from the delegating router.   When a requesting router subnets a delegated prefix, it must assign   additional bits to the prefix to generate unique, longer prefixes.   For example, if the requesting router in Figure 1 were delegated   3FFE:FFFF:0::/48, it might generate 3FFE:FFFF:0:1::/64 and   3FFE:FFFF:0:2::/64 for assignment to the two links in the subscriber   network.  If the requesting router were delegated 3FFE:FFFF:0::/48   and 3FFE:FFFF:1::/48, it might assign 3FFE:FFFF:0:1::/64 and   3FFE:FFFF:1:1::/64 to one of the links, and 3FFE:FFFF:0:2::/64 and   3FFE:FFFF:1:2::/64 for assignment to the other link.   If the requesting router assigns a delegated prefix to a link to   which the router is attached, and begins to send router   advertisements for the prefix on the link, the requesting router MUST   set the valid lifetime in those advertisements to be no later than   the valid lifetime specified in the IA_PD Prefix option.  A   requesting router MAY use the preferred lifetime specified in the   IA_PD Prefix option.   Handling of Status Codes options in received Reply messages is   described in "Receipt of Reply Messages" of the DHCP specification   [6].  The NoPrefixAvail Status Code is handled in the same manner as   the NoAddrsAvail Status Code.12.2 Delegating Router behaviour   When a delegating router receives a Request message from a requesting   router that contains an IA_PD option, and the delegating router is   authorised to delegate prefix(es) to the requesting router, the   delegating router selects the prefix(es) to be delegated to theTroan & Droms          Expires September 1, 2003               [Page 14]Internet-Draft       IPv6 Prefix Options for DHCPv6           March 2003   requesting router.  The mechanism through which the delegating router   selects prefix(es) for delegation is not specified in this document.   Section 11.2 gives examples of ways in which a delegating router   might select the prefix(es) to be delegated to a requesting router.   A delegating router examines the prefix(es) identified in IA_PD   Prefix options (in an IA_PD option) in Renew and Rebind messages and   responds according to the current status of the prefix(es).  The   delegating router returns IA_PD Prefix options (within an IA_PD   option) with updated lifetimes for each valid prefix in the message   from the requesting router.  If the delegating router finds that any   of the prefixes are not in the requesting router's binding entry, the   delegating router returns the prefix to the requesting router with   lifetimes of 0.   Behaviour in the case where the delegating router cannot find a   binding for the requesting router's IA_PD:   Renew message       If the delegating router cannot find a binding                       for the requesting router's IA_PD the delegating                       router returns the IA_PD containing no prefixes                       with a Status Code option set to NoBinding in the                       Reply message.   Rebind message      If the delegating router cannot find a binding                       for the requesting router's IA_PD and the                       delegating router determines that the prefixes in                       the IA_PD are not appropriate for the link to                       which the requesting router's interface is                       attached according to the delegating routers                       explicit configuration, the delegating router MAY                       send a Reply message to the requesting router                       containing the IA_PD with the lifetimes of the                       prefixes in the IA_PD set to zero.  This Reply                       constitutes an explicit notification to the                       requesting router that the prefixes in the IA_PD                       are no longer valid.  If the delegating router is                       unable to determine if the prefix is not                       appropriate for the link, the Rebind message is                       discarded.   A delegating router may mark any prefix(es) in IA_PD Prefix options   in a Release message from a requesting router as "available",   dependent on the mechanism used to acquire the prefix, e.g in the   case of a dynamic pool.   The delegating router MUST include an IA_PD Prefix option or options   (in an IA_PD option) in Reply messages sent to a requesting router.Troan & Droms          Expires September 1, 2003               [Page 15]Internet-Draft       IPv6 Prefix Options for DHCPv6           March 200313. Prefix Delegation reconfiguration   This section describes prefix delegation in Reconfigure message   exchanges.13.1 Delegating Router behaviour   The delegating router initiates a configuration message exchange with   a requesting router, as described in the section "DHCP Server-   Initiated Configuration Exchange" of the DHCP specification [6].  The   delegating router specifies the IA_PD option in the Option Request   option to cause the requesting router to include an IA_PD option to   obtain new information about delegated prefix(es).13.2 Requesting Router behaviour   The requesting router responds to a Reconfigure message received from   a delegating router as described in the DHCP specification [6].  The   requesting router MUST include the IA_PD Prefix option(s) (in an   IA_PD option) for prefix(es) that have been delegated to the   requesting router by the delegating router from which the Reconfigure   message was received.14. Relay agent behaviour   A relay agent forwards messages containing Prefix Delegation options   in the same way as described in section "Relay Behaviour" of the DHCP   specification [6].   If a delegating router communicates with a requesting router through   a relay agent, the delegating router may need a protocol or other   out-of-band communication to add routing information for delegated   prefixes into the provider edge router.15. Security Considerations   Security considerations in DHCP are described in the section   "Security Considerations" of the DHCP specification [6].   A rogue delegating router can issue bogus prefixes to a requesting   router.  This may cause denial of service due to unreachability.   An intruder requesting router may be able to mount a denial of   service attack by repeated requests for delegated prefixes that   exhaust the delegating router's available prefixes.   To guard against attacks through prefix delegation, requesting   routers and delegating routers SHOULD use DHCP authentication asTroan & Droms          Expires September 1, 2003               [Page 16]Internet-Draft       IPv6 Prefix Options for DHCPv6           March 2003   described in section "Authentication of DHCP messages" in the DHCP   specification [6].  For point to point links, where one trusts that   there is no man in the middle, or one trusts layer two   authentication, DHCP authentication or IPsec may not be necessary.   Because a requesting router and delegating routers must each have at   least one assigned IPv6 address, the routers may be able to use IPsec   for authentication of DHCPv6 messages.  The details of using IPsec   for DHCPv6 are under development.16. IANA Considerations   IANA is requested to assign option codes to:   OPTION_IA_PD   OPTION_IAPREFIX   from the option-code space as defined in section "DHCPv6 Options" of   the DHCPv6 specification [6].   IANA is requested to assign a status code:   NoPrefixAvail       Delegating router has no prefixes available to                       assign to the IAPD(s)   from the status-code space as defined in section "Status Codes" of   the DHCPv6 specification [6].17. Acknowledgements   Thanks for the input and review by (in alphabetical order) Steve   Deering, Dave Forster, Brian Haberman, Tatuya Jinmei, Shin Miyakawa,   Pekka Savola, Bernie Volz, Trevor Warwick and Toshi Yamasaki.18. Changes in draft-ietf-dhc-dhcpv6-opt-prefix-delegation-03   o  Clarified that this draft is an extension of the DHCPv6      specification and that complete specification and terminology can      be found in the DHCPv6 specification.   o  Updated relevant sections to be consistent with draft-ietf-dhc-      dhcpv6-interop-00.txt.  This includes T1/T2 times, preferred and      valid lifetimes and Rebind/Renew usage.   o  Clarified the usage of the NoPrefixAvail Status Code   o  Clarified delegating router behaviour when no binding is found for      Renew/Rebind.Troan & Droms          Expires September 1, 2003               [Page 17]Internet-Draft       IPv6 Prefix Options for DHCPv6           March 2003   o  Various editorial changesNormative References   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement        Levels", BCP 14, RFC 2119, March 1997.   [2]  Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)        Specification", RFC 2460, December 1998.   [3]  Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for        IP Version 6 (IPv6)", RFC 2461, December 1998.   [4]  Hinden, R. and S. Deering, "IP Version 6 Addressing        Architecture", RFC 2373, July 1998.   [5]  Thomson, S. and T. Narten, "IPv6 Stateless Address        Autoconfiguration", RFC 2462, December 1998.   [6]  Droms, R., "Dynamic Host Configuration Protocol for IPv6        (DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress), November        2002.   [7]  Aboba, B., Zorn, G. and D. Mitton, "RADIUS and IPv6", RFC 3162,        August 2001.Informative References   [8]  Miyakawa, S., "Requirements for IPv6 prefix delegation", draft-        ietf-ipv6-prefix-delegation-requirement-00 (work in progress),        November 2002.Authors' Addresses   Ole Troan   Cisco Systems   250 Longwater Avenue   Reading  RG2 6GB   United Kingdom   Phone: +44 20 8824 8666   EMail: ot@cisco.comTroan & Droms          Expires September 1, 2003               [Page 18]Internet-Draft       IPv6 Prefix Options for DHCPv6           March 2003   Ralph Droms   Cisco Systems   300 Apollo Drive   Chelmsford, MA  01824   USA   Phone: +1 978 497 4733   EMail: rdroms@cisco.comTroan & Droms          Expires September 1, 2003               [Page 19]Internet-Draft       IPv6 Prefix Options for DHCPv6           March 2003Full Copyright Statement   Copyright (C) The Internet Society (2003).  All Rights Reserved.   This document and translations of it may be copied and furnished to   others, and derivative works that comment on or otherwise explain it   or assist in its implementation may be prepared, copied, published   and distributed, in whole or in part, without restriction of any   kind, provided that the above copyright notice and this paragraph are   included on all such copies and derivative works.  However, this   document itself may not be modified in any way, such as by removing   the copyright notice or references to the Internet Society or other   Internet organizations, except as needed for the purpose of   developing Internet standards in which case the procedures for   copyrights defined in the Internet Standards process must be   followed, or as required to translate it into languages other than   English.   The limited permissions granted above are perpetual and will not be   revoked by the Internet Society or its successors or assigns.   This document and the information contained herein is provided on an   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement   Funding for the RFC Editor function is currently provided by the   Internet Society.Troan & Droms          Expires September 1, 2003               [Page 20]