Network Working Group R. Troll
Request for Comments: 2563 @Home Network
Category: Standards Track May 1999
Network Working Group R. Troll
Request for Comments: 2563 @Home Network
Category: Standards Track May 1999
DHCP Option to Disable Stateless Auto-Configuration in IPv4 Clients
用于在IPv4客户端中禁用无状态自动配置的DHCP选项
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
Operating Systems are now attempting to support ad-hoc networks of two or more systems, while keeping user configuration at a minimum. To accommodate this, in the absence of a central configuration mechanism (DHCP), some OS's are automatically choosing a link-local IP address which will allow them to communicate only with other hosts on the same link. This address will not allow the OS to communicate with anything beyond a router. However, some sites depend on the fact that a host with no DHCP response will have no IP address. This document describes a mechanism by which DHCP servers are able to tell clients that they do not have an IP address to offer, and that the client should not generate an IP address it's own.
操作系统现在正试图支持由两个或多个系统组成的自组织网络,同时尽量减少用户配置。为了适应这种情况,在没有中央配置机制(DHCP)的情况下,一些操作系统会自动选择链路本地IP地址,这将允许它们仅与同一链路上的其他主机通信。此地址不允许操作系统与路由器以外的任何设备通信。但是,有些站点依赖于这样一个事实:没有DHCP响应的主机将没有IP地址。本文档描述了一种机制,通过该机制,DHCP服务器可以告诉客户端,它们没有可提供的IP地址,客户端不应生成自己的IP地址。
With computers becoming a larger part of everyday life, operating systems must be able to support a larger range of operating environments. One aspect of this support is the selection of an IP address. The Dynamic Host Configuration Protocol [DHCP] provides a superb method by which site administrators may supply IP addresses (and other network parameters) to network devices. However, some operating environments are not centrally maintained, and operating systems must now be able to handle this quickly and easily.
随着计算机日益成为日常生活的一部分,操作系统必须能够支持更广泛的操作环境。这种支持的一个方面是选择IP地址。动态主机配置协议[DHCP]提供了一种极好的方法,站点管理员可以通过该方法向网络设备提供IP地址(和其他网络参数)。但是,有些操作环境没有集中维护,操作系统现在必须能够快速轻松地处理这一问题。
IPv6 accounts for this, and allows an IPv6 stack to assign itself a global address in the absence of any other mechanism for configuration [IPv6SAC]. However, Operating System designers can't wait for IPv6 support everywhere. They need to be able to assume
IPv6解决了这一问题,并允许IPv6堆栈在没有任何其他配置机制的情况下为自己分配全局地址[IPv6SAC]。然而,操作系统设计者不能到处等待IPv6支持。他们需要能够假设
they will have IPv4 addresses, so that they may communicate with one another even in the smallest networks.
它们将具有IPv4地址,因此即使在最小的网络中,它们也可以相互通信。
This document looks at three types of network nodes, and how IPv4 address auto-configuration may be disabled on a per-subnet (or even per-node) basis. The three types of network nodes are:
本文档介绍三种类型的网络节点,以及如何在每个子网(甚至每个节点)的基础上禁用IPv4地址自动配置。三种类型的网络节点是:
* A node for which the site administrator will hand out configuration information,
* 站点管理员将为其分发配置信息的节点,
* A node on a network segment for which there is no site administrator, and
* 网段上没有站点管理员的节点,以及
* A node on a network segment that has a central site administrator, and that administrator chooses not to hand out any configuration information to the node.
* 网段上具有中心站点管理员的节点,该管理员选择不向该节点分发任何配置信息。
The difference between the second and third cases is the clients behavior.
第二种和第三种情况的区别在于客户的行为。
In one case, the node may assign itself an IP address, and have full connectivity with other nodes on the local wire. In the last case, the node is not told what to do, and while it may assign itself a network address in the same way as case #2, this may not be what the central administrator wants.
在一种情况下,节点可以为自己分配一个IP地址,并与本地线路上的其他节点具有完全连接。在最后一种情况下,节点没有被告知要做什么,虽然它可以按照与第2种情况相同的方式为自己分配网络地址,但这可能不是中央管理员想要的。
The first scenario is handled by the current DHCP standard. However, the current DHCP specification [DHCP] says servers must silently ignore requests from hosts they do not know. Because of this, DHCP clients are unable to determine whether they are on a subnet with no administration, or with administration that is choosing not to hand out addresses.
第一种情况由当前的DHCP标准处理。然而,当前的DHCP规范[DHCP]说服务器必须默默地忽略来自他们不知道的主机的请求。因此,DHCP客户端无法确定它们是在没有管理的子网中,还是在选择不分发地址的管理子网中。
This document describes a method by which DHCP clients will be able to determine whether or not the network is being centrally administrated, allowing it to intelligently determine whether or not it should assign itself a "link-local" address.
本文档描述了一种方法,通过该方法,DHCP客户端将能够确定网络是否处于集中管理状态,从而使其能够智能地确定是否应为自己分配一个“链路本地”地址。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KEYWORDS].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[关键词]中所述进行解释。
DHCP client A DHCP client is an Internet host using DHCP to obtain configuration parameters such as a network address.
DHCP客户端DHCP客户端是使用DHCP获取配置参数(如网络地址)的Internet主机。
DHCP server A DHCP server is an Internet host that returns configuration parameters to DHCP clients.
DHCP服务器DHCP服务器是向DHCP客户端返回配置参数的Internet主机。
This option code is used to ask whether, and be notified if, auto-configuration should be disabled on the local subnet. The auto-configure option is an 8-bit number.
此选项代码用于询问是否应在本地子网上禁用自动配置,并收到通知。自动配置选项是一个8位数字。
Code Len Value
+-----+-----+-----+
| 116 | 1 | a |
+-----+-----+-----+
Code Len Value
+-----+-----+-----+
| 116 | 1 | a |
+-----+-----+-----+
The code for this option is 116, and its length is 1.
此选项的代码为116,长度为1。
This code, along with the IP address assignment, will allow a DHCP client to determine whether or not it should generate a link-local IP address.
此代码以及IP地址分配将允许DHCP客户端确定是否应生成链接本地IP地址。
The auto-configure option uses the following values:
自动配置选项使用以下值:
DoNotAutoConfigure 0 AutoConfigure 1
不自动配置0自动配置1
When a server responds with the value "AutoConfigure", the client MAY generate a link-local IP address if appropriate. However, if the server responds with "DoNotAutoConfigure", the client MUST NOT generate a link-local IP address, possibly leaving it with no IP address.
当服务器响应值为“AutoConfigure”时,客户端可能会在适当的情况下生成链接本地IP地址。但是,如果服务器响应为“DoNotAutoConfigure”,则客户端不得生成链接本地IP地址,可能会使其没有IP地址。
Clients that have auto-configuration capabilities MUST add the Auto-Configure option to the list of options included in its initial DHCPDISCOVER message. ([DHCP] Section 4.4.1) At this time, the option's value should be set to "AutoConfigure".
具有自动配置功能的客户端必须将自动配置选项添加到初始DHCPDISCOVER消息中包含的选项列表中。([DHCP]第4.4.1节)此时,选项的值应设置为“自动配置”。
When a DHCPOFFER is received, it is handled as described in [DHCP], section 4.4.1, with one exception. If the 'yiaddr' field is 0x00000000, the Auto-Configure option must be consulted. If this
当收到DHCPOFFER时,将按照[DHCP]第4.4.1节中的说明进行处理,但有一个例外。如果“yiaddr”字段为0x00000000,则必须参考自动配置选项。如果这
option is set to "AutoConfigure", then the DHCPOFFER MUST be ignored, and the DHCP client MAY generate a link-local IP address. However, if this option is set to "DoNotAutoConfigure", then the DHCPOFFER MUST be ignored, and the client MUST NOT generate a link-local IP address.
选项设置为“自动配置”,则必须忽略DHCPOFFER,DHCP客户端可能会生成链接本地IP地址。但是,如果此选项设置为“DoNotAutoConfigure”,则必须忽略DHCPOFFER,并且客户端不得生成链接本地IP地址。
If a DHCP client receives any DHCPOFFER which contains a 'yiaddr' of 0x00000000, and the Auto-Configure flag says "DoNotAutoConfigure", in the absence of a DHCPOFFER with a valid 'yiaddr', the DHCP client MUST NOT generate a link-local IP address. The amount of time a DHCP client waits to collect any other DHCPOFFERs is implementation dependant.
如果DHCP客户端接收到任何包含0x00000000的“yiaddr”的DHCPOFFER,并且自动配置标志显示“DoNotAutoConfigure”,则在没有具有有效“yiaddr”的DHCPOFFER的情况下,DHCP客户端不得生成链路本地IP地址。DHCP客户端等待收集任何其他DHCPOFFERs的时间取决于实现。
DHCPOFFERs with a 'yiaddr' of 0x00000000 will only be sent by DHCP servers supporting the Auto-Configure option when the DHCPDISCOVER contained the Auto-Configure option. Since the DHCPDISCOVER will only contain the Auto-Configure option when a DHCP client knows how to handle it, there will be no inter-operability problems.
当DHCPDISCOVER包含自动配置选项时,“yiaddr”为0x00000000的DHCPOFFERES将仅由支持自动配置选项的DHCP服务器发送。由于DHCPDISCOVER仅在DHCP客户端知道如何处理时才包含自动配置选项,因此不会出现互操作性问题。
If the DHCP server does have an address to offer, the message states are the same as those described in [DHCP], section 3.
如果DHCP服务器确实有地址可供提供,则消息状态与[DHCP]第3节中描述的相同。
The following depicts the difference in responses for non-registered DHCP clients that support the "Auto-Configure" option on networks that have DHCP servers that support auto-configuration and networks with DHCP servers that do not.
以下描述了在具有支持自动配置的DHCP服务器的网络和具有不支持自动配置的DHCP服务器的网络上支持“自动配置”选项的未注册DHCP客户端的响应差异。
Network Client Network (no auto-configure) (auto-configure)
网络客户端网络(无自动配置)(自动配置)
v v v
| | |
| Begins initialization |
| | |
| _____________/|\____________ |
|/DHCPDISCOVER | DHCPDISCOVER \|
| | |
Determines | Determines
configuration | configuration
| | |
| | ____________/|
| | /DHCPOFFER |
| |/ |
| | |
| Collects replies |
| | |
| Selects configuration |
| | |
|--AutoConfigs--|- NO IP ADDR --|
. . .
. . .
| | |
| Graceful shutdown |
| | |
| | |
v v v
v v v
| | |
| Begins initialization |
| | |
| _____________/|\____________ |
|/DHCPDISCOVER | DHCPDISCOVER \|
| | |
Determines | Determines
configuration | configuration
| | |
| | ____________/|
| | /DHCPOFFER |
| |/ |
| | |
| Collects replies |
| | |
| Selects configuration |
| | |
|--AutoConfigs--|- NO IP ADDR --|
. . .
. . .
| | |
| Graceful shutdown |
| | |
| | |
v v v
When a DHCP server receives a DHCPDISCOVER, it MUST be processed as described in [DHCP], section 4.3.1. However, if no address is chosen for the host, a few additional steps MUST be taken.
当DHCP服务器收到DHCPDISCOVER时,必须按照[DHCP]第4.3.1节中的说明对其进行处理。但是,如果没有为主机选择地址,则必须采取一些附加步骤。
If the DHCPDISCOVER does not contain the Auto-Configure option, it is not answered.
如果DHCPDISCOVER不包含自动配置选项,则不会应答。
If the DHCPDISCOVER contains the Auto-Configure option, and the site administrator has specified that Auto-Configuration should be disabled on the subnet the DHCPDISCOVER is originating from, or for the client originating the request, then a DHCPOFFER MUST be sent to the DHCP client. This offer MUST be for the address 0x00000000, and the Auto-Configure option MUST be set to "DoNotAutoConfigure".
如果DHCPDISCOVER包含自动配置选项,并且站点管理员已指定应在DHCPDISCOVER发起的子网或发起请求的客户端上禁用自动配置,则必须向DHCP客户端发送DHCPOFFERE。此报价必须针对地址0x00000000,并且自动配置选项必须设置为“DoNotAutoConfigure”。
If the site administrator allows auto-configuration on the originating subnet, the DHCPDISCOVER is not answered as before.
如果站点管理员允许在发起子网上进行自动配置,则DHCPDISCOVER不会像以前那样应答。
Environments containing a mixture of clients and servers that do and do not support the Auto-Configure option will not be a problem. Every DHCP transaction is between a Server and a Client, and the possible mixed scenarios between these two are listed below.
包含客户机和服务器的混合环境(支持和不支持自动配置选项)不会成为问题。每个DHCP事务都是在服务器和客户端之间进行的,下面列出了这两者之间可能存在的混合情况。
If a DHCP client sends a request that contains the Auto-Configure tag, a DHCP server that does not know what this tag is will respond normally. According to [DHCP] Section 4.3.1, the server MUST NOT return a value for that parameter.
如果DHCP客户端发送包含自动配置标记的请求,则不知道该标记是什么的DHCP服务器将正常响应。根据[DHCP]第4.3.1节,服务器不得返回该参数的值。
In this case, the server will either respond with a valid DHCPOFFER, or it will not respond at all. In both cases, a DHCP client that supports this option will never care what the state of the option is, and may auto-configure.
在这种情况下,服务器要么用有效的DHCPOFFER响应,要么根本不响应。在这两种情况下,支持此选项的DHCP客户端永远不会关心该选项的状态,并且可能会自动配置。
If the Auto-Configure option is not present in the DHCPDISCOVER, the server will do nothing about it. The client will auto-configure if it doesn't receive a response and believes that's what it should do.
如果DHCPDISCOVER中没有自动配置选项,服务器将对此不做任何操作。如果客户端没有收到响应并且认为应该这样做,它将自动配置。
This scenario SHOULD not occur, as any stacks that implement an auto-configuration mechanism MUST implement this option as well.
这种情况不应该发生,因为任何实现自动配置机制的堆栈也必须实现此选项。
As this option only affects the initial IP address selection, it does not apply to subsequent DHCP messages. If the DHCP client received a lease from a DHCP server, future DHCP messages (RENEW, INFORM, ACK, etc.) have no need to fall over into an auto- configuration state.
由于此选项仅影响初始IP地址选择,因此不适用于后续DHCP消息。如果DHCP客户端从DHCP服务器接收到租用,则未来的DHCP消息(续订、通知、确认等)无需进入自动配置状态。
If the DHCP client's lease expires, the client falls back into the INIT state, and the initial DHCPDISCOVER is sent as before.
如果DHCP客户端的租约到期,客户端将返回初始状态,初始DHCPDISCOVER将像以前一样发送。
DHCPRELEASEs occur exactly as described in [DHCP], section 4.4.6. When a DHCP client is done with a lease, it MAY notify the server that it is finished. For this to occur, the DHCP client already received a DHCP lease, and the state of Auto-Configuration on the local wire does not matter.
DHC释放完全按照[DHCP]第4.4.6节所述发生。当DHCP客户端完成租约时,它可能会通知服务器租约已完成。要实现这一点,DHCP客户端已经收到DHCP租约,本地线路上的自动配置状态无关紧要。
A DHCPDECLINE is sent by the DHCP client when it determines the network address it is attempting to use is already in use. As a network address has been tested, it must have been offered by the DHCP Server, and the state of Auto-Configuration on the local wire does not matter.
当DHCP客户端确定它试图使用的网络地址已在使用时,就会发送DHCPDecend。由于网络地址已经过测试,它必须由DHCP服务器提供,并且本地线路上的自动配置状态并不重要。
DHCPINFORMs should be handled as described in [DHCP], section 4.4.3. No changes are necessary.
应按照[DHCP]第4.4.3节中的说明处理DHCPInfo。不需要改变。
If the DHCP server would like to tell a client why it is not allowed to auto-configure, it MAY add the Message option to the response. This option is defined in [DHCPOPT], Section 9.9.
如果DHCP服务器想告诉客户端为什么不允许自动配置,它可以在响应中添加消息选项。该选项在[DHCPOPT]第9.9节中定义。
If the DHCP client receives a response with the Message option set, it MUST provide this information to the administrator of the DHCP client. How this information is provided is implementation dependant.
如果DHCP客户端接收到设置了消息选项的响应,则必须向DHCP客户端的管理员提供此信息。如何提供这些信息取决于实施情况。
DHCP per se currently provides no authentication or security mechanisms. Potential exposures to attack are discussed in section 7 of the DHCP protocol specification [DHCP].
DHCP本身目前不提供身份验证或安全机制。DHCP协议规范[DHCP]第7节讨论了潜在的攻击风险。
This mechanism does add one other potential attack. Malicious users on a subnet may respond to all DHCP requests with responses telling DHCP clients that they should NOT auto-configure on the local wire. On a network where Auto-Configuration is required, this will cause all DHCP clients to not choose an address.
这种机制确实增加了另一种潜在的攻击。子网上的恶意用户可能会响应所有DHCP请求,并告知DHCP客户端不应在本地线路上自动配置。在需要自动配置的网络上,这将导致所有DHCP客户端不选择地址。
This idea started at a joint Common Solutions Group / Microsoft meeting at Microsoft in May, 1998. The IP stacks in Win98 and NT5 assign themselves an IP address (in a specific subnet) in the absence of a responding DHCP server, and this is causing headaches for many sites that actually rely on machines not getting IP addresses when the DHCP servers do not know them.
这一想法始于1998年5月在微软召开的公共解决方案小组/微软联合会议。Win98和NT5中的IP堆栈在没有响应的DHCP服务器的情况下为自己分配一个IP地址(在特定的子网中),这给许多站点带来了麻烦,这些站点实际上依赖于DHCP服务器不知道IP地址的机器。
Walter Wong proposed a solution that would allow the DHCP servers to tell clients not to do this. His initial solution would not work without slight modifications to DHCP itself. This document describes
Walter Wong提出了一个解决方案,允许DHCP服务器告诉客户端不要这样做。如果不对DHCP本身进行轻微修改,他的初始解决方案将无法工作。本文件描述了
those modifications.
这些修改。
The IANA has assigned option number 116 for this option.
IANA已为此选项分配了选项编号116。
[DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[DHCP]Droms,R.,“动态主机配置协议”,RFC 21311997年3月。
[DHCPOPT] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extension", RFC 2132, March 1997.
[DHCPOPT]Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。
[IPv6SAC] Thomson, S. and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998.
[IPv6SAC]Thomson,S.和T.Narten,“IPv6无状态地址自动配置”,RFC 2462,1998年12月。
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
Ryan Troll @Home Network 425 Broadway Redwood City, CA 94063
Ryan Troll@Home Network 425百老汇红木城,加利福尼亚州94063
Phone: (650) 556-6031 EMail: rtroll@corp.home.net
电话:(650)556-6031电子邮件:rtroll@corp.home.net
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。