idnits 2.17.1 draft-donley-dhc-cer-id-option-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 12, 2015) is 3353 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) == Outdated reference: A later version (-17) exists of draft-ietf-homenet-arch-16 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Donley 3 Internet-Draft M. Kloberdans 4 Intended status: Informational CableLabs 5 Expires: August 16, 2015 J. Brzozowski 6 Comcast 7 C. Grundemann 8 ISOC 9 February 12, 2015 11 Customer Edge Router Identification Option 12 draft-donley-dhc-cer-id-option-05 14 Abstract 16 Addressing mechanisms supporting DHCPv6 Prefix Delegation in home 17 networks such as those described in CableLabs' eRouter specification 18 and the HIPnet Internet-Draft require identification of the customer 19 edge router (CER) as the demarcation between the customer network and 20 the service provider network. This document reserves a DHCPv6 option 21 to identify the CER. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on August 16, 2015. 40 Copyright Notice 42 Copyright (c) 2015 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 59 2. CER Identification Option . . . . . . . . . . . . . . . . . . 2 60 3. CER-ID Compatibility . . . . . . . . . . . . . . . . . . . . 3 61 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 62 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 63 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 64 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 7.1. Normative References . . . . . . . . . . . . . . . . . . 4 66 7.2. Informative References . . . . . . . . . . . . . . . . . 5 67 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 69 1. Introduction 71 Some addressing mechanisms supporting DHCPv6 Prefix Delegation in 72 home networks such as those described in 73 [I-D.grundemann-homenet-hipnet] and [EROUTER] require identification 74 of the customer edge router as the demarcation between the customer 75 network and the service provider network. For prefix delegation 76 purposes, it is desirable for other routers within the home to know 77 which device is the CER so that the customer home network only 78 requests a single prefix from the ISP DHCPv6 server, and efficiently 79 distributes this prefix within the home. CER-ID is a 128-bit string 80 that optionally represents an IPV6 address, or another arbitrary 81 number. The CER-ID maybe treated as a hint to be used with border 82 detection methods. This document reserves a DHCPv6 option to be used 83 to identify the CER. 85 1.1. Requirements Language 87 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 88 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 89 document are to be interpreted as described in RFC 2119 [RFC2119]. 91 2. CER Identification Option 93 A Customer Edge Router (CER) sets the CER_ID to the IPv6 address of 94 its LAN interface. If it has more than one LAN IPv6 address, it 95 selects one of its LAN or other non-WAN IPv6 addresses to be used as 96 the CER_ID. An ISP server does not respond with the CER_ID or sets 97 the CER_ID to ::. Such a response or lack of response indicates to 98 the DHCPv6 client that it is the CER. 100 The format of the CER Identification option is: 102 0 1 2 3 103 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 104 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 | option-code | option-len | 106 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 107 | | 108 | CER_ID | 109 | | 110 | | 111 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 112 option-code OPTION_CER_ID (TBD). 113 option-len 36 114 CER_ID value IPv6 address of CER or :: 116 Figure 1. 118 A DHCPv6 client SHOULD include the CER Identification option code in 119 an Option Request option [RFC3315] in its DHCP Solicit messages. 121 The DHCPv6 server MAY include the CER Identification option in any 122 response it sends to a client that has included the CER 123 Identification option code in an Option Request option. The CER 124 Identification option is sent in the main body of the message to 125 client, not as a sub-option in, e.g., an IA_NA, IA_TA 126 [RFC3315]option. 128 When sending the CER Identification option, the DHCPv6 server MUST 129 set the CER_ID value to either one of its IPv6 addresses, another 130 identifier, or ::. If a device does not receive the CER 131 Identification Option or receives a CER ID of :: from the DHCPv6 132 server, it MUST include one of its Globally Unique IPv6 addresses 133 (unless another identifier is used), in the CER_ID value in response 134 to DHCPv6 messages received by its DHCPv6 server that contains the 135 CER Identification option code in an Option Request option. If the 136 device has only one LAN interface, it SHOULD use its LAN IPv6 address 137 as the CER_ID value. If the device has more than one LAN interface, 138 it SHOULD use the lowest Globally Unique address. 140 3. CER-ID Compatibility 142 CER-ID explicitly indicates that a gateway is, or is not, the 143 demarcation point between public and private networks by containing a 144 reachable IPv6 address, other identifier or a double colon '::' 145 (double colon indicates that the CER-ID sender is NOT the edge 146 router), and as a complement, can be applied to various border 147 definitions and detection methods such as: 149 o I.D. Draft-IETF-Homenet-Arch-16 [I-D.ietf-homenet-arch] 151 o I.D. Draft-Grundemann-homenet-HIPnet-01 152 [I-D.grundemann-homenet-hipnet] 154 o I.D. Draft-IETF-Kline-Homenet-Default-Perimeter-01 155 [I-D.kline-default-perimeter] 157 o Others, including manual configuration 159 4. IANA Considerations 161 IANA is requested to assign an option code from the "DHCP Option 162 Codes" Registry for OPTION_CER_ID. IANA is also requested to 163 maintain a list of authentication options. 165 5. Security Considerations 167 The security of a home network is an important consideration. Both 168 the HIPNet [I-D.grundemann-homenet-hipnet] and Homenet 169 [I-D.ietf-homenet-arch] approaches change the operational model of 170 the home network vs. today's IPv4-only paradigm. Specifically, these 171 networks eliminate NAT inside the home network (and only enable it 172 for IPv4 at the edge router, if required), support global 173 addressability of devices, and thus need to consider firewall and/or 174 filter support in various home routers. As the security profile of 175 these home routers can shift based on their position in the network 176 (e.g., edge vs. internal), security can be severely compromised if 177 routers misidentify their border and mistakenly reduce or eliminate 178 firewall rules. If the CER-ID option is used as part of the border 179 detection algorithm, it becomes a natural, but not the only place to 180 enact firewall, NAT, Prefix Delegation and other functions in the 181 home network. Further security is provided using the mechanisms 182 defined in RFC 3315, DHCP for IPv6. 184 6. Acknowledgements 186 7. References 188 7.1. Normative References 190 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 191 Requirement Levels", BCP 14, RFC 2119, March 1997. 193 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 194 and M. Carney, "Dynamic Host Configuration Protocol for 195 IPv6 (DHCPv6)", RFC 3315, July 2003. 197 7.2. Informative References 199 [EROUTER] CableLabs, "CableLabs IPv4 and IPv6 eRouter Specification 200 (CM-SP-eRouter-I12-131120)", April 2014. 202 [I-D.grundemann-homenet-hipnet] 203 Grundemann, C., Donley, C., Brzozowski, J., Howard, L., 204 and V. Kuarsingh, "A Near Term Solution for Home IP 205 Networking (HIPnet)", draft-grundemann-homenet-hipnet-01 206 (work in progress), February 2013. 208 [I-D.ietf-homenet-arch] 209 Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil, 210 "IPv6 Home Networking Architecture Principles", draft- 211 ietf-homenet-arch-16 (work in progress), June 2014. 213 [I-D.kline-default-perimeter] 214 Kline, E., "Default Border Definition", draft-kline- 215 default-perimeter-01 (work in progress), November 2012. 217 Authors' Addresses 219 Chris Donley 220 CableLabs 221 858 Coal Creek Cir. 222 Louisville, CO 80027 223 US 225 Email: c.donley@cablelabs.com 227 Michael Kloberdans 228 CableLabs 229 858 Coal Creek Cir 230 Louisville, CO 80027 231 US 233 Email: m.kloberdans@cablelabs.com 234 John Brzozowski 235 Comcast 236 1306 Goshen Parkway 237 West Chester, PA 19380 238 US 240 Email: john_brzozowski@cable.comcast.com 242 Chris Grundemann 243 ISOC 244 Denver CO 246 Email: cgrundemann@gmail.com