idnits 2.17.1 draft-ietf-dhc-userclass-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 314 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 8 instances of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Engineering Task Force Glenn Stump, IBM 2 INTERNET DRAFT Ralph Droms, Bucknell University 3 Date: June 2000 Ye Gu, Ramesh Vyaghrapuri, 4 Expires: November 2000 Ann Demirtjis, Microsoft 5 Burcak Beser, 3Com 6 Jerome Privat, BT 8 The User Class Option for DHCP 9 11 Status of this Memo 13 The document is an Internet-Draft and is in full conformance with all 14 of the provisions of Section 10 of RFC 2026. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as 19 Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Intenet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 Abstract 34 This option is used by a DHCP client to optionally identify the 35 type or category of user or applications it represents. The 36 information contained in this option is an opaque field 37 that represents the user class of which the client is a member. 38 Based on this class, a DHCP server selects the appropriate address 39 pool to assign an address to the client and the appropriate 40 configuration parameters. 41 This option should be configurable by a user. 43 1. Introduction 45 It is often desirable to provide different levels of service 46 to different users of an IP network. 47 In order for an IP network to implement this service 48 differentiation, it needs a way to classify users. A simple 49 solution to this is to use source IP addresses for classification. 50 Under this scheme, network administrators first configure network 51 devices such as routers to recognize traffic from a particular 52 source IP address (or address range) and handle it specially to 53 meet the desired level of service. Next, they assign the IP 54 addresses to the hosts of the intended users so that the user will 55 receive the appropriate level of service. They can configure the 56 hosts manually with these addresses. However, they cannot use DHCP 57 for address assignment, even if they are already running a DHCP 58 server in their network. A current RFC-compliant DHCP server assigns 59 IP addresses based on the location of the DHCP Client in the network 60 topology, not the type of user it supports. 61 This document describes a simple extension of the DHCP protocol 62 that enables a DHCP server to assign IP addresses from different 63 address pools depending on the type of users from which it receives 64 DHCP requests. With this new extension, network administrators will 65 be able to use DHCP to hand out the appropriate addresses to clients. 66 An example intended usage is a corporate network subnet consisting 67 of different departments of users, such as Accounting, Legal, Staff, 68 etc. It may be desirable to allocate logical address pools to each 69 of the departments so that network policies may be implemented easily 70 on IP address ranges; and this would facilitate providing 71 differential services, such as network reachibility. 72 A DHCP server can also use the information contained in the User 73 Class to allocate other configuration parameters than the IP 74 address. For example, a DHCP server receiving a request from a 75 client with the User Class set to "accounting auditors" may return 76 an option with the address of a particular database server. 77 Indeed a DHCP server may have a single pool of addresses and 78 only use the user class to select parameters other than IP 79 addresses. 81 2. Requirements Terminology 83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this 85 document are to be interpreted as described in RFC 2119 [3]. 87 3. DHCP Terminology 89 o "DHCP client" 91 A DHCP client or "client" is an Internet host using DHCP to obtain 92 configuration parameters such as a network address. 94 o "DHCP server" 96 A DHCP server of "server"is an Internet host that returns 97 configuration parameters to DHCP clients. 99 o "binding" 101 A binding is a collection of configuration parameters, including 102 at least an IP address, associated with or "bound to" a DHCP 103 client. Bindings are managed by DHCP servers. 105 4. User Class option 107 This option is used by a DHCP client to optionally identify the 108 type or category of user or applications it represents. 109 A DHCP server uses the User Class option to choose the address 110 pool it allocates an address from and/or to select any other 111 configuration option. 113 This option is a DHCP option [1, 2]. 115 This option MAY carry multiple User Classes. 116 Servers may interpret the meanings of multiple class 117 specifications in an implementation dependent or 118 configuration dependent manner, and so the use of multiple 119 classes by a DHCP client should be based on the specific server 120 implementation and configuration which will be used to process 121 that User class option. 123 The format of this option is as follows: 125 Code Len Value 126 +-----+-----+--------------------- . . . --+ 127 | 77 | N | User Class Data ('Len' octets) | 128 +-----+-----+--------------------- . . . --+ 130 where Value consists of zero or more instances of User Class Data. 131 Each instance of User Class Data is formatted as follows: 133 UC_Len_i User_Class_Data_i 134 +--------+------------------------ . . . --+ 135 | L_i | Opaque-Data ('UC_Len_i' octets) | 136 +--------+------------------------ . . . --+ 138 Each User Class value (User_Class_Data_i) is indicated as an opaque 139 field. 140 The value in UC_Len_i does not include the length field itself 141 and MUST be non-zero. 142 Let m be the number of User Classes carried in the option. The 143 length of the option as specified in Len must be the sum of the 144 lengths of each of the class names plus m: 145 Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. 146 If any instances of User Class Data are present, the minimum 147 value of Len is two (Len = UC_Len_1 + 1 = 1 + 1 = 2). 149 The Code for this option is 77. 151 A server that is not equipped to interpret any given user class 152 specified by a client MUST ignore it (although it may be reported). 153 If a server recognizes one or more user classes specified by the 154 client, but does not recognize one or more other user classes 155 specified by the client, the server MAY use the user classes it 156 recognizes. 158 DHCP clients implementing this option SHOULD allow users to enter 159 one or more user class values. 161 5. IANA Considerations 163 Option 77, which IANA has already assigned for this purpose, 164 should be used as the User Class Option for DHCP. 166 6. Security Considerations 168 DHCP currently provides no authentication or security 169 mechanisms. Potential exposures to attack are discussed 170 is section 7 of the protocol specification [1]. 171 This lack of authentication mechanism means that a DHCP server 172 cannot check if a client or user is authorised to use a 173 given User Class. 174 This introduces an obvious vulnerability when using the User 175 Class option. For example, if the User Class is used to give 176 out special IP addresses that have better QoS associated with 177 them (as described in section 1), there is no way to authenticate 178 a client and it is therefore impossible to check if a client is 179 authorised to use such an IP address. 181 7. References 183 [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, 184 March 1997. 186 [2] S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor 187 Extensions", RFC 2132, March 1997. 189 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 190 Levels," RFC 2119, March 1997. 192 8. Acknowledgments 194 This document is based on earlier drafts by Glenn Stump, 195 Ralph Droms, Ye Gu, Ramesh Vyaghrapuri and Burcak Beser. 196 Thanks to Ted Lemon, Steve Gonczi, Kim Kinnear, Bernie Volz, 197 Richard Jones, Barr Hibbs and Thomas Narten for their comments 198 and suggestions. 200 9. Author Information 202 Glenn Stump 203 IBM Networking Software 204 P.O. Box 12195 205 RTP, NC 27709 206 Phone: (919) 301-4277 207 Email: stumpga@us.ibm.com 209 Ralph Droms 210 Computer Science Department 211 323 Dana Engineering 212 Bucknell University 213 Lewisburg, PA 17837 214 Phone: (717) 524-1145 215 Email: droms@bucknell.edu 217 Ye Gu 218 Microsoft Corporation 219 One Microsoft Way 220 Redmond, WA 98052 221 Phone: 425 936 8601 222 Email: yegu@microsoft.com 224 Ramesh Vyaghrapuri 225 Microsoft Corporation 226 One Microsoft Way 227 Redmond, WA 98052 228 Phone: 425 703 9581 229 Email: rameshv@microsoft.com 231 Burcak Beser 232 3Com Corporation 233 3800 Golf Road 234 Rolling Meadows, IL 235 Phone: 847 262 2195 236 Email: Burcak_Beser@3com.com 238 Ann Demirtjis 239 Microsoft Corporation 240 One Microsoft Way 241 Redmond WA 98052 242 Phone: 425-705-2254 243 Email: annd@microsoft.com 245 Jerome Privat 246 BT Advanced Communications Technology Centre 247 Adastral Park, Martlesham Heath, IP5 3RE 248 UK 249 Phone: +44 1473 648910 250 Email: jerome.privat@bt.com 252 10. Expiration 254 This document will expire on November 2000. 256 Copyright Statement 258 Copyright (c) The Internet Society (1999). All Rights Reserved. 259 This document and translations of it may be copied and furnished to 260 others, and derivative works that comment on or otherwise explain it 261 or assist in its implementation may be prepared, copied, published 262 and distributed, in whole or in part, without restriction of any 263 kind, provided that the above copyright notice and this paragraph are 264 included on all such copies and derivative works. However, this 265 document itself may not be modified in any way, such as by removing 266 the copyright notice or references to the Internet Society or other 267 Internet organizations, except as needed for the purpose of 268 developing Internet standards in which case the procedures for 269 copyrights defined in the Internet Standards process must be 270 followed, or as required to translate it into languages other than 271 English. 273 The limited permissions granted above are perpetual and will not be 274 revoked by the Internet Society or its successors or assigns. 276 This document and the information contained herein is provided on an 277 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 278 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 279 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 280 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 281 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.