[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Modefg considered harmful

To: "'ddukes@cisco.com'" <ddukes@cisco.com>, ipsec@lists.tislabs.com
Subject: RE: Modefg considered harmful
From: Van Aken Dirk <VanAkenD@thmulti.com>
Date: Fri, 7 Feb 2003 14:00:03 +0100
Sender: owner-ipsec@lists.tislabs.com


> Dirk, since you appear to have the best implementation 
> understanding of
> RFC3456 of the posters to this list, could you post all the 
> RFCs, drafts,
> etc. that a person would need to know to fully implement the 
> DHCP-relay?
> This may help others come up to speed quicker if they don't have to go
> digging for them.
> 
> Thanks,
>   Darren


Hi Darren,

Here are the RFC's and some condensed info.

Cheers - Dirk


I guess reading following RFC's is sufficient to implement RC3456:

- RFC1542 Clarifications and Extensions for the Bootstrap Protocol
--> This RFC gives the most details on a basic DHCP Relay.

- RFC3046 DHCP Relay Agent Information Option
--> This RFC defines the DHCP Relay Information Option which is a container
option. In addition it also defines two sub options that can be used in
combination with the container option. To implement RFC3456, RFC3046
sufficient.

However implementers wanting to come up with sophisticated/advanced
scenario's might consider reading a few drafts posted on the DHCP working
group or define their own sub-options ...

- RFC3546 Dynamic Host Configuration Protocol (DHCPv4) Configuration of
IPsec Tunnel Mode.
--> and of course this was the RFC which was subject of this debate.


For convenience let me add a little summary on the use of DHCP relays.

BOOTP/DHCP relays were conceived to make BOOTP/DHCP based address assignment
scalable. Without relays a DHCP server must be located on every link layer
network as limited broadcasts are not allowed to cross routers. So the main
function of DHCP relays is to converts limited broadcasts into IP unicasts
by relaying requests to DHCP servers. The server talks-back to the relay via
the "giaddr" field in relayed DHCP packets.

Prior to RFC3046, the giaddr field was overloaded with 3 functions:
- it allows the server to select a client IP address within the same subnet
as the port on which the request was detected
- it allows the server to talk-back to the DHCP relay
- it allows the DHCP relay to figure out on which link-layer-network it must
relay the DHCP reply

The added value of RFC3046 is that 
- it allows to tear these 3 functions apart 
- it provides a generic and extensible mechanism to add/subtract relay
related options to DHCP packets
- it operates in a stateless manner just because the server is required to
loop RFC3046 fields

A little drawback of RFC3046 is that it is written in the context of Cable
Modem networks and some people might have difficulties in understanding the
terminology.
Apart from terminology, RFC3046 is generic and implementers have
successfully applied RFC3046 to complete different situations such as MPLS
based VPN's and in the context of RFC3456, to IPSec based VPN's.

Prev by Date: Re: dhcp/modecfg summary
Next by Date: ike2-v4: request or response
Prev by thread: RE: Modefg considered harmful
Next by thread: Re: Modefg considered harmful
Index(es):
- Date
- Thread