Network Working Group B. Sarikaya
Internet-Draft Huawei USA
Intended status: Standards Track K. Chowdhury
Expires: April 5, 2007 Starent Networks
October 2, 2006
DHCP v4/v6 Proxy
draft-sarikaya-dhc-proxyagent-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 5, 2007.
Copyright Notice
Copyright (C) The Internet Society (2006).
Sarikaya & Chowdhury Expires April 5, 2007 [Page 1]
Internet-Draft DHCPv4/v6 for Proxy October 2006
Abstract
Dynamic Host Configuration Protocol Proxy server is a DHCP server and
hence it supports DHCP protocol but it does not have local address
repository. It outsources the address repository function to
external nodes or functional elements in a network. This document
explains Proxy DHCP operation and presents some use cases.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Implementation . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. DHCPv4 Operation . . . . . . . . . . . . . . . . . . . . . 5
3.2. DHCPv6 Operation . . . . . . . . . . . . . . . . . . . . . 5
3.3. MN Mobility . . . . . . . . . . . . . . . . . . . . . . . 5
4. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. External Address Assignment . . . . . . . . . . . . . . . 6
4.2. Mobile IPv6 . . . . . . . . . . . . . . . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 8
6. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 9
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
Intellectual Property and Copyright Statements . . . . . . . . . . 13
Sarikaya & Chowdhury Expires April 5, 2007 [Page 2]
Internet-Draft DHCPv4/v6 for Proxy October 2006
1. Introduction
Recently in some standards development organizations (SDO) the need
has arisen to define a DHCP server operation which will support DHCP
protocol version 4 and version 6 but the server will not manage the
addresses. Such a DHCP server is called DHCP proxy.
DHCP proxy can leave the address management to other entities.
Authentication, Authorization and Accounting (AAA) servers can
provide addresses to the nodes. Mobile IPv4 Foreign and Home Agents
(FA/HA) also can provide address to the mobile nodes (MN). The
address could be locally cached or could be obtained from a
Lightweight Directory Access Protocol (LDAP) server or even an
external database.
DHCP Proxy could present a preferred mode of operation in cases where
communication between a local DHCP Relay and an external DHCP server
can not be secured.
This document defines DHCP Proxy operation for IPv4 and IPv6. In
Section 2 an overview of the stateless DHCP Proxy operation is given,
in Section 3 the implementation is described, in Section 4 two use
cases from the SDOs of 3GPP2 and WiMAX are introduced, Section 5 is
on the security considerations and Section 6 concludes the document.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 RFC 2119
[STANDARDS].
Sarikaya & Chowdhury Expires April 5, 2007 [Page 3]
Internet-Draft DHCPv4/v6 for Proxy October 2006
2. Overview
DHCP Proxy defined in this document provides all the services DHCP
server provides. DHCP proxy supports DHCPv4 [DHCPv4] operation
and/or DHCPv6 [DHCPv6] operation. The DHCP Proxy server operation is
transparent to the DHCP Client and DHCP relay agents.
In DHCPv4 operation, MN contacts DHCP Proxy for address assignment.
DHCP proxy MAY interact with another entity, e.g. LDAP server. DHCP
Proxy MUST assign this address to MN.
In DHCPv6 operation, MN contacts DHCP Proxy either for stateless DHCP
operation [statelessDHCP] such as configuration of its home address
(HoA), home agent address and possibly other parameters or in some
future applications for a stateful operation.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 4]
Internet-Draft DHCPv4/v6 for Proxy October 2006
3. Implementation
This section describes the regular mode of operation for DHCPv4 Proxy
and DHCPv6 Proxy.
3.1. DHCPv4 Operation
DHCP Proxy MUST reply MN's DHCPDISCOVER message by sending DHCPOFFER
message. DHCP Proxy looks for locally available address for the MN.
After obtaining an IPv4 address for the MN, DHCP Proxy MUST respond
back to the MN with a DHCPOFFER message setting the Your IP address
field to the received address, Server IP address field to the IP
address of the DHCP proxy, and Transaction ID copied from the
DHCPDISCOVER message. Subsequent DHCPREQUEST messages from the same
MN with the assigned IPv4 address, the DHCP proxy MUST respond back
to the MN with DHCPACK after querying an external server.
3.2. DHCPv6 Operation
DHCP Proxy MUST reply MN's Information Request message by sending
Information Reply message. The operation is as described in
[statelessDHCP].
The options in Information Request MUST be specified as defined in
[draft-ietf-mip6-hiopt-00.txt] to be used in the integrated
bootsrapping scenario defined in
[draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt]. In the future
more options may be defined.
Definition of stateful DHCP proxy operation is TBD.
3.3. MN Mobility
When MN moves and changes its subnet, MN may still generate
DHCPREQUEST message to extend the time to use its address that it
obtained from a previous DHCP proxy. The destination address of
DHCPREQUEST is the previous DHCP Proxy address.
DHCP Proxy MUST remove any state for MNs that moved out of the subnet
including the address allocated for this MN. DHCP Proxy MUST ignore
DHCPREQUEST message if it has no state for the 'ciaddr' field of
DHCPREQUEST message and MUST not send DHCPACK message.
MN's DHCP Client in RENEWING state will not receive any DHCPACK
message before time T2 defined in [DHCPv4] and enter into REBINDING
state. MN MUST send DHCPREQUEST message in broadcast to extend its
lease. The new DHCP Proxy operating as described in Section 3.1
above MUST assign the address to the MN.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 5]
Internet-Draft DHCPv4/v6 for Proxy October 2006
4. Use Cases
This section describes two use cases: Mobile IPv6 and Home Address
assignment.
4.1. External Address Assignment
In this use case, DHCP proxy acts as a front end to assign an address
to MN and it gets the address by external means.
DHCP Proxy MUST reply DHCPDISCOVER messages from MN with DHCP offer
containing MN's address. MN MAY use this address as its home
address. There are two cases:
The address is not locally available. Therefore, DHCP Proxy has to
perform an external lookup. The DHCP proxy shall query an external
server such as a lightweight directory access protocol server or an
authentication, authorization and accounting server or some other
server. Upon receiving a DHCPDISCOVER message from the MN, the DHCP
proxy MAY ignore the "chaddr" field in the DHCP header and use the
pseudo NAI [rfc4282] instead. DHCP Proxy MAY be located in the
network access server (NAS). The DHCP proxy prompts a local entity
available in the NAS such as AAA client, LDAP client, etc. to acquire
an address externally. DHCP Proxy MAY use the pseudo NAI value in
DHCPDISCOVER and pass this value to the appropriate client for
identification of the home domain of the mobile node.
If the address has already been allocated by the home AAA server
during the authentication phase, DHCP proxy MAY prompt a local entity
in order to access the locally cached value after receiving the DHCP
request from the MN. DHCP Proxy MUST respond DHCPDISCOVER by
DHCPOFFER to send the locally cached address.
4.2. Mobile IPv6
MN configures local IPv6 address using stateless address
autoconfiguration [rfc2462]. For Mobile IPv6 configuration
parameters like the home address, home agent's address, etc. MN MUST
send Information Request message to DHCP Proxy.
DHCP Proxy MUST use Layer 2 means to identify the connection over
which DHCP Information Request message was received. DHCP Proxy then
checks any cached records available for this MN. Cached records MAY
be created during MN's first entry to the network. MN will be
authenticated and its home network configuration parameters will be
downloaded from the home AAA server. DHCP Proxy will then proceed to
send Information Reply message and will determine the parameters as
follows:
Sarikaya & Chowdhury Expires April 5, 2007 [Page 6]
Internet-Draft DHCPv4/v6 for Proxy October 2006
To send the Home Agent address to the MN, the DHCPv6 proxy SHALL set
the hainfo-type to 1 and the Home Network Information field to the
Complete IPv6 address of the home agent in the Home Network
Information Option.
To indicate the received home link prefix, the DHCPv6 proxy shall set
the hainfo-type to 0 and the Home Network Information field to Home
subnet prefix in the Home Network Information Option. If both HA and
HL prefix information need to be conveyed to the MN, the DHCPv6 proxy
shall include two Home Network Information Options with fields set as
described above.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 7]
Internet-Draft DHCPv4/v6 for Proxy October 2006
5. Security Considerations
Secure delivery of the configuration information from a DHCP server
to the mobile node (DHCP client) relies on the overall DHCP security.
The messages defined in this document are secured by DHCP security
mechanisms.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 8]
Internet-Draft DHCPv4/v6 for Proxy October 2006
6. Conclusions
We presented DHCP Proxy service for IPv4 and IPv6. We also showed
how DHCP proxy can be used.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 9]
Internet-Draft DHCPv4/v6 for Proxy October 2006
7. Acknowledgements
The authors gratefully acknowledge the discussions and feedback from
WiMAX Forum NWG attendees.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 10]
Internet-Draft DHCPv4/v6 for Proxy October 2006
8. References
8.1. Normative References
[DHCPv4] "Dynamic Host Configuration Protocol", RFC 2131,
March 1997, <http://www.ietf.org/rfc/rfc2131.txt>.
[DHCPv6] "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
RFC 3315, July 2003,
<http://www.ietf.org/rfc/rfc3315.txt>.
[STANDARDS]
"Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997,
<ftp://ftp.isi.edu/in-notes/rfc2119>.
[rfc2462] "IPv6 Stateless Address Autoconfiguration", RFC 4282,
December 1998, <http://www.ietf.org/rfc/rfc2462.txt>.
[rfc4282] "The Network Access Identifier", RFC 4282, December 2005,
<http://www.ietf.org/rfc/rfc4282.txt>.
[statelessDHCP]
"Stateless Dynamic Host Configuration Protocol (DHCP)
Service for IPv6", RFC 3736, April 2004,
<http://www.ietf.org/rfc/rfc3736.txt>.
8.2. Informative References
[draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt]
Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6
for the Integrated Scenario", June 2006, <http://ietf.org/
internet-drafts/
draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt>.
[draft-ietf-mip6-hiopt-00.txt]
Jang, H., Yegin, A., and K. Chowdhury, "DHCP Option for
Home Information Discovery in MIPv6", August 2006, <http:/
/tools.ietf.org/wg/mip6/draft-ietf-mip6-hiopt/
draft-ietf-mip6-hiopt-00.txt>.
Sarikaya & Chowdhury Expires April 5, 2007 [Page 11]
Internet-Draft DHCPv4/v6 for Proxy October 2006
Authors' Addresses
Behcet Sarikaya
Huawei USA
1700 Alma Dr. Suite 100
Plano, TX 75075
Phone:
Email: sarikaya@ieee.org
Kuntal Chowdhury
Starent Networks
30 International Place
Tewksbury, MA 01876
Phone: +1 214-550-1416
Email: kchowdhury@starentnetworks.com
Sarikaya & Chowdhury Expires April 5, 2007 [Page 12]
Internet-Draft DHCPv4/v6 for Proxy October 2006
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Sarikaya & Chowdhury Expires April 5, 2007 [Page 13]