idnits 2.17.1 draft-ietf-dhc-container-opt-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 352. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 363. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 370. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 376. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 17, 2008) is 5632 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 dhc Working Group R. Droms 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track November 17, 2008 5 Expires: May 21, 2009 7 Container Option for Server Configuration 8 draft-ietf-dhc-container-opt-03.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on May 21, 2009. 35 Abstract 37 In some DHCP service deployments, it is desirable for a DHCP server 38 in one administrative domain to pass configuration options to a DHCP 39 server in a different administrative domain. This DHCP option 40 carries a set of DHCP options that can be used by another DHCP 41 server. 43 1. Introduction 45 In some DHCP service deployments, it is desirable to pass 46 configuration options from a DHCP server in one administrative domain 47 to another DHCP server in a different administrative domain. In one 48 example of such a deployment, an IPTV service provider (SP) may need 49 to provide certain SP domain-specific information to IPTV device(s) 50 located in the consumer domain. This information is sent from the 51 IPTV SP DHCP server to the consumer DHCP server located in the 52 Residential Gateway (RG), which can then be passed along to IPTV 53 device(s) in the subscriber network. 55 Existing RGs may pass some configuration information received by the 56 RG DHCP client to the RG server for configuration of devices attached 57 to the consumer network. There are several motivations for this 58 option: 60 o The devices attached to the consumer network may require different 61 configuration information than the DHCP options provided to the 62 RG. 64 o Existing RG DHCP clients are typically not coded to process new 65 DHCP options and, therefore, will be unable to pass those new 66 options to the RG DHCP server. 68 o Existing RG DHCP clients are typically coded to pass only a fixed 69 list of DHCP options to the RG DHCP server and, therefore, will be 70 unable to pass newly defined options to the RG DHCP server. 72 The DHCP Container option defined in this document provides a 73 mechanism through which the RG DHCP client can pass DHCP options to 74 the RG DHCP server without explicit knowledge of the semantics of 75 those options. With this option, the SP DHCP server can pass both 76 current and future DHCP options to the RG DHCP server. 78 The DHCP Container option does not carry IP addresses, IPv6 prefixes 79 or other information about leases. It carries other configuration 80 information. 82 2. Terminology 84 The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 85 SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be 86 interpreted as described in RFC2119 [RFC2119]. 88 The following terms and acronyms are used in this document: 90 DHCPv4 "Dynamic Host Configuration Protocol" [RFC2131] 91 DHCPv6 "Dynamic Host Configuration Protocol for IPv6" 92 [RFC3315] 94 DHCP DHCPv4 and/or DHCPv6 96 RG "residential gateway"; the device through which 97 the consumer network connects to the broadband 98 WAN; typically a layer 3 forwarding device 100 RG DHCP client (or "RG client") the DHCP client in the RG 102 RG DHCP server (or "RG server") the DHCP server in the RG 104 SP DHCP server (or "SP server") the DHCP server managed by the 105 service provider (SP) 107 This document uses other terminology for DHCPv4 and DHCPv6 as defined 108 in RFC 2131 and RFC 3315, respectively. 110 3. Problem statement and requirements for RG DHCP server configuration 112 The following diagram shows the components in a network deployment 113 using the DHCP Container option: 115 Client STB/CPE -+ +---------+ +------+ 116 | | RG | | SP | 117 Client STB/CPE -+ | Client+--- ... ---+ DHCP | 118 +--+Server | |server| 119 Client STB/CPE -+ +---------+ +------+ 121 In this diagram, the RG client engages in DHCP message exchanges with 122 the SP server to obtain its IP address and other configuration 123 information. 125 The problem under consideration in this document is to transmit 126 configuration information from the SP DHCP server to devices attached 127 to the consumer network. The problem solution has the following 128 requirements: 130 o The SP server MUST be able to transmit different configuration 131 information to the consumer devices than the DHCP options provided 132 to the RG. 134 o The SP server MUST be able to control which DHCP options are 135 transmitted to the consumer device. 137 o There MUST be a way for the SP server to pass DHCP options to be 138 defined in the future to consumer devices. 140 4. Design alternatives 142 The following three designs meet the solution requirements: 144 o SP server passes container option to RG client, which forwards 145 contents to RG server; this alternative is the preferred solution 147 o RG server does direct DHCP info request to SP server; this 148 alternative is not preferred because it: 150 * requires that the RG server include a DHCP client, 152 * requires that the SP server be able to differentiate between RG 153 client and server requests, and it 155 * does not scale well, as it at least doubles the load on the SP 156 server. 158 o RG server passes device requests to SP DHCP server; this 159 alternative is not preferred because it: 161 * requires that the RG also function as a DHCP relay, 163 * requires that the RG relay function be configured with the IP 164 addresses of the SP DHCP server(s), and it 166 * requires that the RG relay function differentiate between DHCP 167 messages that are processed by the RG server and DHCP messages 168 that are processes by the SP server, which does not scale well. 170 A variant on the preferred design would allow the inclusion of 171 multiple sets of DHCP options intended for different classes of 172 devices in the consumer network; e.g., the design would allow for one 173 set of options for video set-top boxes and a second set of options 174 for VoIP MTAs. The variant would require the specification of rules 175 to be provided by the SP server through which the RG server would 176 differentiate its clients and send the appropriate set of options to 177 each device. At present, there is no requirement for differential 178 configuration of consumer devices and this alternative is not defined 179 in this document. 181 5. Semantics and syntax of the Container option 183 Along with configuration information intended for the RG, the SP 184 server can include the DHCP Container option. When the RG client 185 receives the DHCP Container option, it passes the contents of the 186 option to the RG server. The means through which the information is 187 passed between the RG client and the RG server is out of the scope of 188 this document and left unspecified. 190 The DHCP options in this container are carried in DHCP message format 191 (option-code/length/value). In this format, the contained options 192 can be passed through a DHCP client to a co-located DHCP server 193 without specific knowledge on the part of the client or the server of 194 the semantics of the options. 196 5.1. DHCPv4 Container option 198 The DHCPv4 Container option has the following format: 200 0 1 2 3 201 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 203 | Code | len | DHCP Options for RG server | 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . 205 . . 206 . . 207 . . 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 Code OPTION_CONTAINER_V4 (TBDv4) 212 len Length of options for RG server, in octets 214 5.2. DHCPv6 Container option 216 The DHCPv6 Container option has the following format: 218 0 1 2 3 219 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 220 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 | OPTION_CONTAINER_V6 | option-len | 222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 223 | DHCP Options for RG server | 224 . . 225 . . 226 . . 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 option-code OPTION_CONTAINER_V6 (TBDv6). 231 option-len Length of options for RG server, in octets 233 5.3. SP server behavior 235 The SP server MAY include the Container option in any DHCP message 236 sent to an RG client. 238 The policy through which the SP server is instructed to include a 239 Container option for an RG client, and the policy determining the 240 contents of the Container object are out of scope of this document 241 and left unspecified. 243 5.4. RG client behavior 245 The RG client MUST pass the contents of the received Container option 246 to the RG server without alteration. The details of the 247 implementation through which the RG client parses the content of the 248 Container option and passes the options to the RG server are out of 249 scope for this document and left unspecified. 251 5.5. RG server behavior 253 The RG server MUST discard any options related to IP address 254 assignment, IPv6 prefix delegation or operation of the DHCP protocol 255 itself. 257 The Container option provides a mechanism through which the SP might 258 be able to unilaterally control the configuration settings passed 259 from a CPE DHCP server to a CPE device. This configuration channel 260 must be handled with some care if the subscriber is to retain desired 261 control over the CPE configurations. The following behaviors limit 262 the degree to which the SP con control CPE configuration: 264 o The RG server MAY discard any undesired options, as determined by 265 policy in the RG. 267 o The RG server MUST return to any DHCP client only those options 268 requested by the DHCP client in a Parameter Request List option 269 (DHCPv4 option code 55) or an Option Request option (DHCPv6 option 270 code 6). 272 6. Security Considerations 274 A rogue server can use this option to pass invalid information to the 275 RG client, which would then be passed to the Client STB/CPEs. This 276 invalid information could be used to mount a denial of service attack 277 or a man-in-the-middle attack against some applications. 279 Authentication of DHCP messages(RFC 3118 [RFC3118] for DHCPv4 or 280 section 20 of RFC 3315 [RFC3315]) can be used to ensure that the 281 contents of this option are not altered in transit between the DHCP 282 server and client. 284 7. IANA Considerations 286 When this document is published, IANA is asked to assign an option 287 tag from the "BOOTP Vendor Extensions and DHCP Options" registry for 288 OPTION_CONTAINER_V4 (TBDv4). 290 When this document is published, IANA is asked to assign an option 291 code from the "DHCPv6 Option Codes" registry for OPTION_CONTAINER_V6 292 (TBDv6). 294 8. Change Log 296 If this document is accepted for publication as an RFC, this change 297 log is to be removed before publication. 299 8.1. Revision -02 301 o Corrected a cut-and-paste error in section "DHCPv6 Container 302 option": The Time Protocol Servers option -> The DHCPv4 Container 303 option 305 o Added text to section "RG Server Behavior" to address policy 306 management concerns 308 8.2. Revision -03 310 Corrected several typos (thanks to Alfred Hoenes for his review). 312 9. Normative References 314 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 315 Requirement Levels", BCP 14, RFC 2119, March 1997. 317 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 318 RFC 2131, March 1997. 320 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 321 and M. Carney, "Dynamic Host Configuration Protocol for 322 IPv6 (DHCPv6)", RFC 3315, July 2003. 324 [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP 325 Messages", RFC 3118, June 2001. 327 Author's Address 329 Ralph Droms 330 Cisco Systems, Inc. 331 1414 Massachusetts Avenue 332 Boxborough, MA 01719 333 USA 335 Phone: +1 978.936.1674 336 Email: rdroms@cisco.com 338 Full Copyright Statement 340 Copyright (C) The IETF Trust (2008). 342 This document is subject to the rights, licenses and restrictions 343 contained in BCP 78, and except as set forth therein, the authors 344 retain all their rights. 346 This document and the information contained herein are provided on an 347 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 348 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 349 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 350 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 351 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 352 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 354 Intellectual Property 356 The IETF takes no position regarding the validity or scope of any 357 Intellectual Property Rights or other rights that might be claimed to 358 pertain to the implementation or use of the technology described in 359 this document or the extent to which any license under such rights 360 might or might not be available; nor does it represent that it has 361 made any independent effort to identify any such rights. Information 362 on the procedures with respect to rights in RFC documents can be 363 found in BCP 78 and BCP 79. 365 Copies of IPR disclosures made to the IETF Secretariat and any 366 assurances of licenses to be made available, or the result of an 367 attempt made to obtain a general license or permission for the use of 368 such proprietary rights by implementers or users of this 369 specification can be obtained from the IETF on-line IPR repository at 370 http://www.ietf.org/ipr. 372 The IETF invites any interested party to bring to its attention any 373 copyrights, patents or patent applications, or other proprietary 374 rights that may cover technology that may be required to implement 375 this standard. Please address the information to the IETF at 376 ietf-ipr@ietf.org.