Remote ID sub-option.
For leasequery by remote-id, the impact of negative caching is For leasequery by remote-id, the impact of negative caching is
greatly reduced as the response leads to "definitive" information on greatly reduced as the response leads to "definitive" information on
all the hosts connected behind the connection. Note that in the case all the hosts connected behind the connection. Note that in the case
of data-driven approach, a host spoofing several IP addresses can of data-driven approach [RFC4388], a host spoofing several IP
lead to negative caching of greater magnitude. Another important addresses can lead to negative caching of greater magnitude. Another
change this draft brings is the removal of "periodic" leasequeries important change this draft brings is the removal of "periodic"
generated from negative caching caused by DHCPLEASEUNKNOWN. Since leasequeries generated from negative caching caused by
the information obtained through query by remote-id is complete, DHCPLEASEUNKNOWN. Since the information obtained through query by
there is no need of attempting leasequery again for the same remote-id is complete, there is no need of attempting leasequery
connection. again for the same connection.
6.8. Receiving No Response to the DHCPLEASEQUERY Message 4.7. Receiving No Response to the DHCPLEASEQUERY Message
When an access concentrator receives no response to a DHCPLEASEQUERY When an access concentrator receives no response to a DHCPLEASEQUERY
message, it should be handled in the same manner as suggested in RFC message, it should be handled in the same manner as suggested in RFC
4388 [RFC4388]. 4388 [RFC4388].
6.9. Lease Binding Data Storage Requirements 4.8. Lease Binding Data Storage Requirements
Implementation Note: Implementation Note:
To generate replies for a lease query by remote-id efficiently, a To generate replies for a lease query by remote-id effeciently, a
DHCP server should index the lease binding data structures using DHCP server should index the lease binding data structures using
remote-id. remote-id.
6.10. Using the DHCPLEASEQUERY Message with Multiple DHCP Servers 4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP Servers
This scenario should be handled in the same way it is done in RFC This scenario should be handled in the same way it is done in RFC
4388 [RFC4388]. 4388 [RFC4388].
7. RFC 4388 Considerations 5. RFC 4388 Considerations
This document is compatible with RFC 4388 [RFC4388] based This document is compatible with RFC 4388 [RFC4388] based
implementations, which means that a client that supports this implementations, which means that a client that supports this
extension can work with a server not supporting this document, extension can work with a server not supporting this document,
provided it uses RFC 4388 [RFC4388] defined query types. Also, a provided it uses RFC 4388 [RFC4388] defined query types. Also, a
server supporting this document can work with a client not supporting server supporting this document can work with a client not supporting
this query type. However, there are some changes that this document this query type. However, there are some changes that this document
proposes with respect to RFC 4388 [RFC4388]. Implementers extending proposes with respect to RFC 4388 [RFC4388]. Implementers extending
RFC 4388 [RFC4388] implementations to support this document, should RFC 4388 [RFC4388] implementations to support this document, should
take note of the following points: take note of the following points:
skipping to change at page 18, line 5 skipping to change at page 13, line 5
o There may be cases where a query by IP address/MAC address/Client o There may be cases where a query by IP address/MAC address/Client
Identifier has an option 82 containing remote ID. In that case, Identifier has an option 82 containing remote ID. In that case,
the query will still be recognized as query by IP address/MAC the query will still be recognized as query by IP address/MAC
address/Client Identifier as specified by RFC 4388 [RFC4388]. address/Client Identifier as specified by RFC 4388 [RFC4388].
o Section 6.4 of RFC 4388 [RFC4388] suggests that a DHCPLEASEUNKNOWN o Section 6.4 of RFC 4388 [RFC4388] suggests that a DHCPLEASEUNKNOWN
MUST NOT have any other option present. But for a query by remote MUST NOT have any other option present. But for a query by remote
ID, option 82 MUST be present in the reply. ID, option 82 MUST be present in the reply.
8. Security Considerations 6. Security Considerations
This document does not introduce any new security concerns beyond This document does not introduce any new security concerns beyond
those specified in the original leasequery protocol RFC 4388 those specified in the original leasequery protocol RFC 4388
[RFC4388] specifications. [RFC4388] specifications.
9. IANA Considerations 7. IANA Considerations
This document does not introduce any new namespaces for the IANA to This document does not introduce any new namespaces for the IANA to
manage and does not request any new code point allocation. [[ RFC- manage.
Editor: Please remove this section before publication. ]]
10. Acknowledgements 8. Acknowledgments
Copious amounts of text in this document are derived from RFC 4388 Copious amounts of text in this document are derived from RFC 4388
[RFC4388]. Kim kinnear, Damien Neil, Stephen Jacob and Alfred Hoenes [RFC4388]. Kim kinnear, Damien Neil, Stephen Jacob and Alfred Hoenes
provided valuable feedback on this document. provided valuable feedback on this document
11. References 9. References
11.1. Normative Reference 9.1. Normative Reference
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration [RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration
Protocol (DHCP) Leasequery", RFC 4388, February 2006. Protocol (DHCP) Leasequery", RFC 4388, February 2006.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", [RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997. RFC 2131, March 1997.
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", [RFC3046] Patrick, M., "DHCP Relay Agent Information Option",
RFC 3046, January 2001. RFC 3046, January 2001.
11.2. Informative Reference 9.2. Informative Reference
[RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol (BOOTP)", [RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol (BOOTP)",
RFC 951, September 1985. RFC 951, September 1985.
[RFC1542] Wimer, W., "Clarifications and Extensions for the [RFC1542] Wimer, W., "Clarifications and Extensions for the
Bootstrap Protocol", RFC 1542, October 1993. Bootstrap Protocol", RFC 1542, October 1993.
[RFC2132] Droms, R. and S. Alexander, "DHCP Options and BOOTP Vendor [RFC2132] Droms, R. and S. Alexander, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
Appendix A. Why a New Leasequery is Required?
The three existing query types supported by RFC 4388 do not provide
effective and efficient antispoofing for the above scenario.
o Query by Client Identifier
Query by Client Identifier is not possible because to use that, an
access concentrator needs to glean the client identifier also, but
the whole issue is that we need leasequeries because the gleaned
information was lost. On the other hand, we can query by client
identifier when a client sends a DHCP request, but then there may not
be any need for lease query as such -- regular gleaning may be
enough.
o Query by IP Address
RFC 4388 suggests that it is preferable to use Query by IP Address
when getting downstream traffic.
Query by IP address is not very useful in downstream traffic because
downstream traffic may not exist for the clients on a access port.
(In most Internet applications, downstream traffic exists only when a
client sends upstream traffic). In other words, the client will be
denied service until it gets downstream traffic, which may never
come.
Query by IP address may be used for upstream traffic. Then whenever
an upstream packet comes whose IP address is unknown to the access
concentrator, a lease query may be initiated. A related question is
what to do with that upstream traffic itself until lease query
response comes? If the traffic is dropped, we may be dropping
legitimate traffic. If the traffic is forwarded, we may be
forwarding spoofed packets. Once the lease response comes,
subsequent traffic is handled depending on the response. If a
DHCPLEASEACTIVE response arrives, the access concentrator will accept
the traffic. If a DHCPLEASEUNASSIGNED response arrives, the access
concentrator will drop the traffic corresponding to the IP address.
If a DHCPLEASEUNKNOWN response arrives, the access concentrator may
drop the traffic corresponding to the IP address but will have to
periodically send the lease query for that IP address again
(additional overhead). The process is triggered whenever an unknown
IP address comes.
Note that the access concentrator needs to keep track of 4 lists of
IP addresses: (1) List of IP addresses for which it got
DHCPLEASEACTIVE responses; (2) List of IP addresses for which it got
DHCPLEASEUNASSIGNED responses; (3) List of IP addresses for which it
got DHCPLEASEUNKNOWN responses; (4) All other IP addresses.
This approach may be acceptable if only legitimate traffic is
received. Consider however the case when someone sends packets that
use spoofed IP addresses. In that case, the lease response will be
DHCPLEASEUNASSIGNED or DHCPLEASEUNKNOWN. RFC 4388 suggests usage of
negative caching in this regard (which involves additional
resources).
In a spoofing type of attack, negative caching information may grow
considerably if the attacker varies the source IP address. For each
such new source IP address, traffic will come to the slow path, a new
lease query needs to be initiated, the response will be processed,
and negative caching needs to be done. That means using many
resources for negative caching.
RFC 4388 suggests that if the access concentrator knows the network
portion of the IP addresses that are assigned to its clients, then
some amount of antispoofing can be done in the fast path and some
lease queries may be avoided. But as indicated above, that
information may not always be available to access concentrators.
Effectively, antispoofing support involves considerable slow path
processing and considerable resources tied for negative caching.
RFC 4388 says that DHCP servers should be protected from being
flooded with too many leasequery requests and access concentrators
also should not send too many lease query messages at a time. This
would mean that legitimate clients may be excessively delayed getting
their information in the face of spoofing attacks.
It is concluded that antispoofing is neither effective nor efficient
with this query type.
o Query by MAC Address
Query by MAC address can also be used similar to query by IP address
described above. Indeed, query by MAC address may be better than
query by IP address in one sense because of the possible presence of
an associated-ip option in lease responses. (Note that an
associated-ip option does not appear in responses for query by IP
address.) With associated-ip option, the access concentrator can get
information not only about the IP address/MAC address that triggered
the lease query but also about other IP addresses that are associated
with the original MAC address. That way, when traffic that uses the
other IP addresses comes along, the access concentrator is already
prepared to deal with them.
Although query by MAC address is better than query by IP address in
the above respect, it has a specific problem which is not shared by
query by IP address. For a query by MAC address, only two types of
responses are possible: DHCPLEASEUNKNOWN and DHCPLEASEACTIVE;
DHCPLEASEUNASSIGNED is not supported. This is particularly
troublesome when a DHCP server indeed has definitive information that
no IP addresses are associated with the specified MAC address in the
leasequery, but it is forced to respond with DHCPLEASEUNKNOWN instead
of DHCPLEASEUNASSIGNED. As we have seen above, unlike
DHCPLEASEUNASSIGNED, DHCPLEASEUNKNOWN requires periodic querying the
DHCP server, an additional overhead.
Moreover, query by MAC address also shares all other issues we
discussed above for query by IP address.
We conclude that existing lease query types are not appropriate to
achieve effective and efficient antispoofing.
Authors' Addresses Authors' Addresses
Pavan Kurapati Pavan Kurapati
Juniper Networks Ltd.
Embassy Prime Buildings, C.V.Raman Nagar
Bangalore 560 093
India
Email: pavan.kurapati@gmail.com Email: kurapati@juniper.net
URI: http://www.juniper.net/
D.T.V Ramakrishna Rao D.T.V Ramakrishna Rao
Infosys Technologies Ltd. Infosys Technologies Ltd.
44 Electronics City, Hosur Road 44 Electronics City, Hosur Road
Bangalore 560 100 Bangalore 560 100
India India
Email: ramakrishnadtv@infosys.com Email: ramakrishnadtv@infosys.com
URI: http://www.infosys.com/ URI: http://www.infosys.com/
 End of changes. 63 change blocks. 
414 lines changed or deleted 133 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/