DHC Working Group November 3, 2008
Internet Draft Vincent Zimmer
Intended status: Informational Intel Corporation
Expires: May 2009 Dave Thaler
Microsoft
DHCPv6 Remote Boot Options
draft-zimmer-dhc-dhcpv6-remote-boot-options-01.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that
any applicable patent or other IPR claims of which he or she is
aware have been or will be disclosed, and any of which he or she
becomes aware will be disclosed, in accordance with Section 6 of
BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on May 3, 2009.
Abstract
This document describes a means by which to support network boot of a
bare-metal platform utilizing a pre-boot execution environment, such
as the Unified Extensible Firmware Interface [UEFI22]. The problem
being addressed is that the PXE [PXE21] and UEFI Specifications
[UEFI22] only describe how to ascertain boot configuration options
using DHCPv4 [RFC2131], not for DHCPv6 [RFC3315]. Similarly, iSCSI
boot [RFC4173] does not specify how to discover boot device
information in an DHCPv6 environment. This document will describe
Zimmer Expires May 3, 2009 [Page 1]
Internet-Draft DHCPv6 Remote Boot Options November 2008
how to ascertain this boot information in an IPv6 environment
utilizing options in the DHCPv6 hand-off [RFC3315].
Table of Contents
1. Introduction...................................................2
2. DHCPv6 Options ................................................3
2.1. Root Path Option..........................................3
2.2. Next Server Address Option...............................45
2.3. Boot File Size Option....................................56
2.4. Client System Architecture Type Option...................56
2.5. Client Network Interface Identifier Option...............67
2.6. iSNS Option..............................................67
2.7. SLP Directory Agent Option................................8
2.8. SLP Service Scope Option.................................89
3. Security Considerations........................................9
4. IANA Considerations..........................................910
5. Acknowledgments...............................................10
6. References....................................................11
6.1. Normative References.....................................11
6.2. Informative References...................................12
1. Introduction
Many hosts today have the ability to boot an Operating System image
(or "boot file") that is located on a server in the network. To do
so, the host must begin with some functionality just sufficient to be
able to get on the network and retrieve the boot file. As indicated
in Figure 1, it is desirable to obtain from DHCP the information
needed to locate the boot file, so that by the time the host is able
to communicate on the network, it can immediately begin downloading
the boot file.
+------+
_______________________\| DHCP |
/ 1 Get boot file info /|Server|
+------+ +------+
| Host |
+------+ +------+
\_______________________\| File |
2 Download boot file /|Server|
+------+
Figure 1: Network Boot Sequence
Two methods for downloading a boot file are specified today.
Zimmer Expires May 3, 2009 [Page 2]
Internet-Draft DHCPv6 Remote Boot Options November 2008
o iSCSI: [RFC2132] specifies a DHCPv4 option for retrieving boot file
information and [RFC4173] specifies how to download the boot
file.
o TFTP: [RFC2132] and [RFC4578] specify DHCPv4 options for retrieving
boot file information and [RFC1350] specifies how to download the
boot file.
The problem with both is that while the methods for downloading the
boot files can work over either IPv4 or IPv6, the boot file info can
only be obtained over DHCPv4. As a result, they do not support a
network that only provides IPv6, nor do they support IPv6-only
devices. To address this gap, this document specifies DHCPv6
options that provide parity with the DHCPv4 options.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. DHCPv6 Options
2.1. Root Path Option
The Root Path option specifies the path-name that contains the
client's root disk. The path is formatted as a character string
consisting of characters from the NVT ASCII character set.
This option provides parity with the Root Path Option defined for
DHCPv4 in [RFC2132] section 3.19.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ROOT_PATH | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. root-disk-pathname (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ROOT_PATH (TBD1).
option-len Length of Root Path Name in octets.
root-disk-pathname See below
Zimmer Expires May 3, 2009 [Page 3]
Internet-Draft DHCPv6 Remote Boot Options November 2008
This NULL-terminated ASCII string is the URL (conforming to [RFC2396]) to
a boot file. This string starts with the protocol which is used for downloading.
Separated by '://', the hostname or IPv6 address of the server hosting the boot
file (see also the note below), the path, file name and query parts of the URL
follow. For iSCSI, the format of the URL is specified in [RFC4173] section 5.
2.2. Next Server Address Option
This option conveys the address of the server to use in the next step of
the client's bootstrap process. A DHCP server may return its own
address in this option, if the server is prepared to supply the next
bootstrap service (e.g., delivery of an operating system executable
image).
This option provides parity with the siaddr field in DHCPv4.
The format of the option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_NEXT_SERVER_ADDRESS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Next Server Address |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_NEXT_SERVER_ADDRESS (TBD3).
option-len 16
Next Server Address The IPv6 address or IPv4-mapped address of the
next server
Zimmer Expires May 3, 2009 [Page 4]
Internet-Draft DHCPv6 Remote Boot Options November 2008
2.3. Boot File Size Option
This option specifies the length in 512-octet blocks of the default
boot image for the client. The file length is specified as a 32-bit
integer.
This option provides parity with the Boot File Size Option defined
for DHCPv4 in [RFC2132] section 3.15.
The format of the option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_BOOT_FILE_SIZE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| File Size |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_BOOT_FILE_SIZE (TBD4).
option-len 4
File Size The length in 512-octet blocks of the boot image for the
client.
2.4. Client System Architecture Type Option
This option provides parity with the Client System Architecture Type
Option defined for DHCPv4 in [RFC4578] section 2.1.
The format of the option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENT_ARCH_TYPE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. Processor Architecture Type (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_CLIENT_ARCH_TYPE (TBD5).
option-len See below.
Zimmer Expires May 3, 2009 [Page 5]
Internet-Draft DHCPv6 Remote Boot Options November 2008
Processor Architecture Type A list of one or more architecture
types, as specified in [RFC4578]
section 2.1.
2.5. Client Network Interface Identifier Option
The Client Network Interface Identifier option is sent by a DHCP
client to a DHCP server to provide information about its level of
Universal Network Device Interface (UNDI) support.
This option provides parity with the Client Network Interface
Identifier Option defined for DHCPv4 in [RFC4578] section 2.2.
The format of the option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_NII | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Major | Minor |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_NII (TBD6).
option-len 3
Type As specified in [RFC4578] section 2.2.
Major
As specified in [RFC4578] section 2.2.
Minor
As specified in [RFC4578] section 2.2.
2.6. iSNS Option
As specified in [RFC4173] section 6, iSCSI boot requires either iSNS
or SLP support.
This option provides parity with the iSNS Option defined for DHCPv4
in [RFC4174] section 2.
0 1 2 3
Zimmer Expires May 3, 2009 [Page 6]
Internet-Draft DHCPv6 Remote Boot Options November 2008
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION ISNS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| iSNS Functions | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DD Access | Administrative FLAGS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| iSNS Server Security Bitmap |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Address A |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Address B |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| . . . . |
| Additional Secondary iSNS Servers |
| . . . . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ISNS (TBD7)
option-len 2
iSNS Functions As specified in [RFC4174] section 2.
Reserved MUST be set to zero
DD Access As specified in [RFC4174] section 2.
Administrative FLAGS As specified in [RFC4174] section 2.
iSNS Server Security Bitmap
As specified in [RFC4174] section 2.
Address A As specified in [RFC4174] section 2,
except that it contains an IPv6 address.
Address B As specified in [RFC4174] section 2,
except that it contains an IPv6 address.
Additional Secondary iSNS Servers
As specified in [RFC4174] section 2,
except that it contains IPv6 addresses.
Zimmer Expires May 3, 2009 [Page 7]
Internet-Draft DHCPv6 Remote Boot Options November 2008
2.7. SLP Directory Agent Option
As specified in [RFC4173] section 6, iSCSI boot requires either iSNS
or SLP support.
This option provides parity with the SLP Directory Agent Option
defined for DHCPv4 in [RFC2610] section 3.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION SLP | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mandatory | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. Address List (variable) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.8. SLP Service Scope Option
As specified in [RFC4173] section 6, iSCSI boot requires either iSNS
or SLP support.
This option provides parity with the SLP Directory Agent Option
defined for DHCPv4 in [RFC2610] section 4.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Zimmer Expires May 3, 2009 [Page 8]
Internet-Draft DHCPv6 Remote Boot Options November 2008
| OPTION SLP SERVICE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mandatory | Scope List (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_SLP_SERVICE (TBD8)
option-len 2
Scope List As specified in [RFC2610] section 4
3. Security Considerations
If an adversary manages to modify the response from a DHCP server or
insert its own response, a host could be led to contact a rogue file
server, resulting in an attacker being able to run arbitrary code on
the host. Consequently, a practical way to verify loaded boot images
is to make sure that each host verifies the boot file to be executed
using a mechanism of their choice.
In addition, some options contain information about a client's system
architecture and may be of use to potential attackers.
See the security considerations in [RFC3315], [RFC4173], and
[RFC4578] for more discussion. This document introduces no new
concerns beyond the ones covered therein for IPv4.
4. IANA Considerations
This document introduces a new IANA registry for processor
architecture types. The name of this registry shall be "Processor
Architecture Type". Registry entries consist of a 16-bit integer
recorded in decimal format, and a descriptive name. The initial
values of this registry can be found in [RFC4578] section 2.1.
The assignment policy for values shall be Expert Review, and any
requests for values must supply the descriptive name for the
processor architecture type.
Zimmer Expires May 3, 2009 [Page 9]
Internet-Draft DHCPv6 Remote Boot Options November 2008
5. Acknowledgments
The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton,
Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led
to this document.
Zimmer Expires May 3, 2009 [Page 10]
Internet-Draft DHCPv6 Remote Boot Options November 2008
6. References
6.1. Normative References
[PXE21] Henry, M. and M. Johnston, "Preboot Execution Environment
(PXE) Specification", September 1999,
http://www.pix.net/software/pxeboot/archive/pxespec.pdf
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R. "Dynamic Host Configuration Protocol", RFC 2131,
March, 1997.
[RFC2610] C. Perkins, E. Guttman, "DHCP Options for Service Location
Protocol," RFC2610, June 1999.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and
Carney, M., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)," RFC 3315, July 2003.
[RFC4172] Monia, C., Tseng, J., and K. Gibbons, "The IPv4 Dynamic
Host Configuration Protocol (DHCP) Option for the
Internet Storage Name Service", RFC 4174, September 2005.
[RFC4173] Sarkar, P., Missimer, D. and Sapuntzakis, C.,
"Bootstrapping Clients using the Internet Small Computer
System Interface (iSCSI) Protocol," RFC 4173, September
2005.
[RFC4174] Monia, C., Tseng, J., and K. Gibbons, "The IPv4 Dynamic
Host Configuration Protocol (DHCP) Option for the Internet
Storage Name Service", RFC 4174, September 2005.
[RFC4578] Johnston, M. and Venaas, S. "Dynamic Host Configuration
Protocol (DHCP) Options for the Intel Preboot eXecution
Environment (PXE)", RFC 4578, November 2006.
[UEFI22] Unified Extensible Firmware Interface Specification,
Version 2.2, September 2008, http://www.uefi.org
Zimmer Expires May 3, 2009 [Page 11]
Internet-Draft DHCPv6 Remote Boot Options November 2008
6.2. Informative References
Author's Addresses
Vincent Zimmer
Intel
DP2-420
2800 Center Drive
DuPont, WA 98327
Phone: +1 253 371 5667
Email: vincent.zimmer@intel.com
Dave Thaler
Microsoft
One Microsoft Way
Redmond, WA 98052
Phone: +1 425 703-8835
Email: dthaler@microsoft.com
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
Zimmer Expires May 3, 2009 [Page 12]
Internet-Draft DHCPv6 Remote Boot Options November 2008
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Zimmer Expires May 3, 2009 [Page 13]