summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc6644.txt
blob: ade79b0d13cf76b2d9d55ce0e7e5e3dce4d6fd65 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
Internet Engineering Task Force (IETF)                          D. Evans
Request for Comments: 6644                                 IPfonix, Inc.
Updates: 3315                                                   R. Droms
Category: Standards Track                            Cisco Systems, Inc.
ISSN: 2070-1721                                                 S. Jiang
                                            Huawei Technologies Co., Ltd
                                                               July 2012


            Rebind Capability in DHCPv6 Reconfigure Messages

Abstract

   This document updates RFC 3315 (DHCPv6) to allow the Rebind message
   type to appear in the Reconfigure Message option of a Reconfigure
   message.  It extends the Reconfigure message to allow a DHCPv6 server
   to cause a DHCPv6 client to send a Rebind message.  The document also
   clarifies how a DHCPv6 client responds to a received Reconfigure
   message.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by
   the Internet Engineering Steering Group (IESG).  Further
   information on Internet Standards is available in Section 2 of
   RFC 5741.

   Information about the current status of this document, any
   errata, and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6644.

















Evans, et al.                Standards Track                    [Page 1]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................3
   3. The Reconfigure Message Option of the DHCPv6 Reconfigure
      Message .........................................................3
   4. Server Behavior .................................................4
   5. Client Behavior .................................................7
   6. Clarification of Section 19.4.2, RFC 3315 .......................8
   7. Security Considerations .........................................8
   8. Acknowledgements ................................................9
   9. References ......................................................9
      9.1. Normative References .......................................9
      9.2.  Informative References.....................................9










Evans, et al.                Standards Track                    [Page 2]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


1.  Introduction

   DHCPv6 [RFC3315] allows a server to send an unsolicited Reconfigure
   message to a client.  The client's response to a Reconfigure message,
   according to Section 19 of RFC 3315, is either a Renew or an
   Information-request message, depending on the contents of the
   msg-type field in the Reconfigure Message option of the Reconfigure
   message.  If the client sends a Renew message, it includes a Server
   Identifier option in the Renew message to specify the server that
   should respond to the Renew message.  The specification defined in
   RFC 3315 is suitable only for scenarios in which the client would
   communicate with the same DHCPv6 servers.

   There are also scenarios where the client must communicate with a
   different server; for example, a network administrator may choose to
   shut down a DHCPv6 server and move the clients who most recently
   communicated with it to a different server.  Hence, this document
   expands the allowed values of the message type field within the
   reconfiguration message to allow the server to indicate to the client
   to send a Rebind message, which does not include a Server Identifier
   option, and allows any server to respond to the client.

   RFC 3315 does not specify that a Reconfigure message must be sent
   from the server with which the client most recently communicated, and
   it does not specify which server the client should identify with a
   Server Identifier option when the client responds to the Reconfigure
   message.  This document clarifies that the client should send a Renew
   message in response to a Reconfigure message with a Server Identifier
   option identifying the same server that the client would have
   identified if the client had sent the Renew message after expiration
   of the timer T1.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This document uses IPv6 and DHCPv6 terms as defined in Section 4 of
   [RFC3315].

3.  The Reconfigure Message Option of the DHCPv6 Reconfigure Message

   This section modifies Section 22.19 of RFC 3315 to allow the
   specification of the Rebind message in a Reconfigure message.






Evans, et al.                Standards Track                    [Page 3]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


   A server includes a Reconfigure Message option in a Reconfigure
   message to indicate to the client whether the client responds with a
   Renew, an Information-request, or a Rebind message.

   The format of this option is:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      OPTION_RECONF_MSG        |         option-len            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    msg-type   |
    +-+-+-+-+-+-+-+-+

   option-code         OPTION_RECONF_MSG (19).
   option-len          1.
   msg-type            5 for Renew message, 6 for Rebind, 11 for
                          Information-request message.

4.  Server Behavior

   This section updates specific text in Sections 19.1 and 19.2 of RFC
   3315.

   Section 19.1.1:

   OLD:

   The server MUST include a Reconfigure Message option (defined in
   section 22.19) to select whether the client responds with a Renew
   message or an Information-Request message.

   The server MUST NOT include any other options in the Reconfigure
   except as specifically allowed in the definition of individual
   options.

   A server sends each Reconfigure message to a single DHCP client,
   using an IPv6 unicast address of sufficient scope belonging to the
   DHCP client.  If the server does not have an address to which it can
   send the Reconfigure message directly to the client, the server uses
   a Relay-reply message (as described in section 20.3) to send the
   Reconfigure message to a relay agent that will relay the message to
   the client.  The server may obtain the address of the client (and the
   appropriate relay agent, if required) through the information the
   server has about clients that have been in contact with the server,
   or through some external agent.





Evans, et al.                Standards Track                    [Page 4]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


   To reconfigure more than one client, the server unicasts a separate
   message to each client.  The server may initiate the reconfiguration
   of multiple clients concurrently; for example, a server may send a
   Reconfigure message to additional clients while previous
   reconfiguration message exchanges are still in progress.

   The Reconfigure message causes the client to initiate a Renew/Reply
   or Information-request/Reply message exchange with the server.  The
   server interprets the receipt of a Renew or Information-request
   message (whichever was specified in the original Reconfigure message)
   from the client as satisfying the Reconfigure message request.

   NEW:

   The server MUST include a Reconfigure Message option (as defined in
   Section 3 of RFC 6644) to select whether the client responds with a
   Renew message, a Rebind message, or an Information-request message.
   The server MUST NOT include any other options in the Reconfigure,
   except as specifically allowed in the definition of individual
   options.

   A server sends each Reconfigure message to a single DHCP client,
   using an IPv6 unicast address of sufficient scope belonging to the
   DHCP client.  If the server does not have an address to which it can
   send the Reconfigure message directly to the client, the server uses
   a Relay-reply message (as described in Section 20.3) to send the
   Reconfigure message to a relay agent that will relay the message to
   the client.  The server may obtain the address of the client (and the
   appropriate relay agent, if required) through the information the
   server has about clients that have been in contact with the server,
   or through some external agent.

   To reconfigure more than one client, the server unicasts a separate
   message to each client.  The server may initiate the reconfiguration
   of multiple clients concurrently; for example, a server may send a
   Reconfigure message to additional clients while previous
   reconfiguration message exchanges are still in progress.

   The Reconfigure message causes the client to initiate a Renew/Reply,
   a Rebind/Reply message exchange, or an Information-request/Reply
   message exchange.  The server interprets the receipt of a Renew, a
   Rebind, or an Information-request message (whichever was specified in
   the original Reconfigure message) from the client as satisfying the
   Reconfigure message request.







Evans, et al.                Standards Track                    [Page 5]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


   Section 19.1.2:

   OLD:

   If the server does not receive a Renew or Information-request message
   from the client in REC_TIMEOUT milliseconds, the server retransmits
   the Reconfigure message, doubles the REC_TIMEOUT value and waits
   again.  The server continues this process until REC_MAX_RC
   unsuccessful attempts have been made, at which point the server
   SHOULD abort the reconfigure process for that client.

   NEW:

   If the server does not receive a Renew, Rebind, or Information-
   request message from the client in REC_TIMEOUT milliseconds, the
   server retransmits the Reconfigure message, doubles the REC_TIMEOUT
   value, and waits again.  The server continues this process until
   REC_MAX_RC unsuccessful attempts have been made, at which point the
   server SHOULD abort the reconfigure process for that client.

   Section 19.2:

   OLD:

   19.2.  Receipt of Renew or Rebind Messages

   The server generates and sends a Reply message to the client as
   described in sections 18.2.3 and 18.2.8, including options for
   configuration parameters.

   The server MAY include options containing the IAs and new values for
   other configuration parameters in the Reply message, even if those
   IAs and parameters were not requested in the Renew message from the
   client.

   NEW:

   19.2.  Receipt of Renew Messages

   In response to a Renew message, the server generates and sends a
   Reply message to the client as described in Sections 18.2.3 and
   18.2.8, including options for configuration parameters.

   In response to a Rebind message, the server generates and sends a
   Reply message to the client as described in Sections 18.2.4 and
   18.2.8, including options for configuration parameters.





Evans, et al.                Standards Track                    [Page 6]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


   The server MAY include options containing the identity associations
   (IAs) and new values for other configuration parameters in the Reply
   message, even if those IAs and parameters were not requested in the
   Renew or Rebind message from the client.

5.  Client Behavior

   This section updates specific text in Section 19.4 of RFC 3315.

   Section 19.4.1:

   OLD:

   Upon receipt of a valid Reconfigure message, the client responds with
   either a Renew message or an Information-request message as indicated
   by the Reconfigure Message option (as defined in section 22.19).  The
   client ignores the transaction-id field in the received Reconfigure
   message.  While the transaction is in progress, the client silently
   discards any Reconfigure messages it receives.

   NEW:

   Upon receipt of a valid Reconfigure message, the client responds with
   a Renew message, a Rebind message, or an Information-request message
   as indicated by the Reconfigure Message option (as defined in Section
   3 of RFC 6644).  The client ignores the transaction-id field in the
   received Reconfigure message.  While the transaction is in progress,
   the client silently discards any Reconfigure messages it receives.

   Section 19.4.2:

   ADD new second and third paragraphs:

   When responding to a Reconfigure, the client creates and sends the
   Rebind message in exactly the same manner as outlined in Section
   18.1.4 of RFC 3315, with the exception that the client copies the
   Option Request option and any IA options from the Reconfigure message
   into the Rebind message.

   If a client is currently sending Rebind messages, as described in
   Section 18.1.4 of RFC 3315, the client ignores any received
   Reconfigure messages.









Evans, et al.                Standards Track                    [Page 7]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


   Section 19.4.4:

   OLD:

   The client uses the same variables and retransmission algorithm as it
   does with Renew or Information-request messages generated as part of
   a client-initiated configuration exchange.  See sections 18.1.3 and
   18.1.5 for details.  If the client does not receive a response from
   the server by the end of the retransmission process, the client
   ignores and discards the Reconfigure message.

   NEW:

   The client uses the same variables and retransmission algorithm as it
   does with Renew, Rebind, or Information-request messages generated as
   part of a client-initiated configuration exchange.  See Sections
   18.1.3, 18.1.4, and 18.1.5 of RFC 3315 for details.  If the client
   does not receive a response from the server by the end of the
   retransmission process, the client ignores and discards the
   Reconfigure message.

6.  Clarification of Section 19.4.2, RFC 3315

   When sending a Renew message in response to the receipt of a
   Reconfigure message, the client MUST include a Server Identifier
   option, identifying the server with which the client most recently
   communicated.

7.  Security Considerations

   This document allows the Rebind message type to appear in the
   Reconfigure Message option of a Reconfigure message so that the
   client rebinds to a different DHCPv6 server.  A malicious attacker
   may use a faked Reconfigure message to force the client to disconnect
   from the current server and relink to a faked server by quickly
   responding to the client's Rebind message.  A similar attack is
   available in DHCPv6 by an attacker spoofing itself as a valid DHCPv6
   server in response to a Solicit or Request message.  These attacks
   can be prevented by using the AUTH option [RFC3315].  DHCPv6 clients
   that support Reconfigure-Rebind MUST implement the Reconfigure Key
   authentication protocol as described in [RFC3315], Section 21.5.
   Other authentication mechanisms may optionally be implemented.  For
   example, the Secure DHCPv6 [SEC-DHCPv6], based on Cryptographically
   Generated Addresses (CGA) [RFC3972], can provide source address (for
   the DHCP server/relay) ownership validation, message origin
   authentication, and message integrity without requiring symmetric key
   pairs or support from a key management system.




Evans, et al.                Standards Track                    [Page 8]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


8.  Acknowledgements

   Valuable comments were made by Jari Arkko, Sean Turner, Ted Lemon,
   and Stephen Farrell.

9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3315]  Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
              C., and M. Carney, "Dynamic Host Configuration Protocol
              for IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC3972]  Aura, T., "Cryptographically Generated Addresses (CGA)",
              RFC 3972, March 2005.

9.2.  Informative References

   [SEC-DHCPv6]
              Jiang, S. and S. Shen, "Secure DHCPv6 Using CGAs", Work in
              Progress, March 2012.



























Evans, et al.                Standards Track                    [Page 9]
^L
RFC 6644             DHCPv6 Reconfigure with Rebind            July 2012


Authors' Addresses

   D. R. Evans
   IPfonix, Inc.
   330 WCR 16 1/2
   Longmont, CO 80504-9467
   USA

   Phone: +1 303.682.2412
   EMail: N7DR@ipfonix.com


   Ralph Droms
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA 01719
   USA

   Phone: +1 978.936.1674
   EMail: rdroms@cisco.com


   Sheng Jiang
   Huawei Technologies Co., Ltd
   Q14, Huawei Campus, No.156 Beiqing Road
   Hai-Dian District, Beijing, 100095
   P.R. China

   EMail: jiangsheng@huawei.com






















Evans, et al.                Standards Track                   [Page 10]
^L