idnits 2.17.1 draft-droms-dhc-container-opt-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 347. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 358. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 365. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 371. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 13, 2007) is 5999 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2132' is defined on line 312, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 dhc Working Group R. Droms 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track November 13, 2007 5 Expires: May 16, 2008 7 Container Option for Server Configuration 8 draft-droms-dhc-container-opt-01.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on May 16, 2008. 35 Copyright Notice 37 Copyright (C) The IETF Trust (2007). 39 Abstract 41 In some DHCP service deployments, it is desirable for a DHCP server 42 in one administrative domain to pass configuration options to a DHCP 43 server in a different administrative domain. This DHCP option 44 carries a set of DHCP options that can be used by another DHCP 45 server. 47 1. Introduction 49 In some DHCP service deployments, it is desirable to pass 50 configuration options from a DHCP server in one administrative domain 51 to another DHCP server in a different administrative domain. In one 52 example of such a deployment, an IPTV service provider (SP) may need 53 to provide certain SP domain-specific information to IPTV device(s) 54 located in the consumer domain. This information is sent from the 55 IPTV SP DHCP server to the consumer DHCP server located in the 56 Residential Gateway (RG), which can then be passed along to IPTV 57 device(s) in the subscriber network 59 Existing RGs may pass some configuration information received by the 60 RG DHCP client to the RG server for configuration of devices attached 61 to the consumer network. There are several motivations for this 62 option: 64 o The devices attached to the consumer network may require different 65 configuration information than the DHCP options provided to the RG 67 o Existing RG DHCP clients are typically not be coded to process new 68 DHCP options and, therefore, will be unable to pass those new 69 options to the RG DHCP server 71 o Existing RG DHCP clients are typically coded to pass only a fixed 72 list of DHCP options to the RG DHCP server and, therefore, will be 73 unable to pass newly defined options to the RG DHCP server. 75 The DHCP Container option defined in this document provides a 76 mechanism through which the RG DHCP client can pass DHCP options to 77 the RG DHCP server without explicit knowledge of the semantics of 78 those options. With this option, the SP DHCP server can pass both 79 current and future DHCP options to the RG DHCP server. 81 The DHCP Container option does not carry IP addresses IPv6 prefixes 82 or other information about leases. It carries other configuration 83 information. 85 2. Terminology 87 The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 88 SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be 89 interpreted as described in RFC2119 [RFC2119]. 91 The following terms and acronyms are used in this document: 93 DHCPv4 "Dynamic Host Configuration Protocol" [RFC2131] 95 DHCPv6 "Dynamic Host Configuration Protocol for IPv6" 96 [RFC3315] 98 DHCP DHCPv4 and/or DHCPv6 100 RG "home gateway"; the device through which the 101 consumer network connects to the broadband WAN; 102 typically a layer 3 forwarding device 104 RG DHCP client (or "RG client") the DHCP client in the RG 106 RG DHCP server (or "RG server") the DHCP server in the RG 108 3. Problem statement and requirements for RG DHCP server configuration 110 The following diagram shows the components in a network deployment 111 using the DHCP Container option: 113 Client STB/CPE -+ +---------+ +------+ 114 | | RG | | SP | 115 Client STB/CPE -+ | Client+--- ... ---+ DHCP | 116 +--+Server | |server| 117 Client STB/CPE -+ +---------+ +------+ 119 In this diagram, the RG client engages in DHCP message exchanges with 120 the SP server to obtain its IP address and other configuration 121 information. 123 The problem under consideration in this document is to transmit 124 configuration information from the SP DHCP server to devices attached 125 to the consumer network. The problem solution has the following 126 requirements: 128 o The SP server MUST be able to transmit different configuration 129 information to the consumer devices than the DHCP options provided 130 to the RG 132 o The SP server MUST be able to control which DHCP options are 133 transmitted to the consumer device 135 o There MUST be a way for the SP server to pass DHCP options to be 136 defined in the future to consumer devices 138 4. Design alternatives 140 The following three designs meet the solution requirements: 142 o SP server passes container option to RG client, which forwards 143 contents to RG server; this alternative is the preferred solution 145 o RG server does direct DHCP info request to SP server; this 146 alternative is not preferred: 148 * requires that the RG server include a DHCP client 150 * requires that the SP server be able to differentiate between RG 151 client and server requests 153 * does not scale well, as it at least doubles the load on the SP 154 server 156 o RG server passes device requests to SP DHCP server; this 157 alternative is not preferred: 159 * requires that the RG also function as a DHCP relay 161 * requires that the RG relay function be configured with the IP 162 addresses of the SP DHCP server(s) 164 * requires that the RG relay function differentiate between DHCP 165 messages that are processed by the RG server and DHCP messages 166 that are processes by the SP server 168 A variant on the preferred design would allow the inclusion of 169 multiple sets of DHCP options intended for different classes of 170 devices in the consumer network; e.g., the design would allow for one 171 set of options for video set-top boxes and a second set of options 172 for VoIP MTAs. The variant would require the specification of rules 173 to be provided by the SP server through which the RG server would 174 differentiate its clients and send the appropriate set of options to 175 each device. At present, there is no requirement for differential 176 configuration of consumer devices and this alternative is not defined 177 in this document. 179 5. Semantics and syntax of the Container option 181 Along with configuration information intended for the RG, the SP 182 server can include the DHCP Container option. When the RG client 183 receives the DHCP Container option, it passes the contents of the 184 option to the RG server. The means through which the information is 185 passed between the RG client and the RG server is out of the scope of 186 this document and left unspecified. 188 The DHCP options in this container are carried in DHCP message format 189 (option-code/length/value). In this format, the contained options 190 can be passed through a DHCP client to a co-located DHCP server 191 without specific knowledge on the part of the client or the server of 192 the semantics of the options. 194 5.1. DHCPv4 Container option 196 The DHCPv4 Container option has the following format: 198 0 1 2 3 199 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 | Code | len | DHCP Options for RG server | 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . 203 . . 204 . . 205 . . 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 208 Code OPTION_CONTAINER_V4 (TBD) 210 len Length of options for RG server, in octets 212 5.2. DHCPv6 Container option 214 The DHCPv6 Container option has the following format: 216 0 1 2 3 217 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 | OPTION_CONTAINER_V6 | option-len | 220 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 | DHCP Options for RG server | 222 . . 223 . . 224 . . 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 227 option-code OPTION_CONTAINER_V6 (TBD). 229 option-len Length of options for RG server, in octets 231 5.3. SP server behavior 233 The SP server MAY include the Container option in any DHCP message 234 sent to an RG client. 236 The policy through which the SP server is instructed to include a 237 Container option for an RG client, and the policy determining the 238 contents of the Container object are out of scope of this document 239 and left unspecified. 241 5.4. RG client behavior 243 The RG client MUST pass the contents of the received Container option 244 to the RG server without alteration. The details of the 245 implementation through which the RG client parses the content of the 246 Container option and passes the options to the RG server are out of 247 scope for this document and left unspecified. 249 5.5. RG server behavior 251 The RG server MUST discard any options related to IP address 252 assignment, IPv6 prefix delegation or operation of the DHCP protocol 253 itself. Appendices TBD give a list of DHCPv4 and DHCPv6 options that 254 the RG server MUST discard. 256 The Container option provides a mechanism through which the SP might 257 be able to unilaterally control the configuration settings passed 258 from a CPE DHCP server to a CPE device. This configuration channel 259 must be handled with some care if the subscriber is to retain desired 260 control over the CPE configurations. The following behaviors limit 261 the degree to which the SP con control CPE configuration: 263 o The RG server MAY discard any undesired options, as determined by 264 policy in the RG. 266 o The RG server MUST return to any DHCP client only those options 267 requested by the DHCP client in a Parameter Request List option 268 (DHCPv4 option code 55) or an Option Request option (DHCPv6 option 269 code 6). 271 6. Security Considerations 273 A rogue server can use this option to pass invalid information to the 274 RG client, which would then be passed to the Client STB/CPEs. This 275 invalid information could be used to mount a denial of service attack 276 or a man-in-the-middle attack against some applications. 278 Authentication of DHCP messages(RFC 3118 [RFC3118] for DHCPv4 or 279 section 20 of RFC 3315 [RFC3315]) can be used to ensure that the 280 contents of this option are not altered in transit between the DHCP 281 server and client. 283 7. IANA Considerations 285 When this document is published, IANA is asked to assign an option 286 tag from the "BOOTP Vendor Extensions and DHCP Options" registry for 287 OPTION_CONTAINER_V4. 289 When this document is published, IANA is asked to assign an option 290 code from the "DHCPv6 Option Codes" registry for OPTION_CONTAINER_V6. 292 8. Change Log 294 If this document is accepted for publication as an RFC, this change 295 log is to be removed before publication. 297 o Corrected a cut-and-paste error in section "DHCPv6 Container 298 option": The Time Protocol Servers option -> The DHCPv4 Container 299 option 301 o Added text to section "RG Server Behavior" to address policy 302 management concerns 304 9. Normative References 306 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 307 Requirement Levels", BCP 14, RFC 2119, March 1997. 309 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 310 RFC 2131, March 1997. 312 [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor 313 Extensions", RFC 2132, March 1997. 315 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 316 and M. Carney, "Dynamic Host Configuration Protocol for 317 IPv6 (DHCPv6)", RFC 3315, July 2003. 319 [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP 320 Messages", RFC 3118, June 2001. 322 Author's Address 324 Ralph Droms 325 Cisco Systems, Inc. 326 1414 Massachusetts Avenue 327 Boxborough, MA 01719 328 USA 330 Phone: +1 978.936.1674 331 Email: rdroms@cisco.com 333 Full Copyright Statement 335 Copyright (C) The IETF Trust (2007). 337 This document is subject to the rights, licenses and restrictions 338 contained in BCP 78, and except as set forth therein, the authors 339 retain all their rights. 341 This document and the information contained herein are provided on an 342 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 343 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 344 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 345 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 346 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 347 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 349 Intellectual Property 351 The IETF takes no position regarding the validity or scope of any 352 Intellectual Property Rights or other rights that might be claimed to 353 pertain to the implementation or use of the technology described in 354 this document or the extent to which any license under such rights 355 might or might not be available; nor does it represent that it has 356 made any independent effort to identify any such rights. Information 357 on the procedures with respect to rights in RFC documents can be 358 found in BCP 78 and BCP 79. 360 Copies of IPR disclosures made to the IETF Secretariat and any 361 assurances of licenses to be made available, or the result of an 362 attempt made to obtain a general license or permission for the use of 363 such proprietary rights by implementers or users of this 364 specification can be obtained from the IETF on-line IPR repository at 365 http://www.ietf.org/ipr. 367 The IETF invites any interested party to bring to its attention any 368 copyrights, patents or patent applications, or other proprietary 369 rights that may cover technology that may be required to implement 370 this standard. Please address the information to the IETF at 371 ietf-ipr@ietf.org. 373 Acknowledgment 375 Funding for the RFC Editor function is provided by the IETF 376 Administrative Support Activity (IASA).