idnits 2.17.1 draft-ietf-dhc-dhcpv6-opt-netboot-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 6, 2010) is 5073 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'PXE21' ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Downref: Normative reference to an Informational RFC: RFC 4578 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Possible downref: Non-RFC (?) normative reference: ref. 'UEFI23' -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DHC T. Huth 3 Internet-Draft J. Freimann 4 Intended status: Standards Track IBM Germany Research & 5 Expires: December 8, 2010 Development GmbH 6 V. Zimmer 7 Intel 8 D. Thaler 9 Microsoft 10 June 6, 2010 12 DHCPv6 option for network boot 13 draft-ietf-dhc-dhcpv6-opt-netboot-09 15 Abstract 17 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a 18 framework for passing configuration information to nodes on a 19 network. This document describes new options for DHCPv6 which SHOULD 20 be used for booting a node from the network. 22 Status of this Memo 24 This Internet-Draft is submitted to IETF in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF), its areas, and its working groups. Note that 29 other groups may also distribute working documents as Internet- 30 Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/ietf/1id-abstracts.txt. 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 This Internet-Draft will expire on December 8, 2010. 45 Copyright Notice 47 Copyright (c) 2010 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.1. Boot File Uniform Resource Locator (URL) Option . . . . . 4 66 3.2. Boot File Parameters Option . . . . . . . . . . . . . . . 5 67 3.3. Client System Architecture Type Option . . . . . . . . . . 6 68 3.4. Client Network Interface Identifier Option . . . . . . . . 7 69 4. Appearance of the options . . . . . . . . . . . . . . . . . . 7 70 5. Download protocol considerations . . . . . . . . . . . . . . . 7 71 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 72 7. Security considerations . . . . . . . . . . . . . . . . . . . 8 73 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 79 1. Introduction 81 This draft describes DHCPv6 options that SHOULD be used to provide 82 configuration information for a node that must be booted using the 83 network, rather than from local storage. 85 Network booting is used, for example, in some environments where 86 administrators have to maintain a large number of nodes. By serving 87 all boot and configuration files from a central server, the effort 88 required to maintain these nodes is greatly reduced. 90 A typical boot file would be, for example, an operating system kernel 91 or a boot loader program. To be able to execute such a file, the 92 firmware running on the client node must perform the following two 93 steps (see Figure 1): First get all information which is required for 94 downloading and executing the boot file. Second, download the boot 95 file and execute it. 97 +------+ 98 _______________________\| DHCP | 99 / 1 Get boot file info /|Server| 100 +------+ +------+ 101 | Host | 102 +------+ +------+ 103 \_______________________\| File | 104 2 Download boot file /|Server| 105 +------+ 107 Figure 1: Network Boot Sequence 109 The information which is required for booting over the network MUST 110 include at least the details about the server on which the boot files 111 can be found, the protocol to be used for the download (for example 112 HTTP [RFC2616] or TFTP [RFC1350]) and the path and name of the boot 113 file on the server. Additionally, the server and client MAY exchange 114 information about the parameters which should be passed to the OS 115 kernel or boot loader program respectively, or information about the 116 supported boot environment. 118 DHCPv6 allows client nodes to ask a DHCPv6 server for configuration 119 parameters. This document provides new options which a client can 120 request from the DHCPv6 server to satisfy its requirements for 121 booting. It also introduces a new IANA registry for processor 122 architecture types which are used by the OPTION_CLIENT_ARCH_TYPE 123 option (see Section 3.3). 125 2. Conventions 127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 129 document are to be interpreted as described in RFC 2119 [RFC2119]. 131 Terminology specific to IPv6 and DHCPv6 are used in the same way as 132 defined in the "Terminology" sections of [RFC3315]. 134 3. Options 136 Option formats comply with DHCPv6 options per [RFC3315] (section 6). 137 The boot-file-url option (see Section 3.1) is mandatory for booting, 138 all other options are optional. 140 3.1. Boot File Uniform Resource Locator (URL) Option 142 The server sends this option to inform the client about an URL to a 143 boot file. 145 0 1 2 3 146 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 148 | OPT_BOOTFILE_URL | option-len | 149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 | | 151 . boot-file-url (variable length) . 152 | | 153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 Format description: 157 option-code OPT_BOOTFILE_URL (TBD1). 159 option-len Length of the boot-file-url in octets. 161 boot-file-url This string is the URL for the boot file. It MUST 162 comply with STD 66 [RFC3986]. The string is not 163 NUL-terminated. 165 If the host in the URL is expressed using an IPv6 address rather than 166 a domain name, the address in the URL then MUST be enclosed in "[" 167 and "]" characters, conforming to [RFC3986]. Clients that have DNS 168 implementations SHOULD support the use of domain names in the URL. 170 3.2. Boot File Parameters Option 172 This option is sent by the server to the client. It consists of 173 multiple UTF-8 ([RFC3629]) strings. They are used to specify 174 parameters for the boot file (similar to the command line arguments 175 in most modern operating systems). For example, these parameters 176 could be used to specify the root file system of the OS kernel, or 177 where a second stage boot loader can download its configuration file 178 from. 180 0 1 2 3 181 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 | OPT_BOOTFILE_PARAM | option-len | 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 | param-len 1 | | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter 1 . 187 . (variable length) | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 . . 190 . . 191 . . 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 | param-len n | | 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter n . 195 . (variable length) | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 Format description: 200 option-code OPT_BOOTFILE_PARAM (TBD2). 202 option-len Length of the Boot File Parameters option in octets 203 (not including the size of the option-code and 204 option-len fields). 206 param-len 1...n This is a 16-bit integer which specifies the length 207 of the following parameter in octets (not including 208 the parameter-length field). 210 parameter 1...n These UTF-8 strings are parameters needed for 211 booting, e.g. kernel parameters. The strings are 212 not NUL-terminated. 214 When the boot firmware executes the boot file which has been 215 specified in the OPT_BOOTFILE_URL option, it MUST pass these 216 parameters, if present, in the order that they appear in the 217 OPT_BOOTFILE_PARAM option. 219 3.3. Client System Architecture Type Option 221 This option provides parity with the Client System Architecture Type 222 Option defined for DHCPv4 in section 2.1 of [RFC4578]. 224 The format of the option is: 226 0 1 2 3 227 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 | OPTION_CLIENT_ARCH_TYPE | option-len | 230 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 . . 232 . architecture-types (variable length) . 233 . . 234 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 option-code OPTION_CLIENT_ARCH_TYPE (TBD3). 238 option-len Length of the "architecture-types" field in 239 octets. It MUST be an even number greater than 240 zero. See section 2.1 of [RFC4578] for details. 242 architecture-types A list of one or more architecture types, as 243 specified in section 2.1 of [RFC4578]. Each 244 architecture type identifier in this list is a 245 16-bit value which describes the pre-boot runtime 246 environment of the client machine. A list of 247 valid values is maintained by the IANA (see 248 Section 6). 250 The client MAY use this option to send a list of supported 251 architecture types to the server, so the server can decide which boot 252 file should be provided to the client. If a client supports more 253 than one pre-boot environment (for example both, 32-bit and 64-bit 254 executables), the most preferred architecture type MUST be listed as 255 first item, followed by the others with descending priority. 257 If the client used this option in the request, the server SHOULD this 258 option to inform the client about the pre-boot environments which are 259 supported by the boot file. The list MUST only contain architecture 260 types which have initially been queried by the client. The items 261 MUST also be listed in order of descending priority. 263 3.4. Client Network Interface Identifier Option 265 If the client supports the Universal Network Device Interface (UNDI) 266 (see [PXE21] and [UEFI23]), it may send the Client Network Interface 267 Identifier option to a DHCP server to provide information about its 268 level of UNDI support. 270 This option provides parity with the Client Network Interface 271 Identifier Option defined for DHCPv4 in section 2.2 of [RFC4578]. 273 The format of the option is: 275 0 1 2 3 276 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 278 | OPTION_NII | option-len | 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 | Type | Major | Minor | 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 option-code OPTION_NII (TBD4). 285 option-len 3 287 Type As specified in section 2.2 of [RFC4578]. 289 Major As specified in section 2.2 of [RFC4578]. 291 Minor As specified in section 2.2 of [RFC4578]. 293 The list of valid Type, Major and Minor values is maintained in the 294 Unified Extensible Firmware Interface specification [UEFI23]. 296 4. Appearance of the options 298 These options MUST NOT appear in DHCPv6 messages other than the types 299 Solicit, Advertise, Request, Renew, Rebind, Information-Request and 300 Reply. 302 The option-codes of these options MAY appear in the Option Request 303 Option in the DHCPv6 message types Solicit, Request, Renew, Rebind, 304 Information-Request and Reconfigure. 306 5. Download protocol considerations 308 The Boot File URL option does not place any constraints on the 309 protocol used for downloading the boot file, other than that it must 310 be possible to specify it in a URL. For the sake of administrative 311 simplicity, we strongly recommend that, at a mininum, implementors of 312 network boot loaders implement the well-known and established 313 hypertext transfer protocol [RFC2616] for downloading. Please note 314 that for IPv6, this supersedes [RFC906] which recommended to use TFTP 315 for downloading (see [RFC3617] for the 'tftp' URL definition). 317 When using iSCSI for booting, the 'iscsi' URI is formed as defined in 318 [RFC4173]. The functionality attributed in RFC4173 to a root path 319 option is provided for IPv6 by the Boot File URL option instead. 321 6. IANA considerations 323 The following options need to be assigned by the IANA from the option 324 number space defined in the chapter 24 of the DHCPv6 RFC [RFC3315]. 326 +-------------------------+-------+--------------+ 327 | Option name | Value | Specified in | 328 +-------------------------+-------+--------------+ 329 | OPT_BOOTFILE_URL | TBD1 | Section 3.1 | 330 | OPT_BOOTFILE_PARAM | TBD2 | Section 3.2 | 331 | OPTION_CLIENT_ARCH_TYPE | TBD3 | Section 3.3 | 332 | OPTION_NII | TBD4 | Section 3.4 | 333 +-------------------------+-------+--------------+ 335 This document also introduces a new IANA registry for processor 336 architecture types. The name of this registry shall be "Processor 337 Architecture Type". Registry entries consist of a 16-bit integer 338 recorded in decimal format, and a descriptive name. The initial 339 values of this registry can be found in [RFC4578] section 2.1. 341 The assignment policy for values shall be Expert Review (see 342 [RFC5226]), and any requests for values must supply the descriptive 343 name for the processor architecture type. 345 7. Security considerations 347 In untrusted networks, a rogue DHCPv6 server could send the new 348 DHCPv6 options described in this document. The booting clients could 349 then be provided with a wrong URL so that the boot either fails, or 350 even worse, the client boots the wrong operating system which has 351 been provided by a malicious file server. To prevent this kind of 352 attack, clients SHOULD use authentication of DHCPv6 messages (see 353 chapter 21. in [RFC3315]). 355 Note also that DHCPv6 messages are sent unencrypted by default. So 356 the boot file URL options are sent unencrypted over the network, too. 357 This can become a security risk since the URLs can contain sensitive 358 information like user names and passwords (for example a URL like 359 "ftp://username:password@servername/path/file"). At the current 360 point in time, there is no possibility to send encrypted DHCPv6 361 messages, so it is strongly RECOMMENDED not to use sensitive 362 information in the URLs in untrusted networks (using passwords in 363 URLs is deprecated anyway according to [RFC3986]). 365 Even if the DHCPv6 transaction is secured, this does not protect 366 against attacks on the boot file download channel. Consequently, we 367 recommend that either protocols like HTTPS [RFC2818] or TLS within 368 HTTP [RFC2817] are used to prevent spoofing, or that the boot loader 369 software implements a mechanism for signing boot images and a 370 configurable signing key in memory, so that if a malicious image is 371 provided, it can be detected and rejected. 373 8. Acknowledgements 375 The authors would like to thank Ruth Li, Dong Wei, Kathryn Hampton, 376 Phil Dorah, Richard Chan, and Fiona Jensen for discussions that led 377 to this document. 379 The authors would also like to thank Ketan P. Pancholi, Alfred 380 Hoenes, Gabriel Montenegro and Ted Lemon for corrections and 381 suggestions. 383 9. References 385 9.1. Normative References 387 [PXE21] Johnston, M., "Preboot Execution Environment (PXE) 388 Specification", September 1999, 389 . 391 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 392 Requirement Levels", BCP 14, RFC 2119, March 1997. 394 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 395 and M. Carney, "Dynamic Host Configuration Protocol for 396 IPv6 (DHCPv6)", RFC 3315, July 2003. 398 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 399 10646", STD 63, RFC 3629, November 2003. 401 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 402 Resource Identifier (URI): Generic Syntax", STD 66, 403 RFC 3986, January 2005. 405 [RFC4173] Sarkar, P., Missimer, D., and C. Sapuntzakis, 406 "Bootstrapping Clients using the Internet Small Computer 407 System Interface (iSCSI) Protocol", RFC 4173, 408 September 2005. 410 [RFC4578] Johnston, M. and S. Venaas, "Dynamic Host Configuration 411 Protocol (DHCP) Options for the Intel Preboot eXecution 412 Environment (PXE)", RFC 4578, November 2006. 414 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 415 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 416 May 2008. 418 [UEFI23] UEFI Forum, "Unified Extensible Firmware Interface 419 Specification, Version 2.3", May 2009, 420 . 422 9.2. Informative References 424 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, 425 RFC 1350, July 1992. 427 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 428 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 429 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 431 [RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within 432 HTTP/1.1", RFC 2817, May 2000. 434 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 436 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and 437 Applicability Statement for the Trivial File Transfer 438 Protocol (TFTP)", RFC 3617, October 2003. 440 [RFC906] Finlayson, R., "Bootstrap Loading using TFTP", RFC 906, 441 June 1984. 443 Authors' Addresses 445 Thomas H. Huth 446 IBM Germany Research & Development GmbH 447 Schoenaicher Strasse 220 448 Boeblingen 71032 449 Germany 451 Phone: +49-7031-16-2183 452 Email: thuth@de.ibm.com 454 Jens T. Freimann 455 IBM Germany Research & Development GmbH 456 Schoenaicher Strasse 220 457 Boeblingen 71032 458 Germany 460 Phone: +49-7031-16-1122 461 Email: jfrei@de.ibm.com 463 Vincent Zimmer 464 Intel 465 2800 Center Drive 466 DuPont WA 98327 467 USA 469 Phone: +1 253 371 5667 470 Email: vincent.zimmer@intel.com 472 Dave Thaler 473 Microsoft 474 One Microsoft Way 475 Redmond WA 98052 476 USA 478 Phone: +1 425 703-8835 479 Email: dthaler@microsoft.com