draft-ietf-dhc-leasequery-by-remote-id-06.txt   draft-ietf-dhc-leasequery-by-remote-id-07.txt 
DHC Working Group P. Kurapati DHC Working Group P. Kurapati
Internet-Draft Juniper Networks Ltd. Internet-Draft Juniper Networks Ltd.
Expires: February 7, 2011 R. Desetti Updates: 4388 (if approved) R. Desetti
B. Joshi Expires: April 11, 2011 B. Joshi
Infosys Technologies Ltd. Infosys Technologies Ltd.
August 6, 2010 October 8, 2010
DHCPv4 Leasequery by Relay Agent Remote ID DHCPv4 lease query by Relay Agent Remote ID
draft-ietf-dhc-leasequery-by-remote-id-06.txt draft-ietf-dhc-leasequery-by-remote-id-07.txt
Abstract Abstract
Some Relay Agents extract lease information from the DHCP messages Some Relay Agents extract lease information from the DHCP messages
exchanged between the client and DHCP server. This lease information exchanged between the client and DHCP server. This lease information
is used by relay agents for various purposes like antispoofing and is used by relay agents for various purposes like antispoofing and
prevention of flooding. RFC 4388 defines a mechanism for relay prevention of flooding. RFC 4388 defines a mechanism for relay
agents to retrieve the lease information from the DHCP server as and agents to retrieve the lease information from the DHCP server as and
when this information is lost. The existing leasequery mechanism is when this information is lost. The existing lease query mechanism is
data driven, which means that a relay agent can initiate the data driven, which means that a relay agent can initiate the lease
leasequery only when it starts receiving data from/to the clients. query only when it starts receiving data from/to the clients. In
In certain scenarios, this model is not scalable. This document certain scenarios, this model is not scalable. This document first
first looks at issues in existing mechanism and then proposes a new looks at issues in existing mechanism and then proposes a new query
query type, query by Remote ID, to address these issues. type, query by Remote ID, to address these issues.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 7, 2011. This Internet-Draft will expire on April 11, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . . 8 4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. Sending the DHCPLEASEQUERY Message . . . . . . . . . . . . 8 4.1. Sending the DHCPLEASEQUERY Message . . . . . . . . . . . . 9
4.2. Responding to the DHCPLEASEQUERY Message . . . . . . . . . 9 4.2. Responding to the DHCPLEASEQUERY Message . . . . . . . . . 10
4.3. Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message . . 9 4.3. Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message . . 10
4.4. Determining the IP address to be used in response . . . . 10 4.4. Determining the IP address to be used in response . . . . 11
4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message . . 10 4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message . . 11
4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN 4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN
Message . . . . . . . . . . . . . . . . . . . . . . . . . 10 Message . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.7. Receiving No Response to the DHCPLEASEQUERY Message . . . 11 4.7. Receiving No Response to the DHCPLEASEQUERY Message . . . 12
4.8. Lease Binding Data Storage Requirements . . . . . . . . . 11 4.8. Lease Binding Data Storage Requirements . . . . . . . . . 12
4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP 4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP
Servers . . . . . . . . . . . . . . . . . . . . . . . . . 11 Servers . . . . . . . . . . . . . . . . . . . . . . . . . 12
5. RFC 4388 Considerations . . . . . . . . . . . . . . . . . . . 12 5. RFC 4388 Considerations . . . . . . . . . . . . . . . . . . . 13
6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
9.1. Normative Reference . . . . . . . . . . . . . . . . . . . 16 9.1. Normative Reference . . . . . . . . . . . . . . . . . . . 17
9.2. Informative Reference . . . . . . . . . . . . . . . . . . 16 9.2. Informative Reference . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
DHCP relay agents snoop DHCP messages and append a relay agent DHCP relay agents snoop DHCP messages and append a relay agent
information option before relaying them to the configured DHCP information option before relaying them to the configured DHCP
Server. In this process, some relay agents also glean the lease Server. In this process, some relay agents also glean the lease
information sent by the server and maintain this locally. This information sent by the server and maintain this locally. This
information is used to prevent spoofing attempts from clients and information is used to prevent spoofing attempts from clients and
also sometimes to install routing information. When a relay agent also sometimes to install routing information. When a relay agent
reboots, this information is lost. RFC 4388 [RFC4388] has defined a reboots, this information is lost. RFC 4388 [RFC4388] has defined a
mechanism to retrieve this lease information from the DHCP server. mechanism to retrieve this lease information from the DHCP server.
The existing query types defined by RFC 4388 [RFC4388] are data- The existing query types defined by RFC 4388 [RFC4388] are data-
driven. When a client sends data upstream, the relay agent can query driven. When a client sends data upstream, the relay agent can query
the server about the related lease information, based on the source the server about the related lease information, based on the source
MAC/IP address. These mechanisms do not scale well when there are MAC/IP address. These mechanisms do not scale well when there are
thousands of clients connected to the relay agent. In the data- thousands of clients connected to the relay agent. In the data-
driven model, DHCP Leasequery does not provide the full, consolidated driven model, lease query does not provide the full and consolidated
active Lease informations associated with a given connection/circuit active lease informations associated with a given connection/circuit,
which will result in inefficient anti-spoofing. The relay agent also which will result in inefficient anti-spoofing. The relay agent also
has to contend with considerable resources for negative caching has to contend with considerable resources for negative caching
specially under spoofing attacks. specially under spoofing attacks.
We need a mechanism for a relay agent to retrieve the consolidated We need a mechanism for a relay agent to retrieve the consolidated
lease information for a given connection/circuit before upstream lease information for a given connection/circuit before upstream
traffic is sent by the clients. traffic is sent by the clients.
+--------+ +--------+
| DHCP | +--------------+ | DHCP | +--------------+
| Server |-...-| DSLAM | | Server |-...-| DSLAM |
| | | Relay Agent | | | | Relay Agent |
+--------+ +--------------+ +--------+ +--------------+
| | | |
+------+ +------+ +------+ +------+
|Modem1| |Modem2| |Modem1| |Modem2|
+------+ +------+ +------+ +------+
| | | | | |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
|Host1| |Host2| |Host3| |Node1| |Node2| |Node3|
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
Figure 1 Figure 1
For example, when a DSLAM acting as a Relay Agent is rebooted, it For example, when a DSLAM acting as a Relay Agent is rebooted, it
should query the server for the lease information for all the should query the server for the lease information for all the
connections/circuits. Also, as shown in the above figure, there connections/circuits. Also, as shown in the above figure, there
could be multiple clients on one DSL circuit. The relay agent should could be multiple clients on one DSL circuit. The relay agent should
get the lease information of all the clients connected to a DSL get the lease information of all the clients connected to a DSL
circuit. This is possible by introducing a new query type based on circuit. This is possible by introducing a new query type based on
skipping to change at page 5, line 22 skipping to change at page 6, line 22
o "Access Concentrator" o "Access Concentrator"
An access concentrator is a router or switch at the broadband access An access concentrator is a router or switch at the broadband access
provider's edge of a public broadband access network. This document provider's edge of a public broadband access network. This document
assumes that the access concentrator includes the DHCP relay agent assumes that the access concentrator includes the DHCP relay agent
functionality. functionality.
o "DHCP client" o "DHCP client"
A DHCP client is an Internet host using DHCP to obtain configuration A DHCP client is an Internet node using DHCP to obtain configuration
parameters such as a network address. parameters such as a network address.
o "DHCP relay agent" o "DHCP relay agent"
A DHCP relay agent is a third-party agent that transfers Bootstrap A DHCP relay agent is a third-party agent that transfers Bootstrap
Protocol (BOOTP) and DHCP messages between clients and servers Protocol (BOOTP) and DHCP messages between clients and servers
residing on different subnets, per RFC 951 [RFC951] and RFC 1542 residing on different subnets, per RFC 951 [RFC951] and RFC 1542
[RFC1542]. [RFC1542].
o "DHCP server" o "DHCP server"
A DHCP server is an Internet host that returns configuration A DHCP server is an Internet node that returns configuration
parameters to DHCP clients. parameters to DHCP clients.
o "Fast path" o "Fast path"
Data transfer which happens through Network Processor or an ASIC Data transfer that happens through a Network Processor or an ASIC,
which are programmed to forward the data at very high speeds. which are programmed to forward the data at very high speeds.
o "Gleaning" o "Gleaning"
Gleaning is the extraction of location information from DHCP Gleaning is the extraction of location information from DHCP
messages, as the messages are forwarded by the DHCP relay agent messages, as the messages are forwarded by the DHCP relay agent
function. function.
o "Location information" o "Location information"
Location information is information needed by the access concentrator Location information is information needed by the access concentrator
to forward traffic to a broadband-accessible host. This information to forward traffic to a broadband-accessible node. This information
includes knowledge of the host hardware address, the port or virtual includes knowledge of the node's hardware address, the port or
circuit that leads to the host, and/or the hardware address of the virtual circuit that leads to the node, and/or the hardware address
intervening subscriber modem. of the intervening subscriber modem.
o "MAC address" o "MAC address"
In the context of a DHCP packet, a MAC address consists of the In the context of a DHCP packet, a MAC address consists of the
following fields: hardware type "htype", hardware length "hlen", and following fields: hardware type "htype", hardware length "hlen", and
client hardware address "chaddr". client hardware address "chaddr".
o "Slow path" o "Slow path"
Data transfer which happens through the control plane. Typically Data transfer that happens through the control plane. Typically this
this has very limited buffers to store data and the speeds are very has very limited buffers to store data and the speeds are very low
low compared to fast path data transfer. compared to the fast path data transfer.
o "Upstream" o "Upstream"
Upstream is the direction from the broadband subscriber towards the Upstream is the direction from the broadband subscriber towards the
access concentrator. access concentrator.
3. Motivation 3. Motivation
Consider a typical access concentrator (e.g., DSLAM) working also as Consider a typical access concentrator (e.g., DSLAM) working also as
a DHCP relay agent. A "Fast path" and a "slow path" generally exist a DHCP relay agent. A "Fast path" and a "slow path" generally exist
skipping to change at page 7, line 23 skipping to change at page 8, line 23
processing should be reduced as it may become a bottleneck. processing should be reduced as it may become a bottleneck.
For an access concentrator having multiple access ports, multiple IP For an access concentrator having multiple access ports, multiple IP
addresses may be assigned using DHCP to a single port and the number addresses may be assigned using DHCP to a single port and the number
of clients on a port may be unknown. The access concentrator may of clients on a port may be unknown. The access concentrator may
also not know the network portions of the IP addresses that are also not know the network portions of the IP addresses that are
assigned to its DHCP clients. assigned to its DHCP clients.
The access concentrator gleans IP address or other information from The access concentrator gleans IP address or other information from
DHCP negotiations for antispoofing and other purposes. The DHCP negotiations for antispoofing and other purposes. The
antispoofing itself is done in fast path. Access concentrator keeps antispoofing itself is done in the fast path. The access
track of only one list of IP addresses: list of IP addresses that are concentrator keeps track of only one list of IP addresses: list of IP
assigned by DHCP server; upstream traffic from all other IP addresses addresses that are assigned by the DHCP servers; upstream traffic
is dropped. If a client starts its data transfer after its DHCP from all other IP addresses is dropped. If a client starts its data
negotiations have been gleaned by the access concentrator, no transfer after its DHCP negotiations have been gleaned by the access
legitimate packets will be dropped because of antispoofing. In other concentrator, no legitimate packets will be dropped because of
words, antispoofing is effective (no legitimate packets are dropped antispoofing. In other words, antispoofing is effective (no
and all spoofed packets are dropped) and efficient (antispoofing is legitimate packets are dropped and all spoofed packets are dropped)
done in the fast path). The intention is to achieve similar and efficient (antispoofing is done in the fast path). The intention
effective and efficient antispoofing in the lease query scenario also is to achieve similar effective and efficient antispoofing in the
when an access concentrator loses its gleaned information (for lease query scenario also when an access concentrator loses its
example, because of a reboot). gleaned information (for example, because of a reboot).
After a deep analysis, we found that the three existing query types After a deep analysis, we found that the three existing query types
supported by RFC 4388 [RFC4388] do not provide effective and supported by RFC 4388 [RFC4388] do not provide effective and
efficient antispoofing for the above scenario and a new mechanism is efficient antispoofing for the above scenario and a new mechanism is
required. required.
The existing query types The existing query types
o necessitate a data-driven approach: the lease queries can only be o necessitate a data-driven approach: the lease queries can only be
done when the access concentrator receives data. This results in performed when the access concentrator receives data. This
increased outage time for clients results in increased outage time for clients
o results in excessive negative caching, consuming a lot of o results in excessive negative caching, consuming a lot of
resources under a spoofing attack resources under a spoofing attack
o results in antispoofing being done in the slow path instead of the o results in antispoofing being done in the slow path instead of the
fast path fast path
4. Protocol Details 4. Protocol Details
This section talks about the protocol details for query by Remote ID. This section talks about the protocol details for query by Remote ID.
Most of the message handlings are similar to RFC 4388 [RFC4388] and Most of the message handling is similar to RFC 4388 [RFC4388] and
this section highlights only the differences. Reader is advised to this section highlights only the differences. Readers are advised to
go through RFC 4388 [RFC4388] before going through this section for go through RFC 4388 [RFC4388] before going through this section for
complete understanding of the protocol. complete understanding of the protocol.
A DHCPLEASEQUERY specified in this document specifies a lease query When used in this document, the unqualified term "DHCPLEASEQUERY"
by Remote ID unless otherwise specified. indicates a lease query by Remote ID, unless otherwise specified.
RFC 3046 [RFC3046] defines two sub-options for the Relay Agent RFC 3046 [RFC3046] defines two sub-options for the Relay Agent
Information option. Sub-option 1 corresponds to the Circuit ID that Information option. Sub-option 1 corresponds to the Circuit ID that
identifies the local circuit of the access concentrator. This sub- identifies the local circuit of the access concentrator. This sub-
option is unique to the relay agent. Sub-option 2 corresponds to the option is unique to the relay agent. Sub-option 2 corresponds to the
Remote ID that identifies the remote host end of the circuit. This Remote ID that identifies the remote node connected to the access
is globally unique in the network. concentrator. This is globally unique in the network.
This document defines a new query type based on the Remote ID sub- This document defines a new query type based on the Remote ID sub-
option. Suppose that the access concentrator (e.g., DSLAM) lost the option. Suppose that the access concentrator (e.g., DSLAM) lost the
lease information when it was rebooted. When the access concentrator lease information when it was rebooted. When the access concentrator
comes up, it would initiate (for each connection/circuit) a dhcp comes up, it initiates (for each connection/circuit) a DHCP lease
lease query by Remote ID as defined in this section. For this query, query by Remote ID as defined in this section. For this query, the
the requester supplies only an option 82 which will include only a requester supplies an option 82 that includes only a Remote ID sub-
Remote ID sub-option in the DHCPLEASEQUERY message. option in the DHCPLEASEQUERY message.
The DHCP server MUST reply with a DHCPLEASEACTIVE message if there is The DHCP server MUST reply with a DHCPLEASEACTIVE message if there is
an active lease corresponding to the Remote ID that is present in the an active lease corresponding to the Remote ID that is present in the
DHCPLEASEQUERY message. Otherwise, the server MUST reply with a DHCPLEASEQUERY message. Otherwise, the server MUST reply with a
DHCPLEASEUNKNOWN message. Servers that do not implement DHCPLEASEUNKNOWN message. Servers that do not implement DHCP lease
DHCPLEASEQUERY based on Remote ID SHOULD simply not respond. query based on Remote ID SHOULD simply not respond.
4.1. Sending the DHCPLEASEQUERY Message 4.1. Sending the DHCPLEASEQUERY Message
The DHCPLEASEQUERY message is typically sent by an access The DHCPLEASEQUERY message is typically sent by an access
concentrator. The DHCPLEASEQUERY message uses the DHCP message concentrator. The DHCPLEASEQUERY message uses the DHCP message
format as described in RFC 2131 [RFC2131], and uses message number 10 format as described in RFC 2131 [RFC2131], and uses message number 10
in the DHCP Message Type option (option 53). The DHCPLEASEQUERY in the DHCP Message Type option (option 53). The DHCPLEASEQUERY
message has the following pertinent message contents: message has the following pertinent message contents:
o The giaddr and Parameter Request List option are set as explained
in section 6.2 of RFC 4388 [RFC4388].
o There MUST be a Relay Agent Information option (option 82) with o There MUST be a Relay Agent Information option (option 82) with
only a Remote ID sub-option (sub-option 2) in the DHCPLEASEQUERY only a Remote ID sub-option (sub-option 2) in the DHCPLEASEQUERY
message. message.
o Parameter Request List option MUST be populated by the access
concentrator with Associated-IP option. The giaddr and other
options listed in Parameter Request List option are set as
explained in section 6.2 of RFC 4388 [RFC4388].
o The ciaddr field MUST be set to zero. o The ciaddr field MUST be set to zero.
o The values of htype, hlen, and chaddr MUST be set to zero. o The values of htype, hlen, and chaddr MUST be set to zero.
o The Client Identifier option (option 61) MUST NOT appear in the o The Client Identifier option (option 61) MUST NOT appear in the
packet. packet.
The DHCPLEASEQUERY message SHOULD be sent to a DHCP server which is The DHCPLEASEQUERY message SHOULD be sent to a DHCP server that is
known to possess authoritative information concerning the Remote ID. known to possess authoritative information concerning the Remote ID.
The DHCPLEASEQUERY message MAY be sent to more than one DHCP server, The DHCPLEASEQUERY message MAY be sent to more than one DHCP server,
and in the absence of information concerning which DHCP server might and in the absence of information concerning which DHCP server might
possess authoritative information concerning the Remote ID, it SHOULD possess authoritative information concerning the Remote ID, it SHOULD
be sent to all DHCP servers configured for the associated relay agent be sent to all DHCP servers configured for the associated relay agent
(if any are known). (if any are known).
4.2. Responding to the DHCPLEASEQUERY Message 4.2. Responding to the DHCPLEASEQUERY Message
There are two possible responses to a DHCPLEASEQUERY message: There are two possible responses to a DHCPLEASEQUERY message:
skipping to change at page 9, line 45 skipping to change at page 10, line 45
4.3. Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message 4.3. Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message
A DHCPLEASEACTIVE message is built by populating information A DHCPLEASEACTIVE message is built by populating information
pertaining to the client associated with the IP address specified in pertaining to the client associated with the IP address specified in
the ciaddr field. the ciaddr field.
In the case where more than one IP address has been involved in a In the case where more than one IP address has been involved in a
DHCP message exchange with the client specified by the Remote ID, DHCP message exchange with the client specified by the Remote ID,
then the list of all those IP addresses MUST be returned in the then the list of all those IP addresses MUST be returned in the
associated-ip option, whether or not that option was requested as Associated-IP option, whether or not that option was requested as
part of the Parameter Request List option. part of the Parameter Request List option. This is intended for
maintaining backwards compatibility with RFC 4388 [RFC4388].
In a DHCPLEASEUNKNOWN response message, the DHCP server MUST echo the
Option 82 received in the DHCPLEASEQUERY message. No other options
are returned for these messages.
For all other options that are specified in Parameter Request List, For all other options that are specified in Parameter Request List,
the processing is same as mentioned in section 6.4.2 of RFC 4388 the processing is same as mentioned in section 6.4.2 of RFC 4388
[RFC4388]. [RFC4388].
In a DHCPLEASEUNKNOWN response message, the DHCP server MUST echo the
Option 82 received in the DHCPLEASEQUERY message. No other option is
included in the message.
4.4. Determining the IP address to be used in response 4.4. Determining the IP address to be used in response
The IP address placed in the ciaddr field of a DHCPLEASEACTIVE The IP address placed in the ciaddr field of a DHCPLEASEACTIVE
message MUST be the IP address with the latest client-last- message MUST be the IP address with the latest client-last-
transaction-time associated with the client described by the Remote transaction-time associated with the client described by the Remote
ID specified in the DHCPLEASEQUERY message. ID specified in the DHCPLEASEQUERY message.
If there is only a single IP address that fulfills this criteria, If there is only a single IP address that fulfills this criteria,
then it MUST be placed in the ciaddr field of the DHCPLEASEACTIVE then it MUST be placed in the ciaddr field of the DHCPLEASEACTIVE
message. message.
In the case where more than one IP address has been accessed by the In the case where more than one IP address has been accessed by the
client specified by the Remote ID, then the DHCP server MUST return client specified by the Remote ID, then the DHCP server MUST return
the IP address returned to the client in the most recent transaction the IP address returned to the client in the most recent transaction
with the client unless the DHCP server has been configured by the with the client unless the DHCP server has been configured by the
server administrator to use some other preference mechanism. server administrator to use some other preference mechanism.
4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message 4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message
The server unicasts the DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message The server unicasts the DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message
to the address specified in giaddr field of DHCPLEASEQUERY message. to the address specified in the giaddr field of the DHCPLEASEQUERY
message.
4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message 4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message
When a DHCPLEASEACTIVE message is received in response to the When a DHCPLEASEACTIVE message is received in response to the
DHCPLEASEQUERY message, it means that there is currently an active DHCPLEASEQUERY message, it means that there is currently an active
lease associated with the Remote ID in the DHCP server. The access lease associated with the Remote ID in the DHCP server. The access
concentrator SHOULD use the information in the "htype", "hlen", and concentrator SHOULD use the information in the htype, hlen, and
"chaddr" fields of the DHCPLEASEACTIVE as well as Relay Agent chaddr fields of the DHCPLEASEACTIVE as well as Relay Agent
Information option information included in the packet to refresh its Information option included in the packet to refresh its location
location information for this IP address. An access concentrator is information for this IP address. An access concentrator is likely to
likely to query by IP address for all the IP addresses specified in query by IP address for all the IP addresses specified in the
the associated-ip option in the response, if any, at this point in Associated-IP option in the response, if any, at this point in time.
time.
When a DHCPLEASEUNKNOWN message is received by an access concentrator When a DHCPLEASEUNKNOWN message is received by an access concentrator
that had sent out a DHCPLEASEQUERY message, it means that the DHCP that had sent out a DHCPLEASEQUERY message, it means that the DHCP
server does not have definitive information concerning the DHCP server does not have definitive information concerning the DHCP
client specified in the Remote ID sub-option of the DHCPLEASEQUERY client specified in the Remote ID sub-option of the DHCPLEASEQUERY
message. The Access Concentrator MAY store this information for message. The access concentrator MAY store this information for
future use. However, a DHCPLEASEQUERY SHOULD NOT be attempted with future use. However, another DHCPLEASEQUERY message to the same DHCP
the same Remote ID sub-option. server SHOULD NOT be attempted with the same Remote ID sub-option.
For leasequery by Remote ID, the impact of negative caching is For lease query by Remote ID, the impact of negative caching is
greatly reduced as the response leads to "definitive" information on greatly reduced as the response leads to "definitive" information on
all the hosts connected behind the connection. Note that in the case all the nodes connected behind the connection. Note that in case of
of data-driven approach [RFC4388], a host spoofing several IP the data-driven approach [RFC4388], a node spoofing several IP
addresses can lead to negative caching of greater magnitude. Another addresses can lead to negative caching of greater magnitude. Another
important change this draft brings is the removal of "periodic" important change that this draft brings is the removal of periodic
leasequeries generated from negative caching caused by lease queries generated from negative caching caused by
DHCPLEASEUNKNOWN. Since the information obtained through query by DHCPLEASEUNKNOWN. Since the information obtained through query by
Remote ID is complete, there is no need of attempting leasequery Remote ID is complete, there is no need of attempting lease query
again for the same connection. again for the same connection.
4.7. Receiving No Response to the DHCPLEASEQUERY Message 4.7. Receiving No Response to the DHCPLEASEQUERY Message
When an access concentrator receives no response to a DHCPLEASEQUERY The condition of access concentrator receiving no response to a
message, it should be handled in the same manner as suggested in RFC DHCPLEASEQUERY message should be handled in the same manner as
4388 [RFC4388]. suggested in RFC 4388 [RFC4388].
4.8. Lease Binding Data Storage Requirements 4.8. Lease Binding Data Storage Requirements
Implementation Note: Implementation Note:
To generate replies for a lease query by Remote ID effeciently, a To generate replies for a lease query by Remote ID effeciently, a
DHCP server should index the lease binding data structures using DHCP server should index the lease binding data structures using
Remote ID. Remote ID.
4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP Servers 4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP Servers
skipping to change at page 12, line 14 skipping to change at page 13, line 14
5. RFC 4388 Considerations 5. RFC 4388 Considerations
This document is compatible with RFC 4388 [RFC4388] based This document is compatible with RFC 4388 [RFC4388] based
implementations, which means that a client that supports this implementations, which means that a client that supports this
extension can work with a server not supporting this document, extension can work with a server not supporting this document,
provided it uses RFC 4388 [RFC4388] defined query types. Also, a provided it uses RFC 4388 [RFC4388] defined query types. Also, a
server supporting this document can work with a client not supporting server supporting this document can work with a client not supporting
this query type. However, there are some changes that this document this query type. However, there are some changes that this document
proposes with respect to RFC 4388 [RFC4388]. Implementers extending proposes with respect to RFC 4388 [RFC4388]. Implementers extending
RFC 4388 [RFC4388] implementations to support this document, should RFC 4388 [RFC4388] implementations to support this document should
take note of the following points: take note of the following points:
o There may be cases where a query by IP address/MAC address/Client o There may be cases where a query by IP address/MAC address/Client
Identifier has an option 82 containing Remote ID. In that case, Identifier has an option 82 containing Remote ID. In that case,
the query will still be recognized as query by IP address/MAC the query will still be recognized as query by IP address/MAC
address/Client Identifier as specified by RFC 4388 [RFC4388]. address/Client Identifier as specified by RFC 4388 [RFC4388].
o Section 6.4 of RFC 4388 [RFC4388] suggests that a DHCPLEASEUNKNOWN o Section 6.4 of RFC 4388 [RFC4388] suggests that a DHCPLEASEUNKNOWN
MUST NOT have any other option present. But for a query by Remote MUST NOT have any other option present. But for a query by Remote
ID, option 82 MUST be present in the reply. ID, option 82 MUST be present in the reply.
6. Security Considerations 6. Security Considerations
This document does not introduce any new security concerns beyond This document does not introduce any new security concerns beyond
those specified in the original leasequery protocol RFC 4388 those specified in the original lease query protocol RFC 4388
[RFC4388] specifications. [RFC4388] specifications.
7. IANA Considerations 7. IANA Considerations
This document does not introduce any new namespaces for the IANA to This document does not introduce any new namespaces for the IANA to
manage. manage.
8. Acknowledgments 8. Acknowledgments
Copious amounts of text in this document are derived from RFC 4388 Copious amounts of text in this document are derived from RFC 4388
[RFC4388]. Kim Kinnear, Damien Neil, Stephen Jacob and Alfred Hoenes [RFC4388]. Kim Kinnear, Damien Neil, Stephen Jacob, Ted Lemon and
provided valuable feedback on this document Alfred Hoenes provided valuable feedback on this document.
9. References 9. References
9.1. Normative Reference 9.1. Normative Reference
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration [RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration
Protocol (DHCP) Leasequery", RFC 4388, February 2006. Protocol (DHCP) Leasequery", RFC 4388, February 2006.
skipping to change at page 16, line 29 skipping to change at page 18, line 5
RFC 3046, January 2001. RFC 3046, January 2001.
9.2. Informative Reference 9.2. Informative Reference
[RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol (BOOTP)", [RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol (BOOTP)",
RFC 951, September 1985. RFC 951, September 1985.
[RFC1542] Wimer, W., "Clarifications and Extensions for the [RFC1542] Wimer, W., "Clarifications and Extensions for the
Bootstrap Protocol", RFC 1542, October 1993. Bootstrap Protocol", RFC 1542, October 1993.
[RFC2132] Droms, R. and S. Alexander, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
Authors' Addresses Authors' Addresses
Pavan Kurapati Pavan Kurapati
Juniper Networks Ltd. Juniper Networks Ltd.
Embassy Prime Buildings, C.V.Raman Nagar Embassy Prime Buildings, C.V.Raman Nagar
Bangalore 560 093 Bangalore 560 093
India India
Email: kurapati@juniper.net Email: kurapati@juniper.net
URI: http://www.juniper.net/ URI: http://www.juniper.net/
 End of changes. 40 change blocks. 
109 lines changed or deleted 121 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/