DHC%20Working%20Group

1
DHC Working Group

• DHCP Lease Query
• Kim Kinnear
• Cisco Systems
• December 11, 2000

2
DHCP Lease QueryWhats the Problem?

• Access concentrators can glean DHCP information
  to build internal tables relating IP, MAC, and
  circuit, but this information is lost after
  reboot.
• This information is used to increase security in
  public networks which use DHCP.

3
DHCP Lease QueryWhats the Solution?

• The access concentrator can ask the DHCP server
  about the IP addresses that it encounters, and
  rebuild its internal tables in real time.
• It asks the DHCP server because the DHCP server
  has the most up to date information.

4
What is DHCP Lease Query?

• A lightweight method for relay agents to get
  location information from the DHCP server(s)
• A message designed for the needs of broadband
  access concentrators (e.g. DOCSIS CMTS, DSL AC)
• A DHCP message that does not modify server lease
  state (like DHCPINFORM)

5
Location Information

• Often includes the following information
• Device hardware (MAC) address
• Port/virtual circuit that leads to the device
• Hardware address of the intervening subscriber
  modem
• contained in relay-agent-info option
• Can be used for both downstream transmission, and
  upstream verification

6
Location Information in a Cable Access Network
Access Concentrator
Subscriber Modems
Computers
24.128.1.1
DHCP Server
24.128.1.2
24.128.1.3
24.128.1.4

• Access Concentrators use location info. for
• Choosing specific broadband access network
• Encrypting traffic for specific subscriber modem
• Forwarding traffic to specific subscriber modem

7
Why Propose a New DHCP Message Alternatives

• Use broadcast ARP
• Chatty on public network
• Vulnerable to subscriber spoofing
• Capture information from relayed DHCP messages
  (gleaning)
• Process starts from scratch with reboot or
  replacement of relay agent
• Relay agent misses unicast DHCP messages (e.g.
  Renewals)

8
Why Propose a New DHCP Message More Alternatives

• Leverage DHCP Server MIB
• Access concentrators act as SNMP agents, but not
  as SNMP managers
• Leverage DHCP LDAP Schema
• Access concentrators dont act as LDAP clients,
  LDAP information may not be up to date.

9
DHCP Lease Query Exchange

• DHCP Lease Query message
• Ciaddr refers to IP address lease to query
• Giaddr refers to requestor (i.e. access
  concentrator)
• Parameter request list includes IP Address Lease
  Time option (51) and Relay Agent Information
  option (82)
• DHCP Lease Query response - DHCPACK or DHCPNAK

10
DHCP Lease Query Example - DOCSIS CMTS

• CMTS receives packet to forward downstream across
  cable
• CMTS has no local location information
• CMTS sends DHCP Lease Query, gets DHCPACK
• Chaddr contains the PC MAC address
• Option 82 contains subscriber modem info
• CMTS transmits packet using BPI

11
Interactions with Lease Query

• Relay Agent Gleaning
• Gleaning state replaces Lease Query state
• Lease Query with Failover
• Access concentrator sends Lease Query messages to
  multiple DHCP servers
• Failover BNDUPD messages need to include option
  82 relay-agent-info
• Lease Query uses DHCP Authentication

12
DHCP Lease Query Status

• DHCP Lease Query internet draft updated with
  comments and submitted under DHC working group
• DHCP Lease Query variant implemented in Cisco
  uBR, Cisco Network Registrar

13
DHCP Lease QueryRecent Updates

• Restructured draft for clarity
• Specified detailed client and server behavior
• Added information about static (reserved)
  addresses
• Fleshed out NAK semantics

14
DHCP Lease QueryPlans

• Gather additional technical comments (some
  received already)
• Update draft prior to Minneapolis IETF in March.
• When is last call? After Minneapolis review?