Network Working Group G. Waters Request for Comments: 3011 Nortel Networks Category: Standards Track November 2000
Network Working Group G. Waters Request for Comments: 3011 Nortel Networks Category: Standards Track November 2000
The IPv4 Subnet Selection Option for DHCP
DHCP的IPv4子网选择选项
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
This memo defines a new Dynamic Host Configuration Protocol (DHCP) option for selecting the subnet on which to allocate an address. This option would override a DHCP server's normal methods of selecting the subnet on which to allocate an address for a client.
此备忘录定义了一个新的动态主机配置协议(DHCP)选项,用于选择要在其上分配地址的子网。此选项将覆盖DHCP服务器选择要为客户端分配地址的子网的常规方法。
Table of Contents
目录
1. Introduction..................................................1 1.1. Motivational Example........................................2 2. Subnet Selection Option Definition............................3 3. Intellectual Property.........................................4 4. IANA Considerations...........................................4 5. Acknowledgements..............................................5 6. Security Considerations.......................................5 7. References....................................................5 8. Editor's Addresses............................................6 9. Full Copyright Statement......................................7
1. Introduction..................................................1 1.1. Motivational Example........................................2 2. Subnet Selection Option Definition............................3 3. Intellectual Property.........................................4 4. IANA Considerations...........................................4 5. Acknowledgements..............................................5 6. Security Considerations.......................................5 7. References....................................................5 8. Editor's Addresses............................................6 9. Full Copyright Statement......................................7
The Dynamic Host Configuration Protocol (DHCP) [RFC2131] provides a framework for passing configuration information to hosts on a TCP/IP network. RFC 2132 [RFC2132] specifies DHCP option configuration information that may be carried in DHCP packets to/from the DHCP server and the DHCP client. This document specifies a new DHCP option.
动态主机配置协议(DHCP)[RFC2131]提供了一个框架,用于将配置信息传递给TCP/IP网络上的主机。RFC 2132[RFC2132]指定DHCP选项配置信息,这些信息可以在DHCP数据包中携带到DHCP服务器和DHCP客户端或从DHCP服务器和DHCP客户端携带。本文档指定了一个新的DHCP选项。
To select the subnet on which to allocate an address, the DHCP server determines the subnet from which the request originated, and then selects an address on the originating subnet or on a subnet that is on the same network segment as the originating subnet. The subnet from which the request originates can be determined by:
要选择要分配地址的子网,DHCP服务器将确定发起请求的子网,然后选择发起子网或与发起子网位于同一网段上的子网上的地址。发起请求的子网可通过以下方式确定:
o Using the subnet address of the giaddr field in the DHCP packet header, or if the giaddr field is zero;
o 使用DHCP数据包头中giaddr字段的子网地址,或者如果giaddr字段为零;
o Using the subnet address of the local interface on which the DHCP server received the packet.
o 使用DHCP服务器接收数据包的本地接口的子网地址。
This memo defines a new DHCP option, the subnet selection option, which allows the DHCP client to specify the subnet on which to allocate an address. This option takes precedence over the methods that the DHCP server uses to determine the subnet on which to select an address.
此备忘录定义了一个新的DHCP选项,即子网选择选项,该选项允许DHCP客户端指定要在其上分配地址的子网。此选项优先于DHCP服务器用于确定要在其上选择地址的子网的方法。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
An example of where this option could be useful is in a device (e.g.: a RAS device) that is allocating addresses on behalf of its clients. In this case the device would be allocating addresses through DHCP and then managing those addresses among its clients.
此选项可能有用的一个示例是在代表其客户端分配地址的设备(例如:RAS设备)中。在这种情况下,设备将通过DHCP分配地址,然后在其客户端之间管理这些地址。
In this scenario, the device is connected to a private "internal" network on which the DHCP server would be located. The device is also connected to one or more service providing "external" networks (i.e.: the networks that the device's clients are connected to). Furthermore, the internal network is not IP connected to the external networks, although inside the device there is connectivity between the internal and external networks (e.g.: though the backplane).
在这种情况下,设备连接到DHCP服务器所在的专用“内部”网络。设备还连接到一个或多个提供服务的“外部”网络(即:设备客户端连接到的网络)。此外,内部网络没有IP连接到外部网络,尽管在设备内部,内部和外部网络之间存在连接(例如,通过背板)。
Recall that the device is allocating addresses for its clients on the external networks and that there is no IP connectivity between the internal network and the external networks. The DHCP requests cannot originate from the external networks since packets cannot be routed between the external network and the internal network. Thus, the DHCP requests must originate from the internal network. The problem with originating the DHCP requests from the internal network is that the DHCP server will allocate addresses on the internal network's subnet, when what is required are addresses on the external subnets. The subnet selection option provides a solution to this problem.
回想一下,设备正在外部网络上为其客户端分配地址,并且内部网络和外部网络之间没有IP连接。DHCP请求不能来自外部网络,因为无法在外部网络和内部网络之间路由数据包。因此,DHCP请求必须来自内部网络。从内部网络发起DHCP请求的问题是,当需要外部子网上的地址时,DHCP服务器将在内部网络的子网上分配地址。子网选择选项提供了此问题的解决方案。
The device would send its DHCP request on the internal subnet, but would include the subnet selection option containing the address of the external subnet on which it requires the address. The subnet selection option instructs the DHCP server to allocate the address on the requested subnet as opposed to the normal operation of allocating the address on the subnet from which the DHCP request originated.
设备将在内部子网上发送其DHCP请求,但将包括子网选择选项,该选项包含其需要地址的外部子网的地址。子网选择选项指示DHCP服务器在请求的子网上分配地址,而不是在发起DHCP请求的子网上分配地址的正常操作。
The subnet selection option is a DHCP option. The option contains a single IPv4 address that is the address of a subnet. The value for the subnet address is determined by taking any IPv4 address on the subnet and ANDing that address with the subnet mask (i.e.: the network and subnet bits are left alone and the remaining (address) bits are set to zero). When the DHCP server is configured to respond to this option, is allocating an address, and this option is present then the DHCP server MUST allocate the address on either:
子网选择选项是DHCP选项。该选项包含一个作为子网地址的IPv4地址。子网地址的值通过获取子网上的任何IPv4地址并将该地址与子网掩码进行and运算来确定(即:网络和子网位保持不变,其余(地址)位设置为零)。当DHCP服务器配置为响应此选项、正在分配地址且此选项存在时,DHCP服务器必须在以下任一位置分配地址:
o the subnet specified in the subnet selection option, or;
o 在子网选择选项中指定的子网,或;
o a subnet on the same network segment as the subnet specified in the subnet selection option.
o 与子网选择选项中指定的子网位于同一网段上的子网。
The format of the option is:
该选项的格式为:
Code Len IPv4 Address +-----+-----+-----+-----+-----+-----+ | 118 | 4 | A1 | A2 | A3 | A4 | +-----+-----+-----+-----+-----+-----+
Code Len IPv4 Address +-----+-----+-----+-----+-----+-----+ | 118 | 4 | A1 | A2 | A3 | A4 | +-----+-----+-----+-----+-----+-----+
Servers configured to support this option MUST return an identical copy of the option to any client that sends it, regardless of whether or not the client requests the option in a parameter request list. Clients using this option MUST discard DHCPOFFER or DHCPACK packets that do not contain this option.
配置为支持此选项的服务器必须将该选项的相同副本返回给发送该选项的任何客户端,无论该客户端是否在参数请求列表中请求该选项。使用此选项的客户端必须丢弃不包含此选项的DHCPOFFER或DHCPACK数据包。
This option does not require changes to operations or features of the DHCP server other than to select the subnet on which to allocate an address. For example, the handling of DHCPDISCOVER for an unknown subnet should continue to operate unchanged.
此选项不需要更改DHCP服务器的操作或功能,只需选择要分配地址的子网即可。例如,对未知子网的DHCPDISCOVER的处理应保持不变。
When this option is present and the server is configured to support this option, the server MUST NOT offer an address that is not on the requested subnet or network segment. Servers that do not understand this option will allocate an address using their normal algorithms and will not return this option in the DHCPOFFER or DHCPACK. In this case the client will discard the DHCPOFFER or DHCPACK. Servers that understand this option but are administratively configured to ignore
当存在此选项且服务器配置为支持此选项时,服务器不得提供不在请求的子网或网段上的地址。不了解此选项的服务器将使用其正常算法分配地址,并且不会在DHCPOFFER或DHCPACK中返回此选项。在这种情况下,客户将放弃DHCPOFFER或DHCPACK。理解此选项但管理配置为忽略的服务器
the option MUST ignore the option, use their normal algorithms to allocate an address, and MUST NOT return this option in the DHCPOFFER or DHCPACK. In this case the client will discard the DHCPOFFER or DHCPACK.
该选项必须忽略该选项,使用其正常算法分配地址,并且不得在DHCPOFFER或DHCPACK中返回此选项。在这种情况下,客户将放弃DHCPOFFER或DHCPACK。
During an address renew, the DHCP server may send a DHCPACK directly to the allocated address, however packets from the DHCP server may not be routable to the address. Thus, in all packets that the DHCP client sends that contain the subnet selection option, the giaddr field in the BOOTP header MUST be set to an IPv4 address on which the DHCP client will accept DHCP packets (e.g.: the address on the subnet connected to the internal network).
在地址更新期间,DHCP服务器可以直接向分配的地址发送DHCPACK,但是来自DHCP服务器的数据包可能无法路由到该地址。因此,在DHCP客户端发送的包含子网选择选项的所有数据包中,BOOTP头中的giaddr字段必须设置为DHCP客户端将在其上接受DHCP数据包的IPv4地址(例如:连接到内部网络的子网上的地址)。
The IPv4 address to which a DHCP server sends a reply to MUST be the same as it would chose when this option is not present.
DHCP服务器向其发送回复的IPv4地址必须与不存在此选项时选择的地址相同。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。
Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat.
可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
IANA has assigned a value of 118 for the DHCP option code described in this document.
IANA已为本文档中描述的DHCP选项代码分配了值118。
This document is the result of work undertaken the by DHCP working group. Thanks to Ted Lemon, Tim Aston and Ralph Droms for their helpful comments in this work.
本文件是DHCP工作组开展工作的结果。感谢Ted Lemon、Tim Aston和Ralph Droms在这项工作中提供的有用意见。
W. Mark Townsley and Pratik Gupta originally published a subnet selection option Internet Draft in July 1997. The work in this document was not based on the original work but it does achieve the same goals.
W.Mark Townsley和Pratik Gupta最初于1997年7月发布了子网选择选项Internet草案。本文件中的工作并非基于原始工作,但它确实实现了相同的目标。
DHCP currently provides no authentication or security mechanisms. Potential exposures to attack are discussed is section 7 of the protocol specification [RFC2131].
DHCP目前不提供身份验证或安全机制。协议规范[RFC2131]第7节讨论了潜在的攻击风险。
The subnet selection option allows for the DHCP client to specify the subnet on which to allocate an address. This would allow a client to perform a more complete address-pool exhaustion attack since the client would no longer be restricted to attacking address-pools on just its local subnet.
子网选择选项允许DHCP客户端指定要在其上分配地址的子网。这将允许客户端执行更完整的地址池耗尽攻击,因为客户端不再仅限于攻击其本地子网上的地址池。
Servers that implement the subnet selection option MUST by default disable use of the feature; it must specifically be enabled through configuration. Moreover, a server SHOULD provide the ability to selectively enable use of the feature under restricted conditions, e.g., by enabling use of the option only from explicitly configured client-ids, enabling its use only by clients on a particular subnet, or restricting the subnets (as indicated in the subnet selection option) from which addresses may be requested.
实现子网选择选项的服务器在默认情况下必须禁用该功能;必须通过配置专门启用它。此外,服务器应提供在受限条件下选择性启用该功能的能力,例如,仅通过显式配置的客户端ID启用该选项,仅允许特定子网上的客户端使用该选项,或限制子网(如子网选择选项所示)可以从中请求地址。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2131] Droms, R. "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[RFC2131]Droms,R.“动态主机配置协议”,RFC21311997年3月。
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.
[RFC2132]Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。
Glenn Waters Nortel Networks 310-875 Carling Avenue, Ottawa, Ontario K1S 5P1 Canada
加拿大安大略省渥太华卡林大道310-875号格伦沃特斯北电网络公司K1S 5P1
Phone: +1 613-765-0249 EMail: gww@nortelnetworks.com
Phone: +1 613-765-0249 EMail: gww@nortelnetworks.com
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。