1 / 14

DHC Working Group

This proposal suggests using a DHCP Lease Query message to provide access concentrators with up-to-date location information, enhancing security in public networks that use DHCP. The message includes device MAC address, circuit/port information, and subscriber modem details.

mniebuhr
Download Presentation

DHC Working Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DHC Working Group DHCP Lease Query Kim Kinnear Cisco Systems December 11, 2000

  2. DHCP Lease QueryWhat’s the Problem? • Access concentrators can “glean” DHCP information to build internal tables relating IP, MAC, and circuit, but this information is lost after reboot. • This information is used to increase security in public networks which use DHCP.

  3. DHCP Lease QueryWhat’s the Solution? • The access concentrator can ask the DHCP server about the IP addresses that it encounters, and rebuild its internal tables in real time. • It asks the DHCP server because the DHCP server has the most up to date information.

  4. What is DHCP Lease Query? • A lightweight method for relay agents to get “location information” from the DHCP server(s) • A message designed for the needs of broadband access concentrators (e.g. DOCSIS CMTS, DSL AC) • A DHCP message that does not modify server lease state (like DHCPINFORM)

  5. Location Information • Often includes the following information: • Device hardware (MAC) address • Port/virtual circuit that leads to the device* • Hardware address of the intervening subscriber modem* • * contained in relay-agent-info option • Can be used for both downstream transmission, and upstream verification

  6. Location Information in a Cable Access Network Computers Subscriber Modems Access Concentrator 24.128.1.1 DHCP Server 24.128.1.2 24.128.1.3 24.128.1.4 • Access Concentrators use location info. for: • Choosing specific broadband access network • Encrypting traffic for specific subscriber modem • Forwarding traffic to specific subscriber modem

  7. Why Propose a New DHCP Message: Alternatives • Use broadcast ARP • Chatty on public network • Vulnerable to subscriber spoofing • Capture information from relayed DHCP messages (gleaning) • Process starts from scratch with reboot or replacement of relay agent • Relay agent misses unicast DHCP messages (e.g. Renewals)

  8. Why Propose a New DHCP Message: More Alternatives • Leverage DHCP Server MIB • Access concentrators act as SNMP agents, but not as SNMP managers • Leverage DHCP LDAP Schema • Access concentrators don’t act as LDAP clients, LDAP information may not be up to date.

  9. DHCP Lease Query Exchange • DHCP Lease Query message • Ciaddr refers to IP address lease to query • Giaddr refers to requestor (i.e. access concentrator) • Parameter request list includes IP Address Lease Time option (51) and Relay Agent Information option (82) • DHCP Lease Query response - DHCPACK or DHCPNAK

  10. DHCP Lease Query Example - DOCSIS CMTS • CMTS receives packet to forward downstream across cable • CMTS has no local location information • CMTS sends DHCP Lease Query, gets DHCPACK • Chaddr contains the PC MAC address • Option 82 contains subscriber modem info • CMTS transmits packet using BPI

  11. Interactions with Lease Query • Relay Agent Gleaning • Gleaning state replaces Lease Query state • Lease Query with Failover • Access concentrator sends Lease Query messages to multiple DHCP servers • Failover BNDUPD messages need to include option 82 relay-agent-info • Lease Query uses DHCP Authentication

  12. DHCP Lease Query Status • DHCP Lease Query internet draft updated with comments and submitted under DHC working group • DHCP Lease Query variant implemented in Cisco uBR, Cisco Network Registrar

  13. DHCP Lease QueryRecent Updates • Restructured draft for clarity • Specified detailed client and server behavior • Added information about static (reserved) addresses • Fleshed out NAK semantics

  14. DHCP Lease QueryPlans • Gather additional technical comments (some received already) • Update draft prior to Minneapolis IETF in March. • When is last call? After Minneapolis review?

More Related