draft-ietf-dhc-userclass-09.txt   rfc3004.txt 
Internet Engineering Task Force G. Stump Network Working Group G. Stump
Dynamic Host Configuration Working Group IBM Request for Comments: 3004 IBM
Internet Draft R. Droms Category: Standards Track R. Droms
Expires: December 2000 Bucknell University Cisco Systems
draft-ietf-dhc-userclass-09.txt Y. Gu Y. Gu
R. Vyaghrapuri R. Vyaghrapuri
A. Demirtjis A. Demirtjis
Microsoft Microsoft
B. Beser B. Beser
3Com Pacific Broadband Communications
J. Privat J. Privat
BT Northstream AB
July 2000 November 2000
The User Class Option for DHCP The User Class Option for DHCP
<draft-ietf-dhc-userclass-09.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document specifies an Internet standards track protocol for the
all provisions of Section 10 of RFC2026. Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Internet-Drafts are working documents of the Internet Engineering Copyright Notice
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- Copyright (C) The Internet Society (2000). All Rights Reserved.
Drafts. Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet- Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract Abstract
This option is used by a DHCP client to optionally identify the type This option is used by a Dynamic Host Configuration Protocol (DHCP)
or category of user or applications it represents. client to optionally identify the type or category of user or
The information contained in this option is an opaque field that applications it represents. The information contained in this option
represents the user class of which the client is a member. is an opaque field that represents the user class of which the client
Based on this class, a DHCP server selects the appropriate address is a member. Based on this class, a DHCP server selects the
pool to assign an address to the client and the appropriate appropriate address pool to assign an address to the client and the
configuration parameters. appropriate configuration parameters. This option should be
This option should be configurable by a user. configurable by a user.
1. Introduction 1. Introduction
It is often desirable to provide different levels of service to DHCP administrators may define specific user class identifiers to
different users of an IP network. convey information about a client's software configuration or about
In order for an IP network to implement this service its user's preferences. For example, the User Class option can be
differentiation, it needs a way to classify users. A simple solution used to configure all clients of people in the accounting department
to this is to use source IP addresses for classification. Under this with a different printer than clients of people in the marketing
scheme, network administrators first configure network devices such department.
as routers to recognize traffic from a particular source IP address
(or address range) and handle it specially to meet the desired level
of service. Next, they assign the IP addresses to the hosts of the
intended users so that the user will receive the appropriate level
of service. They can configure the hosts manually with these
addresses. However, they cannot use DHCP for address assignment,
even if they are already running a DHCP server in their network. A
current RFC-compliant DHCP server assigns IP addresses based on the
location of the DHCP Client in the network topology, not the type of
user it supports.
This document describes a simple extension of the DHCP protocol that
enables a DHCP server to assign IP addresses from different address
pools depending on the type of users from which it receives DHCP
requests. With this new extension, network administrators will be
able to use DHCP to hand out the appropriate addresses to clients.
An example intended usage is a corporate network subnet consisting
of different departments of users, such as Accounting, Legal, Staff,
etc. It may be desirable to allocate logical address pools to each
of the departments so that network policies may be implemented
easily on IP address ranges; and this would facilitate providing
differential services, such as network reachability.
A DHCP server can also use the information contained in the User
Class to allocate other configuration parameters than the IP
address. For example, a DHCP server receiving a request from a
client with the User Class set to "accounting auditors" may return
an option with the address of a particular database server. Indeed a
DHCP server may have a single pool of addresses and only use the
user class to select parameters other than IP addresses.
2. Requirements Terminology 2. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3]. document are to be interpreted as described in RFC 2119 [3].
3. DHCP Terminology 3. DHCP Terminology
o "DHCP client" o "DHCP client"
A DHCP client or "client" is an Internet host using DHCP to obtain A DHCP client or "client" is an Internet host using DHCP to obtain
configuration parameters such as a network address. configuration parameters such as a network address.
o "DHCP server" o "DHCP server"
A DHCP server or "server" is an Internet host that returns A DHCP server or "server" is an Internet host that returns
configuration parameters to DHCP clients. configuration parameters to DHCP clients.
o "binding" o "binding"
A binding is a collection of configuration parameters, including at A binding is a collection of configuration parameters, including at
least an IP address, associated with or "bound to" a DHCP client. least an IP address, associated with or "bound to" a DHCP client.
Bindings are managed by DHCP servers. Bindings are managed by DHCP servers.
4. User Class option 4. User Class option
This option is used by a DHCP client to optionally identify the type This option is used by a DHCP client to optionally identify the type
or category of user or applications it represents. or category of user or applications it represents. A DHCP server
A DHCP server uses the User Class option to choose the address pool uses the User Class option to choose the address pool it allocates an
it allocates an address from and/or to select any other address from and/or to select any other configuration option.
configuration option.
This option is a DHCP option [1, 2]. This option is a DHCP option [1, 2].
This option MAY carry multiple User Classes. This option MAY carry multiple User Classes. Servers may interpret
Servers may interpret the meanings of multiple class specifications the meanings of multiple class specifications in an implementation
in an implementation dependent or configuration dependent manner, dependent or configuration dependent manner, and so the use of
and so the use of multiple classes by a DHCP client should be based multiple classes by a DHCP client should be based on the specific
on the specific server implementation and configuration which will server implementation and configuration which will be used to process
be used to process that User class option. that User class option.
The format of this option is as follows: The format of this option is as follows:
Code Len Value Code Len Value
+-----+-----+--------------------- . . . --+ +-----+-----+--------------------- . . . --+
| 77 | N | User Class Data ('Len' octets) | | 77 | N | User Class Data ('Len' octets) |
+-----+-----+--------------------- . . . --+ +-----+-----+--------------------- . . . --+
where Value consists of one or more instances of User Class Data. where Value consists of one or more instances of User Class Data.
Each instance of User Class Data is formatted as follows: Each instance of User Class Data is formatted as follows:
UC_Len_i User_Class_Data_i UC_Len_i User_Class_Data_i
+--------+------------------------ . . . --+ +--------+------------------------ . . . --+
| L_i | Opaque-Data ('UC_Len_i' octets) | | L_i | Opaque-Data ('UC_Len_i' octets) |
+--------+------------------------ . . . --+ +--------+------------------------ . . . --+
Each User Class value (User_Class_Data_i) is indicated as an opaque Each User Class value (User_Class_Data_i) is indicated as an opaque
field. field. The value in UC_Len_i does not include the length field
The value in UC_Len_i does not include the length field itself and itself and MUST be non-zero. Let m be the number of User Classes
MUST be non-zero. carried in the option. The length of the option as specified in Len
Let m be the number of User Classes carried in the option. The must be the sum of the lengths of each of the class names plus m:
length of the option as specified in Len must be the sum of the Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. If any instances of
lengths of each of the class names plus m: User Class Data are present, the minimum value of Len is two (Len =
Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. UC_Len_1 + 1 = 1 + 1 = 2).
If any instances of User Class Data are present, the minimum value
of Len is two (Len = UC_Len_1 + 1 = 1 + 1 = 2).
The Code for this option is 77. The Code for this option is 77.
A server that is not equipped to interpret any given user class A server that is not equipped to interpret any given user class
specified by a client MUST ignore it (although it may be reported). specified by a client MUST ignore it (although it may be reported).
If a server recognizes one or more user classes specified by the If a server recognizes one or more user classes specified by the
client, but does not recognize one or more other user classes client, but does not recognize one or more other user classes
specified by the client, the server MAY use the user classes it specified by the client, the server MAY use the user classes it
recognizes. recognizes.
DHCP clients implementing this option SHOULD allow users to enter DHCP clients implementing this option SHOULD allow users to enter one
one or more user class values. or more user class values.
5. IANA Considerations 5. IANA Considerations
Option 77, which IANA has already assigned for this purpose, should Option 77, which IANA has already assigned for this purpose, should
be used as the User Class Option for DHCP. be used as the User Class Option for DHCP.
6. Security Considerations 6. Security Considerations
DHCP currently provides no authentication or security mechanisms. DHCP currently provides no authentication or security mechanisms.
Potential exposures to attack are discussed is section 7 of the Potential exposures to attack are discussed is section 7 of the
protocol specification [1]. protocol specification [1].
This lack of authentication mechanism means that a DHCP server
cannot check if a client or user is authorised to use a given User This lack of authentication mechanism means that a DHCP server cannot
Class. check if a client or user is authorized to use a given User Class.
This introduces an obvious vulnerability when using the User Class This introduces an obvious vulnerability when using the User Class
option. For example, if the User Class is used to give out special option. For example, if the User Class is used to give out a special
IP addresses that have better QoS associated with them (as described parameter (e.g., a particular database server), there is no way to
in section 1), there is no way to authenticate a client and it is authenticate a client and it is therefore impossible to check if a
therefore impossible to check if a client is authorised to use such client is authorized to use this parameter.
an IP address.
7. References 7. References
[1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March
March 1997. 1997.
[2] Alexander, S., and Droms R., "DHCP Options and BOOTP Vendor [2] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels," RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
8. Acknowledgments 8. Acknowledgments
This document is based on earlier drafts by Glenn Stump, Ralph
Droms, Ye Gu, Ramesh Vyaghrapuri and Burcak Beser.
Thanks to Ted Lemon, Steve Gonczi, Kim Kinnear, Bernie Volz, Richard
Jones, Barr Hibbs and Thomas Narten for their comments and
suggestions.
9. Author Information This document is based on earlier drafts by Glenn Stump, Ralph Droms,
Ye Gu, Ramesh Vyaghrapuri and Burcak Beser. Thanks to Ted Lemon,
Steve Gonczi, Kim Kinnear, Bernie Volz, Richard Jones, Barr Hibbs and
Thomas Narten for their comments and suggestions.
9. Authors' Addresses
Glenn Stump Glenn Stump
IBM Networking Software IBM Networking Software
P.O. Box 12195 P.O. Box 12195
RTP, NC 27709 RTP, NC 27709
Phone: (919) 301-4277
Email: stumpga@us.ibm.com Phone: 919 301 4277
EMail: stumpga@us.ibm.com
Ralph Droms Ralph Droms
Computer Science Department Cisco Systems
323 Dana Engineering 300 Apollo Drive
Bucknell University Chelmsford, MA 01824
Lewisburg, PA 17837
Phone: (717) 524-1145 Phone: 978 244 4733
Email: droms@bucknell.edu EMail: rdroms@cisco.com
Ye Gu Ye Gu
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
Phone: 425 936 8601
Email: yegu@microsoft.com
Phone: 425 936 8601
EMail: yegu@microsoft.com
Ramesh Vyaghrapuri Ramesh Vyaghrapuri
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
Phone: 425 703 9581 Phone: 425 703 9581
Email: rameshv@microsoft.com EMail: rameshv@microsoft.com
Burcak Beser Burcak Beser
3Com Corporation Pacific Broadband Communications
3800 Golf Road 3103 North 1st Street
Rolling Meadows, IL San Jose, CA 95134
Phone: 847 262 2195
Email: Burcak_Beser@3com.com Phone: 408 468 6265
Email: Burcak@pacband.com
Ann Demirtjis Ann Demirtjis
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond WA 98052 Redmond WA 98052
Phone: 425-705-2254
Email: annd@microsoft.com Phone: 425 705 2254
EMail: annd@microsoft.com
Jerome Privat Jerome Privat
BT Advanced Communications Technology Centre Northstream AB
Adastral Park, Martlesham Heath, IP5 3RE Espace Beethoven 1
UK 1200 Route des Lucioles
Phone: +44 1473 606304 BP 302
Email: jerome.privat@bt.com 06906 Sophia Antipolis Cedex
France
Phone: +33 4 97 23 40 45
Fax: +33 4 97 23 24 51
Mobile: +33 6 13 81 76 71
Email: jerome.privat@northstream.se
Full Copyright Statement Full Copyright Statement
"Copyright (C) The Internet Society (2000). All Rights Reserved. Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph kind, provided that the above copyright notice and this paragraph are
are included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than followed, or as required to translate it into languages other than
English. English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 33 change blocks. 
144 lines changed or deleted 117 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/