Network Working Group Naiming Shen Internet Draft Cisco Systems Expiration Date: July 2007 Said Ouissal Redback Networks Kishore Seshadri Mu Security Tom S. C. Soon SBC Communications Dae-Cheol Roh Korea Telecom January 2007 DHCP Proxy Server Micro-block Allocation Scheme For IP Address Pool Management Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Shen, et all Expires June 2007 [Page 1] INTERNET DRAFT DHCP Micro-Block Allocation January 2006 Abstract A new DHCP address allocation mechanism called Micro-blocking is proposed in this document. It is used for DHCP proxy servers or routers working with DHCP servers to maximize the IP address allocation efficiency while improve dynamic routing scalability in provider's networks. A DHCP sub-option within the relay agent information option 82 is defined in this document. This simple DHCP extension can be applied as a simple IP address-pool management among multiple IP devices. 1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [2]. DHCP Server: A DHCP server is an Internet host that returns configuration parameters to DHCP clients, relay or proxy servers. Proxy Server: In this document, the proxy server resides on the provider's edge router which acts as an intermediary between the DHCP clients and the DHCP server. The DHCP proxy server also serves as an Internet gateway for the DHCP clients. We also use Proxy Router to reflect the proxy server on an edge router. Traditional Allocation: An IP address allocation scheme in that the IP address must reside within the pre-configured IP subnet "boundary" on the edge routers. Either the address belongs to a LAN interface IP subnet, or the address belongs to an IP address pool configured for the router. Random Allocation: This scheme is usually applied in the case the end-user is over point-to-point links. DHCP server gets out the next unused address to any proxy server making the request. The addresses within an IP subnet can be scattered into multiple edge routers in a random fashion. 2. Introduction The Dynamic Host Configuration Protocol [1] provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP proxy servers are often used on customer edge routers for user Internet access. With the increase of new IP service requirement, the set of functionalities of edge routers is moving closer to the end users. This means the direct customer facing edge router Shen, et all Expires June 2007 [Page 2] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 function is moving from a few complex devices into many smaller and simpler layer 3 devices. DHCP proxy is one of those functions. This document specifies a simple mechanism called Micro-blocking to increase the IP address allocation efficiency within the network while also maintaining the network routing scalability and stability. This extension also reduces the traffic among the DHCP server and proxy servers. Instead of for DHCP server giving out one IP address per request, this scheme proposes a way to let a DHCP server give out a block of IP addresses for the proxy servers to maintain and manage. A DHCP extension of Sub-option is defined. This scheme works with allocating IP addresses for clients over point-to-point circuits as well as multi-access circuits. This micro-blocking allocation scheme can also be used to dynamically create sub-interfaces on multi-access media. This DHCP extension enables DHCP servers and proxy servers to form an IP address-pool management system. The IP address pool is centralized on the DHCP server and the IP addresses are efficiently allocated among multiple DHCP proxy devices. 3. Motivation Even though the above mentioned trend will enhance the IP service to the end users, it creates inefficiency in IP address allocation, since in the traditional allocation mechanism, each of those smaller edge routers need to have a block of IP address statically reserved for the maximum number of customers it intends to serve. This is done either by the configuration on the edge router or by rules statically defined in the remote device such as a Radius server. Those IP address blocks can not be shared with other edge routers even if they are not in use. One way to get around this IP address allocation inefficiency is to apply random allocation. This scheme does not reserve blocks of pre-configured addresses on each edge router, but rather the proxy server on the edge router gets a new address from a DHCP server every time it receives a customer request for allocation. This new address may belong to an IP subnet shared by multiple edge routers. This scheme maximizes the IP address allocation efficiency for distributed DHCP proxy devices in the network. The problem is that for the random allocation to be useful, the routing information associated with this scheme also needs to be propagated throughout the network. This causes the explosion of routing information in the network since each IP host entry needs to be carried inside the dynamic routing protocols. Even though route summary technique can be applied on the edge routers to reduce the number of routes to be propagated, Shen, et all Expires June 2007 [Page 3] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 the routing protocols need to constantly re-group the summary routes due to address changes by end users. This scheme can create routing scalability issues in the network. Another issue with the random allocation scheme is that it only works in the point-to-point circuit, such as PPP, it does not work in multi-access circuit case. This document proposes a mechanism to have DHCP servers dynamically assign IP address to each edge router with a user defined restriction, which is named Micro-blocking. There are no pre-defined address blocks on the edge routers or the remote Radius servers just like the random allocation case, but the address allocated by the DHCP server follows a user defined IP prefix pattern. The IP address allocation efficiency is close to the random allocation scheme, but this technique greatly improves the routing scalability and stability comparing to the random allocation scheme. This DHCP Micro-blocking scheme can work for the end users serviced over point-to-point links, such as PPP, PPPoE or MAC address based sub-interface which can be setup dynamically; The scheme can also work with end users serviced over multi-access links. In the former case, a host route within a micro-block is used to point to the point-to-point sub-interface. In the latter case, each sub-interface is dynamically established for the micro-block addresses on the multi-access LAN. This solution is more scalable than assigning multiple address blocks on the same interface. In the multi-access interface case, the proxy server or router needs to reserve one IP address in the block to be "on the router". The proxy server advertises this reserved IP address as the default gateway address along with the subnet mask of the block to clients. 4. DHCP IP Address Allocation with Micro-blocking 4.1 The Efficiency of the Micro-blocking Scheme DHCP IP address allocation with Micro-blocking is a scheme to allow the server allocating a new IP address or a block of IP addresses based on a user defined small prefix block. The server keeps track of the edge router that requests the IP address of this prefix block, then reserves the IP address block for this edge router instead of assigning IP addresses randomly to the edge routers. The address allocation efficiency is almost the same as assigning IP address randomly. In the worst case, the unused addresses on an edge router is block size minus one. As long as the block size is small enough, the allocation efficiency is very high. Since we know a block of addresses is owned by a single edge router, Shen, et all Expires June 2007 [Page 4] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 there is no need to announce each host route in the dynamic routing. An IP prefix with the prefix length of the block size is used in routing information. Depends on the block size it deploys, this scheme can sharply reduces the dynamic routing information comparing to the random allocation scheme. Obviously there is a tradeoff between large and small block size. For example, assume that the network operator defines the block size for certain IP address space as 32. The DHCP server will give out the IP addresses to proxy servers in the blocking fashion. The maximum unused IP address for this router is 32. If the edge route serves 5000 clients, the address allocation efficiency is 99.5% in the worst case. While the dynamic routing information is reduced by 32 times comparing to the random allocation scheme. In the random allocation scheme, the router needs to advertise 5000 host routes, it only needs to advertise 156 IP prefixes in the proposed scheme. A new sub-option of "micro-blocking" of DHCP option 82 is defined in this document. Both the DHCP proxy server on the edge router and the DHCP server have to support this sub-option in order for the proxy server to get the benefit of the "micro-blocking" scheme. 4.2 Block and Single Address Fashion There are two different DHCP "micro-blocking" allocation fashions. One is called block address allocation fashion, and the other is called single address allocation scheme. Both of them requires the block to be reserved for only one proxy server. In the block address allocation scheme, the DHCP server gives out the entire block of addresses to the proxy server for every new block address allocation request. The proxy server needs to manage the assigned block of address pool on the edge router. In the single address allocation scheme, the DHCP server gives out one address from the block at a time. With the block scheme, the release of address request will release the entire block of addresses on the DHCP server. Using the block fashion of Micro-blocking also reduces the communication between the DHCP server and the proxy servers. This in term reduces the network bandwidth requirement to the server and increases the DHCP server scalability. There is a Flag field in the proposed sub-option with one bit reserved for the block fashion and one bit for the single address allocation fashion. In the block fashion, the DHCP server side only needs a simple change. Instead of giving out one IP address at a time, it just give out a predefined block at a time. The same for a release request of the IP addresses. Instead, the proxy servers need to keep track of the allocated blocks and assign to Shen, et all Expires June 2007 [Page 5] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 the end users one by one. In the single address fashion, the DHCP server needs to keep track of the addresses within the block belonging to each of the proxy servers. The proxy servers do not need much change for this scheme, except for it may need to inject the prefixes base on the Micro-blocking addresses. When the proxy server sends the DHCP address request with the "micro-blocking" sub-option, it can set either one of the two fashion bits, or it can set both bits to indicate the capability. When the DHCP server responds to the request, it MUST only set one of the two bits. In the block address allocation scheme, the MUST advertise the first address of the block as the allocated IP address. The prefix length is the same for both schemes. 4.3 Micro-blocking Scheme When the edge router receives a user DHCP request, it will relay this request and include the option 82 [3] with a sub-option of "micro-blocking" to indicate that it has the support for "micro-blocking" feature. It can set either or both of the Block Bit and Single Address Bit in the Flag field. The DHCP server has to match the capability of the proxy server in terms of the block or single address fashions. Assume the network uses the block fashion. The DHCP server will allocate an unused new block of addresses for the proxy server. The DHCP sends back the response with the option 82 and sub-option of "micro-blocking" and fills in the prefix length of the block. It also sets the Block Bit in the Flag field. It MUST NOT set the Single Address Bit in this case. Upon receipt of the response from the DHCP server, the proxy router can inject the prefix with the prefix length into the dynamic routing information on the router. The proxy server needs to manage the allocation of this block of addresses on the router. When subsequent client requests arrive, it will give out the unused addresses in that block. When all the addresses in the blocks are used, the proxy server needs to make another "block" request upon receiving new request from clients. If the network uses the single address fashion, the DHCP server looks to see if there is already a new block reserved for that proxy router. If it exists, it will allocate an unused address to the proxy router. If it can't find one, it will allocate a new block for this proxy router and give out the first address on this block. The DHCP sends back the response with the option 82 and sub-option of "micro-blocking" and fills in the prefix length of the block. It sets the Single Address Bit of the Flag field. It MUST NOT set the Block Bit of the Flag field in this case. Upon receipt of the response from the DHCP server, the proxy router can inject the prefix with the prefix length into Shen, et all Expires June 2007 [Page 6] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 the dynamic routing information if it has not already done so. When the last address of the block is released, the proxy router can withdraw the prefix from the routing protocols. 5. Micro-blocking Sub-option The format of the Micro-blocking sub-option of DHCP option 82 is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SubOpt | Length | Flag | Prefix-Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ SubOpt - TBD. The sub-option code requires IANA allocation. Length - Micro-blocking sub-option length of 4 octets. Flag - Sub-option flag bits. Only two bits are defined in this document, ranges from the right most to left most position. Bits Description 1 Support Block Allocation fashion. 2 Support Single Address Allocation fashion. Prefix-Length - The Prefix Length of the allocated address block. The sub-option has the length of 4 octets. The prefix length for IPv4 prefixes range from 0 to 32 and for IPv6 prefixes range from 0 to 128. When DHCP proxy router sends request with this sub-option, it MUST set one or both of the first two Flag bits to indicate the capability of the proxy router. It MUST set the prefix length to be zero and be ignored by DHCP server upon receipt. When the DHCP server respond to the request, it SHOULD NOT include the "micro-blocking" sub-option if the proxy router did not include this sub-option in the DHCP request. If the DHCP server supports "micro-blocking" feature and the proxy router has the capability, the server MUST include this sub-option and select one of the two schemes indicated by the proxy router in the flag field. It MUST set the prefix length field according to the configured block size. The "micro-blocking" size has to be a number with power of 2. 6. IANA Considerations Shen, et all Expires June 2007 [Page 7] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 IANA is requested to assign a sub-option code to the Micro-blocking sub-option in the DHCP option 82. 7. Security Considerations This document does not introduce new security issues. 8. Acknowledgments The authors would like to thank Diamantis Kourkouzelis, Arunkumar Desigan Mutharansanallur, Mike Sinwald and Jun Zhuang for their discussion and comments of this document. 9. References [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [3] Patrick, M., "DHCP Relay Agent Information Option", RFC 3046, January 2001. 10. Author Information Naiming Shen Cisco Systems 225 West Tasman Drive San Jose, CA 95134 USA E-mail: naiming@cisco.com Said Ouissal Redback Networks, Inc. 250 Holger Way San Jose, CA 95134 E-mail: souissal@redback.com Kishore Seshadri Mu Security 686 W. Maude Avenue, Suite #104 Sunnyvale, CA 94085 E-mail: kishore@musecurity.com Shen, et all Expires June 2007 [Page 8] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 Tom S. C. Soon SBC Labs Inc. SBC Communications 4698 Willow Road Pleasaton, CA 94588 USA E-mail: tom_soon@labs.sbc.com Dae-Cheol Roh Telecommunications Network Lab. Korea Telecom E-mail: phantom@kt.co.kr Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Shen, et all Expires June 2007 [Page 9] INTERNET DRAFT DHCP Micro-Block Allocation January 2007 Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Shen, et all Expires June 2007 [Page 10]