draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-05.txt   rfc6939.txt 
Network Working Group G. Halwasia Internet Engineering Task Force (IETF) G. Halwasia
Internet-Draft S. Bhandari Request for Comments: 6939 S. Bhandari
Intended status: Standards Track W. Dec Category: Standards Track W. Dec
Expires: September 12, 2013 Cisco Systems ISSN: 2070-1721 Cisco Systems
March 11, 2013 May 2013
Client Link-layer Address Option in DHCPv6 Client Link-Layer Address Option in DHCPv6
draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-05
Abstract Abstract
This document specifies the format and mechanism that is to be used This document specifies the format and mechanism that is to be used
for encoding client link-layer address in DHCPv6 Relay-Forward for encoding the client link-layer address in DHCPv6 Relay-Forward
messages by defining a new DHCPv6 Client Link-layer Address option. messages by defining a new DHCPv6 Client Link-Layer Address option.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on September 12, 2013. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6939.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction ....................................................2
2. Problem Background and Scenario . . . . . . . . . . . . . . . 2 2. Requirements Language ...........................................2
3. DHCPv6 Client Link-layer Address Option . . . . . . . . . . . 3 3. Problem Background and Scenario .................................2
4. DHCPv6 Relay Agent Behavior . . . . . . . . . . . . . . . . . 4 4. DHCPv6 Client Link-Layer Address Option .........................4
5. DHCPv6 Server Behavior . . . . . . . . . . . . . . . . . . . 4 5. DHCPv6 Relay Agent Behavior .....................................4
6. DHCPv6 Client Behavior . . . . . . . . . . . . . . . . . . . 5 6. DHCPv6 Server Behavior ..........................................4
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. DHCPv6 Client Behavior ..........................................5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations .............................................5
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 9. Security Considerations .........................................5
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 10. Acknowledgements ...............................................6
10.1. Normative References . . . . . . . . . . . . . . . . . . 6 11. References .....................................................6
10.2. Informative References . . . . . . . . . . . . . . . . . 6 11.1. Normative References ......................................6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 11.2. Informative References ....................................6
1. Introduction 1. Introduction
This specification defines an optional mechanism and the related This specification defines an optional mechanism and the related
DHCPv6 option to allow first-hop DHCPv6 relay agents (relay agents DHCPv6 option to allow first-hop DHCPv6 relay agents (relay agents
that are connected to the same link as the client) to provide the that are connected to the same link as the client) to provide the
client's link-layer address in the DHCPv6 messages being sent towards client's link-layer address in the DHCPv6 messages being sent towards
the server. the server.
2. Problem Background and Scenario 2. Requirements Language
DHCPv4 protocol specification [RFC2131] provides a way to specify the The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
client link-layer address in the DHCPv4 message header. DHCPv4 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
message header has 'htype' and 'chaddr' fields to specify client document are to be interpreted as described in RFC 2119 [RFC2119].
link-layer address type and link-layer address respectively. The
client link-layer address thus learnt can be used by DHCPv4 server 3. Problem Background and Scenario
and relay in different ways. In some of the deployments DHCPv4
servers use 'chaddr' as a customer identifier and a key for lookup in The DHCPv4 specification [RFC2131] provides a way to specify the
the client lease database. client link-layer address in the DHCPv4 message header. A DHCPv4
message header has 'htype' and 'chaddr' fields to specify the client
link-layer address type and the link-layer address, respectively.
The client link-layer address thus learned can be used by the DHCPv4
server and the relay agent in different ways. In some of the
deployments, DHCPv4 servers use 'chaddr' as a customer identifier and
a key for lookup in the client lease database.
With the incremental deployment of IPv6 to existing IPv4 networks, With the incremental deployment of IPv6 to existing IPv4 networks,
which results in a dual-stack network environment, there will be which results in a dual-stack network environment, there will be
devices that act as both DHCPv4 and DHCPv6 clients. In service devices that act as both DHCPv4 and DHCPv6 clients. In service
provider deployments, a typical DHCPv4 implementation will use the provider deployments, a typical DHCPv4 implementation will use the
client link-layer address as one of the keys to build DHCP client client link-layer address as one of the keys to build the DHCP client
lease database. In dual stack scenarios operators need to be able to lease database. In dual-stack scenarios, operators need to be able
associate DHCPv4 and DHCPv6 messages with the same client interface, to associate DHCPv4 and DHCPv6 messages with the same client
based on an identifier that is common to the interface. The client interface, based on an identifier that is common to the interface.
link-layer address is such an identifier. The client link-layer address is such an identifier.
Currently, the DHCPv6 protocol specification [RFC3315] does not Currently, the DHCPv6 specification [RFC3315] does not define a way
define a way to communicate the client link-layer address to the DHCP to communicate the client link-layer address to the DHCP server in
server in cases where the DHCP server is not connected to the same cases where the DHCP server is not connected to the same network link
network link as the DHCP client. DHCPv6 protocol specification as the DHCP client. The DHCPv6 specification mandates that all
mandates all clients to prepare and send DUID as the client clients prepare and send a DHCP Unique Identifier (DUID) as the
identifier option in all the DHCPv6 message exchange. However none client identifier option in all the DHCPv6 message exchanges.
of these methods provide a simple way to extract client's link-layer However, none of these methods provide a simple way to extract a
address. This presents a problem to an operator who is using an client's link-layer address. This presents a problem to an operator
existing DHCPv4 system with the client link-layer address as the who is using an existing DHCPv4 system with the client link-layer
customer identifier, and desires to correlate DHCPv6 assignments address as the customer identifier and who desires to correlate
using the same identifier. [RFC4361] describes a mechanism for using DHCPv6 assignments using the same identifier. [RFC4361] describes a
the same DUID in both DHCPv4 and DHCPv6. Unfortunately, this mechanism for using the same DUID in both DHCPv4 and DHCPv6.
specification requires modification of existing DHCPv4 clients, and Unfortunately, this specification requires modification of existing
has not seen broad adoption in the industry (indeed, we are not aware DHCPv4 clients, and has not seen broad adoption in the industry
of any commercial implementations). (indeed, we are not aware of any commercial implementations).
Providing an option in DHCPv6 Relay-Forward messages to carry client Providing an option in DHCPv6 Relay-Forward messages to carry the
link-layer address explicitly will help above mentioned scenarios. client link-layer address explicitly will help the above mentioned
For example, it can be used along with other identifiers to associate scenarios. For example, it can be used along with other identifiers
DHCPv4 and DHCPv6 messages from a dual stack client. Further, having to associate DHCPv4 and DHCPv6 messages from a dual-stack client.
client link-layer address in DHCPv6 will help in proving additional Further, having the client link-layer address in DHCPv6 will help by
information in event debugging and logging related to the client at providing additional information for event debugging and logging
relay and server. The proposed option may be used in wide range of related to the client at the relay agent and the server. The
networks, two notable deployment models are service provider and proposed option may be used in a wide range of networks; two notable
enterprise network environments. deployment models are service provider and enterprise network
environments.
3. DHCPv6 Client Link-layer Address Option 4. DHCPv6 Client Link-Layer Address Option
The format of the DHCPv6 Client Link-layer Address option is shown The format of the DHCPv6 Client Link-Layer Address option is shown
below. below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENT_LINKLAYER_ADDR | option-length | | OPTION_CLIENT_LINKLAYER_ADDR | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| link-layer type (16 bits) | | | link-layer type (16 bits) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| link-layer address (variable length) | | link-layer address (variable length) |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_CLIENT_LINKLAYER_ADDR (TBD) option-code: OPTION_CLIENT_LINKLAYER_ADDR (79)
option-length: 2 + length of link-layer address option-length: 2 + length of link-layer address
link-layer type: Client Link-layer address type. The link-layer link-layer type: Client link-layer address type. The link-layer
type MUST be a valid hardware type assigned type MUST be a valid hardware type assigned
by the IANA, as described in [RFC0826] by the IANA, as described in [RFC0826]
link-layer address: Client Link-layer address. link-layer address: Client link-layer address
4. DHCPv6 Relay Agent Behavior 5. DHCPv6 Relay Agent Behavior
DHCPv6 Relay agents which receive messages originating from clients DHCPv6 relay agents that receive messages originating from clients
(for example Solicit and Request, but not, for example, Relay-Forward (for example, Solicit and Request, but not, for example,
or Advertise) MAY include the link-layer source address of the Relay-Forward or Advertise) MAY include the link-layer source address
received DHCPv6 message in Client Link-layer Address option in of the received DHCPv6 message in the Client Link-Layer Address
relayed DHCPv6 Relay-Forward messages. The DHCPv6 Relay agent option, in relayed DHCPv6 Relay-Forward messages. The DHCPv6 relay
behavior can depend on configuration that decides whether the Client agent behavior can depend on configuration that decides whether the
Link-layer Address option needs to be included. Client Link-Layer Address option needs to be included.
5. DHCPv6 Server Behavior 6. DHCPv6 Server Behavior
If DHCPv6 Server is configured to store or use client link-layer If the DHCPv6 server is configured to store or use a client link-
address, it SHOULD look for the client link-layer address option in layer address, it SHOULD look for the Client Link-Layer Address
the Relay-Forward DHCP message of the DHCPv6 Relay agent closest to option in the Relay-Forward DHCP message of the DHCPv6 relay agent
the client. The mechanism described in this document is not closest to the client. The mechanism described in this document is
necessary in the case where the DHCPv6 Server is connected to the not necessary in the case where the DHCPv6 server is connected to the
same network link as the client, because the server can obtain the same network link as the client, because the server can obtain the
link-layer address from the link-layer header of the DHCPv6 message. link-layer address from the link-layer header of the DHCPv6 message.
If the DHCP server receives a Client Link-layer Address option If the DHCP server receives a Client Link-Layer Address option
anywhere in any encapsulated message that is not a Relay-Forward DHCP anywhere in any encapsulated message that is not a Relay-Forward DHCP
message, the server MUST silently ignore that option. message, the server MUST silently ignore that option.
There is no requirement that a server return this option and its data There is no requirement that a server return this option and its data
in a downstream DHCP message. in a downstream DHCP message.
6. DHCPv6 Client Behavior 7. DHCPv6 Client Behavior
Client Link-layer Address option is only exchanged between the relay The Client Link-Layer Address option is only exchanged between the
agents and the servers. DHCPv6 clients are not aware of the usage of relay agents and the servers. DHCPv6 clients are not aware of the
Client Link-layer Address option. DHCPv6 client MUST NOT send Client usage of the Client Link-Layer Address option. The DHCPv6 client
Link-layer Address option, and MUST ignore Client Link-layer Address MUST NOT send the Client Link-Layer Address option, and MUST ignore
option if received. the Client Link-Layer Address option if received.
7. IANA Considerations 8. IANA Considerations
IANA is requested to assign an option code to IANA has assigned an option code (79) to OPTION_CLIENT_LINKLAYER_ADDR
OPTION_CLIENT_LINKLAYER_ADDR from the "DHCP Option Codes" registry from the "DHCP Option Codes" registry
(http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6- (http://www.iana.org/assignments/dhcpv6-parameters/).
parameters.xml).
8. Security Considerations 9. Security Considerations
It is possible for a rogue DHCPv6 relay agent to insert an incorrect It is possible for a rogue DHCPv6 relay agent to insert an incorrect
Client Link Layer Address option for malicious purposes. A DHCPv6 Client Link-Layer Address option for malicious purposes. A DHCPv6
client can also pose as a rogue DHCP relay agent, sending a Relay- client can also pose as a rogue DHCP relay agent by sending a
Forward message containing an incorrect Client Link Layer Address Relay-Forward message containing an incorrect Client Link-Layer
option. In either case, it would be possible for a DHCPv6 client to Address option. In either case, it would be possible for a DHCPv6
masquerade as the same device as a DHCPv4 client, when in fact the client to masquerade as the same device as a DHCPv4 client, when in
two are distinct. fact the two are distinct.
One possible attack that could be accomplished using this masquerade One possible attack that could be accomplished using this masquerade
would be in the case where a DHCPv4 client is using DHCPv4 to do a would be in the case where a DHCPv4 client is using DHCPv4 to do a
Dynamic DNS update to install an A record so that it can be reached Dynamic DNS update to install an A record so that it can be reached
by other nodes [RFC4702]. A masquerading DHCPv6 client could use by other nodes [RFC4702]. A masquerading DHCPv6 client could use
DHCPv6 to install an AAAA record with the same name [RFC4704]. Dual- DHCPv6 to install a AAAA record with the same name [RFC4704]. Dual-
stack nodes attempting to connect to the DHCPv4 client might then be stack nodes attempting to connect to the DHCPv4 client might then be
tricked into connecting to the masquerading DHCPv6 client instead. tricked into connecting to the masquerading DHCPv6 client instead.
It is possible that there are other attacks that could be It is possible that there are other attacks that could be
accomplished using this masquerading technique, although the authors accomplished using this masquerading technique, although the authors
are not aware of any. To prevent masquerades of this sort, DHCP are not aware of any. To prevent masquerades of this sort, DHCP
server administrators are strongly advised to configure DHCP servers server administrators are strongly advised to configure DHCP servers
that use this option to communicate with their relay agents using that use this option to communicate with their relay agents using
IPsec as described in Section 21.1 of [RFC3315]. IPsec, as described in Section 21.1 of [RFC3315].
In some networks, it may be the case that the operator of the In some networks, it may be the case that the operator of the
physical network and the provider of connectivity over that network physical network and the provider of connectivity over that network
are administratively separate, such that the client link-layer are administratively separate, such that the Client Link-Layer
address option would reveal information to one or the other party Address option would reveal information to one or the other party
that they do not need and could not otherwise obtain. It is also that they do not need and could not otherwise obtain. It is also
possible in some cases that a relay agent might communicate with a possible, in some cases, that a relay agent might communicate with a
DHCP server over an open network where eavesdropping would be DHCP server over an open network where eavesdropping would be
possible. In these cases, it is strongly recommended, in order to possible. In these cases, it is strongly recommended, in order to
protect end-user privacy, that network operators use IPsec to provide protect end-user privacy, that network operators use IPsec to provide
confidentiality for messages between the relay agent and DHCP server. confidentiality for messages between the relay agent and the DHCP
server.
9. Acknowledgements 10. Acknowledgements
Many thanks to Ted Lemon, Bernie Volz, Hemant Singh, Simon Hobson, Many thanks to Ted Lemon, Bernie Volz, Hemant Singh, Simon Hobson,
Tina TSOU, Andre Kostur, Chuck Anderson, Steinar Haug, Niall Tina TSOU, Andre Kostur, Chuck Anderson, Steinar Haug, Niall
O'Reilly, Jarrod Johnson, Tomek Mrugalski and Vincent Zimmer for O'Reilly, Jarrod Johnson, Tomek Mrugalski, and Vincent Zimmer for
their input and review. their input and review.
10. References 11. References
10.1. Normative References 11.1. Normative References
[RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet converting network protocol addresses to 48.bit Ethernet
address for transmission on Ethernet hardware", STD 37, address for transmission on Ethernet hardware", STD 37,
RFC 826, November 1982. RFC 826, November 1982.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC4361] Lemon, T. and B. Sommerfeld, "Node-specific Client [RFC4361] Lemon, T. and B. Sommerfeld, "Node-specific Client
Identifiers for Dynamic Host Configuration Protocol Identifiers for Dynamic Host Configuration Protocol
Version Four (DHCPv4)", RFC 4361, February 2006. Version Four (DHCPv4)", RFC 4361, February 2006.
10.2. Informative References 11.2. Informative References
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC [RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
2131, March 1997. RFC 2131, March 1997.
[RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host [RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Configuration Protocol (DHCP) Client Fully Qualified Configuration Protocol (DHCP) Client Fully Qualified
Domain Name (FQDN) Option", RFC 4702, October 2006. Domain Name (FQDN) Option", RFC 4702, October 2006.
[RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for [RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for
IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Option", RFC 4704, October 2006. Option", RFC 4704, October 2006.
Authors' Addresses Authors' Addresses
Gaurav Halwasia Gaurav Halwasia
Cisco Systems Cisco Systems
Cessna Business Park, Sarjapura Marathalli Outer Ring Road Cessna Business Park, Sarjapura Marathalli Outer Ring Road
Bangalore, KARNATAKA 560 087 Bangalore, KARNATAKA 560 087
India India
Phone: +91 80 4429 2703 Phone: +91 80 4429 2703
Email: ghalwasi@cisco.com EMail: ghalwasi@cisco.com
Shwetha Bhandari Shwetha Bhandari
Cisco Systems Cisco Systems
Cessna Business Park, Sarjapura Marathalli Outer Ring Road Cessna Business Park, Sarjapura Marathalli Outer Ring Road
Bangalore, KARNATAKA 560 087 Bangalore, KARNATAKA 560 087
India India
Phone: +91 80 4429 2627 Phone: +91 80 4429 2627
Email: shwethab@cisco.com EMail: shwethab@cisco.com
Wojciech Dec Wojciech Dec
Cisco Systems Cisco Systems
Haarlerbergweg 13-19 Haarlerbergweg 13-19
1101 CH Amsterdam, Amsterdam 560 087 1101 CH Amsterdam, Amsterdam 560 087
The Netherlands The Netherlands
Email: wdec@cisco.com EMail: wdec@cisco.com
 End of changes. 41 change blocks. 
145 lines changed or deleted 142 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/