Internet Engineering Task Force J. Schoenwaelder
Internet-Draft Jacobs University Bremen
Intended status: Informational T. B.D.
Expires: April 21, 2011 TBD
October 18, 2010
Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for
Network Management
draft-schoenw-opsawg-nm-dhc-00
Abstract
This document defines new Dynamic Host Configuration Protocol (DHCPv4
and DHCPv6) options that contain a list of IP addresses that can be
used to locate network management services.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 21, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Schoenwaelder & B.D. Expires April 21, 2011 [Page 1]
Internet-Draft DHC Options for Network Management October 2010
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Network Management IPv4 Address Option for DHCPv4 . . . . . . . 3
3. Usage of Network Management Option for DHCPv4 . . . . . . . . . 4
4. Network Management IPv6 Address Option for DHCPv6 . . . . . . . 5
5. Usage of Network Management Option for DHCPv6 . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . . 8
Appendix A. Open Issues . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
Schoenwaelder & B.D. Expires April 21, 2011 [Page 2]
Internet-Draft DHC Options for Network Management October 2010
1. Introduction
This document defines new Dynamic Host Configuration Protocol (DHCPv4
and DHCPv6) options that contain a list of IP addresses that can be
used to locate network management services.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Network Management IPv4 Address Option for DHCPv4
This section describes the network management IPv4 Address Option for
DHCPv4. The network management IPv4 Address Option begins with an
option code followed by a length and sub-options. The value of the
length octet does not include itself or the option code. The option
layout is depicted below:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Code | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-Option 1 |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-Option n |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Option Code
OPTION-IPv4_Address-NM (TBD) - 1 byte
Length
An 8-bit field indicating the length of the option excluding
the 'Option Code' and the 'Length' fields
Sub-options
A series of DHCPv4 sub-options
When the total length of a network management IPv4 Address Option
exceeds 254 octets, the procedure outlined in [RFC3396] MUST be
Schoenwaelder & B.D. Expires April 21, 2011 [Page 3]
Internet-Draft DHC Options for Network Management October 2010
employed to split the option into multiple, smaller options.
A sub-option begins with a sub-option code followed by a length and
one or more IPv4 addresses. The sub-option layout is depicted below:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-opt Code | Length | IP Address . . . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The sub-option codes are summarized in Table 1.
+-----------------+--------------+
| Sub-option code | Service Name |
+-----------------+--------------+
| 1 | SNMP-TRAP |
| 2 | SYSLOG |
+-----------------+--------------+
Table 1: Sub-option codes or network management services
The length is followed by a list of IPv4 addresses indicating
appropriate network management servers available for a requested
option. Servers MUST be listed in order of preference and the client
should process them in decreasing order of preference. In the case
that there is no network management server available, the length is
set to 0; otherwise, it is a multiple of 4.
3. Usage of Network Management Option for DHCPv4
The requesting and sending of the proposed DHCPv4 option follow the
rules for DHCP options in [RFC2131].
In order to discover the IP address of a network management service,
the node (DHCP client) MUST include a Network Management IPv4 Address
Option in the Parameter Request List (PRL) in the respective DHCP
messages as defined in [RFC2131].
The client MAY include a Network Management IPv4 Address Option that
includes one or more sub-option(s) with the Sub-opt Code or Codes
that represent the service(s) the node is interested in. However, a
client SHOULD be prepared to accept a response from a server that
includes other sub-option(s) or does not include the requested sub-
option(s).
Schoenwaelder & B.D. Expires April 21, 2011 [Page 4]
Internet-Draft DHC Options for Network Management October 2010
When the DHCP server receives a Network Management IPv4 Address
Option in the PRL, the DHCP server MUST include the option in its
response message as defined in [RFC2131].
A server MAY use the sub-options in the received Network Management
IPv4 Address Option from the client's message to restrict its
response to the client requested sub-options. In the case when the
server cannot find any servers satisfying a requested sub-option, the
server SHOULD return the network management Option with that sub-
option and the length of the sub-option set to 0.
4. Network Management IPv6 Address Option for DHCPv6
This section describes the network management IPv6 Address Option for
DHCPv6. The network management Discovery Option begins with an
option code followed by a length and sub-options. The value of the
length octet does not include itself or the option code. The option
layout is depicted below:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Code | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-Option 1 |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-Option n |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Option Code
OPTION-IPv6_Address-NM (TBD) - 2 bytes
Length
A 16-bit field indicating the length of the option excluding
the 'Option Code' and the 'Length' fields.
Sub-options
A series of DHCPv6 sub-options
The sub-option layout is depicted below. The value of the Sub-opt
Schoenwaelder & B.D. Expires April 21, 2011 [Page 5]
Internet-Draft DHC Options for Network Management October 2010
Code and Length is 2 octets, and the Length does not include itself
or the Sub-opt Code field.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-opt Code | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The sub-option codes are summarized in Table 2.
+-----------------+--------------+
| Sub-option code | Service Name |
+-----------------+--------------+
| 1 | SNMP-TRAP |
| 2 | SYSLOG |
+-----------------+--------------+
Table 2: Sub-option codes or network management services
The length is followed by a list of IPv6 addresses indicating
appropriate network management servers available for a requested
option. Servers MUST be listed in order of preference and the client
should process them in decreasing order of preference. In the case
that there is no network management server available, the length is
set to 0; otherwise, it is a multiple of 16.
5. Usage of Network Management Option for DHCPv6
The requesting and sending of the proposed DHCPv6 option follows the
rules for DHCP options in [RFC3315].
In order to discover the IP address of a network management service,
the node (DHCP client) MUST include a Network Management IPv6 Address
Option in the Option Request Option (ORO) in the respective DHCP
messages as defined in [RFC3315].
The client MAY include a Network Management IPv6 Address Option that
includes one or more sub-option(s) with the Sub-opt Code or Codes
that represent the service(s) the node is interested in. However, a
client SHOULD be prepared to accept a response from a server that
includes other sub-option(s) or does not include the requested sub-
option(s).
When the DHCP server receives a Network Management IPv6 Address
Schoenwaelder & B.D. Expires April 21, 2011 [Page 6]
Internet-Draft DHC Options for Network Management October 2010
Option in the ORO, the DHCP server MUST include the option in its
response message as defined in [RFC3315].
A server MAY use the sub-options in the received Network Management
IPv6 Address Option from the client's message to restrict its
response to the client requested sub-options. In the case when the
server cannot find any servers satisfying a requested sub-option, the
server SHOULD return the network management Option with that sub-
option and the length of the sub-option set to 0.
6. Security Considerations
The security considerations in [RFC2131] apply. If an adversary
manages to modify the response from a DHCP server or insert its own
response, an node could be led to contact a rogue network management
server.
It is recommended to use the DHCP authentication option described in
[RFC3118] where available. This will also protect against denial-of-
service attacks to DHCP servers. [RFC3118] provides mechanisms for
both entity authentication and message authentication.
In deployments where DHCP authentication is not available, lower-
layer security services may be sufficient to protect DHCP messages.
7. IANA Considerations
This document defines a new DHCPv4 options as described in Section 2.
NM IPv4 Address Option for DHCPv4 (OPTION-IPv4_Address-NM) [TBD]
This document defines a new DHCPv6 options as described in Section 4.
NM IPv6 Address Option for DHCPv6 (OPTION-IPv6_Address-NM) [TBD]
TODO: Need to define registries for network management sub-options.
8. Acknowledgements
The authors have used [RFC5678] as a template for this document.
9. References
Schoenwaelder & B.D. Expires April 21, 2011 [Page 7]
Internet-Draft DHC Options for Network Management October 2010
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[RFC3195] New, D. and M. Rose, "Reliable Delivery for syslog",
RFC 3195, November 2001.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the
Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
November 2002.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
December 2002.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.
[RFC5425] Miao, F., Ma, Y., and J. Salowey, "Transport Layer
Security (TLS) Transport Mapping for Syslog", RFC 5425,
March 2009.
[RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP",
RFC 5426, March 2009.
9.2. Informative References
[RFC5678] Bajko, G. and S. Das, "Dynamic Host Configuration Protocol
(DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility
Services (MoS) Discovery", RFC 5678, December 2009.
Schoenwaelder & B.D. Expires April 21, 2011 [Page 8]
Internet-Draft DHC Options for Network Management October 2010
Appendix A. Open Issues
1. Describe how the SNMP option updates the SNMP target/notification
tables with volatile entries.
Authors' Addresses
Juergen Schoenwaelder
Jacobs University Bremen
Campus Ring 1
Bremen 28759
Germany
Email: j.schoenwaelder@jacobs-university.de
TBD
TBD
Email:
Schoenwaelder & B.D. Expires April 21, 2011 [Page 9]