| draft-ietf-dhc-dhcpv4-over-ipv6-06.txt | draft-ietf-dhc-dhcpv4-over-ipv6-07.txt | |||
|---|---|---|---|---|
| Network Working Group Y. Cui | Network Working Group Y. Cui | |||
| Internet-Draft P. Wu | Internet-Draft P. Wu | |||
| Intended status: Informational J. Wu | Intended status: Informational J. Wu | |||
| Expires: September 21, 2013 Tsinghua University | Expires: March 25, 2014 Tsinghua University | |||
| T. Lemon | T. Lemon | |||
| Nominum, Inc. | Nominum, Inc. | |||
| March 20, 2013 | September 21, 2013 | |||
| DHCPv4 over IPv6 Transport | DHCPv4 over IPv6 Transport | |||
| draft-ietf-dhc-dhcpv4-over-ipv6-06 | draft-ietf-dhc-dhcpv4-over-ipv6-07 | |||
| Abstract | Abstract | |||
| In IPv6 networks, there remains a need to provide IPv4 service for | In IPv6 networks, there remains a need to provide IPv4 service for | |||
| some residual devices. This document describes a mechanism for | some residual devices. This document describes a mechanism for | |||
| allocating IPv4 addresses to such devices, using DHCPv4 with an IPv6 | allocating IPv4 addresses to such devices, using DHCPv4 with an IPv6 | |||
| transport. It is done by putting a special relay agent function | transport. It is done by putting a special relay agent function | |||
| (Client Relay Agent) on the client side, as well as extending the | (Client Relay Agent) on the client side, as well as extending the | |||
| behavior of the server; in the case where DHCP server only supports | behavior of the server; in the case where DHCP server only supports | |||
| IPv4 transport, a relay agent is extended to support IPv6 transport | IPv4 transport, a relay agent is extended to support IPv6 transport | |||
| skipping to change at page 1, line 42 | skipping to change at page 1, line 42 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 21, 2013. | This Internet-Draft will expire on March 25, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 4 | 4. Client Relay Agent IPv6 Address Sub-option . . . . . . . . . . 5 | |||
| 5. Client Relay Agent IPv6 Address Sub-option . . . . . . . . . . 6 | 5. Client Relay Agent Behavior . . . . . . . . . . . . . . . . . 6 | |||
| 6. Client Relay Agent Behavior . . . . . . . . . . . . . . . . . 6 | 6. IPv6-Transport Server Behavior . . . . . . . . . . . . . . . . 7 | |||
| 7. IPv6-Transport Server Behavior . . . . . . . . . . . . . . . . 7 | 7. IPv6-Transport Relay Agent Behavior . . . . . . . . . . . . . 8 | |||
| 8. IPv6-Transport Relay Agent Behavior . . . . . . . . . . . . . 8 | 8. Security Consideration . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. Security Consideration . . . . . . . . . . . . . . . . . . . . 8 | 9. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 10. IANA consideration . . . . . . . . . . . . . . . . . . . . . . 9 | 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 11.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . 10 | ||||
| Appendix A. Motivation for selecting this particular solution . . 10 | Appendix A. Motivation for selecting this particular solution . . 10 | |||
| A.1. Configuring IPv4 with DHCPv6 . . . . . . . . . . . . . . 11 | A.1. Configuring IPv4 with DHCPv6 . . . . . . . . . . . . . . 10 | |||
| A.2. Tunnel DHCPv4 over IPv6 . . . . . . . . . . . . . . . . . 11 | A.2. Tunnel DHCPv4 over IPv6 . . . . . . . . . . . . . . . . . 11 | |||
| A.3. DHCPv4 relayed over IPv6 . . . . . . . . . . . . . . . . 12 | A.3. DHCPv4 relayed over IPv6 . . . . . . . . . . . . . . . . 11 | |||
| Appendix B. Discussion on One Host Retrieving Multiple | Appendix B. Discussion on One Host Retrieving Multiple | |||
| Addresses through One CRA . . . . . . . . . . . . . . 12 | Addresses through One CRA . . . . . . . . . . . . . . 12 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| DHCPv4 [RFC2131] was not designed with IPv6 in mind: DHCPv4 cannot | DHCPv4 [RFC2131] was not designed with IPv6 in mind: DHCPv4 cannot | |||
| operate on an IPv6 network. However, as dual-stack networks become a | operate on an IPv6 network. However, as dual-stack networks become a | |||
| reality, the need arises to allocate IPv4 addresses in an IPv6 | reality, the need arises to allocate IPv4 addresses in an IPv6 | |||
| environment. To meet this demand, this document extends the DHCPv4 | environment. To meet this demand, this document extends the DHCPv4 | |||
| protocol to allow the use of an IPv6 network for transport. | protocol to allow the use of an IPv6 network for transport. | |||
| A typical scenario that probably requires this feature is IPv4-over- | A typical scenario that probably requires this feature is IPv4-over- | |||
| IPv6 hub and spoke tunnel [RFC4925]. In this scenario, IPv4-over- | IPv6 hub and spoke tunnel [RFC4925]. In this scenario, IPv4-over- | |||
| IPv6 tunnel is used to provide IPv4 connectivity to end users (hosts | IPv6 tunnel is used to provide IPv4 connectivity to end users (hosts | |||
| or end networks) across an IPv6 network. If the IPv4 addresses of | or end networks) across an IPv6 network. If the IPv4 addresses of | |||
| the end users are provisioned by the concentrator side, then the | the end users are provisioned by the concentrator side, then the | |||
| provisioning process should be able to cross the IPv6 network. One | provisioning process should be able to cross the IPv6 network. One | |||
| such tunnel mechanism is demonstrated in | such tunnel mechanism is demonstrated in | |||
| [I-D.ietf-softwire-public-4over6]. DHCPv4 over IPv6 would be a | [I-D.ietf-softwire-public-4over6]. | |||
| generic solution for this scenario. | ||||
| 2. Requirements Language | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||||
| document are to be interpreted as described in [RFC2119]. | ||||
| 3. Terminology | 2. Terminology | |||
| This document makes use of the following terms: | This document makes use of the following terms: | |||
| o DHCPv4: IPv4 Dynamic Host Configuration Protocol [RFC2131]. | o DHCPv4: IPv4 Dynamic Host Configuration Protocol [RFC2131]. | |||
| o Client Relay Agent(CRA): a special DHCPv4 Relay Agent which relays | o Client Relay Agent (CRA): a special DHCPv4 Relay Agent which | |||
| between DHCPv4 client and DHCPv4 server using an IPv6 network. A | relays between DHCPv4 client and DHCPv4 server using an IPv6 | |||
| CRA either sits on the same, IPv6-accessible host with the DHCPv4 | network. A CRA either sits on the same, IPv6-accessible host with | |||
| client, or sits on the same link with the host running DHCPv4 | the DHCPv4 client, or sits on the same link with the host running | |||
| client. | DHCPv4 client. | |||
| o Host Client Relay Agent(HCRA): a CRA which sits on the same, IPv6- | o Host Client Relay Agent (HCRA): a CRA which sits on the same, | |||
| accessible host with the DHCPv4 client. | IPv6-accessible host with the DHCPv4 client. | |||
| o On-Link Client Relay Agent(LCRA): a CRA which sits on the same | o On-Link Client Relay Agent (LCRA): a CRA which sits on the same | |||
| link with the host that runs DHCPv4 client. | link with the host that runs DHCPv4 client. | |||
| o IPv6-Transport Server(TSV): a DHCPv4 Server that supports IPv6 | o IPv6-Transport Server (TSV): a DHCPv4 Server that supports IPv6 | |||
| transport. TSV listens on IPv6 for incoming DHCPv4 messages, and | transport. The TSV listens on IPv6 for incoming DHCPv4 messages, | |||
| sends DHCPv4 messages in IPv6 packets. | and sends DHCPv4 messages in IPv6 packets. | |||
| o IPv6-Transport Relay Agent(TRA): a DHCPv4 Relay Agent that | o IPv6-Transport Relay Agent (TRA): a DHCPv4 Relay Agent that | |||
| supports IPv6 transport. TRA sits on a machine which has both | supports IPv6 transport. The TRA sits on a machine which has both | |||
| IPv6 and IPv4 connectivity, and relays DHCP messages between CRA | IPv6 and IPv4 connectivity, and relays DHCP messages between a CRA | |||
| and regular DHCPv4 server. Unlike CRA, TRA sits on the remote end | and a regular DHCPv4 server. Unlike the CRA, the TRA sits on the | |||
| of IPv6 network, and communicates with DHCPv4 server through IPv4. | remote end of IPv6 network, and communicates with DHCPv4 server | |||
| through IPv4. | ||||
| o Client Relay Agent IPv6 Address Sub-option (CRA6ADDR sub-option): | o Client Relay Agent IPv6 Address Sub-option (CRA6ADDR sub-option): | |||
| a new sub-option of the DHCP Relay Agent Information Option | a new sub-option of the DHCP Relay Agent Information Option | |||
| [RFC3046], defined in this document, which is used to carry the | [RFC3046], defined in this document, which is used to carry the | |||
| IPv6 address of the CRA. | IPv6 address of the CRA. | |||
| 4. Protocol Summary | 3. Protocol Summary | |||
| The scenario for DHCPv4 over IPv6 transport is shown in Figure 1. | The scenario for DHCPv4 over IPv6 transport is shown in Figure 1. | |||
| DHCPv4 clients and DHCPv4 server/relay are separated by an IPv6 | DHCPv4 clients and DHCPv4 server/relay are separated by an IPv6 | |||
| network in the middle. DHCP messages between a client and the | network in the middle. DHCP messages between a client and the | |||
| server/relay cannot naturally be forwarded to each other because they | server/relay cannot naturally be forwarded to each other because they | |||
| are IPv4 UDP packets, either unicast or broadcast. To bridge this | are IPv4 UDP packets, either unicast or broadcast. To bridge this | |||
| gap, both the client side and the server/relay side must enable | gap, both the client side and the server/relay side can enable DHCPv4 | |||
| DHCPv4 over IPv6 transport. More precisely, they must support | over IPv6 transport. More precisely, it is necessary for them to | |||
| delivering and receiving DHCP messages in IPv6 UDP packets and | support delivering and receiving DHCP messages in IPv6 UDP packets | |||
| thereby traverse the IPv6 network. | and thereby traverse the IPv6 network. | |||
| On the client side, a special relay agent called Client Relay Agent | On the client side, a special relay agent called Client Relay Agent | |||
| is placed on the same host with the client, or on the link of the | is placed on the same host with the client, or on the link of the | |||
| host. CRA is used to relay DHCP messages from the client to the | host. CRA is used to relay DHCP messages from the client to the | |||
| server, and from the server to the client. CRA sends DHCPv4 messages | server, and from the server to the client. CRA sends DHCPv4 messages | |||
| to the server through unicast IPv6 UDP, and receives unicast IPv6 UDP | to the server through unicast IPv6 UDP, and receives unicast IPv6 UDP | |||
| packets with the DHCPv4 messages from the server. By using CRA, no | packets with the DHCPv4 messages from the server. By using CRA, no | |||
| extension is required on the DHCP client. | extension is required on the DHCP client. | |||
| +-------------------------+ | +-------------------------+ | |||
| skipping to change at page 5, line 4 | skipping to change at page 4, line 43 | |||
| |Client| +-------+ | |Client| +-------+ | |||
| +------+ |DHCPv4 | | +------+ |DHCPv4 | | |||
| | IPv6 Network |Server/| | | IPv6 Network |Server/| | |||
| +------+ |Relay | | +------+ |Relay | | |||
| |DHCPv4| +-------+ | |DHCPv4| +-------+ | |||
| |Client| | | |Client| | | |||
| +------+ | | +------+ | | |||
| +-------------------------+ | +-------------------------+ | |||
| Figure 1 Scenario of DHCPv4 over IPv6 Transport | Figure 1 Scenario of DHCPv4 over IPv6 Transport | |||
| The IPv6-Transport DHCPv4 server can receive DHCP messages delivered | The IPv6-Transport DHCPv4 server can receive DHCP messages delivered | |||
| in IPv6 UDP from CRA, and send out DHCP messages to CRA using IPv6 | in IPv6 UDP from the CRA, and send out DHCP messages to the CRA using | |||
| UDP (figure 2(a)). TSV should send DHCP messages to the IPv6 address | IPv6 UDP (figure 2(a)). The TSV sends DHCP messages to the IPv6 | |||
| from which it receives relevant DHCP messages earlier. | address from which it receives relevant DHCP messages earlier. | |||
| When CRAs communicate with an IPv6-Transport Relay Agent rather than | When CRAs communicate with an IPv6-Transport Relay Agent rather than | |||
| with a server directly, the situation becomes a little more | with a server directly, the situation becomes a little more | |||
| complicated. Besides the IPv6 communication with CRA, TRA also | complicated. Besides the IPv6 communication with a CRA, a TRA also | |||
| communicates with a regular DHCPv4 server through IPv4. Therefore, | communicates with a regular DHCPv4 server through IPv4. Therefore, | |||
| when TRA relays DHCP messages between a CRA and the DHCPv4 server, it | when the TRA relays DHCP messages between a CRA and the DHCPv4 | |||
| receives DHCP message from the CRA in IPv6 and sends it to the server | server, it receives DHCP message from the CRA in IPv6 and sends it to | |||
| in IPv4, as well as receives DHCP message from the server in IPv4 and | the server in IPv4, as well as receives DHCP message from the server | |||
| sends it to the CRA in IPv6. | in IPv4 and sends it to the CRA in IPv6. | |||
| TRA sends the IPv6 address of the CRA to the DHCP server using the | The TRA sends the IPv6 address of the CRA to the DHCP server using | |||
| Client Relay Agent IPv6 Address suboption, defined in this document. | the Client Relay Agent IPv6 Address (CRA6ADDR) suboption, defined in | |||
| The DHCP server returns this suboption to the TRA as required in | this document. The DHCP server returns this suboption to the TRA as | |||
| [RFC3046]. The TRA then uses the returned CRA6ADDR suboption to | required in [RFC3046]. The TRA then uses the returned CRA6ADDR | |||
| determine the destination address to which to relay the response. | suboption to determine the destination address to which to relay the | |||
| response. | ||||
| +------+ +------+ | +------+ +------+ | |||
| |client| IPv6 network |TSV | | |client| IPv6 network |TSV | | |||
| |+HCRA |----------------| | | |+HCRA |----------------| | | |||
| +------+ +------+ | +------+ +------+ | |||
| +------+ +------+ +------+ | +------+ +------+ +------+ | |||
| |client| |LCRA | IPv6 network |TSV | | |client| |LCRA | IPv6 network |TSV | | |||
| | |--| |----------------| | | | |--| |----------------| | | |||
| +------+ +------+ +------+ | +------+ +------+ +------+ | |||
| skipping to change at page 6, line 5 | skipping to change at page 5, line 44 | |||
| +------+ +------+ +------+ +------+ | +------+ +------+ +------+ +------+ | |||
| |client| |LCRA | IPv6 network |TRA | IPv4 network |server| | |client| |LCRA | IPv6 network |TRA | IPv4 network |server| | |||
| | |--| |----------------| |--------------| | | | |--| |----------------| |--------------| | | |||
| +------+ +------+ +------+ +------+ | +------+ +------+ +------+ +------+ | |||
| (b)client--relay--server case | (b)client--relay--server case | |||
| Figure 2 Protocol Summary | Figure 2 Protocol Summary | |||
| 5. Client Relay Agent IPv6 Address Sub-option | 4. Client Relay Agent IPv6 Address Sub-option | |||
| The CRA6ADDR suboption is a suboption of the Relay Agent Information | The CRA6ADDR suboption is a suboption of the Relay Agent Information | |||
| Option [RFC3046]. It encodes the IPv6 address of the machine from | Option [RFC3046]. It encodes the IPv6 address of the machine from | |||
| which a DHCPv4-in-IPv6 CRA-to-TRA message was received. It is used | which a DHCPv4-in-IPv6 CRA-to-TRA message was received. It is used | |||
| by the TRA to relay DHCPv4 replies back to the proper CRA. The TRA | by the TRA to relay DHCPv4 replies back to the proper CRA. The TRA | |||
| uses the IPv6 address encoded in this suboption as the destination | uses the IPv6 address encoded in this suboption as the destination | |||
| IPv6 address when relaying a DHCPv4 message from the DHCP server to | IPv6 address when relaying a DHCPv4 message from the DHCP server to | |||
| the CRA. | the CRA. | |||
| The CRA6ADDR sub-option has a fixed length of 18 octets. The SubOpt | The CRA6ADDR sub-option has a fixed length of 18 octets. The SubOpt | |||
| code is tbd by IANA, the length field is 16, and the following 16 | code is tbd by IANA, the length field is 16, and the following 16 | |||
| octets contain the CRA IPv6 address. | octets contain the CRA IPv6 address. | |||
| SubOpt Len Agent Remote ID | SubOpt Len Agent Remote ID | |||
| +------+------+------+------+------+- -+------+ | +------+------+------+------+------+- -+------+ | |||
| | tbd | 16 | a1 | a2 | a3 | ... | a16 | | | tbd | 16 | a1 | a2 | a3 | ... | a16 | | |||
| +------+------+------+------+------+- -+------+ | +------+------+------+------+------+- -+------+ | |||
| Figure 3 Client Relay Agent IPv6 Address Sub-option format | Figure 3 Client Relay Agent IPv6 Address Sub-option format | |||
| 6. Client Relay Agent Behavior | 5. Client Relay Agent Behavior | |||
| A Client Relay Agent sits on the same host with the DHCPv4 client | A Client Relay Agent sits on the same host with the DHCPv4 client | |||
| (HCRA), or on the same link as the host (LCRA). CRA listens for DHCP | (HCRA), or on the same link as the host (LCRA). A CRA listens for | |||
| packets on IPv4 on port 67, and also listens for DHCP packets on IPv6 | DHCP packets on IPv4 on port 67, and also listens for DHCP packets on | |||
| on port 67. | IPv6 on port 67. | |||
| A CRA is configured with one or more IPv6 addresses of TSV/TRA, using | A CRA is configured with one or more IPv6 addresses of TSV/TRA as the | |||
| a DHCPv6 option or some other mechanism. The CRA cannot forward | destination(s). The CRA is also configured with a global IPv6 | |||
| DHCPv4 messages before it is configured with an IPv6 address itself, | address before the DHCPv4 client starts, so that it can forward | |||
| so to function properly, the IPv6 address for the CRA SHOULD be | DHCPv4 messages over IPv6. | |||
| configured before the DHCPv4 client starts. The CRA SHOULD use a | ||||
| global IPv6 address. | ||||
| When the CRA receives any DHCP message on IPv4 with BOOTP op field | When the CRA receives any DHCP message on IPv4 with BOOTP op field | |||
| set to 1, it forwards the message over UDP on IPv6 using a standard | set to 1, it forwards the message over UDP on IPv6 using a standard | |||
| DHCP message format, with source port 67 and destination port 67. | DHCP message format, with source port 67 and destination port 67. | |||
| The CRA forwards the message to each TSV or TRA address with which it | The CRA forwards the message to each TSV or TRA address with which it | |||
| is configured. | is configured. | |||
| When the CRA receives any message on IPv6 with BOOTP op field set to | When the CRA receives any message on IPv6 with BOOTP op field set to | |||
| 2, the CRA checks to see if the message contains option 82. If it | 2, the CRA checks to see if the message contains option 82. If it | |||
| does, the CRA silently discards the message. Otherwise, it relays | does, the CRA silently discards the message. Otherwise, it relays | |||
| the message to the DHCP client using IPv4. | the message to the DHCP client using IPv4. | |||
| When the CRA receives any message on IPv6 with BOOTP op field set to | When the CRA receives any message on IPv6 with BOOTP op field set to | |||
| 4, it decapsulates the message as specified in DHCPv4 Relay Agent | 4, it decapsulates the message as specified in DHCPv4 Relay Agent | |||
| Encapsulation [I-D.ietf-dhc-dhcpv4-relay-encapsulation]. If the CRA | Encapsulation [I-D.ietf-dhc-dhcpv4-relay-encapsulation]. If the CRA | |||
| does not support encapsulation, it MUST silently discard the message. | does not support encapsulation, it silently discards the message. | |||
| The LCRA or HCRA does not use the Relay Agent Information Option | ||||
| The LCRA or HCRA MUST NOT use the Relay Agent Information Option | ||||
| [RFC3046]. If either type of CRA needs to send relay agent options, | [RFC3046]. If either type of CRA needs to send relay agent options, | |||
| it MUST use relay agent encapsulation as defined in | it uses relay agent encapsulation as defined in | |||
| [I-D.ietf-dhc-dhcpv4-relay-encapsulation]. | [I-D.ietf-dhc-dhcpv4-relay-encapsulation]. | |||
| An HCRA MUST only serve the client inside the same host, while the | An HCRA only serves the client inside the same host, while the LCRA | |||
| LCRA SHOULD serve any client on the link. When the IPv6 address of | serves any client on the link. When the IPv6 address of TSV/TRA is | |||
| TSV/TRA is provisioned to the host running the DHCP client, it uses | provisioned to the host running the DHCP client, it uses HCRA; else | |||
| HCRA; else the client depends on LCRA. A HCRA serves only one link; | the client depends on LCRA. A HCRA serves only one link; the | |||
| the multiple link case MUST be handled by multiple HCRA instances. A | multiple-link case is handled by multiple HCRA instances. A LCRA | |||
| LCRA does not necessarily need an IPv4 address, though it may be | does not necessarily need an IPv4 address, though it may be | |||
| configured with one. | configured with one. | |||
| In HCRA case, the DHCPv6 client (or other IPv6 configuration | In HCRA case, the DHCPv6 client (or other IPv6 configuration | |||
| processes), DHCPv4 client and CRA runs on the same physical | processes), DHCPv4 client and CRA run on the same physical interface. | |||
| interface. If possible, the host running the DHCPv4 client and CRA | In some cases, the host running the DHCPv4 client and CRA defers the | |||
| SHOULD defer the operation of the DHCPv4 client until an IPv6 address | operation of the DHCPv4 client until an IPv6 address of the interface | |||
| of the interface has been acquired, as well as the TSV/TRA address | has been acquired, as well as the TSV/TRA address information. If | |||
| information. If this is not done, the DHCPv4 client may send several | this is not done, the DHCPv4 client may send several messages that | |||
| messages that the CRA cannot relay, and this could result in long | the CRA cannot relay, and this could result in long delays before the | |||
| delays before the DHCPv4 client actually gets an IPv4 address. | DHCPv4 client actually gets an IPv4 address. | |||
| 7. IPv6-Transport Server Behavior | 6. IPv6-Transport Server Behavior | |||
| To support IPv6 transport, the behavior of DHCPv4 server is extended. | To support IPv6 transport, the behavior of DHCPv4 server is extended. | |||
| The IPv6-Transport Server can listen on IPv6 port 67 for DHCPv4 | The IPv6-Transport Server can listen on IPv6 port 67 for DHCPv4 | |||
| messages, and send DHCPv4 messages through IPv6. | messages, and send DHCPv4 messages through IPv6. | |||
| A TSV listens for DHCP messages on IPv6 UDP port 67 and IPv4 UDP port | A TSV listens for DHCP messages on IPv6 UDP port 67 and IPv4 UDP port | |||
| 67. When it receives a DHCP message on IPv6, it MUST retain the IPv6 | 67. When it receives a DHCP message on IPv6, it retains the IPv6 | |||
| source address of that message until it has sent a response. When it | source address of that message until it has sent a response. When it | |||
| sends a response, it MUST send the response to this IPv6 address, | sends a response, it sends the response to this IPv6 address, with | |||
| with destination port 67. | destination port 67. | |||
| The TSV MUST send a server identifier option [RFC2132] containing an | The TSV sends a server identifier option [RFC2132] containing an IPv4 | |||
| IPv4 address which will be reachable from the client once the | address which will be reachable from the client once the residual | |||
| residual IPv4 service is set up. This follows the server id option | IPv4 service is set up. This follows the server id option | |||
| requirement in [RFC2131]. | requirement in [RFC2131]. | |||
| The rest of TSV DHCP process is the same with normal DHCPv4 server. | The rest of TSV DHCP process is the same with normal DHCPv4 server. | |||
| A TSV MUST also listen on IPv4 UDP port 67 like a normal DHCPv4 | A TSV also listens on IPv4 UDP port 67 like a normal DHCPv4 server, | |||
| server, and process IPv4 DHCPv4 messages normally. This requirement | and process IPv4 DHCPv4 messages normally. This requirement exists | |||
| exists because when a DHCPv4 client renews, it sends its renewal | because when a DHCPv4 client renews, it sends its renewal messages | |||
| messages directly to the server, rather than broadcasting them. | directly to the server, rather than broadcasting them. | |||
| Because the CRA may use relay agent encapsulation | Because the CRA may use relay agent encapsulation | |||
| [I-D.ietf-dhc-dhcpv4-relay-encapsulation], the TSV SHOULD support it. | [I-D.ietf-dhc-dhcpv4-relay-encapsulation], the TSV supports it. A | |||
| A TSV that does not support it will not interoperate with a CRA that | TSV that does not support it will not interoperate with a CRA that | |||
| sends relay agent options. | sends relay agent options. | |||
| 8. IPv6-Transport Relay Agent Behavior | 7. IPv6-Transport Relay Agent Behavior | |||
| An IPv6-Transport Relay Agent sits between IPv6 network and IPv4 | An IPv6-Transport Relay Agent sits between IPv6 network and IPv4 | |||
| network, and relays DHCPv4 message between CRAs and IPv4-only DHCPv4 | network, and relays DHCPv4 message between CRAs and IPv4-only DHCPv4 | |||
| server. The communication between CRAs and the TRA uses IPv6, while | server. The communication between CRAs and the TRA uses IPv6, while | |||
| the communication between the TRA and the server uses IPv4. A TRA | the communication between the TRA and the server uses IPv4. A TRA | |||
| listens on IPv6 UDP port 67 for DHCP messages with BOOTP op field set | listens on IPv6 UDP port 67 for DHCP messages with BOOTP op field set | |||
| to 1 or 3, as well as IPv4 UDP port 67 for DHCP messages with BOOTP | to 1 or 3, as well as IPv4 UDP port 67 for DHCP messages with BOOTP | |||
| op field set to 2 or 4. | op field set to 2 or 4. | |||
| When relaying a DHCP message from CRA to server, TRA MUST add a | When relaying a DHCP message from CRA to server, the TRA adds a | |||
| CRA6ADDR suboption. The TRA sets the contents of this suboption to | CRA6ADDR suboption. The TRA sets the contents of this suboption to | |||
| the IPv6 source address of the message. The TRA MUST also store one | the IPv6 source address of the message. The TRA also stores one its | |||
| its own IPv4 addresses in the giaddr field of the DHCP message. The | own IPv4 addresses in the giaddr field of the DHCP message. The TRA | |||
| TRA MAY include a Link Selection sub-option [RFC3527] to indicate to | may include a Link Selection sub-option [RFC3527] to indicate to the | |||
| the DHCP server which link to use when choosing an IP address. If | DHCP server which link to use when choosing an IP address. If the | |||
| the received message is a RELAYFORWARD message, the TRA MUST | received message is a RELAYFORWARD message, the TRA encapsulates the | |||
| encapsulate the message in a new RELAYFORWARD message and store the | message in a new RELAYFORWARD message and stores the CRA6ADDR in the | |||
| CRA6ADDR in the new relay segment. If it is some other message, the | new relay segment. If it is some other message, the TRA appends a | |||
| TRA SHOULD append a Relay Agent Information Option as described in | Relay Agent Information Option as described in [RFC3046], but may | |||
| [RFC3046], but MAY encapsulate it in the same way as RELAYFORWARD | encapsulate it in the same way as RELAYFORWARD message instead, which | |||
| message instead. | depends on the implementation. | |||
| When receiving a DHCP message from the DHCP server, if the message | When receiving a DHCP message from the DHCP server, if the message | |||
| contains no CRA6ADDR suboption, the TRA MUST discard the message. | contains no CRA6ADDR suboption, the TRA discards the message. | |||
| Otherwise, it processes it as required by [RFC3046] and | Otherwise, it processes it as required by [RFC3046] and | |||
| [I-D.ietf-dhc-dhcpv4-relay-encapsulation], and forwards it to the | [I-D.ietf-dhc-dhcpv4-relay-encapsulation], and forwards it to the | |||
| IPv6 address recorded in the CRA6ADDR sub-option, with source port 67 | IPv6 address recorded in the CRA6ADDR sub-option, with source port 67 | |||
| and destination port number 67. | and destination port number 67. | |||
| 9. Security Consideration | 8. Security Consideration | |||
| This mechanism may rise a new form of DHCP protocol attack. A | This mechanism may rise a new form of DHCP protocol attack. A | |||
| malicious attacker in IPv6 can interference with the DHCPv4 process | malicious attacker in IPv6 can interference with the DHCPv4 process | |||
| by inject fake DHCPv4-in-IPv6 messages which will be handled by TSV | by inject fake DHCPv4-in-IPv6 messages which will be handled by TSV | |||
| or TRA. However, the damage is the same with the known DHCPv4 attack | or TRA. However, the damage is the same with the known DHCPv4 attack | |||
| happened in IPv4. The only difference is the attacker and the victim | happened in IPv4. The only difference is the attacker and the victim | |||
| could locate in different address families. | could locate in different address families. | |||
| Another impact is DHCP filtering. There are firewalls today capable | Another impact is DHCP filtering. There are firewalls today capable | |||
| of filtering DHCP traffic (DHCPv4 over IPv4 and DHCPv6 over IPv6 | of filtering DHCP traffic (DHCPv4 over IPv4 and DHCPv6 over IPv6 | |||
| packages). The DHCP messages with the new, DHCPv4-in-IPv6 style may | packages). The DHCP messages with the new, DHCPv4-in-IPv6 style may | |||
| bypass these firewalls. Nevertheless it is not difficult for them to | bypass these firewalls. Nevertheless it is not difficult for them to | |||
| make some slight modification and adapt to the new DHCPv4 message | make some slight modification and adapt to the new DHCPv4 message | |||
| pattern. | pattern. | |||
| 10. IANA consideration | 9. IANA Consideration | |||
| IANA is requested to assign one new sub-option code from the registry | IANA is requested to assign one new sub-option code from the registry | |||
| of DHCP Agent Sub-Option Codes maintained in | of DHCP Agent Sub-Option Codes maintained in | |||
| http://www.iana.org/assignments/bootp-dhcp-parameters. This sub- | http://www.iana.org/assignments/bootp-dhcp-parameters. This sub- | |||
| option code will be assigned to the Client Relay Agent IPv6 Address | option code will be assigned to the Client Relay Agent IPv6 Address | |||
| Sub-option. | Sub-option. | |||
| 11. Contributors | 10. Contributors | |||
| The following gentlemen also contributed to the effort: | The following gentlemen also contributed to the effort: | |||
| Francis Dupont | Francis Dupont | |||
| Internet Systems Consortium, Inc. | Internet Systems Consortium, Inc. | |||
| Email: fdupont@isc.org | Email: fdupont@isc.org | |||
| Tomasz Mrugalski | Tomasz Mrugalski | |||
| Internet Systems Consortium, Inc. | Internet Systems Consortium, Inc. | |||
| Email: tomasz.mrugalski@gmail.com | Email: tomasz.mrugalski@gmail.com | |||
| Dmitry Anipko | Dmitry Anipko | |||
| Microsoft Corporation | Microsoft Corporation | |||
| Email: danipko@microsoft.com | Email: danipko@microsoft.com | |||
| 12. References | 11. References | |||
| 12.1. Normative References | ||||
| [I-D.ietf-dhc-client-id] | 11.1. Normative References | |||
| Swamy, N., Halwasia, G., and S. Unit, "Client Identifier | ||||
| Option in DHCP Server Replies", | ||||
| draft-ietf-dhc-client-id-07 (work in progress), | ||||
| November 2012. | ||||
| [I-D.ietf-dhc-dhcpv4-relay-encapsulation] | [I-D.ietf-dhc-dhcpv4-relay-encapsulation] | |||
| Lemon, T., Deng, H., and L. Huang, "Relay Agent | Lemon, T., Deng, H., and L. Huang, "Relay Agent | |||
| Encapsulation for DHCPv4", | Encapsulation for DHCPv4", | |||
| draft-ietf-dhc-dhcpv4-relay-encapsulation-01 (work in | draft-ietf-dhc-dhcpv4-relay-encapsulation-01 (work in | |||
| progress), July 2011. | progress), July 2011. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | ||||
| [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", | [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", | |||
| RFC 2131, March 1997. | RFC 2131, March 1997. | |||
| [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | |||
| Extensions", RFC 2132, March 1997. | Extensions", RFC 2132, March 1997. | |||
| [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", | [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", | |||
| RFC 3046, January 2001. | RFC 3046, January 2001. | |||
| [RFC3527] Kinnear, K., Stapp, M., Johnson, R., and J. Kumarasamy, | [RFC3527] Kinnear, K., Stapp, M., Johnson, R., and J. Kumarasamy, | |||
| "Link Selection sub-option for the Relay Agent Information | "Link Selection sub-option for the Relay Agent Information | |||
| Option for DHCPv4", RFC 3527, April 2003. | Option for DHCPv4", RFC 3527, April 2003. | |||
| [RFC4361] Lemon, T. and B. Sommerfeld, "Node-specific Client | [RFC4361] Lemon, T. and B. Sommerfeld, "Node-specific Client | |||
| Identifiers for Dynamic Host Configuration Protocol | Identifiers for Dynamic Host Configuration Protocol | |||
| Version Four (DHCPv4)", RFC 4361, February 2006. | Version Four (DHCPv4)", RFC 4361, February 2006. | |||
| [RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire | [RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire | |||
| Problem Statement", RFC 4925, July 2007. | Problem Statement", RFC 4925, July 2007. | |||
| 12.2. Informative References | [RFC6842] Swamy, N., Halwasia, G., and P. Jhingran, "Client | |||
| Identifier Option in DHCP Server Replies", RFC 6842, | ||||
| January 2013. | ||||
| 11.2. Informative References | ||||
| [I-D.ietf-softwire-public-4over6] | [I-D.ietf-softwire-public-4over6] | |||
| Cui, Y., Wu, J., Wu, P., Vautrin, O., and Y. Lee, "Public | Cui, Y., Wu, J., Wu, P., Vautrin, O., and Y. Lee, "Public | |||
| IPv4 over IPv6 Access Network", | IPv4 over IPv6 Access Network", | |||
| draft-ietf-softwire-public-4over6-05 (work in progress), | draft-ietf-softwire-public-4over6-10 (work in progress), | |||
| February 2013. | July 2013. | |||
| Appendix A. Motivation for selecting this particular solution | Appendix A. Motivation for selecting this particular solution | |||
| We considered three possible solutions to the problem of configuring | We considered three possible solutions to the problem of configuring | |||
| IPv4 addresses on an IPv6 network. | IPv4 addresses on an IPv6 network. | |||
| A.1. Configuring IPv4 with DHCPv6 | A.1. Configuring IPv4 with DHCPv6 | |||
| Use DHCPv6 instead of DHCPv4, to provision IPv4-related connectivity. | Use DHCPv6 instead of DHCPv4, to provision IPv4-related connectivity. | |||
| In DHCPv6, the provisioned IPv4 address can be embedded into IPv6 | In DHCPv6, the provisioned IPv4 address can be embedded into IPv6 | |||
| skipping to change at page 12, line 26 | skipping to change at page 12, line 13 | |||
| easiest to specify and easiest to implement. | easiest to specify and easiest to implement. | |||
| Appendix B. Discussion on One Host Retrieving Multiple Addresses | Appendix B. Discussion on One Host Retrieving Multiple Addresses | |||
| through One CRA | through One CRA | |||
| This document is written with the intention of supporting a use case | This document is written with the intention of supporting a use case | |||
| where a single DHCP client is configuring a single tunnel endpoint | where a single DHCP client is configuring a single tunnel endpoint | |||
| per physical link. The technique described in this document could be | per physical link. The technique described in this document could be | |||
| used by a host needing to configure more than one tunnel endpoint on | used by a host needing to configure more than one tunnel endpoint on | |||
| the same physical link, i.e., to retrieve multiple addresses through | the same physical link, i.e., to retrieve multiple addresses through | |||
| the same CRA. However, the following additional behavior is REQUIRED | the same CRA. However, the following additional behavior is required | |||
| to support this case. | to support this case. | |||
| DHCP server implementing this specification MUST implement Client | DHCP server implementing this specification implements Client | |||
| Identifier Option in DHCP server replies [I-D.ietf-dhc-client-id]. | Identifier Option in DHCP server replies [RFC6842]. | |||
| In general this specification is intended not to require modification | In general this specification is intended not to require modification | |||
| of DHCP clients. However, DHCP clients being used to configure | of DHCP clients. However, DHCP clients being used to configure | |||
| multiple tunnel endpoints have to be modified; otherwise there is no | multiple tunnel endpoints have to be modified; otherwise there is no | |||
| way for such DHCP clients to differentiate between DHCP responses. | way for such DHCP clients to differentiate between DHCP responses. | |||
| Therefore, in such case, the DHCP client using this specification | Therefore, in such case, the DHCP client using this specification | |||
| MUST use a different client identifier for each tunnel endpoint being | uses a different client identifier for each tunnel endpoint being | |||
| configured. Such DHCP clients MUST examine the response from the | configured. Such DHCP clients examine the response from the DHCP | |||
| DHCP server and use the client identifier to differentiate between | server and use the client identifier to differentiate between the | |||
| the DHCP client state machines for each tunnel endpoint. | DHCP client state machines for each tunnel endpoint. | |||
| In order to satisfy the requirement that client identifiers be | In order to satisfy the requirement that client identifiers be | |||
| unique, DHCP clients configuring multiple tunnel endpoints MUST | unique, DHCP clients configuring multiple tunnel endpoints implement | |||
| implement Node-specific Client Identifiers for DHCPv4 [RFC4361]. | Node-specific Client Identifiers for DHCPv4 [RFC4361]. Such clients | |||
| Such clients MUST use a different IAID for each tunnel endpoint. | use a different IAID for each tunnel endpoint. | |||
| It is assumed here that every client state machine on a multiple- | It is assumed here that every client state machine on a multiple- | |||
| tunnel-endpoint link can hear all the DHCP messages (and subsequently | tunnel-endpoint link can hear all the DHCP messages (and subsequently | |||
| accept the messages intended for it). How this is accomplished is | accept the messages intended for it). How this is accomplished is | |||
| left to the implementor. However, implementations MUST follow this | left to the implementor. However, implementations must follow this | |||
| requirement; otherwise, it will be impossible for multiple tunnel | requirement; otherwise, it will be impossible for multiple tunnel | |||
| endpoints to be successfully configured. The easiest way to | endpoints to be successfully configured. The easiest way to | |||
| accomplish this is to have a single DHCP client process with multiple | accomplish this is to have a single DHCP client process with multiple | |||
| DHCP state machines, and to dispatch each DHCP message to the correct | DHCP state machines, and to dispatch each DHCP message to the correct | |||
| DHCP client state machine using the client identifier. However, this | DHCP client state machine using the client identifier. However, this | |||
| is not REQUIRED; any mechanism that results in client state machines | is not required; any mechanism that results in client state machines | |||
| receiving the messages that are intended for them will suffice. | receiving the messages that are intended for them will suffice. | |||
| Authors' Addresses | Authors' Addresses | |||
| Yong Cui | Yong Cui | |||
| Tsinghua University | Tsinghua University | |||
| Department of Computer Science, Tsinghua University | Department of Computer Science, Tsinghua University | |||
| Beijing 100084 | Beijing 100084 | |||
| P.R.China | P.R.China | |||
| End of changes. 55 change blocks. | ||||
| 145 lines changed or deleted | 134 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||