| draft-ietf-dhc-userclass-09.txt | rfc3004.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force G. Stump | Network Working Group G. Stump | |||
| Dynamic Host Configuration Working Group IBM | Request for Comments: 3004 IBM | |||
| Internet Draft R. Droms | Category: Standards Track R. Droms | |||
| Expires: December 2000 Bucknell University | Cisco Systems | |||
| draft-ietf-dhc-userclass-09.txt Y. Gu | Y. Gu | |||
| R. Vyaghrapuri | R. Vyaghrapuri | |||
| A. Demirtjis | A. Demirtjis | |||
| Microsoft | Microsoft | |||
| B. Beser | B. Beser | |||
| 3Com | Pacific Broadband Communications | |||
| J. Privat | J. Privat | |||
| BT | Northstream AB | |||
| July 2000 | November 2000 | |||
| The User Class Option for DHCP | The User Class Option for DHCP | |||
| <draft-ietf-dhc-userclass-09.txt> | ||||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document specifies an Internet standards track protocol for the | |||
| all provisions of Section 10 of RFC2026. | Internet community, and requests discussion and suggestions for | |||
| improvements. Please refer to the current edition of the "Internet | ||||
| Official Protocol Standards" (STD 1) for the standardization state | ||||
| and status of this protocol. Distribution of this memo is unlimited. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Copyright Notice | |||
| Task Force (IETF), its areas, and its working groups. Note that | ||||
| other groups may also distribute working documents as Internet- | Copyright (C) The Internet Society (2000). All Rights Reserved. | |||
| Drafts. Internet-Drafts are draft documents valid for a maximum of | ||||
| six months and may be updated, replaced, or obsoleted by other | ||||
| documents at any time. It is inappropriate to use Internet- Drafts | ||||
| as reference material or to cite them other than as "work in | ||||
| progress." | ||||
| The list of current Internet-Drafts can be accessed at | ||||
| http://www.ietf.org/ietf/1id-abstracts.txt | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | ||||
| http://www.ietf.org/shadow.html. | ||||
| Abstract | Abstract | |||
| This option is used by a DHCP client to optionally identify the type | This option is used by a Dynamic Host Configuration Protocol (DHCP) | |||
| or category of user or applications it represents. | client to optionally identify the type or category of user or | |||
| The information contained in this option is an opaque field that | applications it represents. The information contained in this option | |||
| represents the user class of which the client is a member. | is an opaque field that represents the user class of which the client | |||
| Based on this class, a DHCP server selects the appropriate address | is a member. Based on this class, a DHCP server selects the | |||
| pool to assign an address to the client and the appropriate | appropriate address pool to assign an address to the client and the | |||
| configuration parameters. | appropriate configuration parameters. This option should be | |||
| This option should be configurable by a user. | configurable by a user. | |||
| 1. Introduction | 1. Introduction | |||
| It is often desirable to provide different levels of service to | DHCP administrators may define specific user class identifiers to | |||
| different users of an IP network. | convey information about a client's software configuration or about | |||
| In order for an IP network to implement this service | its user's preferences. For example, the User Class option can be | |||
| differentiation, it needs a way to classify users. A simple solution | used to configure all clients of people in the accounting department | |||
| to this is to use source IP addresses for classification. Under this | with a different printer than clients of people in the marketing | |||
| scheme, network administrators first configure network devices such | department. | |||
| as routers to recognize traffic from a particular source IP address | ||||
| (or address range) and handle it specially to meet the desired level | ||||
| of service. Next, they assign the IP addresses to the hosts of the | ||||
| intended users so that the user will receive the appropriate level | ||||
| of service. They can configure the hosts manually with these | ||||
| addresses. However, they cannot use DHCP for address assignment, | ||||
| even if they are already running a DHCP server in their network. A | ||||
| current RFC-compliant DHCP server assigns IP addresses based on the | ||||
| location of the DHCP Client in the network topology, not the type of | ||||
| user it supports. | ||||
| This document describes a simple extension of the DHCP protocol that | ||||
| enables a DHCP server to assign IP addresses from different address | ||||
| pools depending on the type of users from which it receives DHCP | ||||
| requests. With this new extension, network administrators will be | ||||
| able to use DHCP to hand out the appropriate addresses to clients. | ||||
| An example intended usage is a corporate network subnet consisting | ||||
| of different departments of users, such as Accounting, Legal, Staff, | ||||
| etc. It may be desirable to allocate logical address pools to each | ||||
| of the departments so that network policies may be implemented | ||||
| easily on IP address ranges; and this would facilitate providing | ||||
| differential services, such as network reachability. | ||||
| A DHCP server can also use the information contained in the User | ||||
| Class to allocate other configuration parameters than the IP | ||||
| address. For example, a DHCP server receiving a request from a | ||||
| client with the User Class set to "accounting auditors" may return | ||||
| an option with the address of a particular database server. Indeed a | ||||
| DHCP server may have a single pool of addresses and only use the | ||||
| user class to select parameters other than IP addresses. | ||||
| 2. Requirements Terminology | 2. Requirements Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [3]. | document are to be interpreted as described in RFC 2119 [3]. | |||
| 3. DHCP Terminology | 3. DHCP Terminology | |||
| o "DHCP client" | o "DHCP client" | |||
| A DHCP client or "client" is an Internet host using DHCP to obtain | A DHCP client or "client" is an Internet host using DHCP to obtain | |||
| configuration parameters such as a network address. | configuration parameters such as a network address. | |||
| o "DHCP server" | o "DHCP server" | |||
| A DHCP server or "server" is an Internet host that returns | A DHCP server or "server" is an Internet host that returns | |||
| configuration parameters to DHCP clients. | configuration parameters to DHCP clients. | |||
| o "binding" | o "binding" | |||
| A binding is a collection of configuration parameters, including at | A binding is a collection of configuration parameters, including at | |||
| least an IP address, associated with or "bound to" a DHCP client. | least an IP address, associated with or "bound to" a DHCP client. | |||
| Bindings are managed by DHCP servers. | Bindings are managed by DHCP servers. | |||
| 4. User Class option | 4. User Class option | |||
| This option is used by a DHCP client to optionally identify the type | This option is used by a DHCP client to optionally identify the type | |||
| or category of user or applications it represents. | or category of user or applications it represents. A DHCP server | |||
| A DHCP server uses the User Class option to choose the address pool | uses the User Class option to choose the address pool it allocates an | |||
| it allocates an address from and/or to select any other | address from and/or to select any other configuration option. | |||
| configuration option. | ||||
| This option is a DHCP option [1, 2]. | This option is a DHCP option [1, 2]. | |||
| This option MAY carry multiple User Classes. | This option MAY carry multiple User Classes. Servers may interpret | |||
| Servers may interpret the meanings of multiple class specifications | the meanings of multiple class specifications in an implementation | |||
| in an implementation dependent or configuration dependent manner, | dependent or configuration dependent manner, and so the use of | |||
| and so the use of multiple classes by a DHCP client should be based | multiple classes by a DHCP client should be based on the specific | |||
| on the specific server implementation and configuration which will | server implementation and configuration which will be used to process | |||
| be used to process that User class option. | that User class option. | |||
| The format of this option is as follows: | The format of this option is as follows: | |||
| Code Len Value | Code Len Value | |||
| +-----+-----+--------------------- . . . --+ | +-----+-----+--------------------- . . . --+ | |||
| | 77 | N | User Class Data ('Len' octets) | | | 77 | N | User Class Data ('Len' octets) | | |||
| +-----+-----+--------------------- . . . --+ | +-----+-----+--------------------- . . . --+ | |||
| where Value consists of one or more instances of User Class Data. | where Value consists of one or more instances of User Class Data. | |||
| Each instance of User Class Data is formatted as follows: | Each instance of User Class Data is formatted as follows: | |||
| UC_Len_i User_Class_Data_i | UC_Len_i User_Class_Data_i | |||
| +--------+------------------------ . . . --+ | +--------+------------------------ . . . --+ | |||
| | L_i | Opaque-Data ('UC_Len_i' octets) | | | L_i | Opaque-Data ('UC_Len_i' octets) | | |||
| +--------+------------------------ . . . --+ | +--------+------------------------ . . . --+ | |||
| Each User Class value (User_Class_Data_i) is indicated as an opaque | Each User Class value (User_Class_Data_i) is indicated as an opaque | |||
| field. | field. The value in UC_Len_i does not include the length field | |||
| The value in UC_Len_i does not include the length field itself and | itself and MUST be non-zero. Let m be the number of User Classes | |||
| MUST be non-zero. | carried in the option. The length of the option as specified in Len | |||
| Let m be the number of User Classes carried in the option. The | must be the sum of the lengths of each of the class names plus m: | |||
| length of the option as specified in Len must be the sum of the | Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. If any instances of | |||
| lengths of each of the class names plus m: | User Class Data are present, the minimum value of Len is two (Len = | |||
| Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. | UC_Len_1 + 1 = 1 + 1 = 2). | |||
| If any instances of User Class Data are present, the minimum value | ||||
| of Len is two (Len = UC_Len_1 + 1 = 1 + 1 = 2). | ||||
| The Code for this option is 77. | The Code for this option is 77. | |||
| A server that is not equipped to interpret any given user class | A server that is not equipped to interpret any given user class | |||
| specified by a client MUST ignore it (although it may be reported). | specified by a client MUST ignore it (although it may be reported). | |||
| If a server recognizes one or more user classes specified by the | If a server recognizes one or more user classes specified by the | |||
| client, but does not recognize one or more other user classes | client, but does not recognize one or more other user classes | |||
| specified by the client, the server MAY use the user classes it | specified by the client, the server MAY use the user classes it | |||
| recognizes. | recognizes. | |||
| DHCP clients implementing this option SHOULD allow users to enter | DHCP clients implementing this option SHOULD allow users to enter one | |||
| one or more user class values. | or more user class values. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| Option 77, which IANA has already assigned for this purpose, should | Option 77, which IANA has already assigned for this purpose, should | |||
| be used as the User Class Option for DHCP. | be used as the User Class Option for DHCP. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| DHCP currently provides no authentication or security mechanisms. | DHCP currently provides no authentication or security mechanisms. | |||
| Potential exposures to attack are discussed is section 7 of the | Potential exposures to attack are discussed is section 7 of the | |||
| protocol specification [1]. | protocol specification [1]. | |||
| This lack of authentication mechanism means that a DHCP server | ||||
| cannot check if a client or user is authorised to use a given User | This lack of authentication mechanism means that a DHCP server cannot | |||
| Class. | check if a client or user is authorized to use a given User Class. | |||
| This introduces an obvious vulnerability when using the User Class | This introduces an obvious vulnerability when using the User Class | |||
| option. For example, if the User Class is used to give out special | option. For example, if the User Class is used to give out a special | |||
| IP addresses that have better QoS associated with them (as described | parameter (e.g., a particular database server), there is no way to | |||
| in section 1), there is no way to authenticate a client and it is | authenticate a client and it is therefore impossible to check if a | |||
| therefore impossible to check if a client is authorised to use such | client is authorized to use this parameter. | |||
| an IP address. | ||||
| 7. References | 7. References | |||
| [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, | [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March | |||
| March 1997. | 1997. | |||
| [2] Alexander, S., and Droms R., "DHCP Options and BOOTP Vendor | [2] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | |||
| Extensions", RFC 2132, March 1997. | Extensions", RFC 2132, March 1997. | |||
| [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
| Levels," RFC 2119, March 1997. | Levels", BCP 14, RFC 2119, March 1997. | |||
| 8. Acknowledgments | 8. Acknowledgments | |||
| This document is based on earlier drafts by Glenn Stump, Ralph | ||||
| Droms, Ye Gu, Ramesh Vyaghrapuri and Burcak Beser. | ||||
| Thanks to Ted Lemon, Steve Gonczi, Kim Kinnear, Bernie Volz, Richard | ||||
| Jones, Barr Hibbs and Thomas Narten for their comments and | ||||
| suggestions. | ||||
| 9. Author Information | This document is based on earlier drafts by Glenn Stump, Ralph Droms, | |||
| Ye Gu, Ramesh Vyaghrapuri and Burcak Beser. Thanks to Ted Lemon, | ||||
| Steve Gonczi, Kim Kinnear, Bernie Volz, Richard Jones, Barr Hibbs and | ||||
| Thomas Narten for their comments and suggestions. | ||||
| 9. Authors' Addresses | ||||
| Glenn Stump | Glenn Stump | |||
| IBM Networking Software | IBM Networking Software | |||
| P.O. Box 12195 | P.O. Box 12195 | |||
| RTP, NC 27709 | RTP, NC 27709 | |||
| Phone: (919) 301-4277 | ||||
| Email: stumpga@us.ibm.com | Phone: 919 301 4277 | |||
| EMail: stumpga@us.ibm.com | ||||
| Ralph Droms | Ralph Droms | |||
| Computer Science Department | Cisco Systems | |||
| 323 Dana Engineering | 300 Apollo Drive | |||
| Bucknell University | Chelmsford, MA 01824 | |||
| Lewisburg, PA 17837 | ||||
| Phone: (717) 524-1145 | Phone: 978 244 4733 | |||
| Email: droms@bucknell.edu | EMail: rdroms@cisco.com | |||
| Ye Gu | Ye Gu | |||
| Microsoft Corporation | Microsoft Corporation | |||
| One Microsoft Way | One Microsoft Way | |||
| Redmond, WA 98052 | Redmond, WA 98052 | |||
| Phone: 425 936 8601 | ||||
| Email: yegu@microsoft.com | ||||
| Phone: 425 936 8601 | ||||
| EMail: yegu@microsoft.com | ||||
| Ramesh Vyaghrapuri | Ramesh Vyaghrapuri | |||
| Microsoft Corporation | Microsoft Corporation | |||
| One Microsoft Way | One Microsoft Way | |||
| Redmond, WA 98052 | Redmond, WA 98052 | |||
| Phone: 425 703 9581 | Phone: 425 703 9581 | |||
| Email: rameshv@microsoft.com | EMail: rameshv@microsoft.com | |||
| Burcak Beser | Burcak Beser | |||
| 3Com Corporation | Pacific Broadband Communications | |||
| 3800 Golf Road | 3103 North 1st Street | |||
| Rolling Meadows, IL | San Jose, CA 95134 | |||
| Phone: 847 262 2195 | ||||
| Email: Burcak_Beser@3com.com | Phone: 408 468 6265 | |||
| Email: Burcak@pacband.com | ||||
| Ann Demirtjis | Ann Demirtjis | |||
| Microsoft Corporation | Microsoft Corporation | |||
| One Microsoft Way | One Microsoft Way | |||
| Redmond WA 98052 | Redmond WA 98052 | |||
| Phone: 425-705-2254 | ||||
| Email: annd@microsoft.com | Phone: 425 705 2254 | |||
| EMail: annd@microsoft.com | ||||
| Jerome Privat | Jerome Privat | |||
| BT Advanced Communications Technology Centre | Northstream AB | |||
| Adastral Park, Martlesham Heath, IP5 3RE | Espace Beethoven 1 | |||
| UK | 1200 Route des Lucioles | |||
| Phone: +44 1473 606304 | BP 302 | |||
| Email: jerome.privat@bt.com | 06906 Sophia Antipolis Cedex | |||
| France | ||||
| Phone: +33 4 97 23 40 45 | ||||
| Fax: +33 4 97 23 24 51 | ||||
| Mobile: +33 6 13 81 76 71 | ||||
| Email: jerome.privat@northstream.se | ||||
| Full Copyright Statement | Full Copyright Statement | |||
| "Copyright (C) The Internet Society (2000). All Rights Reserved. | Copyright (C) The Internet Society (2000). All Rights Reserved. | |||
| This document and translations of it may be copied and furnished to | This document and translations of it may be copied and furnished to | |||
| others, and derivative works that comment on or otherwise explain it | others, and derivative works that comment on or otherwise explain it | |||
| or assist in its implmentation may be prepared, copied, published | or assist in its implementation may be prepared, copied, published | |||
| and distributed, in whole or in part, without restriction of any | and distributed, in whole or in part, without restriction of any | |||
| kind, provided that the above copyright notice and this paragraph | kind, provided that the above copyright notice and this paragraph are | |||
| are included on all such copies and derivative works. However, this | included on all such copies and derivative works. However, this | |||
| document itself may not be modified in any way, such as by removing | document itself may not be modified in any way, such as by removing | |||
| the copyright notice or references to the Internet Society or other | the copyright notice or references to the Internet Society or other | |||
| Internet organizations, except as needed for the purpose of | Internet organizations, except as needed for the purpose of | |||
| developing Internet standards in which case the procedures for | developing Internet standards in which case the procedures for | |||
| copyrights defined in the Internet Standards process must be | copyrights defined in the Internet Standards process must be | |||
| followed, or as required to translate it into languages other than | followed, or as required to translate it into languages other than | |||
| English. | English. | |||
| The limited permissions granted above are perpetual and will not be | The limited permissions granted above are perpetual and will not be | |||
| revoked by the Internet Society or its successors or assigns. | revoked by the Internet Society or its successors or assigns. | |||
| This document and the information contained herein is provided on an | This document and the information contained herein is provided on an | |||
| "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING | "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING | |||
| TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING | TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING | |||
| BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION | BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION | |||
| HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF | HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF | |||
| MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." | MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Acknowledgement | ||||
| Funding for the RFC Editor function is currently provided by the | ||||
| Internet Society. | ||||
| End of changes. 33 change blocks. | ||||
| 144 lines changed or deleted | 117 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||