Re: [dhcwg] proposal for new global options
"Bernie Volz (volz)" <volz@cisco.com> Tue, 24 June 2014 18:51 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4C711B27CD for <dhcwg@ietfa.amsl.com>; Tue, 24 Jun 2014 11:51:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.151
X-Spam-Level:
X-Spam-Status: No, score=-15.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yA9LA2Mi0AUi for <dhcwg@ietfa.amsl.com>; Tue, 24 Jun 2014 11:51:32 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 769A51A039C for <dhcwg@ietf.org>; Tue, 24 Jun 2014 11:51:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19790; q=dns/txt; s=iport; t=1403635892; x=1404845492; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=DFv4/XF0tL3dcTuj4qPiXyROOQX50vLZEW8cmLWooHg=; b=DEQtTVjAsT3yYNnOOm5WkPL+azPli2OXDG7/lPElFo5B2D1aLkIDHA+c p7j7XiTL8KByYcNqvXNLCyYTYJoP3hFKqGGC9IWXxEFJ0+X+ZSuo/gE9z UXc8OKWUeLeeIjRetmesrw+ndtfNuhEqrjSOq7VRfRUSm0IPJ9IqDHMRy 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvcJAB/IqVOtJA2K/2dsb2JhbABRCYJGR1JaqkAFAYMPjRaJFQGBChZ1hAMBAQEELVwCAQgOAwQBAQsWBwcyFAkIAgQBEggTiCcNyjYXhWOINwcHAwEfNwEGgyeBFgWcF5Ilg0KBdzk
X-IronPort-AV: E=Sophos;i="5.01,539,1400025600"; d="scan'208,217";a="335327214"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-2.cisco.com with ESMTP; 24 Jun 2014 18:51:31 +0000
Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s5OIpV5b007567 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 24 Jun 2014 18:51:31 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.231]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.03.0123.003; Tue, 24 Jun 2014 13:51:31 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Kent Watsen <kwatsen@juniper.net>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: proposal for new global options
Thread-Index: AQHPj0dLXOlBjtd4002R4EH7rllsuZuAmbcQ
Date: Tue, 24 Jun 2014 18:51:30 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1B5D692C@xmb-rcd-x04.cisco.com>
References: <CFCE453F.78652%kwatsen@juniper.net>
In-Reply-To: <CFCE453F.78652%kwatsen@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [161.44.70.115]
Content-Type: multipart/alternative; boundary="_000_489D13FBFA9B3E41812EA89F188F018E1B5D692Cxmbrcdx04ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/2lm-mtw74yClu7AWypRK2bdhfis
Subject: Re: [dhcwg] proposal for new global options
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 18:51:35 -0000
Here's my personal answer (DHC WG co-chair hat off): 1) Is there merit to this approach? - any concerns? I will punt on this one for now. 2) Should a separate draft be submitted to DHCWG, or can I put the IANA requests into the NETCONF WG draft? As these are just 'data options' (not protocol options), you can do this in the NETCONF WG draft. Please look at RFC 7227, Guidelines for Creating New DHCPv6 Options. These guidelines also generally apply to DHCPv4. 3) Is it necessary to define options for both IPv4 and IPv6? Yes. If you want to support both DHCPv4 and DHCPv6, you would have to define separate DHCPv4 and DHCPv6 options. Note that for downloading images, DHCPv4 and DHCPv6 already have options to support this. For example, the DHCPv6 document is RFC 5970. (The DHCPv4 is covered in RFC 2132 and isn't a URI.) - Bernie From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Kent Watsen Sent: Monday, June 23, 2014 8:58 PM To: dhcwg@ietf.org Subject: [dhcwg] proposal for new global options [first timer on this list] The NETCONF WG has recently chartered a draft for ZeroTouch. I'm currently working on draft-ietf-netconf-zerotouch-00, which hasn't been posted yet, but the previous I-D is here: http://datatracker.ietf.org/doc/draft-kwatsen-netconf-zerotouch/. This draft regards devices bootstrapping their management connection to a network management system (NMS). The draft currently states that devices MAY upgrade their software and/or download initial configuration first, but that how to do so is unspecified. The expectation was that DHCPv4 options 60/61/43 or DHCPv6 options 1/16/17 could be used. There was discussion during the presentation in London regarding a desire to have an IETF-defined solution that wasn't vendor-specific, which is what this email regards. The ZeroTouch solution assumes that the devices have an IEEE 802.1AR (Secure Device Identity), essentially an X.509 certificate that uniquely identifies it. Assuming devices from different vendors have said certificates, we can construct a vendor-independent solution as follows: - have DHCP server send in its OFFER message one option encoding two sets of URIs - one for downloading software image - one for downloading configuration file - specify that when device accesses any URI, it first postpends the fingerprint of its IEEE 802.1AR certificate, for instance: - http://example.com/zerotouch/image?device=<fingerprint<http://example.com/zerotouch/image?device=%3cfingerprint>> - http://example.com/zerotouch/config?device=<fingerprint<http://example.com/zerotouch/config?device=%3cfingerprint>> Thus a vendor-neutral solution. Questions: 1) Is there merit to this approach? - any concerns? 2) Should a separate draft be submitted to DHCWG, or can I put the IANA requests into the NETCONF WG draft? 3) Is it necessary to define options for both IPv4 and IPv6? Thanks, Kent
- [dhcwg] proposal for new global options Kent Watsen
- Re: [dhcwg] proposal for new global options Bernie Volz (volz)