DHC Working Group Rajiv Asati
Internet Draft Cisco Systems
Intended status: Standards Track
Expires: March 2011 Ralph Droms
Cisco Systems
September 29, 2010
DHCP Relay Agent Configuration Option
draft-asati-dhc-relay-agent-config-00.txt
Abstract
This document defines a Dynamic Host Configuration Protocol (DHCP)
Relay Agent Configuration option and associated machinery to
configure the Relay Agent.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Asati, et al. Expires March 29, 2011 [Page 1]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
This Internet-Draft will expire on March 29, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Asati, et al. Expires March 29, 2011 [Page 2]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
Table of Contents
1. Introduction...................................................4
2. Key Words to Reflect Requirements..............................4
3. Problem / Requirement..........................................5
4. Relay Agent Configuration Option...............................5
5. Operation......................................................6
5.1. DHCP Relay Agent Procedures...............................6
5.1.1. DHCP Relay Agent Chaining............................7
5.2. DHCP Server Procedures....................................7
5.3. DHCP Client Procedures....................................7
6. Security Considerations........................................8
7. IANA Considerations............................................8
8. Acknowledgments................................................8
9. References.....................................................9
9.1. Normative References......................................9
9.2. Informative References....................................9
APPENDIX A: Applicability........................................10
A.1. Applicability to MPLS IP/VPN.............................10
Authors' Addresses...............................................12
Asati, et al. Expires March 29, 2011 [Page 3]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
1. Introduction
There are scenarios in which a network operator (Service Provider or
Enterprise) may desire the relay agent to be dynamically provisioned
while facilitating the server-client communication to ultimately
facilitate the service activation in a zero-touch manner.
One example is the provisioning of the Provider Edge (PE) router,
acting as the relay agent for the Customer Edge (CE) router,
acting as the (DHCP) client, during IP/VPN [RFC4364] service
activation.
DHCP [RFC2131][ RFC3315] is the predominant signaling protocol to
dynamically assign IP addresses and other TCP/IP configuration
parameters to routers and hosts. DHCP Relay Agent functionality
[RFC3046] is specified to facilitate the forwarding of DHCP messages
between the client and server through the relay agent.
DHCP server may use one or more sub-options within the "Relay Agent
Information" option [RFC3046] appended by Relay Agent, for IP
address and other parameter assignment policies to the Client. The
"Relay Agent Information" option [RFC3046] is limited to providing
the additional information from Relay Agent to the DHCP server to
aid the server.
This document proposes a new DHCP option (and sub-options) that the
Relay Agent can use to request and receive the desired Relay Agent
configuration information and that the DHCP server can use to
deliver the requested configuration information. The document also
describes the associated procedures and operations for the Relay
Agent and Server to achieve the auto-provisioning of VPN information
at the PE router acting as the relay agent.
2. Key Words to Reflect Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[RFC2119]. RFC 2119 defines the use of these key words to help make
the intent of standards track documents as clear as possible. While
this document uses these keywords, this document is not a standards
track document.
Additionally, this document freely uses the terms that are defined
in [RFC2131][RFC2132][RFC3046].
Asati, et al. Expires March 29, 2011 [Page 4]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
3. Problem / Requirement
There are other methods to activate the VPN service by auto-
provisioning the CE router after it establishes the layer2
connectivity. However, this assumes and requires the adjacent PE
router to be provisioned in advance to ensure that the CE gets the
IP reachability through the PE router, and is able to participate in
the any-to-any VPN such as BGP IP/VPN [RFC4364]. This is one of the
key challenges that serve as one of the requirements for the
solution prescribed in this document. Another requirement is to make
use of the existing signaling protocol(s) and not impose multiple
protocols to achieve this.
4. Relay Agent Configuration Option
This document defines a new DHCP Option called the Relay Agent
Configuration Option. It is a "container" option for specific sub-
options. The format of the Relay Agent Configuration option is:
Code Len Agent Configuration Field
+------+------+------+------+------+------+--...-+------+
| TBD | N | c1 | c2 | c3 | c4 | | cN |
+------+------+------+------+------+------+--...-+------+
Figure 1 Relay Agent Configuration Option
Code = DHCP Option for Relay Agent Configuration (to be allocated
by IANA)
Len = Total number of octets (N) in the Agent Configuration Field
(inclusive of all sub-options)
Agent Configuration Field = One or more Sub-options, each encoded
as a SubOpt/Length/Value tuple, as shown below:
Asati, et al. Expires March 29, 2011 [Page 5]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
SubOpt Len Sub-option Value
+------+------+------------------------------...--------+
| 1 | N' | |
+------+------+------------------------------...--------+
Figure 2 Relay Agent Configuration Sub-Option
SubOpt = DHCP Sub-Option for Relay Agent Configuration
(to be allocated by IANA)
Len = Total number of octets (N') in a Sub-option
Sub-option Value = zero or more octets to encode the value.
The sub-options need not appear in any particular order.
5. Operation
5.1. DHCP Relay Agent Procedures
The relay agent adds the DHCP relay agent configuration option (&
needed sub-options) in the relayed message to request the relay
agent side configuration information from the server.
The addition of this option SHOULD be configurable, and SHOULD be
disabled by default. Relay agents SHOULD have separate
configurables for each sub-option to control whether it is added to
client-to-server packets.
A relay agent adding a Relay Agent Configuration Information Option
MUST add it as the last option (but before 'End Option' 255, if
present) or the second last option, if option 82 is present, in the
DHCP options field of any recognized BOOTP or DHCP packet forwarded
from a client to a server.
If the configuration information, provided by the DHCP server in its
response, is already present at the relay agent, then relay agent
SHOULD compare the existing configuration with the new one, and in
case of a mismatch, logs an error/event.
Asati, et al. Expires March 29, 2011 [Page 6]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
The relay agent MUST remove the relay agent configuration option
from the DHCP response and forward the remaining response to the
client.
The operation of relay agent for specific sub-options should be
specified with that sub-option.
5.1.1. DHCP Relay Agent Chaining
Relay agents receiving a DHCP packet from an untrusted circuit with
giaddr set to zero (indicating that they are the first-hop router)
but with a Relay Agent Configuration option already present in the
packet SHALL discard the packet and increment an error count.
A trusted circuit may contain a trusted downstream (closer to
client) network element (bridge) between the relay agent and the
client that MAY add a relay agent option but not set the giaddr
field. In this case, the relay agent does NOT add a "second" relay
agent option, but forwards the DHCP packet per normal DHCP relay
agent operations, setting the giaddr field as it deems appropriate.
The mechanisms for distinguishing between "trusted" and "untrusted"
circuits are specific to the type of circuit termination equipment,
and may involve local administration.
5.2. DHCP Server Procedures
The DHCP server examines the DHCP options in the incoming request,
and constructs the response. The DHCP server may poll any other
servers present in the OSS/BSS to construct the requested
configuration information, and ultimately include it in the relay
agent configuration option/sub-options of DHCP response.
5.3. DHCP Client Procedures
This document doesn't specify any changes to the client functioning.
The new option defined in this document is never passed to the
client.
Asati, et al. Expires March 29, 2011 [Page 7]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
6. Security Considerations
There are no specific security considerations within the scope of
this document.
7. IANA Considerations
TBD.
8. Acknowledgments
Thanks to Shwetha Bhandari for providing feedback.
This document was prepared using 2-Word-v2.0.template.dot.
Asati, et al. Expires March 29, 2011 [Page 8]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2544] Bradner, S. and McQuaid, J., "Benchmarking Methodology for
Network Interconnect Devices", RFC 2544, March 1999.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
2131, March 1997.
[RFC5695] Droms, R. and Alexanderand S., "DHCP Options and BOOTP
Vendor Extensions", RFC 5695, March 1997.
[RFC3315] Droms, et. al., "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC
3046, January 2001.
9.2. Informative References
[RFC4364] Rosen, E. and Rekther, Y., "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, February 2006.
Asati, et al. Expires March 29, 2011 [Page 9]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
APPENDIX A: Applicability
A.1. Applicability to MPLS IP/VPN
Figure 3 below illustrates a sample MPLS/VPN network topology in
which CE1, CE2 and CE3 are part of the same Virtual Private Network
(VPN), which is represented by VRF VPN1, say, in the MPLS/VPN
network.
CE1-------PE1-------MPLS/VPN Network-------PE2-----CE2
| \--------PE3-----CE3
|
PE10
|
Network/Service Management Complex
(DHCP Server, DNS Server, TFTP Server, etc.)
Figure 3 A Sample Network Topology
The "Network/Service Management Complex" is where the DHCP Server,
DNS server, TFTP server etc. may reside.
The PE router is assumed to have the DHCP relay agent functionality
as suggested in this document. The relay agent functionality may be
included globally for all PE-CE interfaces or selectively on
individual PE-CE interfaces.
Optionally, the unused PE-CE interfaces at the PE router may be
assigned to a default VRF prior to the successful DHCP processing
and auto-configuration. This helps to avoid having the CE get the
global reachability by accident prior to the DHCP operation
completion.
Assuming that the PE-CE interface is ready for the layer1/layer2
connectivity, CE would (be programmed to) broadcast the DHCP request
when the layer2 connectivity is established on either all or
designated port(s).
. This ensures that the DHCP request reaches the PE router.
. The DHCP request may include CE's unique identifier (such as
MAC address or S/N or Unique Device Identifier (UDI) etc.) that
is already known to the Servers in the Network/Service
Management Complex.
Asati, et al. Expires March 29, 2011 [Page 10]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
PE router upon receiving the DHCP request on a layer2 interface that
isn't configured with any IP address, relays it to the DHCP server
that may be pre-provisioned.
PE adds the DHCP relay agent configuration option (& needed sub-
options) in the relayed message to request the PE side configuration
information.
The DHCP server examines the DHCP options in the incoming request,
and constructs the response. The DHCP server may poll any other
servers present in the OSS/BSS for the PE configuration information,
so as to include it in the options/sub-options of DHCP response.
The PE configuration information, in RFC4364 environment, may
contain one or more of the following -
- IP address and subnet for PE-CE interface
- VRF Configuration (RD, RT etc.)
- Other PE-CE Interface configuration (description, vrf mapping
etc.)
- Selected Routing Protocol instance (for the CE)
- Neighbor and ASN information in case of BGP or EIGRP
- Security, QoS information etc. (for the CE)
If the VRF configuration, provided by the DHCP server in its
response, is already present at the PE router, then PE router must
compare the existing config with the new one, and logs an
error/event that could be sent to the DHCP server or to the OSS/BSS
or both, in case of a mismatch.
PE should accept the new config. The error/event log will help to
get the operator attention for further validation. New DHCP sub-
option is defined for this purpose.
The PE router removes the PE specific information (the new DHCP
relay agent configuration option) from the DHCP response and forward
the remaining response to the CE router, which will process it as
usual (not impacted by this document).
Asati, et al. Expires March 29, 2011 [Page 11]
Internet-Draft DHCP Relay Agent Configuration Option September 2010
Authors' Addresses
Rajiv Asati
Cisco Systems,
7025 Kit Creek Rd, RTP, NC, 27709
Email: rajiva@cisco.com
Ralph Droms
Cisco Systems,
200 Beaver Brook Road, Boxborough, MA, 01719
Email: rdroms@cisco.com
Asati, et al. Expires March 29, 2011 [Page 12]