Internet Engineering Task Force (IETF) K. Kinnear
Request for Comments: 6607 R. Johnson
Updates: 3046 M. Stapp
Category: Standards Track Cisco Systems
ISSN: 2070-1721 April 2012
Internet Engineering Task Force (IETF) K. Kinnear
Request for Comments: 6607 R. Johnson
Updates: 3046 M. Stapp
Category: Standards Track Cisco Systems
ISSN: 2070-1721 April 2012
Virtual Subnet Selection Options for DHCPv4 and DHCPv6
DHCPv4和DHCPv6的虚拟子网选择选项
Abstract
摘要
This memo defines a DHCPv4 Virtual Subnet Selection (VSS) option, a DHCPv6 VSS option, and the DHCPv4 VSS and VSS-Control sub-options carried in the DHCPv4 Relay Agent Information option. These are intended for use by DHCP clients, relay agents, and proxy clients in situations where VSS information needs to be passed to the DHCP server for proper address or prefix allocation to take place.
此备忘录定义了DHCPv4虚拟子网选择(VSS)选项、DHCPv6 VSS选项以及DHCPv4中继代理信息选项中包含的DHCPv4 VSS和VSS控制子选项。这些用于DHCP客户端、中继代理和代理客户端在需要将VSS信息传递到DHCP服务器以进行正确地址或前缀分配的情况下使用。
For the DHCPv4 option and Relay Agent Information sub-options, this memo documents and extends existing usage as per RFC 3942. This memo updates RFC 3046 regarding details relating to the copying of sub-options (see Section 8).
对于DHCPv4选项和中继代理信息子选项,本备忘录根据RFC 3942记录并扩展了现有用途。本备忘录更新了RFC 3046有关复制子选项的详细信息(见第8节)。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6607.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6607.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction ....................................................3
2. Terminology .....................................................4
3. Virtual Subnet Selection Options and Sub-Options: Definitions ...6
3.1. DHCPv4 Virtual Subnet Selection Option .....................6
3.2. DHCPv4 Virtual Subnet Selection Sub-Option .................6
3.3. DHCPv4 Virtual Subnet Selection Control Sub-Option .........7
3.4. DHCPv6 Virtual Subnet Selection Option .....................7
3.5. Virtual Subnet Selection Type and Information ..............8
4. Overview of Virtual Subnet Selection Usage ......................8
4.1. VPN Assignment by the DHCP Relay Agent .....................9
4.2. VPN Assignment by the DHCP Server .........................12
4.3. Required Support ..........................................14
4.4. Alternative VPN Assignment Approaches .....................14
5. Relay Agent Behavior ...........................................15
5.1. VPN Assignment by the DHCP Server .........................16
5.2. DHCP Leasequery ...........................................17
6. Client Behavior ................................................17
7. Server Behavior ................................................19
7.1. Returning the DHCPv4 or DHCPv6 Option .....................20
7.2. Returning the DHCPv4 Sub-Option ...........................20
7.3. Making Sense of Conflicting VSS Information ...............21
8. Update to RFC 3046 .............................................22
9. Security Considerations ........................................22
10. IANA Considerations ...........................................23
11. Acknowledgments ...............................................24
12. References ....................................................25
12.1. Normative References .....................................25
12.2. Informative References ...................................25
1. Introduction ....................................................3
2. Terminology .....................................................4
3. Virtual Subnet Selection Options and Sub-Options: Definitions ...6
3.1. DHCPv4 Virtual Subnet Selection Option .....................6
3.2. DHCPv4 Virtual Subnet Selection Sub-Option .................6
3.3. DHCPv4 Virtual Subnet Selection Control Sub-Option .........7
3.4. DHCPv6 Virtual Subnet Selection Option .....................7
3.5. Virtual Subnet Selection Type and Information ..............8
4. Overview of Virtual Subnet Selection Usage ......................8
4.1. VPN Assignment by the DHCP Relay Agent .....................9
4.2. VPN Assignment by the DHCP Server .........................12
4.3. Required Support ..........................................14
4.4. Alternative VPN Assignment Approaches .....................14
5. Relay Agent Behavior ...........................................15
5.1. VPN Assignment by the DHCP Server .........................16
5.2. DHCP Leasequery ...........................................17
6. Client Behavior ................................................17
7. Server Behavior ................................................19
7.1. Returning the DHCPv4 or DHCPv6 Option .....................20
7.2. Returning the DHCPv4 Sub-Option ...........................20
7.3. Making Sense of Conflicting VSS Information ...............21
8. Update to RFC 3046 .............................................22
9. Security Considerations ........................................22
10. IANA Considerations ...........................................23
11. Acknowledgments ...............................................24
12. References ....................................................25
12.1. Normative References .....................................25
12.2. Informative References ...................................25
There is a growing use of Virtual Private Network (VPN) configurations. This growth comes from many areas: individual client systems needing to appear to be on the home corporate network even when traveling, ISPs providing extranet connectivity for customer companies, etc. In some of these cases, there is a need for the DHCP server to know the VPN (also called a "Virtual Subnet Selector" or "VSS" in this document) from which an address, and other resources, should be allocated.
虚拟专用网络(VPN)配置的使用越来越多。这种增长来自多个领域:单个客户机系统即使在旅行时也需要出现在家庭公司网络上,ISP为客户公司提供外网连接,等等。在某些情况下,DHCP服务器需要知道VPN(在本文档中也称为“虚拟子网选择器”或“VSS”)应该从中分配地址和其他资源。
This memo defines a DHCPv4 Virtual Subnet Selection (VSS) option, a DHCPv6 VSS option, and two VSS sub-options carried in the DHCPv4 Relay Agent Information option. These are intended for use by DHCP clients, relay agents, and proxy clients in situations where VSS information needs to be passed to the DHCP server for proper address or prefix allocation to take place. If the receiving DHCP server
此备忘录定义了DHCPv4虚拟子网选择(VSS)选项、DHCPv6 VSS选项和DHCPv4中继代理信息选项中包含的两个VSS子选项。这些用于DHCP客户端、中继代理和代理客户端在需要将VSS信息传递到DHCP服务器以进行正确地址或前缀分配的情况下使用。如果接收DHCP服务器
understands the VSS option or sub-options, this information may be used in conjunction with other information in determining the subnet on which to select an address, as well as other information such as DNS server, default router, etc.
了解VSS选项或子选项,此信息可与其他信息一起用于确定要在其上选择地址的子网,以及其他信息,如DNS服务器、默认路由器等。
If the allocation is being done through a DHCPv4 relay, then the Relay Agent Information sub-options defined here should be included. In some cases, however, an IP address is being sought by a DHCPv4 proxy on behalf of a client (which may be assigned the address via a different protocol). In this case, there is a need to include VSS information relating to the client as a DHCPv4 option.
如果分配是通过DHCPv4中继完成的,则应包括此处定义的中继代理信息子选项。然而,在某些情况下,DHCPv4代理代表客户机寻找IP地址(可以通过不同的协议分配地址)。在这种情况下,需要将与客户端相关的VSS信息作为DHCPv4选项包括在内。
If the allocation is being done through a DHCPv6 relay, then the DHCPv6 VSS option defined in this document should be included in the Relay-forward and Relay-reply messages going between the DHCPv6 relay and server. In some cases, addresses or prefixes are being sought by a DHCPv6 proxy on behalf of a client. In this case, there is a need for the client itself to supply the VSS information using the DHCPv6 VSS option in the messages that it sends to the DHCPv6 server.
如果通过DHCPv6中继进行分配,则本文档中定义的DHCPv6 VSS选项应包含在DHCPv6中继和服务器之间的中继转发和中继回复消息中。在某些情况下,DHCPv6代理代表客户机查找地址或前缀。在这种情况下,客户机本身需要在发送到DHCPv6服务器的消息中使用DHCPv6 VSS选项提供VSS信息。
In the remaining text of this document, when a DHCPv6 address is indicated, the same information applies to DHCPv6 prefix delegation [RFC3633] as well.
在本文档的剩余文本中,当指示DHCPv6地址时,同样的信息也适用于DHCPv6前缀委托[RFC3633]。
In the remaining text of this document, when the term "VSS sub-option" is used, it refers to the VSS sub-option carried in the DHCPv4 Relay Agent Information option.
在本文档的剩余文本中,当使用术语“VSS子选项”时,它指的是DHCPv4中继代理信息选项中包含的VSS子选项。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
This document uses the following terms:
本文件使用以下术语:
o DHCP client
o DHCP客户端
A DHCP client is a host using DHCP to obtain configuration parameters such as a network address.
DHCP客户端是使用DHCP获取配置参数(如网络地址)的主机。
o DHCP proxy
o DHCP代理
A DHCP proxy is a DHCP client that acquires IP addresses not for its own use but rather on behalf of another entity. There are a variety of ways that a DHCP proxy can supply the addresses it acquires to other entities that need them.
DHCP代理是一个DHCP客户端,它获取IP地址不是为了自己使用,而是代表另一个实体。DHCP代理可以通过多种方式将其获取的地址提供给其他需要地址的实体。
o DHCP relay agent
o DHCP 中继代理
A DHCP relay agent is an agent that transfers BOOTP and DHCP messages between clients and servers residing on different subnets, per [RFC951], [RFC1542], and [RFC3315].
DHCP中继代理是根据[RFC951]、[RFC1542]和[RFC3315]在驻留在不同子网上的客户端和服务器之间传输BOOTP和DHCP消息的代理。
o DHCP server
o DHCP服务器
A DHCP server is a host that returns configuration parameters to DHCP clients.
DHCP服务器是向DHCP客户端返回配置参数的主机。
o DHCPv4 option
o DHCPv4选项
A DHCPv4 option is an option used to implement a capability defined by the DHCPv4 RFCs ([RFC2131] [RFC2132]). This option has one-octet code and size fields.
DHCPv4选项是用于实现DHCPv4 RFC([RFC2131][RFC2132])定义的功能的选项。此选项有一个八位字节代码和大小字段。
o DHCPv4 sub-option
o DHCPv4子选项
As used in this document, a DHCPv4 sub-option refers to a sub-option of the Relay Agent Information option [RFC3046]. This sub-option has one-octet code and size fields.
如本文件所用,DHCPv4子选项是指中继代理信息选项[RFC3046]的子选项。此子选项有一个八位字节代码和大小字段。
o DHCPv6 option
o DHCPv6选项
A DHCPv6 option is an option used to implement a capability defined by the DHCPv6 RFC [RFC3315]. This option has two-octet code and size fields.
DHCPv6选项是用于实现DHCPv6 RFC[RFC3315]定义的功能的选项。此选项有两个八位字节代码和大小字段。
o Global VPN
o 全球VPN
This term indicates that the address being described belongs to the set of addresses not part of any VPN -- in other words, the normal address space operated on by DHCP. This includes private addresses -- for example, the 10.x.x.x addresses as well as the other private subnets that are not routed on the open Internet.
该术语表示所描述的地址属于不属于任何VPN的地址集——换句话说,是由DHCP操作的正常地址空间。这包括专用地址——例如,10.x.x.x地址以及其他未在开放Internet上路由的专用子网。
o NVT ASCII identifier
o NVT ASCII标识符
A Network Virtual Terminal (NVT) identifier is an identifier containing only characters from the ASCII repertoire and using the Network Virtual Terminal encoding (see Appendix B of [RFC5198]).
网络虚拟终端(NVT)标识符是仅包含ASCII指令表中的字符并使用网络虚拟终端编码的标识符(参见[RFC5198]的附录B)。
o VSS information
o VSS信息
VSS information provides information about a VPN necessary to allocate an address to a DHCP client on that VPN and necessary to forward a DHCP reply packet to a DHCP client on that VPN.
VSS信息提供有关VPN的信息,该VPN是将地址分配给该VPN上的DHCP客户端所必需的,也是将DHCP应答数据包转发给该VPN上的DHCP客户端所必需的。
o VPN
o 虚拟专用网
This term refers to a virtual private network. A VPN appears to the client to be a private network.
该术语指的是虚拟专用网络。VPN在客户端看来是一个专用网络。
o VPN identifier
o VPN标识符
The VPN-ID is defined by [RFC2685] to be a sequence of 7 octets.
VPN-ID由[RFC2685]定义为7个八位字节的序列。
The VSS options and sub-options contain a generalized way to specify the VSS information about a VPN. There are two options and two sub-options defined in this section. The actual VSS information is identical for both options and for one of the two sub-options.
VSS选项和子选项包含指定有关VPN的VSS信息的通用方法。本节定义了两个选项和两个子选项。两个选项和两个子选项之一的实际VSS信息相同。
The format of the option is shown below.
选项的格式如下所示。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | Type | VSS Info. ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | Type | VSS Info. ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code The option code (221).
对选项代码(221)进行编码。
Length The option length, minimum 1 octet.
长度选项长度,最小为1个八位字节。
Type and VSS Information -- see Section 3.5.
类型和VSS信息——请参见第3.5节。
This is a sub-option of the Relay Agent Information option [RFC3046]. The format of the sub-option is shown below.
这是中继代理信息选项[RFC3046]的子选项。子选项的格式如下所示。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | Type | VSS Info. ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | Type | VSS Info. ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code The sub-option code (151).
对子选项代码(151)进行编码。
Length The sub-option length, minimum 1 octet.
长度子选项长度,最小为1个八位字节。
Type and VSS Information -- see Section 3.5.
类型和VSS信息——请参见第3.5节。
This is a sub-option of the Relay Agent Information option [RFC3046]. The format of the sub-option is shown below.
这是中继代理信息选项[RFC3046]的子选项。子选项的格式如下所示。
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code The sub-option code (152).
对子选项代码(152)进行编码。
Length The sub-option length, 0.
长度子选项的长度为0。
This sub-option only appears in the DHCPv4 Relay Agent Information option. In a DHCP request, it indicates that a DHCPv4 VSS sub-option is also present in the Relay Agent Information option. In a DHCP reply, if it appears in the Relay Agent Information option, it indicates that the DHCP server did not understand any DHCPv4 VSS sub-option that also appears in the Relay Agent Information option.
此子选项仅出现在DHCPv4中继代理信息选项中。在DHCP请求中,它表示中继代理信息选项中也存在DHCPv4 VSS子选项。在DHCP应答中,如果它出现在中继代理信息选项中,则表示DHCP服务器不理解也出现在中继代理信息选项中的任何DHCPv4 VSS子选项。
The format of the DHCPv6 VSS option is shown below. This option may be included by a client or relay agent (or both).
DHCPv6 VSS选项的格式如下所示。此选项可由客户端或中继代理(或两者)包含。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_VSS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | VSS Information ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_VSS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | VSS Information ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_VSS (68).
选项代码选项_VSS(68)。
option-len The number of octets in the option, minimum 1.
option len选项中的八位字节数,最小为1。
Type and VSS Information -- see Section 3.5.
类型和VSS信息——请参见第3.5节。
All of the (sub-)options defined above that carry VSS information use identical payloads consisting of a Type value and additional VSS information, as follows:
上面定义的携带VSS信息的所有(子)选项使用相同的有效载荷,包括类型值和附加VSS信息,如下所示:
Type VSS Information Format
------------------------------------------------------------
0 Network Virtual Terminal (NVT) ASCII VPN identifier
1 RFC 2685 VPN-ID
2-254 Unassigned
255 Global, default VPN
Type VSS Information Format
------------------------------------------------------------
0 Network Virtual Terminal (NVT) ASCII VPN identifier
1 RFC 2685 VPN-ID
2-254 Unassigned
255 Global, default VPN
o Type 0 -- Network Virtual Terminal (NVT) ASCII VPN identifier
o 类型0--网络虚拟终端(NVT)ASCII VPN标识符
Indicates that the VSS information consists of an NVT ASCII string. It MUST NOT be terminated with a zero byte.
指示VSS信息由NVT ASCII字符串组成。它不能以零字节结尾。
o Type 1 -- RFC 2685 VPN-ID
o 类型1——RFC 2685 VPN-ID
Indicates that the VSS information consists of an RFC 2685 VPN-ID [RFC2685], which is defined to be 7 octets in length.
指示VSS信息由RFC 2685 VPN-ID[RFC2685]组成,其长度定义为7个八位字节。
o Type 255 -- Global, default VPN
o 类型255--全局,默认VPN
Indicates that there is no explicit, non-default VSS information but rather that this option references the normal, global, default address space. In this case, there MUST NOT be any VSS information included in the VSS option or sub-option, and the length of the option or sub-option MUST be 1.
指示不存在显式的非默认VSS信息,但此选项引用正常的全局默认地址空间。在这种情况下,VSS选项或子选项中不得包含任何VSS信息,并且选项或子选项的长度必须为1。
All other values of the Type field are unassigned.
类型字段的所有其他值均未赋值。
At the highest level, the VSS option or sub-option determines the VPN on which a DHCP client is supposed to receive an IP address. How the option or sub-option is entered and processed is discussed below, but the point of all of the discussion is to determine the VPN on which the DHCP client resides. This will affect a relay agent, in that it will have to ensure that DHCP packets sent to and received from the DHCP client flow over the correct VPN. This will affect the DHCP server in that it determines the IP address space used for the IP address allocation.
在最高级别,VSS选项或子选项确定DHCP客户端应在其上接收IP地址的VPN。下面将讨论如何输入和处理选项或子选项,但所有讨论的重点是确定DHCP客户端所在的VPN。这将影响中继代理,因为它必须确保发送到DHCP客户端和从DHCP客户端接收到的DHCP数据包通过正确的VPN。这将影响DHCP服务器,因为它确定用于IP地址分配的IP地址空间。
A DHCP server has as part of its configuration some IP address space from which it allocates IP addresses to DHCP clients. These allocations are typically for a limited time, and thus the DHCP client gets a lease on the IP address. In the absence of any VPN information, the IP address space is in the global or default VPN used throughout the Internet. When a DHCP server deals with VPN information, each VPN defines a new address space inside the server, one distinct from the global or default IP address space. A server that supports the VSS option or sub-option thereby supports allocation of IP addresses from multiple different VPNs. Supporting IP address allocation from multiple different VPNs means that the DHCP server must be prepared to configure multiple different address spaces (one per distinct VPN) and allocate IP addresses from these different address spaces.
DHCP服务器具有一些IP地址空间作为其配置的一部分,它从中向DHCP客户端分配IP地址。这些分配通常在有限的时间内进行,因此DHCP客户端可以获得IP地址的租约。在没有任何VPN信息的情况下,IP地址空间位于整个Internet使用的全局或默认VPN中。当DHCP服务器处理VPN信息时,每个VPN在服务器内定义一个新的地址空间,一个不同于全局或默认IP地址空间的地址空间。支持VSS选项或子选项的服务器因此支持从多个不同的VPN分配IP地址。支持从多个不同的VPN分配IP地址意味着DHCP服务器必须准备好配置多个不同的地址空间(每个不同的VPN一个)并从这些不同的地址空间分配IP地址。
These address spaces are typically independent, so that the same IP address (consisting of the same string of bytes) could be allocated to one client in the global, default VPN, and to a different client residing in a different VPN. There is no conflict in this allocation, since the clients have essentially different addresses, even though these addresses consist of the same string of bytes, because the IPv4 or IPv6 address is qualified by the VPN.
这些地址空间通常是独立的,因此可以将相同的IP地址(由相同的字节字符串组成)分配给全局默认VPN中的一个客户端,并分配给驻留在不同VPN中的不同客户端。此分配中没有冲突,因为客户端具有本质上不同的地址,即使这些地址由相同的字节字符串组成,因为IPv4或IPv6地址由VPN限定。
Thus, a VSS option or sub-option is a way of signaling the use of a VPN other than the global or default VPN. This brings up the question of who decides what VPN a DHCP client should be using.
因此,VSS选项或子选项是表示使用除全局或默认VPN之外的VPN的一种方式。这就提出了由谁来决定DHCP客户端应该使用什么VPN的问题。
There are three entities that can insert either a VSS option or sub-option into a DHCPv4 packet or DHCPv6 message: a DHCP client, a relay agent, or a DHCPv4 or DHCPv6 server. While all of these entities could include a different VSS option or sub-option in every request or response, this situation is neither typical nor useful. There are two known paradigms for use of the VSS option or sub-option; these are discussed below.
有三个实体可以将VSS选项或子选项插入DHCPv4数据包或DHCPv6消息中:DHCP客户端、中继代理或DHCPv4或DHCPv6服务器。虽然所有这些实体都可能在每个请求或响应中包含不同的VSS选项或子选项,但这种情况既不典型也不有用。使用VSS选项或子选项有两种已知的范例;下文将讨论这些问题。
The typical use of the VSS option or sub-option is for the relay agent to know the VPN on which the DHCP client is operating. The DHCP client itself does not, in this approach, know the VPN on which it resides. The relay agent is responsible for mediating the access between the VPN on which the DHCP client resides and the DHCP server. In this situation, the relay agent will insert two DHCPv4 Relay Agent Information sub-options (one VSS sub-option, and one VSS-Control sub-option) into the Relay Agent Information option, or a DHCPv6 VSS option into the Relay-forward message of every request it
VSS选项或子选项的典型用途是让中继代理知道DHCP客户端正在运行的VPN。在这种方法中,DHCP客户端本身不知道它所在的VPN。中继代理负责调解DHCP客户端所在的VPN和DHCP服务器之间的访问。在这种情况下,中继代理将在中继代理信息选项中插入两个DHCPv4中继代理信息子选项(一个VSS子选项和一个VSS控制子选项),或在其发出的每个请求的中继转发消息中插入一个DHCPv6 VSS选项
forwards from the DHCP client. The server will use the DHCPv6 VSS option or DHCPv4 VSS sub-option to determine the VPN on which the client resides and will use that VPN information to select the address space within its configuration from which to allocate an IP address to the DHCP client.
从DHCP客户端转发。服务器将使用DHCPv6 VSS选项或DHCPv4 VSS子选项来确定客户端驻留的VPN,并将使用该VPN信息来选择其配置中的地址空间,从中向DHCP客户端分配IP地址。
When, using this approach, a DHCPv4 relay agent inserts a VSS sub-option into the Relay Agent Information option, it MUST also insert a VSS-Control sub-option into the Relay Agent Information option. This is to allow the determination of whether or not the DHCPv4 server actually processes the VSS information provided by the DHCPv4 relay agent. If the DHCPv4 server supports the VSS capabilities described in this document, it will remove the VSS-Control sub-option from the Relay Agent Information option that it returns to the DHCPv4 relay agent. See Section 5 for more information.
使用此方法,DHCPv4中继代理在中继代理信息选项中插入VSS子选项时,还必须在中继代理信息选项中插入VSS控制子选项。这允许确定DHCPv4服务器是否实际处理DHCPv4中继代理提供的VSS信息。如果DHCPv4服务器支持本文档中描述的VSS功能,它将从中继代理信息选项中删除VSS Control子选项,并返回给DHCPv4中继代理。更多信息请参见第5节。
In this approach, the relay agent might also send a VSS option or sub-option in either a DHCPv4 or DHCPv6 Leasequery request [RFC4388] [RFC5007], but in this case, it would use the VSS option in the Leasequery request to select the correct address space for the Leasequery. In this approach, the relay agent would be acting as a DHCP client from a leasequery standpoint, but it would not be as if a DHCP client were sending in a VSS option in a standard DHCP address allocation request, say a DHCPDISCOVER.
在这种方法中,中继代理还可以在DHCPv4或DHCPv6租赁请求[RFC4388][RFC5007]中发送VSS选项或子选项,但在这种情况下,它将使用租赁请求中的VSS选项为租赁选择正确的地址空间。在这种方法中,从租赁的角度来看,中继代理将充当DHCP客户端,但它不会像DHCP客户端在标准DHCP地址分配请求(例如DHCPDISCOVER)中发送VSS选项那样。
In this approach, only one relay agent would mediate the VPN access for the DHCP client to the DHCP server, and it would be the relay agent that inserts the VSS information into the request packet and that would remove it prior to forwarding the response packet.
在这种方法中,只有一个中继代理将调解DHCP客户端到DHCP服务器的VPN访问,并且将是中继代理将VSS信息插入请求数据包,并在转发响应数据包之前将其删除。
The diagram below shows an example of a DHCPv4 client, DHCPv4 relay agent, and DHCPv4 server. The DHCPv6 situation is similar but uses the DHCPv6 VSS option.
下图显示了DHCPv4客户端、DHCPv4中继代理和DHCPv4服务器的示例。DHCPv6的情况类似,但使用DHCPv6 VSS选项。
DHCPv4 DHCPv4 Relay DHCPv4 Client Agent Server
DHCPv4 DHCPv4中继DHCPv4客户端代理服务器
| | |
| >--DHCPDISCOVER--> | |
| on VPN "abc" | |
| | >--DHCPDISCOVER----> |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | VSS-Control |
| | |
| | <----DHCPOFFER-----< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPOFFER----< | |
| on VPN "abc" | |
| | |
| >--DHCPREQUEST---> | |
| on VPN "abc" | |
| | >--DHCPREQUEST-----> |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | VSS-Control |
| | |
| | <----DHCPACK-------< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPACK------< | |
| on VPN "abc" | |
| | |
... ... ...
| | |
| >--DHCPDISCOVER--> | |
| on VPN "abc" | |
| | >--DHCPDISCOVER----> |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | VSS-Control |
| | |
| | <----DHCPOFFER-----< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPOFFER----< | |
| on VPN "abc" | |
| | |
| >--DHCPREQUEST---> | |
| on VPN "abc" | |
| | >--DHCPREQUEST-----> |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | VSS-Control |
| | |
| | <----DHCPACK-------< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPACK------< | |
| on VPN "abc" | |
| | |
... ... ...
Figure 4.1-1: DHCPv4 - Relay Agent Knows VPN
图4.1-1:DHCPv4-中继代理
The DHCP server would know that it should respond to VPN information specified in a VSS option or sub-option, and it would be configured with appropriate VPN address spaces to service the projected client requirements. Thus, in this common approach, the DHCP client knows nothing of any VPN access, the relay agent has been configured in some way that allows it to determine the VPN of the DHCP client and transmit that using a VSS option or sub-option to the DHCP server,
DHCP服务器会知道它应该响应VSS选项或子选项中指定的VPN信息,并且会配置适当的VPN地址空间来满足预期的客户端需求。因此,在这种常见方法中,DHCP客户端不知道任何VPN访问,中继代理已以某种方式配置,允许其确定DHCP客户端的VPN,并使用VSS选项或子选项将其传输到DHCP服务器,
and the DHCP server responds to the VPN specified by the relay agent. There is no conflict between different entities trying to specify different VSS information -- each entity knows its role through policy or configuration external to this document.
DHCP服务器响应中继代理指定的VPN。尝试指定不同VSS信息的不同实体之间没有冲突——每个实体通过本文档外部的策略或配置了解其角色。
If any misconfiguration exists, it SHOULD result in a DHCP client being unable to acquire an IP address. For instance, a relay agent that supports VPN access SHOULD couple transmission of VSS options or sub-options to the configuration of VPN support and not allow one without the other.
如果存在任何错误配置,将导致DHCP客户端无法获取IP地址。例如,支持VPN访问的中继代理应将VSS选项或子选项的传输与VPN支持的配置相耦合,并且不允许一个没有另一个的传输。
It is important to ensure that the relay agent and DHCP server both support the VSS option and sub-options (for DHCPv4) or the VSS option (for DHCPv6). Deploying DHCPv4 relay agents that support and emit VSS sub-options in concert with DHCPv4 servers that do not support the VSS option or sub-option as defined in this document SHOULD NOT be done, as such an ensemble will not operate correctly. Should this situation occur, however, the relay agent can detect the problem (since the VSS-Control sub-option will appear in the packets it receives from the DHCPv4 server, indicating the server did not effectively process the VSS sub-option), and it can issue appropriate diagnostic messages.
务必确保中继代理和DHCP服务器都支持VSS选项和子选项(对于DHCPv4)或VSS选项(对于DHCPv6)。不应部署支持并发出VSS子选项的DHCPv4中继代理,以及不支持本文档中定义的VSS选项或子选项的DHCPv4服务器,因为这样的集成将无法正常运行。但是,如果出现这种情况,中继代理可以检测到问题(因为VSS Control sub选项将出现在它从DHCPv4服务器接收的数据包中,表明服务器没有有效地处理VSS sub选项),并且可以发出适当的诊断消息。
In this approach, the DHCP server would be configured in some way to know the VPN on which a particular DHCP client should be given access. The DHCP server would in this case include the VSS sub-option in the Relay Agent Information option for DHCPv4 or the VSS option in the Relay-reply message for DHCPv6. The relay agent responsible for mediating VPN access would use this information to select the correct VPN for the DHCP client. In the unusual event that there were more than one relay agent involved in this transaction, some external configuration or policy would be needed to inform the DHCPv6 server into which Relay-reply message the VSS option should go.
在这种方法中,DHCP服务器将以某种方式进行配置,以了解应授予特定DHCP客户端访问权限的VPN。在这种情况下,DHCP服务器将在DHCPv4的中继代理信息选项中包含VSS子选项,或在DHCPv6的中继回复消息中包含VSS选项。负责调解VPN访问的中继代理将使用此信息为DHCP客户端选择正确的VPN。在此事务中涉及多个中继代理的异常事件中,需要一些外部配置或策略来通知DHCPv6服务器VSS选项应该进入哪个中继回复消息。
Once the relay agent has placed the DHCP client into the proper VPN, it SHOULD begin including VSS information in requests that it forwards to the DHCP server. Since this information does not conflict with the DHCP server's idea of the proper VPN for the client, everything works correctly.
中继代理将DHCP客户端放入正确的VPN后,应开始在转发到DHCP服务器的请求中包含VSS信息。由于此信息与DHCP服务器为客户端提供正确VPN的想法不冲突,因此一切正常。
The diagram below shows this approach using DHCPv4. The DHCPv6 situation is similar but uses the DHCPv6 VSS option instead.
下图显示了使用DHCPv4的这种方法。DHCPv6的情况类似,但使用DHCPv6 VSS选项。
DHCPv4 DHCPv4 Relay DHCPv4 Client Agent Server
DHCPv4 DHCPv4中继DHCPv4客户端代理服务器
| | |
| >--DHCPDISCOVER--> | |
| on unknown VPN | |
| | >--DHCPDISCOVER----> |
| | |
| | <----DHCPOFFER-----< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPOFFER----< | |
| on VPN "abc" | |
| | |
| >--DHCPREQUEST---> | |
| on VPN "abc" | |
| | >--DHCPREQUEST-----> |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | VSS-Control |
| | |
| | <----DHCPACK-------< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPACK------< | |
| on VPN "abc" | |
| | |
| | |
... ... ...
| | |
| >--DHCPDISCOVER--> | |
| on unknown VPN | |
| | >--DHCPDISCOVER----> |
| | |
| | <----DHCPOFFER-----< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPOFFER----< | |
| on VPN "abc" | |
| | |
| >--DHCPREQUEST---> | |
| on VPN "abc" | |
| | >--DHCPREQUEST-----> |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | VSS-Control |
| | |
| | <----DHCPACK-------< |
| | Relay Agent Info: |
| | VSS type 0:"abc" |
| | |
| <---DHCPACK------< | |
| on VPN "abc" | |
| | |
| | |
... ... ...
Figure 4.2-1: DHCPv4 - DHCPv4 Server Knows VPN
图4.2-1:DHCPv4-DHCPv4服务器
In this approach, the DHCP client is again unaware of any VPN activity. In this case, however, the DHCP server knows the VPN for the client, and the relay agent responds to the VSS information specified by the DHCP server. Similar to the previous approach, each entity knows its role through a means external to this document, and no two entities try to specify VSS information in conflict.
在这种方法中,DHCP客户端再次不知道任何VPN活动。但是,在这种情况下,DHCP服务器知道客户端的VPN,中继代理响应DHCP服务器指定的VSS信息。与前面的方法类似,每个实体都通过本文档外部的方式了解其角色,并且没有两个实体试图指定冲突中的VSS信息。
It is important that both the relay agent and the DHCP server support the VSS option and sub-options (for DHCPv4) and the VSS option (for DHCPv6). Deploying and configuring VPN support in one element and not in the other is not a practical approach.
重要的是,中继代理和DHCP服务器都支持VSS选项和子选项(对于DHCPv4)以及VSS选项(对于DHCPv6)。在一个元素而不是在另一个元素中部署和配置VPN支持不是一种实用的方法。
DHCP relay agents and servers MUST support the approach discussed in Section 4.1. DHCP relay agents and servers SHOULD support the approach discussed in Section 4.2. DHCP relay agents and servers SHOULD NOT be configured to operate with both approaches simultaneously.
DHCP中继代理和服务器必须支持第4.1节中讨论的方法。DHCP中继代理和服务器应支持第4.2节中讨论的方法。DHCP中继代理和服务器不应配置为同时使用这两种方法运行。
There are many other approaches that can be created with multiple relay agents each inserting VSS information into different Relay-forward messages, relay agent VSS information conflicting with client VSS information, or DHCP server VSS information conflicting with relay agent and client VSS information. Since these approaches do not describe situations that are useful today, specifying precisely how to resolve all of these conflicts is not likely to be valuable in the event that these approaches actually become practical in the future.
可以使用多个中继代理创建许多其他方法,每个中继代理将VSS信息插入不同的中继转发消息中,中继代理VSS信息与客户端VSS信息冲突,或者DHCP服务器VSS信息与中继代理和客户端VSS信息冲突。由于这些方法没有描述今天有用的情况,因此,如果这些方法在未来实际可行,那么准确地说明如何解决所有这些冲突就不太可能有价值。
The current use of the VSS option and sub-option requires that each entity know the part that it plays in dealing with VPN data. Each entity -- client, relay agent or agents, and server -- SHOULD know through some policy or configuration beyond the scope of this document whether it is responsible for specifying VPN information using the VSS option or sub-option or responsible for responding to VSS information specified by another entity, or whether it should simply ignore any VSS information that it might see.
VSS选项和子选项的当前使用要求每个实体知道它在处理VPN数据中所起的作用。每个实体(客户端、中继代理或多个代理以及服务器)都应该通过本文档范围之外的一些策略或配置来了解它是否负责使用VSS选项或子选项指定VPN信息,或者是否负责响应另一个实体指定的VSS信息,或者它是否应该忽略它可能看到的任何VSS信息。
Some simple conflict-resolution approaches are discussed below, in the hopes that they will cover simple cases that may arise from situations beyond those envisioned today. However, for more complex situations, or simple situations where appropriate conflict-resolution strategies differ from those discussed in this document, a document detailing the usage situations and appropriate conflict-resolution strategies SHOULD be created and submitted for discussion and approval.
下文将讨论一些简单的冲突解决办法,希望这些办法将涵盖今天设想之外的局势可能产生的简单情况。但是,对于更复杂的情况,或适当的冲突解决策略与本文件中讨论的不同的简单情况,应创建一份详细说明使用情况和适当冲突解决策略的文件,并提交讨论和批准。
Implementers MAY provide a policy or configuration capability to enable or disable VSS support.
实施者可以提供策略或配置功能来启用或禁用VSS支持。
A relay agent that receives a DHCP request from a DHCP client on a VPN SHOULD include VSS information in the DHCP packet prior to forwarding the packet to the DHCP server unless inhibited from doing so by configuration information or policy to the contrary.
从VPN上的DHCP客户端接收DHCP请求的中继代理应在将数据包转发到DHCP服务器之前在DHCP数据包中包含VSS信息,除非配置信息或策略禁止这样做。
In this situation, a DHCPv4 relay agent MUST include a DHCPv4 VSS sub-option in a Relay Agent Information option [RFC3046], while a DHCPv6 relay agent MUST include a DHCPv6 VSS option in the Relay-forward message.
在这种情况下,DHCPv4中继代理必须在中继代理信息选项[RFC3046]中包含DHCPv4 VSS子选项,而DHCPv6中继代理必须在中继转发消息中包含DHCPv6 VSS选项。
The value placed in the VSS sub-option or option would typically be sufficient for the relay agent to properly route any DHCP reply packet returned from the DHCP server to the DHCP client for which it is destined. In some cases, the information in the VSS sub-option or option might be an index to some internal table held in the relay agent, though this document places no requirement on a relay agent to have any such internal state.
VSS子选项或选项中的值通常足以使中继代理将从DHCP服务器返回的任何DHCP应答数据包正确路由到其目的地的DHCP客户端。在某些情况下,VSS子选项或选项中的信息可能是中继代理中保存的某些内部表的索引,尽管本文档不要求中继代理具有任何此类内部状态。
A DHCPv4 relay agent MUST, in addition, include a DHCPv4 VSS-Control sub-option (which has a length of zero) in the Relay Agent Information option [RFC3046] whenever it includes a VSS sub-option in the Relay Agent Information option. The inclusion of the VSS sub-option and the VSS-Control sub-option in the Relay Agent Information option will allow the DHCPv4 relay agent to determine whether the DHCPv4 server actually processed the information in the VSS sub-option when it receives the Relay Agent Information option in the reply from the DHCPv4 server.
此外,DHCPv4中继代理在中继代理信息选项[RFC3046]中包含VSS子选项时,必须在中继代理信息选项[RFC3046]中包含DHCPv4 VSS Control子选项(长度为零)。中继代理信息选项中包含VSS sub选项和VSS Control sub选项将允许DHCPv4中继代理在从DHCPv4服务器收到回复中的中继代理信息选项时,确定DHCPv4服务器是否实际处理了VSS sub选项中的信息。
The reason to include this additional VSS DHCPv4 sub-option is that [RFC3046] specifies (essentially) that a DHCPv4 server should copy all sub-options that it receives in a Relay Agent Information option in a request into a corresponding Relay Agent Information option in the response. Thus, a server that didn't support the DHCPv4 VSS sub-option would normally just copy it to the response packet, leaving the relay agent to wonder if in fact the DHCPv4 server actually used the VSS information when processing the request.
包含此附加VSS DHCPv4子选项的原因是[RFC3046]指定(本质上)DHCPv4服务器应将其在请求中的中继代理信息选项中接收到的所有子选项复制到响应中相应的中继代理信息选项中。因此,不支持DHCPv4 VSS子选项的服务器通常只会将其复制到响应数据包,使中继代理怀疑DHCPv4服务器在处理请求时是否实际使用了VSS信息。
To alleviate this potential confusion, a DHCPv4 relay agent instead sends in two sub-options: one VSS sub-option, and one VSS-Control sub-option. If both sub-options appear in the response from the DHCPv4 server, then the DHCPv4 relay agent MUST assume that the DHCPv4 server did not act on the VSS information in the VSS sub-option. If only the VSS sub-option appears in the response from
为了减轻这种潜在的混淆,DHCPv4中继代理将发送两个子选项:一个子选项VSS和一个子选项VSS Control。如果来自DHCPv4服务器的响应中出现了两个子选项,则DHCPv4中继代理必须假定DHCPv4服务器未对VSS子选项中的VSS信息进行操作。如果只有VSS子选项出现在来自的响应中
the DHCPv4 server and no VSS-Control sub-option appears in the response from the DHCPv4 server, then the relay agent SHOULD assume that the DHCPv4 server acted successfully on the VSS sub-option.
DHCPv4服务器的响应中显示DHCPv4服务器和无VSS控制子选项,然后中继代理应假定DHCPv4服务器已成功对VSS子选项执行操作。
Any time a relay agent places a VSS option or sub-option in a DHCP request, it SHOULD send it only to a DHCP server that supports the VSS option or sub-option, and it MUST check the response to determine if the DHCP server actually honored the requested VSS information.
中继代理在DHCP请求中放置VSS选项或子选项时,应仅将其发送到支持VSS选项或子选项的DHCP服务器,并且必须检查响应以确定DHCP服务器是否实际遵守请求的VSS信息。
In the DHCPv6 case, the appearance of the option in the Relay-reply packet indicates that the DHCPv6 server understood and acted upon the contents of the VSS option in the Relay-forward packet. In the DHCPv4 case, as discussed above, the appearance of the VSS sub-option without the appearance of a VSS-Control sub-option indicates that the DHCPv4 server successfully acted upon the VSS sub-option.
在DHCPv6情况下,中继应答数据包中出现的选项表示DHCPv6服务器理解中继转发数据包中VSS选项的内容并对其采取行动。在DHCPv4的情况下,如上所述,VSS子选项的出现而没有VSS控制子选项的出现表明DHCPv4服务器成功地对VSS子选项进行了操作。
This document does not create a requirement that a relay agent remember the contents of a VSS DHCPv4 sub-option or VSS DHCPv6 option sent to a DHCP server. In many cases, the relay agent may simply use the value of the VSS option or sub-option returned by the DHCP server to forward the response to the DHCP client. If the VSS information, the IP address allocated, and the VPN capabilities of the relay agent all interoperate correctly, then the DHCP client will receive a working IP address. Alternatively, if any of these items don't interoperate with the others, the DHCP client will not receive a working address.
本文档不要求中继代理记住发送到DHCP服务器的VSS DHCPv4子选项或VSS DHCPv6选项的内容。在许多情况下,中继代理可以简单地使用DHCP服务器返回的VSS选项或子选项的值将响应转发给DHCP客户端。如果VSS信息、分配的IP地址和中继代理的VPN功能都正确互操作,则DHCP客户端将收到一个工作IP地址。或者,如果这些项中的任何一项不能与其他项互操作,DHCP客户端将不会收到工作地址。
Note that in some environments a relay agent may choose to always place a VSS option or sub-option into packets and messages that it forwards in order to forestall any attempt by a relay agent closer to the client or the client itself to specify VSS information. In this case, a Type field of 255 is used to denote the global, default VPN. When the Type field of 255 is used, there MUST NOT be any additional VSS information in the VSS option or sub-option. In the DHCPv4 case, an additional VSS-Control sub-option would be required, as discussed above.
请注意,在某些环境中,中继代理可能会选择始终将VSS选项或子选项放入其转发的数据包和消息中,以防止靠近客户端或客户端本身的中继代理尝试指定VSS信息。在这种情况下,类型字段255用于表示全局默认VPN。使用255类型字段时,VSS选项或子选项中不得有任何其他VSS信息。在DHCPv4的情况下,需要一个额外的VSS控制子选项,如上所述。
In some cases, a DHCP server may use the VSS sub-option or option to inform a relay agent that a particular DHCP client is associated with a particular VPN. It does this by sending the VSS sub-option or option with the appropriate information to the relay agent in the Relay Agent Information option for DHCPv4 or the Relay-reply message in DHCPv6. If the relay agent cannot respond correctly to the DHCP server's requirement to place the DHCP client into that VPN (perhaps
在某些情况下,DHCP服务器可以使用VSS子选项或选项通知中继代理特定DHCP客户端与特定VPN关联。它通过将VSS子选项或带有适当信息的选项发送到DHCPv4的中继代理信息选项中的中继代理或DHCPv6中的中继回复消息来完成此操作。如果中继代理无法正确响应DHCP服务器将DHCP客户端放入该VPN的要求(可能是
because it has not been configured with a VPN that matches the VSS information received from the DHCP server), it MUST drop the packet and not send it to the DHCP client.
因为它没有配置与从DHCP服务器接收的VSS信息匹配的VPN),所以它必须丢弃数据包,而不是将其发送到DHCP客户端。
In this situation, once the relay agent has placed the DHCP client into the VPN specified by the DHCP server, it will insert a VSS option or sub-option when forwarding packets from the client. The DHCP server in normal operation will echo this VSS information into the outgoing replies.
在这种情况下,一旦中继代理将DHCP客户端放入DHCP服务器指定的VPN中,它将在从客户端转发数据包时插入VSS选项或子选项。正常运行的DHCP服务器将把此VSS信息回送到传出回复中。
In the event that the relay agent doesn't include VSS information on subsequent requests after the DHCP server has included VSS information in a reply to the relay agent, the DHCP server can conclude that the relay agent doesn't support VSS processing, and the DHCP server SHOULD stop processing this transaction and not respond to the request.
如果在DHCP服务器在对中继代理的答复中包含VSS信息后,中继代理在后续请求中不包含VSS信息,则DHCP服务器可以断定中继代理不支持VSS处理,DHCP服务器应停止处理此事务,不响应请求。
A relay agent sometimes needs to submit a DHCP Leasequery [RFC4388] [RFC5007] packet to the DHCP server in order to recover information about existing DHCP-allocated IP addresses on networks other than the normal, global VPN. In the context of a DHCP Leasequery, the relay agent is a direct client of the DHCP server and is not relaying a packet for another DHCP client. Thus, the instructions in Section 6 ("Client Behavior") should be followed to include the necessary VSS information.
中继代理有时需要向DHCP服务器提交DHCP租赁[RFC4388][RFC5007]数据包,以便恢复有关网络上现有DHCP分配的IP地址的信息,而不是正常的全局VPN。在DHCP租赁的上下文中,中继代理是DHCP服务器的直接客户端,而不是为另一个DHCP客户端中继数据包。因此,应遵循第6节(“客户行为”)中的说明,以包含必要的VSS信息。
Typically, DHCPv4 and DHCPv6 clients have no interaction with VSS options or sub-options. The VSS information is handled by exchanges between a DHCPv4 or DHCPv6 relay agent and the corresponding DHCPv4 or DHCPv6 server.
通常,DHCPv4和DHCPv6客户端与VSS选项或子选项没有交互。VSS信息由DHCPv4或DHCPv6中继代理和相应的DHCPv4或DHCPv6服务器之间的交换处理。
However, there are times when an entity is acting as a DHCPv4 or DHCPv6 client in that it is communicating directly with a DHCPv4 or DHCPv6 server. In these instances -- where communication is occurring without employing the DHCPv4 Relay Agent Information option or the DHCPv6 Relay-forward or Relay-reply messages -- the entity is acting as a DHCPv4 or DHCPv6 client with regard to its communication with the DHCPv4 or DHCPv6 server, but not necessarily as a DHCP client that is requesting a DHCPv4 or DHCPv6 address for its own use.
但是,有时实体充当DHCPv4或DHCPv6客户端,因为它直接与DHCPv4或DHCPv6服务器通信。在这些情况下——在不使用DHCPv4中继代理信息选项或DHCPv6中继转发或中继回复消息的情况下进行通信——实体在与DHCPv4或DHCPv6服务器的通信方面充当DHCPv4或DHCPv6客户机,但不一定是请求DHCPv4或DHCPv6地址以供自己使用的DHCP客户端。
The client, in this context, may be requesting an IP address for another entity, thus acting as a DHCP proxy. The client may be requesting information about another client-to-address binding, using the DHCPv4 [RFC4388] or DHCPv6 [RFC5007] leasequery protocol.
在此上下文中,客户端可能正在请求另一个实体的IP地址,因此充当DHCP代理。客户机可能正在使用DHCPv4[RFC4388]或DHCPv6[RFC5007]leasequery协议请求关于另一个客户机的信息以寻址绑定。
In the rest of this section, the term "client" refers to an entity communicating VSS information directly to a DHCPv4 or DHCPv6 server without using the DHCPv4 Relay Agent Information option or the DHCPv6 Relay-forward or Relay-reply messages, and there is no requirement that such a client be a traditional DHCPv4 or DHCPv6 client requesting an IP address binding for itself.
在本节的其余部分中,术语“客户机”是指不使用DHCPv4中继代理信息选项或DHCPv6中继转发或中继回复消息直接向DHCPv4或DHCPv6服务器传送VSS信息的实体,并且不要求这样的客户机是传统的DHCPv4或DHCPv6客户机,为其自身请求IP地址绑定。
DHCPv4 or DHCPv6 clients will employ the VSS option to communicate VSS information to their respective servers. This information MUST be included in every message concerning any IP address on a different VPN than the global or default VPN. A DHCPv4 client will place the DHCPv4 VSS option in its packets, and a DHCPv6 client will place the DHCPv6 VSS option in its messages.
DHCPv4或DHCPv6客户端将使用VSS选项将VSS信息传送到各自的服务器。与全局或默认VPN不同的VPN上的任何IP地址有关的每条消息中都必须包含此信息。DHCPv4客户端将在其数据包中放置DHCPv4 VSS选项,而DHCPv6客户端将在其消息中放置DHCPv6 VSS选项。
A DHCPv6 client that needs to place a VSS option into a DHCPv6 message SHOULD place a single VSS option into the DHCPv6 message at the same level as the Client Identifier option. A DHCPv6 client MUST NOT include different VSS options in the same DHCPv6 message.
需要将VSS选项放入DHCPv6消息中的DHCPv6客户端应将单个VSS选项放入DHCPv6消息中,其级别与客户端标识符选项相同。DHCPv6客户端不得在同一DHCPv6消息中包含不同的VSS选项。
Note that -- as mentioned in Section 1 -- throughout this document, when a DHCPv6 address is indicated, the same information applies to DHCPv6 prefix delegation [RFC3633] as well.
注意——如第1节所述——在本文档中,当指示DHCPv6地址时,同样的信息也适用于DHCPv6前缀委托[RFC3633]。
Since this option is placed in the packet in order to change the VPN on which an IP address is allocated for a particular DHCP client, one presumes that an allocation on that VPN is necessary for correct operation. Thus, a client that places this option in a packet and doesn't receive it or receives a different value in a returning packet SHOULD drop the packet, since the IP address that was allocated will not be in the requested VPN.
由于此选项放置在数据包中是为了更改为特定DHCP客户机分配IP地址的VPN,因此可以假定该VPN上的分配对于正确操作是必要的。因此,将此选项放置在数据包中但未接收到该选项或在返回数据包中接收到不同值的客户端应丢弃该数据包,因为分配的IP地址将不在请求的VPN中。
Clients should be aware that some DHCP servers will return a VSS option with different values than the values sent by the client. In addition, a client may receive a response from a DHCP server with a VSS option when none was sent by the client.
客户端应该知道,某些DHCP服务器返回的VSS选项的值与客户端发送的值不同。此外,当客户端未发送任何响应时,客户端可能会从DHCP服务器接收带有VSS选项的响应。
Note that when sending a DHCP Leasequery request, a relay agent is acting as a DHCP client, and so it SHOULD include the respective DHCPv4 or DHCPv6 VSS option in its DHCPv4 or DHCPv6 Leasequery packet if the DHCP Leasequery request is generated for other than the default, global VPN. It SHOULD NOT include a DHCPv4 sub-option in this case.
请注意,在发送DHCP Leasequery请求时,中继代理充当DHCP客户端,因此如果生成的DHCP Leasequery请求不是默认的全局VPN,则它应该在其DHCPv4或DHCPv6 Leasequery数据包中包含相应的DHCPv4或DHCPv6 VSS选项。在这种情况下,不应包括DHCPv4子选项。
A DHCP server receiving the VSS option or sub-option SHOULD allocate an IP address (or use the VSS information to access an already allocated IP address) from the VPN specified by the included VSS information.
接收VSS选项或子选项的DHCP服务器应从包含的VSS信息指定的VPN分配IP地址(或使用VSS信息访问已分配的IP地址)。
In the case where the Type field of the VSS option or sub-option is 255, the VSS option denotes the global, default VPN. In this case, there is no explicit VSS information beyond the Type field.
在VSS选项或子选项的类型字段为255的情况下,VSS选项表示全局默认VPN。在这种情况下,类型字段之外没有显式的VSS信息。
This document does not prescribe any particular address allocation policy. A DHCP server may choose to attempt to allocate an address using the VSS information and, if this is impossible, to not allocate an address. Alternatively, a DHCP server may choose to attempt address allocation based on the VSS information and, if that is not possible, it may fall back to allocating an address on the global or default VPN. This, of course, is also the apparent behavior of any DHCP server that doesn't implement support for the VSS option and sub-option. Thus, DHCP clients and relay agents SHOULD be prepared for either of these alternatives.
本文件未规定任何特定的地址分配政策。DHCP服务器可以选择尝试使用VSS信息分配地址,如果不可能,则选择不分配地址。或者,DHCP服务器可以选择基于VSS信息尝试地址分配,如果不可能,则可以退回到全局或默认VPN上分配地址。当然,这也是任何未实现对VSS选项和子选项支持的DHCP服务器的明显行为。因此,DHCP客户端和中继代理应该为这些备选方案中的任何一个做好准备。
In some cases, a DHCP server may use the VSS sub-option or option to inform a relay agent that a particular DHCP client is associated with a particular VPN. It does this by sending the VSS sub-option or option with the appropriate information to the relay agent in the Relay Agent Information option for DHCPv4 or the Relay-reply message in DHCPv6.
在某些情况下,DHCP服务器可以使用VSS子选项或选项通知中继代理特定DHCP客户端与特定VPN关联。它通过将VSS子选项或带有适当信息的选项发送到DHCPv4的中继代理信息选项中的中继代理或DHCPv6中的中继回复消息来完成此操作。
In this situation, the relay agent will place the client in the proper VPN, and then it will insert a VSS option or sub-option in subsequent forwarded requests. The DHCP server will see this VSS information, and since it doesn't conflict in any way with the server's notion of the VPN on which the client is supposed to reside, it will process the requests based on the VPN specified in the VSS option or sub-option, and echo the same VSS information in the outgoing replies.
在这种情况下,中继代理将把客户机放在适当的VPN中,然后在后续转发的请求中插入VSS选项或子选项。DHCP服务器将看到此VSS信息,并且由于它与服务器关于客户端应该驻留在其上的VPN的概念没有任何冲突,因此它将基于VSS选项或子选项中指定的VPN处理请求,并在传出应答中回显相同的VSS信息。
The relay agent receiving a reply containing a VSS option should support the VSS option. Otherwise, the relay agent will end up attempting to use the address as though it were a global address. Should this happen, the subsequent DHCPREQUEST will not contain any VSS information, in which case the DHCP server SHOULD NOT respond with a DHCPACK.
接收包含VSS选项的回复的中继代理应支持VSS选项。否则,中继代理将尝试使用该地址,就像它是一个全局地址一样。如果发生这种情况,后续的DHCPREQUEST将不包含任何VSS信息,在这种情况下,DHCP服务器不应使用DHCPACK进行响应。
If a server uses a different VPN than what was specified in the VSS option or sub-option, it SHOULD send back the VPN information using the same type as the received type. It MAY send back a different type if it is not possible to use the same type (such as the RFC2685 VPN-ID if no ASCII VPN identifier exists).
如果服务器使用的VPN与VSS选项或子选项中指定的不同,则应使用与接收到的类型相同的类型发回VPN信息。如果不能使用相同的类型,它可能会发回不同的类型(如RFC2685 VPN-ID,如果不存在ASCII VPN标识符)。
A server that receives a VSS sub-option in the DHCPv4 Relay Agent Information option and does not receive a VSS-Control sub-option in the Relay Agent Information option MUST process the information specified in the VSS sub-option in the same fashion as it would have if it received both sub-options.
接收DHCPv4中继代理信息选项中的VSS子选项而未接收中继代理信息选项中的VSS控制子选项的服务器必须以与接收到这两个子选项时相同的方式处理VSS子选项中指定的信息。
DHCPv4 or DHCPv6 servers receiving a VSS option (for sub-option processing, see below) MUST return an instance of this option in the reply packet or message if the server successfully uses this option to allocate an IP address, and it MUST NOT include an instance of this option if the server is unable to support, is not configured to support, or does not implement support for VSS information in general or the requested VPN in particular.
如果服务器成功地使用此选项分配IP地址,则接收VSS选项的DHCPv4或DHCPv6服务器(对于子选项处理,请参见下文)必须在回复数据包或消息中返回此选项的实例,如果服务器无法支持、未配置为支持,则不得包含此选项的实例,或者一般不支持VSS信息,特别是不支持请求的VPN。
If they echo the option (based on the criteria above), servers SHOULD return an exact copy of the option unless they desire to change the VPN on which a client was configured.
如果它们响应该选项(基于上述标准),则服务器应返回该选项的精确副本,除非它们希望更改配置了客户端的VPN。
The appearance of the DHCPv4 VSS option code in the DHCPv4 Parameter Request List option [RFC2132] should not change the processing or decision to return or not return the VSS option as specified in this document. The appearance of the DHCPv6 VSS option in the OPTION_ORO [RFC3315] or the OPTION_ERO [RFC4994] should not change the processing or decision to return (or not to return) the VSS option as specified in this document.
DHCPv4参数请求列表选项[RFC2132]中DHCPv4 VSS选项代码的出现不应改变本文档中规定的返回或不返回VSS选项的处理或决定。选项[RFC3315]或选项[RFC4994]中DHCPv6 VSS选项的出现不应改变本文档中规定的返回(或不返回)VSS选项的处理或决定。
The case of the DHCPv4 sub-option is a bit more complicated. Note that [RFC3046] specifies that a DHCPv4 server that supports the Relay Agent Information option SHALL copy all sub-options received in a Relay Agent Information option into any outgoing Relay Agent Information option. Thus, the default behavior for any DHCPv4 server is to return any VSS sub-option received to the relay agent whether or not the DHCPv4 server understands the VSS sub-option.
DHCPv4子选项的情况稍微复杂一些。注意,[RFC3046]规定,支持中继代理信息选项的DHCPv4服务器应将中继代理信息选项中接收到的所有子选项复制到任何传出中继代理信息选项中。因此,任何DHCPv4服务器的默认行为是将接收到的任何VSS子选项返回给中继代理,无论DHCPv4服务器是否理解VSS子选项。
In order to distinguish a DHCPv4 server that is simply copying Relay Agent Information option sub-options from an incoming to an outgoing Relay Agent Information option from a DHCPv4 server that
为了区分仅将中继代理信息选项子选项从传入中继代理信息选项复制到传出中继代理信息选项的DHCPv4服务器,该服务器
successfully acted upon the information in the VSS sub-option, DHCPv4 relay agents MUST include a VSS-Control sub-option in the Relay Agent Information any time that it includes a VSS sub-option in the Relay Agent Information option.
成功地根据VSS子选项中的信息执行操作后,DHCPv4中继代理必须在中继代理信息中包含VSS Control子选项,只要它在中继代理信息选项中包含VSS子选项。
A DHCPv4 server that does not support the VSS sub-option will copy both sub-options into the outgoing Relay Agent Information option, thus signaling to the DHCPv4 relay agent that it did not understand the VSS sub-option.
不支持VSS子选项的DHCPv4服务器将把这两个子选项复制到传出中继代理信息选项中,从而向DHCPv4中继代理发出信号,表示它不理解VSS子选项。
A DHCPv4 server that supports the VSS sub-option
支持VSS子选项的DHCPv4服务器
o MUST copy the VSS sub-option into the outgoing Relay Agent Information option
o 必须将VSS子选项复制到传出中继代理信息选项中
o MUST NOT copy the VSS-Control sub-option into the outgoing Relay Agent Information option
o 不得将VSS控制子选项复制到传出中继代理信息选项中
Moreover, if a server uses different VSS information to allocate an IP address than it receives in a particular DHCPv4 sub-option, it MUST include that alternative VSS information in the VSS sub-option that it returns to the DHCPv4 relay agent instead of the original VSS information it was given.
此外,如果服务器使用与在特定DHCPv4子选项中接收到的不同的VSS信息来分配IP地址,则它必须在返回给DHCPv4中继代理的VSS子选项中包含替代VSS信息,而不是提供给它的原始VSS信息。
If a DHCPv4 server supports this sub-option and for some reason (perhaps administrative control) does not honor this sub-option from the request, then it MUST NOT echo either sub-option into the outgoing Relay Agent Information option.
如果DHCPv4服务器支持此子选项,并且由于某种原因(可能是管理控制)未从请求中接受此子选项,则它不得将任一子选项回显到传出中继代理信息选项中。
It is possible for a DHCPv4 server to receive both a VSS option and VSS sub-options in the same packet. Likewise, a DHCPv6 server can receive multiple VSS options in nested Relay-forward messages as well as in the client message itself. In either of these cases, the VSS information from the relay agent closest to the DHCP server SHOULD be used in preference to all other VSS information received. In the DHCPv4 case, this means that the VSS sub-option takes precedence over the VSS option, and in the DHCPv6 case, this means that the VSS option from the outermost Relay-forward message in which a VSS option appears takes precedence.
DHCPv4服务器可以在同一数据包中同时接收VSS选项和VSS子选项。同样,DHCPv6服务器可以在嵌套的中继转发消息以及客户端消息本身中接收多个VSS选项。在这两种情况下,应优先使用来自最靠近DHCP服务器的中继代理的VSS信息,而不是接收到的所有其他VSS信息。在DHCPv4情况下,这意味着VSS子选项优先于VSS选项,在DHCPv6情况下,这意味着出现VSS选项的最外层中继转发消息中的VSS选项优先。
The reasoning behind this approach is that the relay agent closer to the DHCP server is almost certainly more trusted than the DHCP client or more distant relay agents, and therefore information in the Relay Agent Information option or the Relay-forward message is more likely to be correct.
这种方法背后的原因是,距离DHCP服务器较近的中继代理几乎肯定比DHCP客户端或较远的中继代理更受信任,因此中继代理信息选项或中继转发消息中的信息更有可能是正确的。
In general, relay agents SHOULD be aware through configuration or policy external to this document whether or not they should be including VSS information in packets that they forward, and so these relay agents should not specify any conflicting VSS information.
一般来说,中继代理应该通过本文档外部的配置或策略知道它们是否应该在转发的数据包中包含VSS信息,因此这些中继代理不应该指定任何冲突的VSS信息。
In situations where multiple VSS options or sub-options appear in the incoming packet or message, when the DHCP server constructs the response to be sent to the DHCP client or relay agent, all existing VSS options or sub-options MUST be replicated in the appropriate places in the response and MUST contain only the VSS information that was used by the DHCP server to allocate the IP address (with, of course, the exception of a VSS-Control sub-option of a DHCPv4 Relay Agent Information option).
在传入数据包或消息中出现多个VSS选项或子选项的情况下,当DHCP服务器构造要发送到DHCP客户端或中继代理的响应时,所有现有VSS选项或子选项必须复制到响应中的适当位置,并且必须仅包含DHCP服务器用于分配IP地址的VSS信息(当然,DHCPv4中继代理信息选项的VSS控制子选项除外)。
This document updates the specification of the Relay Agent Information option in Section 2.2 of RFC 3046, in the first sentence of the second paragraph, as follows:
本文件更新了RFC 3046第2.2节第二段第一句中中继代理信息选项的规范,如下所示:
o OLD:
o 旧的:
DHCP servers claiming to support the Relay Agent Information option SHALL echo the entire contents of the Relay Agent Information option in all replies.
声称支持中继代理信息选项的DHCP服务器应在所有回复中回显中继代理信息选项的全部内容。
o NEW:
o 新的:
DHCP servers claiming to support the Relay Agent Information option SHALL echo the entire contents of the Relay Agent Information option in all replies, except if otherwise specified in the definition of specific Relay Agent Information sub-options.
声称支持中继代理信息选项的DHCP服务器应在所有回复中回显中继代理信息选项的全部内容,除非在特定中继代理信息子选项的定义中另有规定。
Message authentication in DHCPv4 for intradomain use where the out-of-band exchange of a shared secret is feasible is defined in [RFC3118]. Potential exposures to attack are discussed in Section 7 of the DHCP protocol specification [RFC2131].
[RFC3118]中定义了DHCPv4中用于域内使用的消息认证,其中共享秘密的带外交换是可行的。DHCP协议规范[RFC2131]第7节讨论了潜在的攻击风险。
Implementations should consider using the DHCPv4 Authentication option [RFC3118] to protect DHCPv4 client access in order to provide a higher level of security if it is deemed necessary in their environment.
实现应该考虑使用DHCPv4认证选项[RCFC1818]来保护DHCPv4客户端访问,以便在其环境中被认为必要时提供更高级别的安全性。
Message authentication in DHCPv4 relay agents as defined in [RFC4030] should be considered for DHCPv4 relay agents employing the sub-options defined in this document. Potential exposures to attack are discussed in Section 7 of the DHCP protocol specification [RFC2131].
对于采用本文件中定义的子选项的DHCPv4中继代理,应考虑[RFC4030]中定义的DHCPv4中继代理中的消息验证。DHCP协议规范[RFC2131]第7节讨论了潜在的攻击风险。
For use of the VSS option by DHCPv6, the Security Considerations section of [RFC3315] details the general threats to DHCPv6, and thus to messages using the VSS option. The "Authentication of DHCP Messages" section of [RFC3315] describes securing communication between relay agents and servers, as well as clients and servers.
对于DHCPv6使用VSS选项,[RFC3315]的安全注意事项部分详细说明了DHCPv6面临的一般威胁,以及使用VSS选项的消息面临的一般威胁。[RFC3315]的“DHCP消息验证”部分描述了中继代理和服务器以及客户端和服务器之间通信的安全性。
The VSS option could be used by a client in order to obtain an IP address from any VPN. This option would allow a client to perform a more complete address-pool exhaustion attack, since the client would no longer be restricted to attacking address pools on just its local subnet.
客户机可以使用VSS选项从任何VPN获取IP地址。此选项将允许客户端执行更完整的地址池耗尽攻击,因为客户端不再仅限于攻击其本地子网上的地址池。
A DHCP server that implements these VSS options and the VSS sub-option should be aware of this possibility and use whatever techniques can be devised to prevent such an attack. Information such as the giaddr in DHCPv4 or link address in the Relay-forward DHCPv6 message might be used to detect and prevent this sort of attack.
实现这些VSS选项和VSS子选项的DHCP服务器应该意识到这种可能性,并使用可以设计的任何技术来防止此类攻击。DHCPv4中的giaddr或中继转发DHCPv6消息中的链路地址等信息可用于检测和防止此类攻击。
One possible defense would be for the DHCP relay agent to insert a VSS option or sub-option to override the DHCP client's VSS option.
一种可能的防御措施是DHCP中继代理插入VSS选项或子选项以覆盖DHCP客户端的VSS选项。
Servers that implement the VSS option and sub-option MUST by default disable use of the feature; it must specifically be enabled through configuration. Moreover, a server SHOULD provide the ability to selectively enable use of the feature under restricted conditions, e.g., by enabling use of the option only from explicitly configured client-ids, enabling its use only by clients on a particular subnet, or restricting the VSSs from which addresses may be requested.
默认情况下,实现VSS选项和子选项的服务器必须禁用该功能;必须通过配置专门启用它。此外,服务器应提供在受限条件下选择性启用该功能的能力,例如,通过仅从显式配置的客户端ID启用该选项,仅允许特定子网上的客户端使用该选项,或限制可从中请求地址的VSS。
IANA has assigned DHCPv4 option number 221 to the DHCPv4 Virtual Subnet Selection option defined in Section 3.1, in accordance with [RFC3942].
IANA已根据[RFC3942]将DHCPv4选项编号221分配给第3.1节中定义的DHCPv4虚拟子网选择选项。
IANA has assigned sub-option number 151 to the DHCPv4 Virtual Subnet Selection sub-option defined in Section 3.2 from the DHCP Relay Agent Sub-options space [RFC3046], in accordance with the spirit of [RFC3942]. While [RFC3942] doesn't explicitly mention the sub-option space for the DHCP Relay Agent Information option [RFC3046],
IANA已根据[RFC3942]的精神,从DHCP中继代理子选项空间[RFC3046]将子选项编号151分配给第3.2节中定义的DHCPv4虚拟子网选择子选项。虽然[RFC3942]没有明确提到DHCP中继代理信息选项[RFC3046]的子选项空间,
sub-option 151 is already in use by existing implementations of this sub-option, and this document is essentially upward-compatible with these current implementations.
子选项151已经由该子选项的现有实现使用,并且本文档基本上与这些当前实现向上兼容。
IANA has assigned the value of 152 to the DHCPv4 Virtual Subnet Selection Control sub-option defined in Section 3.3.
IANA已将值152分配给第3.3节中定义的DHCPv4虚拟子网选择控制子选项。
IANA has assigned the value of 68 for the DHCPv6 Virtual Subnet Selection option defined in Section 3.4 from the DHCP Option Codes registry.
IANA已从DHCP选项代码注册表为第3.4节中定义的DHCPv6虚拟子网选择选项分配了68的值。
The Type byte defined in Section 3.5 defines a number space for which IANA has created and will maintain a new sub-registry entitled "VSS Type Options". This sub-registry needs to be related to both the DHCPv4 and DHCPv6 VSS options and the DHCPv4 Relay Agent Information option sub-option (all defined by this document), since the Type byte in these two options and the VSS sub-option MUST have identical definitions.
第3.5节中定义的字节类型定义了IANA为其创建的数字空间,并将维护一个名为“VSS类型选项”的新子注册表。此子注册表需要与DHCPv4和DHCPv6 VSS选项以及DHCPv4中继代理信息选项子选项(均由本文档定义)相关,因为这两个选项和VSS子选项中的类型字节必须具有相同的定义。
New values for the Type byte may only be defined by IETF Review, as described in [RFC5226]. Basically, this means that they are defined by RFCs approved by the IESG.
类型字节的新值只能由IETF评审定义,如[RFC5226]所述。基本上,这意味着它们由IESG批准的RFC定义。
Jay Kumarasamy contributed to earlier versions of this document. Bernie Volz recommended consolidation of the DHCPv4 option and sub-option documents after extensive review of those former documents, and provided valuable assistance in structuring and reviewing this document. Alper Yegin expressed interest in the DHCPv6 VSS option, resulting in this combined document covering all three areas. Alfred Hoenes provided assistance with editorial review and also raised substantive protocol issues. David Hankins and Bernie Volz each raised important protocol issues that resulted in a clarified document. Josh Littlefield provided editorial assistance. Several IESG reviewers took the time to substantially review this document, resulting in much-improved clarity.
Jay Kumarasamy对本文件的早期版本做出了贡献。Bernie Volz在对之前的文件进行了广泛审查后,建议合并DHCPv4期权和子期权文件,并在构建和审查本文件方面提供了宝贵的帮助。Alper Yegin表示对DHCPv6 VSS选项感兴趣,因此该合并文档涵盖了所有三个领域。阿尔弗雷德·霍恩斯协助进行编辑审查,并提出了实质性的议定书问题。David Hankins和Bernie Volz各自提出了重要的协议问题,最终形成了一份澄清的文件。Josh Littlefield提供了编辑协助。几位IESG审查员花时间对本文件进行了实质性审查,从而大大提高了清晰度。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,RFC 211997年3月。
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[RFC2131]Droms,R.,“动态主机配置协议”,RFC21311997年3月。
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.
[RFC2132]Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。
[RFC2685] Fox, B. and B. Gleeson, "Virtual Private Networks Identifier", RFC 2685, September 1999.
[RFC2685]Fox,B.和B.Gleeson,“虚拟专用网络标识符”,RFC 26851999年9月。
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC 3046, January 2001.
[RFC3046]Patrick,M.,“DHCP中继代理信息选项”,RFC3046,2001年1月。
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3315]Droms,R.,Ed.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.
[RFC3633]Troan,O.和R.Droms,“动态主机配置协议(DHCP)版本6的IPv6前缀选项”,RFC 3633,2003年12月。
[RFC4994] Zeng, S., Volz, B., Kinnear, K. and J. Brzozowski, "DHCPv6 Relay Agent Echo Request Option", RFC 4994, September 2007.
[RFC4994]Zeng,S.,Volz,B.,Kinnear,K.和J.Brzowski,“DHCPv6中继代理回送请求选项”,RFC 49942007年9月。
[RFC951] Croft, W. and J. Gilmore, "Bootstrap Protocol", RFC 951, September 1985.
[RFC951]Croft,W.和J.Gilmore,“引导协议”,RFC9511985年9月。
[RFC1542] Wimer, W., "Clarifications and Extensions for the Bootstrap Protocol", RFC 1542, October 1993.
[RFC1542]Wimer,W.“引导协议的澄清和扩展”,RFC 1542,1993年10月。
[RFC3118] Droms, R., Ed., and W. Arbaugh, Ed., "Authentication for DHCP Messages", RFC 3118, June 2001.
[RFC3118]Droms,R.,Ed.,和W.Arbaugh,Ed.,“DHCP消息的身份验证”,RFC31182001年6月。
[RFC3942] Volz, B., "Reclassifying Dynamic Host Configuration Protocol version 4 (DHCPv4) Options", RFC 3942, November 2004.
[RFC3942]Volz,B.“重新分类动态主机配置协议版本4(DHCPv4)选项”,RFC 3942,2004年11月。
[RFC4030] Stapp, M. and T. Lemon, "The Authentication Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Option", RFC 4030, March 2005.
[RFC4030]Stapp,M.和T.Lemon,“动态主机配置协议(DHCP)中继代理选项的身份验证子选项”,RFC 4030,2005年3月。
[RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration Protocol (DHCP) Leasequery", RFC 4388, February 2006.
[RFC4388]Woundy,R.和K.Kinnear,“动态主机配置协议(DHCP)租赁”,RFC 4388,2006年2月。
[RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, "DHCPv6 Leasequery", RFC 5007, September 2007.
[RFC5007]Brzowski,J.,Kinnear,K.,Volz,B.,和S.Zeng,“DHCPv6租赁”,RFC 5007,2007年9月。
[RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network Interchange", RFC 5198, March 2008.
[RFC5198]Klensin,J.和M.Padlipsky,“网络交换的Unicode格式”,RFC 51982008年3月。
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。
Authors' Addresses
作者地址
Kim Kinnear Cisco Systems 1414 Massachusetts Ave. Boxborough, MA 01719
Kim Kinnear思科系统公司马萨诸塞州博克斯伯勒大道1414号,马萨诸塞州01719
Phone: (978) 936-0000 EMail: kkinnear@cisco.com
电话:(978)936-0000电子邮件:kkinnear@cisco.com
Richard Johnson Cisco Systems 170 W. Tasman Dr. San Jose, CA 95134
Richard Johnson Cisco Systems 170 W.Tasman Dr.圣何塞,加利福尼亚州95134
Phone: (408) 526-4000 EMail: raj@cisco.com
电话:(408)526-4000电子邮件:raj@cisco.com
Mark Stapp Cisco Systems 1414 Massachusetts Ave. Boxborough, MA 01719
马萨诸塞州Boxborough马萨诸塞大道1414号Mark Stapp Cisco Systems,邮编01719
Phone: (978) 936-0000 EMail: mjs@cisco.com
电话:(978)936-0000电子邮件:mjs@cisco.com