Network Working Group B. Sarikaya Internet-Draft Huawei USA Intended status: Standards Track K. Chowdhury Expires: April 5, 2007 Starent Networks October 2, 2006 DHCP v4/v6 Proxy draft-sarikaya-dhc-proxyagent-00 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 5, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Sarikaya & Chowdhury Expires April 5, 2007 [Page 1] Internet-Draft DHCPv4/v6 for Proxy October 2006 Abstract Dynamic Host Configuration Protocol Proxy server is a DHCP server and hence it supports DHCP protocol but it does not have local address repository. It outsources the address repository function to external nodes or functional elements in a network. This document explains Proxy DHCP operation and presents some use cases. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Implementation . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. DHCPv4 Operation . . . . . . . . . . . . . . . . . . . . . 5 3.2. DHCPv6 Operation . . . . . . . . . . . . . . . . . . . . . 5 3.3. MN Mobility . . . . . . . . . . . . . . . . . . . . . . . 5 4. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.1. External Address Assignment . . . . . . . . . . . . . . . 6 4.2. Mobile IPv6 . . . . . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 9 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 8.1. Normative References . . . . . . . . . . . . . . . . . . . 11 8.2. Informative References . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 Intellectual Property and Copyright Statements . . . . . . . . . . 13 Sarikaya & Chowdhury Expires April 5, 2007 [Page 2] Internet-Draft DHCPv4/v6 for Proxy October 2006 1. Introduction Recently in some standards development organizations (SDO) the need has arisen to define a DHCP server operation which will support DHCP protocol version 4 and version 6 but the server will not manage the addresses. Such a DHCP server is called DHCP proxy. DHCP proxy can leave the address management to other entities. Authentication, Authorization and Accounting (AAA) servers can provide addresses to the nodes. Mobile IPv4 Foreign and Home Agents (FA/HA) also can provide address to the mobile nodes (MN). The address could be locally cached or could be obtained from a Lightweight Directory Access Protocol (LDAP) server or even an external database. DHCP Proxy could present a preferred mode of operation in cases where communication between a local DHCP Relay and an external DHCP server can not be secured. This document defines DHCP Proxy operation for IPv4 and IPv6. In Section 2 an overview of the stateless DHCP Proxy operation is given, in Section 3 the implementation is described, in Section 4 two use cases from the SDOs of 3GPP2 and WiMAX are introduced, Section 5 is on the security considerations and Section 6 concludes the document. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC 2119 [STANDARDS]. Sarikaya & Chowdhury Expires April 5, 2007 [Page 3] Internet-Draft DHCPv4/v6 for Proxy October 2006 2. Overview DHCP Proxy defined in this document provides all the services DHCP server provides. DHCP proxy supports DHCPv4 [DHCPv4] operation and/or DHCPv6 [DHCPv6] operation. The DHCP Proxy server operation is transparent to the DHCP Client and DHCP relay agents. In DHCPv4 operation, MN contacts DHCP Proxy for address assignment. DHCP proxy MAY interact with another entity, e.g. LDAP server. DHCP Proxy MUST assign this address to MN. In DHCPv6 operation, MN contacts DHCP Proxy either for stateless DHCP operation [statelessDHCP] such as configuration of its home address (HoA), home agent address and possibly other parameters or in some future applications for a stateful operation. Sarikaya & Chowdhury Expires April 5, 2007 [Page 4] Internet-Draft DHCPv4/v6 for Proxy October 2006 3. Implementation This section describes the regular mode of operation for DHCPv4 Proxy and DHCPv6 Proxy. 3.1. DHCPv4 Operation DHCP Proxy MUST reply MN's DHCPDISCOVER message by sending DHCPOFFER message. DHCP Proxy looks for locally available address for the MN. After obtaining an IPv4 address for the MN, DHCP Proxy MUST respond back to the MN with a DHCPOFFER message setting the Your IP address field to the received address, Server IP address field to the IP address of the DHCP proxy, and Transaction ID copied from the DHCPDISCOVER message. Subsequent DHCPREQUEST messages from the same MN with the assigned IPv4 address, the DHCP proxy MUST respond back to the MN with DHCPACK after querying an external server. 3.2. DHCPv6 Operation DHCP Proxy MUST reply MN's Information Request message by sending Information Reply message. The operation is as described in [statelessDHCP]. The options in Information Request MUST be specified as defined in [draft-ietf-mip6-hiopt-00.txt] to be used in the integrated bootsrapping scenario defined in [draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt]. In the future more options may be defined. Definition of stateful DHCP proxy operation is TBD. 3.3. MN Mobility When MN moves and changes its subnet, MN may still generate DHCPREQUEST message to extend the time to use its address that it obtained from a previous DHCP proxy. The destination address of DHCPREQUEST is the previous DHCP Proxy address. DHCP Proxy MUST remove any state for MNs that moved out of the subnet including the address allocated for this MN. DHCP Proxy MUST ignore DHCPREQUEST message if it has no state for the 'ciaddr' field of DHCPREQUEST message and MUST not send DHCPACK message. MN's DHCP Client in RENEWING state will not receive any DHCPACK message before time T2 defined in [DHCPv4] and enter into REBINDING state. MN MUST send DHCPREQUEST message in broadcast to extend its lease. The new DHCP Proxy operating as described in Section 3.1 above MUST assign the address to the MN. Sarikaya & Chowdhury Expires April 5, 2007 [Page 5] Internet-Draft DHCPv4/v6 for Proxy October 2006 4. Use Cases This section describes two use cases: Mobile IPv6 and Home Address assignment. 4.1. External Address Assignment In this use case, DHCP proxy acts as a front end to assign an address to MN and it gets the address by external means. DHCP Proxy MUST reply DHCPDISCOVER messages from MN with DHCP offer containing MN's address. MN MAY use this address as its home address. There are two cases: The address is not locally available. Therefore, DHCP Proxy has to perform an external lookup. The DHCP proxy shall query an external server such as a lightweight directory access protocol server or an authentication, authorization and accounting server or some other server. Upon receiving a DHCPDISCOVER message from the MN, the DHCP proxy MAY ignore the "chaddr" field in the DHCP header and use the pseudo NAI [rfc4282] instead. DHCP Proxy MAY be located in the network access server (NAS). The DHCP proxy prompts a local entity available in the NAS such as AAA client, LDAP client, etc. to acquire an address externally. DHCP Proxy MAY use the pseudo NAI value in DHCPDISCOVER and pass this value to the appropriate client for identification of the home domain of the mobile node. If the address has already been allocated by the home AAA server during the authentication phase, DHCP proxy MAY prompt a local entity in order to access the locally cached value after receiving the DHCP request from the MN. DHCP Proxy MUST respond DHCPDISCOVER by DHCPOFFER to send the locally cached address. 4.2. Mobile IPv6 MN configures local IPv6 address using stateless address autoconfiguration [rfc2462]. For Mobile IPv6 configuration parameters like the home address, home agent's address, etc. MN MUST send Information Request message to DHCP Proxy. DHCP Proxy MUST use Layer 2 means to identify the connection over which DHCP Information Request message was received. DHCP Proxy then checks any cached records available for this MN. Cached records MAY be created during MN's first entry to the network. MN will be authenticated and its home network configuration parameters will be downloaded from the home AAA server. DHCP Proxy will then proceed to send Information Reply message and will determine the parameters as follows: Sarikaya & Chowdhury Expires April 5, 2007 [Page 6] Internet-Draft DHCPv4/v6 for Proxy October 2006 To send the Home Agent address to the MN, the DHCPv6 proxy SHALL set the hainfo-type to 1 and the Home Network Information field to the Complete IPv6 address of the home agent in the Home Network Information Option. To indicate the received home link prefix, the DHCPv6 proxy shall set the hainfo-type to 0 and the Home Network Information field to Home subnet prefix in the Home Network Information Option. If both HA and HL prefix information need to be conveyed to the MN, the DHCPv6 proxy shall include two Home Network Information Options with fields set as described above. Sarikaya & Chowdhury Expires April 5, 2007 [Page 7] Internet-Draft DHCPv4/v6 for Proxy October 2006 5. Security Considerations Secure delivery of the configuration information from a DHCP server to the mobile node (DHCP client) relies on the overall DHCP security. The messages defined in this document are secured by DHCP security mechanisms. Sarikaya & Chowdhury Expires April 5, 2007 [Page 8] Internet-Draft DHCPv4/v6 for Proxy October 2006 6. Conclusions We presented DHCP Proxy service for IPv4 and IPv6. We also showed how DHCP proxy can be used. Sarikaya & Chowdhury Expires April 5, 2007 [Page 9] Internet-Draft DHCPv4/v6 for Proxy October 2006 7. Acknowledgements The authors gratefully acknowledge the discussions and feedback from WiMAX Forum NWG attendees. Sarikaya & Chowdhury Expires April 5, 2007 [Page 10] Internet-Draft DHCPv4/v6 for Proxy October 2006 8. References 8.1. Normative References [DHCPv4] "Dynamic Host Configuration Protocol", RFC 2131, March 1997, . [DHCPv6] "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003, . [STANDARDS] "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997, . [rfc2462] "IPv6 Stateless Address Autoconfiguration", RFC 4282, December 1998, . [rfc4282] "The Network Access Identifier", RFC 4282, December 2005, . [statelessDHCP] "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6", RFC 3736, April 2004, . 8.2. Informative References [draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping via DHCPv6 for the Integrated Scenario", June 2006, . [draft-ietf-mip6-hiopt-00.txt] Jang, H., Yegin, A., and K. Chowdhury, "DHCP Option for Home Information Discovery in MIPv6", August 2006, . Sarikaya & Chowdhury Expires April 5, 2007 [Page 11] Internet-Draft DHCPv4/v6 for Proxy October 2006 Authors' Addresses Behcet Sarikaya Huawei USA 1700 Alma Dr. Suite 100 Plano, TX 75075 Phone: Email: sarikaya@ieee.org Kuntal Chowdhury Starent Networks 30 International Place Tewksbury, MA 01876 Phone: +1 214-550-1416 Email: kchowdhury@starentnetworks.com Sarikaya & Chowdhury Expires April 5, 2007 [Page 12] Internet-Draft DHCPv4/v6 for Proxy October 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Sarikaya & Chowdhury Expires April 5, 2007 [Page 13]