Internet DRAFT - draft-reddy-mif-dhcpv6-precedence-ops
draft-reddy-mif-dhcpv6-precedence-ops
MIF Working Group T. Reddy
Internet-Draft P. Patil
Intended status: Standards Track D. Wing
Expires: April 18, 2013 Cisco
October 15, 2012
Relay-Supplied DHCPv6 Precedence Options
draft-reddy-mif-dhcpv6-precedence-ops-02
Abstract
Network configuration of hosts is currently relatively static with
little consideration of dynamic network characteristics. The network
infrastructure is aware of dynamic network characteristics. This
specification extends DHCPv6 so that the DHCPv6 relay agent can
influence a host's configuration.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 18, 2013.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
Reddy, et al. Expires April 18, 2013 [Page 1]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. IPv6 Multihoming . . . . . . . . . . . . . . . . . . . . . 3
3.2. Disabling IPv6 Temporary Addresses . . . . . . . . . . . . 4
3.2.1. Avoiding Excessive IP-Based Authentication . . . . . . 4
3.2.2. Reducing Management Impact . . . . . . . . . . . . . . 5
4. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.1. Address Selection option . . . . . . . . . . . . . . . . . 6
4.2. Relay-Supplied Prefix Option . . . . . . . . . . . . . . . 7
5. Relay Agent Behaviour . . . . . . . . . . . . . . . . . . . . 8
6. DHCPv6 Server Behaviour . . . . . . . . . . . . . . . . . . . 8
6.1. Address Selection option . . . . . . . . . . . . . . . . . 8
6.2. Relay-Supplied Prefix Option . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Changes from draft-reddy-mif-dhcpv6-precedence-ops-00
to -01 . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.2. Changes from draft-reddy-mif-dhcpv6-precedence-ops-01
to -02 . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Reddy, et al. Expires April 18, 2013 [Page 2]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
1. Introduction
DHCPv6 allows relatively static information to be configured in
hosts, which is somewhat limiting. On a dynamic network, the DHCPv6
relay agent can observe characteristics of a network -- such as IPv6
multihoming which might be temporarily unavailable or need load
balancing of traffic towards each upstream ISPs. By including
additional information in relayed DHCPv6 messages, the DHCPv6 relay
agent can influence the DHCPv6 server to provide answers that are
better suited to the host's configuration on the network.
In this document we propose new DHCPv6 options to be added by the
DHCPv6 relay agent when it generates a Relay-Forwarded message.
[RFC6724] defines default address selection mechanisms for IPv6 that
allow nodes to select appropriate address when faced with multiple
source and/or destination addresses to choose between. An initial
desire is to influence the DHCPv6 server's responses that modify the
host's address policy table [I-D.ietf-6man-addr-select-opt] based on
observed network characteristics.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Usage Scenarios
The DHCPv6 extension described in this document is useful with IPv6
multihoming and with IP address-based authentication.
3.1. IPv6 Multihoming
o In Proxy Mobile IPv6 [RFC5213] where Mobile Node is assigned
prefixes from both local access network and home network. This
will allow selected traffic to go through the Mobile Packet Core
and the rest through the Local access Network. When DHCPv6 Relay
Agent is co-located with the mobile access gateway, the proposal
is for the relay agent to influence the DHCPv6 Server in the home
network by adding the Address Selection option. The relay agent
can add an Address Selection option to the DHCPv6 request
suggesting the local access network address selection policy table
overiding the default address selection parameters and policy
table. The DHCPv6 server in the home network will merge the
policy received in Address Selection option with it's own policy
table as explained in section 4.3 of
Reddy, et al. Expires April 18, 2013 [Page 3]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
[I-D.ietf-6man-addr-select-opt]. This updated policy table will
be provided to the DHCPv6 client (MN) in Address Selection option
(OPTION_ADDRSEL_TABLE). When the DHCPv6 Server is co-located with
the mobile access gateway, the DHCPv6 Server in the local access
network will receive the policy table from the DHCPv6 server in
the home network using DHCPv6 INFORMATION-REQUEST. The DHCPv6
server in local access network will merge the received policy
table with it's local policy table. The following figure depicts
this scenario.
_----_
_( )_
( Internet )
(_ _)
'----'
|
:
:
|
.........................................................
| |
+--------+ | +---------------------+
| Local |-| | Operator Value |
|Services| | | Added Services |
+--------+ | | |
| +---------------------+
| |
| _----_ |
+-----+ _( )_ +-----+
[MN]----| MAG |======( IP )======| LMA |-- Internet
+-----+ (_ _) +-----+
'----'
.
.
.
[Access Network] . [Home Network]
..........................................................
MN - Mobile Node
Figure 1: Proxy Mobile IPv6
3.2. Disabling IPv6 Temporary Addresses
3.2.1. Avoiding Excessive IP-Based Authentication
Some managed networks authenticate hosts with an authentication
supplicant or for hosts lacking the supplicant perform address-based
authentication. When Address-based authentication is used, re-
Reddy, et al. Expires April 18, 2013 [Page 4]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
authentication occurs for each address obtained by the host, which
can create a lot of authentication transactions. To reduce this
chatter, it can be useful to disable IPv6 Privacy Addresses [RFC4941]
on those hosts using address-based authentication. In a managed
network, this option will ensure that temporary addresses are
disabled for hosts without authentication supplicant. This way
managed networks can conditionally disable temporary addresses for
only a set of hosts.
The relay agent may be configured with the external prefixes that
will be assigned to the host. In that case, the relay agent would
use the Address Selection option. In the case where the relay agent
is unaware of the external prefixes that will be assigned to the
host, the relay agent uses the Relative Precedence option. Details
for processing those options are described later in the document.
Whenever either of those options is used, a DHCPv6 server that
understands those options will ignore the IA_TA options in the DHCPv6
request, effectively disabling the use of temporary addresses for
that host.
3.2.2. Reducing Management Impact
In addition, there are known issues in managing privacy extensions in
certain scenarios. These are described in managing privacy
extensions [I-D.gont-6man-managing-privacy-extensions]. In such
scenarios, conditionally disabling temporary addresses allows
administrators to better manage deployments.
4. Options
To realize the functions described above, this document defines new
DHCPv6 option Relay-Supplied Prefix and updates the Address Selection
option defined in [I-D.ietf-6man-addr-select-opt]. These DHCPv6
options are added by the DHCPv6 relay agent when it relays a DHCPv6
message, and both MAY appear together in the same DHCPv6 message.
Reddy, et al. Expires April 18, 2013 [Page 5]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
DHCPv6 Client DHCPv6 Relay Agent DHCPv6 Server
| | |
|------------------->| |
| DHCPv6 REQUEST | |
| | |
| (adds Relay-Supplied Prefix and/or |
| Address Selection option to the request) |
| | |
| |----------------------------->|
| | DHCPv6 REQUEST with |
| | Relay-Supplied Prefix and/or |
| | Address Selection Options |
| | |
| |<-----------------------------|
| | DHCPv6 REPLY |
|<-------------------| |
| DHCPv6 REPLY | |
Figure 2: Message Flow, Relay Agent adding Option
Relay-Supplied Prefix option carries host and network information
observed by the DHCPv6 relay agent such as host does not support
802.1x supplicant and will be subjected to web-authentication. The
Address Selection option allows prioritizing among a list of prefixes
the DHCPv6 relay agent expects the DHCPv6 server to provide to the
host.
4.1. Address Selection option
The layout of the Address Selection option is below:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL_TABLE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved|N|A|P| |
+-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS |
| (variable length) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Option Type 1 message format
The fields are described below:
Reddy, et al. Expires April 18, 2013 [Page 6]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
option-code : OPTION_ADDRSEL_TABLE defined in
[I-D.ietf-6man-addr-select-opt]
option-len: Option Length
Reserved: Must be 0 and ignored by the server.
N: A value of 1 indicates that the relay agent wants the DHCPv6
server to ignore any IA_TA options in the DHCPv6 request, as if
the IA_TA options were not present. This effectively disables
privacy extensions [RFC4941]. A value of 0 indicates the IA_TA
options, if present in the DHCPv6 request, are processed normally
by the DHCPv6 server. This value has no impact on destination
prefixes.
A: This flag MUST be set to 0 and ignored by the DHCPv6 server
P: This flag MUST be set to 0 and ignored by the DHCPv6 server.
Prefix Table Options: Zero or more Address Selection Policy Table
options defined in [I-D.ietf-6man-addr-select-opt].
4.2. Relay-Supplied Prefix Option
The Relay-Supplied Prefix option is defined below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_RS_PREFIX | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Policy flag | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Option Type 2 message format
option-len: Length of the option.
Policy flag: 8-bit unsigned integer.
Reserved: Must be 0 and ignored by the server.
The Policy Flag is defined below, and the actions taken by the DHCPv6
server based on this flag are described in Section 6.
Reddy, et al. Expires April 18, 2013 [Page 7]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
+------+------------------------------------------------------------+
|Value | Name | Description |
+------+------------------------------------------------------------+
| 0x01 | IPV6_DIS_TEMP_ADDR | Disable IPv6 Temporary Address |
+------+------------------------------------------------------------+
Figure 5: Policy flag Values
5. Relay Agent Behaviour
DHCPv6 relay agents that implement this specification MUST be
configurable for sending the Address Selection option and the Relay-
Supplied Prefix option. Relay agents SHOULD have separate
configuration for each option to determine if it is to be added to
DHCPv6 request. A relay agent will include these options in the
option payload of a Request message. DHCPv6 relay agent should set
Address Selection option when there is a need to change the label/
precedence value for prefixes in scenario's discussed in Section 3.1
and/or disable IPv6 temporary addresses for the host.
Discussion: To reduce end-user configuration of the DHCPv6 relay
agent, the DHCPv6 relay agent can use the mechanism specified in
[RFC3633] to automatically learn the IPv6 prefixes that will be
delegated to DHCPv6 clients. DHCPv6 relay agent in future can use
leasequery-like capability discussed in section 3.2 of RFC
[RFC5007] to learn the prefix information from DHCPv6 server.
DHCPv6 relay agent should set Relay-Supplied Prefix option when it
receives DHCPv6 request from a host with specific characteristics
like authenticated using address based mechanism. Relative
Precedence option is used when the relay agent is unaware of the
external prefixes to be assigned to the host.
6. DHCPv6 Server Behaviour
Upon receiving a DHCPv6 request containing the Address Selection
option or the Relay-Supplied Prefix Option, the DHCPv6 server
processing is described below:
6.1. Address Selection option
Address Selection option - The DHCPv6 server should send a reply to
the host with the prefixes received from DHCPv6 relay agent along
with Precedence. The DHCPv6 server will merge the policy received in
Address Selection option with it's own policy table as explained in
section 4.3 of [I-D.ietf-6man-addr-select-opt].
Reddy, et al. Expires April 18, 2013 [Page 8]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
If the option has "N" bit set to 1, the server SHOULD ignore the
IA_TA options in the DHCPv6 request, effectively disabling the use of
temporary addresses for that prefix. The DHCPv6 server will ignore
the "N" bit for destination prefixes.
Note : If DHCPv6 servers receives both options with conflicting flags
IPV6_DIS_TEMP_ADDR and "N" bit then it SHOULD treat it as mis-
configuration on the relay agent and discard these options.
6.2. Relay-Supplied Prefix Option
The Relay-Supplied Prefix Option contains flags that defines the
characteristics of the host.
1. IPV6_DIS_TEMP_ADDR - This flag indicates that Temporary IPv6
address allocation is to be disabled for the host. The DHCPv6
server should ignore any IA_TA options in the DHCPv6 request.
7. Security Considerations
Relay-Supplied Prefix is exchanged only between the DHCPv6 relay
agent and DHCPv6 server and Address Selection option can originate
either from the server or the relay agent, section 21.1 of [RFC3315]
provides details on securing DHCPv6 messages sent between servers and
relay agents. And, section 23 of [RFC3315] provides general DHCPv6
security considerations.
It is possible for a DHCPv6 client to include the Relay-Supplied
Prefix option or the Address Selection options, which would be
received by a DHCPv6 server. This would cause the DHCPv6 client to
receive a different DHCPv6 response than it would have otherwise
received. .
8. IANA Considerations
IANA is requested to assign option code to OPTION_RS_PREFIX from the
option-code space as defined in section "DHCPv6 Options" of
[RFC3315].
9. Change History
[Note to RFC Editor: Please remove this section prior to
publication.]
Reddy, et al. Expires April 18, 2013 [Page 9]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
9.1. Changes from draft-reddy-mif-dhcpv6-precedence-ops-00 to -01
o Added Proxy Mobile IPv6 with traffic offload use-case in Section
3.1.
o Updated Section 3.2.1 to highlight the ability to disable
temporary addresses selectively.
9.2. Changes from draft-reddy-mif-dhcpv6-precedence-ops-01 to -02
o Updated usecase in section 3.1
o Changed Absolute Precedence Option
10. References
10.1. Normative References
[I-D.gont-6man-managing-privacy-extensions]
Gont, F. and R. Broersma, "Managing the Use of Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", draft-gont-6man-managing-privacy-extensions-01
(work in progress), March 2011.
[I-D.ietf-6man-addr-select-opt]
Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing
Address Selection Policy using DHCPv6",
draft-ietf-6man-addr-select-opt-06 (work in progress),
September 2012.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng,
"DHCPv6 Leasequery", RFC 5007, September 2007.
Reddy, et al. Expires April 18, 2013 [Page 10]
�
Internet-Draft Relay-Supplied DHCPv6 Precedence Options October 2012
[RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K.,
and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008.
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012.
10.2. Informative References
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003.
Authors' Addresses
Tirumaleswar Reddy
Cisco Systems, Inc.
Cessna Business Park, Varthur Hobli
Sarjapur Marathalli Outer Ring Road
Bangalore, Karnataka 560103
India
Email: tireddy@cisco.com
Prashanth Patil
Cisco Systems, Inc.
Cessna Business Park, Varthur Hobli
Sarjapur Marthalli Outer Ring Road
Bangalore, Karnataka 560103
India
Email: praspati@cisco.com
Dan Wing
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134
USA
Email: dwing@cisco.com
Reddy, et al. Expires April 18, 2013 [Page 11]
�
