dhc Group                                                        B. Volz
Internet-Draft                                                  R. Droms
Intended status: Informational                       Cisco Systems, Inc.
Expires: September 2, 2007                                 March 1, 2007 August 8, 2009                                 February 4, 2009

               DHCPv6 Server Reply Sequence Number Option

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she

   This Internet-Draft is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, submitted to IETF in accordance full conformance with Section 6 the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on September 2, 2007. August 8, 2009.

Copyright Notice

   Copyright (C) The (c) 2009 IETF Trust (2007). and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.


   This memo defines the Server Reply Sequence Number option for the
   Dynamic Host Configuration Protocol for IPv6 (DHCPv6).  This option
   is sent from a DHCPv6 server to a DHCPv6 relay agent to allow a relay
   agent to detect proper sequencing of Relay-Reply messages that could
   be delivered out of order.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  The Server Reply Sequence Number Option . . . . . . . . . . . . 3
   4.  DHCPv6 Relay Agent Behavior . . . . . . . . . . . . . . . . . . 4
   5.  DHCPv6 Server Behavior  . . . . . . . . . . . . . . . . . . . . 5
   6.  IANA considerations . . . . . . . . . . . . . . . . . . . . . . 5
   7.  Security considerations . . . . . . . . . . . . . . . . . . . . 6
   8.  Modification History  . . . . . . . . . . . . . . . . . . . . . 6
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 6
   Intellectual Property and Copyright Statements  . . . . . . . . . . 8 7

1.  Introduction

   When a DHCPv6 server sends a Reply, there is no guarantee as to the
   order of delivery of those datagrams sent by a server.  A DHCPv6
   client is protected against delivery of old Reply messages because of
   the transaction-id in the message.  However, a relay agent receiving
   Relay-Reply messages and maintaining client state information (e.g.,
   [I-D.ietf-dhc-dhcpv6-agentopt-delegate] has no such technique.  Thus
   a delayed earlier Relay-Reply may arrive after other Relay-Reply
   messages.  As an example, suppose a client sends a Request, the Reply
   (encapsulated in a Relay-Reply) is delayed between server and relay
   agent.  The client retransmits the Request, the retransmitted Reply
   is processed through the relay agent and then by the client.  The
   client next transacts a Release/Reply sequence, which causes the
   relay agent to remove the client's state information when relaying
   the Relay-Reply.  However, now the delayed first Request's Reply
   arrives at the relay agent; if the relay agent were to update the
   client's state based on this out of order message (e.g., [5]),
   [I-D.ietf-dhc-dhcpv6-agentopt-delegate]), it would add client state
   that is no longer valid.  The Server Reply Sequence Number (SRSN)
   option can be used to prevent this as the relay agent can detect and
   discard out of order message.

   To allow a relay agent to detect and discard out of order messages,
   the relay agent requests the server to include a SRSN option in
   Relay-Reply messages.  The SRSN option contains a monotonically
   increasing sequence number that the relay agent can use to re-
   sequence (or discard) out of order Relay-Reply messages from the

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [1]. [RFC2119].

   Additional terms used in the description of DHCPv6 and DHCPv6 prefix
   delegation are defined in [2] [RFC3315] and [3]. [RFC3633].

3.  The Server Reply Sequence Number Option

   The SRSN option is used by a server to indicate the order in which
   the server has generated replies and therefore allows a relay agent
   receiving Relay-Reply messages to determine the order in which those
   Relay-Reply messages were originally sent.  The Relay-Reply messages
   are sent via UDP and, therefore, may be delivered out of order.

   The server's sequence number in the SRSN is a monotonically
   increasing series.  This property is maintained by the server even if
   the server loses internal state; e.g., if the server is restarted.
   The value of the sequence number in the SRSN option is not related to
   the contents of any options in the Relay-Reply message; the existence
   of this sequence number does not indicate that any data at the server
   has necessarily changed.

   The DHCPv6 Server Reply Sequence Number Option has the following

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    |         option-code           |            length             |
    |                                                               |
    +                  server-reply-sequence-number                 +
    |                                                               |

   option-code          OPTION_SRSN (TBD).

   length               8.

                        The 64-bit monotonically increasing server reply
                        sequence number.

4.  DHCPv6 Relay Agent Behavior

   If a relay agent requires the server to provide the SRSN option, it
   MUST include an Option Request option, requesting the SRSN option, as
   described in section 22.7 of [2]. [RFC3315].

   A relay agent MUST save the received server-reply-sequence-number
   (and the server's Server Identifier Option, OPTION_SERVERID) with any
   client state information extracted from a Relay-Reply if it needs to
   assure it does not use out of date information.

   A relay agent that uses the SRSN option needs do the following when
   maintaining client state information:

   1.  Only update existing client state information if the received
       server-reply-sequence-number (if from the same server) is greater
       than the stored server-reply-sequence-number for the information;
       the received server-reply-sequence-number and Server Identifier
       must be stored with the client state information.

   2.  Delay removing expired client state information from its storage
       for at least the maximum lifetime of a datagram.  This assures
       that any undelivered Relay-Reply datagrams will have expired and
       been dropped from the network; and thus the server-reply-
       sequence-number checking will prevent outdated information from
       being used.  A value of 2 minutes is the recommended value for
       the maximum datagram lifetime, based on the maximum segment
       lifetime used by the Transmission Control Protocol (TCP) [4].

   A change in the server-reply-sequence-number MUST NOT be used to
   assume a client's state has changed, as a server may be
   retransmitting the same information but with a different server-

5.  DHCPv6 Server Behavior

   If a relay agent has requested the SRSN option in an ORO, the server
   SHOULD return the option with a monotonically increasing sequence
   number.  And, the server MUST also include a Server Identifier Option
   (OPTION_SERVER_ID) in the Relay-Reply if it includes the SRSN option.

   The server MUST monotonically increase the sequence number for any
   Relay-Reply messages it transmits which include a SRSN option.  A
   server MAY increase the sequence number for each message it
   transmits, even those that do not include a SRSN option.

   One technique for a server to provide the monotonically increasing
   sequence number is by splitting the 64-bit number into two 32-bit
   values (minding network/host byte ordering) - a major (most
   significant bits) and minor sequence number.  When the server starts,
   the major sequence number is set to the current time (in seconds
   since Jan 1, 1970).  The minor sequence number is set to 0 and only
   it is incremented while the server is running (except if it rolls
   over, in which case the major sequence number MUST be updated); there
   is no need to commit the sequence number to stable storage.

6.  IANA considerations

   IANA is requested to assign an option code from the "DHCPv6 and
   DHCPv6 options" registry,
   http://www.iana.org/assignments/dhcpv6-parameters, to OPTION_SRSN.

7.  Security considerations

   Security issues related to DHCP are described in [2] [RFC3315] and [3].

   The DHCPv6 Server Reply Sequence Number option may be used to mount a
   denial of service attack by causing a relay agent to incorrectly
   record a very high server-reply-sequence-number and thus preventing
   legitimate Relay-Reply messages from a server from being processed.
   Communication between a server and a relay agent, and communication
   between relay agents, can be secured through the use of IPSec, as
   described in section 21.1 of [2]. [RFC3315].

8.  Modification History

   Changes in rev -02: None except boiler plate, version number, and

   Changes in rev -01 (to fix idnits):
   o  Revised terminology section to match recommended RFC 2119 syntax.
   o  Used new I-D boilerplate.
   o  Added this section.

9.  References

9.1.  Normative References


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.


   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.


   [RFC3633]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
              Host Configuration Protocol (DHCP) version 6", RFC 3633,
              December 2003.

9.2.  Informative References


   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7,
              RFC 793, September 1981.


              Droms, R., "DHCPv6 Relay Agent Assignment Notification
              (RAAN) Option", draft-ietf-dhc-dhcpv6-agentopt-delegate-02
              (work in progress), November 2006.

Authors' Addresses

   Bernie Volz
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA  01719

   Phone: +1 978.936.0382
   Email: volz@cisco.com

   Ralph Droms
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA  01719

   Phone: +1 978.936.1674
   Email: rdroms@cisco.com

Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at


   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).