idnits 2.17.1 draft-ietf-dhc-dhcpv6-opt-netboot-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 19, 2009) is 5241 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'PXE21' ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Downref: Normative reference to an Informational RFC: RFC 4578 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Possible downref: Non-RFC (?) normative reference: ref. 'UEFI23' -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DHC T. Huth 3 Internet-Draft J. Freimann 4 Intended status: Standards Track IBM Germany Research & 5 Expires: June 22, 2010 Development GmbH 6 V. Zimmer 7 Intel 8 D. Thaler 9 Microsoft 10 December 19, 2009 12 DHCPv6 option for network boot 13 draft-ietf-dhc-dhcpv6-opt-netboot-07 15 Abstract 17 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a 18 framework for passing configuration information to nodes on a 19 network. This document describes new options for DHCPv6 which are 20 required for booting a node from the network. 22 Status of this Memo 24 This Internet-Draft is submitted to IETF in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF), its areas, and its working groups. Note that 29 other groups may also distribute working documents as Internet- 30 Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/ietf/1id-abstracts.txt. 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 This Internet-Draft will expire on June 22, 2010. 45 Copyright Notice 47 Copyright (c) 2009 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.1. Boot File Uniform Resource Locator (URL) Option . . . . . 4 66 3.2. Boot File Parameters Option . . . . . . . . . . . . . . . 4 67 3.3. Client System Architecture Type Option . . . . . . . . . . 5 68 3.4. Client Network Interface Identifier Option . . . . . . . . 6 69 4. Appearance of the options . . . . . . . . . . . . . . . . . . 7 70 5. Download protocol considerations . . . . . . . . . . . . . . . 7 71 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 72 7. Security considerations . . . . . . . . . . . . . . . . . . . 8 73 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 79 1. Introduction 81 This draft describes DHCPv6 options that can be used to provide 82 configuration information for a node that must be booted using the 83 network, rather than from local storage. 85 Network booting is used, for example, in some environments where 86 administrators have to maintain a large number of nodes. By serving 87 all boot and configuration files from central server, the effort 88 required to maintain these nodes is greatly reduced. 90 A typical boot file would be, for example, an operating system kernel 91 or a boot loader program. To be able to execute such a file, the 92 firmware (BIOS) running on the client node must perform the following 93 two steps (see Figure 1): First get all information which is required 94 for downloading and executing the boot file. Second, download the 95 boot file and execute it. 97 +------+ 98 _______________________\| DHCP | 99 / 1 Get boot file info /|Server| 100 +------+ +------+ 101 | Host | 102 +------+ +------+ 103 \_______________________\| File | 104 2 Download boot file /|Server| 105 +------+ 107 Figure 1: Network Boot Sequence 109 Information that is required for booting over the network can include 110 information about the server on which the boot files can be found, 111 the protocol to be used for the download (for example HTTP [RFC2616] 112 or TFTP [RFC1350]), the name of the boot file and additional 113 parameters which should be passed to the OS kernel or boot loader 114 program respectively. 116 DHCPv6 allows client nodes to ask a DHCPv6 server for configuration 117 parameters. This document provides new options which a client can 118 request from the DHCPv6 server to satisfy its requirements for 119 booting. 121 2. Conventions 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 125 document are to be interpreted as described in RFC 2119 [RFC2119]. 127 Terminology specific to IPv6 and DHCPv6 are used in the same way as 128 defined in the "Terminology" sections of RFC 3315 [RFC3315]. 130 3. Options 132 Option formats comply with DHCPv6 options per [RFC3315] (section 6). 134 3.1. Boot File Uniform Resource Locator (URL) Option 136 This option consists of an UTF-8 string. It is sent by the server to 137 inform the client about an URL to a boot file. 139 0 1 2 3 140 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 142 | OPT_BOOTFILE_URL | option-len | 143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 | | 145 . boot-file-url (variable length) . 146 | | 147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 Format description: 151 option-code OPT_BOOTFILE_URL (TBD1). 153 option-len Length of the Boot File URL option in octets (not 154 including the size of the option-code and option- 155 len fields). 157 boot-file-url This UTF-8 string is the URL for the boot file, as 158 defined in [RFC3986]. The string is not NUL- 159 terminated. 161 If the URL is expressed using an IPv6 address rather than a domain 162 name, the address in the URL then MUST be enclosed in "[" and "]" 163 characters, conforming to [RFC3986]. Clients that have DNS 164 implementations should support the use of domain names in the URL. 166 3.2. Boot File Parameters Option 168 This option is sent by the server to the client. It consists of 169 multiple UTF-8 strings. They are used to specify parameters for the 170 boot file (similar to the command line arguments in most modern 171 operating systems). For example, these parameters could be used to 172 specify the root file system of the OS kernel, or where a second 173 stage boot loader can download its configuration file from. 175 0 1 2 3 176 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 177 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 | OPT_BOOTFILE_PARAM | option-len | 179 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 | param-len 1 | | 181 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter 1 . 182 . (variable length) | 183 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 . . 185 . . 186 . . 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 | param-len n | | 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter n . 190 . (variable length) | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 Format description: 195 option-code OPT_BOOTFILE_PARAM (TBD2). 197 option-len Length of the Boot File Parameters option in octets 198 (not including the size of the option-code and 199 option-len fields). 201 param-len 1...n This is a 16-bit integer which specifies the length 202 of the following parameter in octets (not including 203 the parameter-length field). 205 parameter 1...n These UTF-8 strings are parameters needed for 206 booting, e.g. kernel parameters. The strings are 207 not NUL-terminated. 209 When the boot firmware executes the boot file which has been 210 specified in the OPT_BOOTFILE_URL option, it MUST pass these 211 parameters in the order that they appear in the OPT_BOOTFILE_PARAM 212 option. 214 3.3. Client System Architecture Type Option 216 This option provides parity with the Client System Architecture Type 217 Option defined for DHCPv4 in [RFC4578] section 2.1. 219 The format of the option is: 221 0 1 2 3 222 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | OPTION_CLIENT_ARCH_TYPE | option-len | 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 . . 227 . Architecture Types (variable length) . 228 . . 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 option-code OPTION_CLIENT_ARCH_TYPE (TBD3). 233 option-len Length of the "processor architecture type" field 234 in octets (not including the option-code and 235 option-len fields). It MUST be an even number 236 greater than zero. See [RFC4578] section 2.1 for 237 details. 239 Architecture Types A list of one or more architecture types, as 240 specified in [RFC4578] section 2.1. Each 241 architecture type identifier in this list is a 242 16-bit value which describes the pre-boot runtime 243 environment of the client machine. A list of 244 valid values is maintained by the IANA (see 245 Section 6). 247 The client can use this option to send a list of supported 248 architecture types to the server, so the server can decide which boot 249 file should be provided to the client. If a clients supports more 250 than one pre-boot environments (for example both, 32-bit and 64-bit 251 executables), the most preferred architecture type MUST be listed as 252 first item, followed by the others with descending priority. 254 The server can use this option to inform the client about the pre- 255 boot environments which are supported by the boot file. The list 256 MUST only contain architecture types which have initially been 257 queried by the client. The items MUST also be listed in order of 258 descending priority. 260 3.4. Client Network Interface Identifier Option 262 The Client Network Interface Identifier option is sent by a DHCP 263 client to a DHCP server to provide information about its level of 264 Universal Network Device Interface (UNDI) support (see also [PXE21] 265 and [UEFI23]). 267 This option provides parity with the Client Network Interface 268 Identifier Option defined for DHCPv4 in [RFC4578] section 2.2. 270 The format of the option is: 272 0 1 2 3 273 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 | OPTION_NII | option-len | 276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 277 | Type | Major | Minor | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 option-code OPTION_NII (TBD4). 282 option-len 3 284 Type As specified in [RFC4578] section 2.2. 286 Major As specified in [RFC4578] section 2.2. 288 Minor As specified in [RFC4578] section 2.2. 290 The list of valid Type, Major and Minor values is maintained in the 291 UEFI specification [UEFI23]. 293 4. Appearance of the options 295 These options MUST NOT appear in DHCPv6 messages other than the types 296 Solicit, Advertise, Request, Renew, Rebind, Information-Request and 297 Reply. 299 The option-codes of these options MAY appear in the Option Request 300 Option in the DHCPv6 message types Solicit, Request, Renew, Rebind, 301 Information-Request and Reconfigure. 303 5. Download protocol considerations 305 The Boot File URL option does not place any constraints on the 306 protocol used for downloading the boot file, other than that it must 307 be possible to specify it in a URL. For the sake of administrative 308 simplicity, we strongly recommend that, at a mininum, implementors of 309 network boot loaders implement the well-known and established 310 hypertext transfer protocol [RFC2616] for downloading. Please note 311 that for IPv6, this supersedes [RFC906] which recommended to use TFTP 312 for downloading (see [RFC3617] for TFTP URL definition). 314 When using iSCSI for booting, the "iscsi:"-URI is formed as defined 315 in [RFC4173]. The functionality attributed in RFC4173 to a root path 316 option is provided for IPv6 by the Boot File URL option instead. 318 6. IANA considerations 320 The following options need to be assigned by the IANA from the option 321 number space defined in the chapter 22 of the DHCPv6 RFC [RFC3315]. 323 +-------------------------+-------+--------------+ 324 | Option name | Value | Specified in | 325 +-------------------------+-------+--------------+ 326 | OPT_BOOTFILE_URL | TBD1 | Section 3.1 | 327 | OPT_BOOTFILE_PARAM | TBD2 | Section 3.2 | 328 | OPTION_CLIENT_ARCH_TYPE | TBD3 | Section 3.3 | 329 | OPTION_NII | TBD4 | Section 3.4 | 330 +-------------------------+-------+--------------+ 332 This document also introduces a new IANA registry for processor 333 architecture types. The name of this registry shall be "Processor 334 Architecture Type". Registry entries consist of a 16-bit integer 335 recorded in decimal format, and a descriptive name. The initial 336 values of this registry can be found in [RFC4578] section 2.1. 338 The assignment policy for values shall be Expert Review (see 339 [RFC5226]), and any requests for values must supply the descriptive 340 name for the processor architecture type. 342 7. Security considerations 344 In untrusted networks, a rogue DHCPv6 server could send the new 345 DHCPv6 options described in this document. The booting clients could 346 then be provided with a wrong URL so that the boot either fails, or 347 even worse, the client boots the wrong operating system which has 348 been provided by a malicious file server. To prevent this kind of 349 attack, clients can use authentication of DHCPv6 messages (see 350 chapter 21. in [RFC3315]). 352 Note also that DHCPv6 messages are sent unencrypted by default. So 353 the boot file URL options are sent unencrypted over the network, too. 354 This can become a security risk since the URLs can contain sensitive 355 information like user names and passwords (for example a URL like 356 "ftp://username:password@servername/path/file"). At the current 357 point in time, there is no possibility to send encrypted DHCPv6 358 messages, so it is strongly recommended not to use sensitive 359 information in the URLs in untrusted networks. 361 Even if the DHCPv6 transaction is secured, this does not protect 362 against attacks on the boot file download channel. Consequently, we 363 recommend that either a protocol like HTTPS (see [RFC2817] and 364 [RFC2818]) be used to prevent spoofing, or that the boot loader 365 implementation implement a mechanism for signing boot images and a 366 configurable signing key in memory, so that if a malicious image is 367 provided, it can be detected and rejected. 369 8. Acknowledgements 371 The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton, 372 Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led 373 to this document. 375 The authors would also like to thank Ketan P. Pancholi, Alfred 376 Hoenes, Gabriel Montenegro and Ted Lemon for corrections and 377 suggestions. 379 9. References 381 9.1. Normative References 383 [PXE21] Johnston, M., "Preboot Execution Environment (PXE) 384 Specification", September 1999, 385 . 387 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 388 Requirement Levels", BCP 14, RFC 2119, March 1997. 390 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 391 and M. Carney, "Dynamic Host Configuration Protocol for 392 IPv6 (DHCPv6)", RFC 3315, July 2003. 394 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 395 Resource Identifier (URI): Generic Syntax", STD 66, 396 RFC 3986, January 2005. 398 [RFC4173] Sarkar, P., Missimer, D., and C. Sapuntzakis, 399 "Bootstrapping Clients using the Internet Small Computer 400 System Interface (iSCSI) Protocol", RFC 4173, 401 September 2005. 403 [RFC4578] Johnston, M. and S. Venaas, "Dynamic Host Configuration 404 Protocol (DHCP) Options for the Intel Preboot eXecution 405 Environment (PXE)", RFC 4578, November 2006. 407 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 408 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 409 May 2008. 411 [UEFI23] UEFI Forum, "Unified Extensible Firmware Interface 412 Specification, Version 2.3", May 2009, 413 . 415 9.2. Informative References 417 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, 418 RFC 1350, July 1992. 420 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 421 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 422 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 424 [RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within 425 HTTP/1.1", RFC 2817, May 2000. 427 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 429 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and 430 Applicability Statement for the Trivial File Transfer 431 Protocol (TFTP)", RFC 3617, October 2003. 433 [RFC906] Finlayson, R., "Bootstrap Loading using TFTP", RFC 906, 434 June 1984. 436 Authors' Addresses 438 Thomas H. Huth 439 IBM Germany Research & Development GmbH 440 Schoenaicher Strasse 220 441 Boeblingen 71032 442 Germany 444 Phone: +49-7031-16-2183 445 Email: thuth@de.ibm.com 446 Jens T. Freimann 447 IBM Germany Research & Development GmbH 448 Schoenaicher Strasse 220 449 Boeblingen 71032 450 Germany 452 Phone: +49-7031-16-1122 453 Email: jfrei@de.ibm.com 455 Vincent Zimmer 456 Intel 457 2800 Center Drive 458 DuPont WA 98327 459 USA 461 Phone: +1 253 371 5667 462 Email: vincent.zimmer@intel.com 464 Dave Thaler 465 Microsoft 466 One Microsoft Way 467 Redmond WA 98052 468 USA 470 Phone: +1 425 703-8835 471 Email: dthaler@microsoft.com