draft-ietf-dhc-relay-id-suboption-11.txt   draft-ietf-dhc-relay-id-suboption-12.txt 
DHC B. Joshi DHC B. Joshi
Internet-Draft D. Ramakrishna Rao Internet-Draft D. Ramakrishna Rao
Intended status: Standards Track Infosys Ltd. Intended status: Standards Track Infosys Ltd.
Expires: January 10, 2013 M. Stapp Expires: July 19, 2013 M. Stapp
Cisco Systems, Inc. Cisco Systems, Inc.
July 9, 2012 January 15, 2013
The DHCPv4 Relay Agent Identifier Suboption The DHCPv4 Relay Agent Identifier Suboption
draft-ietf-dhc-relay-id-suboption-11.txt draft-ietf-dhc-relay-id-suboption-12.txt
Abstract Abstract
This draft defines a new Relay Agent Identifier suboption for the This document defines a new Relay Agent Identifier suboption for the
Dynamic Host Configuration Protocol's (DHCP) Relay Agent Information Dynamic Host Configuration Protocol's (DHCP) Relay Agent Information
option. The suboption carries a value that uniquely identifies the option. The suboption carries a value that uniquely identifies the
relay agent device within the administrative domain. The value is relay agent device within the administrative domain. The value is
normally administratively-configured in the relay agent. The normally administratively-configured in the relay agent. The
suboption allows a DHCP relay agent to include the identifier in the suboption allows a DHCP relay agent to include the identifier in the
DHCP messages it sends. DHCP messages it sends.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 10, 2013. This Internet-Draft will expire on July 19, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 18 skipping to change at page 2, line 18
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Example Use-Cases . . . . . . . . . . . . . . . . . . . . . . . 3 3. Example Use-Cases . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Bulk Leasequery . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Bulk Leasequery . . . . . . . . . . . . . . . . . . . . . . 3
3.2. Industrial Ethernet . . . . . . . . . . . . . . . . . . . . 3 3.2. Industrial Ethernet . . . . . . . . . . . . . . . . . . . . 3
4. Suboption Format . . . . . . . . . . . . . . . . . . . . . . . 4 4. Suboption Format . . . . . . . . . . . . . . . . . . . . . . . 4
5. Identifier Stability . . . . . . . . . . . . . . . . . . . . . 4 5. Identifier Stability . . . . . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) [RFC2131] The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) [RFC2131]
provides IP addresses and configuration information for IPv4 clients. provides IP addresses and configuration information for IPv4 clients.
It includes a relay agent capability, in which network elements It includes a relay agent capability, in which network elements
receive broadcast messages from clients and forward them to DHCP receive broadcast messages from clients and forward them to DHCP
servers as unicast messages. In many network environments, relay servers as unicast messages. In many network environments, relay
agents add information to the DHCP messages before forwarding them, agents add information to the DHCP messages before forwarding them,
using the Relay Agent Information option [RFC3046]. Servers that using the Relay Agent Information option [RFC3046]. Servers that
recognize the relay agent information option echo it back in their recognize the relay agent information option echo it back in their
replies. replies.
This specification introduces a Relay Agent Identifier suboption for This specification introduces a Relay Agent Identifier (Relay-Id)
the Relay Agent Information option. The Relay-Id suboption carries a suboption for the Relay Agent Information option. The Relay-Id
sequence of octets that is intended to uniquely identify the relay suboption carries a sequence of octets that is intended to uniquely
agent within the administrative domain. identify the relay agent within the administrative domain. In this
document, an administrative domain consist of all DHCP servers and
relay agents that communicate with each other.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
DHCPv4 terminology is defined in [RFC2131], and the DHCPv4 Relay DHCPv4 terminology is defined in [RFC2131], and the DHCPv4 Relay
Agent Information Option in [RFC3046]. Agent Information Option in [RFC3046].
3. Example Use-Cases 3. Example Use-Cases
3.1. Bulk Leasequery 3.1. Bulk Leasequery
There has been quite a bit of recent interest in extending the DHCP There has been quite a bit of recent interest in extending the DHCP
Leasequery protocol [RFC4388] to accommodate some additional Leasequery protocol [RFC4388] to accommodate some additional
situations. There is a recent draft situations. There is a recent document
([I-D.ietf-dhc-dhcpv4-bulk-leasequery] proposing a variety of [I-D.ietf-dhc-dhcpv4-bulk-leasequery] proposing a variety of
enhancements to the existing Leasequery protocol. The draft enhancements to the existing Leasequery protocol. The document
describes a use-case where a relay agent queries DHCP servers using describes a use-case where a relay agent queries DHCP servers using
the Relay Identifier to retrieve all the leases allocated through the the Relay Identifier to retrieve all the leases allocated through the
relay agent. relay agent.
3.2. Industrial Ethernet 3.2. Industrial Ethernet
DHCP typically identifies clients based on information in their DHCP DHCP typically identifies clients based on information in their DHCP
messages - such as the Client-Identifier option, or the value of the messages - such as the Client-Identifier option, or the value of the
chaddr field. In some networks, however, the location of a client - chaddr field. In some networks, however, the location of a client -
its point of attachment to the network - is a more useful identifier. its point of attachment to the network - is a more useful identifier.
skipping to change at page 5, line 6 skipping to change at page 5, line 8
identifier the identifying data. identifier the identifying data.
5. Identifier Stability 5. Identifier Stability
If the relay identifier is to be meaningful it has to be stable. A If the relay identifier is to be meaningful it has to be stable. A
relay agent SHOULD use a single identifier value consistently. The relay agent SHOULD use a single identifier value consistently. The
identifier used by a relay device SHOULD be committed to stable identifier used by a relay device SHOULD be committed to stable
storage, unless the relay device can regenerate the value upon storage, unless the relay device can regenerate the value upon
reboot. reboot.
Administrators MUST make sure that the relay-id configured in a relay If the relay-id configured in a relay agent is not unique within its
agent is unique within their administrative domain. To aid this, administrative domain, resource allocation problems may occur as the
relay agents SHOULD make their relay identifiers visible to their DHCP server attempts to allocate the same resource to devices behind
administrators via their user interface, through a log entry, or two different relay agents. Therefore, relay-id configured in a
through some other mechanism. relay agent MUST be unique within its administrative domain. To aid
in ensuring uniqueness of relay-ids, relay agents SHOULD make their
relay identifiers visible to their administrators via their user
interface, through a log entry, through a MIB field, or through some
other mechanism.
Implementors should note that the identifier needs to be present in Implementors of relay agents should note that the identifier needs to
all DHCP message types where its value is being used by the DHCP be present in all DHCP message types where its value is being used by
server. The relay agent may not be able to add the Relay Agent the DHCP server. The relay agent may not be able to add the Relay
Information option to all messages - such as RENEW messages sent as Agent Information option to all messages - such as RENEW messages
IP unicasts. In some deployments that might mean that the server has sent as IP unicasts. In some deployments that might mean that the
to be willing to continue to associate the relay identifier it has server has to be willing to continue to associate the relay
last seen with a lease that is being RENEWed. Other deployments may identifier it has last seen with a lease that is being RENEWed.
prefer to use the Server Identifier Override suboption [RFC5107] to Other deployments may prefer to use the Server Identifier Override
permit the relay device to insert the Relay Agent Information option suboption [RFC5107] to permit the relay device to insert the Relay
into all relayed messages. Agent Information option into all relayed messages.
Handling situations where a relay agent device is replaced is another Handling situations where a relay agent device is replaced is another
aspect of "stability". One of the use-cases for the relay identifier aspect of stability. One of the use-cases for the relay identifier
is to permit a server to associate clients' lease bindings with the is to permit a server to associate clients' lease bindings with the
relay device connected to the clients. If the relay device is relay device connected to the clients. If the relay device is
replaced, because it has failed or been upgraded, it may be desirable replaced, because it has failed or been upgraded, it may be desirable
for the new device to continue to provide the same relay identifier for the new device to continue to provide the same relay identifier
as the old device. Implementors should be aware of this possibility, as the old device. Therefore if a relay agent supports relay-id, the
and consider making it possible for administrators to configure the relay-id should be administratively configurable.
identifier.
DISCUSSION:
Administrators should take special care to ensure that relay-ids
configured in their relay agents are not duplicated. Some
implementation advice is offered to administrators with regard
to configuration of relay-ids, detection and consequences of
duplicate relay-ids.
Configuration of Relay-IDs:
Various strategies may be used to configure relay-ids. Any
proposed strategy should be evaluated in terms of whether it can
ensure unique relay-ids in the administrative domain. It should
be noted that relay-ids configured using the strategy must also
satisfy requirements as stated in the rest of this document
(especially Section 5). One strategy that may be used is relay-id
on a relay agent may re-use an existing identifier or set of
identifiers that are already guaranteed to be unique (e.g.,
UUID [RFC4122] or IP address).
Consequences and Detection of Duplication of Relay-IDs:
This document only defines relay-id suboption but not its
use-cases. Consequences of duplication of relay-ids depend on
how relay-ids are used. Administrators should create mechanisms
to detect duplication of relay-ids.
Some mechanisms to detect duplication can be created based on
use-cases of relay-id. For example, DHCP servers use various
decision criteria during allocation of IP addresses and other
resources. If relay-id is part of the decision criteria, DHCP
server will attempt, but fail, to allocate the same resource
(typically an IP address) to two devices on the opposite side
of the two relay agents with duplicate IDs. In most cases this
won't happen, because the DHCP server isn't configured that way;
in the cases where it does happen, DHCP server should log the
failure.
It should be emphasized that these mechanisms may not be
fool-proof at indicating duplication of relay-ids as the cause
(the failures may be caused because of other reasons as well.)
But they serve as a first step in the analysis towards detection
of duplication relay-ids.
In contrast, the following approach is suggested as a general
mechanism to detect duplication of relay-ids. Network management
systems collect various types of information from the devices
under their control. As part of this, they should also collect
relay-id configured for each relay-agent (it becomes easy to do
if relay-id is exposed as a MIB field). At the network management
subsystem that has visibility into the entire administrative
domain, it should have back-end tools to check for duplicate
relay ids in the collected information.
6. Security Considerations 6. Security Considerations
Security issues with the Relay Agent Information option and its use Security issues with the Relay Agent Information option and its use
by servers in address assignment are discussed in [RFC3046] and by servers in address assignment are discussed in [RFC3046] and
[RFC4030]. Relay agents who send the Relay Agent Identifier [RFC4030]. The DHCP Relay Agent Information option depends on a
suboption SHOULD use the Relay Agent Authentication suboption trusted relationship between the DHCP relay agent and the DHCP
[RFC4030] to provide integrity protection and to avoid duplication of server, as described in Section 5 of RFC 3046. While the
relay identifiers by malicious entities. introduction of fraudulent DHCP relay agent information options can
be prevented by a perimeter defense that blocks these options unless
the DHCP relay agent is trusted, a deeper defense using the
authentication suboption for DHCP relay agent information option
[RFC4030] SHOULD be deployed as well. It also helps in avoiding
duplication of relay identifiers by malicious entities. However,
implementation of authentication suboption for DHCP relay agent
information option [RFC4030] is not a must to support relay-id
suboption.
7. IANA Considerations 7. IANA Considerations
We request that IANA assign a new suboption code from the registry of We request that IANA assign a new suboption code from the registry of
DHCP Agent Sub-Option Codes maintained in DHCP Agent Sub-Option Codes maintained in
http://www.iana.org/assignments/bootp-dhcp-parameters. http://www.iana.org/assignments/bootp-dhcp-parameters.
Relay Agent Identifier Suboption [TBA] Relay Agent Identifier Suboption [TBA]
8. Acknowledgments 8. Acknowledgments
skipping to change at page 6, line 31 skipping to change at page 8, line 7
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", [RFC3046] Patrick, M., "DHCP Relay Agent Information Option",
RFC 3046, January 2001. RFC 3046, January 2001.
[RFC4030] Stapp, M. and T. Lemon, "The Authentication Suboption for [RFC4030] Stapp, M. and T. Lemon, "The Authentication Suboption for
the Dynamic Host Configuration Protocol (DHCP) Relay Agent the Dynamic Host Configuration Protocol (DHCP) Relay Agent
Option", RFC 4030, March 2005. Option", RFC 4030, March 2005.
9.2. Informative References 9.2. Informative References
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122,
July 2005.
[RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration [RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration
Protocol (DHCP) Leasequery", RFC 4388, February 2006. Protocol (DHCP) Leasequery", RFC 4388, February 2006.
[RFC5107] Johnson, R., Kumarasamy, J., Kinnear, K., and M. Stapp, [RFC5107] Johnson, R., Kumarasamy, J., Kinnear, K., and M. Stapp,
"DHCP Server Identifier Override Suboption", RFC 5107, "DHCP Server Identifier Override Suboption", RFC 5107,
February 2008. February 2008.
[I-D.ietf-dhc-dhcpv4-bulk-leasequery] [I-D.ietf-dhc-dhcpv4-bulk-leasequery]
Kinnear, K., Stapp, M., Joshi, B., and N. Russell, "Bulk Kinnear, K., Stapp, M., Joshi, B., and N. Russell, "Bulk
DHCPv4 Lease Query", DHCPv4 Lease Query",
draft-ietf-dhc-dhcpv4-bulk-leasequery-06 (work in draft-ietf-dhc-dhcpv4-bulk-leasequery-07 (work in
progress), March 2012. progress), October 2012.
Authors' Addresses Authors' Addresses
Bharat Joshi Bharat Joshi
Infosys Ltd. Infosys Ltd.
44 Electronics City, Hosur Road 44 Electronics City, Hosur Road
Bangalore 560 100 Bangalore 560 100
India India
Email: bharat_joshi@infosys.com Email: bharat_joshi@infosys.com
 End of changes. 16 change blocks. 
45 lines changed or deleted 116 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/