draft-ietf-dhc-dhcpv6-opt-prefix-delegation-03.txt   draft-ietf-dhc-dhcpv6-opt-prefix-delegation-04.txt 
DHC Working Group O. Troan Network Working Group O. Troan
Internet-Draft R. Droms Internet-Draft R. Droms
Expires: September 1, 2003 Cisco Systems Expires: December 5, 2003 Cisco Systems
March 3, 2003 June 6, 2003
IPv6 Prefix Options for DHCPv6 IPv6 Prefix Options for DHCPv6
draft-ietf-dhc-dhcpv6-opt-prefix-delegation-03.txt draft-ietf-dhc-dhcpv6-opt-prefix-delegation-04.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at
www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 1, 2003. This Internet-Draft will expire on December 5, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract Abstract
The Prefix Delegation options provide a mechanism for automated The Prefix Delegation options provide a mechanism for automated
delegation of IPv6 prefixes using DHCP. This mechanism is intended delegation of IPv6 prefixes using DHCP. This mechanism is intended
for delegating long-lived prefix from a delegating router to a for delegating a long-lived prefix from a delegating router to a
requesting router, across an administrative boundary, where the requesting router, across an administrative boundary, where the
delegating router does not require knowledge about the topology of delegating router does not require knowledge about the topology of
the links in the network to which the prefixes will be assigned. the links in the network to which the prefixes will be assigned.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. DHCPv6 specification dependency . . . . . . . . . . . . . . 3 2. DHCPv6 specification dependency . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Model and Applicability . . . . . . . . . . . . . . . . . . 4 5. Model and Applicability . . . . . . . . . . . . . . . . . . 4
5.1 Example network architecture . . . . . . . . . . . . . . . . 4 5.1 Example network architecture . . . . . . . . . . . . . . . . 5
6. Identity Association for Prefix Delegation . . . . . . . . . 6 6. Identity Association for Prefix Delegation . . . . . . . . . 6
7. Overview of DHCP with Prefix Delegation . . . . . . . . . . 7 7. Overview of DHCP with Prefix Delegation . . . . . . . . . . 7
8. Interface Selection . . . . . . . . . . . . . . . . . . . . 7 8. Interface Selection . . . . . . . . . . . . . . . . . . . . 7
9. Identity Association for Prefix Delegation Option . . . . . 8 9. Identity Association for Prefix Delegation Option . . . . . 8
10. IA_PD Prefix option . . . . . . . . . . . . . . . . . . . . 10 10. IA_PD Prefix option . . . . . . . . . . . . . . . . . . . . 10
11. Delegating Router Solicitation . . . . . . . . . . . . . . . 11 11. Delegating Router Solicitation . . . . . . . . . . . . . . . 11
11.1 Requesting router behaviour . . . . . . . . . . . . . . . . 11 11.1 Requesting router behaviour . . . . . . . . . . . . . . . . 11
11.2 Delegating router behaviour . . . . . . . . . . . . . . . . 12 11.2 Delegating router behaviour . . . . . . . . . . . . . . . . 12
12. Requesting router initiated prefix delegation . . . . . . . 13 12. Requesting router initiated prefix delegation . . . . . . . 12
12.1 Requesting router behaviour . . . . . . . . . . . . . . . . 13 12.1 Requesting router behaviour . . . . . . . . . . . . . . . . 13
12.2 Delegating Router behaviour . . . . . . . . . . . . . . . . 14 12.2 Delegating Router behaviour . . . . . . . . . . . . . . . . 14
13. Prefix Delegation reconfiguration . . . . . . . . . . . . . 16 13. Prefix Delegation reconfiguration . . . . . . . . . . . . . 15
13.1 Delegating Router behaviour . . . . . . . . . . . . . . . . 16 13.1 Delegating Router behaviour . . . . . . . . . . . . . . . . 15
13.2 Requesting Router behaviour . . . . . . . . . . . . . . . . 16 13.2 Requesting Router behaviour . . . . . . . . . . . . . . . . 16
14. Relay agent behaviour . . . . . . . . . . . . . . . . . . . 16 14. Relay agent behaviour . . . . . . . . . . . . . . . . . . . 16
15. Security Considerations . . . . . . . . . . . . . . . . . . 16 15. Security Considerations . . . . . . . . . . . . . . . . . . 16
16. IANA Considerations . . . . . . . . . . . . . . . . . . . . 17 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . 16
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17
18. Changes in draft-ietf-dhc-dhcpv6-opt-prefix-delegation-03 . 17 18. Changes in draft-ietf-dhc-dhcpv6-opt-prefix-delegation-03 . 17
Normative References . . . . . . . . . . . . . . . . . . . . 18 References . . . . . . . . . . . . . . . . . . . . . . . . . 17
Informative References . . . . . . . . . . . . . . . . . . . 18 References . . . . . . . . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18
Full Copyright Statement . . . . . . . . . . . . . . . . . . 20 Full Copyright Statement . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
This document describes new options for DHCP, which provide a This document describes new options for DHCP that provide a mechanism
mechanism for the delegation of IPv6 prefixes. Through these for the delegation of IPv6 prefixes. Through these options, a
options, a delegating router can delegate prefixes to authorised delegating router can delegate prefixes to authorised requesting
requesting routers. routers.
The prefix delegation mechanism described in this document is The prefix delegation mechanism described in this document is
intended for simple delegation of prefixes from a delegating router intended for simple delegation of prefixes from a delegating router
to requesting routers. It is appropriate for situations in which the to requesting routers. It is appropriate for situations in which the
delegating router does not have knowledge about the topology of the delegating router does not have knowledge about the topology of the
networks to which the requesting router is attached, and the networks to which the requesting router is attached, and the
delegating router does not require other information aside from the delegating router does not require other information aside from the
identity of the requesting router to choose a prefix for delegation. identity of the requesting router to choose a prefix for delegation.
For example, these options would be used by a service provider to For example, these options would be used by a service provider to
assign a prefix to a CPE device acting as a router between the assign a prefix to a CPE device acting as a router between the
skipping to change at page 3, line 34 skipping to change at page 3, line 34
Many applications expect stable addresses. Even though this Many applications expect stable addresses. Even though this
mechanism makes automatic renumbering easier, it is expected that mechanism makes automatic renumbering easier, it is expected that
prefixes have a long lifespan. During renumbering it is expected prefixes have a long lifespan. During renumbering it is expected
that the old and the new prefix co-exist for some time. that the old and the new prefix co-exist for some time.
The design of this prefix delegation mechanism meets the requirements The design of this prefix delegation mechanism meets the requirements
for prefix delegation in Requirements for IPv6 prefix delegation [8]. for prefix delegation in Requirements for IPv6 prefix delegation [8].
2. DHCPv6 specification dependency 2. DHCPv6 specification dependency
This document describes an extension to the DHCPv6 specification [6]. This document describes new DHCPv6 options for IPv6 prefix
This document should be read in conjunction with the DHCPv6 delegation. This document should be read in conjunction with the
specification for a complete specification of the Prefix Delegation DHCPv6 specification for a complete specification of the Prefix
options and mechanism. Definitions for terms and acronyms not Delegation options and mechanism. Definitions for terms and acronyms
specifically defined in this document are defined in the DHCPv6 not specifically defined in this document are defined in the DHCPv6
specification [6]. specification [6].
3. Terminology 3. Terminology
This document uses the terminology defined in RFC2460 [2] and the This document uses the terminology defined in RFC2460 [2] and the
DHCP specification [6]. In addition, this document uses the DHCP specification [6]. In addition, this document uses the
following terms: following terms:
requesting router The router that acts as a DHCP client and is requesting router The router that acts as a DHCP client and is
requesting prefix(es) to be assigned. requesting prefix(es) to be assigned.
delegating router The router that acts as a DHCP server, and is delegating router The router that acts as a DHCP server, and is
responding to the prefix request. responding to the prefix request.
Identity Association for Prefix Delegation (IA_PD) A collection of Identity Association for Prefix Delegation (IA_PD) A collection of
prefixes assigned to the requesting router. Each prefixes assigned to the requesting router. Each IA_PD has an
IA_PD has an associated IAID. A requesting associated IAID. A requesting router may have more than one IA_PD
router may have more than one IA_PD assigned to assigned to it; for example, one for each of its interfaces.
it; for example, one for each of its interfaces.
4. Requirements 4. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [1]. document, are to be interpreted as described in RFC 2119 [1].
5. Model and Applicability 5. Model and Applicability
The model of operation for prefix delegation is as follows. A The model of operation for prefix delegation is as follows. A
skipping to change at page 5, line 4 skipping to change at page 5, line 6
can request an extension of the lifetimes on a delegated prefix and can request an extension of the lifetimes on a delegated prefix and
is required to terminate the use of a delegated prefix if the valid is required to terminate the use of a delegated prefix if the valid
lifetime of the prefix expires. lifetime of the prefix expires.
This prefix delegation mechanism would be appropriate for use by an This prefix delegation mechanism would be appropriate for use by an
ISP to delegate a prefix to a subscriber, where the delegated prefix ISP to delegate a prefix to a subscriber, where the delegated prefix
would possibly be subnetted and assigned to the links within the would possibly be subnetted and assigned to the links within the
subscriber's network. subscriber's network.
5.1 Example network architecture 5.1 Example network architecture
Figure 1 illustrates a network architecture in which prefix Figure 1 illustrates a network architecture in which prefix
delegation could be used. delegation could be used.
+--------+ \ ______________________ \
| AAA | \ / \ \
| server | \ | ISP core network | \
+---+----+ |
___|__________________ |
/ \ |
| ISP core network | |
\__________ ___________/ | \__________ ___________/ |
| | ISP | |
+-------+-------+ | network +-------+-------+ |
| Aggregation | | | Aggregation | | ISP
| device | | | device | | network
| (delegating | | | (delegating | |
| router) | | | router) | |
+-------+-------+ | +-------+-------+ |
| / | /
|DSL to subscriber / |DSL to subscriber /
|premises / |premises /
| |
+------+------+ \ +------+------+ \
| CPE | \ | CPE | \
| (requesting | \ | (requesting | \
skipping to change at page 5, line 41 skipping to change at page 5, line 40
| | | Subscriber | | | Subscriber
---+-------------+-----+- -+-----+-------------+--- | network ---+-------------+-----+- -+-----+-------------+--- | network
| | | | | | | | | |
+----+-----+ +-----+----+ +----+-----+ +-----+----+ | +----+-----+ +-----+----+ +----+-----+ +-----+----+ |
|Subscriber| |Subscriber| |Subscriber| |Subscriber| / |Subscriber| |Subscriber| |Subscriber| |Subscriber| /
| PC | | PC | | PC | | PC | / | PC | | PC | | PC | | PC | /
+----------+ +----------+ +----------+ +----------+ / +----------+ +----------+ +----------+ +----------+ /
Figure 1: An example of prefix delegation. Figure 1: An example of prefix delegation.
In this example an AAA server is configured with a prefix assigned to In this example the delegating router is configured with a set of
the customer at the time of subscription to the ISP service. The prefixes to be used for assignment to customers at the time of each
prefix delegation process begins when the requesting router requests customer's first connection to the ISP service. The prefix
delegation process begins when the requesting router requests
configuration information through DHCP. The DHCP messages from the configuration information through DHCP. The DHCP messages from the
requesting router are received by the delegating router in the requesting router are received by the delegating router in the
aggregation device. When the delegating router receives the request, aggregation device. When the delegating router receives the request,
it consults the AAA server to authenticate and authorise the it selects an available prefi or prefixes for delegation to the
requesting router. The AAA server returns the subscriber's requesting router. The delegating router then returns the prefix or
prefix(es) in a Framed-IPv6-Prefix attribute as described in RFC 3162 prefixes to the requesting router.
[7], and the delegating router returns them to the requesting router.
The requesting router subnets the delegated prefix and assigns the The requesting router subnets the delegated prefix and assigns the
longer prefixes to links in the subscriber's network. In a typical longer prefixes to links in the subscriber's network. In a typical
scenario based on the network shown in Figure 1, the requesting scenario based on the network shown in Figure 1, the requesting
router subnets a single delegated /48 prefix into /64 prefixes and router subnets a single delegated /48 prefix into /64 prefixes and
assigns one /64 prefix to each of the links in the subscriber assigns one /64 prefix to each of the links in the subscriber
network. network.
The prefix delegation options can be used in conjunction with other The prefix delegation options can be used in conjunction with other
DHCP options carrying other configuration information to the DHCP options carrying other configuration information to the
skipping to change at page 8, line 35 skipping to change at page 8, line 35
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IA_PD-options . . IA_PD-options .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_IA_PD (TBD) option-code: OPTION_IA_PD (TBD)
option-length: 12 + length of IA_PD-options field. option-length: 12 + length of IA_PD-options field.
IAID The unique identifier for this IA_PD; the IAID must IAID The unique identifier for this IA_PD; the IAID must be unique
be unique among the identifiers for all of this among the identifiers for all of this requesting router's IA_PDs.
requesting router's IA_PDs.
T1 The time at which the requesting router should T1 The time at which the requesting router should contact the
contact the delegating router from which the delegating router from which the prefixes in the IA_PD were
prefixes in the IA_PD were obtained to extend the obtained to extend the lifetimes of the prefixes delegated to the
lifetimes of the prefixes delegated to the IA_PD; IA_PD; T1 is a time duration relative to the current time
T1 is a time duration relative to the current time
expressed in units of seconds. expressed in units of seconds.
T2 The time at which the requesting router should T2 The time at which the requesting router should contact any
contact any available delegating router to extend available delegating router to extend the lifetimes of the
the lifetimes of the prefixes assigned to the prefixes assigned to the IA_PD; T2 is a time duration relative to
IA_PD; T2 is a time duration relative to the the current time expressed in units of seconds.
current time expressed in units of seconds.
IA_PD-options Options associated with this IA_PD. IA_PD-options Options associated with this IA_PD.
The IA_PD-options field encapsulates those options that are specific The IA_PD-options field encapsulates those options that are specific
to this IA_PD. For example, all of the IA_PD Prefix Options carrying to this IA_PD. For example, all of the IA_PD Prefix Options carrying
the prefixes associated with this IA_PD are in the IA_PD-options the prefixes associated with this IA_PD are in the IA_PD-options
field. field.
An IA_PD option may only appear in the options area of a DHCP An IA_PD option may only appear in the options area of a DHCP
message. A DHCP message may contain multiple IA_PD options. message. A DHCP message may contain multiple IA_PD options.
skipping to change at page 10, line 40 skipping to change at page 10, line 40
+-+-+-+-+-+-+-+-+ . +-+-+-+-+-+-+-+-+ .
. IAprefix-options . . IAprefix-options .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_IAPREFIX (TBD) option-code: OPTION_IAPREFIX (TBD)
option-length: 25 + length of IAprefix-options field option-length: 25 + length of IAprefix-options field
preferred-lifetime: The recommended preferred lifetime for the IPv6 preferred-lifetime: The recommended preferred lifetime for the IPv6
prefix in the option, expressed in units of prefix in the option, expressed in units of seconds. A value of
seconds. A value of 0xFFFFFFFF represents
infinity.
valid-lifetime: The valid lifetime for the IPv6 prefix in the
option, expressed in units of seconds. A value of
0xFFFFFFFF represents infinity. 0xFFFFFFFF represents infinity.
valid-lifetime: The valid lifetime for the IPv6 prefix in the option,
expressed in units of seconds. A value of 0xFFFFFFFF represents
infinity.
prefix-length: Length for this prefix in bits prefix-length: Length for this prefix in bits
IPv6-prefix: An IPv6 prefix IPv6-prefix: An IPv6 prefix
IAprefix-options: Options associated with this prefix
IAprefix-options: Options associated with this prefix
In a message sent by a requesting router to a delegating router, the In a message sent by a requesting router to a delegating router, the
values in the fields can be used to indicate the requesting router's values in the fields can be used to indicate the requesting router's
preference for those values. The requesting router may send a value preference for those values. The requesting router may send a value
of zero to indicate no preference. A requesting router may set the of zero to indicate no preference. A requesting router may set the
IPv6 prefix field to zero and a given value in the prefix-length IPv6 prefix field to zero and a given value in the prefix-length
field to indicate a preference for the size of the prefix to be field to indicate a preference for the size of the prefix to be
delegated. delegated.
In a message sent by a delegating router the preferred and valid In a message sent by a delegating router the preferred and valid
lifetimes should be set to the values of AdvPreferredLifetime and lifetimes should be set to the values of AdvPreferredLifetime and
skipping to change at page 12, line 30 skipping to change at page 12, line 28
prefix(es) to the requesting router, the delegating router selects prefix(es) to the requesting router, the delegating router selects
the prefix(es) to be delegated to the requesting router. The the prefix(es) to be delegated to the requesting router. The
mechanism through which the delegating router selects prefix(es) for mechanism through which the delegating router selects prefix(es) for
delegation is not specified in this document. Examples of ways in delegation is not specified in this document. Examples of ways in
which the delegating router might select prefix(es) for a requesting which the delegating router might select prefix(es) for a requesting
router include: static assignment based on subscription to an ISP; router include: static assignment based on subscription to an ISP;
dynamic assignment from a pool of available prefixes; selection based dynamic assignment from a pool of available prefixes; selection based
on an external authority such as a RADIUS server using the Framed- on an external authority such as a RADIUS server using the Framed-
IPv6-Prefix option as described in RFC 3162 [7]. IPv6-Prefix option as described in RFC 3162 [7].
If the delegating router cannot delegate any prefixes to an IA_PD in
the message from the requesting router, the delegating router MUST
include the IA_PD in the Advertise message with no prefixes in the
IA_PD and a Status Code option in the IA_PD containing status code
NoPrefixAvail.
If the requesting router includes an IA_PD Prefix option in the IA_PD If the requesting router includes an IA_PD Prefix option in the IA_PD
option in its Solicit message, the delegating router MAY choose to option in its Solicit message, the delegating router MAY choose to
use the information in that option to select the prefix(es) or prefix use the information in that option to select the prefix(es) or prefix
size to be delegated to the requesting router. size to be delegated to the requesting router.
The delegating router sends an Advertise message to the requesting The delegating router sends an Advertise message to the requesting
router in the same way as described in section "Creation and router in the same way as described in section "Creation and
transmission of Advertise messages" in the DHCP specification [6]. transmission of Advertise messages" in the DHCP specification [6].
The delegating router MUST include an IA_PD option, identifying any The delegating router MUST include an IA_PD option, identifying any
prefix(es) that the delegating router will delegate to the requesting prefix(es) that the delegating router will delegate to the requesting
router. router.
If the delegating router will not assign any prefixes to any IA_PDs If the delegating router will not assign any prefixes to any IA_PDs
in a subsequent Request from the requesting router, the delegating in a subsequent Request from the requesting router, the delegating
router MUST send an Advertise message to the requesting router that router MUST send an Advertise message to the requesting router that
includes a Status Code option with code NoPrefixAvail and a status includes the IA_PD with no prefixes in the IA_PD and a Status Code
option in the IA_PD containing status code NoPrefixAvail and a status
message for the user, a Server Identifier option with the delegating message for the user, a Server Identifier option with the delegating
router's DUID and a Client Identifier option with the requesting router's DUID and a Client Identifier option with the requesting
router's DUID. router's DUID.
12. Requesting router initiated prefix delegation 12. Requesting router initiated prefix delegation
A requesting router uses the same message exchanges as described in A requesting router uses the same message exchanges as described in
section "DHCP Client-Initiated Configuration Exchange" of the DHCP section "DHCP Client-Initiated Configuration Exchange" of the DHCP
specification [6] to obtain or update prefix(es) from a delegating specification [6] to obtain or update prefix(es) from a delegating
router. The requesting router and the delegating router use the router. The requesting router and the delegating router use the
skipping to change at page 13, line 26 skipping to change at page 13, line 19
12.1 Requesting router behaviour 12.1 Requesting router behaviour
The requesting router uses a Request message to populate IA_PDs with The requesting router uses a Request message to populate IA_PDs with
prefixes. The requesting router includes one or more IA_PD options prefixes. The requesting router includes one or more IA_PD options
in the Request message. The delegating router then returns the in the Request message. The delegating router then returns the
prefixes for the IA_PDs to the requesting router in IA_PD options in prefixes for the IA_PDs to the requesting router in IA_PD options in
a Reply message. a Reply message.
The requesting router includes IA_PD options in any Renew, or Rebind The requesting router includes IA_PD options in any Renew, or Rebind
messages sent by the requesting router. The IA_PD option include all messages sent by the requesting router. The IA_PD option includes
of the prefixes the requesting router currently has associated with all of the prefixes the requesting router currently has associated
that IA_PD. with that IA_PD.
In some circumstances the requesting router may need verification In some circumstances the requesting router may need verification
that the delegating router still has a valid binding for the that the delegating router still has a valid binding for the
requesting router. Examples of times when a requesting router may requesting router. Examples of times when a requesting router may
ask for such verification include: ask for such verification include:
o The requesting router reboots. o The requesting router reboots.
o The requesting router's upstream link flaps. o The requesting router's upstream link flaps.
skipping to change at page 14, line 29 skipping to change at page 14, line 22
NOT assign any delegated prefixes or subnets from the delegated NOT assign any delegated prefixes or subnets from the delegated
prefix(es) to the link through which it received the DHCP message prefix(es) to the link through which it received the DHCP message
from the delegating router. from the delegating router.
When a requesting router subnets a delegated prefix, it must assign When a requesting router subnets a delegated prefix, it must assign
additional bits to the prefix to generate unique, longer prefixes. additional bits to the prefix to generate unique, longer prefixes.
For example, if the requesting router in Figure 1 were delegated For example, if the requesting router in Figure 1 were delegated
3FFE:FFFF:0::/48, it might generate 3FFE:FFFF:0:1::/64 and 3FFE:FFFF:0::/48, it might generate 3FFE:FFFF:0:1::/64 and
3FFE:FFFF:0:2::/64 for assignment to the two links in the subscriber 3FFE:FFFF:0:2::/64 for assignment to the two links in the subscriber
network. If the requesting router were delegated 3FFE:FFFF:0::/48 network. If the requesting router were delegated 3FFE:FFFF:0::/48
and 3FFE:FFFF:1::/48, it might assign 3FFE:FFFF:0:1::/64 and and 3FFE:FFFF:5::/48, it might assign 3FFE:FFFF:0:1::/64 and
3FFE:FFFF:1:1::/64 to one of the links, and 3FFE:FFFF:0:2::/64 and 3FFE:FFFF:5:1::/64 to one of the links, and 3FFE:FFFF:0:2::/64 and
3FFE:FFFF:1:2::/64 for assignment to the other link. 3FFE:FFFF:5:2::/64 for assignment to the other link.
If the requesting router assigns a delegated prefix to a link to If the requesting router assigns a delegated prefix to a link to
which the router is attached, and begins to send router which the router is attached, and begins to send router
advertisements for the prefix on the link, the requesting router MUST advertisements for the prefix on the link, the requesting router MUST
set the valid lifetime in those advertisements to be no later than set the valid lifetime in those advertisements to be no later than
the valid lifetime specified in the IA_PD Prefix option. A the valid lifetime specified in the IA_PD Prefix option. A
requesting router MAY use the preferred lifetime specified in the requesting router MAY use the preferred lifetime specified in the
IA_PD Prefix option. IA_PD Prefix option.
Handling of Status Codes options in received Reply messages is Handling of Status Codes options in received Reply messages is
skipping to change at page 15, line 22 skipping to change at page 15, line 14
delegating router returns IA_PD Prefix options (within an IA_PD delegating router returns IA_PD Prefix options (within an IA_PD
option) with updated lifetimes for each valid prefix in the message option) with updated lifetimes for each valid prefix in the message
from the requesting router. If the delegating router finds that any from the requesting router. If the delegating router finds that any
of the prefixes are not in the requesting router's binding entry, the of the prefixes are not in the requesting router's binding entry, the
delegating router returns the prefix to the requesting router with delegating router returns the prefix to the requesting router with
lifetimes of 0. lifetimes of 0.
Behaviour in the case where the delegating router cannot find a Behaviour in the case where the delegating router cannot find a
binding for the requesting router's IA_PD: binding for the requesting router's IA_PD:
Renew message If the delegating router cannot find a binding Renew message If the delegating router cannot find a binding for the
for the requesting router's IA_PD the delegating requesting router's IA_PD the delegating router returns the IA_PD
router returns the IA_PD containing no prefixes containing no prefixes with a Status Code option set to NoBinding
with a Status Code option set to NoBinding in the in the Reply message.
Reply message.
Rebind message If the delegating router cannot find a binding Rebind message If the delegating router cannot find a binding for the
for the requesting router's IA_PD and the requesting router's IA_PD and the delegating router determines
delegating router determines that the prefixes in that the prefixes in the IA_PD are not appropriate for the link to
the IA_PD are not appropriate for the link to which the requesting router's interface is attached according to
which the requesting router's interface is the delegating routers explicit configuration, the delegating
attached according to the delegating routers router MAY send a Reply message to the requesting router
explicit configuration, the delegating router MAY containing the IA_PD with the lifetimes of the prefixes in the
send a Reply message to the requesting router IA_PD set to zero. This Reply constitutes an explicit
containing the IA_PD with the lifetimes of the notification to the requesting router that the prefixes in the
prefixes in the IA_PD set to zero. This Reply IA_PD are no longer valid. If the delegating router is unable to
constitutes an explicit notification to the determine if the prefix is not appropriate for the link, the
requesting router that the prefixes in the IA_PD Rebind message is discarded.
are no longer valid. If the delegating router is
unable to determine if the prefix is not
appropriate for the link, the Rebind message is
discarded.
A delegating router may mark any prefix(es) in IA_PD Prefix options A delegating router may mark any prefix(es) in IA_PD Prefix options
in a Release message from a requesting router as "available", in a Release message from a requesting router as "available",
dependent on the mechanism used to acquire the prefix, e.g in the dependent on the mechanism used to acquire the prefix, e.g in the
case of a dynamic pool. case of a dynamic pool.
The delegating router MUST include an IA_PD Prefix option or options The delegating router MUST include an IA_PD Prefix option or options
(in an IA_PD option) in Reply messages sent to a requesting router. (in an IA_PD option) in Reply messages sent to a requesting router.
13. Prefix Delegation reconfiguration 13. Prefix Delegation reconfiguration
skipping to change at page 16, line 47 skipping to change at page 16, line 34
prefixes into the provider edge router. prefixes into the provider edge router.
15. Security Considerations 15. Security Considerations
Security considerations in DHCP are described in the section Security considerations in DHCP are described in the section
"Security Considerations" of the DHCP specification [6]. "Security Considerations" of the DHCP specification [6].
A rogue delegating router can issue bogus prefixes to a requesting A rogue delegating router can issue bogus prefixes to a requesting
router. This may cause denial of service due to unreachability. router. This may cause denial of service due to unreachability.
An intruder requesting router may be able to mount a denial of A malicious requesting router may be able to mount a denial of
service attack by repeated requests for delegated prefixes that service attack by repeated requests for delegated prefixes that
exhaust the delegating router's available prefixes. exhaust the delegating router's available prefixes.
To guard against attacks through prefix delegation, requesting To guard against attacks through prefix delegation, requesting
routers and delegating routers SHOULD use DHCP authentication as routers and delegating routers SHOULD use DHCP authentication as
described in section "Authentication of DHCP messages" in the DHCP described in section "Authentication of DHCP messages" in the DHCP
specification [6]. For point to point links, where one trusts that specification [6]. For point to point links, where one trusts that
there is no man in the middle, or one trusts layer two there is no man in the middle, or one trusts layer two
authentication, DHCP authentication or IPsec may not be necessary. authentication, DHCP authentication or IPsec may not be necessary.
Because a requesting router and delegating routers must each have at Because a requesting router and delegating routers must each have at
skipping to change at page 17, line 26 skipping to change at page 17, line 14
OPTION_IA_PD OPTION_IA_PD
OPTION_IAPREFIX OPTION_IAPREFIX
from the option-code space as defined in section "DHCPv6 Options" of from the option-code space as defined in section "DHCPv6 Options" of
the DHCPv6 specification [6]. the DHCPv6 specification [6].
IANA is requested to assign a status code: IANA is requested to assign a status code:
NoPrefixAvail Delegating router has no prefixes available to NoPrefixAvail Delegating router has no prefixes available to assign
assign to the IAPD(s) to the IAPD(s)
from the status-code space as defined in section "Status Codes" of from the status-code space as defined in section "Status Codes" of
the DHCPv6 specification [6]. the DHCPv6 specification [6].
17. Acknowledgements 17. Acknowledgements
Thanks for the input and review by (in alphabetical order) Steve Thanks for the input and review by (in alphabetical order) Steve
Deering, Dave Forster, Brian Haberman, Tatuya Jinmei, Shin Miyakawa, Deering, Dave Forster, Brian Haberman, Tatuya Jinmei, Shin Miyakawa,
Pekka Savola, Bernie Volz, Trevor Warwick and Toshi Yamasaki. Pekka Savola, Bernie Volz, Trevor Warwick and Toshi Yamasaki.
skipping to change at page 19, line 4 skipping to change at page 18, line 34
Authors' Addresses Authors' Addresses
Ole Troan Ole Troan
Cisco Systems Cisco Systems
250 Longwater Avenue 250 Longwater Avenue
Reading RG2 6GB Reading RG2 6GB
United Kingdom United Kingdom
Phone: +44 20 8824 8666 Phone: +44 20 8824 8666
EMail: ot@cisco.com EMail: ot@cisco.com
Ralph Droms Ralph Droms
Cisco Systems Cisco Systems
300 Apollo Drive 1414 Massachusetts Avenue
Chelmsford, MA 01824 Boxborough, MA 01719
USA USA
Phone: +1 978 497 4733 Phone: +1 978 936-1674
EMail: rdroms@cisco.com EMail: rdroms@cisco.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/