idnits 2.17.1 draft-ietf-dhc-leasequery-by-remote-id-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC4388, but the abstract doesn't seem to directly say this. It does mention RFC4388 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4388, updated by this document, for RFC5378 checks: 2000-11-21) -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 3, 2010) is 4890 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DHC Working Group P. Kurapati 3 Internet-Draft Juniper Networks. 4 Updates: 4388 (if approved) R. Desetti 5 Intended status: Standards Track B. Joshi 6 Expires: June 6, 2011 Infosys Technologies Ltd. 7 December 3, 2010 9 DHCPv4 lease query by Relay Agent Remote ID 10 draft-ietf-dhc-leasequery-by-remote-id-09.txt 12 Abstract 14 Some Relay Agents extract lease information from the DHCP messages 15 exchanged between the client and DHCP server. This lease information 16 is used by relay agents for various purposes like antispoofing and 17 prevention of flooding. RFC 4388 defines a mechanism for relay 18 agents to retrieve the lease information from the DHCP server when 19 this information is lost. The existing lease query mechanism is data 20 driven, which means that a relay agent can initiate the lease query 21 only when it starts receiving data from/to the clients. In certain 22 scenarios, this model is not scalable. This document first looks at 23 issues in existing mechanism and then proposes a new query type, 24 query by Remote ID, to address these issues. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on June 6, 2011. 43 Copyright Notice 45 Copyright (c) 2010 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 This document may contain material from IETF Documents or IETF 59 Contributions published or made publicly available before November 60 10, 2008. The person(s) controlling the copyright in some of this 61 material may not have granted the IETF Trust the right to allow 62 modifications of such material outside the IETF Standards Process. 63 Without obtaining an adequate license from the person(s) controlling 64 the copyright in such materials, this document may not be modified 65 outside the IETF Standards Process, and derivative works of it may 66 not be created outside the IETF Standards Process, except to format 67 it for publication as an RFC or to translate it into languages other 68 than English. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 73 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 74 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 8 75 4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . . 9 76 4.1. Sending the DHCPLEASEQUERY Message . . . . . . . . . . . . 9 77 4.2. Responding to the DHCPLEASEQUERY Message . . . . . . . . . 10 78 4.3. Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message . . 10 79 4.4. Determining the IP address to be used in response . . . . 11 80 4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message . . 11 81 4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN 82 Message . . . . . . . . . . . . . . . . . . . . . . . . . 11 83 4.7. Receiving No Response to the DHCPLEASEQUERY Message . . . 12 84 4.8. Lease Binding Data Storage Requirements . . . . . . . . . 12 85 4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP 86 Servers . . . . . . . . . . . . . . . . . . . . . . . . . 12 87 5. RFC 4388 Considerations . . . . . . . . . . . . . . . . . . . 13 88 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 89 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 90 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 91 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 92 9.1. Normative Reference . . . . . . . . . . . . . . . . . . . 17 93 9.2. Informative Reference . . . . . . . . . . . . . . . . . . 17 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 96 1. Introduction 98 DHCP relay agents snoop DHCP messages and append a relay agent 99 information option before relaying them to the configured DHCP 100 Server. In this process, some relay agents also glean the lease 101 information sent by the server and maintain this locally. This 102 information is used to prevent spoofing attempts from clients and 103 also sometimes to install routing information. When a relay agent 104 reboots, this information is lost. RFC 4388 [RFC4388] has defined a 105 mechanism to retrieve this lease information from the DHCP server. 106 The existing query types defined by RFC 4388 [RFC4388] are data- 107 driven. When a client sends data upstream, the relay agent can query 108 the server about the related lease information, based on the source 109 MAC/IP address. These mechanisms do not scale well when there are 110 thousands of clients connected to the relay agent. In the data 111 driven model, lease query does not provide the full and consolidated 112 active lease information associated with a given connection/circuit, 113 which will result in inefficient anti-spoofing. The relay agent also 114 has to contend with considerable resources for negative caching 115 specially under spoofing attacks. 117 We need a mechanism for a relay agent to retrieve the consolidated 118 lease information for a given connection/circuit before upstream 119 traffic is sent by the clients. 121 +--------+ 122 | DHCP | +--------------+ 123 | Server |-...-| DSLAM | 124 | | | Relay Agent | 125 +--------+ +--------------+ 126 | | 127 +------+ +------+ 128 |Modem1| |Modem2| 129 +------+ +------+ 130 | | | 131 +-----+ +-----+ +-----+ 132 |Node1| |Node2| |Node3| 133 +-----+ +-----+ +-----+ 135 Figure 1 137 For example, when a DSLAM (Digital Subscriber Line Access 138 Multiplexer) acting as a Relay Agent is rebooted, it should query the 139 server for the lease information for all the connections/circuits. 140 Also, as shown in the above figure, there could be multiple clients 141 on one DSL circuit. The relay agent should get the lease information 142 of all the clients connected to a DSL circuit. This is possible by 143 introducing a new query type based on the Remote ID sub-option of the 144 Relay Agent Information option. This document talks about the 145 motivation for the new query type and the method to perform it. 147 2. Terminology 149 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 150 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 151 document are to be interpreted as described in RFC 2119 [RFC2119]. 153 This document uses the following terms: 155 o "Access Concentrator" 157 An access concentrator is a router or switch at the broadband access 158 provider's edge of a public broadband access network. This document 159 assumes that the access concentrator includes the DHCP relay agent 160 functionality. 162 o "DHCP client" 164 A DHCP client is an Internet node using DHCP to obtain configuration 165 parameters such as a network address. 167 o "DHCP relay agent" 169 A DHCP relay agent is a third-party agent that transfers Bootstrap 170 Protocol (BOOTP) and DHCP messages between clients and servers 171 residing on different subnets, per RFC 951 [RFC951] and RFC 1542 172 [RFC1542]. 174 o "DHCP server" 176 A DHCP server is an Internet node that returns configuration 177 parameters to DHCP clients. 179 o "Fast path" 181 Data transfer that happens through a Network Processor or an ASIC, 182 which are programmed to forward the data at very high speeds. 184 o "Gleaning" 186 Gleaning is the extraction of location information from DHCP 187 messages, as the messages are forwarded by the DHCP relay agent 188 function. 190 o "Location information" 192 Location information is information needed by the access concentrator 193 to forward traffic to a broadband-accessible node. This information 194 includes knowledge of the node's hardware address, the port or 195 virtual circuit that leads to the node, and/or the hardware address 196 of the intervening subscriber modem. 198 o "MAC address" 200 In the context of a DHCP packet, a MAC address consists of the 201 following fields: hardware type "htype", hardware length "hlen", and 202 client hardware address "chaddr". 204 o "Slow path" 206 Data transfer that happens through the control plane. This has very 207 limited buffers to store data and the speeds are very low compared to 208 the fast path data transfer. 210 o "Upstream" 212 Upstream is the direction from the broadband subscriber towards the 213 access concentrator. 215 3. Motivation 217 Consider an access concentrator (e.g., DSLAM) working also as a DHCP 218 relay agent. A "Fast path" and a "slow path" generally exist in most 219 networking boxes. Fast path processing is done in a network 220 processor or an ASIC (Application Specific Integrated Circuit). Slow 221 path processing is done in a normal processor. As much as possible, 222 regular data forwarding should be done in the fast path. Slow path 223 processing should be reduced as it may become a bottleneck. 225 For an access concentrator having multiple access ports, multiple IP 226 addresses may be assigned using DHCP to a single port and the number 227 of clients on a port may be unknown. The access concentrator may 228 also not know the network portions of the IP addresses that are 229 assigned to its DHCP clients. 231 The access concentrator gleans IP address or other information from 232 DHCP negotiations for antispoofing and other purposes. The 233 antispoofing itself is done in the fast path. The access 234 concentrator keeps track of only one list of IP addresses: list of IP 235 addresses that are assigned by the DHCP servers; upstream traffic 236 from all other IP addresses is dropped. If a client starts its data 237 transfer after its DHCP negotiations have been gleaned by the access 238 concentrator, no legitimate packets will be dropped because of 239 antispoofing. In other words, antispoofing is effective (no 240 legitimate packets are dropped and all spoofed packets are dropped) 241 and efficient (antispoofing is done in the fast path). The intention 242 is to achieve similar effective and efficient antispoofing in the 243 lease query scenario also when an access concentrator loses its 244 gleaned information (for example, because of a reboot). 246 After a deep analysis, we found that the three existing query types 247 supported by RFC 4388 [RFC4388] do not provide effective and 248 efficient antispoofing for the above scenario and a new mechanism is 249 required. 251 The existing query types 253 o necessitate a data-driven approach: the lease queries can only be 254 performed when the access concentrator receives data. This 255 results in increased outage time for clients 257 o results in excessive negative caching, consuming a lot of 258 resources under a spoofing attack 260 o results in antispoofing being done in the slow path instead of the 261 fast path 263 4. Protocol Details 265 This section talks about the protocol details for query by Remote ID. 266 Most of the message handling is similar to RFC 4388 [RFC4388] and 267 this section highlights only the differences. Readers are advised to 268 go through RFC 4388 [RFC4388] before going through this section for 269 complete understanding of the protocol. 271 When used in this document, the unqualified term "DHCPLEASEQUERY" 272 indicates a lease query by Remote ID, unless otherwise specified. 274 RFC 3046 [RFC3046] defines two sub-options for the Relay Agent 275 Information option. Sub-option 1 corresponds to the Circuit ID that 276 identifies the local circuit of the access concentrator. This sub- 277 option is unique to the relay agent. Sub-option 2 corresponds to the 278 Remote ID that identifies the remote node connected to the access 279 concentrator. The Remote ID is globally unique in the network and is 280 configured per circuit/connection in the relay agent. 282 This document defines a new query type based on the Remote ID sub- 283 option. Suppose that the access concentrator (e.g., DSLAM) lost the 284 lease information when it was rebooted. When the access concentrator 285 comes up, it initiates (for each connection/circuit) a DHCP lease 286 query by Remote ID as defined in this section. For this query, the 287 requester supplies an option 82 that includes only a Remote ID sub- 288 option in the DHCPLEASEQUERY message. The Remote ID is normally pre- 289 provisioned in the access concentrator per circuit/connection and 290 hence the same will remain available to the access concentrator after 291 reboot. 293 The DHCP server MUST reply with a DHCPLEASEACTIVE message if there is 294 an active lease corresponding to the Remote ID that is present in the 295 DHCPLEASEQUERY message. Otherwise, the server MUST reply with a 296 DHCPLEASEUNKNOWN message. Servers that do not implement DHCP lease 297 query based on Remote ID SHOULD simply not respond. 299 4.1. Sending the DHCPLEASEQUERY Message 301 The lease query defined in this document will mostly be used by 302 access concentrators, but it may also be used by other authorized 303 elements in the network. The DHCPLEASEQUERY message uses the DHCP 304 message format as described in RFC 2131 [RFC2131], and uses message 305 number 10 in the DHCP Message Type option (option 53). The 306 DHCPLEASEQUERY message has the following pertinent message contents: 308 o There MUST be a Relay Agent Information option (option 82) with 309 only a Remote ID sub-option (sub-option 2) in the DHCPLEASEQUERY 310 message. 312 o The Parameter Request List option [RFC2132] MUST be populated by 313 the access concentrator with the Associated-IP option code. The 314 giaddr field and other option codes listed in Parameter Request 315 List option are set as explained in section 6.2 of RFC 4388 316 [RFC4388]. 318 o The ciaddr field MUST be set to zero. 320 o The values of htype, hlen, and chaddr MUST be set to zero. 322 o The Client Identifier option (option 61) MUST NOT appear in the 323 packet. 325 The DHCPLEASEQUERY message SHOULD be sent to a DHCP server that is 326 known to possess authoritative information concerning the Remote ID. 327 The DHCPLEASEQUERY message MAY be sent to more than one DHCP server, 328 and in the absence of information concerning which DHCP server might 329 possess authoritative information concerning the Remote ID, it SHOULD 330 be sent to all DHCP servers configured for the associated relay agent 331 (if any are known). 333 4.2. Responding to the DHCPLEASEQUERY Message 335 There are two possible responses to a DHCPLEASEQUERY message: 337 o DHCPLEASEUNKNOWN 339 The DHCPLEASEUNKNOWN message indicates that the client associated 340 with the Remote ID suboption of the DHCPLEASEQUERY message is not 341 allocated any lease or it is not managed by the server. 343 o DHCPLEASEACTIVE 345 The DHCPLEASEACTIVE message indicates that the server not only knows 346 the client specified in the DHCPLEASEQUERY message, but also knows 347 that there is an active lease for that client. 349 4.3. Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message 351 A DHCPLEASEACTIVE message is built by populating information 352 pertaining to the client associated with the IP address specified in 353 the ciaddr field. 355 In the case where more than one IP address has been involved in a 356 DHCP message exchange with the client specified by the Remote ID, 357 then the list of all those IP addresses MUST be returned in the 358 Associated-IP option, whether or not that option was requested as 359 part of the Parameter Request List option. This is intended for 360 maintaining backwards compatibility with RFC 4388 [RFC4388]. 362 All other options specified in the Parameter Request List [RFC2132] 363 are processed as mentioned in section 6.4.2 of RFC 4388 [RFC4388]. 365 In a DHCPLEASEUNKNOWN response message, the DHCP server MUST echo the 366 Option 82 received in the DHCPLEASEQUERY message. No other option is 367 included in the message. 369 4.4. Determining the IP address to be used in response 371 The IP address placed in the ciaddr field of a DHCPLEASEACTIVE 372 message MUST be the IP address with the latest client-last- 373 transaction-time associated with the client described by the Remote 374 ID specified in the DHCPLEASEQUERY message. 376 If there is only a single IP address that fulfills this criteria, 377 then it MUST be placed in the ciaddr field of the DHCPLEASEACTIVE 378 message. 380 In the case where more than one IP address has been accessed by the 381 client specified by the Remote ID, then the DHCP server MUST return 382 the IP address returned to the client in the most recent transaction 383 with the client unless the DHCP server has been configured by the 384 server administrator to use some other preference mechanism. 386 4.5. Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message 388 The server unicasts the DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message 389 to the address specified in the giaddr field of the DHCPLEASEQUERY 390 message. 392 4.6. Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message 394 When a DHCPLEASEACTIVE message is received in response to the 395 DHCPLEASEQUERY message, it means that there is currently an active 396 lease associated with the Remote ID in the DHCP server. The access 397 concentrator SHOULD use the information in the htype, hlen, and 398 chaddr fields of the DHCPLEASEACTIVE as well as the Relay Agent 399 Information option included in the packet to refresh its location 400 information for this IP address. An access concentrator is likely to 401 query by IP address for all the IP addresses specified in the 402 Associated-IP option in the response, if any, at this point in time. 404 When a DHCPLEASEUNKNOWN message is received by an access concentrator 405 that had sent out a DHCPLEASEQUERY message, it means that the DHCP 406 server does not have definitive information concerning the DHCP 407 client specified in the Remote ID sub-option of the DHCPLEASEQUERY 408 message. The access concentrator MAY store this information for 409 future use. However, another DHCPLEASEQUERY message to the same DHCP 410 server SHOULD NOT be attempted with the same Remote ID sub-option. 412 For lease query by Remote ID, the impact of negative caching is 413 greatly reduced as the response leads to "definitive" information on 414 all the nodes connected behind the connection. Note that in case of 415 the data-driven approach [RFC4388], a node spoofing several IP 416 addresses can lead to negative caching of greater magnitude. Another 417 important change that this draft brings is the removal of periodic 418 lease queries generated from negative caching caused by 419 DHCPLEASEUNKNOWN. Since the information obtained through query by 420 Remote ID is complete, there is no need of attempting lease query 421 again for the same connection. 423 4.7. Receiving No Response to the DHCPLEASEQUERY Message 425 The condition of an access concentrator receiving no response to a 426 DHCPLEASEQUERY message is handled in the same manner as suggested in 427 RFC 4388 [RFC4388]. 429 4.8. Lease Binding Data Storage Requirements 431 Implementation Note: 433 To generate replies for a lease query by Remote ID efficiently, a 434 DHCP server should index the lease binding data structures using 435 Remote ID. 437 4.9. Using the DHCPLEASEQUERY Message with Multiple DHCP Servers 439 This scenario is handled in the same way it is done in RFC 4388 440 [RFC4388]. 442 5. RFC 4388 Considerations 444 This document is compatible with RFC 4388 [RFC4388] based 445 implementations, which means that a client that supports this 446 extension can work with a server not supporting this document, 447 provided it uses RFC 4388 [RFC4388] defined query types. Also, a 448 server supporting this document can work with a client not supporting 449 this query type. However, there are some changes that this document 450 proposes with respect to RFC 4388 [RFC4388]. Implementers extending 451 RFC 4388 [RFC4388] implementations to support this document should 452 take note of the following points: 454 o There may be cases where a query by IP address/MAC address/Client 455 Identifier has an option 82 containing Remote ID. In that case, 456 the query will still be recognized as query by IP address/MAC 457 address/Client Identifier as specified by RFC 4388 [RFC4388]. 459 o Section 6.4 of RFC 4388 [RFC4388] suggests that a DHCPLEASEUNKNOWN 460 MUST NOT have any other option present. But for a query by Remote 461 ID, option 82 MUST be present in the reply. 463 6. Security Considerations 465 This document inherits the security concerns present in the original 466 lease query protocol RFC 4388 [RFC4388] specifications. 468 This specification introduces one additional issue, beyond those 469 described in RFC 4388 [RFC4388]. A query by remote-id will result in 470 the server replying with a consolidated lease binding information. 471 Such a query, if done from an unauthorized source may lead to leak of 472 lease binding information. It is critical to deploy authentication 473 techniques mentioned in RFC 3118 [RFC3118] to prevent such 474 unauthorized lease queries. 476 7. IANA Considerations 478 This document does not introduce any new namespaces for the IANA to 479 manage. 481 8. Acknowledgments 483 Copious amounts of text in this document are derived from RFC 4388 484 [RFC4388]. Kim Kinnear, Damien Neil, Stephen Jacob, Ted Lemon, Ralph 485 Droms and Alfred Hoenes provided valuable feedback on this document. 487 9. References 489 9.1. Normative Reference 491 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 492 Requirement Levels", BCP 14, RFC 2119, March 1997. 494 [RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration 495 Protocol (DHCP) Leasequery", RFC 4388, February 2006. 497 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 498 RFC 2131, March 1997. 500 [RFC2132] Droms, R. and S. Alexander, "DHCP Options and BOOTP Vendor 501 Extensions", RFC 2132, March 1997. 503 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 504 RFC 3046, January 2001. 506 [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP 507 Messages", RFC 3118, June 2001. 509 9.2. Informative Reference 511 [RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol (BOOTP)", 512 RFC 951, September 1985. 514 [RFC1542] Wimer, W., "Clarifications and Extensions for the 515 Bootstrap Protocol", RFC 1542, October 1993. 517 Authors' Addresses 519 Pavan Kurapati 520 Juniper Networks. 521 Embassy Prime Buildings, C.V.Raman Nagar 522 Bangalore 560 093 523 India 525 Email: kurapati@juniper.net 526 URI: http://www.juniper.net/ 528 D.T.V Ramakrishna Rao 529 Infosys Technologies Ltd. 530 44 Electronics City, Hosur Road 531 Bangalore 560 100 532 India 534 Email: ramakrishnadtv@infosys.com 535 URI: http://www.infosys.com/ 537 Bharat Joshi 538 Infosys Technologies Ltd. 539 44 Electronics City, Hosur Road 540 Bangalore 560 100 541 India 543 Email: bharat_joshi@infosys.com 544 URI: http://www.infosys.com/