dhc Working Group Y. Cui Internet-Draft Z. Liu Intended status: Informational C. Liu Expires: July 24, 2015 Tsinghua University Y. Lee Comcast January 20, 2015 DHCP4o6 Bulk and Active Leasequery draft-cui-dhc-dhcp4o6-bulk-active-leasequery-00 Abstract As networks migrate towards IPv6, some entities still have the requirement for IPv4 configuration. DHCPv4 over DHCPv6 [RFC7341] provides a mechanism for obtaining IPv4 configuration information dynamically in IPv6 networks. DHCPv4/DHCPv6 Bulk Leasequery and Active Leasequery allow a client to get DHCP address binding information data in bulk transfer or in real-time via TCP. This document describes an extension of DHCPv6 Bulk and Active Leasequery that provides a mechanism to get DHCPv4 over DHCPv6 lease information. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 24, 2015. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Cui, et al. Expires July 24, 2015 [Page 1] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 4. Message and Option Description . . . . . . . . . . . . . . . 4 5. Requestor and Server Behavior . . . . . . . . . . . . . . . . 5 5.1. Extension to Bulk Leasequery . . . . . . . . . . . . . . 5 5.2. Extension to Active Leasequery . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 7.2. Informative References . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction The DHCPv4 Leasequery [RFC4388] extends the basic DHCPv4 capability [RFC2131] [RFC2132]to allow a requestor to query a DHCPv4 server for an individual binding information. DHCPv4 Bulk Leasequery[RFC6926] extends [RFC4388] to allow a requestor to query a DHCPv4 server for bulk transfer of binding information. DHCPv4 Active Leasequery further extends [RFC6926] to create a long-lived TCP connection between the requester and DHCPv4 server for near real-time binding information. Paralle Leasequery protocols are also defined for DHCPv6. In IPv6 migration, some hosts in IPv6 network may also need DHCPv4 configuration using DHCPv4 over DHCPv6[RFC7341]. In some use cases, it also need to extend DHCPv4 over DHCPv6 to carry related IPv6 information along with the DHCPv4 configuration, such as [I-D.fsc-softwire-dhcp4o6-saddr-opt]. In these extending DHCPv4 over DHCPv6 messages, IPv4 and IPv6 bindings may interact and correlate with each other. The DHCPv4 lease information (including IPv4 address and other DHCPv4 options) is encapsulated in DHCPv4 Message option as defined in[RFC7341]. And the related IPv6 bindings is encapsulated in DHCPv6 message (DHCPV4-QUERY/DHCPV4-RESPONSE messages). The interaction of the DHCPv4 and IPv6 information used by DHCP4o6 Cui, et al. Expires July 24, 2015 [Page 2] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 makes it different from original DHCPv4 [RFC2131]. One example is Lightweight 4over6 dynamic provisioning: A client (lwB4) may use DHCPv6 option(OPTION_DHCP4O6_SADDR) [I-D.fsc-softwire-dhcp4o6-saddr-opt] to set the IPv6 tunnel source address in the DHCP4o6 server. For each lwB4, the lwAFTR needs to create a mapping entry. The mapping contains the tuple (lease IPv4 address, port set, IPv6 tunnel source address). The lwAFTR must obtain the tuple before providing service to a particular lwB4. However, there is no single DHCP server contains all three pieces of information. The lwB4's IPv6 tunnel source address may be an active IPv6 address lease or a manual static address. The OPTION_DHCP4O6_SADDR is a DHCPv6 option but may not bind to the active IPv6 address lease. Furthermore, DHCP4o6 message doesn't contain DUID or any kind of identifiers for the requestor to query the DHCPv4 lease and co-relate it to the IPv6 configuration.In this scenario, the requestor (lwAFTR) cannot get the lwB4 IPv6 tunnel source address using DHCPv4 Bulk/ Active Leasequery or DHCPv6 Bulk/Active Leasequery. DHCPv4 Bulk/Active Leasequery is DHCPv4 protocol, they can't be used to query DHCPv6 bindings. Similarly, DHCPv6 Bulk/Active Leasequery is DHCPv6 protocol, it can't be used to query DHCPv4 bindings. This document describes an extension of DHCPv6 Bulk and Active Leasequery to allow a requestor to request DHCPv4 and DHCPv6 binding information. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Protocol Overview In IPv6 network, entities use DHCPv4 over DHCPv6 to get DHCPv4 configuration and even get the related IPv6 configuration just like the OPTION_DHCP4O6_SADDR defined in [I-D.fsc-softwire-dhcp4o6-saddr-opt]. Entities may need other related IPv6 configuration along with DHCPv4 lease using DHCPv4 over DHCPv6. DHCP4o6 Bulk/Active Leasequery mechanism based on both DHCPv4/DHCPv6 Bulk Leasequery and DHCPv4/DHCPv6 Active Leasequery make requestor get DHCP4o6 lease information in bulk transfer or in real-time from DHCP4o6 server via TCP. The DHCP4o6 Bulk/Active Leasequery mechanism is modeled on the existing DHCPv4 over DHCPv6 protocol in[RFC7341], which combines DHCPv4 Bulk/Active Leasequery and DHCPv6 Bulk/Active Leasequery to Cui, et al. Expires July 24, 2015 [Page 3] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 provide DHCPv4 lease and related IPv6 information in IPv6 network. The DHCP4o6 Bulk/Active Leasequery requestors and DHCP4o6 servers communicate with each other using DHCPv6 Bulk/Active Leasequery which contains DHCPv4 Message Option defined in [RFC7341]. In DHCPv6 Bulk/ Active Leasequery messages, DHCPv4 Message Option will contains the DHCPv4 Bulk/Active leasequery message. The DHCPv4 Bulk/Active leasequery message in the option should be Synchronous with the DHCPv6 Bulk/Active Leasequery message in the process of the two protocols in the same packet. Requestor will send a DHCPv6 Bulk/Active Leasequery message contains DHCPv4 Message Option to query for DHCP4o6 lease information. In the message, the related IPv6 configuration will be put in the DHCPv6 part and the DHCPv4 lease query will be put in the DHCPv4 Bulk/Active Leasequery message in DHCPv4 Message Option. The DHCPv4 part in the DHCPv4 Message Option of the messages sent by DHCP4o6 server in response Should be identical to the messages sent by the DHCPv4 Bulk/Active Leasequery server. The related IPv6 configuration part in response will be put in the DHCPv6 Bulk/Active Leasequery options. Applications which employ Active Leasequery to keep a database up to date with respect to the server's lease state database will usually use an initial Bulk Leasequery to bring their database into equivalence with that of the server. In DHCP4o6 Bulk and Active Leasequery, it works in the same way. 4. Message and Option Description All of the message types and options defined in DHCPv4/DHCPv6 Bulk/ Active Leasequery [RFC5460][I-D.ietf-dhc-dhcpv6-active-leasequery] [RFC6926][I-D.ietf-dhc-dhcpv4-active-leasequery] are also used by DHCP4o6 Bulk/Active Leasequery. In addition, a new usage of the existing option is defined in this document. DHCPv4 Message Option defined in [RFC7341] contains the DHCPv4 message sent by the DHCP client or server. In DHCP4o6 Bulk/Active Leasequery scenario, DHCPv4 Message Option contains the DHCPv4 Bulk/Active Leasequery message sent by requestor and DHCP4o6 server. Cui, et al. Expires July 24, 2015 [Page 4] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | option-code | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . DHCPv4-Bulk/Active-Leasequery-message . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ option-code: OPTION_DHCPV4_MSG (87) option-len: Length of the DHCPv4 Bulk/Active Leasequery message. DHCPv4-Bulk/Active-Leasequery-message: The DHCPv4 Bulk or Active Leasequery message sent by the client or the server. Figure 1: DHCPv4 Message Option When using as an extension of Bulk Leasequery, DHCPv4 Message Option will contains DHCPv4 Bulk Leasequery message. When DHCP4o6 Bulk Leasequery requestors query for DHCP4o6 lease information, DHCPv4 Message Option will contains the DHCPv4 DHCPBULKLEASEQUERY message. In response, DHCP4o6 servers will put the DHCPv4 reply message (DHCPLEASEACTIVE , DHCPLEASEUNASSIGNED or DHCPLEASEQUERYDONE message) in the DHCPv4 Message Option. When using as an extension of Active Leasequery, DHCPv4 Message Option will contains DHCPv4 Active Leasequery message. When DHCP4o6 Active Leasequery requestors query for DHCP4o6 lease information, DHCPv4 Message Option will contains the DHCPv4 ACTIVELEASEQUERY message. In response, DHCP4o6 servers will put the DHCPv4 reply message (DHCPLEASEQUERYSTATUS, DHCPLEASEACTIVE , DHCPLEASEUNASSIGNED or DHCPLEASEQUERYDONE message) in the DHCPv4 Message Option. 5. Requestor and Server Behavior 5.1. Extension to Bulk Leasequery DHCP4o6 Bulk Leasequery extends the Bulk Leasequery to allow a requestor getting bulk of DHCP4o6 lease information. A requestor attempts to establish a TCP connection to a DHCP4o6 server in order to initiate a Leasequery exchange. If the attempt fails, the requestor MAY retry. Cui, et al. Expires July 24, 2015 [Page 5] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 After a connection is established, the requestor constructs a DHCP4o6 Bulk Leasequery message. In LEASEQUERY message, the Query options MUST include an OPTION_ORO option to indicate the options for each client's related IPv6 configuration that the requestor would like the server to return. The query-type in Query option MUST be identical with the query-type of the DHCPv4 Bulk Leasequery message in DHCPv4 Message Option. As the related IPv6 configuration is subordinated to the DHCPv4 lease, the DHCPv4 Bulk Leasequery message DHCPBULKLEASEQUERY message in the DHCPv4 Message Option is composed as defined in [RFC6926]. When DHCP4o6 server receives the extending Bulk Leasequery message, it will first address the DHCPv4 Bulk Leasequery message as defined in [RFC6926]. Then DHCP4o6 server will address related IPv6 configuration query recording to the DHCPv4 replying. In LEASEQUERY- REPLY, LEASEQUERY-DATA or LEASEQUERY-DONE message, DHCPv4 Message Option will contain the DHCPLEASEACTIVE , DHCPLEASEUNASSIGNED or DHCPLEASEQUERYDONE message as a reply to DHCPv4 lease query and Client Data Option will contain the related IPv6 option as a reply to related IPv6 configuration query. The status description in DHCPv6 reply message MUST be identical with the status in DHCPv4 reply message in semantics. 5.2. Extension to Active Leasequery DHCP4o6 Active Leasequery extends the Active Leasequery to allow a requestor getting the current DHCP4o6 lease information and in this scenario, DHCP4o6 server MUST support the DHCP4o6 Bulk Leasequery. As defined in[I-D.ietf-dhc-dhcpv6-active-leasequery], an Active Leasequery requestor would typically use Bulk Leasequery to initialize its database with all current data when that database contains no binding information. In addition, requestors would use Bulk Leasequery to recover missed information in the event that it recover from the failure. It also works in DHCP4o6 Active Leasequery. A requestor attempts to establish a TCP connection to a DHCP4o6 server in order to initiate an Active Leasequery exchange. If the attempt fails, the requestor MAY retry. After a connection is established, the requestor constructs a DHCP4o6 Active Leasequery message. In ACTIVELEASEQUERY message, the Query options MUST include an OPTION_ORO option to indicate the options for each client's related IPv6 configration that the requestor would like the server to return. The query-type in Query option MUST be identical with the query-type of the DHCPv4 Active Leasequery message in DHCPv4 Message Option. Similar to Bulk Leasequery, the DHCPv4 Active Leasequery message DHCPACTIVELEASEQUERY message in the DHCPv4 Message Option composes as defined in [I-D.ietf-dhc-dhcpv4-active-leasequery]. Cui, et al. Expires July 24, 2015 [Page 6] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 When DHCP4o6 server receives the extending Active Leasequery message, it will first address the DHCPv4 Active Leasequery message as defined in[I-D.ietf-dhc-dhcpv4-active-leasequery]. Then DHCP4o6 server will address related IPv6 configuration query according to the DHCPv4 replying. The status description in DHCPv6 reply message MUST be identical with the status in DHCPv4 reply message in semantics. When the server updates DHCPv4 lease or related IPv6 information, it will generate a response to requestors. In response, the server sends updates of DHCPv4 over DHCPv6 lease information in the DHCPv6 LEASEQUERY-DATA message. In LEASEQUERY-REPLY, LEASEQUERY-DATA or LEASEQUERY-DONE message, DHCPv4 Message Option will contain the DHCPLEASEACTIVE, DHCPLEASEUNASSIGNED or DHCPLEASEQUERYDONE message as a reply to DHCPv4 lease query and Client Data Option will contain the related IPv6 option as a reply to related IPv6 configuration query. 6. Security Considerations The "Security Considerations" section of [RFC5460] and [I-D.ietf-dhc-dhcpv6-active-leasequery]details the threats to DHCPv6 Bulk Leasequery and Active Leasequery especially additional concerns for the use of TCP. In this document, DHCPv4 leasequery messages are encapsulated in the defined option. In order to bypass firewalls or network authentication gateways, a malicious attacker may leverage this feature to convey other messages using DHCPv6 leasequery message. It is possible for a rogue host to reply as a DHCP4o6 leasequery requestor, which will get configuration of the network. To avoid this, the requestor should be checked before configured the address of DHCP4o6 server. 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997. [RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration Protocol (DHCP) Leasequery", RFC 4388, February 2006. Cui, et al. Expires July 24, 2015 [Page 7] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 [RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, "DHCPv6 Leasequery", RFC 5007, September 2007. [RFC5460] Stapp, M., "DHCPv6 Bulk Leasequery", RFC 5460, February 2009. [RFC6926] Kinnear, K., Stapp, M., Desetti, R., Joshi, B., Russell, N., Kurapati, P., and B. Volz, "DHCPv4 Bulk Leasequery", RFC 6926, April 2013. [RFC7341] Sun, Q., Cui, Y., Siodelski, M., Krishnan, S., and I. Farrer, "DHCPv4-over-DHCPv6 (DHCP 4o6) Transport", RFC 7341, August 2014. 7.2. Informative References [I-D.fsc-softwire-dhcp4o6-saddr-opt] Farrer, I., Sun, Q., and Y. Cui, "DHCPv4 over DHCPv6 Source Address Option", draft-fsc-softwire-dhcp4o6-saddr- opt-01 (work in progress), September 2014. [I-D.ietf-dhc-dhcpv4-active-leasequery] Kinnear, K., Stapp, M., Volz, B., and N. Russell, "Active DHCPv4 Lease Query", draft-ietf-dhc-dhcpv4-active- leasequery-01 (work in progress), June 2014. [I-D.ietf-dhc-dhcpv6-active-leasequery] Dushyant, D., Kinnear, K., and D. Kukrety, "DHCPv6 Active Leasequery", draft-ietf-dhc-dhcpv6-active-leasequery-01 (work in progress), March 2014. [I-D.ietf-dhc-dynamic-shared-v4allocation] Cui, Y., Qiong, Q., Farrer, I., Lee, Y., Sun, Q., and M. Boucadair, "Dynamic Allocation of Shared IPv4 Addresses", draft-ietf-dhc-dynamic-shared-v4allocation-02 (work in progress), September 2014. [I-D.ietf-softwire-lw4over6] Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and I. Farrer, "Lightweight 4over6: An Extension to the DS- Lite Architecture", draft-ietf-softwire-lw4over6-13 (work in progress), November 2014. Authors' Addresses Cui, et al. Expires July 24, 2015 [Page 8] Internet-Draft DHCP4o6 Bulk and Active Leasequery January 2015 Yong Cui Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6260-3059 Email: yong@csnet1.cs.tsinghua.edu.cn ZiLong Liu Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: liuzilong8266@163.com Cong Liu Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: gnocuil@gmail.com Yiu L. Lee Comcast U.S.A Email: yiu_lee@cable.comcast.com Cui, et al. Expires July 24, 2015 [Page 9]