Network Working Group W. Dec
Internet-Draft R. Johnson
Intended status: Informational Cisco Systems
Expires: September 9, 2010 March 8, 2010
DHCPv6 Route Option
draft-dec-dhcpv6-route-option-03
Abstract
This document describes the DHCPv6 Route Option for provisioning IPv6
routes on a DHCPv6 client. This is expected to improve the ability
of an operator to configure and influence a client's ability to pick
an appropriate route to a destination when this client is multi-homed
to routers and where other means of route configuration may be
impractical. The option is primarily envisaged for configuring a
broadband Residential Gateway (RG) router, but is generic enough to
be used by other types of DHCPv6 clients.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 9, 2010.
Dec & Johnson Expires September 9, 2010 [Page 1]
Internet-Draft DHCPv6 Route Option March 2010
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Problem overview . . . . . . . . . . . . . . . . . . . . . . . 3
3. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Route Option Format . . . . . . . . . . . . . . . . . . . . 5
3.2. Appearance of the route option in DHCP messages . . . . . . 6
4. DHCP Client Behavior . . . . . . . . . . . . . . . . . . . . . 7
5. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 8
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 8
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
Dec & Johnson Expires September 9, 2010 [Page 2]
Internet-Draft DHCPv6 Route Option March 2010
1. Introduction
The Neighbor Discovery protocol [RFC4861] provides a mechanism for
hosts to discover one or more default routers on a directly connected
network segment. Extensions to the protocol defined in [RFC4191]
allow the discovery by such hosts of the preferences for multiple
default routers as well as more specific routes advertised by these
routers. This allows network administrators to better handle multi-
homed host topologies and influence the route selection by the host.
The mechanism however falls short in a few broadband access network
and operational scenarios that are in existence today.
This document presents the operational scenarios for which a DHCP
based static route provisioning method would be preferred. It then
defines the DHCPv6 Route Option for provisioning static IPv6 routes
on a DHCPv6 client that supports such functionality. The proposed
option is primarily envisaged for implementation on a class of IPv6
router known as a broadband Residential Gateway (RG), found in DSL,
Cable and FTTH environments, but it is generic enough to be used by
other types of clients.
Throughout the document the word client is used to designate the
device hosting the DHCPv6 client and is intended to be
interchangeable with the term RG. It is assumed that such a client
is capable of making basic IP routing decisions and maintaining a
simple IPv6 routing table.
2. Problem overview
Two scenarios are used to illustrate the problem as found in
residential broadband access networks. (It is duly noted that the
problem is not specific to IPv6). In general, in such access
networks a given user's RG may be expected to use a gateway more than
one Network Access Servers (NAS) when connected by means of an
Ethernet VLAN that is shared with other users. Each NAS would
typically be intended by the operator for the delivery of a
particular type of service, made accessible to the user of the RG,
where the service can be characterised by means of IP network
addresses. Naturally, the RG can also be connected to each NAS by
means of two or more links (e.g. using dedicated PPP links). In such
networks today, in order for the RG to select the appropriate NAS for
a given destination IP address, recourse is made to static routing
(meaning that they are not expected to change), which are actually
dynamically provisioned upon an RG connecting to the network. IGPs
are not commonly used for conveying such route information to RGs due
to operational reasons and a desire by the operators to maintain RG
and IP Edge devices complexity to a minimum.
Dec & Johnson Expires September 9, 2010 [Page 3]
Internet-Draft DHCPv6 Route Option March 2010
Figure 1 illustrates the case of two clients connected to a shared
Ethernet access VLAN. Both clients are assumed to have already
assigned IPv6 addresses of a global scope and obtain their Internet
connectivity via Router2 by means of a configured or discovered
default route/router. In addition to a global IP address Client1 may
be assigned with another IP address of a provider restricted scope
(ULA) for the purpose of communicating with specific services such as
that offered by Server A. Client 1, unlike Client 2, is intended to
access such a specific service, e.g. VoIP, hosted on ServerA by
means of Router1, with Server A being otherwise not reachable from
the Internet.
+---Router1---<IP Cloud>---ServerA
|
Client1----+
|
Client2----+
|
+---Router2---<IP Cloud>---Internet
Figure 1
The problem in the above scenario comes due to the fact that in order
to reach Server A, Client1 is required to possess a more specific
route for the address of A as reachable via Router1. An ICMPv6 based
mechanism for advertising more specific route information, as defined
in [RFC4191], disseminates this information via the shared link also
to Client2 which an operator often wants to avoid. Furthermore it's
is also desired to be able to manage per user route information from
a centralized repository instead of managing such information
directly on the NAS routers. The former requirement is driven by the
desire to provide to each client only the information required for
their intended role, which may be tied to a specific authorized
service subscription, as well as to allow the possibility to
introduce other service-routers into the scenario for load sharing of
other users. The requirement for centralized configuration
management is often due to commercial (e.g. Layer 3 wholesale) or
administrative boundaries which make router based configuration
difficult or impossible.
Figure 2 illustrates the case of a single client connected via two
logical or physical links to Router 1 and Router 2 respectively.
Router 1 is the intended gateway for a specific application on
ServerA (e.g. VoIP or NMS) that is otherwise not reachable via
Router2.
Dec & Johnson Expires September 9, 2010 [Page 4]
Internet-Draft DHCPv6 Route Option March 2010
----Router1---<IP Cloud>---ServerA
/
Client1
\
----Router2---<IP Cloud>---Internet
Figure 2
Once again, to obtain the desired routing behaviour there is a need
for Client1 to have a more specific IP route towards the target
application/server accessible via Router1, leaving Router2 as the
default gateway for other destinations. In this set-up the [RFC4191]
mechanism does indeed provide a solution, but one that is only
applicable in cases when the operator is willing to maintain the
necessary per user/RG configuration directly on Routers1 and 2. As
per the earlier scenario, this is often either impractical or not
possible, especially when operators are accustomed to resolving the
analogous IPv4 routing case by means of DHCPv4 using the classless
route information option [RFC3442].
In terms of routing and route installation towards Client1 by Routers
1 and 2, neither scenario calls for any specific mechanisms other
than those commonly used in such access scenarios, e.g. Router 1 may
have a DHCP PD derived route towards the limited scope IP prefix
assigned to Client1, while Router2 may have a AAA derived route
corresponding to the Client1 global IP address prefix.
3. Solution
A solution using a DHCPv6 Route-Option can be seen to offer an
operator to directly configure static routing information on a per
client basis. The DHCPv6 solution fits also readily into a network
environment where the operator has no means of directly configuring
the first hop NAS routers and/or maintain per user configuration
therein, preferring to manage such information from a centralized
DHCP server. Furthermore, the solution can easily integrate
operationally alongside similar functionality that may already used
be for IPv4, namely DHCPv4[RFC3442].
3.1. Route Option Format
A DHCPv6 server sends the Route Option to a DHCPv6 client to convey
one or more IPv6 routes. Each IPv6 route consists of a 128-bit next
hop IPv6 address for one or more IPv6 prefixes of a declared bit
length (a prefix). Multiple prefixes can be present in a single
option, when sharing the same next hop address. The complete option
is octet aligned by padding with 0s to the last octet boundary.
Dec & Johnson Expires September 9, 2010 [Page 5]
Internet-Draft DHCPv6 Route Option March 2010
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ROUTE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| IPv6 Next Hop Address |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Prefix Length | Prefix (variable length) |
+-+-+-+-+-+-+-+-+ .
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ROUTE (TBD).
option-len 17 + Length of the Prefix field in full octets (includes
any padding).
IPv6 Next Hop Address
The 128 bit IPv6 address of the next hop to be
used when forwarding towards the IP Prefix(es).
Prefix Length
8-bit unsigned integer. The length in bits of
the directly following IP Prefix directly following,
which also represents the number of leading bits in the
prefix. The value ranges from 0 to 128.
Prefix
Variable-length field containing the IP Prefix.
3.2. Appearance of the route option in DHCP messages
The Route option MUST NOT appear in the following DHCP messages:
Solicit, Request, Renew, Rebind, Information-Request and Reconfigure.
A single option can be used to covey multiple routes for the same
next hop by means of successively inserting additional combinations
prefix-length and prefix fields. Separate options are to be used for
routes not sharing the same next-hop.
The example below illustrates how two routes, consisting of Prefix A
and Prefix B with the same next hop addresses Next Hop 1 and can be
Dec & Johnson Expires September 9, 2010 [Page 6]
Internet-Draft DHCPv6 Route Option March 2010
conveyed by a single route-option.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ROUTE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| IPv6 Next Hop Address 1 |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Prefix A Length| Prefix A (variable length) |
+-+-+-+-+-+-+-+-+ .
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Prefix B Length| Prefix B (variable length) |
+-+-+-+-+-+-+-+-+ .
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4. DHCP Client Behavior
A DHCPv6 client compliant with this specification SHOULD request the
Route option (option value TBD) in an Options Request Option (ORO),
as described in [RFC3315], by including the Route options' code in
the following messages: Solicit, Request, Renew, Rebind, Information-
Request and Reconfigure.
If more than one route option appears in the same DHCPv6 message, the
client MUST process the options in the same way as if the information
was received in a single route option. If the same prefix appears
more than once but with different values for next- hop, the client
SHOULD install separate routes in the routing table for that prefix,
one for each distinct value of next-hop.
When processing the Route option a client MUST substitute a 0::0 IP
next hop address with the source IP address of the received DHCP
message. This is useful in cases where the DHCP server operator
would like the client to use as a next hop the source IP address of
an intermediate DHCP relay agent, whose address is used in packets
relayed to the client, without the need of identifying this address
explicitly. Given that next-hop address is likely to be an IPv6
Link-local address, the client MUST associate the route with the
Dec & Johnson Expires September 9, 2010 [Page 7]
Internet-Draft DHCPv6 Route Option March 2010
interface on which the client received the DHCPv6 message containing
the route option.
In terms of all other behaviour, such as the behaviour upon the
failure or re-establishment of a link ,or the failure to communicate
with a DHCP server, the client is assumed to follow [RFC3315].
5. DHCP Server Behavior
A server MAY send one of more Route Options to the client. The
server SHOULD support sending the option(s) as part of other DHCP
options where such a possibility exists, for example when sending the
route option(s) as part of an IA_NA or IA_PD option set.
6. IANA Considerations
A DHCPv6 option number of TBD for the "Route Option" is required to
be assigned by IANA.
7. Security Considerations
The overall security considerations discussed in [RFC3315] apply also
to this document. The Route option could be used by malicious
parties to misdirect traffic sent by the client either as part of a
denial of service or man-in-the-middle attack. An alternative denial
of service attack could also be realized by means of using the route
option to overflowing any known memory limitations of the client, or
to exceed the client's ability to handle the number of next hop
addresses.
Neither of the above considerations are new and specific to the
proposed route option. The mechanisms identified for securing DHCPv6
as well as reasonable checks performed by client implementations are
deemed sufficient in addressing these problems.
8. Acknowledgements
The authors would like to thank Alfred HInes, Ralph Droms, Ted Lemon,
Ole Troan, Dave Oran and Dave Ward for their comments and useful
suggestions.
9. References
Dec & Johnson Expires September 9, 2010 [Page 8]
Internet-Draft DHCPv6 Route Option March 2010
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
9.2. Informative References
[RFC3442] Lemon, T., Cheshire, S., and B. Volz, "The Classless
Static Route Option for Dynamic Host Configuration
Protocol (DHCP) version 4", RFC 3442, December 2002.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, November 2005.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007.
Authors' Addresses
Wojciech Dec
Cisco Systems
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
Email: wdec@cisco.com
Richard Johnson
Cisco Systems
170 W. Tasman Dr.
San Jose, CA 95134
USA
Phone:
Fax:
Email: raj@cisco.com
Dec & Johnson Expires September 9, 2010 [Page 9]