draft-ietf-dhc-agent-subnet-selection-02.txt   draft-ietf-dhc-agent-subnet-selection-03.txt 
Network Working Group Kim Kinnear Network Working Group Kim Kinnear
INTERNET DRAFT Mark Stapp INTERNET DRAFT Mark Stapp
Richard Johnson Richard Johnson
Jay Kumarasamy Jay Kumarasamy
Cisco Systems Cisco Systems
February 2002 April 2002
Expires August 2002 Expires October 2002
Subnet Selection sub-option Link Selection sub-option
for the Relay Agent Information Option for the Relay Agent Information Option
<draft-ietf-dhc-agent-subnet-selection-02.txt> <draft-ietf-dhc-agent-subnet-selection-03.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 43 skipping to change at page 1, line 43
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
In RFC 2131, the giaddr specifies both the subnet on which a DHCP In RFC 2131, the giaddr specifies an IP address which determines both
client resides as well as an IP address which can be used to a subnet and thereby a link on which a DHCP client resides as well as
communicate with the relay agent. The subnet selection option [RFC an IP address which can be used to communicate with the relay agent.
3011] allows these functions of the giaddr to be split so that when The subnet-selection option [RFC 3011] allows these functions of the
one entity is performing as a DHCP proxy, it can specify the subnet giaddr to be split so that when one entity is performing as a DHCP
from which to allocate an IP address which is different from the IP proxy, it can specify the subnet/link from which to allocate an IP
address with which it desires to communicate with the DHCP server. address which is different from the IP address with which it desires
to communicate with the DHCP server. Analgous situations exist where
Analgous situations exist where the relay agent needs to specify the the relay agent needs to specify the subnet/link on which a DHCP
subnet on which a DHCP client resides which is different from an IP client resides which is different from an IP address which can be
address which can be used to communicate with the relay agent. The used to communicate with the relay agent. The link-selection sub-
subnet-selection sub-option (specified here) of the relay-agent- option (specified here) of the relay-agent-information option allows
information option allows a relay agent to do this. a relay agent to do this.
1. Introduction 1. Introduction
In RFC 2131, the giaddr specifies both the subnet on which a DHCP In RFC 2131, the giaddr specifies and IP address which determines a
client resides as well as an IP address which can be used to communi- subnet (and from there a link) on which a DHCP client resides as well
cate with the relay agent. The subnet selection option [RFC 3011] as an IP address which can be used to communicate with the relay
allows these functions of the giaddr to be split so that when one agent. The subnet-selection option [RFC 3011] allows these functions
entity is performing as a DHCP proxy, it can specify the subnet from of the giaddr to be split so that when one entity is performing as a
which to allocate an IP address which is different from the IP DHCP proxy, it can specify the subnet/link from which to allocate an
address with which it desires to communicate with the DHCP server. IP address which is different from the IP address with which it
desires to communicate with the DHCP server.
Analgous situations exist where the relay agent needs to specify the Analgous situations exist where the relay agent needs to specify the
subnet on which a DHCP client resides which is different from an IP subnet/link on which a DHCP client resides which is different from an
address which can be used to communicate with the relay agent. Con- IP address which can be used to communicate with the relay agent.
sider the following architecture: Consider the following architecture:
+--------+ +---------------+ +--------+ +---------------+
| DHCP | IP x| |IP y | DHCP | IP x| |IP y
| Server |-.......-| Relay Agent |----+------------+ | Server |-.......-| Relay Agent |----+------------+
+--------+ | | | | +--------+ | | | |
+---------------+ | +------+ +---------------+ | +------+
| |Modem | | |Modem |
| +------+ | +------+
| | | | | |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
skipping to change at page 3, line 11 skipping to change at page 3, line 13
shared as a gateway address by multiple subnets. shared as a gateway address by multiple subnets.
2. There might be some firewall capability in the network element 2. There might be some firewall capability in the network element
in which the relay agent resides that does not allow the DHCP in which the relay agent resides that does not allow the DHCP
server to access the relay agent via IP y. server to access the relay agent via IP y.
3. There might not be an IP y. An example would be the case where 3. There might not be an IP y. An example would be the case where
there was only one host and this was a point to point link. there was only one host and this was a point to point link.
In any of these or other cases, the relay agent needs to be able to In any of these or other cases, the relay agent needs to be able to
communicate to the DHCP server the subnet from which to allocate an communicate to the DHCP server the subnet/link from which to allocate
IP address. The IP address which will communicate to the DHCP server an IP address. The IP address which will communicate to the DHCP
the subnet information cannot be used as a way to communicate between server the subnet/link information cannot be used as a way to commun-
the DHCP server and the relay agent. icate between the DHCP server and the relay agent.
Since the relay agent can modify the client's DHCP DHCPREQUEST in Since the relay agent can modify the client's DHCP DHCPREQUEST in
only two ways: the giaddr and the relay-agent-info option, there is only two ways: the giaddr and the relay-agent-info option, there is
thus a need to extend the relay-agent-info option with a new sub- thus a need to extend the relay-agent-info option with a new sub-
option, the subnet-selection sub-option, to allow separation of the option, the link-selection sub-option, to allow separation of the
specification of the subnet from the IP address to use when communi- specification of the subnet/link from the IP address to use when com-
cating with the relay agent. municating with the relay agent.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC 2119]. document are to be interpreted as described in RFC 2119 [RFC 2119].
This document uses the following terms: This document uses the following terms:
o "DHCP client" o "DHCP client"
skipping to change at page 3, line 47 skipping to change at page 3, line 49
A DHCP relay agent is a third-party agent that transfers BOOTP A DHCP relay agent is a third-party agent that transfers BOOTP
and DHCP messages between clients and servers residing on dif- and DHCP messages between clients and servers residing on dif-
ferent subnets, per [RFC 951] and [RFC 1542]. ferent subnets, per [RFC 951] and [RFC 1542].
o "DHCP server" o "DHCP server"
A DHCP server is an Internet host that returns configuration A DHCP server is an Internet host that returns configuration
parameters to DHCP clients. parameters to DHCP clients.
3. Subnet selection sub-option definition o "link"
The subnet-selection sub-option is used by any DHCP relay agent which A link is a collection of subnets that all coexist on the same
desires to specify a subnet for a DHCP client request that it is physical medium. Sometimes called a lan segment or network seg-
relaying but needs the subnet specification to be different from the ment in other contexts.
IP address the DHCP server should use when communicating with the
o "subnet"
A subnet (for the purposes of this document) consists on a rout-
able address range. It may be one of several that exist on a
link at the same time.
3. Link selection sub-option definition
The link-selection sub-option is used by any DHCP relay agent which
desires to specify a subnet/link for a DHCP client request that it is
relaying but needs the subnet/link specification to be different from
the IP address the DHCP server should use when communicating with the
relay agent. relay agent.
The sub-option contains a single IP address that is the address of a The sub-option contains a single IP address that is an address con-
subnet. The value for the subnet address is determined by taking any tained in a subnet. The value for the subnet address is determined by
IP address on the subnet and ANDing that address with the subnet mask taking any IP address on the subnet and ANDing that address with the
(i.e.: the network and subnet bits are left alone and the remaining subnet mask (i.e.: the network and subnet bits are left alone and the
(address) bits are set to zero). When the DHCP server is allocating remaining (address) bits are set to zero). This determines a single
an address and this sub-option is present then the DHCP server MUST subnet, and when allocating an IP address, all of the other related
allocate the address on either: subnets on the same link will also be considered in the same way as
currently specified for the processing of the giaddr in [RFC 2131].
o the subnet specified in the subnet selection sub-option, or; When the DHCP server is allocating an address and this sub-option is
present then the DHCP server MUST allocate the address on either:
o a subnet on the same network segment as the subnet specified in o the subnet specified in the link-selection sub-option, or;
the subnet selection sub-option.
o a subnet on the same link (also known as a network segment) as
the subnet specified by the link-selection sub-option.
The format of the sub-option is: The format of the sub-option is:
SubOpt Len subnet IP address SubOpt Len subnet IP address
+------+------+------+------+------+------+ +------+------+------+------+------+------+
| TBD | 4 | a1 | a2 | a3 | a4 | | TBD | 4 | a1 | a2 | a3 | a4 |
+------+------+------+------+------+------+ +------+------+------+------+------+------+
Because the IP address offered to a client is likely to be different A relay agent which uses this sub-option MUST assume that the server
if this sub-option is included in a relay-agent-info option than it receiving the sub-option supports the sub-option and used the
would be if this sub-option did not appear or was not interpreted, information available in the sub-option to correctly allocate an IP
and because some DHCP servers will not support the relay-agent-info address. A relay agent which uses this sub-option MUST NOT take dif-
option, then relay agents using this sub-option MUST discard ferent actions based on whether this sub-option appears or does not
DHCPOFFER or DHCPACK packets that do not contain this sub-option in appear in the response packet from the server.
their associated relay-agent-info options. In the case, there will
typically not be any relay-agent-info option in the DHCPOFFER or
DHCPACK.
This will protect against servers who do not implement any support
for the relay-agent-info option [RFC 3046].
However, [RFC 3046] states that every server supporting the relay-
agent-info option MUST echo the entire contents of the relay-agent-
info option in all replies. Thus, a relay agent doesn't have any
effective way to tell whether or not a server has actually used the
subnet-selection sub-option to drive its choice of subnets on which
the IP address is allocated.
Because of this situation, it is important to ensure using adminis- It is important to ensure using administrative techniques that any
trative techniques that any relay agent employing this sub-option is relay agent employing this sub-option is directed to only send pack-
directed to only send packets to a server which supports this sub- ets to a server which supports this sub-option.
option.
Support for this sub-option does not require changes to operations or Support for this sub-option does not require changes to operations or
features of the DHCP server other than to select the subnet on which features of the DHCP server other than to select the subnet (and
to allocate an address. For example, the handling of DHCPDISCOVER for link) on which to allocate an address. For example, the handling of
an unknown subnet should continue to operate unchanged. DHCPDISCOVER for an unknown subnet should continue to operate
unchanged.
In the event that a DHCP server receives a packet which contains both In the event that a DHCP server receives a packet which contains both
a subnet selection option [RFC 3011] as well as a subnet selection a subnet-selection option [RFC 3011] as well as a link-selection
sub-option, the information contained in the subnet selection sub- sub-option, the information contained in the link-selection sub-
option MUST be used to control the allocation of an IP address in option MUST be used to control the allocation of an IP address in
preference to the information contained in the subnet selection preference to the information contained in the subnet-selection
option. When this situation occurs, the subnet selection option MUST option.
NOT be echoed in the reply packet to the client, signalling that the
subnet selection option was not used to drive the selection of the
subnet for IP address allocation.
When this sub-option is present and the server supports this sub- When this sub-option is present and the server supports this sub-
option, the server MUST NOT offer an address that is not on the option, the server MUST NOT offer an address that is not on the
requested subnet or network segment. requested subnet or the link (network segment) with which that subnet
is associated.
The IP address to which a DHCP server sends a reply MUST be the same The IP address to which a DHCP server sends a reply MUST be the same
as it would choose when this sub-option is not present. as it would choose when this sub-option is not present.
4. Security Considerations 4. Security Considerations
Potential attacks on DHCP are discussed in section 7 of the DHCP pro- Potential attacks on DHCP are discussed in section 7 of the DHCP pro-
tocol specification [RFC 2131], as well as in the DHCP authentication tocol specification [RFC 2131], as well as in the DHCP authentication
specification [RFC 3118]. specification [RFC 3118].
The subnet selection sub-option allows a relay agent to specify the The link-selection sub-option allows a relay agent to specify the
subnet on which to allocate an address for a DHCP client. Given that subnet/link on which to allocate an address for a DHCP client. Given
the subnet selection option already exists [RFC 3011], no new secu- that the subnet-selection option already exists [RFC 3011], no funda-
rity issues are raised by the existance of the subnet selection sub- mental new security issues are raised by the existance of the link-
option specified in this document beyond those implied by the selection sub-option specified in this document beyond those implied
subnet-selection option [RFC 3011]. by the subnet-selection option [RFC 3011].
The existance of either the subnet selection option or subnet selec- The existance of either the subnet-selection option or link-selection
tion sub-option documented here would allow a malicious DHCP client sub-option documented here would allow a malicious DHCP client to
to perform a more complete address-pool exhaustion attack than could perform a more complete address-pool exhaustion attack than could be
be performed without the use of these options, since the client would performed without the use of these options, since the client would no
no longer be restricted to attacking address-pools on just its local longer be restricted to attacking address-pools on just its local
subnet. subnet.
There is some minor protection against this form of attack using this There is some minor protection against this form of attack using this
sub-option that is not present for the subnet selection option, in sub-option that is not present for the subnet-selection option, in
that a trusted relay agent which supports the relay-agent-info option that a trusted relay agent which supports the relay-agent-info option
MUST discard a packet it receives with a zero giaddr and a relay- MUST discard a packet it receives with a zero giaddr and a relay-
agent-info option when that packet arrives on an "untrusted" circuit agent-info option when that packet arrives on an "untrusted" circuit
[RFC 3046, section 2.1]. [RFC 3046, section 2.1].
5. IANA Considerations 5. IANA Considerations
IANA has assigned a value of TBD from the DHCP Relay Agent Sub- IANA has assigned a value of TBD from the DHCP Relay Agent Sub-
options space [RFC 3046] for the subnet selection sub-option defined options space [RFC 3046] for the link-selection sub-option defined in
in Section 3. Section 3.
6. Acknowledgments 6. Acknowledgments
Eric Rosen contributed to helping the authors to understand the need Eric Rosen contributed to helping the authors to understand the need
for this sub-option. Much of the text of this document was borrowed for this sub-option. Much of the text of this document was borrowed
with only minimal modifications from the document describing the sub- with only minimal modifications from the document describing the
net selection option [RFC 3011]. subnet-selection option [RFC 3011].
7. References 7. References
[RFC 951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC [RFC 951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC
951, September 1985. 951, September 1985.
[RFC 1542] Wimer, W., "Clarifications and Extensions for the [RFC 1542] Wimer, W., "Clarifications and Extensions for the
Bootstrap Protocol", RFC 1542, October 1993. Bootstrap Protocol", RFC 1542, October 1993.
[RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/