draft-ietf-dhc-subnet-option-04.txt   draft-ietf-dhc-subnet-option-05.txt 
Network Working Group G. Waters Network Working Group G. Waters
INTERNET-DRAFT Nortel Networks INTERNET-DRAFT Nortel Networks
April 2000 June 2000
The Subnet Selection Option for DHCP The Subnet Selection Option for DHCP
<draft-ietf-dhc-subnet-option-04.txt> <draft-ietf-dhc-subnet-option-05.txt>
Friday, April 7, 2000, 12:11 PM Wednesday, June 07, 2000, 4:44 PM
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 2, line 5 skipping to change at line 47
Copyright (C) The Internet Society (2000). All Rights Reserved. Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract Abstract
This memo defines a new DHCP option for selecting the subnet on which This memo defines a new DHCP option for selecting the subnet on which
to allocate an address. This option would override a DHCP server's to allocate an address. This option would override a DHCP server's
normal methods of selecting the subnet on which to allocate an address normal methods of selecting the subnet on which to allocate an address
for a client. for a client.
Waters Expires: Jun 2000 + 6 months [Page 1]
Table of Contents Table of Contents
1. Introduction......................................................2 1. Introduction......................................................2
1.1. Motivational Example.........................................2 1.1. Motivational Example.........................................2
2. Subnet Selection Option Definition................................3 2. Subnet Selection Option Definition................................3
3. Intellectual Property.............................................4 3. Intellectual Property.............................................4
4. Acknowledgements..................................................4 4. IANA Considerations...............................................4
5. Security Considerations...........................................4 5. Acknowledgements..................................................5
6. References........................................................5 6. Security Considerations...........................................5
7. Editor's Addresses................................................5 7. References........................................................5
8. Full Copyright Statement..........................................5 8. Editor's Addresses................................................5
9. Full Copyright Statement..........................................5
1. Introduction 1. Introduction
To select the subnet on which to allocate an address, the DHCP server To select the subnet on which to allocate an address, the DHCP server
determines the subnet from which the request originated, and then determines the subnet from which the request originated, and then
selects an address on the originating subnet or on a subnet that is on selects an address on the originating subnet or on a subnet that is on
the same network segment as the originating subnet. The subnet from the same network segment as the originating subnet. The subnet from
which the request originates can be determined by: which the request originates can be determined by:
o Using the subnet address of the giaddr field in the DHCP packet o Using the subnet address of the giaddr field in the DHCP packet
skipping to change at page 2, line 53 skipping to change at line 97
An example of where this option could be useful is in a device (e.g.: An example of where this option could be useful is in a device (e.g.:
a RAS device) that is allocating addresses on behalf of its clients. a RAS device) that is allocating addresses on behalf of its clients.
In this case the device would be allocating addresses through DHCP and In this case the device would be allocating addresses through DHCP and
then managing those addresses among its clients. then managing those addresses among its clients.
In this scenario, the device is connected to a private "internal" In this scenario, the device is connected to a private "internal"
network on which the DHCP server would be located. The device is also network on which the DHCP server would be located. The device is also
connected to one or more service providing "external" networks (i.e.: connected to one or more service providing "external" networks (i.e.:
the networks that the device's clients are connected to). Furthermore, the networks that the device's clients are connected to). Furthermore,
the internal network is not IP connected to the external networks, the internal network is not IP connected to the external networks,
Waters Expires: Jun 2000 + 6 months [Page 2]
although inside the device there is connectivity between the internal although inside the device there is connectivity between the internal
and external networks (e.g.: though the backplane). and external networks (e.g.: though the backplane).
Recall that the device is allocating addresses for its clients on the Recall that the device is allocating addresses for its clients on the
external networks and that there is no IP connectivity between the external networks and that there is no IP connectivity between the
internal network and the external networks. The DHCP requests cannot internal network and the external networks. The DHCP requests cannot
originate from the external networks since packets cannot be routed originate from the external networks since packets cannot be routed
between the external network and the internal network. Thus, the DHCP between the external network and the internal network. Thus, the DHCP
requests must originate from the internal network. The problem with requests must originate from the internal network. The problem with
originating the DHCP requests from the internal network is that the originating the DHCP requests from the internal network is that the
skipping to change at page 3, line 51 skipping to change at line 148
+-----+-----+-----+-----+-----+-----+ +-----+-----+-----+-----+-----+-----+
| TBD | 4 | A1 | A2 | A3 | A4 | | TBD | 4 | A1 | A2 | A3 | A4 |
+-----+-----+-----+-----+-----+-----+ +-----+-----+-----+-----+-----+-----+
Servers supporting this option MUST return an identical copy of the Servers supporting this option MUST return an identical copy of the
option to any client that sends it, regardless of whether or not the option to any client that sends it, regardless of whether or not the
client requests the option in a parameter request list. Clients using client requests the option in a parameter request list. Clients using
this option MUST discard DHCPOFFER or DHCPACK packets that do not this option MUST discard DHCPOFFER or DHCPACK packets that do not
contain this option. contain this option.
Waters Expires: Jun 2000 + 6 months [Page 3]
This option does not require changes to operations or features of the This option does not require changes to operations or features of the
DHCP server other than to select the subnet on which to allocate an DHCP server other than to select the subnet on which to allocate an
address. For example, the handling of DHCPDISCOVER for an unknown address. For example, the handling of DHCPDISCOVER for an unknown
subnet should continue to operate unchanged. subnet should continue to operate unchanged.
When this option is present and the server supports this option, the When this option is present and the server supports this option, the
server MUST NOT offer an address that is not on the requested subnet server MUST NOT offer an address that is not on the requested subnet
or network segment. or network segment.
During an address renew, the DHCP server may send a DHCPACK directly During an address renew, the DHCP server may send a DHCPACK directly
skipping to change at page 4, line 43 skipping to change at line 192
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this specification such proprietary rights by implementers or users of this specification
can be obtained from the IETF Secretariat. can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF Executive
Director. Director.
4. Acknowledgements 4. IANA Considerations
IANA has assigned a value of TBD for the DHCP option code described in
this document.
Waters Expires: Jun 2000 + 6 months [Page 4]
5. Acknowledgements
This document is the result of work undertaken the by DHCP working This document is the result of work undertaken the by DHCP working
group. Thanks to Ted Lemon, Tim Aston and Ralph Droms for their group. Thanks to Ted Lemon, Tim Aston and Ralph Droms for their
helpful comments in this work. helpful comments in this work.
5. Security Considerations 6. Security Considerations
DHCP currently provides no authentication or security mechanisms. DHCP currently provides no authentication or security mechanisms.
Potential exposures to attack are discussed is section 7 of the Potential exposures to attack are discussed is section 7 of the
protocol specification [RFC2131]. protocol specification [RFC2131].
The subnet selection option allows for the DHCP client to specify the The subnet selection option allows for the DHCP client to specify the
subnet on which to allocate an address. This would allow a client to subnet on which to allocate an address. This would allow a client to
perform a more complete address-pool exhaustion attack since the perform a more complete address-pool exhaustion attack since the
client would no longer be restricted to attacking address-pools on client would no longer be restricted to attacking address-pools on
just its local subnet. Under the current DHCP security model there is just its local subnet. Under the current DHCP security model there is
no methods available to circumvent this type of attack. no methods available to circumvent this type of attack.
6. References 7. References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, BCP 14, March 1997. Requirement Levels", RFC 2119, BCP 14, March 1997.
[RFC2131] Droms, R. "Dynamic Host Configuration Protocol", RFC 2131, [RFC2131] Droms, R. "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[RFC2132] Alexander, S. and Droms, R., "DHCP Options and BOOTP Vendor [RFC2132] Alexander, S. and Droms, R., "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
7. Editor's Addresses 8. Editor's Addresses
Glenn Waters Glenn Waters
Nortel Networks Nortel Networks
310-875 Carling Avenue, 310-875 Carling Avenue,
Ottawa, Ontario K1S 5P1 Ottawa, Ontario K1S 5P1
Canada Canada
Phone: +1 613-798-4925 Phone: +1 613-798-4925
Email: gww@nortelnetworks.com Email: gww@nortelnetworks.com
8. Full Copyright Statement 9. Full Copyright Statement
Copyright (C) The Internet Society (2000). All Rights Reserved. Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published and or assist in its implementation may be prepared, copied, published and
Waters Expires: Jun 2000 + 6 months [Page 5]
distributed, in whole or in part, without restriction of any kind, distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing Internet organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights defined Internet standards in which case the procedures for copyrights defined
in the Internet Standards process must be followed, or as required to in the Internet Standards process must be followed, or as required to
translate it into languages other than English. translate it into languages other than English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Waters Expires: Jun 2000 + 6 months [Page 6]
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/