Network Working Group R. Droms Request for Comments: 3736 Cisco Systems Category: Standards Track April 2004
Network Working Group R. Droms Request for Comments: 3736 Cisco Systems Category: Standards Track April 2004
Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6
IPv6的无状态动态主机配置协议(DHCP)服务
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
Abstract
摘要
Stateless Dynamic Host Configuration Protocol service for IPv6 (DHCPv6) is used by nodes to obtain configuration information, such as the addresses of DNS recursive name servers, that does not require the maintenance of any dynamic state for individual clients. A node that uses stateless DHCP must have obtained its IPv6 addresses through some other mechanism, typically stateless address autoconfiguration. This document explains which parts of RFC 3315 must be implemented in each of the different kinds of DHCP agents so that agent can support stateless DHCP.
用于IPv6的无状态动态主机配置协议服务(DHCPv6)由节点用于获取配置信息,例如DNS递归名称服务器的地址,这些信息不需要维护单个客户端的任何动态状态。使用无状态DHCP的节点必须通过其他机制(通常是无状态地址自动配置)获取其IPv6地址。本文档解释了RFC 3315的哪些部分必须在每种不同类型的DHCP代理中实现,以便代理能够支持无状态DHCP。
Nodes that have obtained IPv6 addresses through some other mechanism, such as stateless address autoconfiguration [6] or manual configuration, can use stateless DHCP to obtain other configuration information such as a list of DNS recursive name servers or SIP servers. A stateless DHCP server provides only configuration information to nodes and does not perform any address assignment. Such a server is called "stateless" because it need not maintain any dynamic state for individual clients.
通过一些其他机制(如无状态地址自动配置[6]或手动配置)获取IPv6地址的节点可以使用无状态DHCP获取其他配置信息,如DNS递归名称服务器或SIP服务器的列表。无状态DHCP服务器只向节点提供配置信息,不执行任何地址分配。这样的服务器称为“无状态”,因为它不需要为单个客户机维护任何动态状态。
While the DHCP specification [1] defines more than 10 protocol messages and 20 options, only a subset of those messages and options are required for stateless DHCP service. This document explains which messages and options defined in RFC 3315 are required for stateless DHCP service. The intended use of the document is to guide
虽然DHCP规范[1]定义了10多条协议消息和20个选项,但无状态DHCP服务只需要这些消息和选项中的一个子集。本文档解释了无状态DHCP服务需要RFC 3315中定义的哪些消息和选项。本文件的预期用途是指导
the interoperable implementation of clients and servers that use stateless DHCP service.
使用无状态DHCP服务的客户端和服务器的可互操作实现。
The operation of relay agents is the same for stateless and stateful DHCP service. The operation of relay agents is described in the DHCP specification.
中继代理的操作与无状态和有状态DHCP服务相同。DHCP规范中描述了中继代理的操作。
Section 4 of this document lists the sections of the DHCP document that an implementor should read for an overview of the DHCP specification and the basic requirements of a DHCP service. Section 5 lists the specific messages and options that are specifically required for stateless DHCP service. Section 6 describes how stateless and stateful DHCP servers interact to provide service to clients that require address assignment and clients that require only stateless service.
本文档第4节列出了DHCP文档的各个部分,实现者应阅读这些部分,以了解DHCP规范的概述和DHCP服务的基本要求。第5节列出了无状态DHCP服务特别需要的特定消息和选项。第6节描述了无状态和有状态DHCP服务器如何交互以向需要地址分配的客户端和只需要无状态服务的客户端提供服务。
Throughout this document, "DHCP" refers to DHCP for IPv6.
在本文档中,“DHCP”指IPv6的DHCP。
This document uses the terminology defined in RFC 2460 [2], the DHCP specification [1], and the DHCP DNS configuration options specification [3].
本文档使用RFC 2460[2]、DHCP规范[1]和DHCP DNS配置选项规范[3]中定义的术语。
"Stateless DHCP" refers to the use of DHCP to provide configuration information to clients that does not require the server to maintain dynamic state about the DHCP clients.
“无状态DHCP”是指使用DHCP向客户端提供配置信息,而不需要服务器维护DHCP客户端的动态状态。
This document assumes that a node using stateless DHCP configuration is not using DHCP for address assignment, and that a node has determined at least a link-local address as described in section 5.3 of RFC 2461 [4].
本文档假设使用无状态DHCP配置的节点未使用DHCP进行地址分配,并且节点至少已确定RFC 2461[4]第5.3节所述的链路本地地址。
To obtain configuration parameters through stateless DHCP, a node uses the DHCP Information-request message. DHCP servers respond to the node's message with a Reply message that carries configuration parameters for the node. The Reply message from the server can carry configuration information, such as a list of DNS recursive name servers [3] and SIP servers [5].
为了通过无状态DHCP获取配置参数,节点使用DHCP信息请求消息。DHCP服务器使用带有节点配置参数的回复消息响应节点的消息。来自服务器的回复消息可以携带配置信息,例如DNS递归名称服务器[3]和SIP服务器[5]的列表。
This document does not apply to the function of DHCP relay agents as described in RFC 3315. A network element can provide both DHCP server and DHCP relay service. For example, a network element can provide stateless DHCP service to hosts requesting stateless DHCP service, while relaying messages from hosts requesting address assignment through DHCP to another DHCP server.
本文档不适用于RFC 3315中所述的DHCP中继代理的功能。网元可以同时提供DHCP服务器和DHCP中继服务。例如,网元可以向请求无状态DHCP服务的主机提供无状态DHCP服务,同时将请求通过DHCP分配地址的主机的消息中继到另一个DHCP服务器。
Several sections of the DHCP specification provide background information or define parts of the specification that are common to all implementations:
DHCP规范的几个部分提供了背景信息或定义了规范中所有实现所共有的部分:
1-4: give an introduction to DHCP and an overview of DHCP message flows
1-4:介绍DHCP并概述DHCP消息流
5: defines constants used throughout the protocol specification
5:定义整个协议规范中使用的常数
6, 7: illustrate the format of DHCP messages
6、7:说明DHCP消息的格式
8: describes the representation of Domain Names
8:描述域名的表示形式
9: defines the "DHCP unique identifier" (DUID)
9:定义“DHCP唯一标识符”(DUID)
13-16: describe DHCP message transmission, retransmission, and validation
13-16:描述DHCP消息传输、重传和验证
21: describes authentication for DHCP
21:描述DHCP的身份验证
The client indicates that it is requesting configuration information by sending an Information-request message that includes an Option Request option specifying the options that it wishes to receive from the DHCP server. For example, if the client is attempting to obtain a list of DNS recursive name servers, it identifies the DNS Recursive Name Server option in the Information-request message. The server determines the appropriate configuration parameters for the client based on its configuration policies and responds with a Reply message containing the requested parameters. In this example, the server would respond with DNS configuration parameters.
客户端通过发送信息请求消息来指示其正在请求配置信息,该消息包括一个选项请求选项,该选项指定客户端希望从DHCP服务器接收的选项。例如,如果客户端试图获取DNS递归名称服务器的列表,它将在信息请求消息中标识DNS递归名称服务器选项。服务器根据其配置策略为客户端确定适当的配置参数,并使用包含请求的参数的回复消息进行响应。在本例中,服务器将使用DNS配置参数进行响应。
As described in section 18.1.5 of RFC 3315, a node may include a Client Identifier option in the Information-request message to identify itself to a server, because the server administrator may want to customize the server's response to each node, based on the node's identity.
如RFC 3315第18.1.5节所述,节点可在信息请求消息中包括客户端标识符选项,以向服务器标识自身,因为服务器管理员可能希望根据节点的标识自定义服务器对每个节点的响应。
RFC 3315 does not define any mechanisms through which the time at which a host uses an Information-request message to obtain updated configuration parameters can be controlled. The DHC WG has undertaken the development of such a mechanism or mechanisms which will be published as Standards-track RFC(s).
RFC 3315未定义任何机制,通过这些机制可以控制主机使用信息请求消息获取更新配置参数的时间。DHC工作组已着手开发此类机制,该机制将作为标准跟踪RFC发布。
RFC 3315 also does not provide any guidance about when a host might use an Information-request message to obtain updated configuration parameters when the host has moved to a new link. The DHC WG is reviewing a related document, "Detection of Network Attachment (DNA) in IPv4" [8], which describes how a host using IPv4 can determine when to use DHCPv4. Either the DHC WG or a WG formed from the DNA BOF will undertake development of a similar document for IPv6.
RFC 3315也没有提供任何指导,说明当主机移动到新链路时,主机何时可以使用信息请求消息来获取更新的配置参数。DHC工作组正在审阅一份相关文档“IPv4中网络连接(DNA)的检测”[8],该文档描述了使用IPv4的主机如何确定何时使用DHCPv4。DHC工作组或由DNA BOF组成的工作组将负责开发IPv6的类似文件。
Clients and servers implement the following messages for stateless DHCP service; the section numbers in this list refer to the DHCP specification:
客户端和服务器为无状态DHCP服务实现以下消息:;此列表中的章节号参考DHCP规范:
Information-request: sent by a DHCP client to a server to request configuration parameters (sections 18.1.5 and 18.2.5)
信息请求:由DHCP客户端发送到服务器以请求配置参数(第18.1.5节和第18.2.5节)
Reply: sent by a DHCP server to a client containing configuration parameters (sections 18.2.6 and 18.2.8)
答复:由DHCP服务器发送到包含配置参数的客户端(第18.2.6节和第18.2.8节)
In addition, servers and relay agents implement the following messages for stateless DHCP service; the section numbers in this list refer to the DHCP specification:
此外,服务器和中继代理为无状态DHCP服务实现以下消息:;此列表中的章节号参考DHCP规范:
Relay-forward: sent by a DHCP relay agent to carry the client message to a server (section 15.13)
中继转发:由DHCP中继代理发送,以将客户端消息传送到服务器(第15.13节)
Relay-reply: sent by a DHCP server to carry a response message to the relay agent (section 15.14)
中继回复:由DHCP服务器发送,以向中继代理发送响应消息(第15.14节)
Clients and servers implement the following options for stateless DHCP service; the section numbers in this list refer to the DHCP specification:
客户端和服务器为无状态DHCP服务实现以下选项;此列表中的章节号参考DHCP规范:
Option Request: specifies the configuration information that the client is requesting from the server (section 22.7)
选项请求:指定客户端向服务器请求的配置信息(第22.7节)
Status Code: used to indicate completion status or other status information (section 22.13)
状态代码:用于指示完成状态或其他状态信息(第22.13节)
Server Identifier: used to identify the server responding to a client request (section 22.3)
服务器标识符:用于标识响应客户端请求的服务器(第22.3节)
Servers and relay agents implement the following options for stateless DHCP service; the section numbers in this list refer to the DHCP specification:
服务器和中继代理为无状态DHCP服务实现以下选项;此列表中的章节号参考DHCP规范:
Client message: sent by a DHCP relay agent in a Relay-forward message to carry the client message to a server (section 20)
客户端消息:由DHCP中继代理在中继转发消息中发送,以将客户端消息传送到服务器(第20节)
Server message: sent by a DHCP server in a Relay-reply message to carry a response message to the relay agent (section 20)
服务器消息:由DHCP服务器在中继回复消息中发送,以将响应消息传送给中继代理(第20节)
Interface-ID: sent by the DHCP relay agent and returned by the server to identify the interface to be used when forwarding a message to the client (section 22.18)
接口ID:由DHCP中继代理发送并由服务器返回,以标识将消息转发到客户端时要使用的接口(第22.18节)
Clients and servers use the following options to pass configuration information to clients; note that other options for configuration information may be specified in future Internet Standards:
客户端和服务器使用以下选项将配置信息传递给客户端;注意,配置信息的其他选项可能在未来的互联网标准中指定:
DNS Recursive Name Servers: specifies the DNS recursive name servers [7] the client uses for name resolution; see "DNS Configuration options for DHCPv6" [3]
DNS递归名称服务器:指定客户端用于名称解析的DNS递归名称服务器[7];请参阅“DHCPv6的DNS配置选项”[3]
DNS search list: specifies the domain names to be searched during name resolution; see "DNS Configuration options for DHCPv6" [3]
DNS搜索列表:指定名称解析时要搜索的域名;请参阅“DHCPv6的DNS配置选项”[3]
SIP Servers: specifies the SIP servers the client uses to obtain a list of domain names of IPv6 addresses that can be mapped to one or more SIP outbound proxy servers [5]
SIP服务器:指定客户端用于获取IPv6地址的域名列表的SIP服务器,这些地址可以映射到一个或多个SIP出站代理服务器[5]
Clients and servers may implement the following options for stateless DHCP service; the section numbers in this list refer to the DHCP specification:
客户端和服务器可以为无状态DHCP服务实现以下选项:;此列表中的章节号参考DHCP规范:
Preference: sent by a DHCP server to indicate the preference level for the server (section 22.8)
首选项:由DHCP服务器发送,以指示服务器的首选项级别(第22.8节)
Elapsed time: sent by a DHCP client to indicate the time since the client began the DHCP configuration process (section 22.9)
已用时间:由DHCP客户端发送,以指示自客户端开始DHCP配置过程以来的时间(第22.9节)
User Class: sent by a DHCP client to give additional information to the server for selecting configuration parameters for the client (section 22.15)
用户类:由DHCP客户端发送,为服务器选择客户端配置参数提供附加信息(第22.15节)
Vendor Class: sent by a DHCP client to give additional information about the client vendor and hardware to the server for selecting configuration parameters for the client (section 22.16)
供应商类:由DHCP客户端发送,向服务器提供有关客户端供应商和硬件的附加信息,以选择客户端的配置参数(第22.16节)
Vendor-specific Information: used to pass information to clients in options defined by vendors (section 22.17)
供应商特定信息:用于在供应商定义的选项中将信息传递给客户(第22.17节)
Client Identifier: sent by a DHCP client to identify itself (section 22.2). Clients are not required to send this option; servers send the option back if included in a message from a client
客户端标识符:由DHCP客户端发送以标识自身(第22.2节)。客户不需要发送此选项;如果包含在来自客户端的消息中,服务器会将选项发回
Authentication: used to provide authentication of DHCP messages (section 21)
身份验证:用于提供DHCP消息的身份验证(第21节)
In some networks, there may be both clients that are using stateless address autoconfiguration and DHCP for DNS configuration and clients that are using DHCP for stateful address configuration. Depending on the deployment and configuration of relay agents, DHCP servers that are intended only for stateless configuration may receive messages from clients that are performing stateful address configuration.
在某些网络中,可能既有使用无状态地址自动配置和DHCP进行DNS配置的客户端,也有使用DHCP进行有状态地址配置的客户端。根据中继代理的部署和配置,仅用于无状态配置的DHCP服务器可能会从正在执行有状态地址配置的客户端接收消息。
A DHCP server that is only able to provide stateless configuration information through an Information-request/Reply message exchange discards any other DHCP messages it receives. Specifically, the server discards any messages other than Information-Request or Relay-forward it receives, and the server does not participate in any stateful address configuration message exchanges. If there are other DHCP servers that are configured to provide stateful address assignment, one of those servers will provide the address assignment.
只能通过信息请求/回复消息交换提供无状态配置信息的DHCP服务器将丢弃其接收的任何其他DHCP消息。具体地说,服务器丢弃它接收到的信息请求或中继转发以外的任何消息,并且服务器不参与任何有状态地址配置消息交换。如果其他DHCP服务器配置为提供有状态地址分配,则其中一台服务器将提供地址分配。
Stateless DHCP service is a proper subset of the DHCP service described in the DHCP specification, RFC 3315 [1]. Therefore, stateless DHCP service introduces no additional security considerations beyond those discussed in sections 21, 22.11, and 23 of the DHCP specification [1].
无状态DHCP服务是DHCP规范RFC 3315[1]中描述的DHCP服务的适当子集。因此,无状态DHCP服务除了DHCP规范[1]第21、22.11和23节中讨论的内容外,没有引入其他安全注意事项。
Configuration information provided to a node through stateless DHCP service may be used to mount spoofing, man-in-the-middle, denial-of-service, and other attacks. These attacks are described in more detail in the specifications for each of the options that carry configuration information. Authenticated DHCP, as described in sections 21 and 22.11 of the DHCP specification [1], can be used to avoid attacks mounted through the stateless DHCP service.
通过无状态DHCP服务提供给节点的配置信息可用于装载欺骗、中间人、拒绝服务和其他攻击。这些攻击在包含配置信息的每个选项的规范中有更详细的描述。如DHCP规范[1]第21节和第22.11节所述,经过身份验证的DHCP可用于避免通过无状态DHCP服务装载的攻击。
Jim Bound, Ted Lemon, and Bernie Volz reviewed this document and contributed editorial suggestions. Thanks to Peter Barany, Tim Chown, Christian Huitema, Tatuya Jinmei, Pekka Savola, and Juha Wiljakka for their review and comments.
Jim Bound、Ted Lemon和Bernie Volz审查了该文件并提出了编辑建议。感谢Peter Barany、Tim Chown、Christian Huitema、Tatuya Jinmei、Pekka Savola和Juha Wiljakka的审查和评论。
[1] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, C. and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[1] Droms,R.,Ed.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。
[2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[2] Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,1998年12月。
[3] Droms, R., Ed., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003.
[3] Droms,R.,Ed.“IPv6动态主机配置协议(DHCPv6)的DNS配置选项”,RFC 3646,2003年12月。
[4] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998.
[4] Narten,T.,Nordmark,E.和W.Simpson,“IP版本6(IPv6)的邻居发现”,RFC24611998年12月。
[5] Schulzrinne, H. and B. Volz, "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers", RFC 3319, July 2003.
[5] Schulzrinne,H.和B.Volz,“会话启动协议(SIP)服务器的动态主机配置协议(DHCPv6)选项”,RFC 3319,2003年7月。
[6] Thomson, S. and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998.
[6] Thomson,S.和T.Narten,“IPv6无状态地址自动配置”,RFC 2462,1998年12月。
[7] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[7] Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[8] Aboba, B., "Detection of Network Attachment (DNA) in IPv4", Work in Progress.
[8] Aboba,B.,“IPv4中网络连接(DNA)的检测”,工作正在进行中。
Ralph Droms Cisco Systems 1414 Massachusetts Avenue Boxborough, MA 01719 USA
Ralph Droms Cisco Systems美国马萨诸塞州Boxborough马萨诸塞大道1414号,邮编01719
Phone: +1 978 497 4733 EMail: rdroms@cisco.com
Phone: +1 978 497 4733 EMail: rdroms@cisco.com
Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78 and except as set forth therein, the authors retain all their rights.
版权所有(C)互联网协会(2004年)。本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。