[Search] [txt|pdfized|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]
Versions: 00 01                                                         
DHC Working Group                                      November 3, 2008
Internet Draft                                           Vincent Zimmer
Intended status: Informational                        Intel Corporation
Expires: May 2009                                           Dave Thaler
                                                              Microsoft



                        DHCPv6 Remote Boot Options
            draft-zimmer-dhc-dhcpv6-remote-boot-options-01.txt


Status of this Memo

   By submitting this Internet-Draft, each author represents that
   any applicable patent or other IPR claims of which he or she is
   aware have been or will be disclosed, and any of which he or she
   becomes aware will be disclosed, in accordance with Section 6 of
   BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on May 3, 2009.

Abstract

   This document describes a means by which to support network boot of a
   bare-metal platform utilizing a pre-boot execution environment, such
   as the Unified Extensible Firmware Interface [UEFI22].   The problem
   being addressed is that the PXE [PXE21] and UEFI Specifications
   [UEFI22] only describe how to ascertain boot configuration options
   using DHCPv4 [RFC2131], not for DHCPv6 [RFC3315].  Similarly, iSCSI
   boot [RFC4173] does not specify how to discover boot device
   information in an DHCPv6 environment.   This document will describe



Zimmer                   Expires May 3, 2009                   [Page 1]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


   how to ascertain this boot information in an IPv6 environment
   utilizing options in the DHCPv6 hand-off [RFC3315].

Table of Contents


   1. Introduction...................................................2
   2. DHCPv6 Options ................................................3
      2.1. Root Path Option..........................................3
      2.2. Next Server Address Option...............................45
      2.3. Boot File Size Option....................................56
      2.4. Client System Architecture Type Option...................56
      2.5. Client Network Interface Identifier Option...............67
      2.6. iSNS Option..............................................67
      2.7. SLP Directory Agent Option................................8
      2.8. SLP Service Scope Option.................................89
   3. Security Considerations........................................9
   4. IANA Considerations..........................................910
   5. Acknowledgments...............................................10
   6. References....................................................11
      6.1. Normative References.....................................11
      6.2. Informative References...................................12

1. Introduction

   Many hosts today have the ability to boot an Operating System image
   (or "boot file") that is located on a server in the network.  To do
   so, the host must begin with some functionality just sufficient to be
   able to get on the network and retrieve the boot file.  As indicated
   in Figure 1, it is desirable to obtain from DHCP the information
   needed to locate the boot file, so that by the time the host is able
   to communicate on the network, it can immediately begin downloading
   the boot file.

                                        +------+
                _______________________\| DHCP |
               / 1 Get boot file info  /|Server|
       +------+                         +------+
       | Host |
       +------+                         +------+
               \_______________________\| File |
                 2 Download boot file  /|Server|
                                        +------+

       Figure 1: Network Boot Sequence

   Two methods for downloading a boot file are specified today.


Zimmer                   Expires May 3, 2009                   [Page 2]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


   o iSCSI: [RFC2132] specifies a DHCPv4 option for retrieving boot file
      information and [RFC4173] specifies how to download the boot
      file.

   o TFTP: [RFC2132] and [RFC4578] specify DHCPv4 options for retrieving
      boot file information and [RFC1350] specifies how to download the
      boot file.

   The problem with both is that while the methods for downloading the
   boot files can work over either IPv4 or IPv6, the boot file info can
   only be obtained over DHCPv4.  As a result, they do not support a
   network that only provides IPv6, nor do they support IPv6-only
   devices.  To address this gap, this document specifies DHCPv6
   options that provide parity with the DHCPv4 options.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2. DHCPv6 Options

2.1. Root Path Option

   The Root Path option specifies the path-name that contains the
   client's root disk. The path is formatted as a character string
   consisting of characters from the NVT ASCII character set.

   This option provides parity with the Root Path Option defined for
   DHCPv4 in [RFC2132] section 3.19.

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |        OPTION_ROOT_PATH       |          option-len           |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       .                                                               .
       .             root-disk-pathname (variable length)              .
       .                                                               .
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       option-code         OPTION_ROOT_PATH (TBD1).

       option-len           Length of Root Path Name in octets.

       root-disk-pathname   See below




Zimmer                   Expires May 3, 2009                   [Page 3]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


   This NULL-terminated ASCII string is the URL (conforming to [RFC2396]) to
   a boot file.  This string starts with the protocol which is used for downloading.
   Separated by '://', the hostname or IPv6 address of the server hosting the boot
   file (see also the note below), the path, file name and query parts of the URL
   follow.  For iSCSI, the format of the URL is specified in [RFC4173] section 5.





2.2. Next Server Address Option

This option conveys the address of the server to use in the next step of
the client's bootstrap process.  A DHCP server may return its own
address in this option, if the server is prepared to supply the next
bootstrap service (e.g., delivery of an operating system executable
image).

This option provides parity with the siaddr field in DHCPv4.

The format of the option is:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   OPTION_NEXT_SERVER_ADDRESS  |          option-len           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
|                    Next Server Address                        |
|                                                               |
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

option-code            OPTION_NEXT_SERVER_ADDRESS (TBD3).

option-len             16

Next Server Address    The IPv6 address or IPv4-mapped address of the
                       next server







Zimmer                   Expires May 3, 2009                   [Page 4]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


2.3. Boot File Size Option

   This option specifies the length in 512-octet blocks of the default
   boot image for the client.  The file length is specified as a 32-bit
   integer.

   This option provides parity with the Boot File Size Option defined
   for DHCPv4 in [RFC2132] section 3.15.

   The format of the option is:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |     OPTION_BOOT_FILE_SIZE     |          option-len           |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |         File Size                                             |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


       option-code    OPTION_BOOT_FILE_SIZE (TBD4).

       option-len     4

       File Size      The length in 512-octet blocks of the boot image for the
                     client.

2.4. Client System Architecture Type Option

   This option provides parity with the Client System Architecture Type
   Option defined for DHCPv4 in [RFC4578] section 2.1.

   The format of the option is:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |    OPTION_CLIENT_ARCH_TYPE    |         option-len            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       .                                                               .
       .         Processor Architecture Type (variable length)         .
       .                                                               .
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       option-code     OPTION_CLIENT_ARCH_TYPE (TBD5).

       option-len       See below.


Zimmer                   Expires May 3, 2009                   [Page 5]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008



       Processor Architecture Type     A list of one or more architecture
                                       types, as specified in [RFC4578]
                                       section 2.1.




2.5. Client Network Interface Identifier Option

   The Client Network Interface Identifier option is sent by a DHCP
   client to a DHCP server to provide information about its level of
   Universal Network Device Interface (UNDI) support.

   This option provides parity with the Client Network Interface
   Identifier Option defined for DHCPv4 in [RFC4578] section 2.2.

   The format of the option is:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |           OPTION_NII          |          option-len           |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |     Type      |     Major     |      Minor      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       option-code    OPTION_NII (TBD6).

       option-len     3

       Type          As specified in [RFC4578] section 2.2.

       Major
                          As specified in [RFC4578] section 2.2.

       Minor
                          As specified in [RFC4578] section 2.2.

2.6. iSNS Option

   As specified in [RFC4173] section 6, iSCSI boot requires either iSNS
   or SLP support.

   This option provides parity with the iSNS Option defined for DHCPv4
   in [RFC4174] section 2.


    0                   1                   2                   3


Zimmer                   Expires May 3, 2009                   [Page 6]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   OPTION ISNS                 |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          iSNS Functions       |          Reserved             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           DD Access           |     Administrative FLAGS      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 iSNS Server Security Bitmap                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                          Address A                            |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                          Address B                            |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            . . . .                            |
   |                 Additional Secondary iSNS Servers             |
   |                            . . . .                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       option-code          OPTION_ISNS (TBD7)

       option-len           2

       iSNS Functions       As specified in [RFC4174] section 2.

       Reserved             MUST be set to zero

       DD Access            As specified in [RFC4174] section 2.

       Administrative FLAGS  As specified in [RFC4174] section 2.

       iSNS Server Security Bitmap
                               As specified in [RFC4174] section 2.

       Address A               As specified in [RFC4174] section 2,
                                except that it contains an IPv6 address.

       Address B               As specified in [RFC4174] section 2,
                                except that it contains an IPv6 address.

        Additional Secondary iSNS Servers
                           As specified in [RFC4174] section 2,
                                except that it contains IPv6 addresses.



Zimmer                   Expires May 3, 2009                   [Page 7]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008






2.7. SLP Directory Agent Option

   As specified in [RFC4173] section 6, iSCSI boot requires either iSNS
   or SLP support.

   This option provides parity with the SLP Directory Agent Option
   defined for DHCPv4 in [RFC2610] section 3.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION SLP           |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Mandatory   |              Reserved                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                         Address List (variable)               .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


2.8. SLP Service Scope Option

   As specified in [RFC4173] section 6, iSCSI boot requires either iSNS
   or SLP support.

   This option provides parity with the SLP Directory Agent Option
   defined for DHCPv4 in [RFC2610] section 4.

   0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Zimmer                   Expires May 3, 2009                   [Page 8]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


   |      OPTION SLP SERVICE       |          option-len           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Mandatory   | Scope List (variable)                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   option-code    OPTION_SLP_SERVICE (TBD8)

   option-len     2

   Scope List     As specified in [RFC2610] section 4

3. Security Considerations

   If an adversary manages to modify the response from a DHCP server or
   insert its own response, a host could be led to contact a rogue file
   server, resulting in an attacker being able to run arbitrary code on
   the host.  Consequently, a practical way to verify loaded boot images
   is to make sure that each host verifies the boot file to be executed
   using a mechanism of their choice.

   In addition, some options contain information about a client's system
   architecture and may be of use to potential attackers.

   See the security considerations in [RFC3315], [RFC4173], and
   [RFC4578] for more discussion.  This document introduces no new
   concerns beyond the ones covered therein for IPv4.

4. IANA Considerations

   This document introduces a new IANA registry for processor
   architecture types.  The name of this registry shall be "Processor
   Architecture Type".  Registry entries consist of a 16-bit integer
   recorded in decimal format, and a descriptive name.  The initial
   values of this registry can be found in [RFC4578] section 2.1.

   The assignment policy for values shall be Expert Review, and any
   requests for values must supply the descriptive name for the
   processor architecture type.







Zimmer                   Expires May 3, 2009                   [Page 9]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


5. Acknowledgments

   The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton,
   Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led
   to this document.












































Zimmer                   Expires May 3, 2009                  [Page 10]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


6. References

6.1. Normative References

   [PXE21]   Henry, M. and M. Johnston, "Preboot Execution Environment
             (PXE) Specification", September 1999,
             http://www.pix.net/software/pxeboot/archive/pxespec.pdf

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2131] Droms, R. "Dynamic Host Configuration Protocol", RFC 2131,
             March, 1997.

   [RFC2610] C. Perkins, E. Guttman, "DHCP Options for Service Location
             Protocol," RFC2610, June 1999.

   [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and
             Carney, M., "Dynamic Host Configuration Protocol for IPv6
             (DHCPv6)," RFC 3315, July 2003.

   [RFC4172] Monia, C., Tseng, J., and K. Gibbons, "The IPv4 Dynamic
             Host Configuration Protocol (DHCP) Option for the
             Internet Storage Name Service", RFC 4174, September 2005.

   [RFC4173] Sarkar, P., Missimer, D. and Sapuntzakis, C.,
             "Bootstrapping Clients using the Internet Small Computer
             System Interface (iSCSI) Protocol," RFC 4173, September
             2005.

   [RFC4174] Monia, C., Tseng, J., and K. Gibbons, "The IPv4 Dynamic
             Host Configuration Protocol (DHCP) Option for the Internet
             Storage Name Service", RFC 4174, September 2005.

   [RFC4578] Johnston, M. and Venaas, S. "Dynamic Host Configuration
             Protocol (DHCP) Options for the Intel Preboot eXecution
             Environment (PXE)", RFC 4578, November 2006.

   [UEFI22]  Unified Extensible Firmware Interface Specification,
             Version 2.2, September 2008, http://www.uefi.org









Zimmer                   Expires May 3, 2009                  [Page 11]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


6.2. Informative References

Author's Addresses

   Vincent Zimmer
   Intel
   DP2-420
   2800 Center Drive
   DuPont, WA 98327

   Phone: +1 253 371 5667
   Email: vincent.zimmer@intel.com


   Dave Thaler
   Microsoft
   One Microsoft Way
   Redmond, WA 98052

   Phone: +1 425 703-8835
   Email: dthaler@microsoft.com


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information


Zimmer                   Expires May 3, 2009                  [Page 12]


Internet-Draft        DHCPv6 Remote Boot Options          November 2008


   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


































Zimmer                   Expires May 3, 2009                  [Page 13]