Technical Summary
This document proposes a Lightweight DHCPv6 Relay Agent (LDRA)
that is used to insert relay agent options in DHCPv6 message
exchanges identifying client-facing interfaces. The LDRA can
be implemented in existing access nodes (such as DSLAMs and
Ethernet switches) that do not support IPv6 control or routing
functions.
Working Group Summary
This document appeared in the working group at the end of
2008. There has been substantial interest in this document.
Document Quality
The document has undergone careful review, and the working
group is satisfied with its quality.
Personnel
The document shepherd is Ted Lemon <mellon@nominum.com>. Ralph
Droms <rdroms.ietf@gmail.com> is the Responsible AD.
RFC Editor Note
In section 4, change "must" to "MUST":
OLD:
DHCP server implementations conforming to this specification must,
NEW:
DHCP server implementations conforming to this specification MUST,
* Section 5.1
OLD:
The Relay-Forward message contains relay agent parameters that
identify the client-facing interface on which any reply messages
should be forwarded. These parameters are link-address, peer-address
and Interface-ID. The link-address parameter MUST be set to the
unspecified address. The Interface-ID Relay Agent Option MUST be
included in the Relay-Forward message. The LDRA MAY insert
additional relay agent options.
NEW:
The Relay-Forward message contains relay agent parameters that
identify the client-facing interface on which any reply messages
should be forwarded. These parameters are link-address, peer-address
and Interface-ID. The link-address parameter MUST be set to the
unspecified address. The peer-address parameter MUST be set as
specified in Section 6.1. The Interface-ID Relay Agent Option MUST be
included in the Relay-Forward message. The LDRA MAY insert
additional relay agent options.
* Section 6.1
OLD:
When a DHCPv6 message (defined in [RFC3315]) is received on any
client-facing interface, the LDRA MUST intercept and process the
message. The LDRA MUST also prevent the original message from being
forwarded on the network facing interface.
NEW:
The LDRA MUST intercept and process all IP traffic received on any
client-facing interface that has:
o destination IP address set to All_DHCP_Relay_Agents_and_Servers
(FF02::1:2);
o protocol type UDP; and
o destination port 547
The LDRA MUST also prevent the original message from being
forwarded on the network facing interface.
* Section 7
OLD:
The LDRA intercepts any DHCPv6 message received on client-facing
interfaces with a destination IP address of
All_DHCP_Relay_Agents_and_Servers (FF02::1:2). The LDRA MUST NOT
forward the original client message to a network-facing interface, it
MUST process the message and add the appropriate Relay-Forward
options as described in previous sections.
NEW:
The LDRA intercepts any DHCPv6 message received on client-facing
interfaces with the traffic pattern specified in Section 6.1.
The LDRA MUST NOT forward the original client message to a
network-facing interface, it MUST process the message and add the
appropriate Relay-Forward options as described in previous sections.
* Security Considerations
OLD:
Although the LDRA only listens to client-originated IPv6 traffic sent
to the All_DHCPv6_Servers_and_Relay_Agents address on UDP port 547,
the LDRA SHOULD implement some form of rate-limiting on received
messages to prevent excessive process utilisation. As DHCP is
session-oriented, messages in excess of the rate-limit may be
silently discarded.
NEW:
The security issues pertaining to DHCPv6 relay agents as specified in
Section 23 of [RFC3315] are also applicable to LDRAs. Although the
LDRA only listens to client-originated IPv6 traffic sent
to the All_DHCPv6_Servers_and_Relay_Agents address on UDP port 547,
the LDRA SHOULD implement some form of rate-limiting on received
messages to prevent excessive process utilisation. As DHCP is
session-oriented, messages in excess of the rate-limit may be
silently discarded.