Transcript What is DHCP Lease Query?

DHC Working Group
DHCP Lease Query
Kim Kinnear
Cisco Systems
December 11, 2000
1
DHCP Lease Query
What’s the Problem?
• Access concentrators can “glean” DHCP
information to build internal tables
relating IP, MAC, and circuit, but this
information is lost after reboot.
• This information is used to increase
security in public networks which use
DHCP.
2
DHCP Lease Query
What’s the Solution?
• The access concentrator can ask the
DHCP server about the IP addresses that
it encounters, and rebuild its internal
tables in real time.
• It asks the DHCP server because the
DHCP server has the most up to date
information.
3
What is DHCP Lease Query?
• A lightweight method for relay agents to get
“location information” from the DHCP
server(s)
• A message designed for the needs of
broadband access concentrators (e.g.
DOCSIS CMTS, DSL AC)
• A DHCP message that does not modify
server lease state (like DHCPINFORM)
4
Location Information
• Often includes the following information:
Device hardware (MAC) address
Port/virtual circuit that leads to the device*
Hardware address of the intervening subscriber
modem*
* contained in relay-agent-info option
• Can be used for both downstream
transmission, and upstream verification
5
Location Information in a Cable
Access Network
Computers
Subscriber Modems
Access Concentrator
24.128.1.1
DHCP Server
24.128.1.2
24.128.1.3
24.128.1.4
Access Concentrators use location info. for:
•Choosing specific broadband access network
•Encrypting traffic for specific subscriber modem
•Forwarding traffic to specific subscriber modem
6
Why Propose a New DHCP
Message: Alternatives
• Use broadcast ARP
Chatty on public network
Vulnerable to subscriber spoofing
• Capture information from relayed DHCP
messages (gleaning)
Process starts from scratch with reboot or
replacement of relay agent
Relay agent misses unicast DHCP messages (e.g.
Renewals)
7
Why Propose a New DHCP
Message: More Alternatives
• Leverage DHCP Server MIB
Access concentrators act as SNMP agents, but
not as SNMP managers
• Leverage DHCP LDAP Schema
Access concentrators don’t act as LDAP clients,
LDAP information may not be up to date.
8
DHCP Lease Query Exchange
• DHCP Lease Query message
Ciaddr refers to IP address lease to query
Giaddr refers to requestor (i.e. access
concentrator)
Parameter request list includes IP Address Lease
Time option (51) and Relay Agent Information
option (82)
• DHCP Lease Query response - DHCPACK
or DHCPNAK
9
DHCP Lease Query Example DOCSIS CMTS
• CMTS receives packet to forward
downstream across cable
CMTS has no local location information
• CMTS sends DHCP Lease Query, gets
DHCPACK
Chaddr contains the PC MAC address
Option 82 contains subscriber modem info
• CMTS transmits packet using BPI
10
Interactions with Lease Query
• Relay Agent Gleaning
Gleaning state replaces Lease Query state
• Lease Query with Failover
Access concentrator sends Lease Query messages
to multiple DHCP servers
Failover BNDUPD messages need to include
option 82 relay-agent-info
• Lease Query uses DHCP Authentication
11
DHCP Lease Query
Status
• DHCP Lease Query internet draft
updated with comments and submitted
under DHC working group
• DHCP Lease Query variant implemented
in Cisco uBR, Cisco Network Registrar
12
DHCP Lease Query
Recent Updates
• Restructured draft for clarity
• Specified detailed client and server
behavior
• Added information about static
(reserved) addresses
• Fleshed out NAK semantics
13
DHCP Lease Query
Plans
• Gather additional technical comments
(some received already)
• Update draft prior to Minneapolis IETF
in March.
• When is last call? After Minneapolis
review?
14