DHC Working Group Amy. Zhao Internet-Draft Huawei Technologies Co.,Ltd Expires: March 16, 2007 September 12, 2006 DHCPv6 Relay Agent Link Selection(RALS) Option draft-zhao-dhc-dhcpv6-relay-link-selection-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 16, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document defines a new Relay Agent Link Selection(RALS) option for the Dynamic Host Configuration Protocol for IPv6 (DHCPv6).The new option is inserted by the DHCPv6 relay agent when forwarding client- originated DHCPv6 packets to a DHCPv6 server. Servers recognizing this new option can include link-selection information as part of policies about address assignment, prefix delegation, or other DHCP parameters. Zhao Expires March 16, 2007 [Page 1] Internet-Draft Relay Agent Link Selection Option September 2006 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Terminology . . . . . . . . . . . . . . . . . . . 5 3. The Relay Agent Link Selection Option . . . . . . . . . . . . 6 3.1. Encapsulated IA Address option . . . . . . . . . . . . . . 7 3.2. Encapsulated IA Prefix option . . . . . . . . . . . . . . 7 4. DHCPv6 Relay Agent Behavior . . . . . . . . . . . . . . . . . 9 4.1. Relaying a Message from a client . . . . . . . . . . . . . 9 4.2. Relaying a Message from a Relay Agent . . . . . . . . . . 9 5. DHCPv6 Server Behavior . . . . . . . . . . . . . . . . . . . . 10 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 Intellectual Property and Copyright Statements . . . . . . . . . . 16 Zhao Expires March 16, 2007 [Page 2] Internet-Draft Relay Agent Link Selection Option September 2006 1. Introduction Dynamic Host Configuration Protocol for IPv6(DHCPv6) [RFC3315] provides IP addresses and configuration information for IPv6 clients.It includes a relay agent capability in which processes within the network infrastructure receive multicast messages from clients and relay them to DHCPv6 servers. In some network environments, it will be useful for the relay agent to add information to the DHCPv6 message before relaying it. The information that relay agents supply can also be used in the server's decision-making about the addresses and configuration parameters that the client is to receive. In the usual approach, when the DHCPv6 relay agent relays the request from a client, it constructs a new DHCPv6 Relay-forward message and places a global or site-scoped address with a prefix assigned to the link on which the client should be assigned an address in the 'link- address' field. This address will be used by the server to determine the link from which the client should be assigned an address and other configuration information. However, some situations exist where the relay agent needs to be able to communicate to the DHCPv6 server the link/subnet from which to allocate IP address(es) or delegate prefix(es). For example: In a NETLMM infrastructure[I-D.giaretta-netlmm-dt], if the mobile node(MN) uses DHCPv6 to request the address, the Moblie Access Gateway(MAG) acts as DHCPv6 Relay Agent and connects to the DHCPv6 Server. When MN powers on or connects to a NETLMM domain, the MAG includes the identifier of the Local Mobility Anchor(LMA) that is in charge of serving that MN in the DHCPv6 Relay-forward message, so that the DHCPv6 server can select the IP address accordingly(e.g. from the IP subnet of the LMA). Zhao Expires March 16, 2007 [Page 3] Internet-Draft Relay Agent Link Selection Option September 2006 +--------------------------------+ | LMM Domain | | | | +----+ +----+ | | |LMA | | LMA| | | +----+ +----+ | | \ / | | ********************** | | * * | | * IP network * | | * * | | ********************** | | / | \ | | +----+ +----+ +----+ | +--|MAG1|----|MAG2|-----|MAG3|---+ +----+ +----+ +----+ | | | | +---+ Movement +--+ |MN | ----> |CN| +---+ +--+ Figure 1 - Reference architecture Zhao Expires March 16, 2007 [Page 4] Internet-Draft Relay Agent Link Selection Option September 2006 2. Requirements Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. NETLMM terminology in this document follows that in[I-D.giaretta- netlmm-dt] . Definitions for terms and acronyms used in this document are defined in [RFC3315]. Zhao Expires March 16, 2007 [Page 5] Internet-Draft Relay Agent Link Selection Option September 2006 3. The Relay Agent Link Selection Option The RALS option carries information about a list of selected links/ subnets from which the client may be assigned address(es)/prefix(es). It encapsulates IA Address options([RFC3315]) or IA prefix options([RFC3633]). The new option is inserted by the DHCPv6 relay agent when forwarding client-originated DHCPv6 packets to a DHCPv6 server. Servers recognizing the RALS option may use the information to implement address/prefix or other parameter assignment policies. The RALS option is only exchanged between the DHCPv6 relay agent and the DHCPv6 Server, the DHCPv6 Client MUST NOT insert this option into the area of DHCPv6 request messages. The DHCPv6 Relay agent and DHCPv6 server MUST ignore the RALS option that comes from the DHCPv6 client. The format of the DHCPv6 RALS option is shown below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | option-code | option-length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . encapsulated-options . | | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2 - RALS option format option-code TBD. This is the DHCPv6 option code for the RALS option option-len An unsigned integer giving the length of the option data field in octets. encapsulated-options Zhao Expires March 16, 2007 [Page 6] Internet-Draft Relay Agent Link Selection Option September 2006 DHCPv6 options to be delivered by the RALS option. The contents of options encapsulated in the RALS option are interpreted according to the use of those options in the relay agent . The uses of the DHCP IA Address and IA Prefix options in the RALS options are defined in this document. 3.1. Encapsulated IA Address option The fields in an IA Address option (OPTION_IAADDR, option code 5) are used as follows: IPv6 address The IPv6 address of the selected link/subnet preferred-lifetime Not used valid-lifetime Not used IAaddr-options Not used 3.2. Encapsulated IA Prefix option The fields in an IA Prefix option (OPTION_IAPREFIX, option code 28) are used as follows: preferred-lifetime Not used valid-lifetime Not used prefix-length length for this prefix in bits IPv6-prefix Zhao Expires March 16, 2007 [Page 7] Internet-Draft Relay Agent Link Selection Option September 2006 The IPv6 prefix of the selected link/subnet IAaddr-options Not used Zhao Expires March 16, 2007 [Page 8] Internet-Draft Relay Agent Link Selection Option September 2006 4. DHCPv6 Relay Agent Behavior Adding of the DHCPv6 RALS Option SHOULD be configurable, and MUST be disabled by default. How the relay agent learns the link/subnet information is outside the scope of this document. 4.1. Relaying a Message from a client When a relay agent receives a valid DHCPv6 message to be relayed from a client, it constructs a new Relay-forward message per Section 20.1.1 of [RFC3315] and then adds the RALS option to the Relay- forward message, along with other option(s), e.g. the Interface-Id option, if it is configured to do so. 4.2. Relaying a Message from a Relay Agent When a relay agent receives a valid Relay-forward message from another relay agent closer to the client, if the message already includes a RALS option in the area of Relay-forward message, the relay agent MUST NOT add another RALS Option,else the relay agent shall construct a new Relay-forward message per Section 20.1.2 of [RFC3315] and then add the RALS Option to this newly created Relay- forward message, along with other option(s), as described in Section 3.1.1 of [RFC3315], if it is configured to do so. Zhao Expires March 16, 2007 [Page 9] Internet-Draft Relay Agent Link Selection Option September 2006 5. DHCPv6 Server Behavior This option provides additional information to the DHCPv6 server. When the DHCPv6 server receives a message from a relay agent containing a RALS option,if it is configured to support this option, it extracts the contents of the option and SHOULD use that information as a hint in assigning IPv6 address(es)/prefix(es) to the client. DHCPv6 servers unaware of the RALS Option will ignore the option upon reception . There is no requirement that a server return this option and its data in a RELAY-REPLY message. Zhao Expires March 16, 2007 [Page 10] Internet-Draft Relay Agent Link Selection Option September 2006 6. Security Considerations The RALS Option allows a relay agent to specify the link/subnet on which to allocate IPv6 address/prefix for a DHCPv6 client. The existence of the RALS Option documented here would allow a malicious DHCPv6 client to perform a more complete address-pool exhaustion attack than could be performed without the use of this, since the client would no longer be restricted to attacking address-pools on just its local subnet. The DHCPv6 RALS Option depends on a trusted relationship between the DHCPv6 relay agent and the server. If a client message is relayed through multiple relay agents, each of the relay agents must have established independent, pairwise trust relationships. While the introduction of fraudulent RALS may be prevented by a perimeter defense that blocks these options unless the relay agent is trusted, a deeper defense using IPsec[RFC2401] between the relay agent(s) and the server SHOULD be deployed as well. Refer to Section 21.1 of [RFC3315] for detail IPsec configurations required to protect communications between the DHCPv6 relay agent(s) and server. Zhao Expires March 16, 2007 [Page 11] Internet-Draft Relay Agent Link Selection Option September 2006 7. IANA Considerations IANA is requested to assign a DHCPv6 option code for the RALS Option. Zhao Expires March 16, 2007 [Page 12] Internet-Draft Relay Agent Link Selection Option September 2006 8. Acknowledgements Thanks Spencer Dawkins for providing his valuable advices for this document. Zhao Expires March 16, 2007 [Page 13] Internet-Draft Relay Agent Link Selection Option September 2006 9. References 9.1. Normative References [I-D.giaretta-netlmm-dt] Giaretta, G., Leung, L., and M. Liebsch, "NetLMM Protocol", draft-giaretta-netlmm-dt-protocol-00 (work in progress), June 2006. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. 9.2. Informative References [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, Nov. 1998. [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003. Zhao Expires March 16, 2007 [Page 14] Internet-Draft Relay Agent Link Selection Option September 2006 Author's Address Yuping Zhao(Amy Zhao) Huawei Technologies Co.,Ltd Huihong Mansion,No.91 Baixia Rd. Nanjing, Jiangsu 210001 P.R.China Phone: +86(25)84565403 Email: zhaoyuping@huawei.com Zhao Expires March 16, 2007 [Page 15] Internet-Draft Relay Agent Link Selection Option September 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Zhao Expires March 16, 2007 [Page 16]