draft-ietf-dhc-userclass-08.txt   draft-ietf-dhc-userclass-09.txt 
Internet Engineering Task Force Glenn Stump, IBM
INTERNET DRAFT Ralph Droms, Bucknell University Internet Engineering Task Force G. Stump
Date: June 2000 Ye Gu, Ramesh Vyaghrapuri, Dynamic Host Configuration Working Group IBM
Expires: November 2000 Ann Demirtjis, Microsoft Internet Draft R. Droms
Burcak Beser, 3Com Expires: December 2000 Bucknell University
Jerome Privat, BT draft-ietf-dhc-userclass-09.txt Y. Gu
R. Vyaghrapuri
A. Demirtjis
Microsoft
B. Beser
3Com
J. Privat
BT
July 2000
The User Class Option for DHCP The User Class Option for DHCP
<draft-ietf-dhc-userclass-08.txt> <draft-ietf-dhc-userclass-09.txt>
Status of this Memo Status of this Memo
The document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with
of the provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as Internet-
Internet-Drafts. Drafts. Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by other
Internet-Drafts are draft documents valid for a maximum of six months documents at any time. It is inappropriate to use Internet- Drafts
and may be updated, replaced, or obsoleted by other documents at any as reference material or to cite them other than as "work in
time. It is inappropriate to use Intenet-Drafts as reference progress."
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
This option is used by a DHCP client to optionally identify the This option is used by a DHCP client to optionally identify the type
type or category of user or applications it represents. The or category of user or applications it represents.
information contained in this option is an opaque field The information contained in this option is an opaque field that
that represents the user class of which the client is a member. represents the user class of which the client is a member.
Based on this class, a DHCP server selects the appropriate address Based on this class, a DHCP server selects the appropriate address
pool to assign an address to the client and the appropriate pool to assign an address to the client and the appropriate
configuration parameters. configuration parameters.
This option should be configurable by a user. This option should be configurable by a user.
1. Introduction 1. Introduction
It is often desirable to provide different levels of service It is often desirable to provide different levels of service to
to different users of an IP network. different users of an IP network.
In order for an IP network to implement this service In order for an IP network to implement this service
differentiation, it needs a way to classify users. A simple differentiation, it needs a way to classify users. A simple solution
solution to this is to use source IP addresses for classification. to this is to use source IP addresses for classification. Under this
Under this scheme, network administrators first configure network scheme, network administrators first configure network devices such
devices such as routers to recognize traffic from a particular as routers to recognize traffic from a particular source IP address
source IP address (or address range) and handle it specially to (or address range) and handle it specially to meet the desired level
meet the desired level of service. Next, they assign the IP of service. Next, they assign the IP addresses to the hosts of the
addresses to the hosts of the intended users so that the user will intended users so that the user will receive the appropriate level
receive the appropriate level of service. They can configure the of service. They can configure the hosts manually with these
hosts manually with these addresses. However, they cannot use DHCP addresses. However, they cannot use DHCP for address assignment,
for address assignment, even if they are already running a DHCP even if they are already running a DHCP server in their network. A
server in their network. A current RFC-compliant DHCP server assigns current RFC-compliant DHCP server assigns IP addresses based on the
IP addresses based on the location of the DHCP Client in the network location of the DHCP Client in the network topology, not the type of
topology, not the type of user it supports. user it supports.
This document describes a simple extension of the DHCP protocol This document describes a simple extension of the DHCP protocol that
that enables a DHCP server to assign IP addresses from different enables a DHCP server to assign IP addresses from different address
address pools depending on the type of users from which it receives pools depending on the type of users from which it receives DHCP
DHCP requests. With this new extension, network administrators will requests. With this new extension, network administrators will be
be able to use DHCP to hand out the appropriate addresses to clients. able to use DHCP to hand out the appropriate addresses to clients.
An example intended usage is a corporate network subnet consisting An example intended usage is a corporate network subnet consisting
of different departments of users, such as Accounting, Legal, Staff, of different departments of users, such as Accounting, Legal, Staff,
etc. It may be desirable to allocate logical address pools to each etc. It may be desirable to allocate logical address pools to each
of the departments so that network policies may be implemented easily of the departments so that network policies may be implemented
on IP address ranges; and this would facilitate providing easily on IP address ranges; and this would facilitate providing
differential services, such as network reachibility. differential services, such as network reachability.
A DHCP server can also use the information contained in the User A DHCP server can also use the information contained in the User
Class to allocate other configuration parameters than the IP Class to allocate other configuration parameters than the IP
address. For example, a DHCP server receiving a request from a address. For example, a DHCP server receiving a request from a
client with the User Class set to "accounting auditors" may return client with the User Class set to "accounting auditors" may return
an option with the address of a particular database server. an option with the address of a particular database server. Indeed a
Indeed a DHCP server may have a single pool of addresses and DHCP server may have a single pool of addresses and only use the
only use the user class to select parameters other than IP user class to select parameters other than IP addresses.
addresses.
2. Requirements Terminology 2. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3]. document are to be interpreted as described in RFC 2119 [3].
3. DHCP Terminology 3. DHCP Terminology
o "DHCP client" o "DHCP client"
skipping to change at line 90 skipping to change at line 94
2. Requirements Terminology 2. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3]. document are to be interpreted as described in RFC 2119 [3].
3. DHCP Terminology 3. DHCP Terminology
o "DHCP client" o "DHCP client"
A DHCP client or "client" is an Internet host using DHCP to obtain A DHCP client or "client" is an Internet host using DHCP to obtain
configuration parameters such as a network address. configuration parameters such as a network address.
o "DHCP server" o "DHCP server"
A DHCP server or "server" is an Internet host that returns
A DHCP server of "server"is an Internet host that returns
configuration parameters to DHCP clients. configuration parameters to DHCP clients.
o "binding" o "binding"
A binding is a collection of configuration parameters, including at
A binding is a collection of configuration parameters, including least an IP address, associated with or "bound to" a DHCP client.
at least an IP address, associated with or "bound to" a DHCP Bindings are managed by DHCP servers.
client. Bindings are managed by DHCP servers.
4. User Class option 4. User Class option
This option is used by a DHCP client to optionally identify the This option is used by a DHCP client to optionally identify the type
type or category of user or applications it represents. or category of user or applications it represents.
A DHCP server uses the User Class option to choose the address A DHCP server uses the User Class option to choose the address pool
pool it allocates an address from and/or to select any other it allocates an address from and/or to select any other
configuration option. configuration option.
This option is a DHCP option [1, 2]. This option is a DHCP option [1, 2].
This option MAY carry multiple User Classes. This option MAY carry multiple User Classes.
Servers may interpret the meanings of multiple class Servers may interpret the meanings of multiple class specifications
specifications in an implementation dependent or in an implementation dependent or configuration dependent manner,
configuration dependent manner, and so the use of multiple and so the use of multiple classes by a DHCP client should be based
classes by a DHCP client should be based on the specific server on the specific server implementation and configuration which will
implementation and configuration which will be used to process be used to process that User class option.
that User class option.
The format of this option is as follows: The format of this option is as follows:
Code Len Value Code Len Value
+-----+-----+--------------------- . . . --+ +-----+-----+--------------------- . . . --+
| 77 | N | User Class Data ('Len' octets) | | 77 | N | User Class Data ('Len' octets) |
+-----+-----+--------------------- . . . --+ +-----+-----+--------------------- . . . --+
where Value consists of zero or more instances of User Class Data. where Value consists of one or more instances of User Class Data.
Each instance of User Class Data is formatted as follows: Each instance of User Class Data is formatted as follows:
UC_Len_i User_Class_Data_i UC_Len_i User_Class_Data_i
+--------+------------------------ . . . --+ +--------+------------------------ . . . --+
| L_i | Opaque-Data ('UC_Len_i' octets) | | L_i | Opaque-Data ('UC_Len_i' octets) |
+--------+------------------------ . . . --+ +--------+------------------------ . . . --+
Each User Class value (User_Class_Data_i) is indicated as an opaque Each User Class value (User_Class_Data_i) is indicated as an opaque
field. field.
The value in UC_Len_i does not include the length field itself The value in UC_Len_i does not include the length field itself and
and MUST be non-zero. MUST be non-zero.
Let m be the number of User Classes carried in the option. The Let m be the number of User Classes carried in the option. The
length of the option as specified in Len must be the sum of the length of the option as specified in Len must be the sum of the
lengths of each of the class names plus m: lengths of each of the class names plus m:
Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m.
If any instances of User Class Data are present, the minimum If any instances of User Class Data are present, the minimum value
value of Len is two (Len = UC_Len_1 + 1 = 1 + 1 = 2). of Len is two (Len = UC_Len_1 + 1 = 1 + 1 = 2).
The Code for this option is 77. The Code for this option is 77.
A server that is not equipped to interpret any given user class A server that is not equipped to interpret any given user class
specified by a client MUST ignore it (although it may be reported). specified by a client MUST ignore it (although it may be reported).
If a server recognizes one or more user classes specified by the If a server recognizes one or more user classes specified by the
client, but does not recognize one or more other user classes client, but does not recognize one or more other user classes
specified by the client, the server MAY use the user classes it specified by the client, the server MAY use the user classes it
recognizes. recognizes.
DHCP clients implementing this option SHOULD allow users to enter DHCP clients implementing this option SHOULD allow users to enter
one or more user class values. one or more user class values.
5. IANA Considerations 5. IANA Considerations
Option 77, which IANA has already assigned for this purpose, Option 77, which IANA has already assigned for this purpose, should
should be used as the User Class Option for DHCP. be used as the User Class Option for DHCP.
6. Security Considerations 6. Security Considerations
DHCP currently provides no authentication or security DHCP currently provides no authentication or security mechanisms.
mechanisms. Potential exposures to attack are discussed Potential exposures to attack are discussed is section 7 of the
is section 7 of the protocol specification [1]. protocol specification [1].
This lack of authentication mechanism means that a DHCP server This lack of authentication mechanism means that a DHCP server
cannot check if a client or user is authorised to use a cannot check if a client or user is authorised to use a given User
given User Class. Class.
This introduces an obvious vulnerability when using the User This introduces an obvious vulnerability when using the User Class
Class option. For example, if the User Class is used to give option. For example, if the User Class is used to give out special
out special IP addresses that have better QoS associated with IP addresses that have better QoS associated with them (as described
them (as described in section 1), there is no way to authenticate in section 1), there is no way to authenticate a client and it is
a client and it is therefore impossible to check if a client is therefore impossible to check if a client is authorised to use such
authorised to use such an IP address. an IP address.
7. References 7. References
[1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[2] S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor [2] Alexander, S., and Droms R., "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels," RFC 2119, March 1997. Levels," RFC 2119, March 1997.
8. Acknowledgments 8. Acknowledgments
This document is based on earlier drafts by Glenn Stump, Ralph
This document is based on earlier drafts by Glenn Stump, Droms, Ye Gu, Ramesh Vyaghrapuri and Burcak Beser.
Ralph Droms, Ye Gu, Ramesh Vyaghrapuri and Burcak Beser. Thanks to Ted Lemon, Steve Gonczi, Kim Kinnear, Bernie Volz, Richard
Thanks to Ted Lemon, Steve Gonczi, Kim Kinnear, Bernie Volz, Jones, Barr Hibbs and Thomas Narten for their comments and
Richard Jones, Barr Hibbs and Thomas Narten for their comments suggestions.
and suggestions.
9. Author Information 9. Author Information
Glenn Stump Glenn Stump
IBM Networking Software IBM Networking Software
P.O. Box 12195 P.O. Box 12195
RTP, NC 27709 RTP, NC 27709
Phone: (919) 301-4277 Phone: (919) 301-4277
Email: stumpga@us.ibm.com Email: stumpga@us.ibm.com
skipping to change at line 244 skipping to change at line 243
Rolling Meadows, IL Rolling Meadows, IL
Phone: 847 262 2195 Phone: 847 262 2195
Email: Burcak_Beser@3com.com Email: Burcak_Beser@3com.com
Ann Demirtjis Ann Demirtjis
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond WA 98052 Redmond WA 98052
Phone: 425-705-2254 Phone: 425-705-2254
Email: annd@microsoft.com Email: annd@microsoft.com
Jerome Privat Jerome Privat
BT Advanced Communications Technology Centre BT Advanced Communications Technology Centre
Adastral Park, Martlesham Heath, IP5 3RE Adastral Park, Martlesham Heath, IP5 3RE
UK UK
Phone: +44 1473 648910 Phone: +44 1473 606304
Email: jerome.privat@bt.com Email: jerome.privat@bt.com
10. Expiration Full Copyright Statement
This document will expire on November 2000.
Copyright Statement "Copyright (C) The Internet Society (2000). All Rights Reserved.
Copyright (c) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implmentation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However, this are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than followed, or as required to translate it into languages other than
English. English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/