idnits 2.17.1 draft-ietf-dhc-dhcpv6-opt-netboot-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 4, 2010) is 5225 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'PXE21' ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Downref: Normative reference to an Informational RFC: RFC 4578 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Possible downref: Non-RFC (?) normative reference: ref. 'UEFI23' -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DHC T. Huth 3 Internet-Draft J. Freimann 4 Intended status: Standards Track IBM Germany Research & 5 Expires: July 8, 2010 Development GmbH 6 V. Zimmer 7 Intel 8 D. Thaler 9 Microsoft 10 January 4, 2010 12 DHCPv6 option for network boot 13 draft-ietf-dhc-dhcpv6-opt-netboot-08 15 Abstract 17 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a 18 framework for passing configuration information to nodes on a 19 network. This document describes new options for DHCPv6 which are 20 required for booting a node from the network. 22 Status of this Memo 24 This Internet-Draft is submitted to IETF in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF), its areas, and its working groups. Note that 29 other groups may also distribute working documents as Internet- 30 Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/ietf/1id-abstracts.txt. 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 This Internet-Draft will expire on July 8, 2010. 45 Copyright Notice 47 Copyright (c) 2010 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.1. Boot File Uniform Resource Locator (URL) Option . . . . . 4 66 3.2. Boot File Parameters Option . . . . . . . . . . . . . . . 4 67 3.3. Client System Architecture Type Option . . . . . . . . . . 5 68 3.4. Client Network Interface Identifier Option . . . . . . . . 6 69 4. Appearance of the options . . . . . . . . . . . . . . . . . . 7 70 5. Download protocol considerations . . . . . . . . . . . . . . . 7 71 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 72 7. Security considerations . . . . . . . . . . . . . . . . . . . 8 73 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 79 1. Introduction 81 This draft describes DHCPv6 options that can be used to provide 82 configuration information for a node that must be booted using the 83 network, rather than from local storage. 85 Network booting is used, for example, in some environments where 86 administrators have to maintain a large number of nodes. By serving 87 all boot and configuration files from a central server, the effort 88 required to maintain these nodes is greatly reduced. 90 A typical boot file would be, for example, an operating system kernel 91 or a boot loader program. To be able to execute such a file, the 92 firmware (BIOS) running on the client node must perform the following 93 two steps (see Figure 1): First get all information which is required 94 for downloading and executing the boot file. Second, download the 95 boot file and execute it. 97 +------+ 98 _______________________\| DHCP | 99 / 1 Get boot file info /|Server| 100 +------+ +------+ 101 | Host | 102 +------+ +------+ 103 \_______________________\| File | 104 2 Download boot file /|Server| 105 +------+ 107 Figure 1: Network Boot Sequence 109 Information that is required for booting over the network can include 110 information about the server on which the boot files can be found, 111 the protocol to be used for the download (for example HTTP [RFC2616] 112 or TFTP [RFC1350]), the name of the boot file and additional 113 parameters which should be passed to the OS kernel or boot loader 114 program respectively. 116 DHCPv6 allows client nodes to ask a DHCPv6 server for configuration 117 parameters. This document provides new options which a client can 118 request from the DHCPv6 server to satisfy its requirements for 119 booting. 121 2. Conventions 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 125 document are to be interpreted as described in RFC 2119 [RFC2119]. 127 Terminology specific to IPv6 and DHCPv6 are used in the same way as 128 defined in the "Terminology" sections of RFC 3315 [RFC3315]. 130 3. Options 132 Option formats comply with DHCPv6 options per [RFC3315] (section 6). 134 3.1. Boot File Uniform Resource Locator (URL) Option 136 The server sends this option to inform the client about an URL to a 137 boot file. 139 0 1 2 3 140 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 142 | OPT_BOOTFILE_URL | option-len | 143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 | | 145 . boot-file-url (variable length) . 146 | | 147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 Format description: 151 option-code OPT_BOOTFILE_URL (TBD1). 153 option-len Length of the boot-file-url in octets. 155 boot-file-url This string is the URL for the boot file. It MUST 156 comply with STD 66 [RFC3986]. The string is not 157 NUL-terminated. 159 If the URL is expressed using an IPv6 address rather than a domain 160 name, the address in the URL then MUST be enclosed in "[" and "]" 161 characters, conforming to [RFC3986]. Clients that have DNS 162 implementations should support the use of domain names in the URL. 164 3.2. Boot File Parameters Option 166 This option is sent by the server to the client. It consists of 167 multiple UTF-8 strings. They are used to specify parameters for the 168 boot file (similar to the command line arguments in most modern 169 operating systems). For example, these parameters could be used to 170 specify the root file system of the OS kernel, or where a second 171 stage boot loader can download its configuration file from. 173 0 1 2 3 174 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 175 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 | OPT_BOOTFILE_PARAM | option-len | 177 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 | param-len 1 | | 179 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter 1 . 180 . (variable length) | 181 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 . . 183 . . 184 . . 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 | param-len n | | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter n . 188 . (variable length) | 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 Format description: 193 option-code OPT_BOOTFILE_PARAM (TBD2). 195 option-len Length of the Boot File Parameters option in octets 196 (not including the size of the option-code and 197 option-len fields). 199 param-len 1...n This is a 16-bit integer which specifies the length 200 of the following parameter in octets (not including 201 the parameter-length field). 203 parameter 1...n These UTF-8 strings are parameters needed for 204 booting, e.g. kernel parameters. The strings are 205 not NUL-terminated. 207 When the boot firmware executes the boot file which has been 208 specified in the OPT_BOOTFILE_URL option, it MUST pass these 209 parameters in the order that they appear in the OPT_BOOTFILE_PARAM 210 option. 212 3.3. Client System Architecture Type Option 214 This option provides parity with the Client System Architecture Type 215 Option defined for DHCPv4 in section 2.1 of [RFC4578]. 217 The format of the option is: 219 0 1 2 3 220 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | OPTION_CLIENT_ARCH_TYPE | option-len | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 . . 225 . architecture-types (variable length) . 226 . . 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 option-code OPTION_CLIENT_ARCH_TYPE (TBD3). 231 option-len Length of the "architecture-types" field in 232 octets. It MUST be an even number greater than 233 zero. See section 2.1 of [RFC4578] for details. 235 architecture-types A list of one or more architecture types, as 236 specified in section 2.1 of [RFC4578]. Each 237 architecture type identifier in this list is a 238 16-bit value which describes the pre-boot runtime 239 environment of the client machine. A list of 240 valid values is maintained by the IANA (see 241 Section 6). 243 The client can use this option to send a list of supported 244 architecture types to the server, so the server can decide which boot 245 file should be provided to the client. If a client supports more 246 than one pre-boot environment (for example both, 32-bit and 64-bit 247 executables), the most preferred architecture type MUST be listed as 248 first item, followed by the others with descending priority. 250 The server can use this option to inform the client about the pre- 251 boot environments which are supported by the boot file. The list 252 MUST only contain architecture types which have initially been 253 queried by the client. The items MUST also be listed in order of 254 descending priority. 256 3.4. Client Network Interface Identifier Option 258 If the client supports the Universal Network Device Interface (UNDI) 259 (see [PXE21] and [UEFI23]), it may send the Client Network Interface 260 Identifier option to a DHCP server to provide information about its 261 level of UNDI support. 263 This option provides parity with the Client Network Interface 264 Identifier Option defined for DHCPv4 in section 2.2 of [RFC4578]. 266 The format of the option is: 268 0 1 2 3 269 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 270 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 271 | OPTION_NII | option-len | 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 | Type | Major | Minor | 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 276 option-code OPTION_NII (TBD4). 278 option-len 3 280 Type As specified in section 2.2 of [RFC4578]. 282 Major As specified in section 2.2 of [RFC4578]. 284 Minor As specified in section 2.2 of [RFC4578]. 286 The list of valid Type, Major and Minor values is maintained in the 287 Unified Extensible Firmware Interface specification [UEFI23]. 289 4. Appearance of the options 291 These options MUST NOT appear in DHCPv6 messages other than the types 292 Solicit, Advertise, Request, Renew, Rebind, Information-Request and 293 Reply. 295 The option-codes of these options MAY appear in the Option Request 296 Option in the DHCPv6 message types Solicit, Request, Renew, Rebind, 297 Information-Request and Reconfigure. 299 5. Download protocol considerations 301 The Boot File URL option does not place any constraints on the 302 protocol used for downloading the boot file, other than that it must 303 be possible to specify it in a URL. For the sake of administrative 304 simplicity, we strongly recommend that, at a mininum, implementors of 305 network boot loaders implement the well-known and established 306 hypertext transfer protocol [RFC2616] for downloading. Please note 307 that for IPv6, this supersedes [RFC906] which recommended to use TFTP 308 for downloading (see [RFC3617] for the 'tftp' URL definition). 310 When using iSCSI for booting, the 'iscsi' URI is formed as defined in 311 [RFC4173]. The functionality attributed in RFC4173 to a root path 312 option is provided for IPv6 by the Boot File URL option instead. 314 6. IANA considerations 316 The following options need to be assigned by the IANA from the option 317 number space defined in the chapter 22 of the DHCPv6 RFC [RFC3315]. 319 +-------------------------+-------+--------------+ 320 | Option name | Value | Specified in | 321 +-------------------------+-------+--------------+ 322 | OPT_BOOTFILE_URL | TBD1 | Section 3.1 | 323 | OPT_BOOTFILE_PARAM | TBD2 | Section 3.2 | 324 | OPTION_CLIENT_ARCH_TYPE | TBD3 | Section 3.3 | 325 | OPTION_NII | TBD4 | Section 3.4 | 326 +-------------------------+-------+--------------+ 328 This document also introduces a new IANA registry for processor 329 architecture types. The name of this registry shall be "Processor 330 Architecture Type". Registry entries consist of a 16-bit integer 331 recorded in decimal format, and a descriptive name. The initial 332 values of this registry can be found in [RFC4578] section 2.1. 334 The assignment policy for values shall be Expert Review (see 335 [RFC5226]), and any requests for values must supply the descriptive 336 name for the processor architecture type. 338 7. Security considerations 340 In untrusted networks, a rogue DHCPv6 server could send the new 341 DHCPv6 options described in this document. The booting clients could 342 then be provided with a wrong URL so that the boot either fails, or 343 even worse, the client boots the wrong operating system which has 344 been provided by a malicious file server. To prevent this kind of 345 attack, clients can use authentication of DHCPv6 messages (see 346 chapter 21. in [RFC3315]). 348 Note also that DHCPv6 messages are sent unencrypted by default. So 349 the boot file URL options are sent unencrypted over the network, too. 350 This can become a security risk since the URLs can contain sensitive 351 information like user names and passwords (for example a URL like 352 "ftp://username:password@servername/path/file"). At the current 353 point in time, there is no possibility to send encrypted DHCPv6 354 messages, so it is strongly recommended not to use sensitive 355 information in the URLs in untrusted networks. 357 Even if the DHCPv6 transaction is secured, this does not protect 358 against attacks on the boot file download channel. Consequently, we 359 recommend that either a protocol like HTTPS (see [RFC2817] and 360 [RFC2818]) be used to prevent spoofing, or that the boot loader 361 implementation implement a mechanism for signing boot images and a 362 configurable signing key in memory, so that if a malicious image is 363 provided, it can be detected and rejected. 365 8. Acknowledgements 367 The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton, 368 Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led 369 to this document. 371 The authors would also like to thank Ketan P. Pancholi, Alfred 372 Hoenes, Gabriel Montenegro and Ted Lemon for corrections and 373 suggestions. 375 9. References 377 9.1. Normative References 379 [PXE21] Johnston, M., "Preboot Execution Environment (PXE) 380 Specification", September 1999, 381 . 383 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 384 Requirement Levels", BCP 14, RFC 2119, March 1997. 386 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 387 and M. Carney, "Dynamic Host Configuration Protocol for 388 IPv6 (DHCPv6)", RFC 3315, July 2003. 390 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 391 Resource Identifier (URI): Generic Syntax", STD 66, 392 RFC 3986, January 2005. 394 [RFC4173] Sarkar, P., Missimer, D., and C. Sapuntzakis, 395 "Bootstrapping Clients using the Internet Small Computer 396 System Interface (iSCSI) Protocol", RFC 4173, 397 September 2005. 399 [RFC4578] Johnston, M. and S. Venaas, "Dynamic Host Configuration 400 Protocol (DHCP) Options for the Intel Preboot eXecution 401 Environment (PXE)", RFC 4578, November 2006. 403 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 404 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 405 May 2008. 407 [UEFI23] UEFI Forum, "Unified Extensible Firmware Interface 408 Specification, Version 2.3", May 2009, 409 . 411 9.2. Informative References 413 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, 414 RFC 1350, July 1992. 416 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 417 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 418 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 420 [RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within 421 HTTP/1.1", RFC 2817, May 2000. 423 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 425 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and 426 Applicability Statement for the Trivial File Transfer 427 Protocol (TFTP)", RFC 3617, October 2003. 429 [RFC906] Finlayson, R., "Bootstrap Loading using TFTP", RFC 906, 430 June 1984. 432 Authors' Addresses 434 Thomas H. Huth 435 IBM Germany Research & Development GmbH 436 Schoenaicher Strasse 220 437 Boeblingen 71032 438 Germany 440 Phone: +49-7031-16-2183 441 Email: thuth@de.ibm.com 443 Jens T. Freimann 444 IBM Germany Research & Development GmbH 445 Schoenaicher Strasse 220 446 Boeblingen 71032 447 Germany 449 Phone: +49-7031-16-1122 450 Email: jfrei@de.ibm.com 451 Vincent Zimmer 452 Intel 453 2800 Center Drive 454 DuPont WA 98327 455 USA 457 Phone: +1 253 371 5667 458 Email: vincent.zimmer@intel.com 460 Dave Thaler 461 Microsoft 462 One Microsoft Way 463 Redmond WA 98052 464 USA 466 Phone: +1 425 703-8835 467 Email: dthaler@microsoft.com