draft-ietf-dhc-vpn-option-13.txt   draft-ietf-dhc-vpn-option-14.txt 
DHC Working Group Kim Kinnear DHC Working Group Kim Kinnear
Internet Draft Richard Johnson Internet Draft Richard Johnson
Intended Status: Standards Track Mark Stapp Updates: 3046 Mark Stapp
Expires: October 29, 2011 Cisco Systems Intended Status: Standards Track Cisco Systems
Jay Kumarasamy Expires: May 15, 2012 Jay Kumarasamy
April 29, 2011 November 15, 2011
Virtual Subnet Selection Options for DHCPv4 and DHCPv6 Virtual Subnet Selection Options for DHCPv4 and DHCPv6
<draft-ietf-dhc-vpn-option-13.txt> <draft-ietf-dhc-vpn-option-14.txt>
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 2, line 27 skipping to change at page 2, line 27
Abstract Abstract
This memo defines a Virtual Subnet Selection (VSS) option for each of This memo defines a Virtual Subnet Selection (VSS) option for each of
DHCPv4 and DHCPv6, and a VSS sub-option carried in the DHCPv4 relay- DHCPv4 and DHCPv6, and a VSS sub-option carried in the DHCPv4 relay-
agent-information option. These are intended for use by DHCP agent-information option. These are intended for use by DHCP
clients, relay agents, and proxy clients in situations where VSS clients, relay agents, and proxy clients in situations where VSS
information needs to be passed to the DHCP server for proper address information needs to be passed to the DHCP server for proper address
or prefix allocation to take place. or prefix allocation to take place.
For the DHCPv4 option and relay-agent-information sub-option, this For the DHCPv4 option and relay-agent-information sub-option, this
memo documents existing usage as per RFC 3942 [RFC3942]. memo documents existing usage as per RFC 3942 [RFC3942]. This memo
updates RFC 3046 [RFC3046] regarding details relating to copying of
sub-options (see Section 8).
Table of Contents Table of Contents
1. Introduction................................................. 3 1. Introduction................................................. 3
2. Terminology.................................................. 4 2. Terminology.................................................. 4
3. Virtual Subnet Selection Option and Sub-Options Definitions.. 5 3. Virtual Subnet Selection Option and Sub-Options Definitions.. 5
3.1. DHCPv4 Virtual Subnet Selection Option..................... 5 3.1. DHCPv4 Virtual Subnet Selection Option..................... 5
3.2. DHCPv4 Virtual Subnet Selection Sub-Option................. 6 3.2. DHCPv4 Virtual Subnet Selection Sub-Option................. 6
3.3. DHCPv4 Virtual Subnet Selection Control Sub-Option......... 6 3.3. DHCPv4 Virtual Subnet Selection Control Sub-Option......... 6
3.4. DHCPv6 Virtual Subnet Selection Option..................... 7 3.4. DHCPv6 Virtual Subnet Selection Option..................... 7
skipping to change at page 3, line 4 skipping to change at page 3, line 7
4.3. Required Support........................................... 14 4.3. Required Support........................................... 14
4.4. Alternative VPN assignment approaches...................... 14 4.4. Alternative VPN assignment approaches...................... 14
5. Relay Agent Behavior......................................... 14 5. Relay Agent Behavior......................................... 14
5.1. VPN assignment by the DHCP server.......................... 16 5.1. VPN assignment by the DHCP server.......................... 16
5.2. DHCP Leasequery............................................ 17 5.2. DHCP Leasequery............................................ 17
6. Client Behavior.............................................. 17 6. Client Behavior.............................................. 17
7. Server Behavior.............................................. 18 7. Server Behavior.............................................. 18
7.1. Returning the DHCPv4 or DHCPv6 Option...................... 19 7.1. Returning the DHCPv4 or DHCPv6 Option...................... 19
7.2. Returning the DHCPv4 Sub-Option............................ 20 7.2. Returning the DHCPv4 Sub-Option............................ 20
7.3. Making sense of conflicting VSS information................ 21 7.3. Making sense of conflicting VSS information................ 21
8. Security..................................................... 21 8. Updates to RFC 3046.......................................... 21
9. IANA Considerations.......................................... 22 9. Security..................................................... 22
10. Acknowledgments............................................. 23 10. IANA Considerations......................................... 23
11. References.................................................. 23 11. Acknowledgments............................................. 23
11.1. Normative References...................................... 23 12. References.................................................. 24
11.2. Informative References.................................... 24 12.1. Normative References...................................... 24
12.2. Informative References.................................... 24
1. Introduction 1. Introduction
There is a growing use of Virtual Private Network (VPN) There is a growing use of Virtual Private Network (VPN)
configurations. The growth comes from many areas; individual client configurations. The growth comes from many areas; individual client
systems needing to appear to be on the home corporate network even systems needing to appear to be on the home corporate network even
when traveling, ISPs providing extranet connectivity for customer when traveling, ISPs providing extranet connectivity for customer
companies, etc. In some of these cases there is a need for the DHCP companies, etc. In some of these cases there is a need for the DHCP
server to know the VPN (hereafter called a "Virtual Subnet Selector" server to know the VPN (hereafter called a "Virtual Subnet Selector"
or "VSS") from which an address, and other resources, should be or "VSS") from which an address, and other resources, should be
skipping to change at page 21, line 43 skipping to change at page 21, line 43
In these situations where multiple VSS option or sub-options appear In these situations where multiple VSS option or sub-options appear
in the incoming packet or message, when the DHCP server constructs in the incoming packet or message, when the DHCP server constructs
the response to be sent to the DHCP client or relay agent, all the response to be sent to the DHCP client or relay agent, all
existing VSS options or sub-options MUST be replicated in the existing VSS options or sub-options MUST be replicated in the
appropriate places in the response and MUST contain only the VSS appropriate places in the response and MUST contain only the VSS
information that was used by the DHCP server to allocate the IP information that was used by the DHCP server to allocate the IP
address (with, of course, the exception of a DHCPv4 relay-agent- address (with, of course, the exception of a DHCPv4 relay-agent-
information sub-option VSS-Control). information sub-option VSS-Control).
8. Security 8. Updates to RFC 3046
This document updates the specification of the Relay Agent
Information option in RFC 3046 as follows:
Change the first sentence, second paragraph, section 2.2 of RFC 3046:
o OLD:
DHCP servers claiming to support the Relay Agent Information
option SHALL echo the entire contents of the Relay Agent
Information option in all replies.
o NEW:
DHCP servers claiming to support the Relay Agent Information
option SHALL echo the entire contents of the Relay Agent
Information option in all replies, except if otherwise specified
in the definition of specific Relay Agent Information sub-
options.
9. Security
Message authentication in DHCPv4 for intradomain use where the out- Message authentication in DHCPv4 for intradomain use where the out-
of-band exchange of a shared secret is feasible is defined in of-band exchange of a shared secret is feasible is defined in
[RFC3118]. Potential exposures to attack are discussed in Section 7 [RFC3118]. Potential exposures to attack are discussed in Section 7
of the DHCP protocol specification in [RFC2131]. of the DHCP protocol specification in [RFC2131].
Implementations should consider using the DHCPv4 Authentication Implementations should consider using the DHCPv4 Authentication
option [RFC3118] to protect DHCPv4 client access in order to provide option [RFC3118] to protect DHCPv4 client access in order to provide
a higher level of security if it is deemed necessary in their a higher level of security if it is deemed necessary in their
environment. environment.
skipping to change at page 22, line 40 skipping to change at page 23, line 13
option or sub-option to override the DHCP client's VSS option. option or sub-option to override the DHCP client's VSS option.
Servers that implement the VSS option and sub-option MUST by default Servers that implement the VSS option and sub-option MUST by default
disable use of the feature; it must specifically be enabled through disable use of the feature; it must specifically be enabled through
configuration. Moreover, a server SHOULD provide the ability to configuration. Moreover, a server SHOULD provide the ability to
selectively enable use of the feature under restricted conditions, selectively enable use of the feature under restricted conditions,
e.g., by enabling use of the option only from explicitly configured e.g., by enabling use of the option only from explicitly configured
client-ids, enabling its use only by clients on a particular subnet, client-ids, enabling its use only by clients on a particular subnet,
or restricting the VSSs from which addresses may be requested. or restricting the VSSs from which addresses may be requested.
9. IANA Considerations 10. IANA Considerations
IANA is requested to assign DHCPv4 option number 221 for the DHCPv4 IANA is requested to assign DHCPv4 option number 221 for the DHCPv4
VSS option defined in Section 3.1, in accordance with [RFC3942]. VSS option defined in Section 3.1, in accordance with [RFC3942].
IANA is requested to assign sub-option number 151 for the DHCPv4 VSS IANA is requested to assign sub-option number 151 for the DHCPv4 VSS
sub-option defined in Section 3.2 from the DHCP Relay Agent Sub- sub-option defined in Section 3.2 from the DHCP Relay Agent Sub-
options space [RFC3046], in accordance with the spirit of [RFC3942]. options space [RFC3046], in accordance with the spirit of [RFC3942].
While [RFC3942] doesn't explicitly mention the sub-option space for While [RFC3942] doesn't explicitly mention the sub-option space for
the DHCP Relay Agent Information option [RFC3046], sub-option 151 is the DHCP Relay Agent Information option [RFC3046], sub-option 151 is
already in use by existing implementations of this sub-option and the already in use by existing implementations of this sub-option and the
skipping to change at page 23, line 23 skipping to change at page 23, line 44
IANA is to create and maintain a new sub-registry entitled "VSS Type IANA is to create and maintain a new sub-registry entitled "VSS Type
values". This sub-registry needs to be related to both the DHCPv4 values". This sub-registry needs to be related to both the DHCPv4
and DHCPv6 VSS options and the DHCPv4 relay-agent-information option and DHCPv6 VSS options and the DHCPv4 relay-agent-information option
sub-option (all defined by this document), since the type byte in sub-option (all defined by this document), since the type byte in
these two options and one sub-option MUST have identical definitions. these two options and one sub-option MUST have identical definitions.
New values for the type byte may only be defined by IETF Consensus, New values for the type byte may only be defined by IETF Consensus,
as described in [RFC5226]. Basically, this means that they are as described in [RFC5226]. Basically, this means that they are
defined by RFCs approved by the IESG. defined by RFCs approved by the IESG.
10. Acknowledgments 11. Acknowledgments
Bernie Volz recommended consolidation of the DHCPv4 option and sub- Bernie Volz recommended consolidation of the DHCPv4 option and sub-
option drafts after extensive review of the former drafts, and option drafts after extensive review of the former drafts, and
provided valuable assistance in structuring and reviewing this provided valuable assistance in structuring and reviewing this
document. Alper Yegin expressed interest in the DHCPv6 VSS option, document. Alper Yegin expressed interest in the DHCPv6 VSS option,
resulting in this combined draft covering all three areas. Alfred resulting in this combined draft covering all three areas. Alfred
Hoenes provided assistance with editorial review as well as raising Hoenes provided assistance with editorial review as well as raising
substantive protocol issues. David Hankins and Bernie Volz each substantive protocol issues. David Hankins and Bernie Volz each
raised important protocol issues which resulted in a clarified raised important protocol issues which resulted in a clarified
document. Josh Littlefield provided editorial assistance. Several document. Josh Littlefield provided editorial assistance. Several
IESG reviewers took the time to substantially review this document, IESG reviewers took the time to substantially review this document,
resulting in much increased clarity. resulting in much increased clarity.
11. References 12. References
11.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997. Requirement Levels", RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
skipping to change at page 24, line 22 skipping to change at page 24, line 39
M. Carney, "Dynamic Host Configuration Protocol for IPv6 M. Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003. (DHCPv6)", RFC 3315, July 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633, December Host Configuration Protocol (DHCP) version 6", RFC 3633, December
2003. 2003.
[RFC4994] Zeng, S., Volz, B., Kinnear, K. and J. Brzozowski, "DHCPv6 [RFC4994] Zeng, S., Volz, B., Kinnear, K. and J. Brzozowski, "DHCPv6
Relay Agent Echo Request Option", RFC 4994, September 2007. Relay Agent Echo Request Option", RFC 4994, September 2007.
11.2. Informative References 12.2. Informative References
[RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol", RFC 951, [RFC951] Croft, B. and J. Gilmore, "Bootstrap Protocol", RFC 951,
September 1985. September 1985.
[RFC1542] Wimer, W., "Clarifications and Extensions for the Bootstrap [RFC1542] Wimer, W., "Clarifications and Extensions for the Bootstrap
Protocol", RFC 1542, October 1993. Protocol", RFC 1542, October 1993.
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001. Messages", RFC 3118, June 2001.
 End of changes. 10 change blocks. 
18 lines changed or deleted 42 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/