Internet DRAFT - draft-pentikousis-decade-discovery
draft-pentikousis-decade-discovery
DECADE Working Group K. Pentikousis
Internet-Draft Huawei
Intended Status: Proposed Standard
Expires: March 17, 2013 September 13, 2012
DECADE Server Discovery
draft-pentikousis-decade-discovery-00
Abstract
A DECADE system must provide discovery mechanisms which enable the
automatic configuration of DECADE clients with all information
necessary to contact appropriate DECADE servers in the network.
Typically, this configuration information would include the domain
name or IP address of each DECADE server that should be considered by
the client. Ideally, a DECADE discovery mechanism should capitalize
upon existing Internet protocols, such as DHCP, which is widely
deployed today. This document discusses DECADE server discovery and,
as a first step towards automatic discovery, specifies how a DECADE
client can obtain server location information using DHCP. To this
end, it defines two DHCPv6 options which can be used to automatically
provision the domain name or IP address of suitable servers in a
DECADE system.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Pentikousis Expires March 17, 2013 [Page 1]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
Copyright and License Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1 Requirements Language . . . . . . . . . . . . . . . . . . . . . 2
2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 4
3 DECADE Server Discovery . . . . . . . . . . . . . . . . . . . . 4
4 DECADE Server Discovery using DHCP . . . . . . . . . . . . . . 6
4.1 DECADE Server Domain Name List DHCP Option . . . . . . . . 6
4.2 DECADE Server IP Address List DHCP Option . . . . . . . . . 7
4.3 DHCP Client Operation . . . . . . . . . . . . . . . . . . . 8
4.4 DHCP Server Operation . . . . . . . . . . . . . . . . . . . 8
4.5 Option Appearance . . . . . . . . . . . . . . . . . . . . . 9
4.6 On DHCP Options Aliasing . . . . . . . . . . . . . . . . . 9
5 DECADE Client Operation . . . . . . . . . . . . . . . . . . . . 10
6 Security Considerations . . . . . . . . . . . . . . . . . . . . 10
7 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 11
8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 11
9 References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1 Normative References . . . . . . . . . . . . . . . . . . . 11
9.2 Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
1 Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Pentikousis Expires March 17, 2013 [Page 2]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
2 Introduction
The Decoupled Application Data Enroute (DECADE) architecture [D-ARCH]
defines a system comprising content distribution applications, in-
network storage, and network servers that can improve the efficiency
of sharing data in the Internet as a whole, as well as in smaller,
confined IP networks.
DECADE aims at being an open system [RFC6646] in which applications
can store and retrieve data objects inside the network and use DECADE
servers to manage them [D-REQS]. Applications are also given the
means to explicitly control who can access their stored data objects
via the DECADE servers [D-ARCH].
A single DECADE system may include numerous servers deployed at
different parts of the network, some of which may handle the general
storage needs of the entire user base while others could provide
purpose-specific quotas to a subset of the users. In such a large
system, each client should be able to locate all servers which it is
authorized to use. In particular for large organizations, automatic
provisioning and configuration of DECADE clients, possibly taking
into consideration the point of network attachment, is important from
an operations and management perspective.
Obviously, application end-points can use "native application
protocols" to exchange information about DECADE server locations and
convey such information to their respective DECADE client. For
example, once an application end-point uploads a data object in a
server, it can notify its peer about the server location where the
data object has been stored along with all necessary credentials to
access it. Such application-level only interaction may be plausible
for many scenarios. However, in other scenarios, the network
administrator may wish to point applications wishing to partake in a
DECADE system to suitable servers based on network-related
preferences.
Overall, the mechanism(s) defined in this document can assist DECADE
clients in determining which server(s) to use. In general, we should
expect that DECADE server location information could be provisioned
through different channels. This document introduces DECADE server
discovery and, as a first step towards this direction, specifies how
a DECADE client can obtain server location information using DHCP.
In doing so, this specification follows the recommendation of
[D-ARCH] and reuses and extends an existing and widely deployed, we
may add, protocol for server discovery in a DECADE system. Finally,
by capitalizing on DHCP [RFC3315], this client configuration method
can support both push and pull functionality on behalf of the network
administrator.
Pentikousis Expires March 17, 2013 [Page 3]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
The rest of this document is organized as follows. After clarifying
the terminology used in this document in the following subsection, we
proceed with the introduction of DECADE server discovery in Sections
3 and 4. DECADE client operation in this context is discussed in
Section 5. Finally, Section 6 presents the specification's security
considerations.
2.1 Terminology
This document uses the terms DECADE-compatible client, server,
system, and data object as defined in [D-REQS]. In general, we will
use the terms "client" and "server" to refer to the DECADE system
entities. In addition, within the context of this document, we
assume a DECADE-compatible system with an architecture as described
in [D-ARCH].
Further, this document uses the terms DHCP client, server, DUID, and
domain as defined in RFC 3315 [RFC3315].
Finally, and unless otherwise noted, the terms "IP" and "DHCP" refer
to IPv6 and DHCPv6, respectively.
3 DECADE Server Discovery
According to [D-REQS][D-ARCH], a DECADE compatible system MUST
include a server discovery mechanism. Clearly, DECADE clients MAY
obtain server configuration details by other means, including manual
configuration, presets at the operating system or application level,
or using other application-specific protocols. For instance, a
DECADE-compatible application may come pre-configured to access a
particular server through its fully qualified domain name (FQDN) or
globally routable IP address.
In addition, however, the network administrator may wish to provision
DECADE system related information to eligible nodes authorized to
connect at different attachment points of the network. For example,
each domain in a large organization may include a (set of) DECADE
server(s) accessible for use only by the nodes in the particular
domain, such as the data analysis or the software development
department. Deployment of servers on the basis of geographical or
departmental criteria can often take advantage of traffic locality to
improve performance and security as well as ease management and
maintenance tasks.
Moreover, the network administrator may choose to provision all
eligible network nodes with information about further DECADE
server(s), which may be accessible from the entire network of the
Pentikousis Expires March 17, 2013 [Page 4]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
organization. The client could also be provisioned with backup
DECADE server location information to improve system resilience or to
balance traffic load. In all, a DECADE client can take advantage of
any manually (or otherwise) provisioned servers, may use different
servers when connected to different network attachment points, and
should be able to access organization-wide DECADE servers in
parallel.
Examples for automatic configuration of DECADE clients based on the
preferences of the network administrator abound. Consider, for
instance, the case of users traveling abroad. Subscribers of an ISP
providing residential broadband connectivity may use the ISP's DECADE
server when connected from home but can take advantage of another
server when on vacation at a resort hotel halfway around the globe.
This nowadays typical scenario, involves users uploading and sharing
with friends vacation photos and videos while connected to a Wi-Fi
hotspot.
In this case, the administrator of the Wi-Fi hotspot may offer DECADE
services along with plain Internet connectivity to all nodes
connected to its network. In principle, the administrator could
require users to manually enter (local) server location information.
In practice, however, this process is cumbersome and error-prone. It
would be far better if the DECADE client on each node connected to
the Wi-Fi hotspot were able to automatically discover available
server location information in this network. This way, the
vacationers of our example could exchange photos and videos as data
objects stored locally at the DECADE server of the resort with their
friends vacationing at the same hotel while, at the same time, they
could arrange that all of their data objects were also stored at
another DECADE server back home.
The following section specifies the mechanisms which enable a DECADE
client to obtain the DECADE server domain name(s) and/or IP
address(es) based on the network administrator preferences using
DHCP, thus providing a solution for scenarios such as those described
above.
Note that the use of DHCP for discovering DECADE servers is
orthogonal to other mechanisms for DECADE client configuration. A
DECADE client, in coordination with the application(s) using the
DECADE system, can decide which server(s) to employ based on several
factors, such as, for example, user preferences; node and network
policies; authorization, trust, privacy, and other security concerns;
quota availability and usage cost; and end-to-end performance, just
to name a few. However, the decision making process regarding which
of the available (or already discovered) servers to use is outside
the scope of the server discovery specification.
Pentikousis Expires March 17, 2013 [Page 5]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
4 DECADE Server Discovery using DHCP
A DECADE client MAY use DHCP to obtain server location information
(e.g., domain name or IP address) in the network. This specification
defines two DHCP options: one for obtaining an ordered list of DECADE
server domain names and another for obtaining an ordered list of
DECADE server IP addresses, described in subsections 4.1 and 4.2,
respectively. The DHCP options defined herein refer to server
location information only.
A DECADE-compatible application MAY trigger the DHCP-based server
discovery process upon its startup or at any point of time during its
operation. The DHCP client on the node MUST provide a mechanism for
the DECADE client to retrieve the DECADE server location information
as received from the network.
A DECADE-compatible application and/or DECADE client MAY indicate to
the DHCP client on the node the currently configured DECADE
server(s). Said server(s) SHOULD have been used successfully in a
previous application session, regardless of how they have been
configured, i.e. via DHCP or otherwise, perhaps even manually, at an
earlier stage.
In addition, on a node with support for DECADE protocols, it is
possible to discover DECADE server(s) upon bootstrapping or operating
system configuration time, as well as when the node changes its point
of network attachment, or when new interfaces become active. That
is, the DHCP client on a node with DECADE support MAY use the DHCP
options described in this document whenever it obtains a new address
for any of its interfaces. In this case, when a DECADE-compatible
application is started, it MAY use the DECADE server(s) which were
already discovered through DHCP without initiating another discovery
process.
Finally, a DHCP implementation MUST support both options as described
in subsections 4.1 and 4.2, below, in order to be compliant with this
specification.
4.1 DECADE Server Domain Name List DHCP Option
The format of the DECADE Server Domain Name List DHCP option is
illustrated in Figure 1.
Pentikousis Expires March 17, 2013 [Page 6]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_DECADE_SERVER | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. DECADE Server Domain Name List .
. (variable length) .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1. The DECADE Server Domain Name List DHCPv6 option
option-code OPTION_DECADE_SERVER (TBD_IANA)
option-len Length of DS-NAMELIST in octets; variable
DS-NAMELIST DECADE Server Domain Name List
The DECADE Server Domain Name List (DS-NAMELIST) field MUST be
encoded as per [RFC3315], Section 8, and MUST be ordered according to
the preference of the DHCP server administrator.
Implementers are reminded that the total length of each domain name
is restricted to a maximum of 255 octets as per [RFC1035].
4.2 DECADE Server IP Address List DHCP Option
The format of the DECADE Server IP Address List DHCP option is
illustrated in Figure 2.
Pentikousis Expires March 17, 2013 [Page 7]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_DECADE_SERVER_ADDR | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. DECADE Server IP Address List .
. (variable length) .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2. The DECADE Server IP Address List DHCPv6 option
option-code OPTION_DECADE_SERVER_ADDR (TBD_IANA)
option-len Length of DS-ADDRLIST in octets;
variable, MUST be multiple of 16
DS-ADDRLIST DECADE Server IP Address List
The DECADE Server IP Address List (DS-ADDRLIST) MUST be ordered
according to the preference of the DHCP server administrator.
4.3 DHCP Client Operation
A DHCP client implementing these options and running on a node with a
DECADE-compatible client MAY send neither, either, or both of the
DHCP options defined in this document.
A DHCP client implementing this option can include the DECADE Server
DHCP options in its Option Request Option (ORO) as per [RFC3315] at
node bootstrap, (re)configuration time, or upon explicit request from
a DECADE client. See also Section 4.5, below.
The DHCP client MUST make all DECADE server configuration
information, as received from the DHCP server, available to the
DECADE client(s) on the node. For example, if both a domain name
list and a IP address list are returned by the DHCP server, then the
DECADE client must be able to obtain both lists as ordered by the
network administrator.
4.4 DHCP Server Operation
A DHCP server that implements the options specified in this document
and is configured by the network administrator with DECADE server
location information (domain name and IP address):
Pentikousis Expires March 17, 2013 [Page 8]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
* MAY send both the domain name list and the IP address list,
even if the DHCP client did not explicitly request DECADE server
location information in its ORO.
* SHOULD send the domain name list and it MAY send the IP address
list, if the client requests the DECADE Server Domain Name List.
* MUST send the IP address list and it MAY send the domain name list,
if the client requests the DECADE Server IP Address List only.
The DHCP server MAY use the DHCP Unique IDentifier (DUID) [RFC3315]
of the DHCP client to determine the contents of the DECADE server
list(s) to be returned.
4.5 Option Appearance
The DECADE Server Domain Name List and DECADE Server IP Address List
options MUST each appear at most once in any DHCP message. The order
in which these options appear is not significant; however, the DHCP
client MUST maintain the order of servers in the respective lists as
set by the DHCP server.
The DECADE Server Domain Name List and DECADE Server IP Address List
options MUST appear only in the following DHCP messages [RFC3315]:
Solicit, Advertise, Request, Renew, Rebind, Information-Request, and
Reply. If either of these options appears in other DHCP messages,
they MUST be ignored by compliant implementations.
Similarly, the option numbers for the options defined in this
specification (OPTION_DECADE_SERVER and OPTION_DECADE_SERVER_ADDR)
MAY appear in the Option Request Option (ORO) part of the following
DHCP messages [RFC3315]: Solicit, Request, Renew, Rebind,
Information-Request, and Reconfigure. If either of these option
numbers appears in other DHCP messages, they SHOULD be ignored by
compliant implementations.
4.6 On DHCP Options Aliasing
The network location of a DECADE server can be defined through an IP
address or a fully qualified domain name (FQDN). In principle, the
network administrator need only configure the DECADE server domain
names in a DHCP server. The DHCP server implementation can perform
the domain name lookup on behalf of the DHCP client and return the
DECADE server IP address list instead of the domain name list, thus
reducing signaling overhead in terms of DNS resolution messages and
packet overhead as argued in [GUIDE], Section 7. Therefore, one can
make the case that there is no need to define two options that
provision the same type of configuration parameter, in this case, the
Pentikousis Expires March 17, 2013 [Page 9]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
DECADE server location information. Hence, defining one option, e.g.
the DECADE Server IP Address List, instead of two, should be
sufficient.
However, it is more likely than not that a DECADE client can take
better decisions about which DECADE server(s) to use if it does
obtain the domain name of the server(s). To sum up, and given the
advantages of DNS indirection as well, a DECADE client SHOULD prefer
DECADE servers which can be located by an FQDN. That said, and given
the strong recommendation against aliasing [GUIDE], it remains for
the DECADE WG to decide which of the two options to choose, if a
choice is mandated.
5 DECADE Client Operation
In general, the DECADE client SHOULD prefer to contact a DECADE
server using its domain name. The indirection and late binding
provided by DNS should be taken advantage of whenever possible.
However, it is possible that for certain DECADE system deployments
DNS cannot be used or be relied upon, hence, a DECADE client MAY
contact a server using an IP address.
The client implementation may maintain two separate lists for DECADE
domain names and IP addresses. The list(s) of DECADE servers at the
client may be prioritized according to various factors and can
include server location information which has been entered manually
or configured automatically, e.g., via DHCP.
With respect to the list of DECADE server location information made
available to the DECADE client via the DHCP options defined in this
document (or other means), the DECADE client MAY decide to ignore all
DECADE servers suggested by the network administrator. However, if
the DECADE client decides to use the servers suggested by the network
administrator via DHCP, the client MUST consider all domain names in
the received list first, before initiating connections to DECADE
servers in the IP address list.
6 Security Considerations
In general, a DECADE client SHOULD be on guard with all configuration
information which is dynamically provisioned. In particular, the
DECADE client should exercise caution when using dynamically
provisioned information as it may end up contacting malicious DECADE
servers, the operators of which could get access to sensitive or
private information, lead denial of service attacks, pollute data
objects uploaded on the server, and so on. That said, DHCP supports
Pentikousis Expires March 17, 2013 [Page 10]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
an authentication mechanism that can alleviate man-in-the-middle
attacks and more authentication mechanisms may be deployed; see
[GUIDE].
DHCP is used to provision nodes with generally applicable
configuration information. As such, the server location information
received by a client SHOULD apply to all applications running on the
node. A DECADE system administrator SHOULD NOT use the DHCP options
defined in this document to provide application-specific server
locations in order to avoid placing extraneous load on the DHCP
server infrastructure.
As the server location can be used by any application in a DECADE-
compatible node, effectively, DHCP can be used to provide further
server options to DECADE-compatible applications. However, the
availability of server location information does not necessarily mean
that the client has access to store and retrieve data objects from
the servers obtained through DHCP. Authentication and authorization
for accessing each server included in the lists obtained via DHCP are
performed as per usual.
The security considerations in [D-ARCH], [D-REQS], and [RFC3315]
apply here as well, and DECADE client and server implementers ought
to keep in mind that a range of attacks from within the network are
possible.
7 IANA Considerations
IANA is requested to assign two option codes from the "DHCPv6 Options
Codes" registry for OPTION_DECADE_SERVER and
OPTION_DECADE_SERVER_ADDR.
8 Acknowledgments
Section 4 of this draft would not be possible without the great job
done by the folks who wrote [RFC3315], [RFC3319], [RFC5908], and
[GUIDE]. Tomasz Mrugalski provided valuable pointers and insights
with respect to DHCP, in general, and options definitions, in
particular. Many thanks!
9 References
9.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Pentikousis Expires March 17, 2013 [Page 11]
INTERNET DRAFT DECADE Server Discovery September 13, 2012
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
9.2 Informative References
[RFC3319] Schulzrinne, H. and B. Volz, "Dynamic Host Configuration
Protocol (DHCPv6) Options for Session Initiation Protocol
(SIP) Servers", RFC 3319, July 2003.
[RFC5908] Gayraud, R. and B. Lourdelet, "Network Time Protocol (NTP)
Server Option for DHCPv6", RFC 5908, June 2010.
[RFC6646] Song, H., Zong, N., Yang, Y., and R. Alimi, "DECoupled
Application Data Enroute (DECADE) Problem Statement",
RFC 6646, July 2012.
[D-ARCH] Alimi, R., Rahman, A., Kutscher, D., and Yang, Y., "DECADE
Architecture", draft-ietf-decade-arch-09, (work in
progress), August 2012.
[D-REQS] Gu, Y., Bryan, D., Yang, Y., Zhang, P., and Alimi, R.,
"DECADE Requirements", draft-ietf-decade-reqs-08, (work in
progress), August 2012.
[GUIDE] Hankins, D., Mrugalski, T., Siodelski, M., Jiang, S., and
Krishnan, S., "Guidelines for Creating New DHCPv6
Options", (work in progress), July 2012.
Authors' Addresses
Kostas Pentikousis
Huawei Technologies
Carnotstr. 4
10587 Berlin
Germany
EMail: k.pentikousis@huawei.com
Pentikousis Expires March 17, 2013 [Page 12]