Dynamic Host Configuration (DHC) G. Ren
Internet-Draft L. He
Intended status: Informational Y. Liu
Expires: August 15, 2020 Tsinghua University
February 12, 2020

DHCPv6 Extension Survey and Considerations


The manageability, security, privacy protection, and traceability of networks can be supported by extending the DHCPv6 protocol according to requirements. This document provides a survey of current extension practices and typical DHCP server software on extensions, defines a DHCPv6 general model, discusses some extension points, and presents extension cases.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on August 15, 2020.

Copyright Notice

Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Introduction

The IP address plays a significant role in the communication of the Internet. IP address generation is also closely related to the manageability, security, privacy protection, and traceability of networks. Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [RFC8415] is a critical network protocol that can be used to dynamically provide IPv6 addresses and other network configuration parameters to IPv6 nodes. DHCPv6 continues to be extended and improved through new options, protocols, and message processing mechanisms.

Although DHCPv6 provides more and more comprehensive functionalities and DHCPv6 server software also provides extension interfaces to allow administrators to alter and customize the way how they handle and respond to DHCPv6 messages, there is still a lack of comprehensive insight into where and how to conduct extensions in DHCPv6 effectively. The extensions to DHCPv6 can be various according to multiple and varied requirements. The goal of multi-requirement extensions for DHCPv6 is to use simple interfaces to define and support more extensions without changing the basic design of DHCPv6. Therefore, a detailed analysis is required to clarify the problems, design principles, and extract and unify the design specifications to help better solve the multi-requirement extension problems.

In summary, multi-requirement extensions for DHCPv6 can be conducted to support the administrator's self-defined functionalities. As DHCPv6 is an essential and useful protocol related to IPv6 addresses generation, it can provide more extended and flexible features to meet administrators' requirements. According to well-designed principles, extended interfaces can be defined to support more self-defined multi-requirement extensions without sacrificing the stability of DHCPv6.

Some people would suggest administrators modify the open-source DHCP servers to solve their problems. However, a considerable amount of time will be taken to understand the open-source DHCP server codes, not to say the consuming time debugging the bugs, failures or system crash caused by modifying the complicated modules. Another problem is that as the open-source software evolves, the source codes of the server software may change (new functionalities or fixing bugs). Users may need to re-write their codes once the latest version of open-source server software comes out [kea_dhcp_hook_developers_guide]. Hence, the multi-requirement extensions for DHCPv6 to solve administrators' specific problems are essential and significant.

This document provides a survey of current extension practices and typical DHCP server software on extensions and gives DHCPv6 extension considerations by defining a DHCPv6 general model, discussing the extension problems, and presenting extension cases.

2. Terminology

Familiarity with DHCPv6 and its terminology, as defined in [RFC8415], is assumed.

3. Current Extension Practices

3.1. Standardized and Non-standardized DHCPv6 Extension Cases

Many documents attempt to extend DHCPv6. They can be classified into three categories.

Extended options
Most extensions for DHCPv6 are implemented in this way. New-defined options carry specific parameters in DHCPv6 messages, which helps DHCPv6 clients or servers know the detailed situation with each other.
Extended messages
Some documents define new protocols that aim to achieve specific goals, e.g., active leasequery [RFC7653], GAGMS [GAGMS].
Extended entities
Some documents introduce third-party entities into the communications of DHCPv6 to achieve specific goals and provide better services, e.g., authentication [RFC7037].

3.2. Current DHCPv6 Server Software Cases

A lot of commercial and open source DHCP servers exist, including Cisco Prime Network Registrar, Microsoft DHCP, VitalQIP [VitalQIP], Nominum DHCP [Nominum_DHCP], ISC DHCP [ISC_DHCP], Kea DHCP [Kea_DHCP], FreeRADIUS DHCP [FreeRADIUS_DHCP], WIDE DHCPv6 [WIDE_DHCPv6], and DHCP Broadband [DHCP_Broadband]. Commercial and open-source DHCPv6 software often considers the extensions of DHCPv6 servers because they cannot always meet the requirements that the administrators want. In this section, we introduce two typical DHCPv6 servers: Cisco Prime Network Registrar and Kea DHCP.

3.2.1. Cisco Prime Network Registrar DHCP Server Extension APIs

Cisco Prime Network Registrar (CPNR) [CPNR] is an appliance which provides integrated Domain Name Server, DHCP, and IP Address Management services for IPv4 and IPv6. At the same time, CPNR DHCP server provides extension APIs and allows administrators to write extensions and functions to alter and customize how it handles and responds to DHCP requests. A network operator usually decides what packet process to modify, how to modify, and which extension point to attach the extension. Then the network operator writes the extension and adds the well-written extension to the extension point of the DHCP server. Finally, the network operator reloads the DHCP server and debugs whether the server runs as it expects.

3.2.2. Kea DHCP Hook Mechanisms

Kea DHCP provides hook mechanisms, a well-designed interface for third-party code, to solve the problem that the DHCP server does not quite do what a network operator require. A network operator can use several well-defined framework functions to load and initialize a library and write specific callout functions to attach to the hook points. After building and configuring the hooks library, the server runs as the network operator requires. Additionally, Kea DHCP allows the network operator to use logging in the hooks library.

4. Extension Discussion

This section elaborates multi-requirement extensions for DHCPv6. Section 4.1 describes the general model of DHCPv6, while Section 4.2 analyzes the extension points and requirements.

4.1. DHCPv6 General Model

Figure 1 summarizes the DHCPv6 general model and its possible extensions: messages, options, message processing functions, and address generation mechanisms.

+-----------------+                  +----------------+
|  DHCPv6 client  |   DHCP messages  |  DHCPv6 relay  |
| +-------------+ |   with options   | +------------+ | External inputs
| |  Message    | |<---------------->| |  Message   | |<----------------
| | processing  | |                  | | relaying   | | e.g., RADIUS
| | functions   | |                  | | functions  | | option [RFC7037]
| +-------------+ |                  | +------------+ |
+-----------------+                  +----------------+
                                DHCP messages |  
                                with options  |  
+-----------------+               +----------------------------+
|                 |   Extended    |        DHCPv6 server       |
|                 |   messages    | +-----------+ +----------+ |
|External entities|<------------->| |  Address  | | Message  | |
|                 |  e.g., Active | | generation| |processing| |
|                 |  leasequery   | | mechanisms| |functions | |
|                 |  [RFC7653]    | +-----------+ +----------+ |
+-----------------+               +----------------------------+

Figure 1: DHCPv6 general model and its possible extensions.

4.2. Extension Points

4.2.1. Messages

On the one hand, new messages can be designed and added to the DHCPv6 protocol to enrich its functionalities. For example, [RFC5007] defines new leasequery messages to allow a requestor to retrieve information on the bindings for a client from one or more servers. [RFC7653] defines active leasequery messages to keep the requestor up to date with DHCPv6 bindings.

On the other hand, people are concerned about the security and privacy issues of the DHCP protocol. [RFC7819] and [RFC7824] describe the privacy issues associated with the use of DHCPv4 and DHCPv6, respectively. DHCPv6 does not provide privacy protection on messages and options. Other nodes can see the options transmitted in DHCPv6 messages between DHCPv6 clients and servers. Extended messages can be designed to secure exchanges between DHCPv6 entities.

4.2.2. Options

DHCPv6 allows defining options to transmit parameters between DHCPv6 entities for common requirements, e.g., DNS [RFC3646] and SNTP [RFC4075]. Also, these parameters may come from external entities. For example, [RFC7037] defines RADIUS option to exchange authorization and identification information between the DHCPv6 relay agent and DHCPv6 server.

In other cases, network operators may require DHCPv6 messages to transmit some self-defined options between clients and servers. Currently, the vendor-specific information option allows clients and servers to exchange vendor-specific information. Therefore, administrative domains can define and use the sub-options of the vendor-specific information option to serve their private purposes. The content of the self-defined options may come from two sources: devices and users. If the content of self-defined options comes from users, two methods can be used to solve the problem. The first one is that the clients provide related interfaces to receive such information, which is currently merely supported. The second one is that DHCPv6 relays obtain such information and add it to the clients' requests. But this always depends on other protocols to allow DHCPv6 relays to get the information first.

4.2.3. Message Processing Functions

Although current commercial or open-source DHCP server software provides comprehensive functionalities, they still cannot meet all customers' requirements of processing DHCP requests. Therefore, they will offer interfaces that customers can use to write their specific extensions to affect the way how DHCP servers handle and respond to DHCP requests. For example, not all networks prefer to use DHCPv6 servers to assign the privacy-preserving random-form addresses generated by some fixed address generation mechanism to DHCPv6 clients. Thus, network operators may alter their DHCPv6 servers through the given extensions to use their preferred address generation mechanisms to assign addresses to DHCPv6 clients. However, not all DHCP software considers this extension.

4.2.4. Address Generation Mechanisms

Currently, the DHCPv6 servers assign addresses, prefixes and other configuration options according to their configured policies. Generally, different networks may prefer different address generation mechanisms. Several address generation mechanisms for SLAAC [RFC4862] (e.g., IEEE 64-bit EUI-64, Constant, semantically opaque, Temporary, and Stable, semantically opaque) proposed for different requirements can be utilized in DHCPv6 protocol as well. The many types of IPv6 address generation mechanisms available have brought about flexibility and diversity. Therefore, corresponding interfaces could be open and defined to allow other address generation mechanisms to be configured.

5. Extension Cases

Administrative domains may enforce local policies according to their requirements, e.g., authentication, accountability. Several kinds of multi-requirement extensions are presented in this section, including configurations in current DHCP software, option definition and server modification, and message definition between DHCPv6 entities and third-party entities.

Currently, many DHCPv6 servers provide administrative mechanisms, e.g., host reservation and client classification. Host reservation is often used to assign certain parameters (e.g., IP addresses) to specific devices. Client classification is often used to differentiate between different types of clients and treat them accordingly in certain cases.

More complicated extensions of DHCPv6 are needed to meet specific requirements. For example, considering such a requirement that DHCP servers assign IP addresses generated by user identifiers to the clients in a network to hold users accountable, two extensions should be fulfilled to meet this requirement. The first one is that clients send their user identifiers to servers. This can be achieved by defining and using sub-options of vendor-specific information option. The second one is that servers use user identifiers to generate IP addresses. To achieve this goal, extension mechanisms provided by the server software such as extension points in CPNR [CPNR] and hook mechanisms in Kea DHCP [Kea_DHCP] can be used.

Some extensions for DHCPv6 may need the support of third-party entities. For example, [RFC7037] introduces RADIUS entities into the message exchanges between DHCPv6 entities for better service provision. The authentication in [RFC7037] can also be used to meet the accountability requirement mentioned above because it is important to authenticate users first before assigning IP addresses generated from user identifiers. Usually, this kind of extension requires the definition of messages communicated between DHCP entities and third-party entities, e.g., active leasequery [RFC7653].

IPv6 addresses are related to manageability, security, traceability, and accountability of networks. As DHCPv6 assigns IPv6 addresses to IPv6 nodes, it is important that DHCPv6 provides interfaces to allow administrative domains to conduct extensions to meet their multi-requirements.

6. Security Considerations

Security issues related with DHCPv6 are described in Section 22 of [RFC8415].

7. IANA Considerations

This document does not include an IANA request.

8. Acknowledgements

The authors would like to thank Bernie Volz, Tomek Mrugalski, Sheng Jiang, and Jinmei Tatuya for their comments and suggestions that improved the [draft-ren-dhc-mredhcpv6]. Some ideas and thoughts of [draft-ren-dhc-mredhcpv6] are contained in this document.

9. References

9.1. Normative References

[RFC4862] Thomson, S., Narten, T. and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007.
[RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., Richardson, M., Jiang, S., Lemon, T. and T. Winters, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, DOI 10.17487/RFC8415, November 2018.

9.2. Informative References

[CPNR] Cisco, "Cisco Prime Network Registrar", 2018.
[DHCP_Broadband] Weird Solutions, "DHCP Broadband", 2018.
[draft-ren-dhc-mredhcpv6] Ren, G., He, L. and Y. Liu, "Multi-requirement Extensions for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", March 2017.
[GAGMS] Liu, Y., He, L. and G. Ren, "GAGMS: A Requirement-Driven General Address Generation and Management System", November 2017.
[ISC_DHCP] Internet System Consortium, "ISC DHCP", 2018.
[Kea_DHCP] Internet System Consortium, "Kea DHCP", 2018.
[kea_dhcp_hook_developers_guide] Internet Systems Consortium, "Hook Developer's Guide", 2018.
[Microsoft] Microsoft, "IPv6 interface identifiers", 2013.
[Microsoft_DHCP] Microsoft, "Microsoft DHCP", 2008.
[Nominum_DHCP] Nominum, "Nominum DHCP", 2012.
[RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet Networks", RFC 2464, DOI 10.17487/RFC2464, December 1998.
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, DOI 10.17487/RFC3646, December 2003.
[RFC4075] Kalusivalingam, V., "Simple Network Time Protocol (SNTP) Configuration Option for DHCPv6", RFC 4075, DOI 10.17487/RFC4075, May 2005.
[RFC4941] Narten, T., Draves, R. and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007.
[RFC5007] Brzozowski, J., Kinnear, K., Volz, B. and S. Zeng, "DHCPv6 Leasequery", RFC 5007, DOI 10.17487/RFC5007, September 2007.
[RFC7037] Yeh, L. and M. Boucadair, "RADIUS Option for the DHCPv6 Relay Agent", RFC 7037, DOI 10.17487/RFC7037, October 2013.
[RFC7217] Gont, F., "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)", RFC 7217, DOI 10.17487/RFC7217, April 2014.
[RFC7653] Raghuvanshi, D., Kinnear, K. and D. Kukrety, "DHCPv6 Active Leasequery", RFC 7653, DOI 10.17487/RFC7653, October 2015.
[RFC7819] Jiang, S., Krishnan, S. and T. Mrugalski, "Privacy Considerations for DHCP", RFC 7819, DOI 10.17487/RFC7819, April 2016.
[RFC7824] Krishnan, S., Mrugalski, T. and S. Jiang, "Privacy Considerations for DHCPv6", RFC 7824, DOI 10.17487/RFC7824, May 2016.
[VitalQIP] Nokia, "Nokia VitalQIP", 2017.
[WIDE_DHCPv6] KAME project, "WIDE DHCPv6", 2008.

Authors' Addresses

Gang Ren Tsinghua University Beijing, 100084 P.R.China Phone: +86-010 6260 3227 EMail: rengang@cernet.edu.cn
Lin He Tsinghua University Beijing, 100084 P.R.China EMail: he-l14@mails.tsinghua.edu.cn
Ying Liu Tsinghua University Beijing, 100084 P.R.China EMail: liuying@cernet.edu.cn