Network Working Group R. Johnson
Internet-Draft Cisco Systems, Inc.
Intended status: Informational July 8, 2008
Expires: January 9, 2009
VoIP Configuration Server Address Option
draft-raj-dhc-tftp-addr-option-04.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 9, 2009.
Johnson Expires January 9, 2009 [Page 1]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
Abstract
This memo documents existing usage for the "VoIP Configuration Server
Address Option" (previously known as the "TFTP Server IP Address
Option"). The option number currently in use is 150. This memo
documents the current usage of the option in agreement with
[RFC3942], which declares that any pre-existing usages of option
numbers in the range 128 - 223 should be documented and the working
group will try to officially assign those numbers to those options.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. VoIP Configuration Server Address Option Definition . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . . . 10
Johnson Expires January 9, 2009 [Page 2]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
1. Introduction
Voice over IP ("VoIP") devices, such as IP phones, have a need to
download their configuration from a configuration server on the
network. There are commonly accepted methods to discover this server
via DHCP; the "sname" field in the DHCP header [RFC2131], the "TFTP
Server name" option (#66) [RFC2132]. Both of these sources of
information, however, contain the TFTP server's hostname. That
hostname must then be translated to an IP address. The usual method
to accomplish this would be DNS [RFC1034]. This means the firmware
in a VoIP device (with possibly limited flash, memory, and/or
processing resources) would need to implement the DNS protocol in
order to perform this translation. This would also introduce an
additional unnecessary point of failure whereby the device is
dependent on the DNS server infrastructure in order to boot up and
communicate with its call agent.
In order to eliminate DNS as a point of failure and keep the firmware
in such a VoIP device to a minimum the "VoIP Configuration Server
Address" option (150) was introduced. This option allows the DHCP
server to pass one or more IP addresses of the VoIP Configuration
Server(s) instead of the hostname, thus making the information
directly usable by the VoIP device.
Other reasons for this option are that, (1) the "siaddr" field is not
configurable on some DHCP servers, (2) the "siaddr" field only allows
for one IPv4 address and it is desirable to have the ability to
configure multiple IP addresses for redundancy, (3) some DHCP servers
have been found to fill in their own IPv4 address as siaddr, (4) some
customers were already using the "siaddr" field for other purposes,
and finally (5) the configuration server may use a protocol other
than TFTP to serve configuration files, making the use of the "TFTP
Server name" opion (#66) in inappropriate.
In cases where other download server address information also appears
in the response packet, such as "sname" and "TFTP Server name", it is
left to the device to decide which piece of information to use.
Johnson Expires January 9, 2009 [Page 3]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Johnson Expires January 9, 2009 [Page 4]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
3. VoIP Configuration Server Address Option Definition
The VoIP Configuration Server Address option is a DHCP option
[RFC2132]. The option contains one or more IPv4 addresses of the
VoIP Configuration Server which the client MAY use.
The format of the option is:
Code Len IPv4 Configuration Server Address(es)
+-----+-----+-----+-----+-----+-----+
| 150 | n | IPv4 address | ...
+-----+-----+-----+-----+-----+-----+
Figure 1
The option minimum length (n) is 4.
The "Len" field must specify a length which is an integral multiple
of 4 octets (4, 8, 12, etc.). If an option is received where this is
not the case, the option information SHOULD be ignored. Dividing
this "Len" value by 4 will give number of IPv4 VoIP Configuration
Server addresses which are specified in the option.
The option SHOULD NOT be specified by the DHCP Client as it is
intended only to be returned from the DHCP Server. If the DHCP
Client wants to receive this information from the server, it SHOULD
include the number 150 in the DHCP "Parameter List" option (55).
Server addresses SHOULD be listed in order of preference.
The client may use as many or as few of the addresses provided. For
example, if client is only capable of accepting 2 configuration
server addresses, it may ignore any other addresses provided after
the second address. A client SHOULD accept an offer that contains
more addresses than it is capable of utilizing and ignore those that
it is not capable of using.
Johnson Expires January 9, 2009 [Page 5]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
4. Security Considerations
A rogue DHCP Server could use this option in order to coerce a Client
into downloading configuration from an alternate Configuration Server
and thus gain control of the device's configuration. This is more
easily done with the VoIP Configuration Server Address option than it
was with the "TFTP Server Name" option, because in the latter case
the attack would need to control DNS responses as well as inserting
the rogue DHCP option information. If this is a concern, then either
DHCP Authentication may be used, or the "TFTP Server Name" option may
be used instead.
Message authentication in DHCP for intradomain use where the out-of-
band exchange of a shared secret is feasible is defined in [RFC3118].
Potential exposures to attack are discussed in section 7 of the DHCP
protocol specification in [RFC2131].
Other out-of-band methods of verifying the validity of the VoIP
Configuration Server Address, such as certificates of trust, could be
used to mitigate some security concerns.
Johnson Expires January 9, 2009 [Page 6]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
5. IANA Considerations
IANA is requested to assign DHCP option number 150 for this option,
in accordance with [RFC3942].
Johnson Expires January 9, 2009 [Page 7]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
6. References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987.
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[RFC3942] Volz, B., "Reclassifying Dynamic Host Configuration
Protocol version 4 (DHCPv4) Options", RFC 3942,
November 2004.
Johnson Expires January 9, 2009 [Page 8]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
Author's Address
Richard A. Johnson
Cisco Systems, Inc.
170 W. Tasman Dr.
San Jose, CA 95134
US
Phone: +1 408 526 4000
Email: raj@cisco.com
Johnson Expires January 9, 2009 [Page 9]
�
Internet-Draft VoIP Configuration Server Address Option July 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Johnson Expires January 9, 2009 [Page 10]
�