Network Working Group M. Boucadair, Ed.
Internet-Draft J-L. Grimault
Intended status: Standards Track France Telecom
Expires: May 3, 2009 P. Levis
A. Villefranque
France Telecom-Orange Labs
October 30, 2008
DHCP Options for Conveying Port Mask and Port Range Router IP Address
draft-boucadair-dhc-port-range-01
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 3, 2009.
Abstract
This draft defines two new DHCP (Dynamic Host Configuration Protocol,
[RFC2131]) Options to be used in the context of Provider-Provisioned
CPE solution (a.k.a. Port Range solution or Fractional Address).
The first option is used to convey a Port Mask and the second one may
be used to convey a list of Port Range Router IP addresses.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
Boucadair, et al. Expires May 3, 2009 [Page 1]
Internet-Draft Port Range Options October 2008
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Mask Port Option . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Definition . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Purpose and Usage . . . . . . . . . . . . . . . . . . . . 4
2.3. Illustration Examples . . . . . . . . . . . . . . . . . . 5
2.3.1. One continuous Port Range . . . . . . . . . . . . . . 5
2.3.2. Non Continous Port Range: Single Mask Port, 128
Port Ranges . . . . . . . . . . . . . . . . . . . . . 6
2.3.3. Two Long Port Ranges: Single Port Mask, two Port
Ranges . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3.4. Single Mask Port, 64 Port Ranges . . . . . . . . . . . 7
3. Port Range Router IP address DHCP Option (PRR IP Adress
DHCP Option) . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1. Purpose and Usage . . . . . . . . . . . . . . . . . . . . 8
3.2. Illustration Example . . . . . . . . . . . . . . . . . . . 8
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 9
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.1. Normative References . . . . . . . . . . . . . . . . . . . 10
7.2. Informative References . . . . . . . . . . . . . . . . . . 10
Appendix A. Enhanced Port Range DHCP Option . . . . . . . . . . . 10
A.1. Two continuous Port Ranges of different sizes . . . . . . 12
A.2. Two Port Ranges with some ports excluded from the
first range . . . . . . . . . . . . . . . . . . . . . . . 13
Appendix B. Changes since 00 version . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Intellectual Property and Copyright Statements . . . . . . . . . . 15
Boucadair, et al. Expires May 3, 2009 [Page 2]
Internet-Draft Port Range Options October 2008
1. Introduction
Recently, in the context of IPv4 address depletion, several solutions
have been disseminated within IETF to propose viable alternative
solutions to Carrier Grade NAT (CG-NAT). [ID.boucadair] is an
example of these solutions which propose to share the same IP address
among several devices and to constraint the values used as port
sources to a limited set of values. As described in [ID.boucadair],
a new DHCP is required to notify remote devices about the allowed
port values. This is mainly achieved owing to the Port Mask DHCP
Option.
This proposal tackles the issue of assigning Port Ranges in a
different way than that of [ID.bajko]. The proposed DHCP option only
applies to the allocation of ports and not of IP addresses.
Therefore the allocation of IP addresses and the allocation of ports
are decorrelated from a DHCP point of view. Consequently, this draft
does not introduce a conflict to manage existing DHCP options and the
new ones (especially with those options including a "requested
address" defined in [RFC2132]). In addition, the proposed option
allows the definition of Port Ranges in a very flexible way; non
contiguous values are possible, which prevents for instance to
allocate all well-known ports to the same customer.
This draft defines the notion of Port Mask which is generic and
flexible. Several allocation schemes may be implemented owing to a
Port Mask. This draft proposes a basic mechanism allowing to
allocate a unique Port Mask. The Annex describes a variant
permitting a more sophisticated allocation of ports such as: allocate
a Port Range except some values (e.g. All well-known port values
except 80 and 8080), allocate only a set of discrete values together
with a Port Range (e.g. 3000 to 32000 and port 80), etc.
According to [ID.dhcpguide], the formats of the herein proposed DHCP
options are similar to the ones defined in [RFC2132].
IP exhaustion is only provided as an example of usage of the DHCP
options defined in this draft. Other usages may be considered.
2. Mask Port Option
This section defines the Port Mask DHCP Option.
2.1. Definition
For making the distinction between a Port Range containing a
continuous span of port numbers and a Port Range with non continuous
Boucadair, et al. Expires May 3, 2009 [Page 3]
Internet-Draft Port Range Options October 2008
port numbers, the following denominations are used:
- Continuous Port Range: a set of port values which form a
continuous sequence.
- Non Continuous Port Range: a set of ports values which does not
form a continuous sequence.
Moreover, unless explicitly mentioned, Port Mask refers to the couple
(Port Mask, Port Locator).
2.2. Purpose and Usage
This option is used to notify a remote DHCP client about the Port
Mask to be applied when selecting a port value as a source port. The
Port Mask option is used to infer a set of allowed port values.
A Port Mask defines a set of ports that all have in common a subset
of pre-positioned bits. This ports set is also called Port Range.
Two port numbers are said to belong to the same Port Range if and
only if, they have the same Port Mask. In the rest, for easing the
denomination, we will call CPE (Customer Premises Equipment) the
equipment which applies the port restriction when communicating. But
it could be any other kind of equipment (e.g. a terminal).
The code for this DHCP option is to be assigned by IANA. The minimum
length of this option is 4, and the length MUST be a multiple of 4.
The format of Port Mask DHCP option is illustrated in the figure
hereafter:
Code Len Port Mask 1 Mask Locator 1
+-----+-----+-----+-----+-----+-----+
| TBA | n | MP1 | ML1 |
+-----+-----+-----+-----+-----+-----+
TBA means to be assigned by IANA.
Port Mask indicates the value of the mask to be applied and Mask
Locator indicates the position of the bits which are used to build
the mask.
Port Mask and Mask Locator are encoded as 16 bits.
The "1" values in the Mask Locator indicate by their position the
significant bits of the Port Mask (the pattern of the Port Mask).
Boucadair, et al. Expires May 3, 2009 [Page 4]
Internet-Draft Port Range Options October 2008
For example,
o a Mask Locator equal to 1000000000000000 indicates that the first
bit (the most significant one) is used as a pattern of the Port
Mask;
o a Mask Locator equal to 0000101000000000 indicates that the 5th
and the 7th most significant bits are used as a pattern of the
Port Mask.
The pattern of the Port Mask is all the fixed bits in the Port Mask.
All the ports the CPE is allowed to use as source ports must have
their number in accordance with the pattern.
The Port Mask is coded as follows:
- The pattern bits of the Port Mask are those where "1" values are
set in the Mask Locator. These bits may take a value of 0 or 1.
- All the other bits are set to "0".
2.3. Illustration Examples
This section provides a set of examples to illustrate the usage of
the Port Mask DHCP Option:
1. Single Port Mask to assign one Continuous Port Range to a given
device;
2. Single Port Mask used to assign 128 Port Ranges with two Port
Ranges within the well-known Port Range to a given device;.
3. Single Port Mask to assign two long Port Ranges to a given
device;
4. Single Port Mask to allocate to a given device 64 Port Ranges
with a Port Range within the well-known Port Range.
2.3.1. One continuous Port Range
This section provides an example of a Port Mask used to assign a
unique Continuous Port Range to a given customer's device.
For illustration purposes, the following Mask Locator and Port Mask
are conveyed using DHCP to assign a Port Range (from 2048 to 4095) to
a given device:
Boucadair, et al. Expires May 3, 2009 [Page 5]
Internet-Draft Port Range Options October 2008
- Port Mask : 0000100000000000 (2048)
- Mask Locator : 1111100000000000 (63488)
In this example, 2^5 customers can share the same IP address.
2.3.2. Non Continous Port Range: Single Mask Port, 128 Port Ranges
Unlike the previous example, this one illustrates the case where a
non Continuous Port Range is assigned to a given customer's device.
In this example, the Port Mask defines 128 Continuous Port Ranges,
each one with a length of 16 port values. Note that the two first
Port Ranges are both in the well-known ports span (i.e. 0-1023) but
these two ranges are not adjacent.
The following Mask Locator and Port Mask are conveyed in DHCP
messages:
- Port Mask : 0000000001010000 (80)
- Mask Locator : 0000000111110000 (496)
This means that the 128 following Continuous Port Ranges are assigned
to the same customer's device:
- from 80 to 95
- from 592 to 607
- ...
- ...
- from 65104 to 65119
2.3.3. Two Long Port Ranges: Single Port Mask, two Port Ranges
In this example, the Port Mask defines two Continuous Port Ranges,
each one being 1024 ports long:
- Port Mask : 0000000000000000 (0)
- Mask Locator : 1111010000000000 (62464)
This means that the two following Continuous Port Ranges are assigned
to the same device:
Boucadair, et al. Expires May 3, 2009 [Page 6]
Internet-Draft Port Range Options October 2008
- from 0 to 1023, and
- from 2048 to 3071
2.3.4. Single Mask Port, 64 Port Ranges
This example shows the flexibility of allocating allowed port values
using a Port Mask. In the following example, 64 Continuous Port
Ranges are allocated to each CPE (among a set of 4 CPEs sharing the
same IPv4 address).
Among the 64 continuous Port Ranges to each CPE, there is always one
within the span of the first 1024 well-known port values. Hereafter
is provided the Port Mask and Port Locator assigned to 2 CPEs:
1. CPE#0
- Port Mask: 0000000000000000 (0)
- Mask Locator: 0000001100000000 (768)
The CPE#0 has therefore the 64 following Continuous Port Ranges:
- 1st range: 0-255
- ...
- 64th range: 64512-64767
2. CPE#2
- Port Mask: 0000001100000000 (768)
- Mask Locator: 0000001100000000 (768)
The CPE#2 has therefore the 64 following Continuous Port Ranges:
- 1st range: 768-1023
- ...
- 64th range: 65280-65535
3. Port Range Router IP address DHCP Option (PRR IP Adress DHCP Option)
This section defines the Port Range Router IP Address DHCP Option.
Boucadair, et al. Expires May 3, 2009 [Page 7]
Internet-Draft Port Range Options October 2008
3.1. Purpose and Usage
The PRR IP Address DHCP option specifies a list of routers
(represented as IPv4 addresses) which maintains a binding table as
defined in [ID.boucadair]. Routers SHOULD be listed in order of
preference.
The code for the PRR IP Address DHCP option is to be assigned by
IANA. The minimum length for this option is 4 octets, and the length
MUST always be a multiple of 4.
The format of the PRR IP Address DHCP option is depicted in the
following figure:
Code Len Address 1 Address 2
+-----+-----+-----+-----+-----+-----+-----+-----+--
| TBA | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
+-----+-----+-----+-----+-----+-----+-----+-----+--
This format assumes that an IPv4 address is encoded as a1.a2.a3.a4.
This option can be used for instance when a CPE-Provisioned PRR model
is adopted (Refer to [ID.boucadair] for more details about this
mode).
Once this option is received by a given customer's device
(particularly embedded DHCP Client), an appropriate message is sent
to the IP address conveyed in this option. This message aims at
notifying the remote Port Range Router about the assigned Port Mask
and IP address. An entry is consequently instantiated in the binding
table maintained by that PRR.
As stated above, this option encloses at least one IP address, which
represents the PRR. If several IP addresses are conveyed, these PRR
are contacted in a priority-based scheme. Thus, if no acknowledgment
message is received for the issued message, the next PRR in the list
is contacted, etc.
3.2. Illustration Example
This section provides an example of the configuration data conveyed
in a Port Range Router DHCP Option.
Boucadair, et al. Expires May 3, 2009 [Page 8]
Internet-Draft Port Range Options October 2008
Let's suppose that the configuration data is retrieved by a CPE using
DHCP. This configuration contains a Port Range Router Option
illustrated in the following figure:
Code Len Address 1
+-----+-----+-----+-----+-----+-----+
| TBA | 4 | 21 | 15 | 52 | 55 |
+-----+-----+-----+-----+-----+-----+
Within this example, this option carries one single IP address:
21.15.52.55.
Once this data is received by the CPE, the following call flow is
experienced:
+-----+ +-----+
| CPE | | PRR |
+-----+ +-----+
| 21.15.52.55
| (1) BIND() |
|------------------------------>|
| |
| |
| (2) ACK |
|<------------------------------|
| |
As a result, PRR (21.21.52.55) is aware about the required
information to route unambiguously all received IP packets to that
CPE. This process is achieved each time DHCP configuration data
change.
4. IANA Considerations
This document requests the assignment of two DHCP Options:
- Port Mask Option;
- Port Range Router IP Address Option.
5. Security Considerations
This document does not introduce any security issue.
Boucadair, et al. Expires May 3, 2009 [Page 9]
Internet-Draft Port Range Options October 2008
6. Acknowledgements
TBC
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
7.2. Informative References
[ID.bajko]
Bajko, G. and T. Savolainen , "Dynamic Host Configuration
Protocol (DHCP) Options for Port Restricted IP Address
Assignment", September 2008.
[ID.boucadair]
Boucadair, M., "Provider-Provisioned CPE: IPv4
Connectivity Access in the context of IPv4 address
exhaustion", October 2008.
[ID.dhcpguide]
Hankins, D., "Guidelines for Creating New DHCP Options",
October 2008.
Appendix A. Enhanced Port Range DHCP Option
This appendix defines a variant which allows a more sophisticated
allocation of ports.
The format of the Port Mask DHCP Option is slightly more complicated
than the basic one defined above.
Boucadair, et al. Expires May 3, 2009 [Page 10]
Internet-Draft Port Range Options October 2008
The format of the enhanced Port Mask DHCP Option is illustrated in
the figure hereafter:
Code Len OP Port Mask 1 Mask Locator 1
+-----+-----+-----+--------+--------+--------+--------+
| TBA | n | op1 | MP1 | ML1 |
+-----+-----+-----|--------+--------+--------+--------+
OP Port Mask 2 Mask Locator 2
+-----+--------+--------+--------+--------+---
| op2 | MP2 | ML2 |...
+-----+--------+--------+--------+--------+---
As shown above, several Port Masks may be enclosed in the Port Mask
DHCP Option.
The minimum length of this option is 5, and the length MUST be a
multiple of 5.
As shown above, several Port Masks and Mask Locators may be enclosed
in a single option.
The OP (Operand) field encodes in one octet the way the Port Mask is
to be applied. Two values are defined in this draft:
- OP = 0: This means that the Port Mask and Mask Locator which
follow define a set of ports which can be used by the CPE. This
is exactly the working of the basic mechanism described in the
core of this memo.
- OP = 1: This means that the Port Mask and Mask Locator which
follow define a set of ports which must NOT be used by the CPE.
Therefore OP = 1 excludes ports specified by the associated Port
Mask.
The set of excluded ports defined by a sequence (OP=1, Port Mask_y,
Mask Locator_y) has the precedence over any sequence (OP=0, Port
Mask_x, Mask Locator_x) within the Port Mask DHCP Option. That means
that the final ports set defined by the Port Mask DHCP option is :
union of the sets defined by all the sequences (OP=0, Port Mask_x,
Mask Locator_x) minus all the sets defined by the sequences (OP=1,
Port Mask_y, Mask Locator_y).
The order of sequence (OP, Port Mask, Mask Locator) within the Port
Mask DHCP Option is not important. OP=0 sequences can precede OP=1
Boucadair, et al. Expires May 3, 2009 [Page 11]
Internet-Draft Port Range Options October 2008
sequences or the contrary. OP=0 sequences can be mixed with OP=1
sequences.
Two examples are provided hereafter.
A.1. Two continuous Port Ranges of different sizes
One could notice from the examples given for the basic mechanism (see
Section 2.3. Illustration Examples) that with a single Port Mask it
is not possible to allocated several Continuous Port Ranges of
different sizes. In the scope of this present variant this is
feasible.
The use case can be, for example, a CPE to which has been already
allocated a Continuous Port Range (e.g. 2048 ports from 16384 to
18431) outside the well-known port values span (0-1023). If at a
later stage, the customer wishes to enable some servers behind its
CPE and then uses a well-known ports (i.e. a values within 0 to 1023
ranges) and if this Port Range (0-1023) is not yet allocated to
another CPE, it can be allocated to that CPE owing to a second Port
Mask.
Therefore, the Port Mask DHCP Option would contain two (OP, Port
Mask, Mask Locator) sequences as shown below:
- First (OP, Port Mask, Mask Locator):
* OP = 0
* Port Mask: 0100000000000000 (16384)
* Mask Locator : 1111100000000000 (63488)
This yields the following 2048 long Continuous Port Range: from
16384 to 18431
- Second (OP, Port Mask, Mask Locator):
* OP = 0
* Port Mask: 0000000000000000 (0)
* Mask Locator : 1111110000000000 (64512)
This yields the following Continuous Port Range: from 0 to 1023
Boucadair, et al. Expires May 3, 2009 [Page 12]
Internet-Draft Port Range Options October 2008
A.2. Two Port Ranges with some ports excluded from the first range
This example is the same as the previous one but the port 80 is not
allocated to the CPE.
There are three (OP, Port Mask, Mask Locator) sequences. The first
two ones are the same ones as in the previous example.
The third sequence is as follows:
- OP = 1
- Port Mask: 0000000001010000 (80)
- Mask Locator : 1111111111111111 (65535)
This third (OP, Port Mask, Mask Locator) sequence excludes port 80
from the allowed port values to that device.
Appendix B. Changes since 00 version
1. Some editorial changes
2. Correct the example provided in Section 2.3.3
Authors' Addresses
Mohamed Boucadair (editor)
France Telecom
42 rue des Coutures
BP 6243
Caen Cedex 4 14066
France
Email: mohamed.boucadair@orange-ftgroup.com
Jean-Luc Grimault
France Telecom
Email: jeanluc.grimault@orange-ftgroup.com
Boucadair, et al. Expires May 3, 2009 [Page 13]
Internet-Draft Port Range Options October 2008
Pierre Levis
France Telecom-Orange Labs
Email: pierre.levis@orange-ftgroup.com
Alain Villefranque
France Telecom-Orange Labs
Fax:
Email: alain.villefranque@orange-ftgroup.com
Boucadair, et al. Expires May 3, 2009 [Page 14]
Internet-Draft Port Range Options October 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Boucadair, et al. Expires May 3, 2009 [Page 15]