Network Working Group O. Troan
Internet-Draft R. Droms
Expires: August 14, 2002 Cisco Systems
February 13, 2002
IPv6 Prefix Options for DHCPv6
draft-troan-dhcpv6-opt-prefix-delegation-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 14, 2002.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
The Prefix Delegation option and the Prefix Request option provide a
mechanism for delegation of IPv6 prefixes using DHCP. Conceptually,
IPv6 prefixes are assigned with these options in the same manner as
IPv6 addresses. This prefix delegation mechanism is intended for
simple prefix delegation from a delegating router to a requesting
router, across an administrative boundary, where the delegating
router does not require knowledge about the topology of the links in
the network to which the prefixes will be assigned.
Troan & Droms Expires August 14, 2002 [Page 1]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Model and Applicability . . . . . . . . . . . . . . . . . . . 3
5. Prefix delegation options . . . . . . . . . . . . . . . . . . 6
5.1 IA Prefix option . . . . . . . . . . . . . . . . . . . . . . . 7
5.2 IA Prefix Request option . . . . . . . . . . . . . . . . . . . 8
6. Message Validation . . . . . . . . . . . . . . . . . . . . . . 8
7. Delegating Router Solicitation . . . . . . . . . . . . . . . . 8
7.1 Requesting router behavior . . . . . . . . . . . . . . . . . . 9
7.2 Delegating router behavior . . . . . . . . . . . . . . . . . . 9
8. Requesting-router-initiated prefix delegation . . . . . . . . 10
8.1 Requesting router behavior . . . . . . . . . . . . . . . . . . 10
8.2 Delegating Router Behavior . . . . . . . . . . . . . . . . . . 11
9. Delegating Router-initiated prefix delegation reconfiguration 11
9.1 Delegating Router behavior . . . . . . . . . . . . . . . . . . 11
9.2 Requesting Router behvaior . . . . . . . . . . . . . . . . . . 12
10. Relay agent behavior . . . . . . . . . . . . . . . . . . . . . 12
11. Security Considerations . . . . . . . . . . . . . . . . . . . 12
References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 14
Troan & Droms Expires August 14, 2002 [Page 2]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
1. Introduction
This document describes two new options for DHCP, which provide a
mechanism for delegation of IPv6 prefixes. Through these options, an
authorized delegating router can delegate prefixes to a requesting
router.
The prefix delegation mechanism described in this document is
intended for simple delegation of prefixes from a delegating router
to a requesting router. It is appropriate for situations in which
the delegating router does not have knowledge about the topology of
the networks to which the requesting router is attached, and the
delegating router does not require other information aside from the
identity of the requesting router to choose a prefix or prefixes for
delegation. For example, the Prefix Delegation and Prefix Request
options would be used by a service provider to assign a prefix to a
CPE device acting as a router between the subscriber's internal
network and the service provider's core network.
2. Terminology
This document uses the terminology defined in RFC2460 [2] and DHCP
[5]. In addition, this document uses the following terms:
Requesting Router: The router that acts as a DHCP client and is
requesting that a prefix be assigned
Delegating Router: The router that acts as a DHCP server, and is
responding to the prefix request
3. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [1].
4. Model and Applicability
The model of operation for prefix delegation is as follows. A
delegating router is provided DHCPv6 prefixes to be delegated to
requesting routers. Examples of ways in which the delegating router
may be provided these prefixes are given in Section 8.2. A
requesting router requests a prefix or prefixes from the delegating
router, as described in Section 8.1. The delegating router chooses a
prefix or prefixes for delegation, and returns those prefixes to the
requesting router. The requesting router is then responsible for the
delegated prefix or prefixes. For example, the requesting router
Troan & Droms Expires August 14, 2002 [Page 3]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
might assign a delegated prefix to a link to which the router has an
interface, and begin sending router advertisements for the prefix on
that link.
Delegated prefixes are managed in the same way as assigned IPv6
addresses in DHCP. Each prefix has an associated lease, which
constitutes an agreement about the length of time over which the
requesting router is allowed to use the prefix. A requesting router
can request an extension of the lease on a delegated prefix and is
required to terminate the use of a delegated prefix if the lease on
the prefix expires.
For example, this prefix delegation mechanism would be appropriate
for use by an ISP to delegate a prefix to a subscriber, where the
delegated prefix would possibly be subnetted and assigned to the
links within the subscriber's network.
Troan & Droms Expires August 14, 2002 [Page 4]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
Figure 1 illustrates a network architecture in which prefix
delegation would be used.
+--------+ \
| AAA | \
| server | \
+---+----+ |
___|__________________ |
/ \ |
| ISP core network | |
\__________ ___________/ |
| | ISP
+-------+-------+ | network
| Aggregation | |
| device | |
| (delegating | |
| router) | |
+-------+-------+ |
| /
|DSL to subscriber /
|premises /
|
+------+------+ \
| CPE | \
| (requesting | \
| router) | |
+----+---+----+ |
| | | Subscriber
---+-------------+-----+- -+-----+-------------+--- | network
| | | | |
+----+-----+ +-----+----+ +----+-----+ +-----+----+ |
|Subscriber| |Subscriber| |Subscriber| |Subscriber| /
| PC | | PC | | PC | | PC | /
+----------+ +----------+ +----------+ +----------+ /
Figure 1: An example of prefix delegation.
In this example, the delegating router is configured with a prefix
assigned to the customer at the time of subscription to the ISP
service. The prefix delegation process begins when the requesting
router requests configuration information through DHCP. The DHCP
messages from the requesting router are received by the delegating
router in the aggregation device. When the delegating router
receives the request, it consults the AAA server to authenticate the
identity of the requesting router. The AAA server returns an
acknowledgment of the requesting router's identity to the delegating
router. The delegating router locates the prefix that has been
assigned to the subscriber and returns it to the requesting router.
Troan & Droms Expires August 14, 2002 [Page 5]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
In the case where the subscriber's network consists of a single
internal link, the requesting router assigns the delegated prefix to
the internal link. If there are multiple internal links, as shown in
figure 1, the requesting router can subnet a single delegated prefix
into longer prefixes and assign them to the internal links. Or, if
the delegating router has delegated multiple prefixes, the requesting
router can assign those prefixes to the internal links.
The prefix delegation options can be used in conjunction with other
DHCP options carrying other configuration information to the
requesting router. The requesting router may, in turn, then provide
DHCP service to hosts attached to the internal network. For example,
the requesting router may obtain the addresses of DNS and NTP servers
from the ISP delegating router, and then pass that configuration
information on to the subscriber hosts through a delegating router in
the requesting router.
5. Prefix delegation options
Prefix delegation is accomlished with two options:
IA Prefix option: Used to inform a requesting router of a
delegated prefix
Prefix Request option: Used by a requesting router to explicitly
request a prefix or prefixes
Troan & Droms Expires August 14, 2002 [Page 6]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
5.1 IA Prefix option
The format of the IA Prefix option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_IAPREFIX | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| lease-duration |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| prefix-length | IPv6-prefix |
+-+-+-+-+-+-+-+-+ (variable length) |
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_IAPREFIX (TBD)
option-length: See section 23 of the DHCP specification
lease duration: The duration of the lease for the IPv6 prefix in the
option
prefix-length: Length for this prefix
IPv6-prefix: An IPv6 prefix
The lease-duration is expressed in seconds. The prefix-length gives
the number of bits in the prefix carried in this option. To reduce
the number of octets used for this option, the IPv6 prefix is
represented in ceiling(prefix-length/8) octets.
In a message sent by a requesting router to a delegating router, the
value in the lease duration field indicates the requesting router's
preference for those parameters. The requesting router may send 0 if
it has no preference for the lease duration.
An IA Prefix option MUST only appear in an IA option. One or more IA
Prefix Options can appear anywhere in an IA option.
Troan & Droms Expires August 14, 2002 [Page 7]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
5.2 IA Prefix Request option
The format of the IA Prefix Request option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_PREFIXREQ | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| prefix-length | num-global | num-site |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_PREFIXREQ (TBD)
option-len: See section 23 of the DHCP specification
prefix-length: Prefix length for the requested global-scope prefixes.
A value of zero (0) indicates that the requesting router will
accept any prefix length provided by the delegating router.
num-global: The number of global-scope prefixes requested. A
value of 0 indicates that the requesting router is not requesting
any prefixes. A value of -1 indicates that the requesting router
does not indicate a preference.
num-site: The number of site-scope prefixes requested. A value
of 0 indicates that the requesting router is not requesting any
prefixes. A value of -1 indicates that the requesting router does
not indicate a preference.
A Prefix Request option MUST only appear in an IA in a message from a
requesting router.
6. Message Validation
A requesting router or a delegating router MUST ignore any IA Prefix
option or Prefix Request option that does not appear in an IA option
in messages it receives.
A requesting router MUST ignore any Prefix Request options in
messages it receives.
7. Delegating Router Solicitation
The requesting router locates and selects a delegating router in the
same way as described in section "DHCP Server Solicitation" of the
DHCP specification. The details of the solicitation process are
Troan & Droms Expires August 14, 2002 [Page 8]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
described in this section.
7.1 Requesting router behavior
The requesting router creates and transmits a Solicit message as
described in sections "Creation of Solicit Messages" and
"Transmission of Solicit Messages" of the DHCP specification. The
requesting router MUST include at least one IA in which the
delegating router will list any prefixes it advertises that it will
delegate to the requesting router. The requesting router MAY include
a Prefix Request option to indicate the requesting router's
preferences about prefixes it is requesting.
The requesting router processes any received Advertise messages as
described in section "Receipt of Advertise Messages" in the DHCP
specification. The requesting router MAY choose to consider the
presence of advertised prefixes in its decision about which
delegating router to respond to.
7.2 Delegating router behavior
The delegating router processes Solicit messages from requesting
routers in the same way as described in section "Receipt of Solicit
messages" of the DHCP specification. If the message contains one or
more IA options and the delegating router is configured to delegate a
prefix or prefixes to the requesting router, the delegating router
selects the prefix or prefixes to be delegated to the requesting
router. The mechanism through which the delegating router selects
prefixes for delegation is not specified in this document. Examples
of ways in which the delegating router might select prefixes for a
requesting router include: static assignment based on subscription to
an ISP; dyanmic assignment from a pool of available prefixes;
selection based on an external authority such as a RADIUS server.
If the requesting router includes a Prefix Request option in its
Solicit message, the delegating router MAY choose to use the
information in that option to select the prefix or prefixes to be
delegated to the requesting router.
The delegating router sends an Advertise message to the requesting
router in the same way as described in section "Creation and
transmission of Advertise messages" in the DHCP specification. The
delegating router MUST include an IA Prefix option or options
identifying any prefix or prefixes that the delegating router will
delegate to the requesting router in an IA option or options in the
Advertise message.
Troan & Droms Expires August 14, 2002 [Page 9]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
8. Requesting-router-initiated prefix delegation
A requesting router uses the same message exchanges as described in
section "DHCP Client-Initiated Configuration Exchange" of the DHCP
specification to obtain or update delegated prefixes from a
delegating router. The requesting router and the delegating router
use the IA Prefix option to exchange information about prefixes in
much the same way IA Address options are used for assigned addresses.
8.1 Requesting router behavior
To obtain prefixes from the delegating router, the requesting router
MUST include IA Prefix options (in IA options) identifying the prefix
or prefixes sent from the delegating router to the requesting router
in the Advertise message received by the requesting router.
The requesting router MUST include IA Prefix options (in IA options)
identifying the prefix or prefixes that have previously delegated
from the delegating router in any Confirm, Renew, or Rebind messages
send by the requesting router.
Each prefix has an associated lease whose duration is specified in
the IA Prefix option for that prefix. The requesting router uses
Renew and Rebind messages to request the extension of the lease on a
delegated prefix.
The requesting router uses a Release message to return a delegated
prefix to a delegating router.
The requesting router extracts any delegated prefixes as identified
in IA Prefix options in Reply messages it receives.
The way in which the requesting router uses delegated prefixes is not
specified in this document. As an example, the requesting router
might subnet a delegated prefix and assign the longer prefixes to the
internal links in the subscriber network shown in Figure 1.
If the requesting router subnets a delegated prefix, it must assign
additional bits to the prefix to generate unique, longer prefixes.
For example, if the requesting router were delegated
DEAD:BEEF:CAFE:0::/48, it might generate DEAD:BEEF:CAFE:0001::/64 and
DEAD:BEEF:CAFE:0002::/64 for assignment to the two links in the
subscriber network.
If the requesting router assigns a delegated prefix to a link to
which the router is attached, and begins to send router
advertisements for the prefix on the link, the requesting router MUST
set the valid lifetime and the preferred lifetime for that prefix to
Troan & Droms Expires August 14, 2002 [Page 10]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
expire no later than the expiration of the lease on the prefix.
8.2 Delegating Router Behavior
When a delegating router receives a Request message from a requesting
router that contains one or more IA options and the delegating router
is authorized to delegate a prefix or prefixes to the requesting
router, the delegating router selects the prefix or prefixes to be
delegated to the requesting router. If the requesting router
includes a Prefix Request option in its Solicit message, the
delegating router MAY choose to use the information in that option to
select the prefix or prefixes to be delegated to the requesting
router. The mechanism through which the delegating router selects
prefixes for delegation is not specified in this document. Section
7.2 gives examples of ways in which a delegating router might select
prefixes to be delegated to a requesting router.
A delegating router examines the prefixes identified in IA Prefix
options in Confirm, Renew and Rebind messages and responds according
to the current status of the prefix. The delegating router returns
an IA Prefix option with an updated lease duration for each valid
prefix in the message from the requesting router.
Upon the receipt of a valid Decline message, the delegating router
examines the IA options and the IA Prefix options for validity. If
the IAs in the message are in a binding for the requesting router and
the prefixes in the IAs have been assigned by the delegating router
to those IA, the delegating router deletes the prefix(es) from the
IAs. The delegating router MAY choose to make a notification that
prefixes were declined.
A delegating router marks any prefixes in IA Prefix options in a
Release message as "available".
The delegating router MUST include an IA Prefix option or options in
an IA option or options identifying any delegated prefixes in Reply
messages sent to a requesting router.
9. Delegating Router-initiated prefix delegation reconfiguration
This section describes prefix delegation in Reconfigure message
exchanges.
9.1 Delegating Router behavior
The delegating router initiates a configuration message exchange with
a requesting router in the same way as a DHCP server, as described in
the section "DHCP Server-Initiated Configuration Exchange" of the
Troan & Droms Expires August 14, 2002 [Page 11]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
DHCP specification. The delegating router specifies the IA option in
the Option Request option to cause the requesting router to include
an IA option to obtain new information about delegated prefixes.
9.2 Requesting Router behvaior
The requesting router responds to a Reconfigure message received from
a delegating router in the same way as a DHCP client, as described in
the DHCP specification. The requesting router MUST include IA Prefix
options for any prefixes that have been delegated to the requesting
router by the delegating router from which the Reconfigure message
was received.
10. Relay agent behavior
A relay agent forwards messages containing prefix delegation options
in the same way as described in section "Relay Behavior" of the DHCP
specification.
11. Security Considerations
Security considerations in DHCP are described in the section
"Security Considerations" of the DHCP specification.
Prefix delegation can be used to mount a denial of service attack or
a man-in-the-middle attack against an organization by delegating
invalid prefixes to a requesting router, causing the requesting
router to forward outbound datagrams to an invalid destination or to
an intruder's destination host.
An intruder requesting router may be able to mount a denial of
service attack by repeated requests for delegated prefixes that
exhaust the delegating router's available prefixes.
To guard against attacks through prefix delegation, requesting
routers and delegating routers SHOULD use DHCP authentication as
described in section "Authentication of DHCP messages" in the DHCP
specification.
References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998.
[3] Hinden, R. and S. Deering, "IP Version 6 Addressing
Troan & Droms Expires August 14, 2002 [Page 12]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
Architecture", RFC 2373, July 1998.
[4] Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.
[5] Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B. and R.
Droms (ed.), "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", draft-ietf-dhc-dhcpv6-23 (work in progress), February
2002.
Authors' Addresses
Ole Troan
Cisco Systems
4 The Square
Stockley Park
Uxbridge UB11 1BN
United Kingdom
Phone: +44 20 8756 8666
EMail: ot@cisco.com
Ralph Droms
Cisco Systems
300 Apollo Drive
Chelmsford, MA 01824
USA
Phone: +1 978 497 4733
EMail: rdroms@cisco.com
Troan & Droms Expires August 14, 2002 [Page 13]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2002
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Troan & Droms Expires August 14, 2002 [Page 14]