idnits 2.17.1 draft-reddy-mif-dhcpv6-precedence-ops-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 248 has weird spacing: '...ariable lengt...' -- The document date (October 15, 2012) is 4173 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4291' is defined on line 429, but no explicit reference was found in the text == Outdated reference: A later version (-13) exists of draft-ietf-6man-addr-select-opt-06 ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981) -- Obsolete informational reference (is this intentional?): RFC 3633 (Obsoleted by RFC 8415) Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MIF Working Group T. Reddy 3 Internet-Draft P. Patil 4 Intended status: Standards Track D. Wing 5 Expires: April 18, 2013 Cisco 6 October 15, 2012 8 Relay-Supplied DHCPv6 Precedence Options 9 draft-reddy-mif-dhcpv6-precedence-ops-02 11 Abstract 13 Network configuration of hosts is currently relatively static with 14 little consideration of dynamic network characteristics. The network 15 infrastructure is aware of dynamic network characteristics. This 16 specification extends DHCPv6 so that the DHCPv6 relay agent can 17 influence a host's configuration. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on April 18, 2013. 36 Copyright Notice 38 Copyright (c) 2012 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . 3 56 3.1. IPv6 Multihoming . . . . . . . . . . . . . . . . . . . . . 3 57 3.2. Disabling IPv6 Temporary Addresses . . . . . . . . . . . . 4 58 3.2.1. Avoiding Excessive IP-Based Authentication . . . . . . 4 59 3.2.2. Reducing Management Impact . . . . . . . . . . . . . . 5 60 4. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 4.1. Address Selection option . . . . . . . . . . . . . . . . . 6 62 4.2. Relay-Supplied Prefix Option . . . . . . . . . . . . . . . 7 63 5. Relay Agent Behaviour . . . . . . . . . . . . . . . . . . . . 8 64 6. DHCPv6 Server Behaviour . . . . . . . . . . . . . . . . . . . 8 65 6.1. Address Selection option . . . . . . . . . . . . . . . . . 8 66 6.2. Relay-Supplied Prefix Option . . . . . . . . . . . . . . . 9 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 68 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 69 9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 9 70 9.1. Changes from draft-reddy-mif-dhcpv6-precedence-ops-00 71 to -01 . . . . . . . . . . . . . . . . . . . . . . . . . . 10 72 9.2. Changes from draft-reddy-mif-dhcpv6-precedence-ops-01 73 to -02 . . . . . . . . . . . . . . . . . . . . . . . . . . 10 74 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 75 10.1. Normative References . . . . . . . . . . . . . . . . . . . 10 76 10.2. Informative References . . . . . . . . . . . . . . . . . . 11 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 79 1. Introduction 81 DHCPv6 allows relatively static information to be configured in 82 hosts, which is somewhat limiting. On a dynamic network, the DHCPv6 83 relay agent can observe characteristics of a network -- such as IPv6 84 multihoming which might be temporarily unavailable or need load 85 balancing of traffic towards each upstream ISPs. By including 86 additional information in relayed DHCPv6 messages, the DHCPv6 relay 87 agent can influence the DHCPv6 server to provide answers that are 88 better suited to the host's configuration on the network. 90 In this document we propose new DHCPv6 options to be added by the 91 DHCPv6 relay agent when it generates a Relay-Forwarded message. 92 [RFC6724] defines default address selection mechanisms for IPv6 that 93 allow nodes to select appropriate address when faced with multiple 94 source and/or destination addresses to choose between. An initial 95 desire is to influence the DHCPv6 server's responses that modify the 96 host's address policy table [I-D.ietf-6man-addr-select-opt] based on 97 observed network characteristics. 99 2. Terminology 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 103 document are to be interpreted as described in [RFC2119]. 105 3. Usage Scenarios 107 The DHCPv6 extension described in this document is useful with IPv6 108 multihoming and with IP address-based authentication. 110 3.1. IPv6 Multihoming 112 o In Proxy Mobile IPv6 [RFC5213] where Mobile Node is assigned 113 prefixes from both local access network and home network. This 114 will allow selected traffic to go through the Mobile Packet Core 115 and the rest through the Local access Network. When DHCPv6 Relay 116 Agent is co-located with the mobile access gateway, the proposal 117 is for the relay agent to influence the DHCPv6 Server in the home 118 network by adding the Address Selection option. The relay agent 119 can add an Address Selection option to the DHCPv6 request 120 suggesting the local access network address selection policy table 121 overiding the default address selection parameters and policy 122 table. The DHCPv6 server in the home network will merge the 123 policy received in Address Selection option with it's own policy 124 table as explained in section 4.3 of 126 [I-D.ietf-6man-addr-select-opt]. This updated policy table will 127 be provided to the DHCPv6 client (MN) in Address Selection option 128 (OPTION_ADDRSEL_TABLE). When the DHCPv6 Server is co-located with 129 the mobile access gateway, the DHCPv6 Server in the local access 130 network will receive the policy table from the DHCPv6 server in 131 the home network using DHCPv6 INFORMATION-REQUEST. The DHCPv6 132 server in local access network will merge the received policy 133 table with it's local policy table. The following figure depicts 134 this scenario. 135 _----_ 136 _( )_ 137 ( Internet ) 138 (_ _) 139 '----' 140 | 141 : 142 : 143 | 144 ......................................................... 145 | | 146 +--------+ | +---------------------+ 147 | Local |-| | Operator Value | 148 |Services| | | Added Services | 149 +--------+ | | | 150 | +---------------------+ 151 | | 152 | _----_ | 153 +-----+ _( )_ +-----+ 154 [MN]----| MAG |======( IP )======| LMA |-- Internet 155 +-----+ (_ _) +-----+ 156 '----' 157 . 158 . 159 . 160 [Access Network] . [Home Network] 161 .......................................................... 163 MN - Mobile Node 165 Figure 1: Proxy Mobile IPv6 167 3.2. Disabling IPv6 Temporary Addresses 169 3.2.1. Avoiding Excessive IP-Based Authentication 171 Some managed networks authenticate hosts with an authentication 172 supplicant or for hosts lacking the supplicant perform address-based 173 authentication. When Address-based authentication is used, re- 174 authentication occurs for each address obtained by the host, which 175 can create a lot of authentication transactions. To reduce this 176 chatter, it can be useful to disable IPv6 Privacy Addresses [RFC4941] 177 on those hosts using address-based authentication. In a managed 178 network, this option will ensure that temporary addresses are 179 disabled for hosts without authentication supplicant. This way 180 managed networks can conditionally disable temporary addresses for 181 only a set of hosts. 183 The relay agent may be configured with the external prefixes that 184 will be assigned to the host. In that case, the relay agent would 185 use the Address Selection option. In the case where the relay agent 186 is unaware of the external prefixes that will be assigned to the 187 host, the relay agent uses the Relative Precedence option. Details 188 for processing those options are described later in the document. 190 Whenever either of those options is used, a DHCPv6 server that 191 understands those options will ignore the IA_TA options in the DHCPv6 192 request, effectively disabling the use of temporary addresses for 193 that host. 195 3.2.2. Reducing Management Impact 197 In addition, there are known issues in managing privacy extensions in 198 certain scenarios. These are described in managing privacy 199 extensions [I-D.gont-6man-managing-privacy-extensions]. In such 200 scenarios, conditionally disabling temporary addresses allows 201 administrators to better manage deployments. 203 4. Options 205 To realize the functions described above, this document defines new 206 DHCPv6 option Relay-Supplied Prefix and updates the Address Selection 207 option defined in [I-D.ietf-6man-addr-select-opt]. These DHCPv6 208 options are added by the DHCPv6 relay agent when it relays a DHCPv6 209 message, and both MAY appear together in the same DHCPv6 message. 211 DHCPv6 Client DHCPv6 Relay Agent DHCPv6 Server 212 | | | 213 |------------------->| | 214 | DHCPv6 REQUEST | | 215 | | | 216 | (adds Relay-Supplied Prefix and/or | 217 | Address Selection option to the request) | 218 | | | 219 | |----------------------------->| 220 | | DHCPv6 REQUEST with | 221 | | Relay-Supplied Prefix and/or | 222 | | Address Selection Options | 223 | | | 224 | |<-----------------------------| 225 | | DHCPv6 REPLY | 226 |<-------------------| | 227 | DHCPv6 REPLY | | 229 Figure 2: Message Flow, Relay Agent adding Option 231 Relay-Supplied Prefix option carries host and network information 232 observed by the DHCPv6 relay agent such as host does not support 233 802.1x supplicant and will be subjected to web-authentication. The 234 Address Selection option allows prioritizing among a list of prefixes 235 the DHCPv6 relay agent expects the DHCPv6 server to provide to the 236 host. 238 4.1. Address Selection option 240 The layout of the Address Selection option is below: 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | OPTION_ADDRSEL_TABLE | option-len | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | Reserved|N|A|P| | 247 +-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS | 248 | (variable length) | 249 | | 250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 252 Figure 3: Option Type 1 message format 254 The fields are described below: 256 option-code : OPTION_ADDRSEL_TABLE defined in 257 [I-D.ietf-6man-addr-select-opt] 259 option-len: Option Length 261 Reserved: Must be 0 and ignored by the server. 263 N: A value of 1 indicates that the relay agent wants the DHCPv6 264 server to ignore any IA_TA options in the DHCPv6 request, as if 265 the IA_TA options were not present. This effectively disables 266 privacy extensions [RFC4941]. A value of 0 indicates the IA_TA 267 options, if present in the DHCPv6 request, are processed normally 268 by the DHCPv6 server. This value has no impact on destination 269 prefixes. 271 A: This flag MUST be set to 0 and ignored by the DHCPv6 server 273 P: This flag MUST be set to 0 and ignored by the DHCPv6 server. 275 Prefix Table Options: Zero or more Address Selection Policy Table 276 options defined in [I-D.ietf-6man-addr-select-opt]. 278 4.2. Relay-Supplied Prefix Option 280 The Relay-Supplied Prefix option is defined below: 282 0 1 2 3 283 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 | OPTION_RS_PREFIX | option-len | 286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 | Policy flag | Reserved | 288 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 290 Figure 4: Option Type 2 message format 292 option-len: Length of the option. 294 Policy flag: 8-bit unsigned integer. 296 Reserved: Must be 0 and ignored by the server. 298 The Policy Flag is defined below, and the actions taken by the DHCPv6 299 server based on this flag are described in Section 6. 301 +------+------------------------------------------------------------+ 302 |Value | Name | Description | 303 +------+------------------------------------------------------------+ 304 | 0x01 | IPV6_DIS_TEMP_ADDR | Disable IPv6 Temporary Address | 305 +------+------------------------------------------------------------+ 307 Figure 5: Policy flag Values 309 5. Relay Agent Behaviour 311 DHCPv6 relay agents that implement this specification MUST be 312 configurable for sending the Address Selection option and the Relay- 313 Supplied Prefix option. Relay agents SHOULD have separate 314 configuration for each option to determine if it is to be added to 315 DHCPv6 request. A relay agent will include these options in the 316 option payload of a Request message. DHCPv6 relay agent should set 317 Address Selection option when there is a need to change the label/ 318 precedence value for prefixes in scenario's discussed in Section 3.1 319 and/or disable IPv6 temporary addresses for the host. 321 Discussion: To reduce end-user configuration of the DHCPv6 relay 322 agent, the DHCPv6 relay agent can use the mechanism specified in 323 [RFC3633] to automatically learn the IPv6 prefixes that will be 324 delegated to DHCPv6 clients. DHCPv6 relay agent in future can use 325 leasequery-like capability discussed in section 3.2 of RFC 326 [RFC5007] to learn the prefix information from DHCPv6 server. 328 DHCPv6 relay agent should set Relay-Supplied Prefix option when it 329 receives DHCPv6 request from a host with specific characteristics 330 like authenticated using address based mechanism. Relative 331 Precedence option is used when the relay agent is unaware of the 332 external prefixes to be assigned to the host. 334 6. DHCPv6 Server Behaviour 336 Upon receiving a DHCPv6 request containing the Address Selection 337 option or the Relay-Supplied Prefix Option, the DHCPv6 server 338 processing is described below: 340 6.1. Address Selection option 342 Address Selection option - The DHCPv6 server should send a reply to 343 the host with the prefixes received from DHCPv6 relay agent along 344 with Precedence. The DHCPv6 server will merge the policy received in 345 Address Selection option with it's own policy table as explained in 346 section 4.3 of [I-D.ietf-6man-addr-select-opt]. 348 If the option has "N" bit set to 1, the server SHOULD ignore the 349 IA_TA options in the DHCPv6 request, effectively disabling the use of 350 temporary addresses for that prefix. The DHCPv6 server will ignore 351 the "N" bit for destination prefixes. 353 Note : If DHCPv6 servers receives both options with conflicting flags 354 IPV6_DIS_TEMP_ADDR and "N" bit then it SHOULD treat it as mis- 355 configuration on the relay agent and discard these options. 357 6.2. Relay-Supplied Prefix Option 359 The Relay-Supplied Prefix Option contains flags that defines the 360 characteristics of the host. 362 1. IPV6_DIS_TEMP_ADDR - This flag indicates that Temporary IPv6 363 address allocation is to be disabled for the host. The DHCPv6 364 server should ignore any IA_TA options in the DHCPv6 request. 366 7. Security Considerations 368 Relay-Supplied Prefix is exchanged only between the DHCPv6 relay 369 agent and DHCPv6 server and Address Selection option can originate 370 either from the server or the relay agent, section 21.1 of [RFC3315] 371 provides details on securing DHCPv6 messages sent between servers and 372 relay agents. And, section 23 of [RFC3315] provides general DHCPv6 373 security considerations. 375 It is possible for a DHCPv6 client to include the Relay-Supplied 376 Prefix option or the Address Selection options, which would be 377 received by a DHCPv6 server. This would cause the DHCPv6 client to 378 receive a different DHCPv6 response than it would have otherwise 379 received. . 381 8. IANA Considerations 383 IANA is requested to assign option code to OPTION_RS_PREFIX from the 384 option-code space as defined in section "DHCPv6 Options" of 385 [RFC3315]. 387 9. Change History 389 [Note to RFC Editor: Please remove this section prior to 390 publication.] 392 9.1. Changes from draft-reddy-mif-dhcpv6-precedence-ops-00 to -01 394 o Added Proxy Mobile IPv6 with traffic offload use-case in Section 395 3.1. 397 o Updated Section 3.2.1 to highlight the ability to disable 398 temporary addresses selectively. 400 9.2. Changes from draft-reddy-mif-dhcpv6-precedence-ops-01 to -02 402 o Updated usecase in section 3.1 404 o Changed Absolute Precedence Option 406 10. References 408 10.1. Normative References 410 [I-D.gont-6man-managing-privacy-extensions] 411 Gont, F. and R. Broersma, "Managing the Use of Privacy 412 Extensions for Stateless Address Autoconfiguration in 413 IPv6", draft-gont-6man-managing-privacy-extensions-01 414 (work in progress), March 2011. 416 [I-D.ietf-6man-addr-select-opt] 417 Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 418 Address Selection Policy using DHCPv6", 419 draft-ietf-6man-addr-select-opt-06 (work in progress), 420 September 2012. 422 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 423 Requirement Levels", BCP 14, RFC 2119, March 1997. 425 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 426 and M. Carney, "Dynamic Host Configuration Protocol for 427 IPv6 (DHCPv6)", RFC 3315, July 2003. 429 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 430 Architecture", RFC 4291, February 2006. 432 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 433 Extensions for Stateless Address Autoconfiguration in 434 IPv6", RFC 4941, September 2007. 436 [RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, 437 "DHCPv6 Leasequery", RFC 5007, September 2007. 439 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 440 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 442 [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, 443 "Default Address Selection for Internet Protocol Version 6 444 (IPv6)", RFC 6724, September 2012. 446 10.2. Informative References 448 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 449 Host Configuration Protocol (DHCP) version 6", RFC 3633, 450 December 2003. 452 Authors' Addresses 454 Tirumaleswar Reddy 455 Cisco Systems, Inc. 456 Cessna Business Park, Varthur Hobli 457 Sarjapur Marathalli Outer Ring Road 458 Bangalore, Karnataka 560103 459 India 461 Email: tireddy@cisco.com 463 Prashanth Patil 464 Cisco Systems, Inc. 465 Cessna Business Park, Varthur Hobli 466 Sarjapur Marthalli Outer Ring Road 467 Bangalore, Karnataka 560103 468 India 470 Email: praspati@cisco.com 472 Dan Wing 473 Cisco Systems, Inc. 474 170 West Tasman Drive 475 San Jose, California 95134 476 USA 478 Email: dwing@cisco.com