draft-ietf-dhc-dhcpv4-relay-encapsulation-00.txt   draft-ietf-dhc-dhcpv4-relay-encapsulation-01.txt 
dhc T. Lemon dhc T. Lemon
Internet-Draft Nominum, Inc. Internet-Draft Nominum, Inc.
Intended status: Standards Track H. Deng Intended status: Standards Track H. Deng
Expires: April 19, 2011 China Mobile Expires: January 12, 2012 L. Huang
October 16, 2010 China Mobile
July 11, 2011
Relay Agent Encapsulation for DHCPv4 Relay Agent Encapsulation for DHCPv4
draft-ietf-dhc-dhcpv4-relay-encapsulation-00 draft-ietf-dhc-dhcpv4-relay-encapsulation-01
Abstract Abstract
This document describes a general mechanism whereby DHCP relay agents This document describes a general mechanism whereby DHCP relay agents
can encapsulate DHCP packets that they are forwarding in the can encapsulate DHCP packets that they are forwarding in the
direction of DHCP servers, and decapsulate packets that they they are direction of DHCP servers, and decapsulate packets that they are
forwarding toward DHCP clients, so that more than one relay agent can forwarding toward DHCP clients, so that more than one relay agent can
insert relay agent suboptions into the forwarding chain. insert relay agent suboptions into the forwarding chain.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 19, 2011. This Internet-Draft will expire on January 12, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 28 skipping to change at page 2, line 29
3.3. Encapsulation Segment . . . . . . . . . . . . . . . . . . 9 3.3. Encapsulation Segment . . . . . . . . . . . . . . . . . . 9
4. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . 9 4. DHCP Relay Agent Behavior . . . . . . . . . . . . . . . . . . 9
4.1. Packet processing . . . . . . . . . . . . . . . . . . . . 10 4.1. Packet processing . . . . . . . . . . . . . . . . . . . . 10
4.1.1. Packets traveling toward DHCP servers . . . . . . . . 11 4.1.1. Packets traveling toward DHCP servers . . . . . . . . 11
4.1.2. Packets traveling toward DHCP clients . . . . . . . . 11 4.1.2. Packets traveling toward DHCP clients . . . . . . . . 11
4.1.3. Anti-spoofing . . . . . . . . . . . . . . . . . . . . 11 4.1.3. Anti-spoofing . . . . . . . . . . . . . . . . . . . . 11
4.2. Constructing RELAYFORWARD messages . . . . . . . . . . . . 11 4.2. Constructing RELAYFORWARD messages . . . . . . . . . . . . 11
4.2.1. Initializing the fixed-length header . . . . . . . . . 11 4.2.1. Initializing the fixed-length header . . . . . . . . . 11
4.2.2. Initializing the relay segment . . . . . . . . . . . . 12 4.2.2. Initializing the relay segment . . . . . . . . . . . . 12
4.2.3. Fixed header settings for RELAYFORWARD messages . . . 12 4.2.3. Fixed header settings for RELAYFORWARD messages . . . 12
4.2.4. Fixed header settings for BOOTREQUEST messages . . . . 12 4.2.4. Fixed header settings for BOOTREQUEST messages . . . . 13
4.2.5. Initializing the encapsulation segment . . . . . . . . 13 4.2.5. Initializing the encapsulation segment . . . . . . . . 13
4.3. Decapsulating RELAYREPLY messages . . . . . . . . . . . . 13 4.3. Decapsulating RELAYREPLY messages . . . . . . . . . . . . 13
4.3.1. Processing relay agent suboptions . . . . . . . . . . 13 4.3.1. Processing relay agent suboptions . . . . . . . . . . 13
4.3.2. Constructing the decapsulated message . . . . . . . . 13 4.3.2. Constructing the decapsulated message . . . . . . . . 14
4.4. Retransmitting modified messages . . . . . . . . . . . . . 14 4.4. Retransmitting modified messages . . . . . . . . . . . . . 14
4.4.1. Layer two relay agents . . . . . . . . . . . . . . . . 14 4.4.1. Layer two relay agents . . . . . . . . . . . . . . . . 14
4.4.1.1. Constructing the headers . . . . . . . . . . . . . 14 4.4.1.1. Constructing the headers . . . . . . . . . . . . . 14
4.4.1.2. Forwarding the modified packet . . . . . . . . . . 15 4.4.1.2. Forwarding the modified packet . . . . . . . . . . 15
4.5. Layer Three Relay Agents . . . . . . . . . . . . . . . . . 15 4.4.2. Layer three relay agents . . . . . . . . . . . . . . . 15
4.5.1. Transmitting a decapsulated RELAYREPLY message . . . . 15 4.4.2.1. Transmitting a decapsulated RELAYREPLY message . . 15
4.5.2. Transmitting a decapsulated BOOTREPLY message . . . . 15 4.4.2.2. Transmitting a decapsulated BOOTREPLY message . . 16
4.5.3. Transmitting other messages . . . . . . . . . . . . . 16 4.4.2.3. Transmitting other messages . . . . . . . . . . . 16
5. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 16 5. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 16
5.1. Receiving RELAYFORWARD messages . . . . . . . . . . . . . 16 5.1. Receiving RELAYFORWARD messages . . . . . . . . . . . . . 16
5.1.1. Decapsulation . . . . . . . . . . . . . . . . . . . . 16 5.1.1. Decapsulation . . . . . . . . . . . . . . . . . . . . 16
5.1.2. Processing of decapsulated suboptions . . . . . . . . 16 5.1.2. Processing of decapsulated suboptions . . . . . . . . 16
5.1.3. Address allocation . . . . . . . . . . . . . . . . . . 17 5.1.3. Address allocation . . . . . . . . . . . . . . . . . . 17
5.1.3.1. Default link selection algorithm . . . . . . . . . 17 5.1.3.1. Default link selection algorithm . . . . . . . . . 17
5.1.3.2. Other link selection algorithms . . . . . . . . . 18 5.1.3.2. Other link selection algorithms . . . . . . . . . 18
5.2. Responding to RELAYFORWARD messages . . . . . . . . . . . 18 5.2. Responding to RELAYFORWARD messages . . . . . . . . . . . 18
5.2.1. Constructing a RELAYREPLY encapsulation . . . . . . . 18 5.2.1. Constructing a RELAYREPLY encapsulation . . . . . . . 18
5.2.1.1. Constructing the relay segments . . . . . . . . . 18 5.2.1.1. Constructing the relay segments . . . . . . . . . 19
5.2.1.2. Constructing the fixed-length header . . . . . . . 19 5.2.1.2. Constructing the fixed-length header . . . . . . . 19
5.2.2. Transmission of RELAYREPLY messages . . . . . . . . . 19 5.2.2. Transmission of RELAYREPLY messages . . . . . . . . . 19
5.3. Responding to messages other than RELAYFORWARD . . . . . . 20 5.3. Responding to messages other than RELAYFORWARD . . . . . . 20
6. DHCP Client Behavior . . . . . . . . . . . . . . . . . . . . . 20 6. DHCP Client Behavior . . . . . . . . . . . . . . . . . . . . . 20
7. Security Considerations . . . . . . . . . . . . . . . . . . . 20 7. Security Considerations . . . . . . . . . . . . . . . . . . . 20
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21
9.1. Normative References . . . . . . . . . . . . . . . . . . . 21 9.1. Normative References . . . . . . . . . . . . . . . . . . . 21
9.2. Informative References . . . . . . . . . . . . . . . . . . 22 9.2. Informative References . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
In some networking environments, it is useful to be able to configure In some networking environments, it is useful to be able to configure
relay agents in a hierarchy, so that information from a relay agent relay agents in a hierarchy, so that information from a relay agent
close to the client can be combined with information from one or more close to the client can be combined with information from one or more
skipping to change at page 9, line 17 skipping to change at page 9, line 17
caplen The length of the encapsulation segment: two byte in network caplen The length of the encapsulation segment: two byte in network
byte order. byte order.
aiaddr Relay agent IP address. aiaddr Relay agent IP address.
3.2. Relay Segment 3.2. Relay Segment
The relay segment contains any RAIO suboptions that the encapsulating The relay segment contains any RAIO suboptions that the encapsulating
agent (the relay agent or the DHCP server) wishes to send. End and agent (the relay agent or the DHCP server) wishes to send. End and
Pad options MUST NOT appear within the relay segment. Pad options MUST NOT appear in the relay segment.
3.3. Encapsulation Segment 3.3. Encapsulation Segment
The encapsulation segment contains the entire DHCP message being The encapsulation segment contains the entire DHCP message being
encapsulated, with four exceptions: encapsulated, with four exceptions:
o The encapsulating agent MUST omit the IP and UDP headers, as well o The encapsulating agent MUST omit the IP and UDP headers, as well
as any layer two header, from the encapsulated message. as any layer two header, from the encapsulated message.
o The encapsulating agent MUST omit any options following the first o The encapsulating agent MUST omit any options following the first
End option in the option buffer. These options are assumed to be End option in the option buffer. These options are assumed to be
garbage, and are not covered by any signature [RFC3118]. garbage, and are not covered by any signature [RFC3118].
o The encapsulating MUST omit any Pad options present either at the o The encapsulating MUST omit any Pad options present either at the
end of the option buffer, or prior to the first End packet, that end of the option buffer, or prior to the first End option, that
are followed only by other Pad options or a single End option. are followed only by other Pad options or a single End option.
The encapsulating agent MUST record number of Pad options that The encapsulating agent MUST record number of Pad options that
were omitted in the 'padlen' field of the message header. were omitted in the 'padlen' field of the message header.
o The encapsulating agent MUST omit the End option, if present. The o The encapsulating agent MUST omit the End option, if present. The
encapsulating agent MUST set the 'ep' field in the message header encapsulating agent MUST set the 'ep' field in the message header
to 1 if an End option was present in the option buffer, and to to 1 if an End option was present in the option buffer, and to
zero if no End option was present. zero if no End option was present.
These exceptions apply only to the option buffer. The encapsulating These exceptions apply only to the option buffer. The encapsulating
skipping to change at page 10, line 10 skipping to change at page 10, line 10
DHCP Relay agents implementing this specification MUST have a DHCP Relay agents implementing this specification MUST have a
configuration parameter controlling relay encapsulation. By default, configuration parameter controlling relay encapsulation. By default,
relay encapsulation MUST be disabled. relay encapsulation MUST be disabled.
Relay agents with encapsulation disabled MUST NOT encapsulate. Relay Relay agents with encapsulation disabled MUST NOT encapsulate. Relay
agents with encapsulation disabled MUST NOT decapsulate. agents with encapsulation disabled MUST NOT decapsulate.
In any case where a relay agent implementing this specification does In any case where a relay agent implementing this specification does
not encapsulate or decapsulate, it MUST behave exactly as a relay not encapsulate or decapsulate, it MUST behave exactly as a relay
agent would that did not implement this specification at all. agent that does not implement this specification at all.
DHCP relay agents that are configured with encapsulation enabled, but DHCP relay agents that are configured with encapsulation enabled, but
which have no agent-specific options to send to the DHCP server, MUST which have no agent-specific options to send to the DHCP server, MUST
encapsulate. Relay agents that are configured with encapsulation encapsulate. Relay agents that are configured with encapsulation
enabled MUST decapsulate. enabled MUST decapsulate.
Layer two relay agents MUST silently discard any messages that Layer two relay agents MUST silently discard any messages that
contains an IPsec authentication header [RFC4302]. This is because contains an IPsec authentication header [RFC4302]. This is because
they cannot modify such packets, but also cannot detect that a they cannot modify such messages, but also cannot detect that a
message from the DHCP server is in response such a message, since it message from the DHCP server is in response such messages, since the
might not contain an IPsec authentication header. response message might not contain an IPsec authentication header.
If a relay message would exceed the MTU of the outgoing interface, it
MUST be discarded, and an error condition SHOULD be logged.
4.1. Packet processing 4.1. Packet processing
Relay agents implementing this specification may receive packets Relay agents implementing this specification may receive packets
directed toward DHCP servers with a source port of 67 (BOOTPS). directed toward DHCP servers with a source port of 67 (BOOTPS).
Therefore, the source port cannot be used to determine whether the Therefore, the source port cannot be used to determine whether the
packet is traveling toward a DHCP server or toward a DHCP client. packet is traveling toward a DHCP server or toward a DHCP client.
In order to determine whether a message is traveling toward a DHCP In order to determine whether a message is traveling toward a DHCP
client or toward a DHCP server, the relay agent must check the 'op' client or toward a DHCP server, the relay agent must check the 'op'
skipping to change at page 14, line 41 skipping to change at page 14, line 48
it is using. If the header contains a packet length field, the L2RA it is using. If the header contains a packet length field, the L2RA
MUST adjust the value in the packet length field. If the header MUST adjust the value in the packet length field. If the header
contains a non-secure integrity check such as a CRC or checksum that contains a non-secure integrity check such as a CRC or checksum that
covers the entire packet, the L2RA MUST recompute this value. covers the entire packet, the L2RA MUST recompute this value.
L2RA encapsulation in cases where the layer two contains a secure L2RA encapsulation in cases where the layer two contains a secure
integrity check must either construct a new integrity signature, or integrity check must either construct a new integrity signature, or
else remove the integrity signature. If neither of these is else remove the integrity signature. If neither of these is
possible, the L2RA MUST silently discard the packet. possible, the L2RA MUST silently discard the packet.
The L2RA MUST copy the IP header without modification. If the IP The L2RA MUST copy the IP header without modification except length
header contains any sort of secure integrity check on the packet, the and checksum field which should be recomputed. If the IP header
L2RA MUST silently discard the packet. contains any sort of secure integrity check on the packet, the L2RA
MUST silently discard the packet.
The L2RA MUST copy the UDP header and adjust the 'Length' field The L2RA MUST copy the UDP header and adjust the 'Length' field
[RFC0768]. If the contents of the 'Checksum' field are not zero, the [RFC0768]. If the contents of the 'Checksum' field are not zero, the
L2RA MUST compute a new checksum according to the algorithm specified L2RA MUST compute a new checksum according to the algorithm specified
in User Datagram Protocol. [RFC0768] in User Datagram Protocol. [RFC0768]
4.4.1.2. Forwarding the modified packet 4.4.1.2. Forwarding the modified packet
Ordinarily when a layer two device forwards a packet, it simply Ordinarily when a layer two device forwards a packet, it simply
copies that packet from the interface on which it was received and copies that packet from the interface on which it was received and
skipping to change at page 15, line 33 skipping to change at page 15, line 38
When processing a RELAYREPLY message, the L2RA MAY use information in When processing a RELAYREPLY message, the L2RA MAY use information in
the relay segment of the RELAYREPLY to determine on which network the relay segment of the RELAYREPLY to determine on which network
interface the RELAYREPLY should be forwarded. interface the RELAYREPLY should be forwarded.
When processing any other message, the L2RA MAY use configuration When processing any other message, the L2RA MAY use configuration
information to direct the packet out a specific port or ports that information to direct the packet out a specific port or ports that
have been marked as reaching DHCP servers. The L2RA MUST NOT forward have been marked as reaching DHCP servers. The L2RA MUST NOT forward
any packet on the interface on which it was received, even if that any packet on the interface on which it was received, even if that
interface is so marked. interface is so marked.
4.5. Layer Three Relay Agents 4.4.2. Layer three relay agents
4.5.1. Transmitting a decapsulated RELAYREPLY message 4.4.2.1. Transmitting a decapsulated RELAYREPLY message
When the decapsulated message is itself a RELAYREPLY message, the When the decapsulated message is itself a RELAYREPLY message, the
relay agent MUST forward the decapsulated message to the IP address relay agent MUST forward the decapsulated message to the IP address
specified in the 'aiaddr' field of the fixed-length header. specified in the 'aiaddr' field of the fixed-length header.
If the relay segment of the packet that was decapsulated contains a If the relay segment of the packet that was decapsulated contains a
Link Layer Address suboption, the relay agent MUST transmit the Link Layer Address suboption, the relay agent MUST transmit the
packet to that link layer address without attempting to use Address packet to that link layer address without attempting to use Address
Resolution Protocol (ARP) to translate the address contained in Resolution Protocol (ARP) to translate the address contained in
'aiaddr' to a layer two address. 'aiaddr' to a layer two address.
4.5.2. Transmitting a decapsulated BOOTREPLY message 4.4.2.2. Transmitting a decapsulated BOOTREPLY message
When transmitting a decapsulated BOOTREPLY message, the relay agent When transmitting a decapsulated BOOTREPLY message, the relay agent
transmits the message as specified in Bootstrap Protocol, Section 4 transmits the message as specified in Bootstrap Protocol, Section 4
[RFC0951]. [RFC0951].
4.5.3. Transmitting other messages 4.4.2.3. Transmitting other messages
When transmitting RELAYFORWARD and BOOTREQUEST messages, the relay When transmitting RELAYFORWARD and BOOTREQUEST messages, the relay
agent simply sends the message to the IP address or addresses agent simply sends the message to the IP address or addresses
configured as DHCP servers for that relay agent. configured as DHCP servers for that relay agent.
5. DHCP Server Behavior 5. DHCP Server Behavior
A DHCP server which receives a RELAYREPLY message MUST silently A DHCP server which receives a RELAYREPLY message MUST silently
discard that message. discard that message.
skipping to change at page 18, line 33 skipping to change at page 18, line 40
DHCP servers implementing this specification MAY implement link DHCP servers implementing this specification MAY implement link
selection algorithms other than the one described in the preceding selection algorithms other than the one described in the preceding
section. DHCP servers MUST NOT use any link selection algorithm section. DHCP servers MUST NOT use any link selection algorithm
other than the one described in the preceding section unless other than the one described in the preceding section unless
specially configured to do so. specially configured to do so.
5.2. Responding to RELAYFORWARD messages 5.2. Responding to RELAYFORWARD messages
Once the DHCP server has processed the encapsulated message from the Once the DHCP server has processed the encapsulated message from the
DHCP client and constructed a response to the DHCP client, it DHCP client and constructed a response to the DHCP client, it
constructs a RELAYREPLY message and sends it to the next hop on the constructs a RELAYREPLY message and sends it toward the client.
way to the client.
5.2.1. Constructing a RELAYREPLY encapsulation 5.2.1. Constructing a RELAYREPLY encapsulation
The server MUST encapsulate any response to a client message The server MUST encapsulate any response to a client message
contained in one or more RELAYFORWARD encapsulations in a set of contained in one or more RELAYFORWARD encapsulations in a set of
corresponding RELAYREPLY encapsulations. Each RELAYREPLY is nested corresponding RELAYREPLY encapsulations. Each RELAYREPLY is nested
in the same way that the corresponding RELAYFORWARD was nested, so in the same way that the corresponding RELAYFORWARD was nested, so
that the innermost RELAYREPLY corresponds to the innermost that the innermost RELAYREPLY corresponds to the innermost
RELAYFORWARD, and the outermost RELAYREPLY corresponds to the RELAYFORWARD, and the outermost RELAYREPLY corresponds to the
outermost RELAYFORWARD. outermost RELAYFORWARD.
skipping to change at page 20, line 15 skipping to change at page 20, line 21
message, and MUST preload its ARP cache (or otherwise arrange to message, and MUST preload its ARP cache (or otherwise arrange to
transmit the message without using ARP) to the layer two address transmit the message without using ARP) to the layer two address
provided by the client in 'htype' and 'chaddr' and 'hlen'. provided by the client in 'htype' and 'chaddr' and 'hlen'.
5.3. Responding to messages other than RELAYFORWARD 5.3. Responding to messages other than RELAYFORWARD
When a DHCP server constructs a response to a DHCP client message When a DHCP server constructs a response to a DHCP client message
that did not arrive encapsulated in a RELAYFORWARD message, the DHCP that did not arrive encapsulated in a RELAYFORWARD message, the DHCP
server MUST NOT encapsulate the response in a RELAYREPLY message. server MUST NOT encapsulate the response in a RELAYREPLY message.
DHCP server implementors should be careful that their servers do not DHCP server implementors should be careful that their servers do not
respond to an incoming RAIO from a non-conforming relay agent with a respond to an incoming packet with RAIO from a non-conforming relay
RELAYREPLY message. agent with a RELAYREPLY message.
6. DHCP Client Behavior 6. DHCP Client Behavior
A DHCP client that receives either a RELAYFORWARD message or a A DHCP client that receives either a RELAYFORWARD message or a
RELAYREPLY message MUST silently discard that message. RELAYREPLY message MUST silently discard that message.
7. Security Considerations 7. Security Considerations
DHCP Relay Information Option [RFC3046] limits relay agent DHCP Relay Information Option [RFC3046] limits relay agent
information to a single relay agent, and provides some minimal anti- information to a single relay agent, and provides some minimal anti-
skipping to change at line 983 skipping to change at page 22, line 37
Phone: +1 650 381 6000 Phone: +1 650 381 6000
Email: mellon@nominum.com Email: mellon@nominum.com
Hui Deng Hui Deng
China Mobile China Mobile
53A, Xibianmennei Ave. 53A, Xibianmennei Ave.
Beijing, Xuanwu District 100053 Beijing, Xuanwu District 100053
China China
Email: denghui@chinamobile.com Email: denghui@chinamobile.com
Lu Huang
China Mobile
53A, Xibianmennei Ave.
Xunwu District, Beijing 100053
China
Email: huanglu@chinamobile.com
 End of changes. 22 change blocks. 
31 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/