| draft-ietf-dhc-isnsoption-06.txt | draft-ietf-dhc-isnsoption-07.txt | |||
|---|---|---|---|---|
| DHC Working Group Charles Monia | DHC Working Group Charles Monia | |||
| INTERNET DRAFT Josh Tseng | INTERNET DRAFT Josh Tseng | |||
| Expires: November 2003 Kevin Gibbons | Expires: December 2003 Kevin Gibbons | |||
| Internet Draft | Internet Draft | |||
| Document: <draft-ietf-dhc-isnsoption-06.txt> Nishan Systems | Document: <draft-ietf-dhc-isnsoption-07.txt> Nishan Systems | |||
| Category: Standards Track May 2003 | Category: Standards Track June 2003 | |||
| The IPv4 DHCP Options for the Internet Storage Name Service | The IPv4 DHCP Options for the Internet Storage Name Service | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of [RFC2026]. | all provisions of Section 10 of [RFC2026]. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 2, line 4 | skipping to change at page 2, line 4 | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| Comments | Comments | |||
| Comments should be sent to the DHCP mailing list (dhcwg@ietf.org) or | Comments should be sent to the DHCP mailing list (dhcwg@ietf.org) or | |||
| to the authors. | to the authors. | |||
| Table of Contents | Table of Contents | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| Status of this Memo...................................................1 | Status of this Memo...................................................1 | |||
| Comments..............................................................1 | Comments..............................................................1 | |||
| Abstract..............................................................3 | Abstract..............................................................3 | |||
| Conventions used in this document.....................................3 | Conventions used in this document.....................................3 | |||
| 1.Introduction.......................................................3 | 1.Introduction.......................................................3 | |||
| 2.iSNS Option for DHCP...............................................4 | 2.iSNS Option for DHCP...............................................4 | |||
| 2.1 iSNS Functions Field.............................................5 | 2.1 iSNS Functions Field.............................................5 | |||
| 2.2 Discovery Domain Access Field....................................7 | 2.2 Discovery Domain Access Field....................................7 | |||
| 2.3 Administrative Flags Field.......................................8 | 2.3 Administrative Flags Field.......................................8 | |||
| 2.4 iSNS Server Security Bitmap......................................9 | 2.4 iSNS Server Security Bitmap......................................9 | |||
| 3.Security Considerations...........................................10 | 3.Security Considerations...........................................10 | |||
| 4.IANA Considerations...............................................10 | 4.IANA Considerations...............................................10 | |||
| 5.Normative References..............................................10 | 5.Normative References..............................................10 | |||
| 6.Non-Normative References..........................................11 | 6.Non-Normative References..........................................11 | |||
| 7.Author's Addresses................................................11 | 7.Author's Addresses................................................11 | |||
| Full Copyright Statement.............................................12 | Full Copyright Statement.............................................12 | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| Abstract | Abstract | |||
| This document describes the DHCP option to allow Internet Storage | This document describes the DHCP option to allow Internet Storage | |||
| Name Service (iSNS) clients to automatically discover the location | Name Service (iSNS) clients to automatically discover the location | |||
| of the iSNS server through the use of DHCP for IPv4. iSNS provides | of the iSNS server through the use of DHCP for IPv4. iSNS provides | |||
| discovery and management capabilities for Internet SCSI (iSCSI) and | discovery and management capabilities for Internet SCSI (iSCSI) and | |||
| Internet Fibre Channel Protocol (iFCP) storage devices in an | Internet Fibre Channel Protocol (iFCP) storage devices in an | |||
| enterprise-scale IP storage network. iSNS provides intelligent | enterprise-scale IP storage network. iSNS provides intelligent | |||
| storage management services comparable to those found in Fibre | storage management services comparable to those found in Fibre | |||
| skipping to change at page 4, line 4 | skipping to change at page 4, line 4 | |||
| The Dynamic Host Configuration Protocol for IPv4 provides a | The Dynamic Host Configuration Protocol for IPv4 provides a | |||
| framework for passing configuration information to hosts. Its | framework for passing configuration information to hosts. Its | |||
| usefulness extends to hosts and devices using the iSCSI and iFCP | usefulness extends to hosts and devices using the iSCSI and iFCP | |||
| protocols to connect to block level storage assets over a TCP/IP | protocols to connect to block level storage assets over a TCP/IP | |||
| network. | network. | |||
| The iSNS Protocol provides a framework for automated discovery, | The iSNS Protocol provides a framework for automated discovery, | |||
| management, and configuration of iSCSI and iFCP devices on a TCP/IP | management, and configuration of iSCSI and iFCP devices on a TCP/IP | |||
| network. It provides functionality similar to that found on Fibre | network. It provides functionality similar to that found on Fibre | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| Channel networks, except that iSNS works within the context of an IP | Channel networks, except that iSNS works within the context of an IP | |||
| network. iSNS thereby provides the requisite storage intelligence | network. iSNS thereby provides the requisite storage intelligence | |||
| to IP networks that are standard on existing Fibre Channel networks. | to IP networks that are standard on existing Fibre Channel networks. | |||
| Existing DHCP options cannot be used to find iSNS servers for the | Existing DHCP options cannot be used to find iSNS servers for the | |||
| following reasons: | following reasons: | |||
| a) iSNS functionality is distinctly different from other protocols | a) iSNS functionality is distinctly different from other protocols | |||
| using DHCP options. Specifically, iSNS provides a significant | using DHCP options. Specifically, iSNS provides a significant | |||
| skipping to change at page 5, line 5 | skipping to change at page 5, line 5 | |||
| | Additional Secondary iSNS Servers | | | Additional Secondary iSNS Servers | | |||
| | . . . . | | | . . . . | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Figure 1 -- iSNS Server Option | Figure 1 -- iSNS Server Option | |||
| The iSNS Option specifies a list of IP addresses used by iSNS | The iSNS Option specifies a list of IP addresses used by iSNS | |||
| servers. The option contains the following parameters: | servers. The option contains the following parameters: | |||
| Length: the number of bytes that follow the Length field. | Length: the number of bytes that follow the Length field. | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| iSNS Functions: A bitmapped field defining the functions supported | iSNS Functions: A bitmapped field defining the functions supported | |||
| by the iSNS servers. The format of this field is described | by the iSNS servers. The format of this field is described | |||
| in section 2.1. | in section 2.1. | |||
| Discovery Domain Access: A bit field indicating the types of iSNS | Discovery Domain Access: A bit field indicating the types of iSNS | |||
| clients that are allowed to modify Discovery Domains. The | clients that are allowed to modify Discovery Domains. The | |||
| field contents are described in section 2.2. | field contents are described in section 2.2. | |||
| Administrative Flags field: Contains the administrative settings for | Administrative Flags field: Contains the administrative settings for | |||
| skipping to change at page 6, line 5 | skipping to change at page 6, line 5 | |||
| 2.1 iSNS Functions Field | 2.1 iSNS Functions Field | |||
| The iSNS Functions Field defines the iSNS server's operational role | The iSNS Functions Field defines the iSNS server's operational role | |||
| (i.e., how the iSNS server is to be used). The iSNS server's role | (i.e., how the iSNS server is to be used). The iSNS server's role | |||
| can be as basic as providing simple discovery information, or as | can be as basic as providing simple discovery information, or as | |||
| significant as providing IKE/IPSec security policies and | significant as providing IKE/IPSec security policies and | |||
| certificates for the use of iSCSI and iFCP devices. The format of | certificates for the use of iSCSI and iFCP devices. The format of | |||
| the iSNS Functions field is shown in Figure 2: | the iSNS Functions field is shown in Figure 2: | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| 0 1 1 | 0 1 1 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Reserved |S|A|E| | | Reserved |S|A|E| | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Figure 2 -- iSNS Functions Field | Figure 2 -- iSNS Functions Field | |||
| Bit field Significance | Bit field Significance | |||
| --------- ------------ | --------- ------------ | |||
| skipping to change at page 7, line 5 | skipping to change at page 7, line 5 | |||
| Security Policy Indicates whether the iSNS client is to | Security Policy Indicates whether the iSNS client is to | |||
| Distribution: download and use the security policy | Distribution: download and use the security policy | |||
| configuration stored in the iSNS server. | configuration stored in the iSNS server. | |||
| If set to one, then the policy is stored in | If set to one, then the policy is stored in | |||
| the iSNS server and must be used by the | the iSNS server and must be used by the | |||
| iSNS client for its own security policy. | iSNS client for its own security policy. | |||
| If set to zero, then the iSNS client must | If set to zero, then the iSNS client must | |||
| obtain its security policy configuration by | obtain its security policy configuration by | |||
| other means. | other means. | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| 2.2 Discovery Domain Access Field | 2.2 Discovery Domain Access Field | |||
| The format of the DD Access bit field is shown in Figure 3: | The format of the DD Access bit field is shown in Figure 3: | |||
| 0 1 | 0 1 | |||
| 0 1 2 3 4 5 6 ... 5 | 0 1 2 3 4 5 6 ... 5 | |||
| +---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+ | |||
| | if| tf| is| ts| C | E | Reserved | | | if| tf| is| ts| C | E | Reserved | | |||
| +---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+ | |||
| skipping to change at page 8, line 4 | skipping to change at page 8, line 4 | |||
| iFCP Target Port, (determined by iSCSI Node Type or iFCP | iFCP Target Port, (determined by iSCSI Node Type or iFCP | |||
| iFCP Initiator Port Role) is allowed to add, delete, or | iFCP Initiator Port Role) is allowed to add, delete, or | |||
| Port: modify Discovery Domains. If set to | Port: modify Discovery Domains. If set to | |||
| one, then modification by the specified | one, then modification by the specified | |||
| client type is allowed. If set to zero, | client type is allowed. If set to zero, | |||
| then modification by the specified | then modification by the specified | |||
| client type is not allowed. | client type is not allowed. | |||
| (A node may implement multiple node | (A node may implement multiple node | |||
| types.) | types.) | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| 2.3 Administrative Flags Field | 2.3 Administrative Flags Field | |||
| The format of the Administrative Flags bit field is shown in | The format of the Administrative Flags bit field is shown in | |||
| Figure 4: | Figure 4: | |||
| 0 1 1 | 0 1 1 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | RESERVED |D|M|H|E| | | RESERVED |D|M|H|E| | |||
| skipping to change at page 9, line 4 | skipping to change at page 9, line 4 | |||
| Management SCNs: Indicates whether control nodes are | Management SCNs: Indicates whether control nodes are | |||
| authorized to register to receive | authorized to register to receive | |||
| Management State Change Notifications | Management State Change Notifications | |||
| (SCN's). Management SCN's are a special | (SCN's). Management SCN's are a special | |||
| class of State Change Notification whose | class of State Change Notification whose | |||
| scope is the entire iSNS database. If | scope is the entire iSNS database. If | |||
| set to one, then control nodes are | set to one, then control nodes are | |||
| authorized to register to receive | authorized to register to receive | |||
| Management SCN's. If set to zero, then | Management SCN's. If set to zero, then | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| control nodes are not authorized to | control nodes are not authorized to | |||
| receive Management SCN's (although they | receive Management SCN's (although they | |||
| may receive normal SCN's). | may receive normal SCN's). | |||
| Default Discovery Indicates whether a newly registered | Default Discovery Indicates whether a newly registered | |||
| Domain: device that is not explicitly placed | Domain: device that is not explicitly placed | |||
| into a Discovery Domain (DD) and | into a Discovery Domain (DD) and | |||
| Discovery Domain Set (DDS) should be | Discovery Domain Set (DDS) should be | |||
| automatically placed into a default DD | automatically placed into a default DD | |||
| skipping to change at page 10, line 5 | skipping to change at page 10, line 5 | |||
| 31 Enabled | 31 Enabled | |||
| 30 IKE/IPSec | 30 IKE/IPSec | |||
| 29 Main Mode | 29 Main Mode | |||
| 28 Aggressive Mode | 28 Aggressive Mode | |||
| 27 PFS | 27 PFS | |||
| 26 Transport Mode | 26 Transport Mode | |||
| 25 Tunnel Mode | 25 Tunnel Mode | |||
| iSNS Server Security Bitmap definitions: | iSNS Server Security Bitmap definitions: | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| Enabled This bit specifies the validity of the | Enabled This bit specifies the validity of the | |||
| remainder of the iSNS server security | remainder of the iSNS server security | |||
| bitmap. If set to one, then the contents | bitmap. If set to one, then the contents | |||
| of the remainder of the field are valid. | of the remainder of the field are valid. | |||
| If set to zero, then the contents of the | If set to zero, then the contents of the | |||
| rest of the field are undefined and MUST | rest of the field are undefined and MUST | |||
| be ignored. | be ignored. | |||
| IKE/IPSec 1 = IKE/IPSec enabled; 0 = IKE/IPSec | IKE/IPSec 1 = IKE/IPSec enabled; 0 = IKE/IPSec | |||
| skipping to change at page 10, line 48 | skipping to change at page 10, line 48 | |||
| With regard to security considerations specific to the use of this | With regard to security considerations specific to the use of this | |||
| DHCP option for iSNS server discovery, exposure to a "man-in-the- | DHCP option for iSNS server discovery, exposure to a "man-in-the- | |||
| middle" attack by a hostile entity modifying or replacing the | middle" attack by a hostile entity modifying or replacing the | |||
| original iSNS option message should be considered a potential | original iSNS option message should be considered a potential | |||
| security exposure. If the authentication option in [RFC3118] is not | security exposure. If the authentication option in [RFC3118] is not | |||
| implemented, then an attacker may trick the iSNS client into | implemented, then an attacker may trick the iSNS client into | |||
| connecting into rogue iSNS servers. | connecting into rogue iSNS servers. | |||
| If the authentication option for DHCP is not implemented and it is | If the authentication option for DHCP is not implemented and it is | |||
| determined that the potential exists for a ôman-in-the-middleö | determined that the potential exists for a "man-in-the-middle" | |||
| attack, then the DHCP option message for iSNS should not be | attack, then the DHCP option message for iSNS should not be | |||
| utilized. | utilized. | |||
| iSNS security considerations are discussed in [iSNS] and [SEC-IPS]. | iSNS security considerations are discussed in [iSNS] and [SEC-IPS]. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| None. | IANA has assigned an option code of TBD for the iSNS option. | |||
| 5. Normative References | 5. Normative References | |||
| DHCP Option Number for iSNS Revision 6 May 2003 | DHCP Option Number for iSNS Revision 7 June 2003 | |||
| [DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC | [DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC | |||
| 2131, Bucknell University, March 1997. | 2131, Bucknell University, March 1997. | |||
| [RFC2026] Bradner, S., "The Internet Standards Process -- | [RFC2026] Bradner, S., "The Internet Standards Process -- | |||
| Revision 3", BCP 9, RFC 2026, October 1996 | Revision 3", BCP 9, RFC 2026, October 1996 | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997 | Requirement Levels", BCP 14, RFC 2119, March 1997 | |||
| skipping to change at page 12, line 6 | skipping to change at page 12, line 6 | |||
| Nishan Systems | Nishan Systems | |||
| 3850 North First Street | 3850 North First Street | |||
| San Jose, CA 95134-1702 | San Jose, CA 95134-1702 | |||
| Phone: (408) 519-3700 | Phone: (408) 519-3700 | |||
| Email: cmonia@nishansystems.com | Email: cmonia@nishansystems.com | |||
| jtseng@nishansystems.com | jtseng@nishansystems.com | |||
| kgibbons@nishansystems.com | kgibbons@nishansystems.com | |||
| Full Copyright Statement | Full Copyright Statement | |||
| "Copyright (C) The Internet Society May 2003. All Rights Reserved. | "Copyright (C) The Internet Society June 2003. All Rights Reserved. | |||
| This document and translations of it may be copied and furnished to | This document and translations of it may be copied and furnished to | |||
| others, and derivative works that comment on or otherwise explain it | others, and derivative works that comment on or otherwise explain it | |||
| or assist in its implementation may be prepared, copied, published | or assist in its implementation may be prepared, copied, published | |||
| and distributed, in whole or in part, without restriction of any | and distributed, in whole or in part, without restriction of any | |||
| kind, provided that the above copyright notice and this paragraph | kind, provided that the above copyright notice and this paragraph | |||
| are included on all such copies and derivative works. However, this | are included on all such copies and derivative works. However, this | |||
| document itself may not be modified in any way, such as by removing | document itself may not be modified in any way, such as by removing | |||
| the copyright notice or references to the Internet Society or other | the copyright notice or references to the Internet Society or other | |||
| Internet organizations, except as needed for the purpose of | Internet organizations, except as needed for the purpose of | |||
| developing Internet standards in which case the procedures for | developing Internet standards in which case the procedures for | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||