Network Working Group Y. T'Joens Request for Comments: 3203 C. Hublet Category: Standards Track Alcatel P. De Schrijver Mind December 2001
Network Working Group Y. T'Joens Request for Comments: 3203 C. Hublet Category: Standards Track Alcatel P. De Schrijver Mind December 2001
DHCP reconfigure extension
DHCP重新配置扩展
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2001). All Rights Reserved.
版权所有(C)互联网协会(2001年)。版权所有。
Abstract
摘要
This document defines extensions to DHCP (Dynamic Host Configuration Protocol) to allow dynamic reconfiguration of a single host triggered by the DHCP server (e.g., a new IP address and/or local configuration parameters). This is achieved by introducing a unicast FORCERENEW message which forces the client to the RENEW state. The behaviour for hosts using the DHCP INFORM message to obtain configuration information is also described.
本文档定义了对DHCP(动态主机配置协议)的扩展,以允许动态重新配置DHCP服务器触发的单个主机(例如,新的IP地址和/或本地配置参数)。这是通过引入单播FORCERENEW消息来实现的,该消息强制客户端进入续订状态。还描述了主机使用DHCP通知消息获取配置信息的行为。
The procedures as described within this document allow the dynamic reconfiguration of individual hosts.
本文档中描述的过程允许动态重新配置各个主机。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
This section describes the FORCERENEW message extension.
本节介绍FORCERENEW消息扩展。
DHCP client : host to be reconfigured using DHCP.
DHCP客户端:要使用DHCP重新配置的主机。
DHCP server : server which configured the DHCP client.
DHCP服务器:配置DHCP客户端的服务器。
The DHCP server sends a unicast FORCERENEW message to the client. Upon receipt of the unicast FORCERENEW message, the client will change its state to the RENEW state, and will then try to renew its lease according to normal DHCP procedures. If the server wants to assign a new IP address to the client, it will reply to the DHCP REQUEST with a DHCP NAK. The client will then go back to the init state and broadcast a DHCP DISCOVER message. The server can now assign a new IP address to the client by replying with a DHCP OFFER. If the FORCERENEW message is lost, the DHCP server will not receive a DHCP REQUEST from the client and it should retransmit the FORCERENEW message using an exponential backoff algorithm. Depending on the bandwidth of the network between server and client, the server should choose a delay. This delay grows exponentially as retransmissions fail. The amount of retransmissions should be limited.
DHCP服务器向客户端发送单播FORCERENEW消息。在收到单播FORCERENEW消息后,客户端将其状态更改为续订状态,然后根据正常的DHCP过程尝试续订其租约。如果服务器希望为客户端分配新的IP地址,它将使用DHCP NAK回复DHCP请求。然后,客户端将返回init状态并广播DHCP发现消息。服务器现在可以通过回复DHCP提供为客户端分配新的IP地址。如果FORCERENEW消息丢失,DHCP服务器将不会收到来自客户端的DHCP请求,它应该使用指数退避算法重新传输FORCERENEW消息。根据服务器和客户端之间的网络带宽,服务器应选择延迟。当重新传输失败时,延迟呈指数增长。应限制重传的数量。
The procedures described above assume the server to send a unicast FORCERENEW message to the client. Receipt of a multicast FORCERENEW message by the client should be silently discarded.
上述过程假设服务器向客户端发送单播FORCERENEW消息。客户端接收到的多播FORCERENEW消息应自动放弃。
It can be that a client has obtained a network address through some other means (e.g., manual configuration) and has used a DHCP INFORM request to obtain other local configuration parameters. Such clients should respond to the receipt of a unicast FORCERENEW message with a new DHCP INFORM request so as to obtain a potential new set of local configuration parameters. Note that the usage of these procedures are limited to the set of options that are eligible for configuration by DHCP and should not override manually configured parameters.
可能是客户端通过某些其他方式(例如,手动配置)获得了网络地址,并使用DHCP通知请求获得了其他本地配置参数。此类客户端应使用新的DHCP通知请求响应单播FORCERENEW消息的接收,以获得一组潜在的新本地配置参数。请注意,这些过程的使用仅限于符合DHCP配置条件的选项集,不应覆盖手动配置的参数。
Note further that usage of the FORCERENEW message to reconfigure a client address or local configuration parameters can lead to the interruption of active sessions, and that as such these procedures should be used in controlled circumstances.
进一步注意,使用FORCERENEW消息重新配置客户端地址或本地配置参数可能会导致活动会话中断,因此这些过程应在受控情况下使用。
The autoconfiguration of home gateways (more generically Network Termination equipment) for public networking purposes can be achieved through means of DHCP, as described in [DSL_autoconf]. In order to allow service changes or service interruption, the FORCERENEW message can trigger the home gateway to contact the DHCP server, prior to the expiry of the lease.
如[DSL_autoconf]中所述,可通过DHCP实现用于公共网络目的的家庭网关(更通用的网络终端设备)的自动配置。为了允许服务更改或服务中断,FORCERENEW消息可以在租约到期之前触发家庭网关与DHCP服务器联系。
In self provisioned networks, e.g., hotel rooms, the hotel owned DHCP server can hand out limited use IP addresses, that allows the customer to consume local services or select external services from a web browser interface. In order to allow external services through other service providers, e.g., global internet services or enterprise VPN services, the DHCP server can trigger the client to ask for a new DHCP initialization session so as to obtain e.g., a globally routed IP address.
在自配置网络(如酒店房间)中,酒店拥有的DHCP服务器可以分发有限的IP地址,允许客户使用本地服务或从web浏览器界面选择外部服务。为了允许通过其他服务提供商(例如,全球互联网服务或企业VPN服务)提供外部服务,DHCP服务器可以触发客户端请求新的DHCP初始化会话,以便获得例如,全球路由IP地址。
Under tightly controlled conditions, the FORCERENEW procedures can be used to brute force the renumbering of entire subnets, client per client, under control of a DHCP server.
在严格控制的条件下,FORCERENEW过程可用于在DHCP服务器的控制下强制对整个子网(每个客户端)重新编号。
The approach as described in this document has a number of advantages. It does not require new states to be added to the DHCP client implementation. This minimizes the amount of code to be changed. It also allows lease RENEWAL to be driven by the server, which can be used to optimize network usage or DHCP server load.
本文件中描述的方法具有许多优点。它不需要向DHCP客户端实现添加新状态。这将最大限度地减少要更改的代码量。它还允许由服务器驱动租约续订,可用于优化网络使用或DHCP服务器负载。
+--------+ +------+ | Init / | +-->+ Init +<---------------+-------------------+ | Reboot | | +--+---+ | | +---+----+ DHCPNAK/ -/Send DHCPDISCOVER | | | Restart | (broadcast) | | | | v v-------------+ | | -/Send DHCPREQUEST| +----+------+ DHCPOFFER/DHCPDECLINE | | (broadcast)| | Selecting |----------+ | | v | +----+------+ | | +---+----+ | DHCPOFFER/DHCPREQUEST | | | Reboot +---------+ (broadcast) | | +---+----+ v | | | +----+-------+ DHCPNAK /halt network | + Requesting | | lease expired DHCPACK/ +----+-------+ | | Record lease | | | set timers DHCPACK/Record lease | | | v Set T1 & T2 | | | +--+----+DHCPFORCE +---+---+ +----+---+ +----------------->+ Bound +---------->+ Renew +--------->+ Rebind | +--+-+--+T1 expires +-+-+---+T2 expires+----+---+ ^ /DHCPREQUEST | | /broadcast | DHCPACK to leasing | | DHCPREQUEST | | server | | | +----------------------------------------+
+--------+ +------+ | Init / | +-->+ Init +<---------------+-------------------+ | Reboot | | +--+---+ | | +---+----+ DHCPNAK/ -/Send DHCPDISCOVER | | | Restart | (broadcast) | | | | v v-------------+ | | -/Send DHCPREQUEST| +----+------+ DHCPOFFER/DHCPDECLINE | | (broadcast)| | Selecting |----------+ | | v | +----+------+ | | +---+----+ | DHCPOFFER/DHCPREQUEST | | | Reboot +---------+ (broadcast) | | +---+----+ v | | | +----+-------+ DHCPNAK /halt network | + Requesting | | lease expired DHCPACK/ +----+-------+ | | Record lease | | | set timers DHCPACK/Record lease | | | v Set T1 & T2 | | | +--+----+DHCPFORCE +---+---+ +----+---+ +----------------->+ Bound +---------->+ Renew +--------->+ Rebind | +--+-+--+T1 expires +-+-+---+T2 expires+----+---+ ^ /DHCPREQUEST | | /broadcast | DHCPACK to leasing | | DHCPREQUEST | | server | | | +----------------------------------------+
The FORCERENEW message makes use of the normal DHCP message layout with the introduction of a new DHCP message type. DHCP option 53 (DHCP message type) is extended with a new value: DHCPFORCERENEW (9)
FORCERENEW消息利用了正常的DHCP消息布局,并引入了新的DHCP消息类型。DHCP选项53(DHCP消息类型)扩展为一个新值:DHCPFORCERENEW(9)
The new value for DHCP option 53 (DHCP message type) to indicate a DHCPFORCERENEW message is 9.
DHCP选项53(DHCP消息类型)用于指示DHCPFORCERENEW消息的新值为9。
As in some network environments FORCERENEW can be used to snoop and spoof traffic, the FORCERENEW message MUST be authenticated using the procedures as described in [DHCP-AUTH]. FORCERENEW messages failing the authentication should be silently discarded by the client.
由于在某些网络环境中,FORCERENEW可用于监听和欺骗流量,因此必须使用[DHCP-AUTH]中所述的过程对FORCERENEW消息进行身份验证。未通过身份验证的FORCERENEW消息应由客户端自动丢弃。
The mechanism described in this document is vulnerable to a denial of service attack through flooding a client with bogus FORCERENEW messages. The calculations involved in authenticating the bogus FORECERENEW messages may overwhelm the device on which the client is running.
本文档中描述的机制容易受到拒绝服务攻击,因为它会向客户端发送虚假的FORCERENEW消息。验证虚假FORECERENEW消息所涉及的计算可能会淹没运行客户端的设备。
[DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[DHCP]Droms,R.,“动态主机配置协议”,RFC 21311997年3月。
[DHCP-AUTH] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages", RFC 3118, June 2001.
[DHCP-AUTH]Droms,R.和W.Arbaugh,“DHCP消息的身份验证”,RFC31182001年6月。
[DSL_autoconf] Technical Report TR-044, "Auto-Configuration for Basic Internet (IP-based) Services", DSL Forum, November 2001
[DSL_autoconf]技术报告TR-044,“基本互联网(基于IP)服务的自动配置”,DSL论坛,2001年11月
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
The authors would like to thank David Allan, Nortel, for the constructive comments to these procedures.
作者要感谢北电公司David Allan对这些程序提出的建设性意见。
Yves T'joens Alcatel Network Strategy Group Francis Wellesplein 1, 2018 Antwerp, Belgium Phone: +32 3 240 7890 EMail: yves.tjoens@alcatel.be
Yves T'joens阿尔卡特网络战略集团Francis Welleslein 2018年1月1日比利时安特卫普电话:+32 3 240 7890电子邮件:Yves。tjoens@alcatel.be
Peter De Schrijver Mind NV Vaartkom 11 3000 Leuven EMail: p2@mind.be
Peter De Schrijver Mind NV Vaartkom 11 3000鲁汶电子邮件:p2@mind.be
Alcatel Broadband Networking Division Veldkant 33b, 2550 Kontich, Belgium Phone: +32 3 450 3322 EMail: Christian.Hublet@alcatel.be
阿尔卡特宽带网络部Veldkant 33b,比利时康提奇2550电话:+32 3 450 3322电子邮件:Christian。Hublet@alcatel.be
Copyright (C) The Internet Society (2001). All Rights Reserved.
版权所有(C)互联网协会(2001年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。