draft-ietf-dhc-triggered-reconfigure-03.txt   draft-ietf-dhc-triggered-reconfigure-04.txt 
DHC Working Group M. Boucadair DHC Working Group M. Boucadair
Internet-Draft X. Pougnard Internet-Draft X. Pougnard
Updates: 3315, 6422 (if approved) France Telecom Updates: 3315, 6422 (if approved) France Telecom
Intended status: Standards Track January 21, 2013 Intended status: Standards Track March 11, 2013
Expires: July 25, 2013 Expires: September 12, 2013
RECONFIGURE Triggered by DHCPv6 Relay Agents Reconfigure Triggered by DHCPv6 Relay Agents
draft-ietf-dhc-triggered-reconfigure-03 draft-ietf-dhc-triggered-reconfigure-04
Abstract Abstract
This document defines new DHCPv6 messages: Reconfigure-Request and This document defines new DHCPv6 messages: Reconfigure-Request and
Reconfigure-Ack. Reconfigure-Request message is sent by a DHCPv6 Reconfigure-Reply. Reconfigure-Request message is sent by a DHCPv6
relay agent to notify a DHCPv6 server about a configuration relay agent to notify a DHCPv6 server about a configuration
information change, so that the DHCPv6 server can send a Reconfigure information change, so that the DHCPv6 server can send a Reconfigure
message accordingly. message accordingly. Reconfigure-Reply message is used by the server
to acknowledge the receipt of Reconfigure-Request.
This document updates RFC 3315 and RFC 6422. This document updates RFC 3315 and RFC 6422.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 25, 2013. This Internet-Draft will expire on September 12, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 16
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Problem . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Problem . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 4
2. Proposed Solution . . . . . . . . . . . . . . . . . . . . . . 4 2. Proposed Solution . . . . . . . . . . . . . . . . . . . . . . 4
3. Link Address Option . . . . . . . . . . . . . . . . . . . . . 6 3. Link Address Option . . . . . . . . . . . . . . . . . . . . . 6
4. RECONFIGURE-REQUEST and RECONFIGURE-ACK . . . . . . . . . . . 6 4. RECONFIGURE-REQUEST and RECONFIGURE-REPLY . . . . . . . . . . 6
4.1. Messages Format . . . . . . . . . . . . . . . . . . . . . 6 4.1. Messages Format . . . . . . . . . . . . . . . . . . . . . 6
4.2. Messages Validation . . . . . . . . . . . . . . . . . . . 7 4.2. Messages Validation . . . . . . . . . . . . . . . . . . . 7
4.2.1. RECONFIGURE-REQUEST . . . . . . . . . . . . . . . . . 7 4.2.1. RECONFIGURE-REQUEST . . . . . . . . . . . . . . . . . 7
4.2.2. RECONFIGURE-ACK . . . . . . . . . . . . . . . . . . . 7 4.2.2. RECONFIGURE-REPLY . . . . . . . . . . . . . . . . . . 7
4.3. Creation and Transmission of RECONFIGURE-REQUEST . . . . . 8 4.3. Creation and Transmission of RECONFIGURE-REQUEST . . . . . 7
4.4. Server Behaviour . . . . . . . . . . . . . . . . . . . . . 9 4.4. Intermediate Relay Agents Behaviour . . . . . . . . . . . 8
4.5. Receipt of RECONFIGURE-ACK . . . . . . . . . . . . . . . . 10 4.5. Server Behaviour . . . . . . . . . . . . . . . . . . . . . 9
4.6. Receipt of RECONFIGURE-REPLY . . . . . . . . . . . . . . . 10
5. Rate Limiting Considerations . . . . . . . . . . . . . . . . . 10 5. Rate Limiting Considerations . . . . . . . . . . . . . . . . . 10
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. Normative References . . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . . 11
9.2. Informative References . . . . . . . . . . . . . . . . . . 11 9.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
1.1. Problem 1.1. Problem
[RFC6422] updates the DHCPv6 specification [RFC3315] with a new [RFC6422] updates the DHCPv6 specification [RFC3315] with a new
feature to let a DHCPv6 relay agent communicate information towards a feature to let a DHCPv6 relay agent communicate information towards a
DHCPv6 Client, and which is not available at the DHCPv6 server. This DHCPv6 client, and which is not available at the DHCPv6 server. This
is achieved owing to the use of RSOO (Relay-Supplied Options option) is achieved owing to the use of RSOO (Relay-Supplied Options option)
which carries configuration data to the DHCPv6 server. The data which carries configuration data to the DHCPv6 server. The data
conveyed in an RSOO is then sent back by the DHCPv6 server to the conveyed in an RSOO is then sent back by the DHCPv6 server to the
requesting DHCPv6 client. requesting DHCPv6 client.
An example of a RSOO context is shown in Figure 1; only a subset of An example of a RSOO context is shown in Figure 1; only a subset of
exchanged DHCPv6 and RADIUS messages is represented. exchanged DHCPv6 and RADIUS messages is represented. Figure 1 shows
a broadband network scenario in which the Network Access Server (NAS)
embeds a DHCPv6 relay agent.
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+
|DHCPv6 | | NAS | |Radius | |DHCPv6 | | NAS | |Radius |
|Client | |(DHCPv6| |Server | |Client | |(DHCPv6| |Server |
| | | Relay)| | | | | | Relay)| | |
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+
| | | | | |
|---Solicit---------------->| | |---Solicit---------------->| |
| |---Access-Request---------->| | |---Access-Request---------->|
|<--Access-Accept------------| |<--Access-Accept------------|
| (e.g. DS-Lite-Tunnel-Name)| | (e.g. DS-Lite-Tunnel-Name)|
.... ....
| +-------+ | +-------+
| |DHCPv6 | | |DHCPv6 |
| |Server | | |Server |
| | | | | |
| +-------+ | +-------+
| | | |
|---Relay-Forward----------->| |---Relay-Forward----------->|
| (RSOO(DS-Lite-Tunnel-Name))| | (RSOO(OPTION_AFTR_NAME)) |
| | | |
| |<--Relay-Reply--------------| | |<--Relay-Reply--------------|
|<--Advertise---------------| |<--Advertise---------------| (e.g., OPTION_AFTR_NAME) |
| (e.g., OPTION_AFTR_NAME) | | (e.g., OPTION_AFTR_NAME) |
.... ....
Figure 1: An Example of the RSOO Option Usage Figure 1: An Example of the RSOO Option Usage
The change of the configuration may result in RADIUS exchanges The change of the configuration may result in RADIUS exchanges
([RFC5176]) between the NAS/DHCPv6 relay agent and Dynamic [RFC5176] between the NAS/DHCPv6 relay agent and Dynamic
Authorization Client (DAC) server as shown in Figure 2. Note the Authorization Client (DAC) server as shown in Figure 2. Note the
change of the configuration in the DHCPv6 relay agent can be change of the configuration in the DHCPv6 relay agent can be
triggered by any other out-of-band mechanism. triggered by any other out-of-band mechanism.
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+
|DHCPv6 | | NAS | |Radius | |DHCPv6 | | NAS | |Radius |
|Client | |(DHCPv6| |Server/| |Client | |(DHCPv6| |Server/|
| | | Relay)| | DAC | | | | Relay)| | DAC |
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+
| | | | | |
skipping to change at page 4, line 36 skipping to change at page 4, line 38
1.2. Requirements Language 1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Proposed Solution 2. Proposed Solution
To solve the problem described in Section 1.1, this document proposes To solve the problem described in Section 1.1, this document proposes
a new DHCP message called Reconfigure-Request. In the example a new DHCP message called Reconfigure-Request. In the example
depicted in Figure 3 a Reconfigure-Request message is sent by the depicted in Figure 3, a Reconfigure-Request message is sent by the
DHCPv6 relay agent to a DHCPv6 server as soon as the configuration DHCPv6 relay agent to a DHCPv6 server as soon as the configuration
data conveyed in an RSOO option have changed. Upon receipt of this data conveyed in an RSOO option have changed. Upon receipt of this
message, and if it is configured to support such mode, the DHCPv6 message, and if it is configured to support such mode, the DHCPv6
server must build Reconfigure-Ack and Reconfigure messages. server must build Reconfigure-Reply and Reconfigure messages.
Reconfigure-Ack is used to acknowledge the receipt of Reconfigure- Reconfigure-Reply is used to acknowledge the receipt of Reconfigure-
Request. Reconfigure message is then sent to the DHCPv6 relay, which Request. Reconfigure message encapsulated in Relay-Reply is sent to
in turn will forward the message to the appropriate DHCPv6 client. the DHCPv6 relay, which in turn will forward the message to the
appropriate DHCPv6 client.
This setup assumes the relay has a record of the client, so that it This setup assumes the relay has a record of the client, so that it
has enough information to send the Reconfigure-Request message to the has enough information to send the Reconfigure-Request message to the
server. Means to recover state in failure events must be supported, server. How the state is recorded in the relay is out of scope.
but are not discussed in this document.
Furthermore, means to recover state in failure events must be
supported, but are not discussed in this document.
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+
|DHCPv6 | | NAS | |Radius | |DHCPv6 | | NAS | |Radius |
|Client | |(DHCPv6| |Server/| |Client | |(DHCPv6| |Server/|
| | | Relay)| | DAC | | | | Relay)| | DAC |
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+
| | | | | |
|<-----CoA-Request-----------| |<-----CoA-Request-----------|
| (e.g. DS-Lite-Tunnel-Name) | | (e.g. DS-Lite-Tunnel-Name) |
| | | |
|------CoA-Response--------->| |------CoA-Response--------->|
.... ....
| +-------+ | +-------+
| |DHCPv6 | | |DHCPv6 |
| |Server | | |Server |
| | | | | |
| +-------+ | +-------+
| | | |
|---Reconfigure-Request----->| |---Reconfigure-Request----->|
|<--Reconfigure-Ack----------| |<--Reconfigure-Reply--------|
| | | |
| |<--Relay-Reply -------------| | |<--Relay-Reply -------------|
|<--Reconfigure-------------| (Reconfigure) | |<--Reconfigure-------------| (Reconfigure) |
| | | | | |
.... ....
Figure 3: RECONFIGURE-REQUEST Flow Example Figure 3: Flow Example with Reconfigure-Request
The support of Reconfigure-Reply simplifies the retransmission
procedure of the relay as it provides an explicit indication from the
server (see Section 4.3 for more details). An alternative approach
is the relay monitors Reconfigure messages received from the server
to conclude whether Reconfigure-Request was successfully handled or
not. Nevertheless, this implicit approach may fail to achieve its
goals in some cases: e.g., the server accepts the request but it
delays to generate the corresponding Reconfigure messages due to its
rate-limiting policies, the request was partially failed for some
clients, etc. To avoid useless reconfigure cycles (e.g., due to the
loss of Reconfigure-Reply), the approach adopted in this document
allows the relay to correct the content of a re-transmitted
Reconfigure-Request based on some observed events (e.g., the client
has retrieved the updated configuration). If the relay has no client
to reconfigured, it stops sending Reconfigure-Request messages.
The Reconfigure-Request message can also be used in other scenarios The Reconfigure-Request message can also be used in other scenarios
than those that assume the use of RSOO. It is out of scope of this than those that assume the use of RSOO. It is out of scope of this
document to describe all these scenarios. document to describe all these scenarios.
The support of Reconfigure-Ack simplifies the retransmission
procedure of the relay as it provides an explicit indication from the
server. An alternative approach is the relay monitors Reconfigure
messages received from the server to conclude whether Reconfigure-
Request was successfully handled or not. Nevertheless, this implicit
approach may fail to achieve its goals in some cases: e.g., the
server accepts the request but it delays to generate the
corresponding Reconfigure messages due to its rate-limiting policies,
the request was partially failed for some clients, etc. To avoid
useless reconfigure cycles (e.g., due to the loss of Reconfigure-
Ack), the approach adopted in this document allows the relay to
correct the content of a re-transmitted Reconfigure-Request based on
some observed events (e.g., the client has retrieved the updated
configuration). If the relay has no client to reconfigured, it stops
sending Reconfigure-Request messages.
3. Link Address Option 3. Link Address Option
Figure 4 shows the format of the Link Address Option. Figure 4 shows the format of the Link Address Option.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_LINK_ADDRESS | option-len | | OPTION_LINK_ADDRESS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
skipping to change at page 6, line 39 skipping to change at page 6, line 40
link-address: An IPv6 address used by the server to identify the link-address: An IPv6 address used by the server to identify the
link on which the client is located. link on which the client is located.
The Link Address Option is used by the relay agent to indicate to the The Link Address Option is used by the relay agent to indicate to the
server the link on which the client is located. The relay agent MUST server the link on which the client is located. The relay agent MUST
use a link-address value that is equivalent to the value used when use a link-address value that is equivalent to the value used when
relaying messages from the client to the server. Two link-address relaying messages from the client to the server. Two link-address
values are said to be equivalent if both values are IPv6 addresses values are said to be equivalent if both values are IPv6 addresses
that are on-link for the network link to which the client is that are on-link for the network link to which the client is
connected. The relay agent SHOULD use the same value that was sent connected. The relay agent SHOULD use the same value that was sent
to the DHCP server when relaying messages from the client to the to the DHCPv6 server when relaying messages from the client to the
server, as in Section 20.1.1 of [RFC3315]. server, as in Section 20.1.1 of [RFC3315].
4. RECONFIGURE-REQUEST and RECONFIGURE-ACK 4. RECONFIGURE-REQUEST and RECONFIGURE-REPLY
4.1. Messages Format 4.1. Messages Format
Two new message type codes are defined: Two new message type codes are defined:
RECONFIGURE-REQUEST (To be assigned by IANA, see Section 6). o RECONFIGURE-REQUEST (To be assigned by IANA, see Section 6).
RECONFIGURE-ACK (To be assigned by IANA, see Section 6). o RECONFIGURE-REPLY (To be assigned by IANA, see Section 6).
RECONFIGURE-REQUEST and RECONFIGURE-ACK use the same format as RECONFIGURE-REQUEST and RECONFIGURE-REPLY use the same format as
defined in Section 6 of [RFC3315]. defined in Section 6 of [RFC3315].
4.2. Messages Validation 4.2. Messages Validation
4.2.1. RECONFIGURE-REQUEST 4.2.1. RECONFIGURE-REQUEST
Clients MUST silently discard any received RECONFIGURE-REQUEST Clients MUST silently discard any received RECONFIGURE-REQUEST
messages. messages.
Servers MUST silently discard any received RECONFIGURE-REQUEST Servers MUST silently discard any received RECONFIGURE-REQUEST
messages that meet any of the following conditions: messages that meet any of the following conditions:
o the message does not include a Client Identifier Option [RFC3315]. o the message does not include a Client Identifier Option [RFC3315].
o the message does not include a Link Address Option (Section 3). o the message does not include a Link Address Option (Section 3).
o the message includes a Server Identifier Option [RFC3315] but the o the message includes a Server Identifier Option [RFC3315] but the
contents of the Server Identifier Option does not match the contents of the Server Identifier Option does not match the
server's identifier. server's identifier.
The server MUST be configurable to accept or reject RECONFIGURE- 4.2.2. RECONFIGURE-REPLY
REQUEST messages. If the server is configured to reject RECONFIGURE-
REQUEST, the server MUST silently discard any RECONFIGURE-REQUEST it
receives.
The relay agent MUST be configurable to accept or reject RECONFIGURE-
REQUEST messages received from other relay agents. If the relay is
configured to reject RECONFIGURE-REQUEST, the relay MUST silently
discard any RECONFIGURE-REQUEST it receives. If the relay is
configured to accept RECONFIGURE-REQUEST messages, these messages are
relayed as specified in Section 20.1.1 of [RFC3315].
Because RECONFIGURE-REQUEST message provides a mechanism for
triggering the DHCP Reconfigure message, and the DHCP Reconfigure
message can raise security threats (e.g., to control the timing of a
DHCP renewal), the DHCP server MUST have some mechanism for
determining that the relay agent is a trusted entity. RECONFIGURE-
REQUEST messages originating from unknown relay agents MUST be
silently dropped.
4.2.2. RECONFIGURE-ACK
Clients and Servers MUST silently discard any received RECONFIGURE- Clients and Servers MUST silently discard any received RECONFIGURE-
ACK messages. REPLY messages.
The relay MUST silently discard any received RECONFIGURE-ACK messages The relay MUST silently discard any received RECONFIGURE-REPLY
that meet any of the following conditions: messages that meet any of the following conditions:
o the "transaction-id" field in the message does not match the value o the "transaction-id" field in the message does not match the value
used in the original message. used in the original message.
o the message does not include a Server Identifier Option. o the message does not include a Server Identifier Option.
o the message does not include a Status Code Option [RFC3315]. o the message does not include a Status Code Option [RFC3315].
4.3. Creation and Transmission of RECONFIGURE-REQUEST 4.3. Creation and Transmission of RECONFIGURE-REQUEST
For any event (e.g., modification of the configuration information) For any event (e.g., modification of the configuration information)
that requires the server to issue a Reconfigure message, the relay that requires the server to issue a Reconfigure message, the relay
agent determines the client which is affected by the change and then agent determines the client(s) affected by the change and then builds
builds a Reconfigure-Request message: the relay agent sets the "msg- a Reconfigure-Request message: the relay agent sets the "msg-type"
type" field to RECONFIGURE-REQUEST, generates a transaction ID and field to RECONFIGURE-REQUEST, generates a transaction ID and inserts
inserts it in the "transaction-id" field. The relay agent MUST it in the "transaction-id" field.
include a Client Identifier Option [RFC3315] and a Link Address
Option (Section 3) so that the DHCPv6 server can identify the The relay agent MUST include one or more Client Identifier Options
corresponding client and the link on which the client is located. [RFC3315] and a Link Address Option (Section 3) so that the DHCPv6
server can identify the corresponding client and the link on which
the client is located.
The relay agent MAY supply the updated configuration in the RSOO The relay agent MAY supply the updated configuration in the RSOO
[RFC6422]. The relay agent MAY supply a Reconfigure Message Option [RFC6422]. The relay agent MAY supply a Reconfigure Message Option
to indicate which form of Reconfigure to use. The relay agent MAY to indicate which form of Reconfigure to use. The relay agent MAY
include any option (e.g., Interface Identifier [RFC3315]) which it include any option (e.g., Interface Identifier [RFC3315]) which it
might insert when relaying a message received from a client. might insert when relaying a message received from a client.
When several clients on the same link are affected by a configuration When several clients on the same link are affected by a configuration
change, the relay MUST include several Client Identifier Options, change, the relay MUST include several Client Identifier Options,
each of them identifies a specific client. If including Client each of them identifies a specific client. If including Client
Identifier Options of all impacted clients exceeds the maximum Identifier Options of all impacted clients exceeds the maximum
skipping to change at page 8, line 51 skipping to change at page 8, line 38
MRT 10 secs MRT 10 secs
MRC 5 MRC 5
MRD 0 MRD 0
When retransmission is required, the relay may decide to correct the When retransmission is required, the relay may decide to correct the
content of RECONFIGURE-REQUEST message it issues (e.g., update the content of RECONFIGURE-REQUEST message it issues (e.g., update the
Client Identifier list). This decision is local to the relay (e.g., Client Identifier list). This decision is local to the relay (e.g.,
it may be based on observed events such as one or more clients were it may be based on observed events such as one or more clients were
reconfigured on their own). reconfigured on their own).
The relay may receive (Relay-Reply) Reconfigure before Reconfigure- The relay may receive Reconfigure encapsulated in Relay-Reply before
Ack. The relay SHOULD NOT interpret it as if the Reconfigure-Request Reconfigure-Reply. The relay SHOULD NOT interpret it as if the
was successfully handled by the Server. The relay SHOULD use Reconfigure-Request was successfully handled by the Server. The
Reconfigure-Ack, not the Reconfigure message, to determine if the relay SHOULD use Reconfigure-Reply, not the Reconfigure message, to
request was successful. determine if the request was successful.
4.4. Server Behaviour 4.4. Intermediate Relay Agents Behaviour
The relay agent MUST be configurable to accept or reject RECONFIGURE-
REQUEST messages received from other relay agents. If no indication
is explicitly configured to the relay, the default behavior is to
accept RECONFIGURE-REQUEST messages.
If the relay is configured to reject RECONFIGURE-REQUEST, the relay
MUST silently discard any RECONFIGURE-REQUEST it receives. If the
relay is configured to accept RECONFIGURE-REQUEST messages, these
messages are relayed as specified in Section 20.1.1 of [RFC3315].
4.5. Server Behaviour
The server MUST be configurable to accept or reject RECONFIGURE-
REQUEST messages. If no indication is explicitly configured to the
server, the default behavior is to reject RECONFIGURE-REQUEST
messages.
If the server is configured to reject RECONFIGURE-REQUEST, the server
MUST silently discard any RECONFIGURE-REQUEST it receives.
Upon receipt of a valid Reconfigure-Request message from a DHCPv6 Upon receipt of a valid Reconfigure-Request message from a DHCPv6
relay agent (see Section 4.2), the server determines the client(s) relay agent (see Section 4.2), the server determines the client(s)
for which a Reconfigure message is to be sent. for which a Reconfigure message is to be sent.
The server constructs a Reconfigure-Ack message by setting the "msg- The server constructs a Reconfigure-Reply message by setting the
type" field to RECONFIGURE-ACK, and copying the transaction ID from "msg-type" field to RECONFIGURE-REPLY, and copying the transaction ID
the RECONFIGURE-REQUEST message into the transaction-id field. The from the RECONFIGURE-REQUEST message into the "transaction-id" field.
server MUST include a Status Code Option [RFC3315] indicating whether The server MUST include a Status Code Option [RFC3315] indicating
the request is successfully processed, failed or partially failed. whether the request is successfully processed, failed or partially
failed.
o If the request is successfully handled by the server, the server o If the server fails to validate the request, the server MUST set
MUST include a Status Code Option indicating "Success". the Status Code Option to the appropriate status code (e.g.,
UnspecFail, NotAllowed, etc.). In particular,
o If the request includes several Client Identifier options but the * UnspecFail MUST be returned if Reconfigure-Request message is
server will issue reconfigure requests only for a subset of them, malformed.
the server MUST include a Status Code Option indicating "Success"
but in the meantime it MUST copy back the list of Client
Identifier Options pointing to clients for which the server won't
issue a Reconfigure message.
o If the server failed to process the request for all clients, the * NotAllowed MUST be returned if the server is not configured to
server MUST set the Status Code Option to the appropriate status allow Reconfigure-Request.
code (e.g., UnspecFail, NotAllowed, etc.).
* NotConfigured MUST be returned if the server has no record of
the link.
o If the Reconfigure-Request is successfully validated, the server
MUST return a Status Code Option indicating "Success". In
addition, the server MUST include a list of all the Client
Identifier Options of the clients to which Reconfigure messages
will not be sent (e.g., the server has no record of the client or
the client did not negotiate for Reconfigure support). Note that
this means that "Success" will be returned even if Reconfigure
messages will not be sent to any of the clients.
If RSOO is supplied, the server MAY use its content to double check If RSOO is supplied, the server MAY use its content to double check
whether a Reconfigure is required to be sent to the client. This whether a Reconfigure is required to be sent to the client. This
assumes the server store the content of RSOO it used to generate assumes the server store the content of RSOO it used to generate
configuration data sent to requesting clients. configuration data sent to requesting clients.
The server MAY use the content of the Reconfigure Message Option The server MAY use the content of the Reconfigure Message Option
supplied by the relay agent to determine which form of Reconfigure to supplied by the relay agent to determine which form of Reconfigure to
use. use.
Then, the server MUST follow the procedure defined in Section 19.1 of Then, the server MUST follow the procedure defined in Section 19.1 of
[RFC3315] to construct a Reconfigure message. This Reconfigure [RFC3315] to construct a Reconfigure message.
message may be sent directly to the DHCPv6 client or to a relay agent
[RFC3315].
Rate-limit considerations are discussed in Section 5. Rate-limit considerations are discussed in Section 5.
4.5. Receipt of RECONFIGURE-ACK 4.6. Receipt of RECONFIGURE-REPLY
Depending on the status code enclosed in a received RECONFIGURE-ACK Depending on the status code enclosed in a received RECONFIGURE-REPLY
message, the relay may decide to terminate the request or try a message, the relay may decide to terminate the request or try a
different corrected Reconfigure-Request. different corrected Reconfigure-Request.
5. Rate Limiting Considerations 5. Rate Limiting Considerations
The relay MUST rate-limit Reconfigure-Request messages to be sent to The relay MUST rate-limit Reconfigure-Request messages to be sent to
the server. The relay MUST be configured with required rate-limit the server. The relay MUST be configured with required rate-limit
parameters (i.e., the rate of Reconfigure messages). The maximum parameters (i.e., the rate of Reconfigure messages). The maximum
Reconfigure-Request packet size SHOULD be configurable and the Reconfigure-Request packet size SHOULD be configurable and the
default value MUST be 1280 octets. default value MUST be 1280 octets.
skipping to change at page 10, line 32 skipping to change at page 10, line 43
messages). messages).
6. IANA Considerations 6. IANA Considerations
IANA is requested to assign the following new DHCPv6 Message type in IANA is requested to assign the following new DHCPv6 Message type in
the registry maintained in the registry maintained in
http://www.iana.org/assignments/dhcpv6-parameters: http://www.iana.org/assignments/dhcpv6-parameters:
RECONFIGURE-REQUEST RECONFIGURE-REQUEST
RECONFIGURE-ACK RECONFIGURE-REPLY
IANA is requested to assign the following new DHCPv6 Option Codes in IANA is requested to assign the following new DHCPv6 Option Codes in
the registry maintained in the registry maintained in
http://www.iana.org/assignments/dhcpv6-parameters: http://www.iana.org/assignments/dhcpv6-parameters:
OPTION_LINK_ADDRESS OPTION_LINK_ADDRESS
7. Security Considerations 7. Security Considerations
Security considerations elaborated in [RFC3315] (in particular Security considerations elaborated in [RFC3315] (in particular
Section 21.1) and [RFC6422] must be taken into account. In addition, Section 21.1) and [RFC6422] must be taken into account. In addition,
DHCPv6 servers MAY be configured to discard relayed RECONFIGURE- DHCPv6 servers MAY be configured to discard relayed Reconfigure-
REQUEST messages or restrict relay chaining (see [RFC5007] for more Request messages or restrict relay chaining (see [RFC5007] for more
discussion about the rationale of this recommended behavior). Relay discussion about the rationale of this recommended behavior).
agents SHOULD implement appropriate means to prevent using
RECONFIGURE-REQUEST messages as a denial-of-service attack on the Relay agents SHOULD implement appropriate means to prevent using
Reconfigure-Request messages as a denial-of-service attack on the
DHCPv6 servers. DHCPv6 servers.
Because Reconfigure-Request message provides a mechanism for
triggering the DHCP Reconfigure message, and the DHCP Reconfigure
message can raise security threats (e.g., to control the timing of a
DHCP renewal), the DHCP server MUST have some mechanism for
determining that the relay agent is a trusted entity. Reconfigure-
Request messages originating from unknown relay agents MUST be
silently dropped.
8. Acknowledgements 8. Acknowledgements
Many thanks to R. Maglione, A. Kostur, G. Halwasia, C. Jacquenet and Many thanks to R. Maglione, A. Kostur, G. Halwasia and C. Jacquenet
B. Volz for the comments and review. for the comments and review.
Special thanks to T. Lemon who provided a detailed review. Special thanks to T. Lemon, B. Volz and T. Mrugalski who provided a
detailed review.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
 End of changes. 43 change blocks. 
117 lines changed or deleted 144 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/