IETF Logo Mail Archive

Re: DHCP Agent: Several questions

"Michael W. Patrick" <mpatrick@dma.isg.mot.com> Wed, 18 December 1996 17:22 UTC

Received: from cnri by ietf.org id aa27576; 18 Dec 96 12:22 EST
Received: from marge.bucknell.edu by CNRI.Reston.VA.US id aa18461; 18 Dec 96 12:22 EST
Received: from reef.bucknell.edu by mail.bucknell.edu; (5.65v3.2/1.1.8.2/17Jul96-0109PM) id AA14236; Wed, 18 Dec 1996 12:11:13 -0500
Date: Wed, 18 Dec 1996 12:11:13 -0500
Message-Id: <199612181701.MAA21510@prospero.dma.isg.mot.com>
Errors-To: droms@bucknell.edu
Reply-To: dhcp-v4@bucknell.edu
Originator: dhcp-v4@bucknell.edu
Sender: dhcp-v4@bucknell.edu
Precedence: bulk
From: "Michael W. Patrick" <mpatrick@dma.isg.mot.com>
To: Multiple recipients of list <dhcp-v4@bucknell.edu>
Subject: Re: DHCP Agent: Several questions
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: Discussion of DHCP for IPv4

Dave, here's my reply to your messages. I thought it would be
useful to put this out to the entire DHCP-v4 list.

> To: mpatrick@dma.isg.mot.com
> Message-Id: <882563FF.00800EA1.00@hqoutbound.ops.3com.com>
> Date: Fri, 13 Dec 1996 15:21:05 -0700
> Subject: DHCP Agent: Several questions
> Mime-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> 
> 
> 
>  Hi Patrick,
> 
>       I am interested in information, regarding management of IP addresses
>       in configurations similar to one you have described in
>       'DHCP Agent - Supplied options' document.
> 
>       I have several questions, regarding this documents ( since I am not
> familiar
>       with the details of DHCP these might be very trivial ):
> 
>             1. What is the responsibility of the relay agent in the current
>                DHCP ? Simply to forward host's requests to the server or
> also
>                to provide some information to server, which can influence
> the
>                address selection ?

        The current spec has the relay agent adding only the "giaddr"
(gateway address) field. This is intended to be the router's interface
address on the interface on which it received the initial request.

> 
>             2. My understanding is that a single DHCP server can be used
>                to serve different IP subnetwork. How exactly the new
> options
>                help the server to select the subnet ?

    The DHCP RFC isn't clear (to me) on this.  My understanding is that
    most servers allocate from a pool of addresses associated with the
reported "giaddr" field.

    Some serves permit the "giaddr" field to select an arbitrary pool. Other
servers seem to require that the allocated IP addr be on the same
subnet as the giaddr.  This "same net" requirement will prevent the
use of "nonrouted" IP addresses to the modems.  That is, the allocated
IP address to a public DHCP client must be globally routed, and
servers which require giaddr and the allocated IP addr on the same net
will required globally routed modem addresses.  All of the public IP
services wish to AVOID having to assign a global IP addr both to the
modem and to each public IP client.

    Server vendors, could you respond to this thread and indicate to
what extent you can support giaddr and assigned IP addr being on 
different subnets?

> 
>             3. Is that true to say that all the problems, addressed in this
>  document,
>                might be solved without changing the DHCP ( by caching all
> the info
>                within relay aging and associate it with the server's
> response ) ?
    
    No.  The DHCP address exhaustion attack requires the server to 
limit assignment of addrs to some client token.  DHCP authorization
could be used to do this, but in cable (and xdsl, and ATM) public
access, it would be far simpler for the server to simply implement
a policy of limiting assignments per "remote id".  The "remote id" is,
as was pointed out, a trusted, unique identifier associated with a
client.  By using the "Agent Remote ID", we require updates only to
servers and relay agents (i.e. centralized resources) rather than the
implementation of authorization on each host.

    Also, DHCP provides no mechanism for indicating the subnet of the
client.  Currently, a public high-speed modem service (like cable
modems) that implement a subnet per modem require consistent and
duplicate configuration of the modem subnets on both the relay agent
and and the DHCP server.  The "Agent Subnet" option avoids this duplication.

> 
>             4. Can you give me a pointers, where I can learn more about the
>  issue
>                of managing IP address in this configurations (
> requirements, problems,
>                possible solutions, ... ).
> 
> 
>       Thanks,
>          David
> 

    Check out the IPCDN draft, draft-ietf-ipcdn-ipcabledata-spec-00.txt


-mike
------------------------------------------------------------------------
Michael W. Patrick  Motorola ISG/NSD               20 Cabot Rd, MS M4-30
mpatrick@dma.isg.mot.com  (508) 261-5707              Mansfield MA 02048

v2.8.7 | Report a Bug | By Email