idnits 2.17.1 draft-ietf-dhc-access-network-identifier-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 01, 2016) is 2999 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Bhandari 3 Internet-Draft S. Gundavelli 4 Intended status: Standards Track M. Grayson 5 Expires: August 4, 2016 B. Volz 6 Cisco Systems 7 J. Korhonen 8 Broadcom Communications 9 February 01, 2016 11 Access Network Identifier Option in DHCP 12 draft-ietf-dhc-access-network-identifier-13 14 Abstract 16 This document specifies the format and mechanism that is to be used 17 for encoding access network identifiers in DHCPv4 and DHCPv6 messages 18 by defining new access network identifier options and sub-options. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on August 4, 2016. 37 Copyright Notice 39 Copyright (c) 2016 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 4. DHCPv4 Access-Network-Identifier Option . . . . . . . . . . . 5 58 4.1. DHCPv4 Access-Network-Identifier Sub-options . . . . . . . 5 59 4.2. DHCPv4 Access-Technology-Type Sub-option . . . . . . . . . 6 60 4.3. DHCPv4 Network-Identifier Sub-options . . . . . . . . . . 7 61 4.3.1. DHCPv4 Network Name Sub-option . . . . . . . . . . . . 7 62 4.3.2. DHCPv4 Access-Point Name Sub-option . . . . . . . . . 8 63 4.3.3. DHCPv4 Access-Point BSSID Sub-option . . . . . . . . . 9 64 4.4. DHCPv4 Operator Identifier Sub-options . . . . . . . . . . 9 65 4.4.1. DHCPv4 Operator-Identifier Sub-option . . . . . . . . 9 66 4.4.2. DHCPv4 Operator-Realm Sub-option . . . . . . . . . . . 10 67 5. DHCPv6 Access-Network-Identifier Options . . . . . . . . . . . 10 68 5.1. DHCPv6 Access-Technology-Type Option . . . . . . . . . . . 11 69 5.2. DHCPv6 Network-Identifier Options . . . . . . . . . . . . 11 70 5.2.1. DHCPv6 Network Name Option . . . . . . . . . . . . . . 11 71 5.2.2. DHCPv6 Access-Point Name Option . . . . . . . . . . . 12 72 5.2.3. DHCPv6 Access-Point BSSID Option . . . . . . . . . . . 12 73 5.3. DHCPv6 Operator Identifier Options . . . . . . . . . . . . 13 74 5.3.1. DHCPv6 Operator-Identifier Option . . . . . . . . . . 13 75 5.3.2. DHCPv6 Operator-Realm Option . . . . . . . . . . . . . 13 76 6. Relay Agent Behavior . . . . . . . . . . . . . . . . . . . . . 14 77 7. Server Behavior . . . . . . . . . . . . . . . . . . . . . . . 14 78 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 79 9. Security Considerations . . . . . . . . . . . . . . . . . . . 16 80 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 81 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 82 11.1. Normative References . . . . . . . . . . . . . . . . . . . 17 83 11.2. Informative References . . . . . . . . . . . . . . . . . . 18 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 86 1. Introduction 88 Access network identification (ANI) of a network device has a range 89 of applications. For example the local mobility anchor in a Proxy 90 Mobile IPv6 domain is able to provide access network and access 91 operator specific handling or policing of the mobile node traffic 92 using information about the access network to which the mobile node 93 is attached. 95 This document specifies Dynamic Host Configuration Protocol for IPv4 96 (DHCPv4) [RFC2131] and Dynamic Host Configuration Protocol for IPv6 97 (DHCPv6) [RFC3315] options for access network identification that is 98 added by Relay agent in the DHCPv4 or DHCPv6 messages towards the 99 Server. The scope of applicability for this option is between a DHCP 100 relay agent and a mobile access gateway where the same operator 101 typically operates both these functions 103 Dynamic Host Configuration Protocol (DHCP) relay agent aware of the 104 access network and access operator add this information in the DHCP 105 messages. This information can be used to provide differentiated 106 services and policing of traffic based on the access network to which 107 a client is attached. Examples of how this information can be used 108 in mobile networks can be found in [RFC6757]. 110 2. Motivation 112 Proxy mobile IPv6 [RFC5213] can be used for supporting network-based 113 mobility management in various types of network deployments. The 114 network architectures, such as Service provider Wi-Fi access 115 aggregation or, WLAN integrated mobile packet core are examples where 116 Proxy Mobile IPv6 is a component of the overall architecture. Some 117 of these architectures require the ability of the local mobility 118 anchor (LMA) [RFC5213] to provide differentiated services and 119 policing of traffic to the mobile nodes based on the access network 120 to which they are attached. Policy systems in mobility architectures 121 such as PCC [TS23203] and ANDSF [TS23402] in 3GPP system allow 122 configuration of policy rules with conditions based on the access 123 network information. For example, the service treatment for the 124 mobile node's traffic may be different when they are attached to a 125 access network owned by the home operator than when owned by a 126 roaming partner. The service treatment can also be different based 127 on the configured Service Set Identifiers (SSID) in case of IEEE 128 802.11 based access networks. Other examples of services include the 129 operator's ability to apply tariff based on the location. 131 The PMIPv6 extension as specified in [RFC6757] defines PMIPv6 options 132 to carry access network identifiers in PMIPv6 signaling from Mobile 133 Access Gateway (MAG) to LMA. MAG can learn this information from 134 DHCP options as inserted by DHCP Relay agent before MAG. If MAG 135 relays DHCP messages to LMA as specified in [RFC5844] this 136 information can be inserted by MAG towards LMA in the forwarded DHCP 137 messages. 139 Figure 1, illustrates an example Proxy Mobile IPv6 deployment. In 140 this example, the access network is IEEE 802.11 based access-network, 141 the DHCP Relay Agent function is located on the access point (AP), 142 and the DHCP Server function is located on the MAG. The MAG delivers 143 the information elements related to the access network to the LMA 144 over Proxy Mobile IPv6 signaling messages. The MAG obtains these 145 information elements from the DHCP Relay Agent as per this 146 specification. The informational elements related to the access 147 network include the SSID of the used IEEE 802.11 network, the geo- 148 location of the access-network to which the mobile node is attached, 149 and the identity of the operator running the IEEE 802.11 access 150 network infrastructure. 152 SSID: IETF-1 153 Operator-Id: provider1.example 155 +--+ 156 |AP|-----------. {Access Specific Policies) 157 +--+ | (DHCP Server) _-----_ | 158 (DHCP Relay) +-----+ _( )_ +-----+ 159 | MAG |-=========( PMIPv6 )======-| LMA |- 160 +-----+ (_ Tunnel_) +-----+ 161 +--+ | '-----' 162 |AP|-----------' 163 +--+ 164 (DHCP Relay) 166 SSID: IETF-2 167 Operator-Id: provider2.example 169 Access Networks attached to MAG 171 3. Terminology 173 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 174 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 175 document are to be interpreted as described in [RFC2119]. 177 All the DHCP related terms used in this document are to be 178 interpreted as defined in the Dynamic Host Configuration Protocol 179 (DHCPv4) [RFC2131] and Dynamic Host Configuration Protocol for IPv6 180 (DHCPv6) [RFC3315] specifications. DHCP message refers to both 181 DHCPv4 and DHCPv6 messages throughout this document. 183 All the mobility related terms used in this document are to be 184 interpreted as defined in the Proxy Mobile IPv6 specifications 185 [RFC5213] and [RFC5844]. Additionally, this document uses the 186 following abbreviations: 188 Service Set Identifier (SSID) 190 Service Set Identifier (SSID) identifies the name of the IEEE 191 802.11 network. SSID differentiates from one network to the 192 other. 194 Operator-Identifier 196 The Operator-Identifier is the Structure of Management Information 197 (SMI) Network Management Private Enterprise Code of the IANA- 198 maintained "Private Enterprise Numbers" registry [SMI]. It 199 identifies the operator running the access-network where the 200 client is attached. 202 4. DHCPv4 Access-Network-Identifier Option 204 The Access Network Identifier carries information to identify the 205 access network to which the client is attached. This information 206 includes access technology type, network identifier, and access- 207 network operator identifiers. 209 Relay agents that include Access Network Identifier information 210 include one or more sub-options (see Section 4.1) in the Relay Agent 211 Information option [RFC3046]. 213 4.1. DHCPv4 Access-Network-Identifier Sub-options 215 The access network identifier information will be defined in multiple 216 sub-options, allocated from the DHCP Relay Agent Sub-Option Codes. 218 ANI Sub-options: The ANI Sub-options consists of a sequence of Sub- 219 Option Code, Length, and Value tuples for each sub-option, encoded in 220 the following manner: 222 SubOpt Len Sub-option Data 223 +------+------+------+------+------+------+--...-+------+ 224 | code | N | s1 | s2 | s3 | s4 | | sN | 225 +------+------+------+------+------+------+--...-+------+ 227 Subopt code 228 The 1-octet code for the sub-options defined in the following 229 sections. 231 Len 232 An unsigned 8-bit integer giving the length of the Sub-option Data 233 field in this sub-option in octets. 235 Sub-option Data (s1 to sN) 236 The data area for the sub-option. 238 The initial assignment of DHCP access network identifier sub-options 239 is as follows: 241 +=================+=======================================+ 242 | SUB-OPTION CODE | SUB-OPTION DESCRIPTION | 243 +=================+=======================================+ 244 | | Access Technology Type Sub-option | 245 +=========================================================+ 246 | | Access Network Name Sub-option | 247 +=========================================================+ 248 | | Access Point Name Sub-option | 249 +=========================================================+ 250 | | Access Point BSSID Sub-option | 251 +=========================================================+ 252 | | Operator-Identifier Sub-option | 253 +=========================================================+ 254 | | Operator-Realm Sub-option | 255 +=========================================================+ 257 4.2. DHCPv4 Access-Technology-Type Sub-option 259 This sub-option is used for exchanging the type of the access 260 technology of the network to which the client is attached. Its 261 format is as follows: 263 0 1 2 3 264 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 265 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 266 | Subopt Code | Length | Reserved | ATT | 267 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 269 Subopt Code 270 . 272 Length 273 2. 275 Reserved 276 An 8-bit field that is unused for now. The value MUST be 277 initialized to 0 by the sender and MUST be ignored by the 278 receiver. 280 Access-Technology-Type (ATT) 281 An 8-bit field that specifies the access technology through which 282 the client is connected to the access link from the IANA name 283 space Access Technology Type Option type value registry defined in 284 [RFC5213]. 286 4.3. DHCPv4 Network-Identifier Sub-options 288 These sub-options are used for carrying the name of the access 289 network (e.g., a SSID in case of IEEE 802.11 Access Network, or PLMN 290 Identifier [TS23003] in case of 3GPP access) and Access Point name to 291 which the client is attached. The format of these sub-options is 292 defined the following sections. The Network-Identifier sub-options 293 are only for the currently known access technology types. 295 4.3.1. DHCPv4 Network Name Sub-option 297 0 1 2 3 298 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 299 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 300 | Subopt Code | Length | | 301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 302 . . 303 . Network Name (e.g., SSID or PLMNID) . 304 . . 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 Subopt Code 308 . 310 Length 311 The length of the Network Name field. 313 Network Name 314 The name of the access network to which the mobile node is 315 attached. The encoding MUST be UTF-8 as described in [RFC3629]. 317 The type of the Network Name is dependent on the access technology 318 to which the mobile node is attached. For IEEE 802.11 based 319 networks, the network name will be the SSID of the network. For 320 3GPP access based it is the PLMN Identifier of the access network 321 and for 3GPP2 access, the Network Name is the Access Network 322 Identifier[ANI]. 324 When encoding the PLMN Identifier, both the Mobile Network Code 325 (MNC) [TS23003] and Mobile Country Code (MCC) [TS23003] MUST be 3 326 digits. If the MNC in use only has 2 digits, then it MUST be 327 preceded with a '0'. 329 4.3.2. DHCPv4 Access-Point Name Sub-option 331 0 1 2 3 332 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 334 | Subopt Code | Length | | 335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 336 . . 337 . Access-Point Name . 338 . . 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 341 Subopt Code 342 . 344 Length 345 The length of the Access-Point Name field. 347 Access-Point Name 348 The name of the access point (physical device name) to which the 349 mobile node is attached. This is the identifier that uniquely 350 identifies the access point. While Network Name (e.g., SSID) 351 identifies the operator's access network, Access-Point Name 352 identifies a specific network device in the network to which the 353 mobile node is attached. In some deployments, the Access-Point 354 Name can be set to the string representation of the Media Access 355 Control (MAC) address as specified in [RFC6991] mac-address string 356 type of the device or some unique identifier that can be used by 357 the policy systems in the operator network to unambiguously 358 identify the device. The encoding MUST be UTF-8 as described in 359 [RFC3629]. 361 4.3.3. DHCPv4 Access-Point BSSID Sub-option 363 0 1 2 3 364 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 | Subopt Code | Length | | 367 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 368 | Access-Point BSSID | 369 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 Subopt Code 372 . 374 Length 375 6. 377 Access-Point BSSID 378 The 48-bit Basic Service Set Identification (BSSID) of the access 379 point to which the mobile node is attached. 381 4.4. DHCPv4 Operator Identifier Sub-options 383 The Operator identifier sub-options can be used for carrying the 384 operator identifiers of the access network to which the client is 385 attached. The format of these sub-options is defined below. 387 4.4.1. DHCPv4 Operator-Identifier Sub-option 389 0 1 2 3 390 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 391 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 392 | Subopt Code | Length | . 393 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 394 . Operator-Identifier | 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 397 Subopt Code . 399 Length 400 4. 402 Operator-Identifier Operator-Identifier as a variable-length Private 403 Enterprise Number (PEN) [SMI] encoded in a network-byte order. 404 Please refer to (section 3.1.3 of [RFC6757]) for additional 405 details. 407 4.4.2. DHCPv4 Operator-Realm Sub-option 409 0 1 2 3 410 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 412 | Subopt Code | Length | | 413 |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 414 . . 415 . Operator-Realm . 416 . . 417 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 419 Subopt Code 420 . 422 Length 423 The length of the Operator Realm field. 425 Operator-Realm 426 Realm of the operator (e.g., EXAMPLE.COM). Please refer to 427 (section 3.1.3 of [RFC6757]) for additional details. 429 5. DHCPv6 Access-Network-Identifier Options 431 The Access Network Identifier options defined here may be added by 432 the DHCPv6 Relay agent in Relay-forward messages. 434 +=================+=======================================+ 435 | OPTION CODE | OPTION DESCRIPTION | 436 +=================+=======================================+ 437 | | OPTION_ANI_ATT | 438 +=========================================================+ 439 | | OPTION_ANI_NETWORK_NAME | 440 +=========================================================+ 441 | | OPTION_ANI_AP_NAME | 442 +=========================================================+ 443 | | OPTION_ANI_AP_BSSID | 444 +=========================================================+ 445 | | OPTION_ANI_OPERATOR_ID | 446 +=========================================================+ 447 | | OPTION_ANI_OPERATOR_REALM | 448 +=========================================================+ 450 5.1. DHCPv6 Access-Technology-Type Option 452 This option is used for exchanging the type of the access technology 453 the client is attached to the network. Its format is as follows: 455 0 1 2 3 456 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 458 | OPTION_ANI_ATT | Option-Len | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 | Reserved | ATT | 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 463 Option-Code 464 OPTION_ANI_ATT (). 466 Option-Len 467 2. 469 Reserved 470 An 8-bit field that is unused for now. The value MUST be 471 initialized to 0 by the sender and MUST be ignored by the 472 receiver. 474 Access Technology Type (ATT): 475 The contents of this field is the same as the ATT field described 476 in Section 4.2. 478 5.2. DHCPv6 Network-Identifier Options 480 These options can be used for carrying the name of the access network 481 (e.g., a SSID in case of IEEE 802.11 Access Network, or PLMN 482 Identifier [TS23003] in case of 3GPP access) and Access Point name to 483 which the client is attached. The format of these options is defined 484 below. 486 5.2.1. DHCPv6 Network Name Option 488 0 1 2 3 489 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 | OPTION_ANI_NETWORK_NAME | Option-Len | 492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 . . 494 . Network Name (e.g., SSID or PLMNID) . 495 . . 497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 499 Option-Code 500 OPTION_ANI_NETWORK_NAME (). 502 Option-Len 503 The length of the Network Name field. 505 Network Name 506 The contents of this field is the same as the Network Name field 507 described in Section 4.3.1. 509 5.2.2. DHCPv6 Access-Point Name Option 511 0 1 2 3 512 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 513 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 514 | OPTION_ANI_AP_NAME | Option-Len | 515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 516 . . 517 . Access-Point Name . 518 . . 519 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 521 Option-Code 522 OPTION_ANI_AP_NAME (). 524 Option-Len 525 The length of the Access-Point Name field. 527 Access-Point Name 528 The contents of this field is the same as the Access-Point Name 529 field described in Section 4.3.2. 531 5.2.3. DHCPv6 Access-Point BSSID Option 533 0 1 2 3 534 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 535 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 536 | OPTION_ANI_AP_BSSID | Option-Len | 537 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 538 | Access-Point BSSID | 539 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 540 | | 541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 543 Option-Code 544 OPTION_ANI_AP_BSSID (). 546 Option-Len 547 6. 549 Access-Point BSSID 550 The contents of this field is the same as the Access-Point BSSID 551 field described in Section 4.3.3. 553 5.3. DHCPv6 Operator Identifier Options 555 The Operator Identifier options can be used for carrying the operator 556 identifier of the access network to which the client is attached. 557 The format of these options is defined below. 559 5.3.1. DHCPv6 Operator-Identifier Option 561 0 1 2 3 562 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 563 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 564 | OPTION_ANI_OPERATOR_ID | Option-Len | 565 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 566 | Operator-Identifier | 567 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 569 Option-Code 570 OPTION_ANI_OPERATOR_ID (). 572 Option-Len 573 4. 575 Operator-Identifier 576 The contents of this field is the same as the DHCPv4 Operator- 577 Identifier Sub-option field described in Section 4.4.1. 579 5.3.2. DHCPv6 Operator-Realm Option 581 0 1 2 3 582 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 583 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 584 | OPTION_ANI_OPERATOR_REALM | Option-Len | 585 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 586 . . 587 . Operator-Realm . 588 . . 590 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 592 Option-Code 593 OPTION_ANI_OPERATOR_REALM (). 595 Option-Len 596 The length of the Operator Realm field. 598 Operator-Realm 599 The contents of this field is the same as the Operator-Realm field 600 described in Section 4.4.2. 602 6. Relay Agent Behavior 604 DHCPv4 Relay Agents MAY include sub-options defined in section 4.2 605 through 4.4 in the Relay Agent Information option as defined in 606 [RFC3046] for providing information about the access network over 607 which DHCP messages from the client is received. 609 The DHCPv4 Relay Agent when including any of these sub-options in the 610 DHCP message, DHCPv4 Network Name Sub-option (Section 4.3.1), DHCPv4 611 Access-Point Name Sub-option (Section 4.3.2), DHCPv4 Access-Point 612 BSSID Sub-option (Section 4.3.3), MUST include the DHCPv4 Access- 613 Technology-Type Sub-option (Section 4.2) 615 DHCPv6 Relay Agents MAY include options defined in Section 5 in 616 Relay-forward message when forwarding any DHCPv6 message type from 617 clients to the servers to provide information about the access 618 network over which DHCPv6 messages from the client is received. 620 The DHCPv6 Relay Agent when including any of these options in the 621 DHCP message, DHCPv6 Network Name Option (Section 5.2.1), DHCPv6 622 Access-Point Name Option (Section 5.2.2), DHCPv6 Access-Point BSSID 623 Option (Section 5.2.3), MUST include the DHCPv6 Access-Technology- 624 Type Option (Section 5.1) 626 7. Server Behavior 628 DHCPv4 base specification [RFC2131] requires that the DHCPv4 server 629 ignore the DHCPv4 Access Network Identifier option if it does not 630 understand the option. 632 If the DHCPv4 server does not understand the received sub-option 633 defined in sections 4.1 through 4.4 in the DHCPv4 Relay Agent 634 Information option (82) it MUST ignore those sub-options only. If 635 DHCPv4 Server is able to process the DHCPv4 Access Network Identifier 636 sub-options defined in sections 4.1 through 4.4 received in DHCPv4 637 Relay Agent Information option, it MAY use this information obtained 638 from the sub-option for address pool selection, or for policy 639 decisions as per its configured policy. This information obtained 640 from the sub-option SHOULD NOT be stored unless it is absolutely 641 needed, However, if it is stored, the information MUST be deleted as 642 quickly as possible to eliminate any possibility of the information 643 getting exposed to an intruder. 645 If the received DHCPv4 message does not include DHCPv4 Access- 646 Technology-Type Sub-option (Section 4.2), but if it includes any one 647 of these other options, DHCPv4 Network Name Sub-option 648 (Section 4.3.1), DHCPv4 Access-Point Name Sub-option (Section 4.3.2), 649 or DHCPv4 Access-Point BSSID Sub-option (Section 4.3.3), then the 650 DHCPv4 server MUST ignore the received DHCPv4 Access-Network- 651 Identifier option and process the rest of the message as per the base 652 DHCPv4 specifications 654 DHCPv6 base specification [RFC3315] requires that the DHCPv6 server 655 ignore the DHCPv6 Access-Network-Identifier option if it does not 656 understand the option. 658 If the DHCPv6 server receives the options defined in Section 5 and is 659 configured to use the options defined in Section 5, it SHOULD look 660 for the DHCPv6 Access Network identifier options in the Relay-forward 661 message of the DHCPv6 relay agent(s) based on its configured policy. 662 The server MAY use received ANI options for its address pool 663 selection policy decisions as per its configured policy. This 664 information obtained from the options SHOULD NOT be stored unless it 665 is absolutely needed, However, if it is stored, the information MUST 666 be deleted as quickly as possible to eliminate any possibility of the 667 information getting exposed to an intruder. 669 If the received DHCPv6 message does not include DHCPv6 Access- 670 Technology-Type Option (Section 5.1), but it includes any one of 671 these other options, DHCPv6 Network Name Option (Section 5.2.1), 672 DHCPv6 Access-Point Name Option (Section 5.2.2), or DHCPv6 Access- 673 Point BSSID Option (Section 5.2.3), then the DHCPv6 server MUST 674 ignore the received DHCPv6 Access-Network-Identifier option and 675 process the rest of the message as per the base DHCPv6 676 specifications. 678 8. IANA Considerations 680 IANA is requested to assign Sub-option codes for the following DHCPv4 681 Sub-options from the "DHCP Relay Agent Sub-Option Codes" registry, 682 : 684 +=================+=======================================+ 685 | SUB-OPTION CODE | SUB-OPTION DESCRIPTION | 686 +=================+=======================================+ 687 | | Access Technology Type Sub-option | 688 +=========================================================+ 689 | | Access Network Name Sub-option | 690 +=========================================================+ 691 | | Access Point Name Sub-option | 692 +=========================================================+ 693 | | Access Point BSSID Sub-option | 694 +=========================================================+ 695 | | Operator Identifier Sub-option | 696 +=========================================================+ 697 | | Operator Realm Sub-option | 698 +=========================================================+ 700 IANA is requested to assign option codes for the following DHCPv6 701 options from the "Option Codes registry for DHCPv6" registry 702 , as specified in 703 [RFC3315]: 705 +=================+=======================================+ 706 | OPTION CODE | OPTION DESCRIPTION | 707 +=================+=======================================+ 708 | | OPTION_ANI_ATT | 709 +=========================================================+ 710 | | OPTION_ANI_NETWORK_NAME | 711 +=========================================================+ 712 | | OPTION_ANI_AP_NAME | 713 +=========================================================+ 714 | | OPTION_ANI_AP_BSSID | 715 +=========================================================+ 716 | | OPTION_ANI_OPERATOR_ID | 717 +=========================================================+ 718 | | OPTION_ANI_OPERATOR_REALM | 719 +=========================================================+ 721 9. Security Considerations 723 Since there is no privacy protection for DHCP messages, an 724 eavesdropper who can monitor the link between the DHCP server and 725 relay agent can discover access network information. 727 [RFC3118] and [RFC3315] describe many of the threats in using DHCP. 728 [RFC3118] and [RFC3315] each provide a solution, the Authentication 729 Option for DHCPv4 and DHCPv6 (respectively). However, neither of 730 these options are in active use and therefore are not a viable 731 mitigation option. DHCP itself is inherently insecure and thus link- 732 layer confidentiality and integrity protection SHOULD be employed to 733 reduce the risk of disclosure and tampering. 735 It is possible for a rogue DHCP relay agent to insert or overwrite 736 with incorrect access network identifier options for malicious 737 purposes. A DHCP client can also pose as a rogue DHCP relay agent by 738 sending incorrect access network identifier options. While the 739 introduction of fraudulent DHCP relay agent information options can 740 be prevented by a perimeter defense that blocks these options unless 741 the DHCP relay agent is trusted, a deeper defense using the 742 authentication sub-option for DHCPv4 relay agent information option 743 [RFC4030] SHOULD be deployed as well. Administrators SHOULD 744 configure DHCP servers that use this option to communicate with their 745 relay agents using IPsec, as described in Section 21.1 of [RFC3315]. 747 The information elements that this draft is exposing is the client's 748 access-network information. These pertain to the access network to 749 which the client is attached, such as Access Technology Type (Ex: 750 WLAN, Ethernet...etc), Access Point Identity (Name, BSSID), Operator 751 Id/Realm. In deployments where this information cannot be secured 752 using IPsec [RFC4301] or other security protocols, administrators 753 SHOULD disable the capability specified in this document on the DHCP 754 entities. 756 10. Acknowledgments 758 The authors would like to thank Kim Kinnear, Ted Lemon, Gaurav 759 Halwasia, Hidetoshi Yokota, Sheng Jiang and Francis Dupont for their 760 valuable inputs. And, to Tomek Mrugalski for a thorough review of 761 the document. 763 11. References 765 11.1. Normative References 767 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 768 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 769 RFC2119, March 1997, 770 . 772 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 773 RFC 2131, DOI 10.17487/RFC2131, March 1997, 774 . 776 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 777 RFC 3046, DOI 10.17487/RFC3046, January 2001, 778 . 780 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 781 C., and M. Carney, "Dynamic Host Configuration Protocol 782 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, 783 July 2003, . 785 11.2. Informative References 787 [ANI] "Interoperability Specification (IOS) for High Rate Packet 788 Data (HRPD) Radio Access Network Interfaces with Session 789 Control in the Access Network, A.S0008-A v3.0", 790 October 2008. 792 [RFC3118] Droms, R. and W. Arbaugh., Ed., "Authentication for DHCP 793 Messages", RFC 3118, DOI 10.17487/RFC3118, June 2001, 794 . 796 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 797 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, 798 November 2003, . 800 [RFC4030] Stapp, M. and T. Lemon, "The Authentication Suboption for 801 the Dynamic Host Configuration Protocol (DHCP) Relay Agent 802 Option", RFC 4030, DOI 10.17487/RFC4030, March 2005, 803 . 805 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 806 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 807 December 2005, . 809 [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., 810 Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", 811 RFC 5213, DOI 10.17487/RFC5213, August 2008, 812 . 814 [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 815 Mobile IPv6", RFC 5844, DOI 10.17487/RFC5844, May 2010, 816 . 818 [RFC6757] Gundavelli, S., Ed., Korhonen, J., Ed., Grayson, M., 819 Leung, K., and R. Pazhyannur, "Access Network Identifier 820 (ANI) Option for Proxy Mobile IPv6", RFC 6757, 821 DOI 10.17487/RFC6757, October 2012, 822 . 824 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 825 RFC 6991, DOI 10.17487/RFC6991, July 2013, 826 . 828 [SMI] "PRIVATE ENTERPRISE NUMBERS, SMI Network Management 829 Private Enterprise Codes", February 2011. 831 [TS23003] "Numbering, addressing and identification", 2011. 833 [TS23203] "Policy and Charging Control Architecture", 2012. 835 [TS23402] "Architecture enhancements for non-3GPP accesses", 2012. 837 Authors' Addresses 839 Shwetha Bhandari 840 Cisco Systems 841 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 842 Bangalore, KARNATAKA 560 087 843 India 845 Phone: +91 80 4426 0474 846 Email: shwethab@cisco.com 848 Sri Gundavelli 849 Cisco Systems 850 170 West Tasman Drive 851 San Jose, CA 95134 852 USA 854 Email: sgundave@cisco.com 856 Mark Grayson 857 Cisco Systems 858 11 New Square Park 859 Bedfont Lakes, FELTHAM TW14 8HA 860 England 862 Email: mgrayson@cisco.com 863 Bernie Volz 864 Cisco Systems 865 1414 Massachusetts Ave 866 Boxborough,, MA 01719 867 USA 869 Email: volz@cisco.com 871 Jouni Korhonen 872 Broadcom Communications 873 Porkkalankatu 24 874 FIN-00180 Helsinki, 875 Finland 877 Phone: 878 Email: jouni.nospam@gmail.com