xref: /netbsd-src/external/mpl/dhcp/dist/doc/DHCPv4-over-DHCPv6 (revision 6fb29d29285c26a62fae51364e3aa9f51d403424)

Short notice about DHCPv4 over DHCPv6 aka RFC 7341
--------------------------------------------------
Note well: this code is still somewhat experimental and any user
should take care when trying to use it.

GENERAL
The purpose of DHCPv4 over DHCPv6 (RFC7341) is to encapsulate
a DHCPv4 request within a DHCPv6 request in order to transmit
it across a v6 only network.  This feature may become useful
when, during the transition from a v4 to a v6 network, there
are still v4 clients at the edges and v4 servers in the center
but the links between them are v6 only.

In order to support this functionality we have chosen to use
two processes each for the client and server.  In both pairs
one process handles the DHCPv4 processing and the other handles
the DHCPv6 processing.

The topology is thus something like this:

 Client processes    network    Server processes
DHCPv4 <-> DHCPv6  <--ipv6-->  DHCPv6 <-> DHCPv4

The v6 client and server processes can continue to process
DHCPv6 packets as normal but will also allow a DHCPv4 process
to connect to them via a socket.  The DHCPv4 client will pass
a request to the DHCPv6 client which will encapsulate it within
a DHCPv6 request which is sent to the DHCPv6 server (possibly
via DHCPv6 relays).  When the DHCPv6 server receives the packet
it will get the DHCPv4 query and pass it to the DHCPv4
server.  The response will by handled in a similar fashion.

When starting up the paired processes one should take care that
they use different files for configuration, leases and process IDs.

LOCALIZATION
Normally the DHCPv4 server choose a subnet based on a number of options:
 - follow the Relay Agent Link Selection option if exists
 - follow the Subnet Selection option if exists
 - use the relay address if relayed
 - use the receiving interface

With the exception of the last case the address must match a subnet address.
Unfortunately when using DHCPv4 over DHCPv6 this information is not available
in the packet, to quote RFC 7341:

   Since the DHCPv4 message is encapsulated in the DHCPv6 message, it
   lacks the information that is typically used by the DHCPv4 server,
   implementing [RFC2131], to make address- allocation decisions,
   e.g., giaddr for relayed messages and IPv4 address of the interface
   that the server is using to communicate with a directly connected
   client.

In DHCPv4 over DHCPv6, there are a mixture of IPv6 and IPv4 addresses.
The DHCPv4 over DHCPv6 server externally uses only IPv6 addresses,
even on the DHCPv4 side, so shared networks associated with directly
attached interfaces are identified by subnet6 declarations.
For this reason, the DHCPv4 side shouldn't request an interface
vai the command line or configuration file: all usable interfaces
will be requested (i.e., standard behavior when no interface is
specified in the command line or configuration file) and it is
not an error to have an interface with an address and no matching
subnet6 declaration, nor an error to have no usable interfaces
(i.e., fully relayed or routed topologies are accepted).

Note also there is no involved DHCPv4 relays (DHCPv4 messages are
directly encapsulated into DHCPv6 DHCPv4-query/DHCPv4-response
messages by clients and servers as there is no cross DHCP version
relays specified by RFC 7341) so to get a Relay Agent option or
a relay address are very unlikely cases.

So the procedure is:
 - follow the Relay Agent Link Selection option if exists
 - follow the DHCPv4 Subnet Selection option if exists
 - use the DHCPv4 relay address if DHCPv4 relayed
 - when DHCPv6 relayed, use the first relay with an usable (i.e., not
   unspecified or link-local) address
 - use the receiving interface

The basic network configuration is something like this:
----
shared-network "link1" {
    subnet6 2001:db8:1:1::/64 { }

    subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.100 192.168.1.199;
    }
}
----

This groups the 2001:db8:1:1::/64 subnet with the 192.168.1.0 subnet.
When the a DHCPv4 over DHCPv6 client uses the 2001:db8:1:1::10 IPv6 address
it will get an address from 192.168.1.1xy assigned.

There is one remaining question: on which interface should
a DHCPv4 over DHCPv6 client apply the assigned IPv4 address?
RFC 7341 does not really help:
   Before applying for an IPv4 address via a DHCPv4-query message, the
   client must identify a suitable network interface for the address.
   Once the request is acknowledged by the server, the client can
   configure the address and other relevant parameters on this
   interface.  The mechanism for determining a suitable interface is out
   of the scope of the document.

The ISC DHCP answer is the IPv4 address is (in fact is required to be)
specified in the command line of the DHCPv4 side of the DHCPv4 over DHCPv6
client. BTW in the usual case where the upstream interface is IPv6 only,
the IPv4 interface will be a different one.


                               HOW TO USE
                               ----------


CONFIGURATION
By default the DHCPv4 over DHCPv6 code is disabled and in order to use
it you will need to configure it.  Note that this code requires that the
dhcpv6 code be enabled (it is enabled by default.)

   ./configure --enable-dhcpv4o6

CLIENT SETUP
The client runs both a DHCPv6 client and a DHCPv4 client on the second
Ethernet eth1.  The following could be used to launch them from the
client directory.

   ./dhclient -d -v -6 -4o6 6767 -lf leases6 -pf pid6 eth1

and

   ./dhclient -d -v -4 -4o6 6767 -lf leases4 -pf pid4 eth1

In this case we are using the port pair 6767 and 6768 for communication
and one can start or stop either client as necessary (though if the
v6 client is stopped the v4 client won't be able to contact a server).
The lease files are leases4 and leases6 and the process id files are pid4 and
pid6.  You would probably put the files elsewhere.

For testing purposes it is best to run the two clients in the foreground
and in separate windows.

SERVER SETUP
As with any DHCP servers you will need to ensure there is a path from
the clients to the servers - any firewalls must allow DHCPv6 traffic
through.  You should also verify no other DHCP servers are running
and will conflict with the DHCPv4 over DHCPv6 pair.

The server VM must have both IPv4 and IPv6 addresses.  On a system
running Fedora with the second interface named eno33554984,
the commands are:

   ip addr add 10.10.10.1/24 dev eno33554984

and

   ip -6 addr add 2001:db8:1:1::1/64 dev eno33554984

Note that in theory the IPv4 address is not required but:
  - there are some DHCPv4 clients which refused responses with no or an
    invalid server-id
  - this avoids messages about being unable to find a subnet to configure or
    something similar

Both ISC DHCP and Kea use 2 processes to manage DHCPv4-over-DHCPv6, one
in charge of DHCPv6, the other in charge of DHCPv4. They communicate via UDP.

ISC DHCP DHCPv6 SERVER
The dhcpd.conf6 example configuration file is:
----
# DHCPv6 conf

authoritative;

default-lease-time 3600;
max-lease-time 7200;

option dhcp6.dhcp4-o-dhcp6-server 2001:db8:1:1::1;

subnet6 2001:db8:1:1::/64 {
        range6 2001:db8:1:1::1:0/112;
}
----

The server is launched from the server directory by:

  ./dhcpd -f -d -6 -4o6 6767 -cf ./dhcpd.conf6 -lf ./leases6 -pf ./pid6 eno33554984

As with the client above the servers are using the port pair 6767 and 6768
to communicate.  The leases file (leases6) must be created before attempting
to start the server.

ISC DHCP DHCPv4 SERVER
The dhcpd.conf4 example configuration file is:
----
# DHCPv4o6 conf

authoritative;

default-lease-time 3600;
max-lease-time 7200;

shared-network "eno33554984" {
    subnet6 2001:db8:1:1::/64 { }

    subnet 10.10.10.0 netmask 255.255.255.0 {
       range 10.10.10.100 10.10.10.199;
    }
}
----

The server is launched from the server directory by:

   ./dhcpd -f -d -4 -4o6 6767 -cf ./dhcpd.conf4 -lf ./leases4 -pf ./pid4

Note that the port specification must be the same as used with the v6 server
and that the configuration, lease and process id files should have different
names.  Again the The leases file (leases4) must be created before attempting
to start the server.

Finally note in the configuration file the use of the shared-network to
connect the DHCPv4 and  DHCPv6 subnets.

USE WITH DHCPv6 RELAY(s)
If the DHCPv6 infrastructure uses one (or more) relay because the client
and the server are not on the same link the best choice is to put the
first (closest to client) relay address in the dhcp4-o-dhcp6-server
option so the same path between the DHCPv6 client part and server part
will be used for DHCPv6 and DHCPv4-over-DHCPv6 traffic.