| RFC 8948 | DHCPv6 SLAP Quadrant Selection | December 2020 |
| Bernardos & Mourad | Standards Track | [Page] |
The IEEE originally structured the 48-bit Media Access Control (MAC) address space in such a way that halfof it was reserved for local use. In 2017, the IEEE published a new standard (IEEEStd 802c) with a new optional Structured Local Address Plan (SLAP). Itspecifies different assignment approaches in four specified regions of the localMAC address space.¶
The IEEE is developing protocols to assign addresses (IEEEP802.1CQ). There is also workin the IETF on specifying a new mechanism that extends DHCPv6 operation tohandle the local MAC address assignments.¶
This document proposes extensions to DHCPv6 protocols to enable a DHCPv6 clientor a DHCPv6 relay to indicate a preferred SLAP quadrant to the server so thatthe server may allocate MAC addresses in the quadrant requested by the relay orclient. A new DHCPv6 option (QUAD) is defined for this purpose.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc8948.¶
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
The IEEE structures the 48-bit MAC address space in such a way that half of it isreserved for local use (where the Universal/Local (U/L) bit is set to 1). In2017, the IEEE published a new standard[IEEEStd802c]that defines a new optional Structured Local Address Plan (SLAP) thatspecifies different assignment approaches in four specified regions of the localMAC address space. These four regions, called SLAP quadrants, are brieflydescribed below (seeFigure 1 andTable 1 for details):¶
LSB MSB M X Y Z - - - - | | | | | | | +------------ SLAP Z-bit | | +--------------- SLAP Y-bit | +------------------ X-bit (U/L) = 1 for locally assigned +--------------------- M-bit (I/G) (unicast/group) Legend: LSB: Least Significant Bit MSB: Most Significant Bit
| Quadrant | Y-bit | Z-bit | Local Identifier Type | Local Identifier |
|---|---|---|---|---|
| 01 | 0 | 1 | Extended Local | ELI |
| 11 | 1 | 1 | Standard Assigned | SAI |
| 00 | 0 | 0 | Administratively Assigned | AAI |
| 10 | 1 | 0 | Reserved | Reserved |
The IEEE is developing mechanisms to assign addresses[IEEE-P802.1CQ-Project]. And[RFC8947] specifies a new mechanism that extends DHCPv6 operation to handle the local MACaddress assignments.This document proposes extensions to DHCPv6 protocols toenable a DHCPv6 client or a DHCPv6 relay to indicate a preferred SLAP quadrantto the server so that the server may allocate the MAC addresses in the quadrantrequested by the relay or client.¶
In the following, we describe two application scenarios in which a need arisesto assign local MAC addresses according to preferred SLAP quadrants.¶
Today, most Wi-Fi devices come with interfaces that have a "burned-in" MACaddress, allocated from the universal address space using a 24-bitOrganizationally Unique Identifier (OUI) (assigned to IEEE 802 interfacevendors). However, recently, the need to assign local (instead of universal) MACaddresses has emerged particularly in the following two scenarios:¶
In large-scale virtualization environments, thousands of virtual machines (VMs)are active. These VMs are typically managed by a hypervisor, which is in charge ofspawning and stopping VMs as needed. The hypervisor is also typically in chargeof assigning new MAC addresses to the VMs. If a DHCP solution is in place forthat, the hypervisor acts as a DHCP client and requests that available DHCP serversassign one or more MAC addresses (an address block). The hypervisor does notuse those addresses for itself, but rather it uses them to create new VMs withappropriate MAC addresses. If we assume very large data-center environments,such as the ones that are typically used nowadays, it is expected that the datacenter is divided in different network regions, each one managing its own localaddress space. In this scenario, there are two possible situations that need tobe tackled:¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD","SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in thisdocument are to be interpreted as described in BCP 14[RFC2119][RFC8174] when, and only when, they appear in all capitals, asshown here.¶
Where relevant, the DHCPv6 terminology from[RFC8415] also applies here. Additionally, the following definitionsare updated for this document.¶
Next, we describe the protocol operations for a client to select a preferredSLAP quadrant using the DHCPv6 signaling procedures described in[RFC8947]. The signaling flow is shown inFigure 2.¶
+--------+ +--------+ | DHCPv6 | | DHCPv6 | | client | | server | +--------+ +--------+ | | +----1. Solicit(IA_LL(LLADDR,QUAD))--->| | | |<--2. Advertise(IA_LL(LLADDR,QUAD))---+ | | +---3. Request(IA_LL(LLADDR,QUAD))---->| | | |<------4. Reply(IA_LL(LLADDR))--------+ | | . . . (timer expiring) . . . | | +---5. Renew(IA_LL(LLADDR,QUAD))------>| | | |<-----6. Reply(IA_LL(LLADDR))---------+ | |
The clientSHOULD check if the received MAC address comes from one of therequested quadrants. ItMAY repeat the process selecting a different DHCP server.¶
Next, we describe the protocol operations for a relay to select a preferredSLAP quadrant using the DHCPv6 signaling procedures described in[RFC8947]. This is useful when a DHCPv6 server isoperating over a large infrastructure split in different network regions, whereeach region might have different requirements. The signaling flow is shown inFigure 3.¶
+--------+ +--------+ +--------+| DHCPv6 | | DHCPv6 | | DHCPv6 || client | | relay | | server |+--------+ +--------+ +--------+ | | | +-----1. Solicit(IA_LL)----->| | | +----2. Relay-forward | | | (Solicit(IA_LL),QUAD)------>| | | | | |<---3. Relay-reply | | | (Advertise(IA_LL(LLADDR)))--+ |<4. Advertise(IA_LL(LLADDR))+ | |-5. Request(IA_LL(LLADDR))->| | | +-6. Relay-forward | | | (Request(IA_LL(LLADDR)),QUAD)->| | | | | |<--7. Relay-reply | | | (Reply(IA_LL(LLADDR)))-------+ |<--8. Reply(IA_LL(LLADDR))--+ | | | | . . . . (timer expiring) . . . . | | | +--9. Renew(IA_LL(LLADDR))-->| | | |--10. Relay-forward | | | (Renew(IA_LL(LLADDR)),QUAD)-->| | | | | |<---11. Relay-reply | | | (Reply(IA_LL(LLADDR)))-----+ |<--12. Reply(IA_LL(LLADDR))-+ | | | |
The serverSHOULD implement a configuration parameter to deal with the casewhere the client's DHCP message contains an instance of OPTION_SLAP_QUAD andthe relay adds a second instance in its Relay-forward message. This parameterconfigures the server to process either the client's or the relay's instance ofoption QUAD. It isRECOMMENDED that the default for such a parameter is toprocess the client's instance of the option.¶
The clientMAY check if the received MAC address belongs to a quadrant it iswilling to use/configure andMAY decide based on that whether to use/configurethe received address.¶
The QUAD option is used to specify the preferences for the selected quadrantswithin an IA_LL. The optionMUST be encapsulated either in the IA_LL-optionsfield of an IA_LL option or in a Relay-forward message.¶
The format of the QUAD option is:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_SLAP_QUAD | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | quadrant-1 | pref-1 | quadrant-2 | pref-2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | quadrant-n-1 | pref-n-1 | quadrant-n | pref-n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
A quadrant identifier valueMUST only appear, at most, once in the option. Ifan option includes more than one occurrence of the same quadrant identifier,only the first occurrence is processed, and the restMUST be ignored by theserver.¶
If the same preference value is used for more than one quadrant, the serverMAY select which quadrant should be preferred (if the server can assignaddresses from all or some of the quadrants with the same assignedpreference). Note that this is not a simple list of quadrants ordered bypreference with no preference value, but a list of quadrants with explicitpreference values. This way it can support the case whereby a client reallyhas no preference between two or three quadrants, leaving the decision to theserver.¶
If the client or relay agent provides the OPTION_SLAP_QUAD, the serverMUST usethe quadrant-n/pref-n values to order the selection of the quadrants. If theserver can provide an assignment from one of the specified quadrants, itSHOULDproceed with the assignment. If the server does not have a configured addresspool matching any of the specified quadrant-n fields or if the server has aconfigured address pool of the correct quadrant but no available addresses,itMUST return the IA_LL option containing a status of NoAddrsAvail.¶
There is no requirement that the client or relay agent order the quadrant/prefvalues in any specific order; hence, serversMUST NOT assume thatquadrant-1/pref-1 have the highest preference (except if there is only one set ofvalues).¶
For cases where a server may not be configured to have pools for the client orrelay quadrant preferences, clients and relaysSHOULD specify all quadrants inthe QUAD option to assure the client gets an address (or addresses) -- if anyare available. Specifying all quadrants also results in a QUAD option supportingserver responding like a non-QUAD option supporting server, i.e., an address (oraddresses) from any available quadrants can be returned.¶
IANA has assigned the QUAD (140) option code from the "Option Codes" subregistry of the "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" registry maintained at<http://www.iana.org/assignments/dhcpv6-parameters>:¶
See[RFC8415] and[RFC7227] for the DHCPv6security and privacy considerations. See[RFC8200] for the IPv6security considerations.¶
Also, see[RFC8947] for security considerationsregarding link-layer address assignments using DHCP.¶
This appendix describes some examples of how the quadrant preference mechanismscould be used.¶
First, let's take an IoT scenario as an example. An IoT device might decide onits own the SLAP quadrant it wants to use to obtain a local MAC address, usingthe following information to make the decision:¶
The previous parameters are considerations that the device vendor/administratormay wish to use when defining the IoT device's MAC address request policy (i.e.,how to select a given SLAP quadrant). IoT devices are typically very resourceconstrained, so there may only be a simple decision-making process based onpreconfigured preferences.¶
We now take the Wi-Fi device scenario, considering, for example, that a laptopor smartphone connects to a network using its built-in MAC address. Due toprivacy/security concerns, the device might want to configure a local MACaddress. The device might use different parameters and context information todecide, not only which SLAP quadrant to use for the local MAC addressconfiguration, but also when to perform a change of address (e.g., it might beneeded to change address several times). This information includes, but it isnot limited to:¶
This information can be used by the device to select the SLAP quadrant. Forexample, if the device is moving around (e.g., while connected to a publicnetwork in an airport), it is likely that it might change access points severaltimes; therefore, it is best to minimize the chances of address collision,using the SAI or AAI quadrants. If the device is not expected to moveand is attached to atrusted network (e.g., in some scenarios at work), then it is probably best to select the ELIquadrant. These are just some examples of how to use this information to selectthe quadrant.¶
Additionally, the information can also be used to trigger subsequent changes ofMAC address to enhance location privacy. Besides, changing the SLAPquadrant might also be used as an additional enhancement to make it harder to trackthe user location.¶
Last, if we consider the data-center scenario, a hypervisor might request localMAC addresses be assigned to virtual machines. As in the previous scenarios,the hypervisor might select the preferred SLAP quadrant using informationprovided by the cloud management system or virtualization infrastructuremanager running on top of the hypervisor. This information might include,but is not limited to:¶
The authors would like to thankBernie Volz forhis very valuable comments on this document. We also want to thankIan Farrer,Tomek Mrugalski,Éric Vyncke,Tatuya Jinmei,Carl Wallace,Ines Robles,Ted Lemon,Jaime Jimenez,Robert Wilton,Benjamin Kaduk,Barry Leiba,Alvaro Retana, andMurray Kucherawyfor their very detailed and helpful reviews. And thanks toRoger Marks andAntonio de la Oliva for comments related toIEEE work and references.¶
The work in this document has been supported by the H2020 5GROWTH (Grant856709) and 5G-DIVE projects (Grant 859881).¶