dibbler – dhcpv6 implementation tomasz mrugalski tomasz.mrugalski(at)eti.pg.gda.pl november 2010...

Dibbler – DHCPv6 implementationDibbler – DHCPv6 implementation

Tomasz MrugalskiTomasz Mrugalski

tomasz.mrugalski(at)eti.pg.gda.pltomasz.mrugalski(at)eti.pg.gda.pl

November 2010

Gdańsk Univeristy of Technology

Agenda

• DHCPv6 protocol overview• DHCPv6 extensions• Dibbler project overview• Dibbler status• Dibbler documentation• Code walkthrough• Extensibility (aka how do I add extra options?)

DHCPv6 and DibblerDHCPv6 and Dibbler 22

33 DHCPv6 and DibblerDHCPv6 and Dibbler

DHCPv6 :: Overview (1)DHCPv6 :: Overview (1)

• Specified in 2003 by IETF [RFC3315]– Largest number of draft revisions ever in IETF history– 20+ RFCs related to DHCPv6– Numerous drafts

• Consists of clients, servers, relays and requestors (leasequery)

• Framework for server redundancy and failover

• Multicast-based (mcast is supported by all IPv6 nodes)– Optional unicast support

• Supports Duplicate Address Detection

• Generic mechanism for configuring IPv6 addresses and more:– Delegating prefixes– FQDN allocations, DNS updates– 20+ options (SIP servers, domains, DNS, timezones, subscriber-ids, …)– Options renewal– Lease queries– Temporary addresses– Relays (including cascade)– Unicast communication– …


DHCPv6 :: Overview (2)DHCPv6 :: Overview (2)

• Negotiation mechanisms available

• Options– DNS servers configuration

– Domain configuration

– NTP servers configuration

– Timezone configuration

– SIP-related parameters configuration

– NIS, NIS+ parameters configuration

– Boot options

– Vendor-specific information

– Subscriber-ID, Remote-ID

– Authentication

– Echo Request

– …• Authentication• Reconfigure support

DHCPv6 :: BasicsDHCPv6 :: Basics• Client sends SOLICIT

– Contains desired parameters (addresses and options)– „Hey, who can assign me these?”

• All servers available respond with ADVERTISE– Contains possible server responses– Contains server identifier– „If you choose me, I will grant you something like this”

• Client sends REQUEST to a choosen server– „Assign me this options, please”

• Server grants addresses and options and sends REPLY– „These are your parameters”


SERVERCLIENT SOLICIT

REPLY

ADVERTISEREQUEST


DHCPv6 :: Basic address acquisition• Client sends SOLICIT

– Contains desired parameters (addresses and options)– „Hey, who can assign me these?”

• All servers available respond with ADVERTISE– Contains possible server responses– Contains server identifier– „If you choose me, I will grant you something like this”

• Client sends REQUEST to a chosen server– „Assign me those options, please”

• Server grants addresses and options and sends REPLY– „These are your parameters”


REPLY

ADVERTISE

REQUEST


DHCPv6 :: Server discoveryDHCPv6 :: Server discovery

Client sends SOLICIT to locate servers and its capabilitiesClient sends SOLICIT to locate servers and its capabilities All servers available respondAll servers available respond Client chooses best server and asks for parametersClient chooses best server and asks for parameters

client

DHCPv6server 1

DHCPv6server 2

DHCPv6server 3SOLICIT

ADVERTISE

DHCPv6relay


DHCPv6 :: Renewal mechanism

• Renewal mechanism– RENEW contains server identifier and is addresses to a specific server– RENEW is ignored by other servers– Asked SERVER responds with updated parameters (e.g. extented address

lifetimes)

RENEW

REPLY

Emergency Renewal mechanismEmergency Renewal mechanism Used when after several retransmissions RENEW remains unanswered)Used when after several retransmissions RENEW remains unanswered) Does not contain server identifier („addressed to any server”)Does not contain server identifier („addressed to any server”) One of the servers (e.g. server2) available respondOne of the servers (e.g. server2) available respond From now on, client will renew its parameters from server2From now on, client will renew its parameters from server2

REBIND

REPLY


Relay supportRelay support Server supports multiple links (local and remote)Server supports multiple links (local and remote) Relays can add extra options:Relays can add extra options:

Remote-IDRemote-ID Subscriber-IDSubscriber-ID Echo optionEcho option

DHCPv6 :: Relays

client serverrelay

Cascade relays supportCascade relays support Up to 32 relaysUp to 32 relays Great scalabilityGreat scalability

client serverrelay 1 relay 2


DHCPv6 :: Prefix delegation

Client(router)

server

Client is not the end-user, but a CPEClient is not the end-user, but a CPE Receives whole prefix intead of single addressReceives whole prefix intead of single address Prefix can be announced over user’s linkPrefix can be announced over user’s link Can be also used for local mgmt (e.g. serving addresses Can be also used for local mgmt (e.g. serving addresses

via DHCPv6 to users)via DHCPv6 to users)

nodes

DHCPRAs


DHCPv6 :: DNS Update

Fully Qualified Domain NameFully Qualified Domain Name Client wants to obtain fully qualified domain nameClient wants to obtain fully qualified domain name Client wants to obtain hostnameClient wants to obtain hostname ……

Several scenariosSeveral scenarios Forward resolution only (AAAA records)Forward resolution only (AAAA records) Reverse resolution only (PTR records)Reverse resolution only (PTR records) BothBoth Performed by server (better security, worse scalability)Performed by server (better security, worse scalability) Performed by client (better scalability, worse security)Performed by client (better scalability, worse security)

client DHCPserver

FQDN

DNS server

update update


DHCPv6 :: Address duplicates

client

Client checks address uniqueness Client checks address uniqueness uses DAD (Duplicate Address Detection)uses DAD (Duplicate Address Detection)

Address can be rejected by clientAddress can be rejected by client Server marks address as “dirty”Server marks address as “dirty”

server

Duplicateaddress

REPLY

DECLINE

REQUEST


DHCPv6 :: Leasequery

client

LeasequeryLeasequery Relatively new addition (September 2007)Relatively new addition (September 2007) New entity: requestorNew entity: requestor „„Who has this address specified?”Who has this address specified?” „„What options does this client have?”What options does this client have?” Framework for further developmentFramework for further development

Bulk leasequeries => DHCP failoverBulk leasequeries => DHCP failover ……

Work in progressWork in progressrequestor

serverAddresses, prefixes, options

queries

DHCPv6 :: Unicast, Rapid-commitDHCPv6 :: Unicast, Rapid-commit

• Normal communication is multicast based– Client sends data to multicast– One server (with proper server identifier) sends reply to unicast address

• Optional unicast communication– Client sends data to server’s IPv6 address directly– Does not burden other servers and network devices

• Normal configuration requires 4 messages exchange– Solicit, Advertise, Request, Reply

• Client can ask for rapid configuration– Client sends Solicit– If server supports rapid-commit, sends Reply (with granted parameters)



REPLY

DHCPv6 extensions (1)DHCPv6 extensions (1)RFCs:• Dynamic Host Configuration Protocol for IPv6 (RFC 3315) • DNS Configuration Options for DHCPv6 (RFC 3646) • IPv6 Prefix Options for DHCPv6 (RFC 3633) • Stateless DHCP Service for IPv6 (RFC 3736)• NIS Configuration Options for DHCPv6 (RFC 3898) • Simple Network Time Protocol (SNTP) Configuration Option for DHCPv6

(RFC 4075) • Renumbering Requirements for Stateless Dynamic Host Configuration

Protocol for IPv6 (DHCPv6) (RFC 4076) • Information Refresh Time Option for Dynamic Host Configuration Protocol

for IPv6 (DHCPv6) (RFC 4242) • Dynamic Host Configuration Protocol (DHCP): IPv4 and IPv6 Dual-Stack

Issues (RFC 4477) • ...


DHCPv6 extensions (2)DHCPv6 extensions (2)

Drafts:

• The DHCPv6 Client FQDN Option (33042 bytes)

• DHCPv6 Relay agent RADIUS Attribute Option (28663 bytes)*

• DHCPv6 Relay Agent Remote ID Option (12142 bytes)

• DHCPv6 Relay Agent Subscriber-ID Option (12530 bytes)

• Domain Suffix Option for DHCPv6 (8666 bytes)*

• Time Protocol Servers and Time Offset Options for IPv6 DHCP (11217 bytes)*

• ...

• * - not supported by Dibbler yet


Dibbler projectDibbler project

DHCPv6 :: DHCPv6 :: ImplementaImplementationstions

• Linux: ISC, Sourceforge, wide• Windows: Vista, Win7• BSD: ISC, Kame• Mac OS X• Cisco: Prefix Delegation/Relays focused• HP-UX: proprietary• NEC: proprietary• …


Dibbler


The Dibbler project is an open source,

portable implementation of the DHCPv6

protocol, providing client, server, relay and

requestor. Currently ports for Linux and

Windows based systems are available.


Dibbler :: Dibbler :: Design assumptionsDesign assumptions (1) (1)

• Extensive server configuration– Preferences, multiple classes on one interface, address-client

reservation, client classification, multiple pools, temporary addresses, prefix delegation, white-list, black-list, numerous options etc.

• Zero client konfiguration – out-of-the-box (quick install)

• Non-mandatory client configuration– For experienced/more demanding users

• Portability– 2 layers: logic (C++), low-level functions (C)– Currently: Windows NT4/2k/XP/2k3/Vista, Linux 2.4/2.6, Mac OS, …– Porting to other systems requires reimplementation of small number

of low level functions (e.g. open socket, get list of interfaces,add address, etc.)


Dibbler :: Dibbler :: Design assumptionsDesign assumptions (2) (2)

• Clean architecture

– Object-oriented

– Easily extended

• Extensibility – Additonal options may be defined

– Easy services convergence• Data is dumped in XML (scripts,stats)

• Open source– Free for use, including commercial use

– Sources available

– GNU GPL licence


Dibbler :: Dibbler :: Current Status (1)Current Status (1)

• Started in 2003 as double master thesis– Grown considerably since then…

• Feedback from 31 countries– Poland, Germany, Chech Republic, France, Spain, USA,

China, Malaysia, Canada, Taiwan, Switzerland, Turkey, India, UK, Austria, Hungary, Cuba, Japan, Sweden, Luxembourg, Australia, Israel, Norway, Thailand, Finland, Philippines, Venezuela, Bosna and Herzegovina, Portugal, New Zealand, Indonesia

• Was used as reference implementation in Cisco R&D labs

• High interest from major telco players– Cisco, Comcast, HP, Intel, Motorola, Nokia, Xerox and others

• Open source

2323 DHCPv6 and DibblerDHCPv6 and Dibbler23

Dibbler Dibbler ::: : Current Status (2) Current Status (2)

• Available for:– Linux (Debian, Ubuntu, Gentoo, PLD, OpenWRT, sources)– Windows NT, 2000, XP, 2003, Vista, Win7– MacOS (work in progress)

• Ported to various architectures– x86, x86_64, amd64, Sparc, PowerPC, Alpha (64bit RISC), Motorola m68k

– MIPS (embedded system, e.g. LinkSys wireless router WRT54)

– IBM S390 (mainframe class)

Dibbler :: Dibbler :: Selected features (1)Selected features (1)


client server

• Server discovery• Address/addresses leasing• Address renewal• Duplicate Address Detection (DAD)• Rapid-commit• Unicast communication• Options renewal

Dibbler :: Dibbler :: Selected features (2)Selected features (2)

DHCPv6 and DibblerDHCPv6 and Dibbler

client

server 1

• Multiple server support– Redundancy– Client chooses best server– Retrieving options from multiple servers

server 2

2525


Dibbler :: Dibbler :: Selected features (3)Selected features (3)• Prefix delegation

• DNS Update done over IPv6 only (Dibbler does not deal with legacy technologies like IPv4)

• Extensibility– New options added in configuration file (no need to modify code)

• Flexible client configuration– e.g. send 3 IA_NA options with 2 addresses in each

– Send some extra/custom options

• Stateless DHCPv6– Just some options, not an adress or prefix

– Also anonymous

• Accepts unicast solicits out of the box (not adhering to the spec, but very convenient)


Dibbler :: Dibbler :: Selected features (4)Selected features (4)• Client classification

– e.g. VoIP phones and PCs in one network, each receiving addresses/prefixes from a different pool

– Exceptions• This client should receive some dedicated options

• Parameter negotiation– Clients are allowed to send values as hints

– Server may be configured to accept range of values (e.g. T1 from 1800 to 3600).

• Integration (IPAM style)– XML files exported

– Leasequery protocol supported (RFC5007)

– GNU GPL licence

• Inteoperability– Client is able to transmit any option


Dibbler :: Dibbler :: Non-standard extensionsNon-standard extensions• Remote IPv4-to-IPv6 NAT/tunneling

– A box with:• IPv4-to-IPv6 NAT• IPv4-over-IPv6 tunneling

– Remotely configurable– Developed Linux kernel to do the IPv4-to-IPv6 NAT– This work eventually became DS-Lite tunnel option

• Address with parameters assignments– Extra suboption for specifying prefix length for assigned address

• Authentication– All transmissions fully authenticated– keys based (SHA1, SHA256, SHA512)– Manual key distribution

• Mobile DHCPv6 / Remote autoconfiguration– How to obtain addresses and options remotely?

CPEIPv4-IPv6

ReverseIPv6-IPv4

IPv6 onlyIPv4 onlyIPv4 Internet

Dibbler Dibbler documentationdocumentation

• Dibber User’s Guide– For users– Installation, usage, examples, config files– 60+ pages– ~40 examples– written LaTeX, distributted as PDF

• Dibbler Developer’s Guide– For developers– Compilation– Memory management using SmartPtrs– Architecture– Debugging (electric fence, valgrind)– Modular features– Formerly written in LaTeX, migrated to Doxygen– Not distributed yet, intended as HTML


Thank youThank you

Dibbler homepage:Dibbler homepage:http://klub.com.pl/dhcpv6/http://klub.com.pl/dhcpv6/

3030

dibbler – dhcpv6 implementation tomasz mrugalski tomasz.mrugalski(at)eti.pg.gda.pl november 2010...

Documents

best server

server redundancy

serversasked server

server discoveryclient

extra options

ipv6 addresses

updated parameters

server2 available respondfrom