draft-ietf-dhc-container-opt-06.txt   draft-ietf-dhc-container-opt-07.txt 
dhc Working Group R. Droms dhc Working Group R. Droms
Internet-Draft R. Penno Internet-Draft R. Penno
Intended status: Standards Track Cisco Systems, Inc. Intended status: Standards Track Cisco Systems, Inc.
Expires: June 20, 2013 December 17, 2012 Expires: October 10, 2013 April 08, 2013
Container Option for Server Configuration Container Option for Server Configuration
draft-ietf-dhc-container-opt-06.txt draft-ietf-dhc-container-opt-07.txt
Abstract Abstract
In some DHCP service deployments, it is desirable for a DHCP server In some DHCP service deployments, it is desirable for a DHCP server
in one administrative domain to pass configuration options to a DHCP in one administrative domain to pass configuration options to a DHCP
server in a different administrative domain. This DHCP option server in a different administrative domain. This DHCP option
carries a set of DHCP options that can be used by another DHCP carries a set of DHCP options that can be used by another DHCP
server. server.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 20, 2013. This Internet-Draft will expire on October 10, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Problem statement and requirements for RG DHCP 3. Problem statement and requirements . . . . . . . . . . . . . 4
server configuration . . . . . . . . . . . . . . . . . . . . . 4 4. Design alternatives . . . . . . . . . . . . . . . . . . . . . 4
4. Design alternatives . . . . . . . . . . . . . . . . . . . . . . 5 5. Semantics and syntax of the Container option . . . . . . . . 5
5. Semantics and syntax of the Container option . . . . . . . . . 6 5.1. DHCPv4 Container option . . . . . . . . . . . . . . . . . 5
5.1. DHCPv4 Container option . . . . . . . . . . . . . . . . . . 6 5.2. DHCPv6 Container option . . . . . . . . . . . . . . . . . 6
5.2. DHCPv6 Container option . . . . . . . . . . . . . . . . . . 6 5.3. SP server behavior . . . . . . . . . . . . . . . . . . . 6
5.3. SP server behavior . . . . . . . . . . . . . . . . . . . . 7 5.4. RG client behavior . . . . . . . . . . . . . . . . . . . 6
5.4. RG client behavior . . . . . . . . . . . . . . . . . . . . 7 5.5. RG server behavior . . . . . . . . . . . . . . . . . . . 7
5.5. RG server behavior . . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 8. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 8
8. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Revision -02 . . . . . . . . . . . . . . . . . . . . . . 8
8.1. Revision -02 . . . . . . . . . . . . . . . . . . . . . . . 8 8.2. Revision -03 . . . . . . . . . . . . . . . . . . . . . . 8
8.2. Revision -03 . . . . . . . . . . . . . . . . . . . . . . . 9 8.3. Revision -04 . . . . . . . . . . . . . . . . . . . . . . 8
8.3. Revision -04 . . . . . . . . . . . . . . . . . . . . . . . 9 9. Related Work . . . . . . . . . . . . . . . . . . . . . . . . 8
9. Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . 8
10.1. Normative References . . . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 9
10.2. Informative References . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
In some DHCP service deployments, it is desirable to pass In some DHCP service deployments, it is desirable to pass
configuration options from a DHCP server in one administrative domain configuration options from a DHCP server in one administrative domain
to another DHCP server in a different administrative domain. In one to another DHCP server in a different administrative domain. In one
example of such a deployment, an IPTV service provider (SP) may need example of such a deployment, an IPTV service provider (SP) may need
to provide certain SP domain-specific information to IPTV device(s) to provide certain SP domain-specific information to IPTV device(s)
located in the consumer domain. This information is sent from the located in the consumer domain. This information is sent from the
IPTV SP DHCP server to the consumer DHCP server located in the IPTV SP DHCP server to the consumer DHCP server located in the
skipping to change at page 3, line 40 skipping to change at page 3, line 19
o Existing RG DHCP clients are typically coded to pass only a fixed o Existing RG DHCP clients are typically coded to pass only a fixed
list of DHCP options to the RG DHCP server and, therefore, will be list of DHCP options to the RG DHCP server and, therefore, will be
unable to pass newly defined options to the RG DHCP server. unable to pass newly defined options to the RG DHCP server.
The DHCP Container option defined in this document provides a The DHCP Container option defined in this document provides a
mechanism through which the RG DHCP client can pass DHCP options to mechanism through which the RG DHCP client can pass DHCP options to
the RG DHCP server without explicit knowledge of the semantics of the RG DHCP server without explicit knowledge of the semantics of
those options. With this option, the SP DHCP server can pass both those options. With this option, the SP DHCP server can pass both
current and future DHCP options to the RG DHCP server. current and future DHCP options to the RG DHCP server.
The DHCP Container option does not carry IP addresses, IPv6 prefixes The DHCP Container option is not used to carry options that assign
or other information about leases. It carries other configuration resources (such as addresses or delegated prefixes) to clients. It
information. can only carry other configuration information options.
2. Terminology 2. Terminology
The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be
interpreted as described in RFC2119 [RFC2119]. interpreted as described in RFC2119 [RFC2119].
The following terms and acronyms are used in this document: The following terms and acronyms are used in this document:
DHCPv4 "Dynamic Host Configuration Protocol" [RFC2131] DHCPv4 "Dynamic Host Configuration Protocol" [RFC2131]
skipping to change at page 4, line 26 skipping to change at page 4, line 5
RG DHCP client (or "RG client") the DHCP client in the RG RG DHCP client (or "RG client") the DHCP client in the RG
RG DHCP server (or "RG server") the DHCP server in the RG RG DHCP server (or "RG server") the DHCP server in the RG
SP DHCP server (or "SP server") the DHCP server managed by the SP DHCP server (or "SP server") the DHCP server managed by the
service provider (SP) service provider (SP)
This document uses other terminology for DHCPv4 and DHCPv6 as defined This document uses other terminology for DHCPv4 and DHCPv6 as defined
in RFC 2131 and RFC 3315, respectively. in RFC 2131 and RFC 3315, respectively.
3. Problem statement and requirements for RG DHCP server 3. Problem statement and requirements
configuration
The following diagram shows the components in a network deployment The following diagram shows the components in a network deployment
using the DHCP Container option: using the DHCP Container option:
Client host -+ +---------+ +------+ Client host -+ +---------+ +------+
| | RG | | SP | | | RG | | SP |
Client host -+ | Client+--- ... ---+ DHCP | Client host -+ | Client+--- ... ---+ DHCP |
+--+Server | |server| +--+Server | |server|
Client host -+ +---------+ +------+ Client host -+ +---------+ +------+
skipping to change at page 6, line 27 skipping to change at page 6, line 5
The DHCP options in this container are carried in DHCP message format The DHCP options in this container are carried in DHCP message format
(option-code/length/value). In this format, the contained options (option-code/length/value). In this format, the contained options
can be passed through a DHCP client to a co-located DHCP server can be passed through a DHCP client to a co-located DHCP server
without specific knowledge on the part of the client or the server of without specific knowledge on the part of the client or the server of
the semantics of the options. the semantics of the options.
5.1. DHCPv4 Container option 5.1. DHCPv4 Container option
The DHCPv4 Container option has the following format: The DHCPv4 Container option has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | len | DHCP Options for RG server | | Code | len | DHCP Options for RG server |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ .
. . . .
. . . .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code OPTION_CONTAINER_V4 (TBDv4) Code OPTION_V4_CONTAINER (TBDv4)
len Length of options for RG server, in octets len Length of options for RG server, in octets
5.2. DHCPv6 Container option 5.2. DHCPv6 Container option
The DHCPv6 Container option has the following format: The DHCPv6 Container option has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CONTAINER_V6 | option-len | | OPTION_CONTAINER_V6 | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DHCP Options for RG server | | DHCP Options for RG server |
. . . .
. . . .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_CONTAINER_V6 (TBDv6). option-code OPTION_V6_CONTAINER (TBDv6)
option-len Length of options for RG server, in octets option-len Length of options for RG server, in octets
5.3. SP server behavior 5.3. SP server behavior
The SP server MAY include the Container option in any DHCP message The SP server MAY include the Container option in any DHCP message
sent to an RG client. sent to an RG client.
The policy through which the SP server is instructed to include a The policy through which the SP server is instructed to include a
Container option for an RG client, and the policy determining the Container option for an RG client, and the policy determining the
skipping to change at page 7, line 42 skipping to change at page 7, line 14
The RG client MUST pass the contents of the received Container option The RG client MUST pass the contents of the received Container option
to the RG server without alteration. The details of the to the RG server without alteration. The details of the
implementation through which the RG client parses the content of the implementation through which the RG client parses the content of the
Container option and passes the options to the RG server are out of Container option and passes the options to the RG server are out of
scope for this document and left unspecified. scope for this document and left unspecified.
5.5. RG server behavior 5.5. RG server behavior
The RG server MUST discard any options related to IP address The RG server MUST discard any options related to IP address
assignment, IPv6 prefix delegation or operation of the DHCP protocol assignment, IPv6 prefix delegation or operation of the DHCP protocol
itself. itself. The following options are not permitted.
The Container option provides a mechanism through which the SP might The Container option provides a mechanism through which the SP might
be able to unilaterally control the configuration settings passed be able to unilaterally control the configuration settings passed
from a RG DHCP server to a host in the subscriber network. This from a RG DHCP server to a host in the subscriber network. This
configuration channel must be handled with some care if the configuration channel must be handled with some care if the
subscriber is to retain desired control over the host configurations. subscriber is to retain desired control over the host configurations.
The following behaviors limit the degree to which the SP can control The following behaviors limit the degree to which the SP can control
host configuration: host configuration:
o The RG server MAY discard any undesired options, as determined by o The RG server MAY discard any undesired options, as determined by
policy in the RG. policy in the RG.
o The RG server MUST return to any DHCP client only those options o The RG server MUST return to any DHCP client only those options
requested by the DHCP client in a Parameter Request List option requested by the DHCP client in a Parameter Request List option
(DHCPv4 option code 55) or an Option Request option (DHCPv6 option (DHCPv4 option code 55) or an Option Request option (DHCPv6 option
code 6). code 6).
o DHCPv4 options not permitted: 1, 3, 50, 51, 52, 53, 54, 55, 56,
57, 58, 59, 60, 61, 81, 82, 90, 91, 92, 118, 124, 151, 152, 153,
154, 155, 156, 157, 220, 221
o DHCPv6 options not permitted: 1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12,
13, 14, 15, 16, 18, 19, 20, 25, 26, 43, 44, 45, 46, 47, 48, 66,
67, 68
6. Security Considerations 6. Security Considerations
A rogue server can use this option to pass invalid information to the A rogue server can use this option to pass invalid information to the
RG client, which would then be passed to the Client hosts. This RG client, which would then be passed to the Client hosts. This
invalid information could be used to mount a denial of service attack invalid information could be used to mount a denial of service attack
or a man-in-the-middle attack against some applications. or a man-in-the-middle attack against some applications.
Authentication of DHCP messages (RFC 3118 [RFC3118] and section 20 of Authentication of DHCP messages (RFC 3118 [RFC3118] and section 20 of
RFC 3315 [RFC3315]) can be used to ensure that the contents of this RFC 3315 [RFC3315]) can be used to ensure that the contents of this
option are not altered in transit between the DHCP server and client. option are not altered in transit between the DHCP server and client.
skipping to change at page 9, line 30 skipping to change at page 9, line 5
vendor-identifying vendor-specific option, as defined in "CableLabs' vendor-identifying vendor-specific option, as defined in "CableLabs'
DHCP Options Registry" [eRouter]. DHCP Options Registry" [eRouter].
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
RFC 2131, March 1997. 2131, March 1997.
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001. Messages", RFC 3118, June 2001.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
10.2. Informative References 10.2. Informative References
[eRouter] CableLabs, "CableLabs' DHCP Options Registry (CL-SP-CANN- [eRouter] CableLabs, , "CableLabs' DHCP Options Registry (CL-SP-
DHCP-Reg-I02-080306)", March 2008. CANN-DHCP-Reg-I09-120809)", March 2008.
Authors' Addresses Authors' Addresses
Ralph Droms Ralph Droms
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Avenue 1414 Massachusetts Avenue
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978.936.1674 Phone: +1 978.936.1674
 End of changes. 16 change blocks. 
58 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/