Internet Engineering Task Force J. Schoenwaelder Internet-Draft Jacobs University Bremen Intended status: Informational T. B.D. Expires: April 21, 2011 TBD October 18, 2010 Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for Network Management draft-schoenw-opsawg-nm-dhc-00 Abstract This document defines new Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) options that contain a list of IP addresses that can be used to locate network management services. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 21, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Schoenwaelder & B.D. Expires April 21, 2011 [Page 1] Internet-Draft DHC Options for Network Management October 2010 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Network Management IPv4 Address Option for DHCPv4 . . . . . . . 3 3. Usage of Network Management Option for DHCPv4 . . . . . . . . . 4 4. Network Management IPv6 Address Option for DHCPv6 . . . . . . . 5 5. Usage of Network Management Option for DHCPv6 . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 Appendix A. Open Issues . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Schoenwaelder & B.D. Expires April 21, 2011 [Page 2] Internet-Draft DHC Options for Network Management October 2010 1. Introduction This document defines new Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) options that contain a list of IP addresses that can be used to locate network management services. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Network Management IPv4 Address Option for DHCPv4 This section describes the network management IPv4 Address Option for DHCPv4. The network management IPv4 Address Option begins with an option code followed by a length and sub-options. The value of the length octet does not include itself or the option code. The option layout is depicted below: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Code | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-Option 1 | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-Option n | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Code OPTION-IPv4_Address-NM (TBD) - 1 byte Length An 8-bit field indicating the length of the option excluding the 'Option Code' and the 'Length' fields Sub-options A series of DHCPv4 sub-options When the total length of a network management IPv4 Address Option exceeds 254 octets, the procedure outlined in [RFC3396] MUST be Schoenwaelder & B.D. Expires April 21, 2011 [Page 3] Internet-Draft DHC Options for Network Management October 2010 employed to split the option into multiple, smaller options. A sub-option begins with a sub-option code followed by a length and one or more IPv4 addresses. The sub-option layout is depicted below: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-opt Code | Length | IP Address . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The sub-option codes are summarized in Table 1. +-----------------+--------------+ | Sub-option code | Service Name | +-----------------+--------------+ | 1 | SNMP-TRAP | | 2 | SYSLOG | +-----------------+--------------+ Table 1: Sub-option codes or network management services The length is followed by a list of IPv4 addresses indicating appropriate network management servers available for a requested option. Servers MUST be listed in order of preference and the client should process them in decreasing order of preference. In the case that there is no network management server available, the length is set to 0; otherwise, it is a multiple of 4. 3. Usage of Network Management Option for DHCPv4 The requesting and sending of the proposed DHCPv4 option follow the rules for DHCP options in [RFC2131]. In order to discover the IP address of a network management service, the node (DHCP client) MUST include a Network Management IPv4 Address Option in the Parameter Request List (PRL) in the respective DHCP messages as defined in [RFC2131]. The client MAY include a Network Management IPv4 Address Option that includes one or more sub-option(s) with the Sub-opt Code or Codes that represent the service(s) the node is interested in. However, a client SHOULD be prepared to accept a response from a server that includes other sub-option(s) or does not include the requested sub- option(s). Schoenwaelder & B.D. Expires April 21, 2011 [Page 4] Internet-Draft DHC Options for Network Management October 2010 When the DHCP server receives a Network Management IPv4 Address Option in the PRL, the DHCP server MUST include the option in its response message as defined in [RFC2131]. A server MAY use the sub-options in the received Network Management IPv4 Address Option from the client's message to restrict its response to the client requested sub-options. In the case when the server cannot find any servers satisfying a requested sub-option, the server SHOULD return the network management Option with that sub- option and the length of the sub-option set to 0. 4. Network Management IPv6 Address Option for DHCPv6 This section describes the network management IPv6 Address Option for DHCPv6. The network management Discovery Option begins with an option code followed by a length and sub-options. The value of the length octet does not include itself or the option code. The option layout is depicted below: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Code | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-Option 1 | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-Option n | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Code OPTION-IPv6_Address-NM (TBD) - 2 bytes Length A 16-bit field indicating the length of the option excluding the 'Option Code' and the 'Length' fields. Sub-options A series of DHCPv6 sub-options The sub-option layout is depicted below. The value of the Sub-opt Schoenwaelder & B.D. Expires April 21, 2011 [Page 5] Internet-Draft DHC Options for Network Management October 2010 Code and Length is 2 octets, and the Length does not include itself or the Sub-opt Code field. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | sub-opt Code | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The sub-option codes are summarized in Table 2. +-----------------+--------------+ | Sub-option code | Service Name | +-----------------+--------------+ | 1 | SNMP-TRAP | | 2 | SYSLOG | +-----------------+--------------+ Table 2: Sub-option codes or network management services The length is followed by a list of IPv6 addresses indicating appropriate network management servers available for a requested option. Servers MUST be listed in order of preference and the client should process them in decreasing order of preference. In the case that there is no network management server available, the length is set to 0; otherwise, it is a multiple of 16. 5. Usage of Network Management Option for DHCPv6 The requesting and sending of the proposed DHCPv6 option follows the rules for DHCP options in [RFC3315]. In order to discover the IP address of a network management service, the node (DHCP client) MUST include a Network Management IPv6 Address Option in the Option Request Option (ORO) in the respective DHCP messages as defined in [RFC3315]. The client MAY include a Network Management IPv6 Address Option that includes one or more sub-option(s) with the Sub-opt Code or Codes that represent the service(s) the node is interested in. However, a client SHOULD be prepared to accept a response from a server that includes other sub-option(s) or does not include the requested sub- option(s). When the DHCP server receives a Network Management IPv6 Address Schoenwaelder & B.D. Expires April 21, 2011 [Page 6] Internet-Draft DHC Options for Network Management October 2010 Option in the ORO, the DHCP server MUST include the option in its response message as defined in [RFC3315]. A server MAY use the sub-options in the received Network Management IPv6 Address Option from the client's message to restrict its response to the client requested sub-options. In the case when the server cannot find any servers satisfying a requested sub-option, the server SHOULD return the network management Option with that sub- option and the length of the sub-option set to 0. 6. Security Considerations The security considerations in [RFC2131] apply. If an adversary manages to modify the response from a DHCP server or insert its own response, an node could be led to contact a rogue network management server. It is recommended to use the DHCP authentication option described in [RFC3118] where available. This will also protect against denial-of- service attacks to DHCP servers. [RFC3118] provides mechanisms for both entity authentication and message authentication. In deployments where DHCP authentication is not available, lower- layer security services may be sufficient to protect DHCP messages. 7. IANA Considerations This document defines a new DHCPv4 options as described in Section 2. NM IPv4 Address Option for DHCPv4 (OPTION-IPv4_Address-NM) [TBD] This document defines a new DHCPv6 options as described in Section 4. NM IPv6 Address Option for DHCPv6 (OPTION-IPv6_Address-NM) [TBD] TODO: Need to define registries for network management sub-options. 8. Acknowledgements The authors have used [RFC5678] as a template for this document. 9. References Schoenwaelder & B.D. Expires April 21, 2011 [Page 7] Internet-Draft DHC Options for Network Management October 2010 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages", RFC 3118, June 2001. [RFC3195] New, D. and M. Rose, "Reliable Delivery for syslog", RFC 3195, November 2001. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396, November 2002. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009. [RFC5425] Miao, F., Ma, Y., and J. Salowey, "Transport Layer Security (TLS) Transport Mapping for Syslog", RFC 5425, March 2009. [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", RFC 5426, March 2009. 9.2. Informative References [RFC5678] Bajko, G. and S. Das, "Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery", RFC 5678, December 2009. Schoenwaelder & B.D. Expires April 21, 2011 [Page 8] Internet-Draft DHC Options for Network Management October 2010 Appendix A. Open Issues 1. Describe how the SNMP option updates the SNMP target/notification tables with volatile entries. Authors' Addresses Juergen Schoenwaelder Jacobs University Bremen Campus Ring 1 Bremen 28759 Germany Email: j.schoenwaelder@jacobs-university.de TBD TBD Email: Schoenwaelder & B.D. Expires April 21, 2011 [Page 9]