draft-ietf-dhc-vpn-option-14.txt   draft-ietf-dhc-vpn-option-15.txt 
DHC Working Group Kim Kinnear DHC Working Group Kim Kinnear
Internet Draft Richard Johnson Internet Draft Richard Johnson
Updates: 3046 Mark Stapp Updates: 3046 Mark Stapp
Intended Status: Standards Track Cisco Systems Intended Status: Standards Track Cisco Systems
Expires: May 15, 2012 Jay Kumarasamy Expires: July 26, 2012 Jay Kumarasamy
November 15, 2011 January 26, 2012
Virtual Subnet Selection Options for DHCPv4 and DHCPv6 Virtual Subnet Selection Options for DHCPv4 and DHCPv6
<draft-ietf-dhc-vpn-option-14.txt> <draft-ietf-dhc-vpn-option-15.txt>
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 38 skipping to change at page 3, line 38
agent-information option. These are intended for use by DHCP agent-information option. These are intended for use by DHCP
clients, relay agents, and proxy clients in situations where VSS clients, relay agents, and proxy clients in situations where VSS
information needs to be passed to the DHCP server for proper address information needs to be passed to the DHCP server for proper address
or prefix allocation to take place. If the receiving DHCP server or prefix allocation to take place. If the receiving DHCP server
understands the VSS option or sub-option, this information may be understands the VSS option or sub-option, this information may be
used in conjunction with other information in determining the subnet used in conjunction with other information in determining the subnet
on which to select an address as well as other information such as on which to select an address as well as other information such as
DNS server, default router, etc. DNS server, default router, etc.
If the allocation is being done through a DHCPv4 relay, then the If the allocation is being done through a DHCPv4 relay, then the
relay sub-option defined here should be included. In some cases, relay-agent-information sub-option defined here should be included.
however, an IP address is being sought by a DHCPv4 proxy on behalf of In some cases, however, an IP address is being sought by a DHCPv4
a client (which may be assigned the address via a different proxy on behalf of a client (which may be assigned the address via a
protocol). In this case, there is a need to include VSS information different protocol). In this case, there is a need to include VSS
relating to the client as a DHCPv4 option. information relating to the client as a DHCPv4 option.
If the allocation is being done through a DHCPv6 relay, then the If the allocation is being done through a DHCPv6 relay, then the
DHCPv6 VSS option defined in this document should be included in the DHCPv6 VSS option defined in this document should be included in the
Relay-forward and Relay-reply message going between the DHCPv6 relay Relay-forward and Relay-reply message going between the DHCPv6 relay
and server. In some cases, addresses or prefixes are being sought by and server. In some cases, addresses or prefixes are being sought by
a DHCPv6 proxy on behalf of a client. In this case, there is a need a DHCPv6 proxy on behalf of a client. In this case, there is a need
for the client itself to supply the VSS information using the DHCPv6 for the client itself to supply the VSS information using the DHCPv6
VSS option in the messages that it sends to the DHCPv6 server. VSS option in the messages that it sends to the DHCPv6 server.
In the remaining text of this document, when a DHCPv6 address is In the remaining text of this document, when a DHCPv6 address is
skipping to change at page 5, line 22 skipping to change at page 5, line 22
fields. fields.
o "Global VPN" o "Global VPN"
Indicates that the address being described belongs to the set of Indicates that the address being described belongs to the set of
addresses not part of any VPN. In other words, the normal addresses not part of any VPN. In other words, the normal
address space operated on by DHCP. This includes private address space operated on by DHCP. This includes private
addresses, for example the 10.x.x.x addresses as well as the addresses, for example the 10.x.x.x addresses as well as the
other private subnets that are not routed on the open internet. other private subnets that are not routed on the open internet.
o "NVT ASCII Identifier"
A Network Virtual Terminal (NVT) identifier is an identifier
containing only characters from the ASCII repetoire and using
the Network Virtual Terminal encoding (see Appendix B in
[RFC5198]).
o "VSS information" o "VSS information"
Information about a VPN necessary to allocate an address to a Information about a VPN necessary to allocate an address to a
DHCP client on that VPN and necessary to forward a DHCP reply DHCP client on that VPN and necessary to forward a DHCP reply
packet to a DHCP client on that VPN. packet to a DHCP client on that VPN.
o "VPN" o "VPN"
Virtual private network. A network which appears to the client Virtual private network. A network which appears to the client
to be a private network. to be a private network.
skipping to change at page 6, line 32 skipping to change at page 6, line 36
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | Type | VSS Info. ... | Code | Length | Type | VSS Info. ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code The sub-option code (151). Code The sub-option code (151).
Length The sub-option length, minimum 1 octets. Length The sub-option length, minimum 1 octets.
Type and VSS Information -- see Section 35. Type and VSS Information -- see Section 3.5.
3.3. DHCPv4 Virtual Subnet Selection Control Sub-Option 3.3. DHCPv4 Virtual Subnet Selection Control Sub-Option
This is a sub-option of the relay-agent-information option [RFC3046]. This is a sub-option of the relay-agent-information option [RFC3046].
The format of the sub-option is: The format of the sub-option is:
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | | Code | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code The sub-option code (TBD). Code The sub-option code (TBD).
Length The sub-option length, 0. Length The sub-option length, 0.
This sub-option only only appears in the DHCPv4 relay-agent- This sub-option only appears in the DHCPv4 relay-agent-information
information option. In a DHCP request, it indicates that a DHCPv4 option. In a DHCP request, it indicates that a DHCPv4 VSS sub-option
VSS sub-option is also present in the relay-agent-information option. is also present in the relay-agent-information option. In a DHCP
In a DHCP reply, if it appears in the relay-agent-information option, reply, if it appears in the relay-agent-information option, it
it indicates that the DHCP server did not understand any DHCPv4 VSS indicates that the DHCP server did not understand any DHCPv4 VSS
sub-option that also appears in the relay-agent-information option. sub-option that also appears in the relay-agent-information option.
3.4. DHCPv6 Virtual Subnet Selection Option 3.4. DHCPv6 Virtual Subnet Selection Option
The format of the DHCPv6 Virtual Subnet Selection option is shown The format of the DHCPv6 Virtual Subnet Selection option is shown
below. This option may be included by a client or relay-agent (or below. This option may be included by a client or relay-agent (or
both). both).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 8, line 9 skipping to change at page 8, line 9
3.5. Virtual Subnet Selection Type and Information 3.5. Virtual Subnet Selection Type and Information
All of the (sub)options defined above carry identical payloads, All of the (sub)options defined above carry identical payloads,
consisting of a type and additional VSS information as follows: consisting of a type and additional VSS information as follows:
Type VSS Information format: Type VSS Information format:
0 NVT ASCII VPN identifier 0 NVT ASCII VPN identifier
1 RFC2685 VPN-ID 1 RFC2685 VPN-ID
2-254 Reserved 2-254 Unassigned
255 Global, default VPN. 255 Global, default VPN.
o Type 0 -- NVT ASCII VPN identifier o Type 0 -- Network Virtual Terminal (NVT) ASCII VPN identifier
Indicates that the VSS information consists of a NVT ASCII Indicates that the VSS information consists of an NVT ASCII
string. It MUST NOT be terminated with a zero byte. string. It MUST NOT be terminated with a zero byte.
o Type 1 -- RFC2685 VPN-ID o Type 1 -- RFC2685 VPN-ID
Indicates that the VSS information consists of an RFC2685 VPN-ID Indicates that the VSS information consists of an RFC2685 VPN-ID
[RFC2685], which is defined to be 7 octets in length. [RFC2685], which is defined to be 7 octets in length.
o Type 255 -- Global, default VPN o Type 255 -- Global, default VPN
Indicates that there is no explicit, non-default VSS information Indicates that there is no explicit, non-default VSS information
but rather that this option references the normal, global, but rather that this option references the normal, global,
default address space. In this case, there MUST NOT be any VSS default address space. In this case, there MUST NOT be any VSS
Information included in the VSS option or sub-option and the Information included in the VSS option or sub-option and the
length of the MUST be 1. length of the option or sub-option MUST be 1.
All other values of the Type field are reserved. All other values of the Type field are unassigned.
4. Overview of Virtual Subnet Selection Usage 4. Overview of Virtual Subnet Selection Usage
At the highest level, the VSS option or sub-option determines the VPN At the highest level, the VSS option or sub-option determines the VPN
on which a DHCP client is supposed to receive an IP address. How the on which a DHCP client is supposed to receive an IP address. How the
option or sub-option is entered and processed is discussed below, but option or sub-option is entered and processed is discussed below, but
the point of all of the discussion is to determine the VPN on which the point of all of the discussion is to determine the VPN on which
the DHCP client resides. This will affect a relay agent, in that it the DHCP client resides. This will affect a relay agent, in that it
will have to ensure that DHCP packets sent to and received from the will have to ensure that DHCP packets sent to and received from the
DHCP client flow over the correct VPN. This will affect the DHCP DHCP client flow over the correct VPN. This will affect the DHCP
skipping to change at page 14, line 45 skipping to change at page 14, line 45
the hopes that they will cover simple cases that may arise from the hopes that they will cover simple cases that may arise from
situations beyond those envisioned today. However, for more complex situations beyond those envisioned today. However, for more complex
situations, or simple situations where appropriate conflict situations, or simple situations where appropriate conflict
resolution strategies differ from those discussed in this document, a resolution strategies differ from those discussed in this document, a
document detailing the usage situations and appropriate conflict document detailing the usage situations and appropriate conflict
resolution strategies SHOULD be created and submitted for discussion resolution strategies SHOULD be created and submitted for discussion
and approval. and approval.
5. Relay Agent Behavior 5. Relay Agent Behavior
Implementers MAY provide a policy or configuration capability to
enable or disable VSS support.
A relay agent which receives a DHCP request from a DHCP client on a A relay agent which receives a DHCP request from a DHCP client on a
VPN SHOULD include Virtual Subnet Selection information in the DHCP VPN SHOULD include Virtual Subnet Selection information in the DHCP
packet prior to forwarding the packet on to the DHCP server unless packet prior to forwarding the packet on to the DHCP server unless
inhibited from doing so by configuration information or policy to the inhibited from doing so by configuration information or policy to the
contrary. contrary.
In this situation, a DHCPv4 relay agent MUST include a DHCPv4 VSS In this situation, a DHCPv4 relay agent MUST include a DHCPv4 VSS
sub-option in a relay-agent-information option [RFC3046], while a sub-option in a relay-agent-information option [RFC3046], while a
DHCPv6 relay agent MUST include a DHCPv6 VSS option in the Relay- DHCPv6 relay agent MUST include a DHCPv6 VSS option in the Relay-
forward message. forward message.
skipping to change at page 15, line 34 skipping to change at page 15, line 37
The reason to include this additional VSS DHCPv4 sub-option is that The reason to include this additional VSS DHCPv4 sub-option is that
[RFC3046] specifies (essentially) that a DHCPv4 server should copy [RFC3046] specifies (essentially) that a DHCPv4 server should copy
all sub-options that it receives in a relay-agent-information option all sub-options that it receives in a relay-agent-information option
in a request into a corresponding relay-agent-information option in in a request into a corresponding relay-agent-information option in
the response. Thus, a server that didn't support the DHCPv4 VSS the response. Thus, a server that didn't support the DHCPv4 VSS
sub-option would normally just copy it to the response packet, sub-option would normally just copy it to the response packet,
leaving the relay agent to wonder if in fact the DHCPv4 server leaving the relay agent to wonder if in fact the DHCPv4 server
actually used the VSS information when processing the request. actually used the VSS information when processing the request.
To alleviate this potential confusion, a DHCPvr4 relay agent instead To alleviate this potential confusion, a DHCPv4 relay agent instead
sends in two sub-options: one VSS sub-option, and one VSS-Control sends in two sub-options: one VSS sub-option, and one VSS-Control
sub-option. If both sub-options appear in the response from the sub-option. If both sub-options appear in the response from the
DHCPv4 server, then the DHCPv4 relay agent MUST assume that the DHCPv4 server, then the DHCPv4 relay agent MUST assume that the
DHCPv4 server did not act on the VSS information in the VSS sub- DHCPv4 server did not act on the VSS information in the VSS sub-
option. If only the VSS sub-option appears in the response from the option. If only the VSS sub-option appears in the response from the
DHCPv4 server and no VSS-Control sub-option appears in the response DHCPv4 server and no VSS-Control sub-option appears in the response
from the DHCPv4 server, then the relay agent SHOULD assume that the from the DHCPv4 server, then the relay agent SHOULD assume that the
DHCPv4 server acted successfully on the VSS sub-option. DHCPv4 server acted successfully on the VSS sub-option.
Anytime a relay agent places a VSS option or sub-option in a DHCP Anytime a relay agent places a VSS option or sub-option in a DHCP
skipping to change at page 16, line 25 skipping to change at page 16, line 27
IP address. Alternatively, if any of these items don't interoperate IP address. Alternatively, if any of these items don't interoperate
with the others, the DHCP client will not receive a working address. with the others, the DHCP client will not receive a working address.
Note that in some environments a relay agent may choose to always Note that in some environments a relay agent may choose to always
place a VSS option or sub-option into packets and messages that it place a VSS option or sub-option into packets and messages that it
forwards in order to forestall any attempt by a relay agent closer to forwards in order to forestall any attempt by a relay agent closer to
the client or the client itself to specify VSS information. In this the client or the client itself to specify VSS information. In this
case, a type field of 255 is used to denote the global, default VPN. case, a type field of 255 is used to denote the global, default VPN.
When the type field of 255 is used, there MUST NOT be any additional When the type field of 255 is used, there MUST NOT be any additional
VSS information in the VSS option or sub-option. In the DHCPv4 case, VSS information in the VSS option or sub-option. In the DHCPv4 case,
an additional VSS-Control sub-option, as discussed above. an additional VSS-Control sub-option would be required, as discussed
above.
5.1. VPN assignment by the DHCP server 5.1. VPN assignment by the DHCP server
In some cases, a DHCP server may use the Virtual Subnet Selection In some cases, a DHCP server may use the Virtual Subnet Selection
sub-option or option to inform a relay agent that a particular DHCP sub-option or option to inform a relay agent that a particular DHCP
client is associated with a particular VPN. It does this by sending client is associated with a particular VPN. It does this by sending
the Virtual Subnet Selection sub-option or option with the the Virtual Subnet Selection sub-option or option with the
appropriate information to the relay agent in the relay-agent- appropriate information to the relay agent in the relay-agent-
information option for DHCPv4 or the Relay-reply message in DHCPv6. information option for DHCPv4 or the Relay-reply message in DHCPv6.
If the relay agent cannot respond correctly to the DHCP server's If the relay agent cannot respond correctly to the DHCP server's
skipping to change at page 25, line 19 skipping to change at page 25, line 22
[RFC4030] Stapp, M. and T. Lemon, "The Authentication Suboption for [RFC4030] Stapp, M. and T. Lemon, "The Authentication Suboption for
the Dynamic Host Configuration Protocol (DHCP) Relay Agent the Dynamic Host Configuration Protocol (DHCP) Relay Agent
Option", RFC 4030, March 2005. Option", RFC 4030, March 2005.
[RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration [RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration
Protocol (DHCP) Leasequery", RFC 4388, February 2006. Protocol (DHCP) Leasequery", RFC 4388, February 2006.
[RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, "DHCPv6 [RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, "DHCPv6
Leasequery", RFC 5007, September 2007. Leasequery", RFC 5007, September 2007.
[RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network
Interchange", RFC 5198, March 2008.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
Authors' Addresses Authors' Addresses
Kim Kinnear Kim Kinnear
Cisco Systems Cisco Systems
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, Massachusetts 01719 Boxborough, Massachusetts 01719
 End of changes. 16 change blocks. 
22 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/