dhc T. Lemon
Internet-Draft Nominum
Intended status: Standards Track Q. Wu
Expires: March 18, 2011 Huawei
September 14, 2010
Relay-Supplied DHCP Options
draft-ietf-dhc-dhcpv6-relay-supplied-options-00
Abstract
This document describes a general mechanism whereby a DHCPv6 relay
agent can provide options to a DHCPv6 server that the DHCPv6 server
can then provide to the DHCPv6 client.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 18, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Lemon & Wu Expires March 18, 2011 [Page 1]
Internet-Draft Relay-Supplied DHCP Options September 2010
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 3
3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . . 4
5. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
8. Normative References . . . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5
Lemon & Wu Expires March 18, 2011 [Page 2]
Internet-Draft Relay-Supplied DHCP Options September 2010
1. Introduction
There are some cases where a DHCP relay agent has information that
would be useful to provide to a DHCP client, and the DHCP server does
not have that information. The DHCPv6 specification [RFC3315] does
not provide a mechanism whereby the DHCP relay can provide options to
the DHCP client. This document defines an extension to DHCP that
allows DHCP relay agents to propose options to be sent to DHCP
clients.
The initial motivation for this draft came from a proposal from the
Mobile IPv6 working group that proposed a single-use mechanism
whereby a particular relay option would be forwarded to the client.
Subsequent independent effort in another working group has confirmed
the need for a general mechanism to do this.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Terminology
The following terms and acronyms are used in this document:
DHCP - Dynamic Host Configuration Protocol Version 6 [RFC3315]
RSOO - Relay-Supplied Options option
2. Protocol Summary
DHCP clients do not support a mechanism for receiving options from
relay agents--the function of the relay agent is simply to deliver
the payload from the server. Consequently, in order for the DHCP
relay agent to provide options to the client, it sends those options
to the DHCP server, encapsulated in a Relay-Supplied Options option.
The DHCP server can then choose to place those options in the
response it sends to the client.
3. Encoding
In order to supply options for the DHCP server, the relay agent sends
a Relay-Supplied Options option in the Relay-Forward message. This
option encapsulates whatever options the relay agent wishes to
provide to the DHCPv6 server.
Lemon & Wu Expires March 18, 2011 [Page 3]
Internet-Draft Relay-Supplied DHCP Options September 2010
+----+----+----+----+--------------+
+ TBD | length | suboptions...|
+----+----+----+----+--------------+
TBD Relay-Supplied Options code
length Length of Relay-Supplied Options option
suboptions One or more DHCPv6 options
4. DHCP Relay Agent Behavior
Relay agents MAY include a Relay-Supplied Options option in the
option payload of a Relay-Forward message. Relay agents MUST NOT
modify the contents of any message before forwarding it to the DHCP
client.
5. DHCP Server Behavior
A DHCP server that implements this spec must have a user-configurable
setting which determines whether or not it accepts a Relay-Supplied
Options option. If the DHCP server is configured not to accept the
RSOO, it MUST discard any such options that it receives.
DHCP servers normally construct a list of options that are candidates
to send to the DHCP client, and then constructs the DHCP packet
according to section 17.2.2 of DHCPv6 [RFC3315].
If the server receives an RSOO and is configured to accept it, it
SHOULD add any options that appear in the RSOO for which it has no
internal candidate to the list of options that are candidates to send
to the DHCP client. The server SHOULD discard any options that
appear in the RSOO for which it already has one or more candidates.
Aside from the addition of options from the RSOO, the DHCP server
should then construct a DHCP packet as it normally would, and
transmit it to the DHCP client as described in DHCPv6 [RFC3315].
DHCP Server implementations MAY discard options deemed inappropriate
to forward. For example, it would never be appropriate for the DHCP
server to forward an IA option. The list of options that will be
discarded SHOULD be configurable by the administrator.
Lemon & Wu Expires March 18, 2011 [Page 4]
Internet-Draft Relay-Supplied DHCP Options September 2010
6. Security Considerations
This document provides a mechanism whereby a relay agent can inject
options into the response the DHCP server sends to the DHCP client.
Because the DHCP server prefers its own configured options to those
supplied by the relay agent, this can't be used as a means for
overriding server-supplied options. However, it is still possible in
some configurations for a rogue DHCP relay agent to supply additional
options to the DHCP client.
Because the relay agent is supplying options which the DHCP server
might then sign, this provides a mechanism whereby an attacker could
get the DHCP server to authenticate a message that the attacker could
not itself forge to the client.
For this reason, DHCP servers in environments where a rogue relay
could interpose itself into the packet flow SHOULD authenticate the
relay agent as described in section 21.1 of DHCPv6 [RFC3315].
Note, however, that this attack is only useful if the DHCP server is
using the DHCPv6 authentication mechanism; in the absence of DHCPv6
authentication, the relay agent could more easily forge a message to
the client, rather than using this mechanism to cause the server to
produce a message containing forged information.
7. IANA Considerations
We request that IANA assign one new option code from the registry of
DHCP Option Codes maintained at
http://www.iana.org/assignments/dhcpv6-parameters. This option code
will be assigned to the Relay-Supplied Options option.
8. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
Lemon & Wu Expires March 18, 2011 [Page 5]
Internet-Draft Relay-Supplied DHCP Options September 2010
Authors' Addresses
Ted Lemon
Nominum
2000 Seaport Blvd
Redwood City, CA 94063
USA
Phone: +1 650 381 6000
Email: mellon@nominum.com
Qin Wu
Huawei Technologies Co., Ltd.
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: sunseawq@huawei.com
Lemon & Wu Expires March 18, 2011 [Page 6]