1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
|
<pre>Internet Engineering Task Force (IETF) G. Halwasia
Request for Comments: 6939 S. Bhandari
Category: Standards Track W. Dec
ISSN: 2070-1721 Cisco Systems
May 2013
<span class="h1">Client Link-Layer Address Option in DHCPv6</span>
Abstract
This document specifies the format and mechanism that is to be used
for encoding the client link-layer address in DHCPv6 Relay-Forward
messages by defining a new DHCPv6 Client Link-Layer Address option.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc6939">http://www.rfc-editor.org/info/rfc6939</a>.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
<span class="grey">Halwasia, et al. Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc6939">RFC 6939</a> DHCPv6 Client Link-Layer Address Option May 2013</span>
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-2">2</a>. Requirements Language ...........................................<a href="#page-2">2</a>
<a href="#section-3">3</a>. Problem Background and Scenario .................................<a href="#page-2">2</a>
<a href="#section-4">4</a>. DHCPv6 Client Link-Layer Address Option .........................<a href="#page-4">4</a>
<a href="#section-5">5</a>. DHCPv6 Relay Agent Behavior .....................................<a href="#page-4">4</a>
<a href="#section-6">6</a>. DHCPv6 Server Behavior ..........................................<a href="#page-4">4</a>
<a href="#section-7">7</a>. DHCPv6 Client Behavior ..........................................<a href="#page-5">5</a>
<a href="#section-8">8</a>. IANA Considerations .............................................<a href="#page-5">5</a>
<a href="#section-9">9</a>. Security Considerations .........................................<a href="#page-5">5</a>
<a href="#section-10">10</a>. Acknowledgements ...............................................<a href="#page-6">6</a>
<a href="#section-11">11</a>. References .....................................................<a href="#page-6">6</a>
<a href="#section-11.1">11.1</a>. Normative References ......................................<a href="#page-6">6</a>
<a href="#section-11.2">11.2</a>. Informative References ....................................<a href="#page-6">6</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
This specification defines an optional mechanism and the related
DHCPv6 option to allow first-hop DHCPv6 relay agents (relay agents
that are connected to the same link as the client) to provide the
client's link-layer address in the DHCPv6 messages being sent towards
the server.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Requirements Language</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a href="./rfc2119">RFC 2119</a> [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Problem Background and Scenario</span>
The DHCPv4 specification [<a href="./rfc2131" title=""Dynamic Host Configuration Protocol"">RFC2131</a>] provides a way to specify the
client link-layer address in the DHCPv4 message header. A DHCPv4
message header has 'htype' and 'chaddr' fields to specify the client
link-layer address type and the link-layer address, respectively.
The client link-layer address thus learned can be used by the DHCPv4
server and the relay agent in different ways. In some of the
deployments, DHCPv4 servers use 'chaddr' as a customer identifier and
a key for lookup in the client lease database.
With the incremental deployment of IPv6 to existing IPv4 networks,
which results in a dual-stack network environment, there will be
devices that act as both DHCPv4 and DHCPv6 clients. In service
provider deployments, a typical DHCPv4 implementation will use the
client link-layer address as one of the keys to build the DHCP client
lease database. In dual-stack scenarios, operators need to be able
<span class="grey">Halwasia, et al. Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc6939">RFC 6939</a> DHCPv6 Client Link-Layer Address Option May 2013</span>
to associate DHCPv4 and DHCPv6 messages with the same client
interface, based on an identifier that is common to the interface.
The client link-layer address is such an identifier.
Currently, the DHCPv6 specification [<a href="./rfc3315" title=""Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"">RFC3315</a>] does not define a way
to communicate the client link-layer address to the DHCP server in
cases where the DHCP server is not connected to the same network link
as the DHCP client. The DHCPv6 specification mandates that all
clients prepare and send a DHCP Unique Identifier (DUID) as the
client identifier option in all the DHCPv6 message exchanges.
However, none of these methods provide a simple way to extract a
client's link-layer address. This presents a problem to an operator
who is using an existing DHCPv4 system with the client link-layer
address as the customer identifier and who desires to correlate
DHCPv6 assignments using the same identifier. [<a href="./rfc4361" title=""Node-specific Client Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4)"">RFC4361</a>] describes a
mechanism for using the same DUID in both DHCPv4 and DHCPv6.
Unfortunately, this specification requires modification of existing
DHCPv4 clients, and has not seen broad adoption in the industry
(indeed, we are not aware of any commercial implementations).
Providing an option in DHCPv6 Relay-Forward messages to carry the
client link-layer address explicitly will help the above mentioned
scenarios. For example, it can be used along with other identifiers
to associate DHCPv4 and DHCPv6 messages from a dual-stack client.
Further, having the client link-layer address in DHCPv6 will help by
providing additional information for event debugging and logging
related to the client at the relay agent and the server. The
proposed option may be used in a wide range of networks; two notable
deployment models are service provider and enterprise network
environments.
<span class="grey">Halwasia, et al. Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc6939">RFC 6939</a> DHCPv6 Client Link-Layer Address Option May 2013</span>
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. DHCPv6 Client Link-Layer Address Option</span>
The format of the DHCPv6 Client Link-Layer Address option is shown
below.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENT_LINKLAYER_ADDR | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| link-layer type (16 bits) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| link-layer address (variable length) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_CLIENT_LINKLAYER_ADDR (79)
option-length: 2 + length of link-layer address
link-layer type: Client link-layer address type. The link-layer
type MUST be a valid hardware type assigned
by the IANA, as described in [<a href="./rfc0826" title=""Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware"">RFC0826</a>]
link-layer address: Client link-layer address
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. DHCPv6 Relay Agent Behavior</span>
DHCPv6 relay agents that receive messages originating from clients
(for example, Solicit and Request, but not, for example,
Relay-Forward or Advertise) MAY include the link-layer source address
of the received DHCPv6 message in the Client Link-Layer Address
option, in relayed DHCPv6 Relay-Forward messages. The DHCPv6 relay
agent behavior can depend on configuration that decides whether the
Client Link-Layer Address option needs to be included.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. DHCPv6 Server Behavior</span>
If the DHCPv6 server is configured to store or use a client link-
layer address, it SHOULD look for the Client Link-Layer Address
option in the Relay-Forward DHCP message of the DHCPv6 relay agent
closest to the client. The mechanism described in this document is
not necessary in the case where the DHCPv6 server is connected to the
same network link as the client, because the server can obtain the
link-layer address from the link-layer header of the DHCPv6 message.
If the DHCP server receives a Client Link-Layer Address option
anywhere in any encapsulated message that is not a Relay-Forward DHCP
message, the server MUST silently ignore that option.
<span class="grey">Halwasia, et al. Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc6939">RFC 6939</a> DHCPv6 Client Link-Layer Address Option May 2013</span>
There is no requirement that a server return this option and its data
in a downstream DHCP message.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. DHCPv6 Client Behavior</span>
The Client Link-Layer Address option is only exchanged between the
relay agents and the servers. DHCPv6 clients are not aware of the
usage of the Client Link-Layer Address option. The DHCPv6 client
MUST NOT send the Client Link-Layer Address option, and MUST ignore
the Client Link-Layer Address option if received.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. IANA Considerations</span>
IANA has assigned an option code (79) to OPTION_CLIENT_LINKLAYER_ADDR
from the "DHCP Option Codes" registry
(<a href="http://www.iana.org/assignments/dhcpv6-parameters/">http://www.iana.org/assignments/dhcpv6-parameters/</a>).
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. Security Considerations</span>
It is possible for a rogue DHCPv6 relay agent to insert an incorrect
Client Link-Layer Address option for malicious purposes. A DHCPv6
client can also pose as a rogue DHCP relay agent by sending a
Relay-Forward message containing an incorrect Client Link-Layer
Address option. In either case, it would be possible for a DHCPv6
client to masquerade as the same device as a DHCPv4 client, when in
fact the two are distinct.
One possible attack that could be accomplished using this masquerade
would be in the case where a DHCPv4 client is using DHCPv4 to do a
Dynamic DNS update to install an A record so that it can be reached
by other nodes [<a href="./rfc4702" title=""The Dynamic Host Configuration Protocol (DHCP) Client Fully Qualified Domain Name (FQDN) Option"">RFC4702</a>]. A masquerading DHCPv6 client could use
DHCPv6 to install a AAAA record with the same name [<a href="./rfc4704" title=""The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) Option"">RFC4704</a>]. Dual-
stack nodes attempting to connect to the DHCPv4 client might then be
tricked into connecting to the masquerading DHCPv6 client instead.
It is possible that there are other attacks that could be
accomplished using this masquerading technique, although the authors
are not aware of any. To prevent masquerades of this sort, DHCP
server administrators are strongly advised to configure DHCP servers
that use this option to communicate with their relay agents using
IPsec, as described in <a href="./rfc3315#section-21.1">Section 21.1 of [RFC3315]</a>.
In some networks, it may be the case that the operator of the
physical network and the provider of connectivity over that network
are administratively separate, such that the Client Link-Layer
Address option would reveal information to one or the other party
that they do not need and could not otherwise obtain. It is also
possible, in some cases, that a relay agent might communicate with a
<span class="grey">Halwasia, et al. Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc6939">RFC 6939</a> DHCPv6 Client Link-Layer Address Option May 2013</span>
DHCP server over an open network where eavesdropping would be
possible. In these cases, it is strongly recommended, in order to
protect end-user privacy, that network operators use IPsec to provide
confidentiality for messages between the relay agent and the DHCP
server.
<span class="h2"><a class="selflink" id="section-10" href="#section-10">10</a>. Acknowledgements</span>
Many thanks to Ted Lemon, Bernie Volz, Hemant Singh, Simon Hobson,
Tina TSOU, Andre Kostur, Chuck Anderson, Steinar Haug, Niall
O'Reilly, Jarrod Johnson, Tomek Mrugalski, and Vincent Zimmer for
their input and review.
<span class="h2"><a class="selflink" id="section-11" href="#section-11">11</a>. References</span>
<span class="h3"><a class="selflink" id="section-11.1" href="#section-11.1">11.1</a>. Normative References</span>
[<a id="ref-RFC0826">RFC0826</a>] Plummer, D., "Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet
address for transmission on Ethernet hardware", STD 37,
<a href="./rfc826">RFC 826</a>, November 1982.
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC3315">RFC3315</a>] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", <a href="./rfc3315">RFC 3315</a>, July 2003.
[<a id="ref-RFC4361">RFC4361</a>] Lemon, T. and B. Sommerfeld, "Node-specific Client
Identifiers for Dynamic Host Configuration Protocol
Version Four (DHCPv4)", <a href="./rfc4361">RFC 4361</a>, February 2006.
<span class="h3"><a class="selflink" id="section-11.2" href="#section-11.2">11.2</a>. Informative References</span>
[<a id="ref-RFC2131">RFC2131</a>] Droms, R., "Dynamic Host Configuration Protocol",
<a href="./rfc2131">RFC 2131</a>, March 1997.
[<a id="ref-RFC4702">RFC4702</a>] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Configuration Protocol (DHCP) Client Fully Qualified
Domain Name (FQDN) Option", <a href="./rfc4702">RFC 4702</a>, October 2006.
[<a id="ref-RFC4704">RFC4704</a>] Volz, B., "The Dynamic Host Configuration Protocol for
IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Option", <a href="./rfc4704">RFC 4704</a>, October 2006.
<span class="grey">Halwasia, et al. Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc6939">RFC 6939</a> DHCPv6 Client Link-Layer Address Option May 2013</span>
Authors' Addresses
Gaurav Halwasia
Cisco Systems
Cessna Business Park, Sarjapura Marathalli Outer Ring Road
Bangalore, KARNATAKA 560 087
India
Phone: +91 80 4429 2703
EMail: ghalwasi@cisco.com
Shwetha Bhandari
Cisco Systems
Cessna Business Park, Sarjapura Marathalli Outer Ring Road
Bangalore, KARNATAKA 560 087
India
Phone: +91 80 4429 2627
EMail: shwethab@cisco.com
Wojciech Dec
Cisco Systems
Haarlerbergweg 13-19
1101 CH Amsterdam, Amsterdam 560 087
The Netherlands
EMail: wdec@cisco.com
Halwasia, et al. Standards Track [Page 7]
</pre>
|
