Network Working Group                                        G. Halwasia
Internet-Draft                                               S. Bhandari
Intended status: Standards Track                                  W. Dec
Expires: April 21, June 17, 2013                                     Cisco Systems
                                                        October 18,
                                                       December 14, 2012

               Client Link-layer Address Option in DHCPv6


   This document specifies the format and mechanism that is to be used
   for encoding client link-layer address in DHCPv6 relay forward Relay-Forward
   messages by defining a new DHCPv6 Client Link-layer Address option.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC 2119 [RFC2119].

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 21, June 17, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Problem Background and Scenario . . . . . . . . . . . . . . . . 3
   3.  DHCPv6 Client Link-layer Address Option . . . . . . . . . . . . 4
   4.  DHCPv6 Relay Agent Behavior . . . . . . . . . . . . . . . . . . 4
   5.  DHCPv6 Server Behavior  . . . . . . . . . . . . . . . . . . . . 4 5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
   7.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 5 6
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     9.2.  Informative References  . . . 5 . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 6

1.  Introduction

   This specification defines an optional mechanism and the related
   DHCPv6 option to allow first hop first-hop DHCPv6 relay agent directly agents (relay agents
   that are connected to the client same link as the client) to populate client provide the
   client's link-layer address in the DHCPv6 messages being sent towards
   the server.

2.  Problem Background and Scenario

   DHCPv4 protocol specification [RFC2131] provides a way to specify the
   client hardware link-layer address in the DHCPv4 message header.  DHCPv4
   message header has 'htype' and 'chaddr' fields to specify client hardware
   link-layer address type and hardware link-layer address respectively.  The
   client hardware link-layer address thus learnt can be used by DHCPv4 server
   and relay in different ways.  In some of the deployments DHCPv4
   servers use 'chaddr' as a customer identifier and a key for lookup in
   the client lease database.

   With the incremental deployment of IPv6 to existing IPv4 networks,
   effectively an enablement of dual-stack,
   which results in a dual-stack network environment, there will be
   devices that act as both DHCPv4 and DHCPv6 clients.  In service
   provider deployments, a typical DHCPv4 implementation will use the
   hardware link-layer address as one of the keys to build DHCP client
   lease database.  In dual stack scenarios it is desirable for the operator operators need to be able to
   associate DHCPv4 and DHCPv6 messages as belonging to with the same client interface interface,
   based on an identifier that is already used by that
   operator such as common to the interface.  The client hardware address.
   link-layer address is such an identifier.

   Currently, the DHCPv6 protocol specification [RFC3315] does not
   define a way for DHCP clients to specify communicate the client link-layer address to the DHCP
   server in cases where the DHCPv6 message sent towards DHCPv6 Server.  Similarly DHCPv6
   Relay or Server cannot glean client link-layer address from DHCP server is not connected to the
   contents of DHCPv6 message received. same
   network link as the DHCP client.  DHCPv6 protocol specification
   mandates all clients to prepare and send DUID as the client
   identifier option in all the DHCPv6 message exchange.  However none
   of these methods provide a simple way to extract client's link-layer
   address.  This presents a problem to an operator who is using an
   existing DHCPv4 system with the client hardware link-layer address as the
   customer identifier, and desires to correlate DHCPv6 assignments
   using the same identifier.  Modifying  [RFC4361] describes a mechanism for using
   the system to use same DUID based
   correlation across in both DHCPv4 and DHCPv6 is possible, but it DHCPv6.  Unfortunately, this
   specification requires a modification of the existing DHCPv4 system clients, and associated back-ends.
   has not seen broad adoption in the industry (indeed, we are not aware
   of any commercial implementations).

   Providing an option in DHCPv6 relay forward Relay-Forward messages to carry client
   link-layer address explicitly will help above mentioned scenarios.

   For e.g. it can be used along with other identifiers to associate
   DHCPv4 and DHCPv6 messages from a dual stack client.  Further, having
   client link-layer address in DHCPv6 will help in proving additional
   information in event debugging and logging related to the client at
   relay and server.  The proposed option may be used in wide range of
   networks, two notable deployment models are service provider and
   enterprise network environments.

3.  DHCPv6 Client Link-layer Address Option

   The format of the DHCPv6 Client Link-layer Address option is shown
       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      | OPTION_CLIENT_LINKLAYER_ADDR  |           option-length       |
      |    hardware   link-layer type (16 bits)   |                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
      |               link-layer address (variable length)            |
      |                                                               |
      |                                                               |

      option-code:        OPTION_CLIENT_LINKLAYER_ADDR (TBD)
      option-length:      2 + length of link-layer address
      link-layer type:    Client Link-layer address type. The hardware link-layer
                          type MUST be a valid  hardware type assigned
                          by the IANA, as described in [RFC0826]
      link-layer address: Client Link-layer address.

4.  DHCPv6 Relay Agent Behavior

   DHCPv6 Relay agents which receive messages originating from clients
   (for example Solicit and Request, but not, for example, Relay Forward Relay-Forward
   or Advertise) MAY include the link-layer source address of the
   received DHCPv6 message in Client Link-layer Address option in
   relayed DHCPv6 Relay Forward Relay-Forward messages.  The DHCPv6 Relay agent
   behavior can depend on configuration that decides whether the Client
   Link-layer Address option needs to be processed and included.

5.  DHCPv6 Server Behavior

   If DHCPv6 Server is configured to store or use client link-layer
   address, it SHOULD look for the client link-layer address option in
   the RELAY-FORW Relay-Forward DHCP message of the DHCPv6 Relay agent closest to
   the client.  This specification does  The mechanism described in this document is not specify
   necessary in the case where the mechanism for DHCPv6 Server is connected to find out link-layer address of the directly connected
   clients as a DHCP option
   same network link as it the client, because the server can obtain it directly from the link-
   layer source
   link-layer address from the link-layer header of the received DHCPv6 message.

   There is no requirement that a server return this option and its data
   in a downstream DHCP message.

6.  IANA Considerations

   IANA is requested to assign an option code to
   OPTION_CLIENT_LINKLAYER_ADDR from the "DHCPv6 and DHCPv6 options" "DHCP Option Codes" registry

7.  Security Considerations

   Security issues related

   It is possible for a rogue DHCPv6 relay agent to insert an incorrect
   Client Link Layer Address option for malicious purposes.  A DHCPv6
   client can also pose as a rogue DHCP relay agent, sending a Relay-
   Forward message containing an incorrect Client Link Layer Address
   option.  In either case, it would be possible for a DHCPv6 client to
   masquerade as the same device as a DHCPv4 client, when in fact the
   two are distinct.

   One possible attack that could be accomplished using this masquerade
   would be in the case where a DHCPv4 client is using DHCPv4 to do a
   Dynamic DNS update to install an A record so that it can be reached
   by other nodes [RFC4702].  A masquerading DHCPv6 client could use
   DHCPv6 to install an AAAA record with the same name [RFC4704].  Dual-
   stack nodes attempting to connect to the DHCPv4 client might then be
   tricked into connecting to the masquerading DHCPv6 client instead.

   It is possible that there are other attacks that could be
   accomplished using this masquerading technique, although the authors
   are not aware of any.  To prevent masquerades of this sort, DHCP
   server administrators are strongly advised to configure DHCP servers
   that use this option to communicate with their relay agents using
   IPsec as described in section 23 Section 21.1 of [RFC3315].

8.  Acknowledgements

   Many thanks to Ted Lemon, Bernie Volz, Hemant Singh, Simon Hobson,
   Tina TSOU, Andre Kostur, Chuck Anderson, Steinar Haug, Niall
   O'Reilly, Jarrod Johnson, Tomek Mrugalski and Vincent Zimmer for
   their input and review.

9.  References

9.1.  Normative References

   [RFC0826]  Plummer, D., "Ethernet Address Resolution Protocol: Or
              converting network protocol addresses to 48.bit Ethernet
              address for transmission on Ethernet hardware", STD 37,
              RFC 826, November 1982.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol",
              RFC 2131, March 1997.

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC4361]  Lemon, T. and B. Sommerfeld, "Node-specific Client
              Identifiers for Dynamic Host Configuration Protocol
              Version Four (DHCPv4)", RFC 4361, February 2006.

9.2.  Informative References

   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol",
              RFC 2131, March 1997.

   [RFC4702]  Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
              Configuration Protocol (DHCP) Client Fully Qualified
              Domain Name (FQDN) Option", RFC 4702, October 2006.

   [RFC4704]  Volz, B., "The Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
              Option", RFC 4704, October 2006.

Authors' Addresses

   Gaurav Halwasia
   Cisco Systems
   Cessna Business Park, Sarjapura Marathalli Outer Ring Road
   Bangalore, KARNATAKA  560 087

   Phone: +91 80 4426 1321

   Shwetha Bhandari
   Cisco Systems
   Cessna Business Park, Sarjapura Marathalli Outer Ring Road
   Bangalore, KARNATAKA  560 087

   Phone: +91 80 4426 0474

   Wojciech Dec
   Cisco Systems
   Haarlerbergweg 13-19
   1101 CH Amsterdam, Amsterdam  560 087
   The Netherlands