idnits 2.17.1 draft-ietf-dhc-container-opt-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 353. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 364. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 371. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 377. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 24, 2008) is 5936 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2132' is defined on line 318, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 dhc Working Group R. Droms 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track January 24, 2008 5 Expires: July 27, 2008 7 Container Option for Server Configuration 8 draft-ietf-dhc-container-opt-00.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on July 27, 2008. 35 Copyright Notice 37 Copyright (C) The IETF Trust (2008). 39 Abstract 41 In some DHCP service deployments, it is desirable for a DHCP server 42 in one administrative domain to pass configuration options to a DHCP 43 server in a different administrative domain. This DHCP option 44 carries a set of DHCP options that can be used by another DHCP 45 server. 47 1. Introduction 49 In some DHCP service deployments, it is desirable to pass 50 configuration options from a DHCP server in one administrative domain 51 to another DHCP server in a different administrative domain. In one 52 example of such a deployment, an IPTV service provider (SP) may need 53 to provide certain SP domain-specific information to IPTV device(s) 54 located in the consumer domain. This information is sent from the 55 IPTV SP DHCP server to the consumer DHCP server located in the 56 Residential Gateway (RG), which can then be passed along to IPTV 57 device(s) in the subscriber network. 59 Existing RGs may pass some configuration information received by the 60 RG DHCP client to the RG server for configuration of devices attached 61 to the consumer network. There are several motivations for this 62 option: 64 o The devices attached to the consumer network may require different 65 configuration information than the DHCP options provided to the RG 67 o Existing RG DHCP clients are typically not be coded to process new 68 DHCP options and, therefore, will be unable to pass those new 69 options to the RG DHCP server 71 o Existing RG DHCP clients are typically coded to pass only a fixed 72 list of DHCP options to the RG DHCP server and, therefore, will be 73 unable to pass newly defined options to the RG DHCP server. 75 The DHCP Container option defined in this document provides a 76 mechanism through which the RG DHCP client can pass DHCP options to 77 the RG DHCP server without explicit knowledge of the semantics of 78 those options. With this option, the SP DHCP server can pass both 79 current and future DHCP options to the RG DHCP server. 81 The DHCP Container option does not carry IP addresses, IPv6 prefixes 82 or other information about leases. It carries other configuration 83 information. 85 2. Terminology 87 The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 88 SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be 89 interpreted as described in RFC2119 [RFC2119]. 91 The following terms and acronyms are used in this document: 93 DHCPv4 "Dynamic Host Configuration Protocol" [RFC2131] 95 DHCPv6 "Dynamic Host Configuration Protocol for IPv6" 96 [RFC3315] 98 DHCP DHCPv4 and/or DHCPv6 100 RG "home gateway"; the device through which the 101 consumer network connects to the broadband WAN; 102 typically a layer 3 forwarding device 104 RG DHCP client (or "RG client") the DHCP client in the RG 106 RG DHCP server (or "RG server") the DHCP server in the RG 108 SP DHCP server (or "SP server") the DHCP server managed by the 109 service provider (SP) 111 This document uses terminology for DHCPv4 and DHCPv6 as defined in 112 RFCs 2131 and 2132, respectively. 114 3. Problem statement and requirements for RG DHCP server configuration 116 The following diagram shows the components in a network deployment 117 using the DHCP Container option: 119 Client STB/CPE -+ +---------+ +------+ 120 | | RG | | SP | 121 Client STB/CPE -+ | Client+--- ... ---+ DHCP | 122 +--+Server | |server| 123 Client STB/CPE -+ +---------+ +------+ 125 In this diagram, the RG client engages in DHCP message exchanges with 126 the SP server to obtain its IP address and other configuration 127 information. 129 The problem under consideration in this document is to transmit 130 configuration information from the SP DHCP server to devices attached 131 to the consumer network. The problem solution has the following 132 requirements: 134 o The SP server MUST be able to transmit different configuration 135 information to the consumer devices than the DHCP options provided 136 to the RG 138 o The SP server MUST be able to control which DHCP options are 139 transmitted to the consumer device 141 o There MUST be a way for the SP server to pass DHCP options to be 142 defined in the future to consumer devices 144 4. Design alternatives 146 The following three designs meet the solution requirements: 148 o SP server passes container option to RG client, which forwards 149 contents to RG server; this alternative is the preferred solution 151 o RG server does direct DHCP info request to SP server; this 152 alternative is not preferred: 154 * requires that the RG server include a DHCP client 156 * requires that the SP server be able to differentiate between RG 157 client and server requests 159 * does not scale well, as it at least doubles the load on the SP 160 server 162 o RG server passes device requests to SP DHCP server; this 163 alternative is not preferred: 165 * requires that the RG also function as a DHCP relay 167 * requires that the RG relay function be configured with the IP 168 addresses of the SP DHCP server(s) 170 * requires that the RG relay function differentiate between DHCP 171 messages that are processed by the RG server and DHCP messages 172 that are processes by the SP server 174 A variant on the preferred design would allow the inclusion of 175 multiple sets of DHCP options intended for different classes of 176 devices in the consumer network; e.g., the design would allow for one 177 set of options for video set-top boxes and a second set of options 178 for VoIP MTAs. The variant would require the specification of rules 179 to be provided by the SP server through which the RG server would 180 differentiate its clients and send the appropriate set of options to 181 each device. At present, there is no requirement for differential 182 configuration of consumer devices and this alternative is not defined 183 in this document. 185 5. Semantics and syntax of the Container option 187 Along with configuration information intended for the RG, the SP 188 server can include the DHCP Container option. When the RG client 189 receives the DHCP Container option, it passes the contents of the 190 option to the RG server. The means through which the information is 191 passed between the RG client and the RG server is out of the scope of 192 this document and left unspecified. 194 The DHCP options in this container are carried in DHCP message format 195 (option-code/length/value). In this format, the contained options 196 can be passed through a DHCP client to a co-located DHCP server 197 without specific knowledge on the part of the client or the server of 198 the semantics of the options. 200 5.1. DHCPv4 Container option 202 The DHCPv4 Container option has the following format: 204 0 1 2 3 205 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | Code | len | DHCP Options for RG server | 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . 209 . . 210 . . 211 . . 212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 Code OPTION_CONTAINER_V4 (TBD) 216 len Length of options for RG server, in octets 218 5.2. DHCPv6 Container option 220 The DHCPv6 Container option has the following format: 222 0 1 2 3 223 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 | OPTION_CONTAINER_V6 | option-len | 226 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 227 | DHCP Options for RG server | 228 . . 229 . . 230 . . 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 233 option-code OPTION_CONTAINER_V6 (TBD). 235 option-len Length of options for RG server, in octets 237 5.3. SP server behavior 239 The SP server MAY include the Container option in any DHCP message 240 sent to an RG client. 242 The policy through which the SP server is instructed to include a 243 Container option for an RG client, and the policy determining the 244 contents of the Container object are out of scope of this document 245 and left unspecified. 247 5.4. RG client behavior 249 The RG client MUST pass the contents of the received Container option 250 to the RG server without alteration. The details of the 251 implementation through which the RG client parses the content of the 252 Container option and passes the options to the RG server are out of 253 scope for this document and left unspecified. 255 5.5. RG server behavior 257 The RG server MUST discard any options related to IP address 258 assignment, IPv6 prefix delegation or operation of the DHCP protocol 259 itself. Appendices TBD give a list of DHCPv4 and DHCPv6 options that 260 the RG server MUST discard. 262 The Container option provides a mechanism through which the SP might 263 be able to unilaterally control the configuration settings passed 264 from a CPE DHCP server to a CPE device. This configuration channel 265 must be handled with some care if the subscriber is to retain desired 266 control over the CPE configurations. The following behaviors limit 267 the degree to which the SP con control CPE configuration: 269 o The RG server MAY discard any undesired options, as determined by 270 policy in the RG. 272 o The RG server MUST return to any DHCP client only those options 273 requested by the DHCP client in a Parameter Request List option 274 (DHCPv4 option code 55) or an Option Request option (DHCPv6 option 275 code 6). 277 6. Security Considerations 279 A rogue server can use this option to pass invalid information to the 280 RG client, which would then be passed to the Client STB/CPEs. This 281 invalid information could be used to mount a denial of service attack 282 or a man-in-the-middle attack against some applications. 284 Authentication of DHCP messages(RFC 3118 [RFC3118] for DHCPv4 or 285 section 20 of RFC 3315 [RFC3315]) can be used to ensure that the 286 contents of this option are not altered in transit between the DHCP 287 server and client. 289 7. IANA Considerations 291 When this document is published, IANA is asked to assign an option 292 tag from the "BOOTP Vendor Extensions and DHCP Options" registry for 293 OPTION_CONTAINER_V4. 295 When this document is published, IANA is asked to assign an option 296 code from the "DHCPv6 Option Codes" registry for OPTION_CONTAINER_V6. 298 8. Change Log 300 If this document is accepted for publication as an RFC, this change 301 log is to be removed before publication. 303 o Corrected a cut-and-paste error in section "DHCPv6 Container 304 option": The Time Protocol Servers option -> The DHCPv4 Container 305 option 307 o Added text to section "RG Server Behavior" to address policy 308 management concerns 310 9. Normative References 312 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 313 Requirement Levels", BCP 14, RFC 2119, March 1997. 315 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 316 RFC 2131, March 1997. 318 [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor 319 Extensions", RFC 2132, March 1997. 321 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 322 and M. Carney, "Dynamic Host Configuration Protocol for 323 IPv6 (DHCPv6)", RFC 3315, July 2003. 325 [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP 326 Messages", RFC 3118, June 2001. 328 Author's Address 330 Ralph Droms 331 Cisco Systems, Inc. 332 1414 Massachusetts Avenue 333 Boxborough, MA 01719 334 USA 336 Phone: +1 978.936.1674 337 Email: rdroms@cisco.com 339 Full Copyright Statement 341 Copyright (C) The IETF Trust (2008). 343 This document is subject to the rights, licenses and restrictions 344 contained in BCP 78, and except as set forth therein, the authors 345 retain all their rights. 347 This document and the information contained herein are provided on an 348 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 349 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 350 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 351 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 352 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 353 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 355 Intellectual Property 357 The IETF takes no position regarding the validity or scope of any 358 Intellectual Property Rights or other rights that might be claimed to 359 pertain to the implementation or use of the technology described in 360 this document or the extent to which any license under such rights 361 might or might not be available; nor does it represent that it has 362 made any independent effort to identify any such rights. Information 363 on the procedures with respect to rights in RFC documents can be 364 found in BCP 78 and BCP 79. 366 Copies of IPR disclosures made to the IETF Secretariat and any 367 assurances of licenses to be made available, or the result of an 368 attempt made to obtain a general license or permission for the use of 369 such proprietary rights by implementers or users of this 370 specification can be obtained from the IETF on-line IPR repository at 371 http://www.ietf.org/ipr. 373 The IETF invites any interested party to bring to its attention any 374 copyrights, patents or patent applications, or other proprietary 375 rights that may cover technology that may be required to implement 376 this standard. Please address the information to the IETF at 377 ietf-ipr@ietf.org. 379 Acknowledgment 381 Funding for the RFC Editor function is provided by the IETF 382 Administrative Support Activity (IASA).