draft-ietf-dhc-dhcpv6-bulk-leasequery-03.txt   draft-ietf-dhc-dhcpv6-bulk-leasequery-04.txt 
DHC M. Stapp DHC M. Stapp
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Expires: December 13, 2008 June 11, 2008 Intended status: Standards Track October 16, 2008
Expires: April 19, 2009
DHCPv6 Bulk Leasequery DHCPv6 Bulk Leasequery
draft-ietf-dhc-dhcpv6-bulk-leasequery-03.txt draft-ietf-dhc-dhcpv6-bulk-leasequery-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 33 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 13, 2008. This Internet-Draft will expire on April 19, 2009.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Abstract Abstract
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been
extended with a Leasequery capability that allows a client to request extended with a Leasequery capability that allows a client to request
information about DHCPv6 bindings. That mechanism is limited to information about DHCPv6 bindings. That mechanism is limited to
queries for individual bindings. In some situations individual queries for individual bindings. In some situations individual
binding queries may not be efficient, or even possible. This binding queries may not be efficient, or even possible. This
document expands on the Leasequery protocol, adding new query types document expands on the Leasequery protocol, adding new query types
and allowing for bulk transfer of DHCPv6 binding data via TCP. and allowing for bulk transfer of DHCPv6 binding data via TCP.
skipping to change at page 10, line 11 skipping to change at page 10, line 13
port configurable. port configurable.
This section presents a table of values used to control Bulk This section presents a table of values used to control Bulk
Leasequery behavior, including recommended defaults. Implementations Leasequery behavior, including recommended defaults. Implementations
MAY make these values configurable. MAY make these values configurable.
Parameter Default Description Parameter Default Description
------------------------------------------ ------------------------------------------
BULK_LQ_CONN_TIMEOUT 30 secs Bulk Leasequery connection timeout BULK_LQ_CONN_TIMEOUT 30 secs Bulk Leasequery connection timeout
BULK_LQ_DATA_TIMEOUT 30 secs Bulk Leasequery data timeout BULK_LQ_DATA_TIMEOUT 30 secs Bulk Leasequery data timeout
BULK_LQ_MAX_RETRY 60 secs Max Bulk Leasequery retry timeout value BULK_LQ_MAX_RETRY 60 secs Max Bulk Leasequery retry timeout
BULK_LQ_MAX_CONNS 10 Max Bulk Leasequery TCP connections BULK_LQ_MAX_CONNS 10 Max Bulk Leasequery TCP connections
6. Requestor Behavior 6. Requestor Behavior
6.1. Connecting 6.1. Connecting
A Requestor attempts to establish a TCP connection to a DHCPv6 Server A Requestor attempts to establish a TCP connection to a DHCPv6 Server
in order to initiate a Leasequery exchange. The Requestor SHOULD be in order to initiate a Leasequery exchange. The Requestor SHOULD be
prepared to abandon the connection attempt after prepared to abandon the connection attempt after
BULK_LQ_CONN_TIMEOUT. If the attempt fails, the Requestor MAY retry. BULK_LQ_CONN_TIMEOUT. If the attempt fails, the Requestor MAY retry.
skipping to change at page 16, line 12 skipping to change at page 16, line 12
after it has finished processing any outstanding requests from the after it has finished processing any outstanding requests from the
client. client.
8. Security Considerations 8. Security Considerations
The "Security Considerations" section of [RFC3315] details the The "Security Considerations" section of [RFC3315] details the
general threats to DHCPv6. The DHCPv6 Leasequery specification general threats to DHCPv6. The DHCPv6 Leasequery specification
[RFC5007] describes recommendations for the Leasequery protocol, [RFC5007] describes recommendations for the Leasequery protocol,
especially with regard to relayed LEASEQUERY messages, mitigation of especially with regard to relayed LEASEQUERY messages, mitigation of
packet-flooding DOS attacks, restriction to trusted clients, and use packet-flooding DOS attacks, restriction to trusted clients, and use
of IPsec [RFC2401]. of IPsec [RFC4301].
The use of TCP introduces some additional concerns. Attacks that The use of TCP introduces some additional concerns. Attacks that
attempt to exhaust the DHCPv6 server's available TCP connection attempt to exhaust the DHCPv6 server's available TCP connection
resources, such as SYN flooding attacks, can compromise the ability resources, such as SYN flooding attacks, can compromise the ability
of legitimate clients to receive service. Malicious clients who of legitimate clients to receive service. Malicious clients who
succeed in establishing connections, but who then send invalid succeed in establishing connections, but who then send invalid
queries, partial queries, or no queries at all also can exhaust a queries, partial queries, or no queries at all also can exhaust a
server's pool of available connections. We recommend that servers server's pool of available connections. We recommend that servers
offer configuration to limit the sources of incoming connections, offer configuration to limit the sources of incoming connections,
that they limit the number of accepted connections and the number of that they limit the number of accepted connections and the number of
skipping to change at page 17, line 28 skipping to change at page 17, line 31
12.1. Normative References 12.1. Normative References
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633, Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003. December 2003.
[RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A Roadmap
for Transmission Control Protocol (TCP) Specification
Documents", RFC 4614, September 2006.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4649] Volz, B., "Dynamic Host Configuration Protocol for IPv6 [RFC4649] Volz, B., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6) Relay Agent Remote-ID Option", RFC 4649, (DHCPv6) Relay Agent Remote-ID Option", RFC 4649,
August 2006. August 2006.
[RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, [RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng,
"DHCPv6 Leasequery", RFC 5007, September 2007. "DHCPv6 Leasequery", RFC 5007, September 2007.
12.2. Informative References 12.2. Informative References
[RFC2401] Kent, S. and R. Atkinson, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 2401, November 1998. Internet Protocol", RFC 4301, December 2005.
[RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A Roadmap
for Transmission Control Protocol (TCP) Specification
Documents", RFC 4614, September 2006.
Author's Address Author's Address
Mark Stapp Mark Stapp
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978 936 0000 Phone: +1 978 936 0000
skipping to change at page 19, line 44 skipping to change at line 817
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
 End of changes. 8 change blocks. 
15 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/