TOC |
|
Some Relay Agents extract lease information from the DHCP messages exchanged between the client and DHCP server. This lease information is used by relay agents for various purposes like antispoofing and prevention of flooding. RFC 4388 defines a mechanism for relay agents to retrieve the lease information from the DHCP server as and when this information is lost. The existing leasequery mechanism is data driven, which means that a relay agent can initiate the leasequery only when it starts receiving data from/to the clients. In certain scenarios, this model is not scalable. This document first looks at issues in existing mechanism and then proposes a new query type, query by Remote ID, to address these issues.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
This Internet-Draft will expire on February 7, 2011.
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
1.
Introduction
2.
Terminology
3.
Motivation
4.
Protocol Details
4.1.
Sending the DHCPLEASEQUERY Message
4.2.
Responding to the DHCPLEASEQUERY Message
4.3.
Building a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message
4.4.
Determining the IP address to be used in response
4.5.
Sending a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message
4.6.
Receiving a DHCPLEASEACTIVE or DHCPLEASEUNKNOWN Message
4.7.
Receiving No Response to the DHCPLEASEQUERY Message
4.8.
Lease Binding Data Storage Requirements
4.9.
Using the DHCPLEASEQUERY Message with Multiple DHCP Servers
5.
RFC 4388 Considerations
6.
Security Considerations
7.
IANA Considerations
8.
Acknowledgments
9.
References
9.1.
Normative Reference
9.2.
Informative Reference
§
Authors' Addresses
TOC |
DHCP relay agents snoop DHCP messages and append a relay agent information option before relaying them to the configured DHCP Server. In this process, some relay agents also glean the lease information sent by the server and maintain this locally. This information is used to prevent spoofing attempts from clients and also sometimes to install routing information. When a relay agent reboots, this information is lost. RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) has defined a mechanism to retrieve this lease information from the DHCP server. The existing query types defined by RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) are data- driven. When a client sends data upstream, the relay agent can query the server about the related lease information, based on the source MAC/IP address. These mechanisms do not scale well when there are thousands of clients connected to the relay agent. In the data- driven model, DHCP Leasequery does not provide the full, consolidated active Lease informations associated with a given connection/circuit which will result in inefficient anti-spoofing. The relay agent also has to contend with considerable resources for negative caching specially under spoofing attacks.
We need a mechanism for a relay agent to retrieve the consolidated lease information for a given connection/circuit before upstream traffic is sent by the clients.
+--------+ | DHCP | +--------------+ | Server |-...-| DSLAM | | | | Relay Agent | +--------+ +--------------+ | | +------+ +------+ |Modem1| |Modem2| +------+ +------+ | | | +-----+ +-----+ +-----+ |Host1| |Host2| |Host3| +-----+ +-----+ +-----+
Figure 1 |
For example, when a DSLAM acting as a Relay Agent is rebooted, it should query the server for the lease information for all the connections/circuits. Also, as shown in the above figure, there could be multiple clients on one DSL circuit. The relay agent should get the lease information of all the clients connected to a DSL circuit. This is possible by introducing a new query type based on the Remote ID sub-option of the Relay Agent Information option. This document talks about the motivation for the new query type and the method to perform it.
TOC |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).
This document uses the following terms:
An access concentrator is a router or switch at the broadband access provider's edge of a public broadband access network. This document assumes that the access concentrator includes the DHCP relay agent functionality.
A DHCP client is an Internet host using DHCP to obtain configuration parameters such as a network address.
A DHCP relay agent is a third-party agent that transfers Bootstrap Protocol (BOOTP) and DHCP messages between clients and servers residing on different subnets, per RFC 951 [RFC951] (Croft, B. and J. Gilmore, “Bootstrap Protocol (BOOTP),” September 1985.) and RFC 1542 [RFC1542] (Wimer, W., “Clarifications and Extensions for the Bootstrap Protocol,” October 1993.).
A DHCP server is an Internet host that returns configuration parameters to DHCP clients.
Data transfer which happens through Network Processor or an ASIC which are programmed to forward the data at very high speeds.
Gleaning is the extraction of location information from DHCP messages, as the messages are forwarded by the DHCP relay agent function.
Location information is information needed by the access concentrator to forward traffic to a broadband-accessible host. This information includes knowledge of the host hardware address, the port or virtual circuit that leads to the host, and/or the hardware address of the intervening subscriber modem.
In the context of a DHCP packet, a MAC address consists of the following fields: hardware type "htype", hardware length "hlen", and client hardware address "chaddr".
Data transfer which happens through the control plane. Typically this has very limited buffers to store data and the speeds are very low compared to fast path data transfer.
Upstream is the direction from the broadband subscriber towards the access concentrator.
TOC |
Consider a typical access concentrator (e.g., DSLAM) working also as a DHCP relay agent. A "Fast path" and a "slow path" generally exist in most networking boxes. Fast path processing is done in a network processor or an ASIC (Application Specific Integrated Circuit). Slow path processing is done in a normal processor. As much as possible, regular data forwarding should be done in the fast path. Slow path processing should be reduced as it may become a bottleneck.
For an access concentrator having multiple access ports, multiple IP addresses may be assigned using DHCP to a single port and the number of clients on a port may be unknown. The access concentrator may also not know the network portions of the IP addresses that are assigned to its DHCP clients.
The access concentrator gleans IP address or other information from DHCP negotiations for antispoofing and other purposes. The antispoofing itself is done in fast path. Access concentrator keeps track of only one list of IP addresses: list of IP addresses that are assigned by DHCP server; upstream traffic from all other IP addresses is dropped. If a client starts its data transfer after its DHCP negotiations have been gleaned by the access concentrator, no legitimate packets will be dropped because of antispoofing. In other words, antispoofing is effective (no legitimate packets are dropped and all spoofed packets are dropped) and efficient (antispoofing is done in the fast path). The intention is to achieve similar effective and efficient antispoofing in the lease query scenario also when an access concentrator loses its gleaned information (for example, because of a reboot).
After a deep analysis, we found that the three existing query types supported by RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) do not provide effective and efficient antispoofing for the above scenario and a new mechanism is required.
The existing query types
TOC |
This section talks about the protocol details for query by Remote ID. Most of the message handlings are similar to RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) and this section highlights only the differences. Reader is advised to go through RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) before going through this section for complete understanding of the protocol.
A DHCPLEASEQUERY specified in this document specifies a lease query by Remote ID unless otherwise specified.
RFC 3046 [RFC3046] (Patrick, M., “DHCP Relay Agent Information Option,” January 2001.) defines two sub-options for the Relay Agent Information option. Sub-option 1 corresponds to the Circuit ID that identifies the local circuit of the access concentrator. This sub- option is unique to the relay agent. Sub-option 2 corresponds to the Remote ID that identifies the remote host end of the circuit. This is globally unique in the network.
This document defines a new query type based on the Remote ID sub- option. Suppose that the access concentrator (e.g., DSLAM) lost the lease information when it was rebooted. When the access concentrator comes up, it would initiate (for each connection/circuit) a dhcp lease query by Remote ID as defined in this section. For this query, the requester supplies only an option 82 which will include only a Remote ID sub-option in the DHCPLEASEQUERY message.
The DHCP server MUST reply with a DHCPLEASEACTIVE message if there is an active lease corresponding to the Remote ID that is present in the DHCPLEASEQUERY message. Otherwise, the server MUST reply with a DHCPLEASEUNKNOWN message. Servers that do not implement DHCPLEASEQUERY based on Remote ID SHOULD simply not respond.
TOC |
The DHCPLEASEQUERY message is typically sent by an access concentrator. The DHCPLEASEQUERY message uses the DHCP message format as described in RFC 2131 [RFC2131] (Droms, R., “Dynamic Host Configuration Protocol,” March 1997.), and uses message number 10 in the DHCP Message Type option (option 53). The DHCPLEASEQUERY message has the following pertinent message contents:
The DHCPLEASEQUERY message SHOULD be sent to a DHCP server which is known to possess authoritative information concerning the Remote ID. The DHCPLEASEQUERY message MAY be sent to more than one DHCP server, and in the absence of information concerning which DHCP server might possess authoritative information concerning the Remote ID, it SHOULD be sent to all DHCP servers configured for the associated relay agent (if any are known).
TOC |
There are two possible responses to a DHCPLEASEQUERY message:
The DHCPLEASEUNKNOWN message indicates that the client associated with the Remote ID suboption of the DHCPLEASEQUERY message is not allocated any lease or it is not managed by the server.
The DHCPLEASEACTIVE message indicates that the server not only knows the client specified in the DHCPLEASEQUERY message, but also knows that there is an active lease for that client.
TOC |
A DHCPLEASEACTIVE message is built by populating information pertaining to the client associated with the IP address specified in the ciaddr field.
In the case where more than one IP address has been involved in a DHCP message exchange with the client specified by the Remote ID, then the list of all those IP addresses MUST be returned in the associated-ip option, whether or not that option was requested as part of the Parameter Request List option.
In a DHCPLEASEUNKNOWN response message, the DHCP server MUST echo the Option 82 received in the DHCPLEASEQUERY message. No other options are returned for these messages.
For all other options that are specified in Parameter Request List, the processing is same as mentioned in section 6.4.2 of RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.).
TOC |
The IP address placed in the ciaddr field of a DHCPLEASEACTIVE message MUST be the IP address with the latest client-last-transaction-time associated with the client described by the Remote ID specified in the DHCPLEASEQUERY message.
If there is only a single IP address that fulfills this criteria, then it MUST be placed in the ciaddr field of the DHCPLEASEACTIVE message.
In the case where more than one IP address has been accessed by the client specified by the Remote ID, then the DHCP server MUST return the IP address returned to the client in the most recent transaction with the client unless the DHCP server has been configured by the server administrator to use some other preference mechanism.
TOC |
The server unicasts the DHCPLEASEACTIVE or DHCPLEASEUNKNOWN message to the address specified in giaddr field of DHCPLEASEQUERY message.
TOC |
When a DHCPLEASEACTIVE message is received in response to the DHCPLEASEQUERY message, it means that there is currently an active lease associated with the Remote ID in the DHCP server. The access concentrator SHOULD use the information in the "htype", "hlen", and "chaddr" fields of the DHCPLEASEACTIVE as well as Relay Agent Information option information included in the packet to refresh its location information for this IP address. An access concentrator is likely to query by IP address for all the IP addresses specified in the associated-ip option in the response, if any, at this point in time.
When a DHCPLEASEUNKNOWN message is received by an access concentrator that had sent out a DHCPLEASEQUERY message, it means that the DHCP server does not have definitive information concerning the DHCP client specified in the Remote ID sub-option of the DHCPLEASEQUERY message. The Access Concentrator MAY store this information for future use. However, a DHCPLEASEQUERY SHOULD NOT be attempted with the same Remote ID sub-option.
For leasequery by Remote ID, the impact of negative caching is greatly reduced as the response leads to "definitive" information on all the hosts connected behind the connection. Note that in the case of data-driven approach [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.), a host spoofing several IP addresses can lead to negative caching of greater magnitude. Another important change this draft brings is the removal of "periodic" leasequeries generated from negative caching caused by DHCPLEASEUNKNOWN. Since the information obtained through query by Remote ID is complete, there is no need of attempting leasequery again for the same connection.
TOC |
When an access concentrator receives no response to a DHCPLEASEQUERY message, it should be handled in the same manner as suggested in RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.).
TOC |
Implementation Note:
To generate replies for a lease query by Remote ID effeciently, a DHCP server should index the lease binding data structures using Remote ID.
TOC |
This scenario should be handled in the same way it is done in RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.).
TOC |
This document is compatible with RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) based implementations, which means that a client that supports this extension can work with a server not supporting this document, provided it uses RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) defined query types. Also, a server supporting this document can work with a client not supporting this query type. However, there are some changes that this document proposes with respect to RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.). Implementers extending RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) implementations to support this document, should take note of the following points:
TOC |
This document does not introduce any new security concerns beyond those specified in the original leasequery protocol RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.) specifications.
TOC |
This document does not introduce any new namespaces for the IANA to manage.
TOC |
Copious amounts of text in this document are derived from RFC 4388 [RFC4388] (Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” February 2006.). Kim Kinnear, Damien Neil, Stephen Jacob and Alfred Hoenes provided valuable feedback on this document
TOC |
TOC |
[RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997. |
[RFC4388] | Woundy, R. and K. Kinnear, “Dynamic Host Configuration Protocol (DHCP) Leasequery,” RFC 4388, February 2006. |
[RFC2131] | Droms, R., “Dynamic Host Configuration Protocol,” RFC 2131, March 1997. |
[RFC3046] | Patrick, M., “DHCP Relay Agent Information Option,” RFC 3046, January 2001. |
TOC |
[RFC951] | Croft, B. and J. Gilmore, “Bootstrap Protocol (BOOTP),” RFC 951, September 1985. |
[RFC1542] | Wimer, W., “Clarifications and Extensions for the Bootstrap Protocol,” RFC 1542, October 1993. |
[RFC2132] | Droms, R. and S. Alexander, “DHCP Options and BOOTP Vendor Extensions,” RFC 2132, March 1997. |
TOC |
Pavan Kurapati | |
Juniper Networks Ltd. | |
Embassy Prime Buildings, C.V.Raman Nagar | |
Bangalore 560 093 | |
India | |
Email: | kurapati@juniper.net |
URI: | http://www.juniper.net/ |
D.T.V Ramakrishna Rao | |
Infosys Technologies Ltd. | |
44 Electronics City, Hosur Road | |
Bangalore 560 100 | |
India | |
Email: | ramakrishnadtv@infosys.com |
URI: | http://www.infosys.com/ |
Bharat Joshi | |
Infosys Technologies Ltd. | |
44 Electronics City, Hosur Road | |
Bangalore 560 100 | |
India | |
Email: | bharat_joshi@infosys.com |
URI: | http://www.infosys.com/ |