Network Working Group M. Boucadair, Ed. Internet-Draft J-L. Grimault Intended status: Standards Track France Telecom Expires: May 3, 2009 P. Levis A. Villefranque France Telecom-Orange Labs October 30, 2008 DHCP Options for Conveying Port Mask and Port Range Router IP Address draft-boucadair-dhc-port-range-01 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 3, 2009. Abstract This draft defines two new DHCP (Dynamic Host Configuration Protocol, [RFC2131]) Options to be used in the context of Provider-Provisioned CPE solution (a.k.a. Port Range solution or Fractional Address). The first option is used to convey a Port Mask and the second one may be used to convey a list of Port Range Router IP addresses. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", Boucadair, et al. Expires May 3, 2009 [Page 1] Internet-Draft Port Range Options October 2008 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Mask Port Option . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Definition . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Purpose and Usage . . . . . . . . . . . . . . . . . . . . 4 2.3. Illustration Examples . . . . . . . . . . . . . . . . . . 5 2.3.1. One continuous Port Range . . . . . . . . . . . . . . 5 2.3.2. Non Continous Port Range: Single Mask Port, 128 Port Ranges . . . . . . . . . . . . . . . . . . . . . 6 2.3.3. Two Long Port Ranges: Single Port Mask, two Port Ranges . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3.4. Single Mask Port, 64 Port Ranges . . . . . . . . . . . 7 3. Port Range Router IP address DHCP Option (PRR IP Adress DHCP Option) . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1. Purpose and Usage . . . . . . . . . . . . . . . . . . . . 8 3.2. Illustration Example . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 7.1. Normative References . . . . . . . . . . . . . . . . . . . 10 7.2. Informative References . . . . . . . . . . . . . . . . . . 10 Appendix A. Enhanced Port Range DHCP Option . . . . . . . . . . . 10 A.1. Two continuous Port Ranges of different sizes . . . . . . 12 A.2. Two Port Ranges with some ports excluded from the first range . . . . . . . . . . . . . . . . . . . . . . . 13 Appendix B. Changes since 00 version . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 15 Boucadair, et al. Expires May 3, 2009 [Page 2] Internet-Draft Port Range Options October 2008 1. Introduction Recently, in the context of IPv4 address depletion, several solutions have been disseminated within IETF to propose viable alternative solutions to Carrier Grade NAT (CG-NAT). [ID.boucadair] is an example of these solutions which propose to share the same IP address among several devices and to constraint the values used as port sources to a limited set of values. As described in [ID.boucadair], a new DHCP is required to notify remote devices about the allowed port values. This is mainly achieved owing to the Port Mask DHCP Option. This proposal tackles the issue of assigning Port Ranges in a different way than that of [ID.bajko]. The proposed DHCP option only applies to the allocation of ports and not of IP addresses. Therefore the allocation of IP addresses and the allocation of ports are decorrelated from a DHCP point of view. Consequently, this draft does not introduce a conflict to manage existing DHCP options and the new ones (especially with those options including a "requested address" defined in [RFC2132]). In addition, the proposed option allows the definition of Port Ranges in a very flexible way; non contiguous values are possible, which prevents for instance to allocate all well-known ports to the same customer. This draft defines the notion of Port Mask which is generic and flexible. Several allocation schemes may be implemented owing to a Port Mask. This draft proposes a basic mechanism allowing to allocate a unique Port Mask. The Annex describes a variant permitting a more sophisticated allocation of ports such as: allocate a Port Range except some values (e.g. All well-known port values except 80 and 8080), allocate only a set of discrete values together with a Port Range (e.g. 3000 to 32000 and port 80), etc. According to [ID.dhcpguide], the formats of the herein proposed DHCP options are similar to the ones defined in [RFC2132]. IP exhaustion is only provided as an example of usage of the DHCP options defined in this draft. Other usages may be considered. 2. Mask Port Option This section defines the Port Mask DHCP Option. 2.1. Definition For making the distinction between a Port Range containing a continuous span of port numbers and a Port Range with non continuous Boucadair, et al. Expires May 3, 2009 [Page 3] Internet-Draft Port Range Options October 2008 port numbers, the following denominations are used: - Continuous Port Range: a set of port values which form a continuous sequence. - Non Continuous Port Range: a set of ports values which does not form a continuous sequence. Moreover, unless explicitly mentioned, Port Mask refers to the couple (Port Mask, Port Locator). 2.2. Purpose and Usage This option is used to notify a remote DHCP client about the Port Mask to be applied when selecting a port value as a source port. The Port Mask option is used to infer a set of allowed port values. A Port Mask defines a set of ports that all have in common a subset of pre-positioned bits. This ports set is also called Port Range. Two port numbers are said to belong to the same Port Range if and only if, they have the same Port Mask. In the rest, for easing the denomination, we will call CPE (Customer Premises Equipment) the equipment which applies the port restriction when communicating. But it could be any other kind of equipment (e.g. a terminal). The code for this DHCP option is to be assigned by IANA. The minimum length of this option is 4, and the length MUST be a multiple of 4. The format of Port Mask DHCP option is illustrated in the figure hereafter: Code Len Port Mask 1 Mask Locator 1 +-----+-----+-----+-----+-----+-----+ | TBA | n | MP1 | ML1 | +-----+-----+-----+-----+-----+-----+ TBA means to be assigned by IANA. Port Mask indicates the value of the mask to be applied and Mask Locator indicates the position of the bits which are used to build the mask. Port Mask and Mask Locator are encoded as 16 bits. The "1" values in the Mask Locator indicate by their position the significant bits of the Port Mask (the pattern of the Port Mask). Boucadair, et al. Expires May 3, 2009 [Page 4] Internet-Draft Port Range Options October 2008 For example, o a Mask Locator equal to 1000000000000000 indicates that the first bit (the most significant one) is used as a pattern of the Port Mask; o a Mask Locator equal to 0000101000000000 indicates that the 5th and the 7th most significant bits are used as a pattern of the Port Mask. The pattern of the Port Mask is all the fixed bits in the Port Mask. All the ports the CPE is allowed to use as source ports must have their number in accordance with the pattern. The Port Mask is coded as follows: - The pattern bits of the Port Mask are those where "1" values are set in the Mask Locator. These bits may take a value of 0 or 1. - All the other bits are set to "0". 2.3. Illustration Examples This section provides a set of examples to illustrate the usage of the Port Mask DHCP Option: 1. Single Port Mask to assign one Continuous Port Range to a given device; 2. Single Port Mask used to assign 128 Port Ranges with two Port Ranges within the well-known Port Range to a given device;. 3. Single Port Mask to assign two long Port Ranges to a given device; 4. Single Port Mask to allocate to a given device 64 Port Ranges with a Port Range within the well-known Port Range. 2.3.1. One continuous Port Range This section provides an example of a Port Mask used to assign a unique Continuous Port Range to a given customer's device. For illustration purposes, the following Mask Locator and Port Mask are conveyed using DHCP to assign a Port Range (from 2048 to 4095) to a given device: Boucadair, et al. Expires May 3, 2009 [Page 5] Internet-Draft Port Range Options October 2008 - Port Mask : 0000100000000000 (2048) - Mask Locator : 1111100000000000 (63488) In this example, 2^5 customers can share the same IP address. 2.3.2. Non Continous Port Range: Single Mask Port, 128 Port Ranges Unlike the previous example, this one illustrates the case where a non Continuous Port Range is assigned to a given customer's device. In this example, the Port Mask defines 128 Continuous Port Ranges, each one with a length of 16 port values. Note that the two first Port Ranges are both in the well-known ports span (i.e. 0-1023) but these two ranges are not adjacent. The following Mask Locator and Port Mask are conveyed in DHCP messages: - Port Mask : 0000000001010000 (80) - Mask Locator : 0000000111110000 (496) This means that the 128 following Continuous Port Ranges are assigned to the same customer's device: - from 80 to 95 - from 592 to 607 - ... - ... - from 65104 to 65119 2.3.3. Two Long Port Ranges: Single Port Mask, two Port Ranges In this example, the Port Mask defines two Continuous Port Ranges, each one being 1024 ports long: - Port Mask : 0000000000000000 (0) - Mask Locator : 1111010000000000 (62464) This means that the two following Continuous Port Ranges are assigned to the same device: Boucadair, et al. Expires May 3, 2009 [Page 6] Internet-Draft Port Range Options October 2008 - from 0 to 1023, and - from 2048 to 3071 2.3.4. Single Mask Port, 64 Port Ranges This example shows the flexibility of allocating allowed port values using a Port Mask. In the following example, 64 Continuous Port Ranges are allocated to each CPE (among a set of 4 CPEs sharing the same IPv4 address). Among the 64 continuous Port Ranges to each CPE, there is always one within the span of the first 1024 well-known port values. Hereafter is provided the Port Mask and Port Locator assigned to 2 CPEs: 1. CPE#0 - Port Mask: 0000000000000000 (0) - Mask Locator: 0000001100000000 (768) The CPE#0 has therefore the 64 following Continuous Port Ranges: - 1st range: 0-255 - ... - 64th range: 64512-64767 2. CPE#2 - Port Mask: 0000001100000000 (768) - Mask Locator: 0000001100000000 (768) The CPE#2 has therefore the 64 following Continuous Port Ranges: - 1st range: 768-1023 - ... - 64th range: 65280-65535 3. Port Range Router IP address DHCP Option (PRR IP Adress DHCP Option) This section defines the Port Range Router IP Address DHCP Option. Boucadair, et al. Expires May 3, 2009 [Page 7] Internet-Draft Port Range Options October 2008 3.1. Purpose and Usage The PRR IP Address DHCP option specifies a list of routers (represented as IPv4 addresses) which maintains a binding table as defined in [ID.boucadair]. Routers SHOULD be listed in order of preference. The code for the PRR IP Address DHCP option is to be assigned by IANA. The minimum length for this option is 4 octets, and the length MUST always be a multiple of 4. The format of the PRR IP Address DHCP option is depicted in the following figure: Code Len Address 1 Address 2 +-----+-----+-----+-----+-----+-----+-----+-----+-- | TBA | n | a1 | a2 | a3 | a4 | a1 | a2 | ... +-----+-----+-----+-----+-----+-----+-----+-----+-- This format assumes that an IPv4 address is encoded as a1.a2.a3.a4. This option can be used for instance when a CPE-Provisioned PRR model is adopted (Refer to [ID.boucadair] for more details about this mode). Once this option is received by a given customer's device (particularly embedded DHCP Client), an appropriate message is sent to the IP address conveyed in this option. This message aims at notifying the remote Port Range Router about the assigned Port Mask and IP address. An entry is consequently instantiated in the binding table maintained by that PRR. As stated above, this option encloses at least one IP address, which represents the PRR. If several IP addresses are conveyed, these PRR are contacted in a priority-based scheme. Thus, if no acknowledgment message is received for the issued message, the next PRR in the list is contacted, etc. 3.2. Illustration Example This section provides an example of the configuration data conveyed in a Port Range Router DHCP Option. Boucadair, et al. Expires May 3, 2009 [Page 8] Internet-Draft Port Range Options October 2008 Let's suppose that the configuration data is retrieved by a CPE using DHCP. This configuration contains a Port Range Router Option illustrated in the following figure: Code Len Address 1 +-----+-----+-----+-----+-----+-----+ | TBA | 4 | 21 | 15 | 52 | 55 | +-----+-----+-----+-----+-----+-----+ Within this example, this option carries one single IP address: 21.15.52.55. Once this data is received by the CPE, the following call flow is experienced: +-----+ +-----+ | CPE | | PRR | +-----+ +-----+ | 21.15.52.55 | (1) BIND() | |------------------------------>| | | | | | (2) ACK | |<------------------------------| | | As a result, PRR (21.21.52.55) is aware about the required information to route unambiguously all received IP packets to that CPE. This process is achieved each time DHCP configuration data change. 4. IANA Considerations This document requests the assignment of two DHCP Options: - Port Mask Option; - Port Range Router IP Address Option. 5. Security Considerations This document does not introduce any security issue. Boucadair, et al. Expires May 3, 2009 [Page 9] Internet-Draft Port Range Options October 2008 6. Acknowledgements TBC 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997. 7.2. Informative References [ID.bajko] Bajko, G. and T. Savolainen , "Dynamic Host Configuration Protocol (DHCP) Options for Port Restricted IP Address Assignment", September 2008. [ID.boucadair] Boucadair, M., "Provider-Provisioned CPE: IPv4 Connectivity Access in the context of IPv4 address exhaustion", October 2008. [ID.dhcpguide] Hankins, D., "Guidelines for Creating New DHCP Options", October 2008. Appendix A. Enhanced Port Range DHCP Option This appendix defines a variant which allows a more sophisticated allocation of ports. The format of the Port Mask DHCP Option is slightly more complicated than the basic one defined above. Boucadair, et al. Expires May 3, 2009 [Page 10] Internet-Draft Port Range Options October 2008 The format of the enhanced Port Mask DHCP Option is illustrated in the figure hereafter: Code Len OP Port Mask 1 Mask Locator 1 +-----+-----+-----+--------+--------+--------+--------+ | TBA | n | op1 | MP1 | ML1 | +-----+-----+-----|--------+--------+--------+--------+ OP Port Mask 2 Mask Locator 2 +-----+--------+--------+--------+--------+--- | op2 | MP2 | ML2 |... +-----+--------+--------+--------+--------+--- As shown above, several Port Masks may be enclosed in the Port Mask DHCP Option. The minimum length of this option is 5, and the length MUST be a multiple of 5. As shown above, several Port Masks and Mask Locators may be enclosed in a single option. The OP (Operand) field encodes in one octet the way the Port Mask is to be applied. Two values are defined in this draft: - OP = 0: This means that the Port Mask and Mask Locator which follow define a set of ports which can be used by the CPE. This is exactly the working of the basic mechanism described in the core of this memo. - OP = 1: This means that the Port Mask and Mask Locator which follow define a set of ports which must NOT be used by the CPE. Therefore OP = 1 excludes ports specified by the associated Port Mask. The set of excluded ports defined by a sequence (OP=1, Port Mask_y, Mask Locator_y) has the precedence over any sequence (OP=0, Port Mask_x, Mask Locator_x) within the Port Mask DHCP Option. That means that the final ports set defined by the Port Mask DHCP option is : union of the sets defined by all the sequences (OP=0, Port Mask_x, Mask Locator_x) minus all the sets defined by the sequences (OP=1, Port Mask_y, Mask Locator_y). The order of sequence (OP, Port Mask, Mask Locator) within the Port Mask DHCP Option is not important. OP=0 sequences can precede OP=1 Boucadair, et al. Expires May 3, 2009 [Page 11] Internet-Draft Port Range Options October 2008 sequences or the contrary. OP=0 sequences can be mixed with OP=1 sequences. Two examples are provided hereafter. A.1. Two continuous Port Ranges of different sizes One could notice from the examples given for the basic mechanism (see Section 2.3. Illustration Examples) that with a single Port Mask it is not possible to allocated several Continuous Port Ranges of different sizes. In the scope of this present variant this is feasible. The use case can be, for example, a CPE to which has been already allocated a Continuous Port Range (e.g. 2048 ports from 16384 to 18431) outside the well-known port values span (0-1023). If at a later stage, the customer wishes to enable some servers behind its CPE and then uses a well-known ports (i.e. a values within 0 to 1023 ranges) and if this Port Range (0-1023) is not yet allocated to another CPE, it can be allocated to that CPE owing to a second Port Mask. Therefore, the Port Mask DHCP Option would contain two (OP, Port Mask, Mask Locator) sequences as shown below: - First (OP, Port Mask, Mask Locator): * OP = 0 * Port Mask: 0100000000000000 (16384) * Mask Locator : 1111100000000000 (63488) This yields the following 2048 long Continuous Port Range: from 16384 to 18431 - Second (OP, Port Mask, Mask Locator): * OP = 0 * Port Mask: 0000000000000000 (0) * Mask Locator : 1111110000000000 (64512) This yields the following Continuous Port Range: from 0 to 1023 Boucadair, et al. Expires May 3, 2009 [Page 12] Internet-Draft Port Range Options October 2008 A.2. Two Port Ranges with some ports excluded from the first range This example is the same as the previous one but the port 80 is not allocated to the CPE. There are three (OP, Port Mask, Mask Locator) sequences. The first two ones are the same ones as in the previous example. The third sequence is as follows: - OP = 1 - Port Mask: 0000000001010000 (80) - Mask Locator : 1111111111111111 (65535) This third (OP, Port Mask, Mask Locator) sequence excludes port 80 from the allowed port values to that device. Appendix B. Changes since 00 version 1. Some editorial changes 2. Correct the example provided in Section 2.3.3 Authors' Addresses Mohamed Boucadair (editor) France Telecom 42 rue des Coutures BP 6243 Caen Cedex 4 14066 France Email: mohamed.boucadair@orange-ftgroup.com Jean-Luc Grimault France Telecom Email: jeanluc.grimault@orange-ftgroup.com Boucadair, et al. Expires May 3, 2009 [Page 13] Internet-Draft Port Range Options October 2008 Pierre Levis France Telecom-Orange Labs Email: pierre.levis@orange-ftgroup.com Alain Villefranque France Telecom-Orange Labs Fax: Email: alain.villefranque@orange-ftgroup.com Boucadair, et al. Expires May 3, 2009 [Page 14] Internet-Draft Port Range Options October 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Boucadair, et al. Expires May 3, 2009 [Page 15]