idnits 2.17.1 draft-ietf-dhc-relay-port-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 28, 2017) is 2613 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Networking Working Group N. Shen 3 Internet-Draft E. Chen 4 Intended status: Standards Track Cisco Systems 5 Expires: September 1, 2017 February 28, 2017 7 Generalized UDP Source Port for DHCP Relay 8 draft-ietf-dhc-relay-port-02 10 Abstract 12 This document proposes an extension to the DHCP and DHCPv6 protocols 13 that allows any valid number to be used as the relay agent UDP source 14 port for DHCP packets. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 1, 2017. 33 Copyright Notice 35 Copyright (c) 2017 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 52 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 3. Changes to DHCP and DHCPv6 Specifications . . . . . . . . . . 3 54 3.1. Changes to DHCP in RFC 2131 . . . . . . . . . . . . . . . 3 55 3.2. Changes to DHCPv6 in RFC 3315 . . . . . . . . . . . . . . 4 56 4. Relay Source Port Sub-option and Option . . . . . . . . . . . 4 57 4.1. Source Port Sub-option for DHCPv4 . . . . . . . . . . . . 4 58 4.2. Relay Source Port Option for DHCPv6 . . . . . . . . . . . 5 59 5. A DHCPv6 Cascaded Relay Example . . . . . . . . . . . . . . . 6 60 6. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 7 61 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 62 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 63 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 64 10. Document Change Log . . . . . . . . . . . . . . . . . . . . . 8 65 10.1. Changes to draft-ietf-dhc-relay-port-02 . . . . . . . . 8 66 10.2. Changes to draft-ietf-dhc-relay-port-01 . . . . . . . . 9 67 10.3. Changes to draft-ietf-dhc-relay-port-00 . . . . . . . . 9 68 11. Normative References . . . . . . . . . . . . . . . . . . . . 9 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 71 1. Introduction 73 RFC 2131 [RFC2131] and RFC 3315 [RFC3315] specify the use of UDP as 74 the transport protocol for DHCP and DHCPv6. They also define both 75 the server side and client side port numbers. The DHCP server port 76 is UDP number (67) and the client port is UDP number (68); for DHCPv6 77 the server port is (546) and the client port is (547). 79 This fixed UDP port of DHCP protocol scheme creates challenges in 80 certain DHCP relay operations. For instance, in a large scale DHCP 81 relay implementation on a single switch node, the DHCP relay 82 functionality may be partitioned among multiple relay processes. All 83 these DHCP relay processes may share the same IP address of the 84 switch node. If the UDP source port has to be a fixed number as 85 currently specified, the transport socket operation of DHCP packets 86 would need to go through a central entity or process which would 87 defeat the purpose of distributing DHCP relay functionality. 89 In some large-scale deployment, the decision to split the DHCP 90 functionality into multiple processes on a node may not be purely 91 based on DHCP relay computational load. But rather DHCP relay could 92 just be one of the functions in a multi-process implementation. 94 Although assigning a different IP/IPv6 source address for each DHCP 95 relay process can be a solution, it would introduce operational and 96 network management complexities, especially given the scarceness of 97 the IPv4 addresses. 99 This document proposes an extension to relax the fixed UDP source 100 port requirement for the DHCP relay agents. This extension requires 101 a DHCP server or relay agent, in the case of cascaded relay agents 102 [RFC3315], to remember the inbound packet's UDP port number along 103 with the IP/IPv6 address. The DHCP server when sending back replies 104 MUST use the UDP port number that the incoming relay agent uses 105 instead of the fixed DHCP port number. 107 1.1. Requirements Language 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 111 document are to be interpreted as described in RFC 2119 [RFC2119]. 113 2. Terminology 115 Downstream Device: In the DHCP relay context, it refers to the next 116 relay agent for forwarding Relay-reply Messages. 118 Upstream Device: In the DHCP relay context, it refers to the next 119 relay agent or DHCP server for forwarding Relay-forward 120 Messages. 122 Relay Source Port: This is the UDP port that a relay agent uses to 123 receive Relay-forward Messages from an upstream device. 125 Downstream Source Port: This is the UDP port that the downstream 126 device uses when forwarding Relay-forward Messages to this 127 relay agent device. This UDP port is to be used by this 128 relay agent device when forwarding the Relay-reply Messages 129 to that downstream device. 131 Non-DHCP UDP Port: Any valid UDP port other than port 67 for DHCP 132 and port 547 for DHCPv6. 134 3. Changes to DHCP and DHCPv6 Specifications 136 3.1. Changes to DHCP in RFC 2131 138 Section 4.1 of RFC 2131 [RFC2131] specifies that: 140 DHCP uses UDP as its transport protocol. DHCP messages from a 141 client to a server are sent to the 'DHCP server' port (67), and 142 DHCP messages from a server to a client are sent to the 'DHCP 143 client' port (68). 145 This specification adds the following extension to the above 146 paragraph. 148 DHCP messages from a relay agent to a server are sent to the 'DHCP 149 server' port (67), and the UDP source port it uses can be any 150 valid UDP port available in the relay system, including the DHCP 151 port 67. The default port number is 67 if there is no explicit 152 configuration for the generalized source UDP port extension for 153 DHCP relay. 155 3.2. Changes to DHCPv6 in RFC 3315 157 Section 5.2 of RFC 3315 [RFC3315] specifies that: 159 Clients listen for DHCP messages on UDP port 546. Servers and 160 relay agents listen for DHCP messages on UDP port 547. 162 This specification adds the following extension to the above 163 paragraph. 165 A DHCP relay agent can listen for DHCP messages from a server or 166 another upstream relay agent device on any valid UDP port 167 available in the relay system including the DHCP UDP port 547. 168 The default is port 547 if there is no explicit configuration for 169 the generalized UDP source port extension for DHCP relay. 171 4. Relay Source Port Sub-option and Option 173 Although a DHCP or DHCPv6 server can implicitly determine a UDP 174 source port when it receives an inbound message from a relay agent, 175 this sub-option makes the request explicit for the server to use a 176 non-DHCP UDP port in the reply message. When DHCPv6 cascaded relay 177 agents are involved, the downstream non-DHCP UDP port needs to be 178 recorded using the option. 180 4.1. Source Port Sub-option for DHCPv4 182 The Relay Agent "Source Port Sub-option" is a new option, and it is 183 part of the relay-agent-information option for DHCPv4 [RFC3046]. It 184 SHOULD be used by a relay agent that uses a non-DHCP UDP port 185 communicating with the DHCP server. 187 The format of the "Source Port Sub-option" is shown below: 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | SubOpt Code | Len | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 Where: 195 SubOpt Code: SUBOPT_RELAY_PORT. 8 bits value, to be assigned by 196 IANA. 198 Len: 8 bits value to be set to 0. 200 When a DHCP server receives a message from a relay agent with the 201 "Source Port Sub-option", it MUST remember the UDP source port of the 202 message and use that port number as the UDP destination port when 203 sending the reply message to the same relay agent. 205 4.2. Relay Source Port Option for DHCPv6 207 The "Relay Source Port Option" is a new DHCPv6 option. It SHOULD be 208 used either by a DHCPv6 relay agent that uses a non-DHCP UDP port 209 communicating with the DHCP server and the upstream relay agent, or 210 by a DHCPv6 relay agent that detects the use of a non-DHCP UDP port 211 by a downstream relay agent. 213 The format of the "Relay Source Port Option" is shown below: 215 0 1 2 3 216 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 217 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 | OPTION_RELAY_RELAY_PORT | Option-Len | 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | Downstream Source Port | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 223 Where: 225 Option-Code: OPTION_RELAY_RELAY_PORT. 16 bits value, to be 226 assigned by IANA. 228 Option-Len: 16 bits value to be set to 2. 230 Downstream Source Port: 16 bits value. To be set by the DHCPv6 231 relay either to the downstream relay agent's UDP source 232 port used for the UDP packet, or to zero if only the 233 local relay agent uses the non-DHCP UDP port. 235 The DHCPv6 relay agent SHOULD include the "Relay Source Port Option" 236 when it uses a non-DHCP UDP port to communicate to a DHCPv6 server or 237 an upstream DHCPv6 relay agent. Also when a DHCPv6 relay agent 238 detects that a downstream relay agent uses a non-DHCP UDP port in the 239 packet, it MUST record the port number in the "Downstream Source 240 Port" field of this option. If this option is included to indicate 241 only the local non-DHCP UDP port usage and there is no downstream 242 relay agent's non-DHCP UDP port usage, the field Downstream Source 243 Port field MUST be set to zero. 245 The DHCPv6 relay agent SHOULD include this option in the following 246 three cases: 248 1) The local relay agent uses a non-DHCP UDP port. 250 2) the downstream relay agent uses a non-DHCP UDP port. 252 3) the local relay agent and the downstream relay agent both use 253 non-DHCP UDP ports. 255 In the first case, the value of the field in "Downstream Source Port" 256 field is set to zero. In the other two cases, the value of the field 257 is set to the UDP port number that the downstream relay agent uses. 259 When a DHCPv6 server receives a Relay-forward message with the "Relay 260 Source Port Option", it MUST copy the option when constructing the 261 Relay-reply chain in response to the Relay-forward message. This 262 option MUST NOT appear in any message other than a Relay-forward or 263 Relay-reply message. Additionally, the DHCPv6 server MUST check and 264 use the UDP source port from the UDP packet of the Relay-forward 265 message in replying to the relay agent. 267 When a relay agent receives a Relay-reply message with the "Relay 268 Source Port Option" from a server or from an upstream relay agent, if 269 the "Downstream Source Port" field in the option is non-zero, it MUST 270 use this UDP port number to forward the Relay-reply message to the 271 downstream relay agent. 273 5. A DHCPv6 Cascaded Relay Example 275 An example of DHCPv6 cascaded relay agents with the "Relay Source 276 Port Option" is shown below. 278 (forward) (forward) (forward) 279 Relay1 ----------> Relay2 ----------> Relay3 ----------> Server 280 (1000) (547) (547) 281 (reply) (reply) (reply) 282 <---------- <---------- <---------- 284 In the above diagram, all the DHCPv6 devices support this generalized 285 UDP source port extension except for Relay3. Relay1 is the only 286 relay agent device uses a non-DHCP UDP port. Relay2 is the upstream 287 device of Relay1. 289 Both Relay1 and Relay2 include the "Relay Source Port Option" in 290 Relay-forward message. Relay1 sets the "Downstream Source Port" 291 field in the option to zero. Relay2 notices the "Relay Source Port 292 Option" is included in the message from Relay1, and it determines 293 that the UDP source port used by Relay1 is 1000. Relay2 will include 294 the "Relay Source Port Option" and it sets the "Downstream Source 295 Port" field in the option to 1000. The DHCPv6 server copies the 296 "Relay Source Port Option" when replying with the Relay-reply 297 message. 299 When Relay2 receives the Relay-reply message with the "Relay Source 300 Port Option", it finds the "Downstream Source Port" field has the 301 value of 1000. Relay2 then uses this port number in the UDP packet 302 when sending the Relay-reply message to Relay1. 304 When Relay1 receives the Relay-reply message with the "Relay Source 305 Port Option", it finds that the "Downstream Source Port" field has 306 the value of zero. Relay1 then uses the normal DHCP port 547 in the 307 packet sending the Relay-reply message to its downstream relay agent 308 or uses UDP port 546 to a DHCPv6 client. 310 6. Compatibility 312 With this source port generalization for DHCP and DHCPv6, the server 313 behavior is compatible with the relay agent that uses the normal DHCP 314 UDP port. The DHCP server will use the well-known UDP port (67 or 315 547) when sending Relay-reply message back to the relay agent. It is 316 recommended to upgrade the server side first before using a non-DHCP 317 UDP port for a relay agent. 319 The implementation is advised to allow configuration for relay agent 320 specifying a DHCP relay port number. It can be used to allow the 321 relay agent either using a normal DHCP UDP port or non-DHCP UDP port. 323 7. IANA Considerations 325 A new sub-option, DHCP Relay Source Port, is defined in this document 326 within the DHCPv4 Relay Agent Information Option. It needs to be 327 assigned by IANA from the DHCP Relay Agent sub-options space 328 [RFC3046]. 330 A new option, DHCPv6 Relay Source Port, is defined in this document 331 for DHCPv6 and it needs to be assigned by IANA for the DHCPv6 option 332 code. 334 8. Security Considerations 336 If the network uses firewall to block or allow DHCP packets with both 337 static UDP source and destination port numbers, this may no longer 338 match the packets from new DHCP relay agent and server software. The 339 firewall rules need to be modified only to match the DHCP server side 340 of the UDP port number, and if necessary, IP addresses and other 341 attributes. 343 9. Acknowledgments 345 The authors would like to thank Peter Arberg, Bhanu Gopalasetty, 346 Andre Kostur, Ted Lemon, and Kishore Seshadri for their review and 347 comments of this document. 349 The authors would like to thank Bernie Volz for discussions that lead 350 to the definition of The Relay Source Port sub-option and DHCPv6 351 Relay Source Port Option. 353 The RFC text was produced using Marshall Rose's xml2rfc tool. 355 10. Document Change Log 357 10.1. Changes to draft-ietf-dhc-relay-port-02 359 o Posted the draft in February 2017. 361 o Added the Terminology section. 363 o Defined the Sub-option and Option names for DHCPv4 and DHCPv6. 365 o Added the DHCPv6 cascaded relay agents example. 367 10.2. Changes to draft-ietf-dhc-relay-port-01 369 o Posted the draft in January 2017. 371 o Change the DHCPv6 Relay Source Port Option, UDP Source Port field 372 to Downstream Source Port. Add the option handling mechanism for 373 DHCPv6 server and relay agents. 375 10.3. Changes to draft-ietf-dhc-relay-port-00 377 o Posted first version of working group draft in October 2016. 379 o This draft was renamed from draft-shen-dhc-client-port-03.txt. 381 11. Normative References 383 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 384 Requirement Levels", BCP 14, RFC 2119, 385 DOI 10.17487/RFC2119, March 1997, 386 . 388 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 389 RFC 2131, DOI 10.17487/RFC2131, March 1997, 390 . 392 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 393 RFC 3046, DOI 10.17487/RFC3046, January 2001, 394 . 396 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 397 C., and M. Carney, "Dynamic Host Configuration Protocol 398 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 399 2003, . 401 Authors' Addresses 403 Naiming Shen 404 Cisco Systems 405 560 McCarthy Blvd. 406 Milpitas, CA 95035 407 US 409 Email: naiming@cisco.com 410 Enke Chen 411 Cisco Systems 412 560 McCarthy Blvd. 413 Milpitas, CA 95035 414 US 416 Email: enkechen@cisco.com