draft-ietf-dhc-agent-subnet-selection-03.txt   draft-ietf-dhc-agent-subnet-selection-04.txt 
Network Working Group Kim Kinnear Network Working Group Kim Kinnear
INTERNET DRAFT Mark Stapp INTERNET DRAFT Mark Stapp
Richard Johnson Richard Johnson
Jay Kumarasamy Jay Kumarasamy
Cisco Systems Cisco Systems
April 2002 October 2002
Expires October 2002 Expires April 2003
Link Selection sub-option Link Selection sub-option
for the Relay Agent Information Option for the Relay Agent Information Option for DHCPv4
<draft-ietf-dhc-agent-subnet-selection-03.txt> <draft-ietf-dhc-agent-subnet-selection-04.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Abstract Abstract
In RFC 2131, the giaddr specifies an IP address which determines both In RFC 2131, the giaddr specifies an IP address which determines both
a subnet and thereby a link on which a DHCP client resides as well as a subnet and thereby a link on which a DHCP client resides as well as
an IP address which can be used to communicate with the relay agent. an IP address which can be used to communicate with the relay agent.
The subnet-selection option [RFC 3011] allows these functions of the The subnet-selection option [RFC 3011] allows these functions of the
giaddr to be split so that when one entity is performing as a DHCP giaddr to be split so that when one entity is performing as a DHCP
proxy, it can specify the subnet/link from which to allocate an IP proxy, it can specify the subnet/link from which to allocate an IP
address which is different from the IP address with which it desires address which is different from the IP address with which it desires
to communicate with the DHCP server. Analgous situations exist where to communicate with the DHCP server. Analogous situations exist
the relay agent needs to specify the subnet/link on which a DHCP where the relay agent needs to specify the subnet/link on which a
client resides which is different from an IP address which can be DHCP client resides which is different from an IP address which can
used to communicate with the relay agent. The link-selection sub- be used to communicate with the relay agent. The link-selection
option (specified here) of the relay-agent-information option allows sub-option (specified here) of the relay-agent-information option
a relay agent to do this. allows a relay agent to do this.
1. Introduction 1. Introduction
In RFC 2131, the giaddr specifies and IP address which determines a In RFC 2131, the giaddr specifies and IP address which determines a
subnet (and from there a link) on which a DHCP client resides as well subnet (and from there a link) on which a DHCP client resides as well
as an IP address which can be used to communicate with the relay as an IP address which can be used to communicate with the relay
agent. The subnet-selection option [RFC 3011] allows these functions agent. The subnet-selection option [RFC 3011] allows these functions
of the giaddr to be split so that when one entity is performing as a of the giaddr to be split so that when one entity is performing as a
DHCP proxy, it can specify the subnet/link from which to allocate an DHCP proxy, it can specify the subnet/link from which to allocate an
IP address which is different from the IP address with which it IP address which is different from the IP address with which it
skipping to change at page 2, line 45 skipping to change at page 2, line 45
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
|Host1| |Host2| |Host3| |Host1| |Host2| |Host3|
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
In the usual approach, the relay agent would put IP address Y into In the usual approach, the relay agent would put IP address Y into
the giaddr of any packets that it forwarded to the DHCP server. How- the giaddr of any packets that it forwarded to the DHCP server. How-
ever, if for any reason IP address Y is not accessible from the DHCP ever, if for any reason IP address Y is not accessible from the DHCP
server, then this usual approach will fail. There are several rea- server, then this usual approach will fail. There are several rea-
sons why IP y might be inaccessible from the DHCP server: sons why IP y might be inaccessible from the DHCP server:
1. IP y might not be unique for this subnet, but might instead be o There might be some firewall capability in the network element
shared as a gateway address by multiple subnets.
2. There might be some firewall capability in the network element
in which the relay agent resides that does not allow the DHCP in which the relay agent resides that does not allow the DHCP
server to access the relay agent via IP y. server to access the relay agent via IP y.
3. There might not be an IP y. An example would be the case where o There might not be an IP y. An example would be the case where
there was only one host and this was a point to point link. there was only one host and this was a point to point link.
In any of these or other cases, the relay agent needs to be able to In any of these or other cases, the relay agent needs to be able to
communicate to the DHCP server the subnet/link from which to allocate communicate to the DHCP server the subnet/link from which to allocate
an IP address. The IP address which will communicate to the DHCP an IP address. The IP address which will communicate to the DHCP
server the subnet/link information cannot be used as a way to commun- server the subnet/link information cannot be used as a way to commun-
icate between the DHCP server and the relay agent. icate between the DHCP server and the relay agent.
Since the relay agent can modify the client's DHCP DHCPREQUEST in Since the relay agent can modify the client's DHCP DHCPREQUEST in
only two ways: the giaddr and the relay-agent-info option, there is only two ways: the giaddr and the relay-agent-info option, there is
skipping to change at page 3, line 51 skipping to change at page 3, line 48
and DHCP messages between clients and servers residing on dif- and DHCP messages between clients and servers residing on dif-
ferent subnets, per [RFC 951] and [RFC 1542]. ferent subnets, per [RFC 951] and [RFC 1542].
o "DHCP server" o "DHCP server"
A DHCP server is an Internet host that returns configuration A DHCP server is an Internet host that returns configuration
parameters to DHCP clients. parameters to DHCP clients.
o "link" o "link"
A link is a collection of subnets that all coexist on the same A link is a communications facility or medium over which nodes
physical medium. Sometimes called a lan segment or network seg- can communicate at the link layer, i.e., the layer immediately
ment in other contexts. below IPv4. Examples are Ethernets (simple or bridged); PPP
links; X.25, Frame Relay, or ATM networks; and internet (or
higher) layer "tunnels" such as tunnels over IPv4 or IPv6
itself.
o "subnet" o "subnet"
A subnet (for the purposes of this document) consists on a rout- A subnet (for the purposes of this document) consists on a rout-
able address range. It may be one of several that exist on a able address range. It may be one of several that exist on a
link at the same time. link at the same time.
3. Link selection sub-option definition 3. Link selection sub-option definition
The link-selection sub-option is used by any DHCP relay agent which The link-selection sub-option is used by any DHCP relay agent which
skipping to change at page 4, line 28 skipping to change at page 4, line 29
the IP address the DHCP server should use when communicating with the the IP address the DHCP server should use when communicating with the
relay agent. relay agent.
The sub-option contains a single IP address that is an address con- The sub-option contains a single IP address that is an address con-
tained in a subnet. The value for the subnet address is determined by tained in a subnet. The value for the subnet address is determined by
taking any IP address on the subnet and ANDing that address with the taking any IP address on the subnet and ANDing that address with the
subnet mask (i.e.: the network and subnet bits are left alone and the subnet mask (i.e.: the network and subnet bits are left alone and the
remaining (address) bits are set to zero). This determines a single remaining (address) bits are set to zero). This determines a single
subnet, and when allocating an IP address, all of the other related subnet, and when allocating an IP address, all of the other related
subnets on the same link will also be considered in the same way as subnets on the same link will also be considered in the same way as
currently specified for the processing of the giaddr in [RFC 2131]. currently specified for the processing of the giaddr in [RFC 2131,
Section 4.3.1, first group of bullets, bullet 4].
In scenarios where this sub-option is needed the relay agent adds it
whenever it sets the giaddr value (i.e., on all messages relayed to
the DHCP server).
When the DHCP server is allocating an address and this sub-option is When the DHCP server is allocating an address and this sub-option is
present then the DHCP server MUST allocate the address on either: present then the DHCP server MUST allocate the address on either:
o the subnet specified in the link-selection sub-option, or; o the subnet specified in the link-selection sub-option, or;
o a subnet on the same link (also known as a network segment) as o a subnet on the same link (also known as a network segment) as
the subnet specified by the link-selection sub-option. the subnet specified by the link-selection sub-option.
The format of the sub-option is: The format of the sub-option is:
SubOpt Len subnet IP address SubOpt Len subnet IP address
+------+------+------+------+------+------+ +------+------+------+------+------+------+
| TBD | 4 | a1 | a2 | a3 | a4 | | TBD | 4 | a1 | a2 | a3 | a4 |
+------+------+------+------+------+------+ +------+------+------+------+------+------+
A relay agent which uses this sub-option MUST assume that the server A relay agent which uses this sub-option MUST assume that the server
receiving the sub-option supports the sub-option and used the receiving the sub-option supports the sub-option and used the infor-
information available in the sub-option to correctly allocate an IP mation available in the sub-option to correctly allocate an IP
address. A relay agent which uses this sub-option MUST NOT take dif- address. A relay agent which uses this sub-option MUST NOT take dif-
ferent actions based on whether this sub-option appears or does not ferent actions based on whether this sub-option appears or does not
appear in the response packet from the server. appear in the response packet from the server.
It is important to ensure using administrative techniques that any It is important to ensure using administrative techniques that any
relay agent employing this sub-option is directed to only send pack- relay agent employing this sub-option is directed to only send pack-
ets to a server which supports this sub-option. ets to a server which supports this sub-option.
Support for this sub-option does not require changes to operations or Support for this sub-option does not require changes to operations or
features of the DHCP server other than to select the subnet (and features of the DHCP server other than to select the subnet (and
skipping to change at page 5, line 43 skipping to change at page 6, line 6
4. Security Considerations 4. Security Considerations
Potential attacks on DHCP are discussed in section 7 of the DHCP pro- Potential attacks on DHCP are discussed in section 7 of the DHCP pro-
tocol specification [RFC 2131], as well as in the DHCP authentication tocol specification [RFC 2131], as well as in the DHCP authentication
specification [RFC 3118]. specification [RFC 3118].
The link-selection sub-option allows a relay agent to specify the The link-selection sub-option allows a relay agent to specify the
subnet/link on which to allocate an address for a DHCP client. Given subnet/link on which to allocate an address for a DHCP client. Given
that the subnet-selection option already exists [RFC 3011], no funda- that the subnet-selection option already exists [RFC 3011], no funda-
mental new security issues are raised by the existance of the link- mental new security issues are raised by the existence of the link-
selection sub-option specified in this document beyond those implied selection sub-option specified in this document beyond those implied
by the subnet-selection option [RFC 3011]. by the subnet-selection option [RFC 3011].
The existance of either the subnet-selection option or link-selection The existance of either the subnet-selection option or link-selection
sub-option documented here would allow a malicious DHCP client to sub-option documented here would allow a malicious DHCP client to
perform a more complete address-pool exhaustion attack than could be perform a more complete address-pool exhaustion attack than could be
performed without the use of these options, since the client would no performed without the use of these options, since the client would no
longer be restricted to attacking address-pools on just its local longer be restricted to attacking address-pools on just its local
subnet. subnet.
skipping to change at page 7, line 13 skipping to change at page 7, line 22
3046, January 2001. 3046, January 2001.
8. Author's information 8. Author's information
Kim Kinnear Kim Kinnear
Mark Stapp Mark Stapp
Cisco Systems Cisco Systems
250 Apollo Drive 250 Apollo Drive
Chelmsford, MA 01824 Chelmsford, MA 01824
Phone: (978) 244-8000 Phone: (978) 497-8000
EMail: kkinnear@cisco.com EMail: kkinnear@cisco.com
mjs@cisco.com mjs@cisco.com
Jay Kumarasamy Jay Kumarasamy
Richard Johnson Richard Johnson
Cisco Systems Cisco Systems
170 W. Tasman Dr. 170 W. Tasman Dr.
San Jose, CA 95134 San Jose, CA 95134
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/