idnits 2.17.1 draft-shen-dhc-client-port-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 19, 2016) is 2804 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Networking Working Group N. Shen 3 Internet-Draft E. Chen 4 Intended status: Standards Track Cisco Systems 5 Expires: February 20, 2017 August 19, 2016 7 Generalized Source UDP Port of DHCP Relay 8 draft-shen-dhc-client-port-03 10 Abstract 12 This document extends the DHCP and DHCPv6 protocols for the UDP 13 transport from relay agent to server and allows the port to be any 14 valid number on the DHCP relay system. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on February 20, 2017. 33 Copyright Notice 35 Copyright (c) 2016 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 52 2. Changes to DHCP and DHCPv6 Specifications . . . . . . . . . . 3 53 2.1. Changes to DHCP in RFC 2131 . . . . . . . . . . . . . . . 3 54 2.2. Changes to DHCPv6 in RFC 3315 . . . . . . . . . . . . . . 3 55 3. Relay Agent Source Port Sub-option and Option . . . . . . . . 4 56 3.1. DHCP Relay Agent Source Port Sub-option . . . . . . . . . 4 57 3.2. DHCPv6 Relay Agent Source Port Option . . . . . . . . . . 4 58 4. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 5 59 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 60 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 61 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 62 8. Document Change Log . . . . . . . . . . . . . . . . . . . . . 6 63 8.1. Changes to draft-shen-dhc-client-port-03 . . . . . . . . 6 64 8.2. Changes to draft-shen-dhc-client-port-02 . . . . . . . . 6 65 8.3. Changes to draft-shen-dhc-client-port-01 . . . . . . . . 6 66 8.4. Changes to draft-shen-dhc-client-port-00 . . . . . . . . 7 67 9. Normative References . . . . . . . . . . . . . . . . . . . . 7 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 70 1. Introduction 72 RFC 2131 [RFC2131] and RFC 3315 [RFC3315] specify the DHCP transport 73 protocol as UDP. They also define both the server side and client 74 side port numbers. The DHCP server port is UDP number (67) and the 75 client port is UDP number (68); for DHCPv6 the server port is (546) 76 and the client port is (547). 78 This fixed client port number of DHCP protocol scheme creates 79 problems in certain DHCP relay operations and environments. For 80 instance, in a large scale DHCP relay implementation on a single 81 switch node, the DHCP relay functionality may be partitioned among 82 multiple relay processes running under different CPUs. All those 83 DHCP relay processes may share the same IP address of the switch 84 node. If the UDP source port has to be a fixed number, the transport 85 socket operation of DHCP packets needs to go through a central 86 location or process which defeats the purpose of distributed DHCP 87 relay functionality. 89 In some of the scalable operational environment, the decision to 90 split functionality into multiple processes on a node may not be 91 purely based on DHCP relay load. But DHCP relay is one of the 92 functions in the multiple process implementation. 94 Although assigning the different source IP/IPv6 address for each DHCP 95 relay process can be a solution, it requires operational and network 96 management involvement. It needs to be sure, at least for DHCP, the 97 address space among the relay and server is in private IPv4 address 98 domain. 100 This document proposes the option to relax the fixed source port 101 requirement for the DHCP relay agents. This extension requires the 102 DHCP server or relay agent, in the case of relay chaining [RFC3315], 103 to remember the inbound packet's UDP port number along with the IP/ 104 IPv6 address. The DHCP server MUST use the UDP port number that the 105 incoming relay agent uses instead of blindly setting the DHCP fixed 106 port number. 108 1.1. Requirements Language 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 112 document are to be interpreted as described in RFC 2119 [RFC2119]. 114 2. Changes to DHCP and DHCPv6 Specifications 116 2.1. Changes to DHCP in RFC 2131 118 Section 4.1 of RFC 2131 [RFC2131] asserts that: DHCP uses UDP as its 119 transport protocol. DHCP messages from a client to a server are sent 120 to the 'DHCP server' port (67), and DHCP messages from a server to a 121 client are sent to the 'DHCP client' port (68). 123 This specification adds to the above paragraph in the paragraph 124 below. 126 DHCP messages from a relay agent to a server are sent to the 'DHCP 127 server' port (67), and the UDP source port it uses can be any valid 128 UDP port available on the relay system, including the DHCP port 67. 129 The default is port number 67 if there is no explicit configuration 130 for generalized source UDP port extension of DHCP relay. 132 2.2. Changes to DHCPv6 in RFC 3315 134 Section 5.2 of RFC 3315 [RFC3315] asserts that: Clients listen for 135 DHCP messages on UDP port 546. Servers and relay agents listen for 136 DHCP messages on UDP port 547. 138 This specification adds to the above paragraph in the paragraph 139 below. 141 DHCP relay agents can listen for DHCP messages from server or another 142 relay agent on any valid UDP port available on the relay system 143 including the DHCP UDP port 547. The default is port 547 if there is 144 no explicit configuration for generalized source UDP port extension 145 of DHCP relay. 147 3. Relay Agent Source Port Sub-option and Option 149 Although the DHCP or DHCPv6 server can implicitly detect a source UDP 150 port that is different from the standard DHCP port number when it 151 receives an inbound message from relay agents, this sub-option makes 152 the request explicit for the server to use a non-DHCP UDP port in the 153 reply message. 155 3.1. DHCP Relay Agent Source Port Sub-option 157 The Relay Agent Source Port sub-option is part of the relay-agent- 158 information option for DHCPv4 [RFC3046]. It SHOULD be used by the 159 relay agent that uses a non-DHCP UDP port communicating with the DHCP 160 server. 162 The format of the DHCPv4 Relay Agent Source Port Sub-option is shown 163 below: 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | SubOpt Code | Len | 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 Where: 171 SubOpt Code: TBD. 8 bits value, to be assigned by IANA. 173 Len: 8 bits value to be set to 0. 175 When a DHCP server receives a message from relay agent with this 176 Relay Source Port sub-option, it MUST remember the inbound message 177 UDP source port from the relay agent and use the same port number for 178 the UDP destination port that sends the reply message to the same 179 relay agent. 181 3.2. DHCPv6 Relay Agent Source Port Option 183 The Relay Agent Source Port Option is a new DHCPv6 option. It SHOULD 184 be used by the DHCPv6 relay agent that uses a non-DHCP UDP port 185 communicating with the DHCP server and upstream relay agent. 187 The format of the DHCPv6 Relay Agent Source Port Option is shown 188 below: 190 0 1 2 3 191 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 | Option-Code | Option-Len | 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 | UDP Source Port | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 Where: 200 Option-Code: TBD. 16 bits value, to be assigned by IANA. 202 Option-Len: 16 bits value to be set to 2. 204 UDP Source Port: 16 bits value. To be set by the DHCPv6 relay to 205 the UDP source port used for the packet. 207 With this Relay Source Port Option in the message, when a DHCPv6 208 server replies or a relay agent relays a message towards a downstream 209 relay agent, it MUST use the same port number for the UDP destination 210 to the previous hop relay agent. 212 4. Compatibility 214 With this extension of DHCP and DHCPv6 source port generalization, 215 the server behavior is compatible with the relay agent that uses the 216 DHCP fixed UDP port. The DHCP server will reflect back the UDP well- 217 known port number (67/547) that the client uses when relaying back to 218 the relay agent. It is recommended to upgrade the server side first. 220 The implementation is advised to allow the configuration for 221 specifying a fixed DHCP relay port number. This is for the case 222 where the DHCP relay agent is upgraded with this extension before the 223 server side upgrade. 225 5. IANA Considerations 227 A new sub-option, DHCP Relay Agent Source Port, is defined in this 228 document within the DHCPv4 Relay Agent Information Option. It needs 229 to be assigned by IANA from the DHCP Relay Agent sub-options space 230 [RFC3046]. 232 A new option, DHCPv6 Relay Source Port, is defined in this document 233 for DHCPv6 and it needs to be assigned by IANA for the DHCPv6 option 234 code. 236 6. Security Considerations 238 If the network uses firewall to block or allow DHCP packets with both 239 static UDP source and destination port numbers, this may no longer 240 match the packets from new DHCP relay agent and server software. The 241 firewall rules need to be modified only to match the DHCP server side 242 of the UDP port number, and if necessary, IP addresses and other 243 attributes. 245 7. Acknowledgments 247 TBD. 249 8. Document Change Log 251 8.1. Changes to draft-shen-dhc-client-port-03 253 o Submitted August 2016 255 o Added more motivation paragraphs in the section of Introduction. 257 o Added the language for default DHCP/DHCPv4 relay ports of (67/547) 258 if not explicitly being provisioned for this generalized UDP 259 source port extension. 261 8.2. Changes to draft-shen-dhc-client-port-02 263 o Submitted July 2016 265 o Added 16-bits UDP Source Port field in the DHCPv6 Relay Agent 266 Source Port Option. 268 8.3. Changes to draft-shen-dhc-client-port-01 270 o Submitted July 2016 272 o Changed the document title from "Generalize Client UDP Port Number 273 of DHCP Relay" to "Generalized Source UDP Port of DHCP Relay". 275 o Changed the document text such that the source port extension is 276 only applied for DHCP and DHCPv6 relay agents. 278 o Defined the DHCPv4 Relay Agent Source Port sub-option and the 279 DHCPv6 Relay Agent Source Port option. 281 8.4. Changes to draft-shen-dhc-client-port-00 283 o Initial version of the draft is published in June 2016. 285 9. Normative References 287 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 288 Requirement Levels", BCP 14, RFC 2119, 289 DOI 10.17487/RFC2119, March 1997, 290 . 292 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 293 RFC 2131, DOI 10.17487/RFC2131, March 1997, 294 . 296 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 297 RFC 3046, DOI 10.17487/RFC3046, January 2001, 298 . 300 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 301 C., and M. Carney, "Dynamic Host Configuration Protocol 302 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 303 2003, . 305 Authors' Addresses 307 Naiming Shen 308 Cisco Systems 309 560 McCarthy Blvd. 310 Milpitas, CA 95035 311 US 313 Email: naiming@cisco.com 315 Enke Chen 316 Cisco Systems 317 560 McCarthy Blvd. 318 Milpitas, CA 95035 319 US 321 Email: enkechen@cisco.com