draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-03.txt   draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04.txt 
Network Working Group G. Halwasia Network Working Group G. Halwasia
Internet-Draft S. Bhandari Internet-Draft S. Bhandari
Intended status: Standards Track W. Dec Intended status: Standards Track W. Dec
Expires: April 21, 2013 Cisco Systems Expires: June 17, 2013 Cisco Systems
October 18, 2012 December 14, 2012
Client Link-layer Address Option in DHCPv6 Client Link-layer Address Option in DHCPv6
draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-03 draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04
Abstract Abstract
This document specifies the format and mechanism that is to be used This document specifies the format and mechanism that is to be used
for encoding client link-layer address in DHCPv6 relay forward for encoding client link-layer address in DHCPv6 Relay-Forward
messages by defining a new DHCPv6 Client Link-layer Address option. messages by defining a new DHCPv6 Client Link-layer Address option.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Status of this Memo Status of this Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2013. This Internet-Draft will expire on June 17, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 16 skipping to change at page 2, line 16
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Problem Background and Scenario . . . . . . . . . . . . . . . . 3 2. Problem Background and Scenario . . . . . . . . . . . . . . . . 3
3. DHCPv6 Client Link-layer Address Option . . . . . . . . . . . . 4 3. DHCPv6 Client Link-layer Address Option . . . . . . . . . . . . 4
4. DHCPv6 Relay Agent Behavior . . . . . . . . . . . . . . . . . . 4 4. DHCPv6 Relay Agent Behavior . . . . . . . . . . . . . . . . . . 4
5. DHCPv6 Server Behavior . . . . . . . . . . . . . . . . . . . . 4 5. DHCPv6 Server Behavior . . . . . . . . . . . . . . . . . . . . 5
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
9. Normative References . . . . . . . . . . . . . . . . . . . . . 5 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
9.1. Normative References . . . . . . . . . . . . . . . . . . . 6
9.2. Informative References . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
This specification defines an optional mechanism and the related This specification defines an optional mechanism and the related
DHCPv6 option to allow first hop DHCPv6 relay agent directly DHCPv6 option to allow first-hop DHCPv6 relay agents (relay agents
connected to the client to populate client link-layer address in the that are connected to the same link as the client) to provide the
DHCPv6 messages being sent towards the server. client's link-layer address in the DHCPv6 messages being sent towards
the server.
2. Problem Background and Scenario 2. Problem Background and Scenario
DHCPv4 protocol specification [RFC2131] provides a way to specify the DHCPv4 protocol specification [RFC2131] provides a way to specify the
client hardware address in the DHCPv4 message header. DHCPv4 message client link-layer address in the DHCPv4 message header. DHCPv4
header has 'htype' and 'chaddr' fields to specify client hardware message header has 'htype' and 'chaddr' fields to specify client
address type and hardware address respectively. The client hardware link-layer address type and link-layer address respectively. The
address thus learnt can be used by DHCPv4 server and relay in client link-layer address thus learnt can be used by DHCPv4 server
different ways. In some of the deployments DHCPv4 servers use and relay in different ways. In some of the deployments DHCPv4
'chaddr' as a customer identifier and a key for lookup in the client servers use 'chaddr' as a customer identifier and a key for lookup in
lease database. the client lease database.
With the incremental deployment of IPv6 to existing IPv4 networks, With the incremental deployment of IPv6 to existing IPv4 networks,
effectively an enablement of dual-stack, there will be devices that which results in a dual-stack network environment, there will be
act as both DHCPv4 and DHCPv6 clients. In service provider devices that act as both DHCPv4 and DHCPv6 clients. In service
deployments, a typical DHCPv4 implementation will use the client provider deployments, a typical DHCPv4 implementation will use the
hardware address as one of the keys to build DHCP client lease client link-layer address as one of the keys to build DHCP client
database. In dual stack scenarios it is desirable for the operator lease database. In dual stack scenarios operators need to be able to
to associate DHCPv4 and DHCPv6 messages as belonging to the same associate DHCPv4 and DHCPv6 messages with the same client interface,
client interface based on an identifier that is already used by that based on an identifier that is common to the interface. The client
operator such as the client hardware address. link-layer address is such an identifier.
Currently, the DHCPv6 protocol specification [RFC3315] does not Currently, the DHCPv6 protocol specification [RFC3315] does not
define a way for DHCP clients to specify client link-layer address in define a way to communicate the client link-layer address to the DHCP
the DHCPv6 message sent towards DHCPv6 Server. Similarly DHCPv6 server in cases where the DHCP server is not connected to the same
Relay or Server cannot glean client link-layer address from the network link as the DHCP client. DHCPv6 protocol specification
contents of DHCPv6 message received. DHCPv6 protocol specification
mandates all clients to prepare and send DUID as the client mandates all clients to prepare and send DUID as the client
identifier option in all the DHCPv6 message exchange. However none identifier option in all the DHCPv6 message exchange. However none
of these methods provide a simple way to extract client's link-layer of these methods provide a simple way to extract client's link-layer
address. This presents a problem to an operator who is using an address. This presents a problem to an operator who is using an
existing DHCPv4 system with the client hardware address as the existing DHCPv4 system with the client link-layer address as the
customer identifier, and desires to correlate DHCPv6 assignments customer identifier, and desires to correlate DHCPv6 assignments
using the same identifier. Modifying the system to use DUID based using the same identifier. [RFC4361] describes a mechanism for using
correlation across DHCPv4 and DHCPv6 is possible, but it requires a the same DUID in both DHCPv4 and DHCPv6. Unfortunately, this
modification of the DHCPv4 system and associated back-ends. specification requires modification of existing DHCPv4 clients, and
has not seen broad adoption in the industry (indeed, we are not aware
of any commercial implementations).
Providing an option in DHCPv6 relay forward messages to carry client Providing an option in DHCPv6 Relay-Forward messages to carry client
link-layer address explicitly will help above mentioned scenarios. link-layer address explicitly will help above mentioned scenarios.
For e.g. it can be used along with other identifiers to associate For e.g. it can be used along with other identifiers to associate
DHCPv4 and DHCPv6 messages from a dual stack client. Further, having DHCPv4 and DHCPv6 messages from a dual stack client. Further, having
client link-layer address in DHCPv6 will help in proving additional client link-layer address in DHCPv6 will help in proving additional
information in event debugging and logging related to the client at information in event debugging and logging related to the client at
relay and server. The proposed option may be used in wide range of relay and server. The proposed option may be used in wide range of
networks, two notable deployment models are service provider and networks, two notable deployment models are service provider and
enterprise network environments. enterprise network environments.
3. DHCPv6 Client Link-layer Address Option 3. DHCPv6 Client Link-layer Address Option
skipping to change at page 4, line 14 skipping to change at page 4, line 17
client link-layer address in DHCPv6 will help in proving additional client link-layer address in DHCPv6 will help in proving additional
information in event debugging and logging related to the client at information in event debugging and logging related to the client at
relay and server. The proposed option may be used in wide range of relay and server. The proposed option may be used in wide range of
networks, two notable deployment models are service provider and networks, two notable deployment models are service provider and
enterprise network environments. enterprise network environments.
3. DHCPv6 Client Link-layer Address Option 3. DHCPv6 Client Link-layer Address Option
The format of the DHCPv6 Client Link-layer Address option is shown The format of the DHCPv6 Client Link-layer Address option is shown
below. below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENT_LINKLAYER_ADDR | option-length | | OPTION_CLIENT_LINKLAYER_ADDR | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| hardware type (16 bits) | | | link-layer type (16 bits) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| link-layer address (variable length) | | link-layer address (variable length) |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_CLIENT_LINKLAYER_ADDR (TBD) option-code: OPTION_CLIENT_LINKLAYER_ADDR (TBD)
option-length: 2 + length of link-layer address option-length: 2 + length of link-layer address
hardware type: Client Link-layer address type. The hardware type MUST be a link-layer type: Client Link-layer address type. The link-layer
valid hardware type assigned by the IANA, as described in [RFC0826] type MUST be a valid hardware type assigned
link-layer address: Client Link-layer address. by the IANA, as described in [RFC0826]
link-layer address: Client Link-layer address.
4. DHCPv6 Relay Agent Behavior 4. DHCPv6 Relay Agent Behavior
DHCPv6 Relay agents which receive messages originating from clients DHCPv6 Relay agents which receive messages originating from clients
(for example Solicit and Request, but not, for example, Relay Forward (for example Solicit and Request, but not, for example, Relay-Forward
or Advertise) MAY include the link-layer source address of the or Advertise) MAY include the link-layer source address of the
received DHCPv6 message in Client Link-layer Address option in received DHCPv6 message in Client Link-layer Address option in
relayed DHCPv6 Relay Forward messages. The DHCPv6 Relay agent relayed DHCPv6 Relay-Forward messages. The DHCPv6 Relay agent
behavior can depend on configuration that decides whether Client behavior can depend on configuration that decides whether the Client
Link-layer Address option needs to be processed and included. Link-layer Address option needs to be included.
5. DHCPv6 Server Behavior 5. DHCPv6 Server Behavior
If DHCPv6 Server is configured to store or use client link-layer If DHCPv6 Server is configured to store or use client link-layer
address, it SHOULD look for the client link-layer address option in address, it SHOULD look for the client link-layer address option in
the RELAY-FORW DHCP message of the DHCPv6 Relay agent closest to the the Relay-Forward DHCP message of the DHCPv6 Relay agent closest to
client. This specification does not specify the mechanism for DHCPv6 the client. The mechanism described in this document is not
Server to find out link-layer address of the directly connected necessary in the case where the DHCPv6 Server is connected to the
clients as a DHCP option as it can obtain it directly from the link- same network link as the client, because the server can obtain the
layer source address of the received DHCPv6 message. link-layer address from the link-layer header of the DHCPv6 message.
There is no requirement that a server return this option and its data There is no requirement that a server return this option and its data
in a downstream DHCP message. in a downstream DHCP message.
6. IANA Considerations 6. IANA Considerations
IANA is requested to assign an option code to IANA is requested to assign an option code to
OPTION_CLIENT_LINKLAYER_ADDR from the "DHCPv6 and DHCPv6 options" OPTION_CLIENT_LINKLAYER_ADDR from the "DHCP Option Codes" registry
registry (http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6- (http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-
parameters.xml). parameters.xml).
7. Security Considerations 7. Security Considerations
Security issues related DHCPv6 are described in section 23 of It is possible for a rogue DHCPv6 relay agent to insert an incorrect
[RFC3315]. Client Link Layer Address option for malicious purposes. A DHCPv6
client can also pose as a rogue DHCP relay agent, sending a Relay-
Forward message containing an incorrect Client Link Layer Address
option. In either case, it would be possible for a DHCPv6 client to
masquerade as the same device as a DHCPv4 client, when in fact the
two are distinct.
One possible attack that could be accomplished using this masquerade
would be in the case where a DHCPv4 client is using DHCPv4 to do a
Dynamic DNS update to install an A record so that it can be reached
by other nodes [RFC4702]. A masquerading DHCPv6 client could use
DHCPv6 to install an AAAA record with the same name [RFC4704]. Dual-
stack nodes attempting to connect to the DHCPv4 client might then be
tricked into connecting to the masquerading DHCPv6 client instead.
It is possible that there are other attacks that could be
accomplished using this masquerading technique, although the authors
are not aware of any. To prevent masquerades of this sort, DHCP
server administrators are strongly advised to configure DHCP servers
that use this option to communicate with their relay agents using
IPsec as described in Section 21.1 of [RFC3315].
8. Acknowledgements 8. Acknowledgements
Many thanks to Ted Lemon, Bernie Volz, Hemant Singh, Simon Hobson, Many thanks to Ted Lemon, Bernie Volz, Hemant Singh, Simon Hobson,
Tina TSOU, Andre Kostur, Chuck Anderson, Steinar Haug, Niall Tina TSOU, Andre Kostur, Chuck Anderson, Steinar Haug, Niall
O'Reilly, Jarrod Johnson, Tomek Mrugalski and Vincent Zimmer for O'Reilly, Jarrod Johnson, Tomek Mrugalski and Vincent Zimmer for
their input and review. their input and review.
9. Normative References 9. References
9.1. Normative References
[RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet converting network protocol addresses to 48.bit Ethernet
address for transmission on Ethernet hardware", STD 37, address for transmission on Ethernet hardware", STD 37,
RFC 826, November 1982. RFC 826, November 1982.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC4361] Lemon, T. and B. Sommerfeld, "Node-specific Client
Identifiers for Dynamic Host Configuration Protocol
Version Four (DHCPv4)", RFC 4361, February 2006.
9.2. Informative References
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Configuration Protocol (DHCP) Client Fully Qualified
Domain Name (FQDN) Option", RFC 4702, October 2006.
[RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for
IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Option", RFC 4704, October 2006.
Authors' Addresses Authors' Addresses
Gaurav Halwasia Gaurav Halwasia
Cisco Systems Cisco Systems
Cessna Business Park, Sarjapura Marathalli Outer Ring Road Cessna Business Park, Sarjapura Marathalli Outer Ring Road
Bangalore, KARNATAKA 560 087 Bangalore, KARNATAKA 560 087
India India
Phone: +91 80 4426 1321 Phone: +91 80 4426 1321
Email: ghalwasi@cisco.com Email: ghalwasi@cisco.com
 End of changes. 24 change blocks. 
68 lines changed or deleted 110 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/