idnits 2.17.1 draft-ietf-dhc-dhcpv6-opt-netboot-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 26, 2010) is 5013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'PXE21' ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Downref: Normative reference to an Informational RFC: RFC 4578 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Possible downref: Non-RFC (?) normative reference: ref. 'UEFI23' -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DHC T. Huth 3 Internet-Draft J. Freimann 4 Intended status: Standards Track IBM Germany Research & 5 Expires: January 27, 2011 Development GmbH 6 V. Zimmer 7 Intel 8 D. Thaler 9 Microsoft 10 July 26, 2010 12 DHCPv6 options for network boot 13 draft-ietf-dhc-dhcpv6-opt-netboot-10 15 Abstract 17 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a 18 framework for passing configuration information to nodes on a 19 network. This document describes new options for DHCPv6 which SHOULD 20 be used for booting a node from the network. 22 Status of this Memo 24 This Internet-Draft is submitted to IETF in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF), its areas, and its working groups. Note that 29 other groups may also distribute working documents as Internet- 30 Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/ietf/1id-abstracts.txt. 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 This Internet-Draft will expire on January 27, 2011. 45 Copyright Notice 47 Copyright (c) 2010 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.1. Boot File Uniform Resource Locator (URL) Option . . . . . 4 66 3.2. Boot File Parameters Option . . . . . . . . . . . . . . . 5 67 3.3. Client System Architecture Type Option . . . . . . . . . . 6 68 3.4. Client Network Interface Identifier Option . . . . . . . . 7 69 4. Appearance of the options . . . . . . . . . . . . . . . . . . 7 70 5. Download protocol considerations . . . . . . . . . . . . . . . 7 71 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 72 7. Security considerations . . . . . . . . . . . . . . . . . . . 8 73 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 79 1. Introduction 81 This draft describes DHCPv6 options that SHOULD be used to provide 82 configuration information for a node that must be booted using the 83 network, rather than from local storage. 85 Network booting is used, for example, in some environments where 86 administrators have to maintain a large number of nodes. By serving 87 all boot and configuration files from a central server, the effort 88 required to maintain these nodes is greatly reduced. 90 A typical boot file would be, for example, an operating system kernel 91 or a boot loader program. To be able to execute such a file, the 92 firmware running on the client node must perform the following two 93 steps (see Figure 1): First get all information which is required for 94 downloading and executing the boot file. Second, download the boot 95 file and execute it. 97 +------+ 98 _______________________\| DHCP | 99 / 1 Get boot file info /|Server| 100 +------+ +------+ 101 | Host | 102 +------+ +------+ 103 \_______________________\| File | 104 2 Download boot file /|Server| 105 +------+ 107 Figure 1: Network Boot Sequence 109 The information which is required for booting over the network MUST 110 include at least the details about the server on which the boot files 111 can be found, the protocol to be used for the download (for example 112 HTTP [RFC2616] or TFTP [RFC1350]) and the path and name of the boot 113 file on the server. Additionally, the server and client MAY exchange 114 information about the parameters which should be passed to the OS 115 kernel or boot loader program respectively, or information about the 116 supported boot environment. 118 DHCPv6 allows client nodes to ask a DHCPv6 server for configuration 119 parameters. This document provides new options which a client can 120 request from the DHCPv6 server to satisfy its requirements for 121 booting. It also introduces a new IANA registry for processor 122 architecture types which are used by the OPTION_CLIENT_ARCH_TYPE 123 option (see Section 3.3). 125 2. Conventions 127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 129 document are to be interpreted as described in RFC 2119 [RFC2119]. 131 Terminology specific to IPv6 and DHCPv6 are used in the same way as 132 defined in the "Terminology" sections of [RFC3315]. 134 3. Options 136 Option formats comply with DHCPv6 options per [RFC3315] (section 6). 137 The boot-file-url option (see Section 3.1) is mandatory for booting, 138 all other options are optional. 140 3.1. Boot File Uniform Resource Locator (URL) Option 142 The server sends this option to inform the client about an URL to a 143 boot file. 145 0 1 2 3 146 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 148 | OPT_BOOTFILE_URL | option-len | 149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 | | 151 . boot-file-url (variable length) . 152 | | 153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 Format description: 157 option-code OPT_BOOTFILE_URL (TBD1). 159 option-len Length of the boot-file-url in octets. 161 boot-file-url This string is the URL for the boot file. It MUST 162 comply with STD 66 [RFC3986]. The string is not 163 NUL-terminated. 165 If the host in the URL is expressed using an IPv6 address rather than 166 a domain name, the address in the URL then MUST be enclosed in "[" 167 and "]" characters, conforming to [RFC3986]. Clients that have DNS 168 implementations SHOULD support the use of domain names in the URL. 170 3.2. Boot File Parameters Option 172 This option is sent by the server to the client. It consists of 173 multiple UTF-8 ([RFC3629]) strings. They are used to specify 174 parameters for the boot file (similar to the command line arguments 175 in most modern operating systems). For example, these parameters 176 could be used to specify the root file system of the OS kernel, or 177 where a second stage boot loader can download its configuration file 178 from. 180 0 1 2 3 181 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 | OPT_BOOTFILE_PARAM | option-len | 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 | param-len 1 | | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter 1 . 187 . (variable length) | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 . . 190 . . 191 . . 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 | param-len n | | 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter n . 195 . (variable length) | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 Format description: 200 option-code OPT_BOOTFILE_PARAM (TBD2). 202 option-len Length of the Boot File Parameters option in octets 203 (not including the size of the option-code and 204 option-len fields). 206 param-len 1...n This is a 16-bit integer which specifies the length 207 of the following parameter in octets (not including 208 the parameter-length field). 210 parameter 1...n These UTF-8 strings are parameters needed for 211 booting, e.g. kernel parameters. The strings are 212 not NUL-terminated. 214 When the boot firmware executes the boot file which has been 215 specified in the OPT_BOOTFILE_URL option, it MUST pass these 216 parameters, if present, in the order that they appear in the 217 OPT_BOOTFILE_PARAM option. 219 3.3. Client System Architecture Type Option 221 This option provides parity with the Client System Architecture Type 222 Option defined for DHCPv4 in section 2.1 of [RFC4578]. 224 The format of the option is: 226 0 1 2 3 227 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 | OPTION_CLIENT_ARCH_TYPE | option-len | 230 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 . . 232 . architecture-types (variable length) . 233 . . 234 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 option-code OPTION_CLIENT_ARCH_TYPE (TBD3). 238 option-len Length of the "architecture-types" field in 239 octets. It MUST be an even number greater than 240 zero. See section 2.1 of [RFC4578] for details. 242 architecture-types A list of one or more architecture types, as 243 specified in section 2.1 of [RFC4578]. Each 244 architecture type identifier in this list is a 245 16-bit value which describes the pre-boot runtime 246 environment of the client machine. A list of 247 valid values is maintained by the IANA (see 248 Section 6). 250 The client MAY use this option to send a list of supported 251 architecture types to the server, so the server can decide which boot 252 file should be provided to the client. If a client supports more 253 than one pre-boot environment (for example both, 32-bit and 64-bit 254 executables), the most preferred architecture type MUST be listed as 255 first item, followed by the others with descending priority. 257 If the client used this option in the request, the server SHOULD 258 include this option to inform the client about the pre-boot 259 environments which are supported by the boot file. The list MUST 260 only contain architecture types which have initially been queried by 261 the client. The items MUST also be listed in order of descending 262 priority. 264 3.4. Client Network Interface Identifier Option 266 If the client supports the Universal Network Device Interface (UNDI) 267 (see [PXE21] and [UEFI23]), it may send the Client Network Interface 268 Identifier option to a DHCP server to provide information about its 269 level of UNDI support. 271 This option provides parity with the Client Network Interface 272 Identifier Option defined for DHCPv4 in section 2.2 of [RFC4578]. 274 The format of the option is: 276 0 1 2 3 277 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | OPTION_NII | option-len | 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 | Type | Major | Minor | 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 option-code OPTION_NII (TBD4). 286 option-len 3 288 Type As specified in section 2.2 of [RFC4578]. 290 Major As specified in section 2.2 of [RFC4578]. 292 Minor As specified in section 2.2 of [RFC4578]. 294 The list of valid Type, Major and Minor values is maintained in the 295 Unified Extensible Firmware Interface specification [UEFI23]. 297 4. Appearance of the options 299 These options MUST NOT appear in DHCPv6 messages other than the types 300 Solicit, Advertise, Request, Renew, Rebind, Information-Request and 301 Reply. 303 The option-codes of these options MAY appear in the Option Request 304 Option in the DHCPv6 message types Solicit, Request, Renew, Rebind, 305 Information-Request and Reconfigure. 307 5. Download protocol considerations 309 The Boot File URL option does not place any constraints on the 310 protocol used for downloading the boot file, other than that it MUST 311 be possible to specify it in a URL. For the sake of administrative 312 simplicity, we strongly recommend that, at a mininum, implementors of 313 network boot loaders implement the well-known and established 314 hypertext transfer protocol [RFC2616] for downloading. Please note 315 that for IPv6, this supersedes [RFC906] which recommended to use TFTP 316 for downloading (see [RFC3617] for the 'tftp' URL definition). 318 When using iSCSI for booting, the 'iscsi' URI is formed as defined in 319 [RFC4173]. The functionality attributed in RFC4173 to a root path 320 option is provided for IPv6 by the Boot File URL option instead. 322 6. IANA considerations 324 The following options need to be assigned by the IANA from the option 325 number space defined in the chapter 24 of the DHCPv6 RFC [RFC3315]. 327 +-------------------------+-------+--------------+ 328 | Option name | Value | Specified in | 329 +-------------------------+-------+--------------+ 330 | OPT_BOOTFILE_URL | TBD1 | Section 3.1 | 331 | OPT_BOOTFILE_PARAM | TBD2 | Section 3.2 | 332 | OPTION_CLIENT_ARCH_TYPE | TBD3 | Section 3.3 | 333 | OPTION_NII | TBD4 | Section 3.4 | 334 +-------------------------+-------+--------------+ 336 This document also introduces a new IANA registry for processor 337 architecture types. The name of this registry shall be "Processor 338 Architecture Type". Registry entries consist of a 16-bit integer 339 recorded in decimal format, and a descriptive name. The initial 340 values of this registry can be found in [RFC4578] section 2.1. 342 The assignment policy for values shall be Expert Review (see 343 [RFC5226]), and any requests for values must supply the descriptive 344 name for the processor architecture type. 346 7. Security considerations 348 In untrusted networks, a rogue DHCPv6 server could send the new 349 DHCPv6 options described in this document. The booting clients could 350 then be provided with a wrong URL so that either the boot fails, or 351 even worse, the client boots the wrong operating system which has 352 been provided by a malicious file server. To prevent this kind of 353 attack, clients SHOULD use authentication of DHCPv6 messages (see 354 chapter 21. in [RFC3315]). 356 Note also that DHCPv6 messages are sent unencrypted by default. So 357 the boot file URL options are sent unencrypted over the network, too. 358 This can become a security risk since the URLs can contain sensitive 359 information like user names and passwords (for example a URL like 360 "ftp://username:password@servername/path/file"). At the current 361 point in time, there is no possibility to send encrypted DHCPv6 362 messages, so it is strongly RECOMMENDED not to use sensitive 363 information in the URLs in untrusted networks (using passwords in 364 URLs is deprecated anyway according to [RFC3986]). 366 Even if the DHCPv6 transaction is secured, this does not protect 367 against attacks on the boot file download channel. Consequently, we 368 recommend that either protocols like HTTPS [RFC2818] or TLS within 369 HTTP [RFC2817] are used to prevent spoofing, or that the boot loader 370 software implements a mechanism for signing boot images and a 371 configurable signing key in memory, so that if a malicious image is 372 provided, it can be detected and rejected. 374 8. Acknowledgements 376 The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton, 377 Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led 378 to this document. 380 The authors would also like to thank Ketan P. Pancholi, Alfred 381 Hoenes, Gabriel Montenegro and Ted Lemon for corrections and 382 suggestions. 384 9. References 386 9.1. Normative References 388 [PXE21] Johnston, M., "Preboot Execution Environment (PXE) 389 Specification", September 1999, 390 . 392 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 393 Requirement Levels", BCP 14, RFC 2119, March 1997. 395 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 396 and M. Carney, "Dynamic Host Configuration Protocol for 397 IPv6 (DHCPv6)", RFC 3315, July 2003. 399 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 400 10646", STD 63, RFC 3629, November 2003. 402 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 403 Resource Identifier (URI): Generic Syntax", STD 66, 404 RFC 3986, January 2005. 406 [RFC4173] Sarkar, P., Missimer, D., and C. Sapuntzakis, 407 "Bootstrapping Clients using the Internet Small Computer 408 System Interface (iSCSI) Protocol", RFC 4173, 409 September 2005. 411 [RFC4578] Johnston, M. and S. Venaas, "Dynamic Host Configuration 412 Protocol (DHCP) Options for the Intel Preboot eXecution 413 Environment (PXE)", RFC 4578, November 2006. 415 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 416 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 417 May 2008. 419 [UEFI23] UEFI Forum, "Unified Extensible Firmware Interface 420 Specification, Version 2.3", May 2009, 421 . 423 9.2. Informative References 425 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, 426 RFC 1350, July 1992. 428 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 429 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 430 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 432 [RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within 433 HTTP/1.1", RFC 2817, May 2000. 435 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 437 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and 438 Applicability Statement for the Trivial File Transfer 439 Protocol (TFTP)", RFC 3617, October 2003. 441 [RFC906] Finlayson, R., "Bootstrap Loading using TFTP", RFC 906, 442 June 1984. 444 Authors' Addresses 446 Thomas H. Huth 447 IBM Germany Research & Development GmbH 448 Schoenaicher Strasse 220 449 Boeblingen 71032 450 Germany 452 Phone: +49-7031-16-2183 453 Email: thuth@de.ibm.com 455 Jens T. Freimann 456 IBM Germany Research & Development GmbH 457 Schoenaicher Strasse 220 458 Boeblingen 71032 459 Germany 461 Phone: +49-7031-16-1122 462 Email: jfrei@de.ibm.com 464 Vincent Zimmer 465 Intel 466 2800 Center Drive 467 DuPont WA 98327 468 USA 470 Phone: +1 253 371 5667 471 Email: vincent.zimmer@intel.com 473 Dave Thaler 474 Microsoft 475 One Microsoft Way 476 Redmond WA 98052 477 USA 479 Phone: +1 425 703-8835 480 Email: dthaler@microsoft.com