<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!ENTITY rfc2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'> <!ENTITY rfc8174 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml'> <!ENTITY rfc8415 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8415.xml'> <!ENTITY I-D.ietf-dhc-mac-assign SYSTEM 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-dhc-mac-assign.xml'> <!ENTITY rfc8200 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8200.xml'> <!ENTITY rfc7228 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7228.xml'> <!ENTITY rfc7548 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7548.xml'> <!ENTITY rfc7227 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7227.xml'> ]> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>"rfc2629-xhtml.ent"> <rfccategory="std"xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-dhc-slap-quadrant-12"ipr="trust200902">number="8948" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 3.2.1 --> <front> <title abbrev="DHCPv6 SLAPquadrant selection"> SLAP quadrant selection optionQuadrant Selection"> Structured Local Address Plan (SLAP) Quadrant Selection Option for DHCPv6 </title><!-- AUTHORS --><seriesInfo name="RFC" value="8948"/> <author fullname="Carlos J. Bernardos" initials="CJ." surname="Bernardos"> <organization abbrev="UC3M"> Universidad Carlos III de Madrid </organization> <address> <postal> <street>Av. Universidad, 30</street> <city>Leganes, Madrid</city> <code>28911</code> <country>Spain</country> </postal> <phone>+34 91624 6236</phone> <email>cjbc@it.uc3m.es</email> <uri>http://www.it.uc3m.es/cjbc/</uri> </address> </author> <author fullname="Alain Mourad" initials="A." surname="Mourad"> <organization abbrev="InterDigital"> InterDigital Europe </organization> <address> <email>Alain.Mourad@InterDigital.com</email> <uri>http://www.InterDigital.com/</uri> </address> </author> <datemonth="October" year="2020" />month="November" year="2020"/> <area>Internet</area> <workgroup>DHC WG</workgroup> <abstract> <t> The IEEE originally structured the 48-bitMACMedia Access Control (MAC) address space in such a way that half of it was reserved for local use. In 2017, the IEEE published a new standard (IEEE Std 802c) with a new optional"StructuredStructured Local AddressPlan"Plan (SLAP). It specifies different assignment approaches in four specified regions of the local MAC address space. </t> <t> The IEEE is developing protocols to assign addresses (IEEE P802.1CQ). There isworkalso work in the IETF on specifying a new mechanism that extends DHCPv6 operation to handle the local MAC address assignments. </t> <t> This document proposes extensions to DHCPv6 protocols to enable a DHCPv6 client or a DHCPv6 relay to indicate a preferred SLAP quadrant to theserver,server so that the server may allocate MAC addresses in the quadrant requested by the relay or client. A new DHCPv6 option (QUAD) is defined for this purpose. </t> </abstract> </front> <middle> <sectionanchor="sec:introduction" title="Introduction"> <t>anchor="sec_introduction" numbered="true" toc="default"> <name>Introduction</name> <t>The IEEE structures the 48-bit MAC address space in such a way that half of itwasis reserved for local use (where the Universal/Local-- U/L --(U/L) bit is set to 1). In 2017, the IEEE published a new standard(IEEE Std 802c<xreftarget="IEEEStd802c"/>) whichtarget="IEEEStd802c" format="default"/> that defines a new optional"StructuredStructured Local AddressPlan"Plan (SLAP) that specifies different assignment approaches in four specified regions of the local MAC address space. These four regions, called SLAP quadrants, are briefly described below (see <xreftarget="fig:ieee_48bit_mac" />target="fig_ieee_48bit_mac" format="default"/> and <xreftarget="fig:slap_quadrants" />target="fig_slap_quadrants" format="default"/> for details):<list style="symbols"> <t></t> <ul spacing="normal"> <li> In SLAP Quadrant 01,“ExtendedExtended LocalIdentifier”Identifier (ELI) MAC addresses are assigned based on a 24-bit Company ID (CID), which is assigned by the IEEE Registration Authority (RA). The remaining bits are specified as an extension by the CID assignee or by a protocol designated by the CID assignee.</t> <t></li> <li> In SLAP Quadrant 11,“StandardStandard AssignedIdentifier”Identifier (SAI) MAC addresses are assigned based on a protocol specified in an IEEE 802 standard. For 48-bit MAC addresses, 44 bits are available. Multiple protocols for assigning SAIs may be specified in IEEE standards. Coexistence of multiple protocols may be supported by limiting the subspace available for assignment by each protocol.</t> <t></li> <li> In SLAP Quadrant 00,“AdministrativelyAdministratively AssignedIdentifier”Identifier (AAI) MAC addresses are assigned locally by an administrator. Multicast IPv6 packets use a destination address starting in 33-33, so AAI addresses in that range should not be assigned. For 48-bit MAC addresses, 44 bits are available.</t> <t></li> <li> SLAP Quadrant 10 is“Reserved"Reserved for futureuse”use" where MAC addresses may be assigned using new methods yet to bedefined,defined or until then by an administrator as in the AAI quadrant. For 48-bit MAC addresses, 44 bits would be available.</t> </list> </t></li> </ul> <figureanchor="fig:ieee_48bit_mac" title="IEEE 48-bitanchor="fig_ieee_48bit_mac"> <name>IEEE 48-Bit MACaddress structureAddress Structure (in IEEErepresentation)" >Representation)</name> <artwork><![CDATA[ LSB MSB M X Y Z - - - - | | | | | | | +------------ SLAP Z-bit | | +--------------- SLAP Y-bit | +------------------ X-bit (U/L) = 1 for locally assigned +--------------------- M-bit (I/G) (unicast/group) Legend: LSB: Least Significant Bit MSB: Most Significant Bit ]]></artwork> </figure><figure anchor="fig:slap_quadrants" title="SLAP quadrants" > <artwork><![CDATA[ +----------+-------+-------+-----------------------+----------------+ | Quadrant | Y-bit | Z-bit | Local Identifier Type | Local | | | | | |<table anchor="fig_slap_quadrants"> <name>SLAP Quadrants</name> <thead> <tr> <th>Quadrant</th> <th>Y-bit</th> <th>Z-bit</th> <th>Local Identifier| +----------+-------+-------+-----------------------+----------------+ | 01 | 0 | 1 | Extended Local | ELI | | 11 | 1 | 1 | Standard Assigned | SAI | | 00 | 0 | 0 | Administratively | AAI | | | | | Assigned | | | 10 | 1 | 0 | Reserved | Reserved | +----------+-------+-------+-----------------------+----------------+ ]]></artwork> </figure>Type</th> <th>Local Identifier</th> </tr> </thead> <tbody> <tr> <td>01</td> <td>0</td> <td>1</td> <td>Extended Local</td> <td>ELI</td> </tr> <tr> <td>11</td> <td>1</td> <td>1</td> <td>Standard Assigned</td> <td>SAI</td> </tr> <tr> <td>00</td> <td>0</td> <td>0</td> <td>Administratively Assigned</td> <td>AAI</td> </tr> <tr> <td>10</td> <td>1</td> <td>0</td> <td>Reserved</td> <td>Reserved</td> </tr> </tbody> </table> <sectionanchor="sec:ps" title="Problem statement">anchor="sec_ps" numbered="true" toc="default"> <name>Problem Statement</name> <t> The IEEE is developing mechanisms to assign addresses(IEEE P802.1CQ project)<xref target="IEEE-P802.1CQ-Project"/>. There is also ongoing work in the IETFformat="default"/>. And <xreftarget="I-D.ietf-dhc-mac-assign" /> specifyingtarget="RFC8947" format="default"/> specifies a new mechanism that extends DHCPv6 operation to handle the local MAC address assignments. This document proposes extensions to DHCPv6 protocols to enable a DHCPv6 client or a DHCPv6 relay to indicate a preferred SLAP quadrant to theserver,server so that the server may allocate the MAC addresses in the quadrant requested by the relay or client. </t> <t> In the following, we describe two application scenarios in which a need arises to assign local MAC addresses according to preferred SLAP quadrants. </t> <sectionanchor="sec:wifi_devices" title="WiFianchor="sec_wifi_devices" numbered="true" toc="default"> <name>Wi-Fi (IEEE 802.11)devices">Devices</name> <t> Today, mostWiFiWi-Fi devices come with interfaces that have a“burned in”"burned-in" MAC address, allocated from the universal address space using a 24-bit Organizationally Unique Identifier(OUI, assigned(OUI) (assigned to IEEE 802 interface vendors). However, recently, the need to assign local (instead of universal) MAC addresses has emergedin particularparticularly in the following two scenarios:<list style="symbols"> <t></t> <ul spacing="normal"> <li> IoT (Internet of Things): In general, composed of constrained devices <xref target="RFC7228"/>format="default"/> with constraints such as available power and energy, memory, and processing resources. Examples of this include sensors and actuators for health or home automation applications. Given the increasingly high number of these devices, manufacturers might prefer to equip devices with temporary MAC addresses used only at first boot. These temporary MAC addresses would just be used to send initial DHCP packets to available DHCP servers. IoT devices typically need a single MAC address for each available network interface. Once the server assigns a MAC address, the device would abandon its temporary MAC address. Home automation IoT devices typically do not move (however, note that there is an increase of mobile smart health monitoringdevices, which are mobile).devices). For this type of device, in general, any type of SLAP quadrant would be good for assigning addresses, but ELI/SAI quadrants might be more suitable in some scenarios. For example, the device might need to use an address from the CID assigned to the IoTcommunication devicecommunication device vendor, thus preferring the ELI quadrant.</t> <t></li> <li> Privacy: Today, MAC addresses allow the exposure ofusers’user locations making it relatively easy to trackusers’user movements. One of the mechanisms considered to mitigate this problem is the use of local random MACaddresses,addresses: changing them every time the user connects to a different network. In this scenario, devices are typically mobile. Here, AAI is probably the best SLAP quadrant from which to assignaddresses, asaddresses; it is the best fit for randomization of addresses, and it is not required for the addresses to survive when changing networks.</t> </list> </t></li> </ul> </section> <sectionanchor="sec:hypervisors" title="Hypervisor: migratable vs non-migratable functions">anchor="sec_hypervisors" numbered="true" toc="default"> <name>Hypervisor: Functions That Are and Are Not Migratable</name> <t> Inlarge scalelarge-scale virtualization environments, thousands of virtual machines (VMs) are active. These VMs are typically managed by a hypervisor, which is in charge of spawning and stopping VMs as needed. The hypervisor is also typically in charge of assigning new MAC addresses to the VMs. If a DHCP solution is in place for that, the hypervisor acts as a DHCP client and requests that available DHCP serverstoassign one or more MAC addresses (an address block). The hypervisor does not use those addresses for itself, but rather it uses them to create new VMs with appropriate MAC addresses. If we assume very largedata centerdata-center environments, such as the ones that are typically used nowadays, it is expected that the data center is divided in different network regions, each one managing its own local address space. In this scenario, there are two possible situations that need to be tackled:<list style="symbols"> <t> Migratable functions.</t> <ul spacing="normal"> <li>Migratable functions: If a VM (providing a given function) needs to be migrated to another region of the data center (e.g., for maintenance, resilience, end-user mobility, etc.), the VM's networking context needs to migrate with the VM. This includes the VM's MAC address(es). Since the assignments from theELI/SAPELI/SAI SLAP quadrants are governed by rules per IEEE Std 802c, they are more appropriate for use to ensure MAC address uniqueness globally in thedatacenter. </t> <t> Non-migratable functions. Ifdata center. </li> <li>Functions that are not migratable: If a VM will not be migrated toanother regionanother region of the data center, there are no requirements associatedwith itswith its MAC address. In this case, it is simpler to allocate it from the AAI SLAP quadrant,thatwhich does not need to be unique across multiple data centers (i.e., each region can manage its own MAC addressassignment,assignment without checking for duplicates globally).</t> </list> </t></li> </ul> </section> </section> </section> <sectionanchor="sec:terminology" title="Terminology">anchor="sec_terminology" numbered="true" toc="default"> <name>Terminology</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/>format="default"/> <xref target="RFC8174"/>format="default"/> when, and only when, they appear in all capitals, as shown here. </t> <t> Where relevant, the DHCPv6 terminology fromthe DHCPv6 Protocol<xreftarget="RFC8415"/>target="RFC8415" format="default"/> also applies here. Additionally, the following definitions are updated for this document. </t><t> <list hangIndent="14" style="hanging"> <t hangText="IA_LL">Identity Association for Link-Layer Address: an identity association (IA) used to request or assign<dl newline="false" spacing="normal" indent="15"> <dt>address</dt> <dd>Unless specified otherwise, a link-layeraddresses. Section 10.1 of(or MAC) address, as specified in <xreftarget="I-D.ietf-dhc-mac-assign" /> provides details on the IA_LL option.</t> <t hangText="LLADDR">Link-layertarget="IEEEStd802" format="default"/>. The addressoption thatisused to request6 orassign a block8 bytes long.</dd> <dt>address block</dt> <dd>A number of consecutive link-layer addresses.Section 10.2 of <xref target="I-D.ietf-dhc-mac-assign" /> provides details on the LLADDR option.</t> <t hangText="client">A node that is interestedAn address block is expressed as a first address plus a number that designates the number of additional (extra) addresses. A single address can be represented by the address itself and zero extra addresses.</dd> <dt>client</dt> <dd>A node that is interested in obtaining link-layer addresses. It implements the basic DHCP mechanisms needed by a DHCPclientclient, as described in <xreftarget="RFC8415"/>target="RFC8415" format="default"/>, and supports the options (IA_LL and LLADDR) specified in <xreftarget="I-D.ietf-dhc-mac-assign" />,target="RFC8947" format="default"/> as well as the new option (QUAD) specified in this document. The client may or may not support IPv6 address assignment and prefixdelegationdelegation, as specified in <xreftarget="RFC8415"/>.</t> <t hangText="server">A node that manages link-layer address allocation and is able to respondtarget="RFC8415" format="default"/>.</dd> <dt>IA_LL</dt> <dd>Identity Association for Link-Layer Address, an identity association (IA) used toclient queries. It implements basic DHCP server functionality as described in <xref target="RFC8415"/> and supports the options (IA_LL and LLADDR) specified inrequest or assign link-layer addresses. <xreftarget="I-D.ietf-dhc-mac-assign" />, as well astarget="RFC8947" section="11.1" sectionFormat="of"/> provides details on thenewIA_LL option.</dd> <dt>LLADDR</dt> <dd>Link-layer address option(QUAD) specified in this document. The server maythat is used to request ormay not support IPv6 address assignment and prefix delegation as specified inassign a block of link-layer addresses. <xreftarget="RFC8415"/>.</t> <t hangText="relay">target="RFC8947" section="11.2" sectionFormat="of"/> provides details on the LLADDR option.</dd> <dt>relay</dt> <dd> A node that acts as an intermediary to deliver DHCP messages between clients and servers. A relay, based on local knowledge and policies, may include the preferred SLAP quadrant in a QUAD option sent to the server. The relay implements basic DHCPv6 relay agentfunctionalityfunctionality, as described in <xreftarget="RFC8415"/>.</t> <t hangText="address">Unless specified otherwise, an address means atarget="RFC8415" format="default"/>.</dd> <dt>server</dt> <dd>A node that manages link-layer(or MAC) address,address allocation and is able to respond to client queries. It implements basic DHCP server functionality, as described in <xref target="RFC8415" format="default"/>, and supports the options (IA_LL and LLADDR) specified inIEEE Std 802<xreftarget="IEEEStd802" />. The address is six or eight bytes long.</t> <t hangText="address block">A number of consecutive link-layer addresses. An address block is expressedtarget="RFC8947" format="default"/> as well asa first address plus a number that designates the number of additional (extra) addresses. A single address can be represented bythe new option (QUAD) specified in this document. The server may or may not support IPv6 addressitselfassignment andzero extra addresses.</t> </list> </t>prefix delegation, as specified in <xref target="RFC8415" format="default"/>.</dd> </dl> </section> <sectionanchor="sec:dhcpv6_extensions" title="DHCPv6 Extensions">anchor="sec_dhcpv6_extensions" numbered="true" toc="default"> <name>DHCPv6 Extensions</name> <sectionanchor="sec:dhcpv6_ext_client" title="Addressanchor="sec_dhcpv6_ext_client" numbered="true" toc="default"> <name>Address Assignment from the Preferred SLAP Quadrant Indicated by theClient">Client</name> <t> Next, we describe the protocol operations for a client to select a preferred SLAP quadrant using the DHCPv6 signaling procedures described in <xreftarget="I-D.ietf-dhc-mac-assign" />.target="RFC8947" format="default"/>. The signaling flow is shown in <xreftarget="fig:dhcpv6_flow_client" />.target="fig_dhcpv6_flow_client" format="default"/>. </t> <figureanchor="fig:dhcpv6_flow_client" title="DHCPv6 signaling flow (client-server)" > <artwork><![CDATA[anchor="fig_dhcpv6_flow_client"> <name>DHCPv6 Signaling Flow (Client-Server)</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +--------+ +--------+ | DHCPv6 | | DHCPv6 | | client | | server | +--------+ +--------+ | | +----1. Solicit(IA_LL(LLADDR,QUAD))--->| | | |<--2. Advertise(IA_LL(LLADDR,QUAD))---+ | | +---3. Request(IA_LL(LLADDR,QUAD))---->| | | |<------4. Reply(IA_LL(LLADDR))--------+ | |· · ·. . . (timer expiring)· · ·. . . | | +---5. Renew(IA_LL(LLADDR,QUAD))------>| | | |<-----6. Reply(IA_LL(LLADDR))---------+ | | ]]></artwork> </figure><t> <list style="numbers"> <t><ol spacing="normal" type="1"><li> Link-layer addresses (i.e., MAC addresses) are assigned in blocks. The smallest block is a single address. To request an assignment, the client sends a Solicit message with an IA_LL option in the message. The IA_LL optionMUST<bcp14>MUST</bcp14> containaan LLADDR option. In order to indicate the preferred SLAP quadrant(s), the IA_LL option includes the new OPTION_SLAP_QUAD option in the IA_LL-option field (alongside the LLADDR option).</t> <t></li> <li> The server, upon receiving an IA_LL option inSolicit,a Solicit message, inspects its contents. For each of the entries in the OPTION_SLAP_QUAD, in order of the preference field (highest to lowest), the server checks if it has a configured MAC address pool matching the requested quadrantidentifier,identifier and an available range of addresses of the requested size. If suitable addresses are found, the server sends back an Advertise message with an IA_LL option containing an LLADDR option that specifies the addresses being offered. If the server manages a block of addresses belonging to a requested quadrant, the addresses being offeredMUST<bcp14>MUST</bcp14> belong to a requested quadrant. If the server does not have a configured address pool matching the client's request, itSHOULD<bcp14>SHOULD</bcp14> return the IA_LL option with the addresses being offered belonging to a quadrant managed by the server (following a local policy to select from which of the available quadrants). If the server has a configured address pool of the correctquadrant,quadrant but no available addresses, itMUST<bcp14>MUST</bcp14> return the IA_LL option containing a Status Code option with status set to NoAddrsAvail.</t> <t></li> <li> The client waits for available servers to send Advertise responses and picks oneserverserver, as defined inSection 18.2.9 of<xref target="RFC8415"/>.section="18.2.9" sectionFormat="of"/>. The clientSHOULD NOT<bcp14>SHOULD NOT</bcp14> pick a server that does not advertise an address in the requested quadrant(s). The client then sends a Request message that includes the IA_LL container option with the LLADDR option copied from the Advertise message sent by the chosen server. It includes the preferred SLAP quadrant(s) in a new QUADIA_LL-option. </t> <t>IA_LL option. </li> <li> Upon reception of a Request message with an IA_LL container option, the server assigns requested addresses. The serverMAY<bcp14>MAY</bcp14> alter the allocation at this time (e.g., by reducing the address block). It then generates and sends a Reply message back to the client. Upon receiving a Reply message, the client parses the IA_LL container option and may start using all provided addresses. Note that a client that has included a Rapid Commit option in theSolicit,Solicit message may receive a Reply message in response to the Solicit message and skip the Advertise and Request message steps above (following standard DHCPv6 procedures).</t> <t></li> <li> The client is expected to periodically renew the link-layeraddressesaddresses, as governed by T1 and T2 timers. This mechanism can be administratively disabled by the server sending "infinity" as the T1 and T2 values (seeSection 7.7 of<xref target="RFC8415"/>).section="7.7" sectionFormat="of"/>). The client sends a Renew option after T1. It includes the preferred SLAP quadrant(s) in the new QUADIA_LL-option,IA_LL option, so in case the server is unable to extend the lifetime on the existing address(es), the preferred quadrants are known for the allocation of any "new" (i.e., different) addresses.</t> <t></li> <li> The server responds with a Replymessage,message with an IA_LL option that includes an LLADDR option with extended lifetime.</t> </list> </t></li> </ol> <t> The clientSHOULD<bcp14>SHOULD</bcp14> check if the received MAC address comes from one of the requested quadrants. ItMAY<bcp14>MAY</bcp14> repeat the process selecting a different DHCP server. </t> </section> <sectionanchor="sec:dhcpv6_ext_relay" title="Addressanchor="sec_dhcpv6_ext_relay" numbered="true" toc="default"> <name>Address Assignment from the Preferred SLAP Quadrant Indicated by theRelay">Relay</name> <t> Next, we describe the protocol operations for a relay to select a preferred SLAP quadrant using the DHCPv6 signaling procedures described in <xreftarget="I-D.ietf-dhc-mac-assign" />.target="RFC8947" format="default"/>. This is useful when a DHCPv6 server is operating over a large infrastructure split in different network regions, where each region might have different requirements. The signaling flow is shown in <xreftarget="fig:dhcpv6_flow_relay" />.target="fig_dhcpv6_flow_relay" format="default"/>. </t> <figureanchor="fig:dhcpv6_flow_relay" title="DHCPv6 signaling flow (client-relay-server)" > <artwork><![CDATA[anchor="fig_dhcpv6_flow_relay"> <name>DHCPv6 Signaling Flow (Client-Relay-Server)</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +--------+ +--------+ +--------+ | DHCPv6 | | DHCPv6 | | DHCPv6 | | client | | relay | | server | +--------+ +--------+ +--------+ | | | +-----1. Solicit(IA_LL)----->| | | +----2. Relay-forward | | | (Solicit(IA_LL),QUAD)------>| | | | | |<---3. Relay-reply | | | (Advertise(IA_LL(LLADDR)))--+ |<4. Advertise(IA_LL(LLADDR))+ | |-5. Request(IA_LL(LLADDR))->| | | +-6. Relay-forward | | | (Request(IA_LL(LLADDR)),QUAD)->| | | | | |<--7. Relay-reply | | | (Reply(IA_LL(LLADDR)))-------+ |<--8. Reply(IA_LL(LLADDR))--+ | | | |· · · ·. . . . (timer expiring)· · · ·. . . . | | | +--9. Renew(IA_LL(LLADDR))-->| | | |--10. Relay-forward | | | (Renew(IA_LL(LLADDR)),QUAD)-->| | | | | |<---11. Relay-reply | | | (Reply(IA_LL(LLADDR)))-----+ |<--12.Reply(IA_LL(LLADDR)--+Reply(IA_LL(LLADDR))-+ | | | | ]]></artwork> </figure><t> <list style="numbers"> <t><ol spacing="normal" type="1"><li> Link-layer addresses (i.e., MAC addresses) are assigned in blocks. The smallest block is a single address. To request an assignment, the client sends a Solicit message with an IA_LL option in the message. The IA_LL optionMUST<bcp14>MUST</bcp14> containaan LLADDR option.</t> <t></li> <li> The DHCP relay receives the Solicit message and encapsulates it in a Relay-forward message. The relay, based on local knowledge and policies, includes in the Relay-forward message the QUAD option with the preferred quadrant. The relay might know which quadrant to request based on local configuration (e.g., the served network contains IoT devices only, thus requiring ELI/SAI) or other means. Note that if a client sends multiple instances of the IA_LL option in the same message, the DHCP relayMAY<bcp14>MAY</bcp14> only add a single instance of the QUAD option.</t> <t></li> <li> Upon receiving a relayed message containing an IA_LL option, the server inspects the contents for instances of OPTION_SLAP_QUAD in both theRelay ForwardRelay-forward message and the client's message payload. Depending on the server's policy, the instance of the option to process is selected (seealso atthe end of this section). For each of the entries in OPTION_SLAP_QUAD, in order of the preference field (highest to lowest), the server checks if it has a configured MAC address pool matching the requested quadrantidentifier,identifier and an available range of addresses of the requested size. If suitable addresses are found, the server sends back an Advertise message with an IA_LL option containing an LLADDR option that specifies the addresses being offered. This message is sent to the Relay in a Relay-reply message. If the server supports the semantics of the preferred quadrant included in the QUADoption,option and manages a block of addresses belonging to a requested quadrant, then the addresses being offeredMUST<bcp14>MUST</bcp14> belong to a requested quadrant. The serverSHOULD<bcp14>SHOULD</bcp14> apply the contents of the relay's supplied QUAD option for all of the client's IA_LLs, unless configured to do otherwise.</t> <t></li> <li> The relay sends the received Advertise message to the client.</t> <t></li> <li> The client waits for available servers to send Advertise responses and picks oneserverserver, as defined inSection 18.2.9 of<xref target="RFC8415"/>.section="18.2.9" sectionFormat="of"/>. The client then sends a Request message that includes the IA_LL container option with the LLADDR option copied from the Advertise message sent by the chosen server.</t> <t></li> <li> The relay forwards the received Request in a Relay-forward message. Itaddsadds, in theRelay-forwardRelay-forward, a QUADIA_LL-optionIA_LL option with the preferred quadrant.</t> <t></li> <li> Upon reception of the forwarded Request message with IA_LL container option, the server assigns requested addresses. The serverMAY<bcp14>MAY</bcp14> alter the allocation at this time. It then generates and sends a Replymessage,message in a Relay-reply message back to the relay.</t> <t></li> <li> Upon receiving a Reply message, the client parses the IA_LL container option and may start using all provided addresses.</t> <t></li> <li> The client is expected to periodically renew the link-layeraddressesaddresses, as governed by T1 and T2 timers. This mechanism can be administratively disabled by the server sending "infinity" as the T1 and T2 values (seeSection 7.7 of<xref target="RFC8415"/>).section="7.7" sectionFormat="of"/>). The client sends a Renew option after T1.</t> <t></li> <li> This message is forwarded by the relay in a Relay-forward message, including a QUADIA_LL-optionIA_LL option with the preferred quadrant.</t> <t></li> <li> The server responds with a Reply message, including an LLADDR option with extended lifetime. This message is sent in a Relay-reply message.</t> <t></li> <li> The relay sends the Reply message back to the client.</t> </list> </t></li> </ol> <t> The serverSHOULD<bcp14>SHOULD</bcp14> implement a configuration parameter to dealwith thewith the case where the client's DHCP message contains an instance ofOPTION_SLAP_QUAD,OPTION_SLAP_QUAD and the relay adds a second instance in itsrelay-forwardRelay-forward message. This parameter configures the server to process either theclient's,client's or the relay's instance of option QUAD. It isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that the default for such a parameter is to process the client's instance of the option. </t> <t> The clientMAY<bcp14>MAY</bcp14> check if the received MAC address belongs to a quadrant it is willing touse/configure,use/configure andMAY<bcp14>MAY</bcp14> decide based on that whether touse configureuse/configure the received address. </t> </section> </section> <sectionanchor="sec:dhcpv6_options" title="DHCPv6anchor="sec_dhcpv6_options" numbered="true" toc="default"> <name>DHCPv6 OptionDefinition">Definition</name> <sectionanchor="sec:quad_IA_LL" title="Quad option">anchor="sec_quad_IA_LL" numbered="true" toc="default"> <name>QUAD Option</name> <t> The QUAD option is used to specify the preferences for the selected quadrants within an IA_LL. The optionMUST either<bcp14>MUST</bcp14> be encapsulated either in the IA_LL-options field of an IA_LL option or in a Relay-forward message. </t> <t> The format of the QUAD option is: </t> <figurealign="center" anchor="quad-option" title="Quadanchor="quad-option"> <name>QUAD OptionFormat">Format</name> <artworkalign="left"><![CDATA[align="left" name="" type="" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_SLAP_QUAD | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | quadrant-1 | pref-1 | quadrant-2 | pref-2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | quadrant-n-1 | pref-n-1 | quadrant-n | pref-n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork> </figure><t> <list hangIndent="16" style="hanging"> <t hangText="option-code"><dl newline="false" spacing="normal" indent="16"> <dt>option-code</dt> <dd> OPTION_SLAP_QUAD(IANA-1). </t> <t hangText="option-len">(140). </dd> <dt>option-len</dt> <dd> 2 * number of included (quadrant, preference).AThis is a 2-byte field containing the total length of all (quadrant, preference) pairs included in the option.</t> <t hangText="quadrant-n"></dd> <dt>quadrant-n</dt> <dd> Identifier of the quadrant (0: AAI, 1: ELI, 2: Reserved by IEEE <xref target="IEEEStd802c"/>,format="default"/>, and 3: SAI). Each quadrantMUST<bcp14>MUST</bcp14> only appear once at most in the option.AThis is a 1-byte field.</t> <t hangText="pref-n"></dd> <dt>pref-n</dt> <dd> Preference associated to quadrant-n. A higher value means a more preferred quadrant.AThis is a 1-byte field.</t> </list> </t></dd> </dl> <t> A quadrant identifier valueMUST<bcp14>MUST</bcp14> onlyappearappear, atmostmost, once in theoption. If an optionoption. If an option includes more than one occurrence of the same quadrant identifier, only the firstoccurenceoccurrence isprocessedprocessed, and the restMUST<bcp14>MUST</bcp14> be ignored by the server. </t> <t> If the same preference value is used for more than one quadrant, the serverMAY<bcp14>MAY</bcp14> select which quadrant should be preferred (if the server can assign addresses from all or some of the quadrants with the same assigned preference). Note that this is not a simple list of quadrants ordered by preferencewithoutwith no preferencevaluevalue, but a list of quadrants with explicit preference values. This way it can support the case whereby a client really has no preference between two or three quadrants, leaving the decision to the server. </t> <t> If the client or relay agentprovideprovides the OPTION_SLAP_QUAD, the serverMUST<bcp14>MUST</bcp14> use the quadrant-n/pref-n values to order the selection of the quadrants. If the server can provide an assignment from one of the specified quadrants, itSHOULD<bcp14>SHOULD</bcp14> proceed with the assignment. If the server does not have a configured address pool matching any of the specified quadrant-nfields,fields or if the server has a configured address pool of the correctquadrant,quadrant but no available addresses, itMUST<bcp14>MUST</bcp14> return the IA_LL option containing a status of NoAddrsAvail. </t> <t> There is no requirement that the client or relay agent order the quadrant/pref values in any specific order;hencehence, serversMUST NOT<bcp14>MUST NOT</bcp14> assume that quadrant-1/pref-1 have the highest preference (except if there is only1one set of values). </t> <t> For cases where a server may not be configured to have pools for the client or relay quadrant preferences, clients and relaysSHOULD<bcp14>SHOULD</bcp14> specify all quadrants in the QUAD option to assure the client gets an address (or addresses) -- if any are available. Specifying all quadrants also results in a QUAD option supporting server responding like a non-QUAD option supporting server, i.e., an address (or addresses) from any available quadrants can be returned. </t> </section> </section> <section anchor="IANA"title="IANA Considerations"> <t> IANA is requested to assignnumbered="true" toc="default"> <name>IANA Considerations</name> <t>IANA has assigned the QUAD(IANA-1)(140) option code from theDHCPv6"Option Codes" subregistry of the "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" registry maintained athttp://www.iana.org/assignments/dhcpv6-parameters and use the following data when adding the option to the registry: </t> <figure> <artwork align="left"> <![CDATA[ Value: IANA-1 Description: OPTION_SLAP_QUAD Client ORO: No Singleton Option: No Reference: this document ]]> </artwork> </figure><eref target="http://www.iana.org/assignments/dhcpv6-parameters" brackets="angle"/>:</t> <dl spacing="compact"> <dt>Value:</dt><dd>140</dd> <dt>Description:</dt><dd>OPTION_SLAP_QUAD</dd> <dt>Client ORO:</dt><dd>No</dd> <dt>Singleton Option:</dt><dd>Yes</dd> <dt> Reference:</dt><dd>RFC 8948</dd> </dl> </section> <section anchor="Security"title="Security Considerations"> <t> See <xref target="RFC8415" /> and <xref target="RFC7227" /> for the DHCPv6 security and privacy considerations. See <xref target="RFC8200" /> for the IPv6 security considerations. </t> <t> See also <xref target="I-D.ietf-dhc-mac-assign" /> for security considerations regarding link-layer address assignments using DHCP. </t> </section> <section anchor="Acknowledgments" title="Acknowledgments">numbered="true" toc="default"> <name>Security Considerations</name> <t>The authors would like to thank Bernie Volz for his very valuable comments on this document. We also want to thank Ian Farrer, Tomek Mrugalski, Éric Vyncke, Tatuya Jinmei, Carl Wallace, Ines Robles, Ted Lemon, Jaime Jimenez, Robert Wilton, Benjamin Kaduk, Barry Leiba, Alvaro Retana, Murray KucherawySee <xref target="RFC8415" format="default"/> andRob Wilton<xref target="RFC7227" format="default"/> fortheir very detailed and helpful reviews. And to Roger Marksthe DHCPv6 security andAntonio de la Olivaprivacy considerations. See <xref target="RFC8200" format="default"/> forcomments related to IEEE work and references.the IPv6 security considerations. </t> <t>The work in document draft has been supported by the H2020 5Growth (Grant 856709) and 5G-DIVE projects (Grant 859881).Also, see <xref target="RFC8947" format="default"/> for security considerations regarding link-layer address assignments using DHCP. </t> </section> </middle> <back><references title="Normative References"> &rfc2119; &rfc8174; &rfc8415; &I-D.ietf-dhc-mac-assign;<references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8415.xml"/> <reference anchor='RFC8947' target="https://www.rfc-editor.org/info/rfc8947"> <front> <title>Link-Layer Addresses Assignment Mechanism for DHCPv6</title> <author initials='B' surname='Volz' fullname='Bernie Volz'> <organization>Cisco Systems, Inc.</organization> </author> <author initials='T' surname='Mrugalski' fullname='Tomek Mrugalski'> <organization>Internet Systems Consortium, Inc.</organization> </author> <author initials='CJ' surname='Bernardos' fullname='Carlos J. Bernardos'> <organization>Universidad Carlos III de Madrid</organization> </author> <date month='November' year='2020'/> </front> <seriesInfo name="RFC" value="8947"/> <seriesInfo name="DOI" value="10.17487/RFC8947"/> </reference> </references><references title="Informative References"> &rfc8200;<references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml"/> <reference anchor="IEEEStd802c"> <front> <title> IEEE Standard for Local and Metropolitan Area Networks: Overview andArchitecture,Architecture -- Amendment 2: Local Medium Access Control (MAC) AddressUsage, IEEE Std 802c-2017Usage </title> <author> <organization>IEEE</organization> </author> <datemonth="June" year="2017" />month="August" year="2017"/> </front> <seriesInfo name="IEEE Std" value="802c-2017"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2017.8016709"/> </reference> <reference anchor="IEEEStd802"> <front> <title> IEEE Standard for Local and Metropolitan Area Networks: Overview andArchitecture, IEEE Std 802-2014Architecture </title> <author> <organization>IEEE</organization> </author> <date month="June"year="2014" />year="2014"/> </front> <seriesInfo name="IEEE Std" value="802-2014"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2014.6847097"/> </reference> <referenceanchor="IEEE-P802.1CQ-Project">anchor="IEEE-P802.1CQ-Project" target="https://standards.ieee.org/project/802_1CQ.html"> <front> <title>IEEE P802.1CQ:P802.1CQ - Standard for Local and Metropolitan Area Networks: Multicast and Local Address Assignment </title> <author> <organization>IEEE</organization> </author><date /></front> </reference>&rfc7228; &rfc7548; &rfc7227;<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7228.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7548.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7227.xml"/> </references> </references> <sectionanchor="sec:quadrant_selection" title="Quadrantanchor="sec_quadrant_selection" numbered="true" toc="default"> <name>Example Uses of Quadrant SelectionMechanisms examples">Mechanisms</name> <t> This appendix describes some examples of how the quadrant preference mechanisms could be used. </t> <t>Let'sFirst, let's takefirstan IoT scenario as an example. An IoT device might decide on its own the SLAP quadrant it wants to use to obtain a local MAC address, using the following information totakemake the decision:<list style="symbols"> <t> Type</t> <ul spacing="normal"> <li>Type of IoT deployment:e.g.,For example, industrial, domestic, rural, etc. For small deployments, such as domestic ones, the IoT device itself can decide to use the AAI quadrant (this might not even involve the use of DHCP, by the device just configuring a random address computed by the device itself). For large deployments, such as industrial or rural ones, where thousands of devices mightco-exist,coexist, the IoT can decide to use the ELI or SAIquadrants. </t> <t> Mobility: ifquadrants.</li> <li>Mobility: If the IoT device can move, then it might prefer to select the SAI or AAI quadrants to minimize address collisions when moving to another network. If the device is known to remain fixed, then the ELI is probably the most suitable one touse. </t> <t> Managed/unmanaged: dependinguse.</li> <li>Managed/Unmanaged: Depending on whether the IoT device is managed during its lifetime or cannot bere-configuredreconfigured <xref target="RFC7548"/>,format="default"/>, the decision of what quadrant is more appropriate might be different. For example, if the IoT device can be managed (e.g.,configured),configured) and network topology changes might occur during its lifetime (e.g., due to changes on the deployment, such as extensions involving additional devices), this has an impact on the preferred quadrant (e.g., to avoid potential collisions in thefuture). </t> <t> Operation/battery lifetime: dependingfuture).</li> <li>Operation / Battery Lifetime: Depending on the expected lifetime of thedevicedevice, a different quadrant might be preferred (as before, to minimize potential address collisions in thefuture). </t> </list>future).</li> </ul> <t> The previous parameters are considerations that the device vendor/administrator may wish to use when defining the IoTdevice’s MAC addressdevice's MAC address request policy (i.e., how to select a given SLAP quadrant). IoT devices are typically very resource constrained, so there may only be a simple decision-making process based onpre-configuredpreconfigured preferences. </t> <t> We now take theWiFiWi-Fi device scenario,consideringconsidering, forexampleexample, that a laptop or smartphone connects to a network using itsbuilt inbuilt-in MAC address. Due to privacy/security concerns, the device might want to configure a local MAC address. The device might use different parameters and context information to decide, not only which SLAP quadrant to use for the local MAC address configuration, but also when to perform a change of address (e.g., it might be needed to change address several times). This information includes, but it is not limited to:<list style="symbols"> <t></t> <ul spacing="normal"> <li> Type of network the device is connected: public, work, home.</t> <t></li> <li> Trusted network: Yes/No.</t> <t></li> <li> First time visited network: Yes/No.</t> <t></li> <li> Network geographical location.</t> <t></li> <li> Mobility: Yes (the device might change its network attachmentpoint)/Nopoint) / No (the device is not going to change its network attachment point).</t> <t></li> <li> Operating System (OS) network profile, includingsecurity/trust relatedsecurity/trust-related parameters:mostMost modern OSs keep metadata associatedtowith the networks they can attachto, asto as, forexampleexample, the level of trust the user or administrator assigns to the network. This information is used to configure how the device behaves in terms of advertising itself on the network, firewall settings, etc. But this information can also be used to decide whether or not to configure a local MACaddress or not,address, from which SLAP quadrant it should be assigned, and howoften. </t> <t>often it may be assigned. </li> <li> Triggers coming from applications regarding locationprivacy.privacy: An app might requesttothat the OStomaximize location privacy (due to the nature of theapplication)application), and this might requirethatthe OSforcesto force the use of a local MACaddress,address orthatthe local MAC addressisto be changed.</t> </list> </t></li> </ul> <t> This information can be used by the device to select the SLAP quadrant. For example, if the device is moving around (e.g., while connected to a public network in an airport), it is likely that it might change accesspointpoints severaltimes, and thereforetimes; therefore, it is best to minimize the chances of address collision, using the SAI or AAI quadrants. If the device is not expected to move and is attached to a trusted network(e.g.(e.g., in some scenarios at work), then it is probably best to select the ELI quadrant. These are just some examples of how to use this information to select the quadrant. </t> <t> Additionally, the information can also be used to trigger subsequent changes of MACaddress,address to enhance location privacy. Besides, changing the SLAP quadrant might also be used as an additional enhancement to make it harder to track the user location. </t> <t> Last, if we consider thedata centerdata-center scenario, a hypervisor might request local MAC addressestobe assigned to virtual machines. As in the previous scenarios, the hypervisor might select the preferred SLAP quadrant using information provided by the cloud management system or virtualization infrastructure manager running on top of the hypervisor. This information might include, but is not limited to:<list style="symbols"> <t></t> <ul spacing="normal"> <li> MigratableVM.VM: If the function implemented by the VM is subject to be moved to another physical server ornot. Thisnot, this has an impact on the preference for the SLAP quadrant, as the ELI and SAI quadrants are better suited for supporting migration in a large data center.</t> <t></li> <li> VM connectivitycharacteristics , e.g.,characteristics: For example, standalone, part of a pool, and part of a service graph/chain. If the connectivity characteristics of the VM are known, this can be used by the hypervisor to select the best SLAP quadrant. </li> </ul> </section> <section anchor="Acknowledgments" numbered="false" toc="default"> <name>Acknowledgments</name> <t> The authors would like to thank <contact fullname="Bernie Volz"/> for his very valuable comments on this document. We also want to thank <contact fullname="Ian Farrer"/>, <contact fullname="Tomek Mrugalski"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Tatuya Jinmei"/>, <contact fullname="Carl Wallace"/>, <contact fullname="Ines Robles"/>, <contact fullname="Ted Lemon"/>, <contact fullname="Jaime Jimenez"/>, <contact fullname="Robert Wilton"/>, <contact fullname="Benjamin Kaduk"/>, <contact fullname="Barry Leiba"/>, <contact fullname="Alvaro Retana"/>, and <contact fullname="Murray Kucherawy"/> for their very detailed and helpful reviews. And thanks to <contact fullname="Roger Marks"/> and <contact fullname="Antonio de la Oliva"/> for comments related to IEEE work and references. </t></list><t> The work in this document has been supported by the H2020 5GROWTH (Grant 856709) and 5G-DIVE projects (Grant 859881). </t> </section> </back> </rfc>