idnits 2.17.1 draft-ietf-dhc-dhcpv6-opt-netboot-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? -- It seems you're using the 'non-IETF stream' Licence Notice instead Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 4, 2009) is 5558 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'PXE21' ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Downref: Normative reference to an Informational RFC: RFC 3617 ** Downref: Normative reference to an Informational RFC: RFC 4578 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Possible downref: Non-RFC (?) normative reference: ref. 'UEFI22' -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DHC T. Huth 3 Internet-Draft J. Freimann 4 Intended status: Standards Track IBM Germany Research & 5 Expires: August 8, 2009 Development GmbH 6 V. Zimmer 7 Intel 8 D. Thaler 9 Microsoft 10 February 4, 2009 12 DHCPv6 option for network boot 13 draft-ietf-dhc-dhcpv6-opt-netboot-03 15 Status of this Memo 17 This Internet-Draft is submitted to IETF in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on August 8, 2009. 38 Copyright Notice 40 Copyright (c) 2009 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. 50 Abstract 52 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a 53 framework for passing configuration information to nodes on a 54 network. This document describes new options for DHCPv6 which are 55 required for booting a node from the network. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 3. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 3.1. Boot File Uniform Resource Locator (URL) Option . . . . . 4 63 3.2. Boot File Parameters Option . . . . . . . . . . . . . . . 5 64 3.3. Client System Architecture Type Option . . . . . . . . . . 6 65 3.4. Client Network Interface Identifier Option . . . . . . . . 6 66 4. Appearance of the options . . . . . . . . . . . . . . . . . . 7 67 5. Boot protocol considerations . . . . . . . . . . . . . . . . . 7 68 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 69 7. Security considerations . . . . . . . . . . . . . . . . . . . 9 70 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 72 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 73 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 76 1. Introduction 78 Network booting means that a node which should be booted fetches the 79 files required for booting via its network device from a server. 80 Network booting is, for example, very useful in environments where 81 the administrators have to maintain a large number of nodes. Since 82 all boot and configuration files are stored on a central server, the 83 maintenance of all nodes can be kept simple this way. 85 A typical boot file would be, for example, an operating system kernel 86 or a boot loader program. To be able to execute such a file, the 87 firmware (BIOS) running on the client node must perform the following 88 two steps (see Figure 1): First get all information which are 89 required for downloading and executing the boot file such as: the 90 server on which the boot files can be found, the protocol to be used 91 for the download (for example TFTP [RFC1350]), the name of the boot 92 file and additional parameters which should be passed to the OS 93 kernel or boot loader program respectively. As second step, download 94 the boot file from the file server and execute it. 96 +------+ 97 _______________________\| DHCP | 98 / 1 Get boot file info /|Server| 99 +------+ +------+ 100 | Host | 101 +------+ +------+ 102 \_______________________\| File | 103 2 Download boot file /|Server| 104 +------+ 106 Figure 1: Network Boot Sequence 108 DHCPv6 allows client nodes to ask a DHCPv6 server for configuration 109 parameters. Contrary to its IPv4 predecessor, DHCPv6 does not yet 110 define a way to query network boot options such as the IPv6 address 111 of a boot file server and boot file names. Therefore this document 112 defines new DHCPv6 options which are required for network booting 113 clients. 115 2. Conventions 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in RFC 2119 [RFC2119]. 121 Terminology specific to IPv6 and DHCPv6 are used in the same way as 122 defined in the "Terminology" sections of RFC 3315 [RFC3315]. 124 3. Options 126 3.1. Boot File Uniform Resource Locator (URL) Option 128 This option consists of an ASCII string. It is used to convey an URL 129 to a boot file. 131 0 1 2 3 132 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 134 | OPT_BOOTFILE_URL | option-len | 135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 136 . . 137 . bootfile-url (variable length) . 138 . . 139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 Format description: 143 option-code OPT_BOOTFILE_URL (TBD1). 145 option-len Length of the bootfile URL option in octets (not 146 including the size of the option-code and option- 147 len fields). 149 bootfile-url This ASCII string is the URL (conforming to 150 [RFC3986]) for a boot file. This string starts 151 with the protocol which is used for downloading. 152 Separated by "://", the hostname or IPv6 address of 153 the server hosting the boot file follows, and then 154 the path, file name and query parts of the URL. 155 The string is not null-terminated. 157 Note about the bootfile-url: This string can either contain a 158 hostname or a literal IPv6 address to specify the server where the 159 boot file should be downloaded from. All clients which implement the 160 OPT_BOOTFILE_URL option MUST be able to handle IPv6 addresses here 161 and SHOULD also be able to handle a hostname in the URL. The IPv6 162 address in the URL then MUST be enclosed in "[" and "]" characters, 163 conforming to [RFC3986]. Clients SHOULD also be able to handle 164 hostnames in the URLs. However, in this case the firmware 165 implementation on the client machine must support DNS, too. Due to 166 size limitations, this might not be possible in all firmware 167 implementations, so support for hostnames in the URLs is only 168 optional. 170 Multiple occurrences of OPT_BOOTFILE_URL can be present in a single 171 DHCP message. Clients MUST process them in the order in which they 172 appear within the message. The client starts with the first file 173 that should be downloaded and executed. In case of a failure the 174 process should continue with the second one and so on. 176 3.2. Boot File Parameters Option 178 This option consists of multiple ASCII strings. They are used to 179 specify parameters for the boot file (e.g. parameters for the kernel 180 or boot loader program). 182 0 1 2 3 183 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 | OPT_BOOTFILE_PARAM | option-len | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 | param-len 1 | parameter 1 | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (variable length) . 189 . | 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 . . 192 . . 193 . . 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 | param-len n | parameter n | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (variable length) . 197 . | 198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 Format description: 202 option-code OPT_BOOTFILE_PARAM (TBD2). 204 option-len Length of the bootfile parameters option in octets 205 (not including the size of the option-code and 206 option-len fields). 208 param-len 1...n This is a 16-bit integer which specifies the length 209 of the following parameter in octets (not including 210 the parameter-length field). 212 parameters 1...n These ASCII strings are parameters needed for 213 booting, e.g. kernel parameters. The strings are 214 not null-terminated. 216 The firmware MUST pass these parameters in the order they appear in 217 the OPT_BOOTFILE_PARAM option to the boot file which has been 218 specified in the OPT_BOOTFILE_URL option. 220 3.3. Client System Architecture Type Option 222 This option provides parity with the Client System Architecture Type 223 Option defined for DHCPv4 in [RFC4578] section 2.1. 225 The format of the option is: 227 0 1 2 3 228 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 | OPTION_CLIENT_ARCH_TYPE | option-len | 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 . . 233 . Processor Architecture Type (variable length) . 234 . . 235 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 option-code OPTION_CLIENT_ARCH_TYPE (TBD3). 239 option-len See below. FIXME 241 Processor Architecture Type A list of one or more architecture 242 types, as specified in [RFC4578] section 2.1. 244 3.4. Client Network Interface Identifier Option 246 The Client Network Interface Identifier option is sent by a DHCP 247 client to a DHCP server to provide information about its level of 248 Universal Network Device Interface (UNDI) support (see also [PXE21] 249 and [UEFI22]). 251 This option provides parity with the Client Network Interface 252 Identifier Option defined for DHCPv4 in [RFC4578] section 2.2. 254 The format of the option is: 256 0 1 2 3 257 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 259 | OPTION_NII | option-len | 260 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 261 | Type | Major | Minor | 262 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 264 option-code OPTION_NII (TBD4). 266 option-len 3 268 Type As specified in [RFC4578] section 2.2. 270 Major As specified in [RFC4578] section 2.2. 272 Minor As specified in [RFC4578] section 2.2. 274 4. Appearance of the options 276 These options MUST NOT appear in DHCPv6 messages other than the types 277 Solicit, Advertise, Request, Renew, Rebind, Information-Request and 278 Reply. 280 The option-codes of these options MAY appear in the Option Request 281 Option in the DHCPv6 message types Solicit, Request, Renew, Rebind, 282 Information-Request and Reconfigure. 284 5. Boot protocol considerations 286 RFC 906 [RFC906] suggests to use TFTP for bootstrap loading. Since 287 TFTP is based on UDP, it has the advantage that it can also be used 288 in firmware implementations which have to deal with size and 289 complexity constraints and thus can not include a full-blown TCP/IP 290 stack. It can also be used in multicast mode (see [RFC2090]) which 291 is useful when a lot of nodes boot the same boot file at the same 292 time. So if TFTP should be used as boot protocol, the boot file URLs 293 then must be specified according to RFC 3617 [RFC3617]. 295 However, TFTP also has some severe limitations, for example 296 performance limitations due to acknowledging each packet and size 297 limitations due to using only 16-bit packet counters. So this 298 specification suggests to use now the well-known and established 299 hypertext transfer protocol (HTTP, see [RFC2616]) as default for 300 network booting instead. 302 An alternative approach to network booting is to bootstrap the system 303 with iSCSI. In this case, the URL in the OPT_BOOTFILE_URL option 304 MUST be specified according to the "iscsi:" string definition in 305 chapter 5 of [RFC4173]. Note that [RFC4173] also suggests that the 306 "iscsi:" string should be specified in the so-called "Root Path" 307 option. However, this option does not exist for DHCPv6 yet, and with 308 the OPT_BOOTFILE_URL it is also not necessary anymore. So for IPv6 309 iSCSI booting, the "iscsi:" string MUST be specified as URL in the 310 OPT_BOOTFILE_URL option instead. 312 If multiple interfaces are available for booting, it might be a good 313 strategy to send out requests out on each interface in parallel to 314 speed up the discovery. However how to handle multiple replies, i.e. 315 replies from more than one DHCP server is not a problem that can be 316 easily solved on the protocol level. It is up to the implementors to 317 provide users with a possibility to either choose a network interface 318 to boot from, or to assign a preference to interfaces or even known 319 DHCP servers. 321 6. IANA considerations 323 The following options needs to be assigned by the IANA from the 324 option number space defined in the chapter 22 of the DHCPv6 RFC 325 [RFC3315]. 327 +-------------------------+-------+--------------+ 328 | Option name | Value | Specified in | 329 +-------------------------+-------+--------------+ 330 | OPT_BOOTFILE_URL | TBD1 | Section 3.1 | 331 | OPT_BOOTFILE_PARAM | TBD2 | Section 3.2 | 332 | OPTION_CLIENT_ARCH_TYPE | TBD3 | Section 3.3 | 333 | OPTION_NII | TBD4 | Section 3.4 | 334 +-------------------------+-------+--------------+ 336 This document also introduces a new IANA registry for processor 337 architecture types. The name of this registry shall be "Processor 338 Architecture Type". Registry entries consist of a 16-bit integer 339 recorded in decimal format, and a descriptive name. The initial 340 values of this registry can be found in [RFC4578] section 2.1. 342 The assignment policy for values shall be Expert Review (see 343 [RFC5226]), and any requests for values must supply the descriptive 344 name for the processor architecture type. 346 7. Security considerations 348 The new DHCPv6 option described in this document could be sent in 349 untrusted networks by malicious people with a fake DHCPv6 server to 350 confuse the booting clients. The clients could be provided with a 351 wrong URL so that the boot either fails, or even worse, the client 352 boots the wrong operating system which has been provided by a 353 malicious file server. To prevent this kind of attack, clients 354 SHOULD use authentication of DHCPv6 messages (see chapter 21. in 355 [RFC3315]). 357 Note also that DHCPv6 messages are sent unencrypted by default. So 358 the boot file URL options are sent unencrypted over the network, too. 359 This can become a security risk since the URLs can contain sensitive 360 information like user names and passwords (for example a URL like 361 "ftp://username:password@servername/path/file"). At the current 362 point in time, there is no possibility to send encrypted DHCPv6 363 messages, so it is strongly recommended not to use sensitive 364 information in the URLs in untrusted networks. 366 8. Acknowledgements 368 The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton, 369 Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led 370 to this document. 372 The authors would also like to thank Ketan P. Pancholi and Alfred 373 Hoenes for corrections and suggestions. 375 9. References 377 9.1. Normative References 379 [PXE21] Johnston, M., "Preboot Execution Environment (PXE) 380 Specification", September 1999, 381 . 383 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 384 Requirement Levels", BCP 14, RFC 2119, March 1997. 386 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 387 and M. Carney, "Dynamic Host Configuration Protocol for 388 IPv6 (DHCPv6)", RFC 3315, July 2003. 390 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and 391 Applicability Statement for the Trivial File Transfer 392 Protocol (TFTP)", RFC 3617, October 2003. 394 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 395 Resource Identifier (URI): Generic Syntax", STD 66, 396 RFC 3986, January 2005. 398 [RFC4173] Sarkar, P., Missimer, D., and C. Sapuntzakis, 399 "Bootstrapping Clients using the Internet Small Computer 400 System Interface (iSCSI) Protocol", RFC 4173, 401 September 2005. 403 [RFC4578] Johnston, M. and S. Venaas, "Dynamic Host Configuration 404 Protocol (DHCP) Options for the Intel Preboot eXecution 405 Environment (PXE)", RFC 4578, November 2006. 407 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 408 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 409 May 2008. 411 [UEFI22] UEFI Forum, "Unified Extensible Firmware Interface 412 Specification, Version 2.2", September 2008, 413 . 415 9.2. Informative References 417 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, 418 RFC 1350, July 1992. 420 [RFC2090] Emberson, A., "TFTP Multicast Option", RFC 2090, 421 February 1997. 423 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 424 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 425 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 427 [RFC906] Finlayson, R., "Bootstrap Loading using TFTP", RFC 906, 428 June 1984. 430 Authors' Addresses 432 Thomas H. Huth 433 IBM Germany Research & Development GmbH 434 Schoenaicher Strasse 220 435 Boeblingen 71032 436 Germany 438 Phone: +49-7031-16-2183 439 Email: thuth@de.ibm.com 441 Jens T. Freimann 442 IBM Germany Research & Development GmbH 443 Schoenaicher Strasse 220 444 Boeblingen 71032 445 Germany 447 Phone: +49-7031-16-1122 448 Email: jfrei@de.ibm.com 450 Vincent Zimmer 451 Intel 452 2800 Center Drive 453 DuPont WA 98327 454 USA 456 Phone: +1 253 371 5667 457 Email: vincent.zimmer@intel.com 459 Dave Thaler 460 Microsoft 461 One Microsoft Way 462 Redmond WA 98052 463 USA 465 Phone: +1 425 703-8835 466 Email: dthaler@microsoft.com