Internet Engineering Task Force (IETF) R. Droms Request for Comments: 6276 P. Thubert Category: Standards Track Cisco ISSN: 2070-1721 F. Dupont Internet Systems Consortium W. Haddad Ericsson C. Bernardos UC3M July 2011
Internet Engineering Task Force (IETF) R. Droms Request for Comments: 6276 P. Thubert Category: Standards Track Cisco ISSN: 2070-1721 F. Dupont Internet Systems Consortium W. Haddad Ericsson C. Bernardos UC3M July 2011
DHCPv6 Prefix Delegation for Network Mobility (NEMO)
DHCPv6网络移动性前缀授权(NEMO)
Abstract
摘要
One aspect of network mobility support is the assignment of a prefix or prefixes to a mobile router for use on the links in the mobile network. This document specifies how DHCPv6 prefix delegation can be used for this configuration task. The mobile router plays the role of requesting router, while the home agent assumes the role of delegating router. When the mobile router is outside its home network, the mobile router also assumes the role of DHCPv6 relay agent, co-located with the requesting router function.
网络移动性支持的一个方面是将前缀分配给移动路由器以在移动网络中的链路上使用。本文档指定如何将DHCPv6前缀委派用于此配置任务。移动路由器扮演请求路由器的角色,而归属代理承担委托路由器的角色。当移动路由器位于其家庭网络之外时,移动路由器还承担DHCPv6中继代理的角色,与请求路由器功能位于同一位置。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6276.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6276.
Copyright Notice
版权公告
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请审阅这些文件
carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
请仔细阅读,因为他们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. DHCPv6 Prefix Delegation of Mobile Network Prefixes . . . . . 4 3.1. Exchanging DHCPv6 Messages When the Mobile Router Is Not at Home . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.1. Relay Agent Configuration . . . . . . . . . . . . . . 7 3.1.2. Transmission of DHCPv6 Messages . . . . . . . . . . . 8 3.1.3. Receipt of DHCPv6 Messages . . . . . . . . . . . . . . 8 3.2. Exchanging DHCPv6 Messages When the Mobile Router Is at Home . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.3. Selecting a Home Agent That Provides DHCPv6PD . . . . . . 9 3.4. Minimizing DHCPv6PD Messages . . . . . . . . . . . . . . . 10 3.5. Other DHCPv6 Functions . . . . . . . . . . . . . . . . . . 10 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 6.2. Informative References . . . . . . . . . . . . . . . . . . 13
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. DHCPv6 Prefix Delegation of Mobile Network Prefixes . . . . . 4 3.1. Exchanging DHCPv6 Messages When the Mobile Router Is Not at Home . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.1. Relay Agent Configuration . . . . . . . . . . . . . . 7 3.1.2. Transmission of DHCPv6 Messages . . . . . . . . . . . 8 3.1.3. Receipt of DHCPv6 Messages . . . . . . . . . . . . . . 8 3.2. Exchanging DHCPv6 Messages When the Mobile Router Is at Home . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.3. Selecting a Home Agent That Provides DHCPv6PD . . . . . . 9 3.4. Minimizing DHCPv6PD Messages . . . . . . . . . . . . . . . 10 3.5. Other DHCPv6 Functions . . . . . . . . . . . . . . . . . . 10 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 6.2. Informative References . . . . . . . . . . . . . . . . . . 13
One aspect of network mobility support is the assignment of a prefix or prefixes to a mobile router for use on the links in Network Mobility (NEMO). DHCPv6 prefix delegation (DHCPv6PD) [RFC3633] can be used for this configuration task.
网络移动性支持的一个方面是将前缀分配给移动路由器,以便在网络移动性(NEMO)中的链路上使用。DHCPv6前缀委派(DHCPv6PD)[RFC3633]可用于此配置任务。
The model of operation of DHCPv6PD for prefix delegation is as follows [RFC3633]. A delegating router is provided IPv6 prefixes to be delegated to requesting routers. A requesting router requests prefix(es) from the delegating router. The delegating router chooses prefix(es) for delegation, and responds with prefix(es) to the requesting router. The requesting router is then responsible for the delegated prefix(es). Note that DHCPv6 options for prefix delegation defined in [RFC3633] have been defined for general use across routers, and not only for mobile routers running the NEMO Basic Support protocol [RFC3963].
前缀委派的DHCPv6PD操作模型如下[RFC3633]。委派路由器提供IPv6前缀以委派给请求路由器。请求路由器从委派路由器请求前缀。委派路由器为委派选择前缀,并用前缀响应请求路由器。然后,请求路由器负责委托的前缀。请注意,[RFC3633]中定义的前缀委派DHCPv6选项已定义为跨路由器的通用选项,而不仅仅适用于运行NEMO基本支持协议[RFC3963]的移动路由器。
To use DHCPv6PD as a prefix assignment mechanism in mobile networks, when the mobile router is located at home, the home agent assumes the role of the delegating router and the mobile router assumes the role
为了在移动网络中使用DHCPv6PD作为前缀分配机制,当移动路由器位于家中时,家代理承担委托路由器的角色,移动路由器承担该角色
of the requesting router. However, when the mobile router is away from home, in addition to the roles when the mobile router is located at home, the mobile router also assumes the role of a DHCPv6 relay agent co-located with the requesting router function.
请求路由器的名称。然而,当移动路由器不在家时,除了移动路由器位于家中时的角色外,移动路由器还承担与请求路由器功能共存的DHCPv6中继代理的角色。
The DHCPv6PD server running at the home agent is provisioned with prefixes to be assigned using any of the prefix assignment mechanisms described in the DHCPv6PD specification [RFC3633].
使用DHCPv6PD规范[RFC3633]中描述的任何前缀分配机制为在归属代理上运行的DHCPv6PD服务器分配前缀。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
The following terms used in this document are defined in the IPv6 Addressing Architecture document [RFC4291]:
本文档中使用的以下术语在IPv6寻址体系结构文档[RFC4291]中定义:
Link-Local Unicast address
链路本地单播地址
Link-Local Scope Multicast address
链路本地作用域多播地址
The following terms used in this document are defined in the Mobile IPv6 specification [RFC6275]:
本文档中使用的以下术语在移动IPv6规范[RFC6275]中有定义:
Home Agent (HA)
房屋署(房委会)
Home Link
主链接
Home Address (HoA)
家庭住址(HoA)
Care-of Address (CoA)
转交地址(CoA)
Binding Update (BU)
绑定更新(BU)
Binding Acknowledgement (BA)
具有约束力的确认书(BA)
The following terms used in this document are defined in the Mobile Network terminology document [RFC4885]:
本文档中使用的以下术语在移动网络术语文档[RFC4885]中定义:
Mobile Router (MR)
移动路由器(MR)
Mobile Network (NEMO)
移动网络(NEMO)
Mobile Network Prefix (MNP)
移动网络前缀(MNP)
The following terms used in this document are defined in the DHCPv6 [RFC3315] and DHCPv6 prefix delegation [RFC3633] specifications:
本文件中使用的以下术语在DHCPv6[RFC3315]和DHCPv6前缀委托[RFC3633]规范中定义:
Delegating Router (DR; acts as a DHCPv6 server)
委托路由器(DR;充当DHCPv6服务器)
Requesting Router (RR; acts as a DHCPv6 client)
请求路由器(RR;充当DHCPv6客户端)
DHCPv6 Relay Agent (DRA)
DHCPv6中继代理(DRA)
The following acronym is used in this document:
本文件中使用了以下首字母缩略词:
DHCPv6PD: DHCPv6 Prefix Delegation
DHCPv6PD:DHCPv6前缀委派
The NEMO Basic Support protocol [RFC3963] extends the Mobile IPv6 protocol [RFC6275] to enable network mobility. With the NEMO Basic Support protocol, a mobile router uses Mobile IPv6 to establish and maintain a session with its home agent and uses bidirectional tunneling between the mobile router and the home agent to provide a path through which nodes attached to links in the mobile network can maintain connectivity with nodes not in the NEMO.
NEMO基本支持协议[RFC3963]扩展了移动IPv6协议[RFC6275],以实现网络移动性。使用NEMO基本支持协议,移动路由器使用移动IPv6建立和维护与其归属代理的会话,并使用移动路由器和归属代理之间的双向隧道来提供路径,通过该路径连接到移动网络中的链路的节点可以与不在NEMO中的节点保持连接。
The requirements for Network Mobility [RFC4885] include the ability of the mobile router to receive delegated prefixes that can then be assigned to links in the mobile network. DHCPv6PD can be used to meet this requirement for prefix delegation.
网络移动性的要求[RFC4885]包括移动路由器接收委派前缀的能力,该前缀随后可分配给移动网络中的链路。DHCPv6PD可用于满足前缀委派的此要求。
To use DHCPv6PD for mobile networks, when the mobile router is located at home, the home agent assumes the role of the delegating router and the mobile router assumes the role of the requesting router. However, when the mobile router is away from home, in addition to the roles when the mobile router is located at home, the mobile router also assumes the role of a DHCPv6 relay agent co-located with the requesting router function.
为了在移动网络中使用DHCPv6PD,当移动路由器位于家中时,家代理承担委托路由器的角色,移动路由器承担请求路由器的角色。然而,当移动路由器不在家时,除了移动路由器位于家中时的角色外,移动路由器还承担与请求路由器功能共存的DHCPv6中继代理的角色。
When the mobile router is not at home, the home agent and the mobile router exchange DHCPv6PD protocol messages as specified in [RFC6275]. This means that the messages sent by the mobile router MUST include the Home Address destination option and messages sent by the home agent MUST make use of a Routing Header type 2. See Figure 1 for the deployment topologies when the MR is at home and when it is visiting a foreign network.
当移动路由器不在家时,家代理和移动路由器交换[RFC6275]中指定的DHCPv6PD协议消息。这意味着由移动路由器发送的消息必须包括归属地址目的地选项,并且由归属代理发送的消息必须使用路由头类型2。MR在家和访问外部网络时的部署拓扑见图1。
------ ------ | MR |----------------| HA | |(RR)| (home network) |(DR)| ------ ------
------ ------ | MR |----------------| HA | |(RR)| (home network) |(DR)| ------ ------
------- /-----------\ ------ | MR |----| Internet |-----| HA | |(RR) | \-----------/ |(DR)| |(DRA)| ------ ------- (visited network)
------- /-----------\ ------ | MR |----| Internet |-----| HA | |(RR) | \-----------/ |(DR)| |(DRA)| ------ ------- (visited network)
Figure 1: Deployment topologies of the use of DHCPv6PD for delegation of Mobile Network Prefixes
图1:DHCPv6PD用于移动网络前缀委派的部署拓扑
The DHCPv6PD server is provisioned with prefixes to be assigned using any of the prefix assignment mechanisms described in the DHCPv6PD specifications. Other updates to the home agent data structures required as a side effect of prefix delegation are specified by the particular network mobility protocol. For example, in the case of NEMO Basic Network Mobility Support [RFC3963], the HA would add an entry in its binding cache registering the delegated prefix to the mobile router to which the prefix was delegated.
DHCPv6PD服务器配置了要使用DHCPv6PD规范中描述的任何前缀分配机制分配的前缀。作为前缀委派的副作用所需的归属代理数据结构的其他更新由特定网络移动协议指定。例如,在NEMO基本网络移动性支持[RFC3963]的情况下,HA将在其绑定缓存中添加一个条目,将委派前缀注册到委派前缀的移动路由器。
The case when the mobile router is away from home is described in this section. Section 3.2 describes the protocol operation for the case when the mobile router is attached to its home link.
本节描述了移动路由器不在家的情况。第3.2节描述了移动路由器连接到其主链路时的协议操作。
The mobile router MUST register at the home agent (i.e., by sending a Binding Update to the home agent) before initiating a DHCPv6 message exchange for prefix delegation. The mobile router MUST use implicit BU signaling, since the mobile router may not have yet requested any prefixes.
在启动前缀委派的DHCPv6消息交换之前,移动路由器必须在归属代理处注册(即,通过向归属代理发送绑定更新)。移动路由器必须使用隐式BU信令,因为移动路由器可能尚未请求任何前缀。
If the mobile router does not have any active delegated prefixes (with unexpired leases), the mobile router MUST initiate a DHCPv6 message exchange with a DHCPv6 Solicit message as described in Section 17 of [RFC3315] and Section 11.1 of [RFC3633]. The delegating router at the home agent responds with an Advertise message. Then, the mobile router MUST request a set of prefixes by sending a Request message. The delegating router includes the delegated prefixes in a Reply message. Note that in this case, the mobile router has previously sent a Binding Update to the home agent without knowing yet the set of prefixes that it can use as mobile network prefixes. The home agent, upon reception of the implicit Binding Update from the mobile router, MUST select (in case this was
如果移动路由器没有任何活动的委托前缀(具有未过期的租约),则移动路由器必须按照[RFC3315]第17节和[RFC3633]第11.1节中的说明,使用DHCPv6请求消息启动DHCPv6消息交换。归属代理处的委托路由器以播发消息进行响应。然后,移动路由器必须通过发送请求消息来请求一组前缀。委派路由器在回复消息中包含委派前缀。注意,在这种情况下,移动路由器先前已向归属代理发送绑定更新,而不知道它可以用作移动网络前缀的前缀集。归属代理在接收到来自移动路由器的隐式绑定更新后,必须选择(在这种情况下)
not pre-configured already) the prefixes that would then be delegated to the mobile router via DHCPv6PD. The home agent, once the DHCPv6 signaling has been completed, MUST add an entry in its binding cache including the delegated prefixes.
(尚未预先配置)前缀,然后通过DHCPv6PD委托给移动路由器。DHCPv6信令完成后,归属代理必须在其绑定缓存中添加一个条目,包括委派的前缀。
In case the mobile router has one or more active delegated prefixes -- for example, as if the mobile router reboots or the mobile network prefix(es) currently used by the mobile router is about to expire -- the mobile router MUST initiate a DHCPv6 message exchange with a DHCPv6 Rebind message as described in Section 18.1.2 of [RFC3315] and Section 12.1 of [RFC3633].
如果移动路由器具有一个或多个活动的委托前缀(例如,移动路由器重新启动或移动路由器当前使用的移动网络前缀即将到期),则移动路由器必须按照[RFC3315]第18.1.2节中的说明,使用DHCPv6重新绑定消息启动DHCPv6消息交换以及[RFC3633]第12.1节。
A DHPCv6 relay agent function [RFC3315] MUST be used at the mobile router. This relay agent function is co-located in the mobile router with the DHCPv6 client function (see Figure 2). The DHCPv6 signaling between the mobile router and the home agent is exchanged between the DHCPv6 relay agent in the mobile router and the DHCPv6 server on the home agent. DHCPv6 messages from the mobile router to the home agent are unicast packets sent from the unicast home address of the mobile router to the global unicast address of the home agent, and therefore the Home Address destination option MUST be used. DHCPv6 replies from the home agent to the mobile router MUST be sent using the Routing Header type 2, as specified in [RFC6275]. The DHCPv6 client in the mobile router MUST hand any outbound DHCPv6 messages to the co-located relay agent. Responses from the DHCPv6 server are delivered to the relay agent function in the mobile router, which MUST extract the encapsulated message and deliver it to the DHCPv6 client in the mobile router.
必须在移动路由器上使用DHPCv6中继代理功能[RFC3315]。此中继代理功能与DHCPv6客户端功能位于移动路由器中(见图2)。移动路由器和归属代理之间的DHCPv6信令在移动路由器中的DHCPv6中继代理和归属代理上的DHCPv6服务器之间交换。从移动路由器到归属代理的DHCPv6消息是从移动路由器的单播归属地址发送到归属代理的全局单播地址的单播数据包,因此必须使用归属地址目的地选项。根据[RFC6275]中的规定,必须使用路由报头类型2将DHCPv6从归属代理发送到移动路由器。移动路由器中的DHCPv6客户端必须将任何出站DHCPv6消息传递给位于同一位置的中继代理。来自DHCPv6服务器的响应被传递到移动路由器中的中继代理功能,该功能必须提取封装的消息并将其传递到移动路由器中的DHCPv6客户端。
----------------------------- -------- | MR | | HA | | (RR) (DRA) | | (DR) | ---------------------------- -------- | | Binding Update | | |------------------------>| | | (HoA, CoA) | | | | | | Binding Ack | | |<------------------------| | | | | DHCPv6 Solicit | DHCPv6 Solicit | |..................>|--=====================->| | | | | DHCPv6 Advertise | DHCPv6 Advertise | |<..................|<-=====================--| | | | | DHCPv6 Request | DHCPv6 Request | |..................>|--=====================->| | | | | DHCPv6 Reply | DHCPv6 Reply | |<..................|<-=====================--| | | (Mobile Network Prefix) | | | |
----------------------------- -------- | MR | | HA | | (RR) (DRA) | | (DR) | ---------------------------- -------- | | Binding Update | | |------------------------>| | | (HoA, CoA) | | | | | | Binding Ack | | |<------------------------| | | | | DHCPv6 Solicit | DHCPv6 Solicit | |..................>|--=====================->| | | | | DHCPv6 Advertise | DHCPv6 Advertise | |<..................|<-=====================--| | | | | DHCPv6 Request | DHCPv6 Request | |..................>|--=====================->| | | | | DHCPv6 Reply | DHCPv6 Reply | |<..................|<-=====================--| | | (Mobile Network Prefix) | | | |
Figure 2: Signaling sequence when the mobile router is not at home
图2:移动路由器不在家时的信令序列
Note that a mobile router using DHCPv6PD to obtain the set of prefixes to be used as mobile network prefixes cannot derive its home address from one of its mobile network prefix(es) (as the mobile router does not know them before registering to the home agent). Therefore, the mobile router MUST assign its home address from the prefix on its Home Link.
请注意,使用DHCPv6PD来获取用作移动网络前缀的前缀集的移动路由器不能从其移动网络前缀之一导出其归属地址(因为移动路由器在注册到归属代理之前不知道它们)。因此,移动路由器必须根据其主链路上的前缀分配其主地址。
The use of the relay agent function in the mobile router allows the mobile router to unicast DHCPv6 messages to the DHCPv6 server. The relay agent MUST be configured with the address of the DHCPv6 server. For the purposes of this specification, the relay agent assumes that the home agent for the mobile router hosts the DHCPv6 server. Therefore, the mobile router MUST configure the DHCPv6 relay agent to forward DHCPv6 messages to the home agent.
在移动路由器中使用中继代理功能允许移动路由器将DHCPv6消息单播到DHCPv6服务器。中继代理必须使用DHCPv6服务器的地址进行配置。出于本规范的目的,中继代理假定移动路由器的归属代理托管DHCPv6服务器。因此,移动路由器必须配置DHCPv6中继代理将DHCPv6消息转发给归属代理。
The DHCPv6 specification supports in certain scenarios the use of unicast between the client and the server. However, its use presents some difficulties, as the client has to first receive a Server Unicast option (Section 22.12 of [RFC3315]) from the server, which
DHCPv6规范在某些情况下支持在客户端和服务器之间使用单播。但是,它的使用存在一些困难,因为客户端必须首先从服务器接收服务器单播选项(RFC3315的第22.12节),这是
means that a Solicit/Advertise message exchange is required in advance. That signaling exchange would require the presence of a relay agent on the mobile router, and therefore little gain would be achieved in this case from the use of the Server Unicast option.
表示需要提前进行请求/广告消息交换。该信令交换将需要在移动路由器上存在中继代理,因此在这种情况下,使用服务器单播选项几乎不会获得任何收益。
When the DHCPv6 client in the mobile router sends a message, it MUST hand the message to the DHCPv6 relay agent in the mobile router. The way in which the message is passed to the DHCP relay agent is beyond the scope of this document. The relay agent encapsulates the message from the client according to [RFC3315] in a Relay-forward message and sends the resulting DHCPv6 message to the home agent. The relay agent sets the fields in the Relay-forward message as follows:
当移动路由器中的DHCPv6客户端发送消息时,它必须将消息传递给移动路由器中的DHCPv6中继代理。消息传递给DHCP中继代理的方式超出了本文档的范围。中继代理根据[RFC3315]将来自客户端的消息封装在中继转发消息中,并将生成的DHCPv6消息发送给归属代理。中继代理按如下方式设置中继转发消息中的字段:
msg-type RELAY-FORW
msg型继电器-FORW
hop-count 1
跳数1
link-address The home address of the mobile router
链路地址移动路由器的主地址
peer-address The home address of the mobile router
对等地址移动路由器的家庭地址
options MUST include a "Relay Message option" [RFC3315]; MAY include other options added by the relay agent.
选项必须包括“中继消息选项”[RFC3315];可能包括中继代理添加的其他选项。
Messages from the DHCPv6 server will be returned to the DHCPv6 relay agent, with the message for the DHCPv6 client encapsulated in the Relay Message option [RFC3315] in a Relay-reply message. The relay agent function MUST extract the message for the client from the Relay Message option and hand the message to the DHCPv6 client in the mobile router. The way in which the message is passed to the client is beyond the scope of this document.
来自DHCPv6服务器的消息将返回给DHCPv6中继代理,DHCPv6客户端的消息封装在中继回复消息中的中继消息选项[RFC3315]中。中继代理功能必须从中继消息选项提取客户端的消息,并将消息传递给移动路由器中的DHCPv6客户端。消息传递给客户机的方式超出了本文档的范围。
When the mobile router is on its home link, the home agent MUST use the home link to exchange DHCPv6PD messages with the mobile router (Figure 3). In this case, the DHCPv6 co-located relay function MUST be disabled. It is the responsibility of the implementation to determine when the mobile router is on its home link. The Home Link Detection mechanism is described in Section 11.5.2 of [RFC6275].
当移动路由器位于其主链路上时,主代理必须使用主链路与移动路由器交换DHCPv6PD消息(图3)。在这种情况下,必须禁用DHCPv6共位继电器功能。实现的责任是确定移动路由器何时位于其主链路上。[RFC6275]第11.5.2节描述了主链路检测机制。
-------- -------- | MR | | HA | | (RR) | | (DR) | -------- -------- | | | DHCPv6 Solicit | |------------------------>| | | | DHCPv6 Advertise | |<------------------------| | | | DHCPv6 Request | |------------------------>| | | | DHCPv6 Reply | |<------------------------| | (Mobile Network Prefix) | | |
-------- -------- | MR | | HA | | (RR) | | (DR) | -------- -------- | | | DHCPv6 Solicit | |------------------------>| | | | DHCPv6 Advertise | |<------------------------| | | | DHCPv6 Request | |------------------------>| | | | DHCPv6 Reply | |<------------------------| | (Mobile Network Prefix) | | |
Figure 3: Signaling sequence for the case the home agent is at home
图3:归属代理在家的情况下的信令序列
Not all nodes that are willing to act as a home agent are required to provide DHCPv6PD. Therefore, when selecting a home agent, a mobile router that requires DHCPv6PD service MUST identify a home agent that will provide the service. The mobile router can determine if a home agent provides DHCPv6PD by initiating a DHCPv6 message exchange (i.e., sending a Solicit message) in which the mobile router requests delegated prefix(es). If the home agent does not respond or responds but does not delegate any prefix(es) in its response, the mobile router assumes that the home agent does not provide DHCPv6PD service. The mobile router continues to query all candidate home agents until it finds one that provides DHCPv6PD. Note that in this particular case and if the mobile router is away from home, the mobile router has to have already performed a Mobile IPv6 registration with the home agent it queries.
并非所有愿意充当归属代理的节点都需要提供DHCPv6PD。因此,在选择归属代理时,需要DHCPv6PD服务的移动路由器必须识别将提供该服务的归属代理。移动路由器可以通过发起DHCPv6消息交换(即,发送请求消息)来确定归属代理是否提供DHCPv6PD,其中移动路由器请求委托前缀。如果归属代理不响应,但在其响应中不委派任何前缀,则移动路由器假定归属代理不提供DHCPv6PD服务。移动路由器继续查询所有候选家庭代理,直到找到一个提供DHCPv6PD的代理。注意,在这种特殊情况下,如果移动路由器不在家,则移动路由器必须已经向其查询的归属代理执行了移动IPv6注册。
Querying a home agent to determine if it provides DHCPv6PD requires different operational variables than those recommended by the DHCPv6 specification. [RFC3315] recommends that under normal circumstances, a host will continue to send DHCPv6 Solicit messages until it receives a response (see Section 17 of [RFC3315]), i.e., the Maximum Retransmission Duration (MRD) and Maximum Retransmission Count (MRC) are both set to zero. However, a home agent may not respond to the Solicit messages from the mobile router because the home agent does not support DHCPv6 prefix delegation. Therefore, when querying a home agent to determine if the home agent provides DHCPv6PD service,
查询归属代理以确定其是否提供DHCPv6PD需要不同于DHCPv6规范建议的操作变量。[RFC3315]建议在正常情况下,主机将继续发送DHCPv6请求消息,直到收到响应为止(请参阅[RFC3315]第17节),即最大重传持续时间(MRD)和最大重传计数(MRC)均设置为零。然而,归属代理可能不响应来自移动路由器的请求消息,因为归属代理不支持DHCPv6前缀委派。因此,当查询归属代理以确定归属代理是否提供DHCPv6PD服务时,
it is RECOMMENDED that MRD and MRC be set to non-zero values so that the mobile router discontinues sending Solicit messages to the home agent after sending 6 Solicit messages, and conclude that the home agent will not provide DHCPv6PD service. Sending 6 queries provides enough reliability for scenarios in which the wireless connectivity is lost for a short period after sending the first Binding Update message.
建议将MRD和MRC设置为非零值,以便移动路由器在发送6条请求消息后停止向归属代理发送请求消息,并得出归属代理将不提供DHCPv6PD服务的结论。在发送第一条绑定更新消息后短时间内无线连接丢失的情况下,发送6个查询提供了足够的可靠性。
It is RECOMMENDED that the mobile router uses a sequential probing of the home agents for DHCPv6PD service.
建议移动路由器使用DHCPv6PD服务的家庭代理的顺序探测。
The use DHCPv6PD in a mobile network can be combined with the Rapid Commit option [RFC3315] to provide DHCPv6 prefix delegation with a two-message exchange between the mobile router and the DHCPv6PD delegating router.
在移动网络中使用DHCPv6PD可与快速提交选项[RFC3315]相结合,以在移动路由器和DHCPv6PD委托路由器之间提供DHCPv6前缀委托,并进行两次消息交换。
The DHCPv6 messages exchanged between the mobile router and the home agent MAY also be used for other DHCPv6 functions in addition to DHCPv6PD. For example, the home agent MAY assign global addresses to the mobile router and MAY pass other configuration information such as a list of available DNS recursive name servers [RFC3646] to the mobile router using the same DHCPv6 messages as used for DHCPv6PD.
除了DHCPv6PD之外,移动路由器和归属代理之间交换的DHCPv6消息还可用于其他DHCPv6功能。例如,归属代理可以将全局地址分配给移动路由器,并且可以使用与DHCPv6PD相同的DHCPv6消息将诸如可用DNS递归名称服务器的列表[RFC3646]的其他配置信息传递给移动路由器。
The home agent MAY act as a DHCPv6 relay agent for mobile nodes while it acts as a delegating router for mobile routers.
归属代理可以充当移动节点的DHCPv6中继代理,同时充当移动路由器的委托路由器。
This document describes the use of DHCPv6 for prefix delegation in mobile networks. In addition to the security considerations for DHCPv6 described in the "Security Considerations" section of the DHCPv6 base specification [RFC3315] and the "Security Considerations" of the DHCPv6 Prefix Delegation specification [RFC3633], there are two aspects that need to be considered.
本文档描述了在移动网络中使用DHCPv6进行前缀委派。除了DHCPv6基本规范[RFC3315]的“安全注意事项”部分中描述的DHCPv6的安全注意事项和DHCPv6前缀委派规范[RFC3633]的“安全注意事项”之外,还需要考虑两个方面。
First, the NEMO Basic Support specification requires the home agent to prevent a mobile router from claiming mobile network prefixes belonging to another mobile router. Upon reception of an implicit Binding Update from a mobile router, the home agent MUST only add prefixes into the mobile router's Binding Cache Entry if the mobile router has a valid DHCPv6 Prefix Delegation lease for said prefixes. If the mobile router does not have a valid DHCPv6 Prefix Delegation lease, the home agent MUST NOT add any prefixes into the mobile router's Binding Cache Entry. Upon the mobile router obtaining a
首先,NEMO基本支持规范要求归属代理阻止移动路由器声明属于另一个移动路由器的移动网络前缀。在接收到来自移动路由器的隐式绑定更新时,如果移动路由器具有用于所述前缀的有效DHCPv6前缀委托租约,则归属代理必须仅将前缀添加到移动路由器的绑定缓存条目中。如果移动路由器没有有效的DHCPv6前缀委派租约,则归属代理不得将任何前缀添加到移动路由器的绑定缓存条目中。当移动路由器获得
valid DHCPv6 Prefix Delegation lease for a given set of prefixes, the home agent MUST add these prefixes to the mobile router's Binding Cache Entry. This avoids the home agent forwarding traffic addressed to prefixes that have not been yet delegated to the mobile router.
对于给定的一组前缀,归属代理必须将这些前缀添加到移动路由器的绑定缓存项中。这避免了归属代理转发地址为尚未委托给移动路由器的前缀的流量。
The use of DHCPv6, as described in this document, requires message integrity protection and source authentication. When the mobile router is at home, normal DHCPv6 operation is used between the mobile router and the home agent and therefore this specification does not add any new security issue. While the mobile router is away from home, the IPsec security mechanism mandated by Mobile IPv6 [RFC3776] MUST be used to secure the DHCPv6 signaling. In the following, we describe the Security Policy Database (SPD) and Security Association Database (SAD) entries necessary to protect the DHCPv6 signaling. We use the same format used by [RFC4877]. The SPD and SAD entries are only example configurations. A particular mobile router implementation and a home agent implementation could configure different SPD and SAD entries as long as they provide the required security of the DHCPv6 signaling messages.
如本文档所述,使用DHCPv6需要消息完整性保护和源身份验证。当移动路由器在家中时,在移动路由器和归属代理之间使用正常的DHCPv6操作,因此本规范不会添加任何新的安全问题。当移动路由器不在家时,必须使用移动IPv6[RFC3776]规定的IPsec安全机制来保护DHCPv6信令。在下文中,我们将介绍保护DHCPv6信令所需的安全策略数据库(SPD)和安全关联数据库(SAD)条目。我们使用与[RFC4877]相同的格式。SPD和SAD条目只是示例配置。特定的移动路由器实现和归属代理实现可以配置不同的SPD和SAD条目,只要它们提供DHCPv6信令消息所需的安全性。
For the examples described in this document, a mobile router with home address "home_address_1", and a home agent with address "home_agent_1" are assumed. If the home address of the mobile router changes, the SPD and SAD entries need to be re-created or updated for the new home address.
对于本文档中描述的示例,假设具有家庭地址“home_address_1”的移动路由器和具有地址“home_agent_1”的家庭代理。如果移动路由器的家庭地址发生变化,则需要为新的家庭地址重新创建或更新SPD和SAD条目。
mobile router SPD-S: - IF local_address = home_address_1 & remote_address = home_agent_1 & proto = UDP & local_port = any & remote_port = DHCP Then use SA1 (OUT) and SA2 (IN)
mobile router SPD-S: - IF local_address = home_address_1 & remote_address = home_agent_1 & proto = UDP & local_port = any & remote_port = DHCP Then use SA1 (OUT) and SA2 (IN)
mobile router SAD: - SA1(OUT, spi_a, home_agent_1, ESP, TRANSPORT): local_address = home_address_1 & remote_address = home_agent_1 & proto = UDP & remote_port = DHCP - SA2(IN, spi_b, home_address_1, ESP, TRANSPORT): local_address = home_agent_1 & remote_address = home_address_1 & proto = UDP & local_port = DHCP
mobile router SAD: - SA1(OUT, spi_a, home_agent_1, ESP, TRANSPORT): local_address = home_address_1 & remote_address = home_agent_1 & proto = UDP & remote_port = DHCP - SA2(IN, spi_b, home_address_1, ESP, TRANSPORT): local_address = home_agent_1 & remote_address = home_address_1 & proto = UDP & local_port = DHCP
home agent SPD-S: - IF local_address = home_agent_1 & remote_address = homa_address_1 & proto = UDP & local_port = DHCP & remote_port = any Then use SA2 (OUT) and SA1 (IN)
home agent SPD-S: - IF local_address = home_agent_1 & remote_address = homa_address_1 & proto = UDP & local_port = DHCP & remote_port = any Then use SA2 (OUT) and SA1 (IN)
home agent SAD: - SA2(OUT, spi_b, home_address_1, ESP, TRANSPORT): local_address = home_agent_1 & remote_address = home_address_1 & proto = UDP & local_port = DHCP - SA1(IN, spi_a, home_agent_1, ESP, TRANSPORT): local_address = home_address_1 & remote_address = home_agent_1 & proto = UDP & remote_port = DHCP
home agent SAD: - SA2(OUT, spi_b, home_address_1, ESP, TRANSPORT): local_address = home_agent_1 & remote_address = home_address_1 & proto = UDP & local_port = DHCP - SA1(IN, spi_a, home_agent_1, ESP, TRANSPORT): local_address = home_address_1 & remote_address = home_agent_1 & proto = UDP & remote_port = DHCP
The authors would like to thank people who have given valuable comments on the mailing list. Specific suggestions from Ryuji Wakikawa, George Tsirtsis, Alexandru Petrescu, Vijay Devarapalli, and Marcelo Bagnulo were incorporated into this document.
作者要感谢那些在邮件列表上给出宝贵意见的人。Wakikawa Ryuji、George Tsirtsis、Alexandru Petrescu、Vijay Devarapalli和Marcelo Bagnulo的具体建议已纳入本文件。
The authors would like to thank Julien Laganier, Michaela Vanderveen, and Jean-Michel Combes for their review of previous versions of this document.
作者感谢Julien Laganier、Michaela Vanderveen和Jean-Michel Combes对本文件先前版本的审查。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3315]Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.
[RFC3633]Troan,O.和R.Droms,“动态主机配置协议(DHCP)版本6的IPv6前缀选项”,RFC 3633,2003年12月。
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003.
[RFC3646]Droms,R.,“IPv6动态主机配置协议(DHCPv6)的DNS配置选项”,RFC 36462003年12月。
[RFC3776] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents", RFC 3776, June 2004.
[RFC3776]Arkko,J.,Devarapalli,V.,和F.Dupont,“使用IPsec保护移动节点和家庭代理之间的移动IPv6信令”,RFC 37762004年6月。
[RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A., and P. Thubert, "Network Mobility (NEMO) Basic Support Protocol", RFC 3963, January 2005.
[RFC3963]Devarapalli,V.,Wakikawa,R.,Petrescu,A.,和P.Thubert,“网络移动(NEMO)基本支持协议”,RFC 3963,2005年1月。
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.
[RFC4291]Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 42912006年2月。
[RFC4877] Devarapalli, V. and F. Dupont, "Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture", RFC 4877, April 2007.
[RFC4877]Devarapalli,V.和F.Dupont,“使用IKEv2的移动IPv6操作和修订的IPsec架构”,RFC 4877,2007年4月。
[RFC6275] Perkins, C., Johnson, D., and J. Arkko, "Mobility Support in IPv6", RFC 6275, July 2011.
[RFC6275]Perkins,C.,Johnson,D.,和J.Arkko,“IPv6中的移动支持”,RFC 62752011年7月。
[RFC4885] Ernst, T. and H-Y. Lach, "Network Mobility Support Terminology", RFC 4885, July 2007.
[RFC4885]Ernst,T.和H-Y.Lach,“网络移动性支持术语”,RFC 48852007年7月。
Authors' Addresses
作者地址
Ralph Droms Cisco 1414 Massachusetts Avenue Boxborough, MA 01719 USA
美国马萨诸塞州伯斯堡马萨诸塞大道1414号,邮编01719
Phone: +1 978.936.1674 EMail: rdroms@cisco.com
Phone: +1 978.936.1674 EMail: rdroms@cisco.com
Pascal Thubert Cisco Village d'Entreprises Green Side 400, Avenue Roumanille Biot - Sophia Antipolis 06410 FRANCE
法国索菲亚安提波利斯市鲁曼尼尔比奥大道400号帕斯卡·苏伯特·思科绿边企业村06410
EMail: pthubert@cisco.com
EMail: pthubert@cisco.com
Francis Dupont Internet Systems Consortium
弗朗西斯·杜邦互联网系统联盟
EMail: fdupont@isc.org
EMail: fdupont@isc.org
Wassim Haddad Ericsson 6210 Spine Road Boulder, CO 80301 USA
Wassim Haddad Ericsson 6210 Spine Road Boulder,美国科罗拉多州80301
Phone: +1 303.473.6963 EMail: Wassim.Haddad@ericsson.com
Phone: +1 303.473.6963 EMail: Wassim.Haddad@ericsson.com
Carlos J. Bernardos Universidad Carlos III de Madrid Av. Universidad, 30 Leganes, Madrid 28911 Spain
卡洛斯·J·贝尔纳多斯大学卡洛斯三世马德里大道。西班牙马德里勒冈30号大学28911
Phone: +34 91624 6236 EMail: cjbc@it.uc3m.es URI: http://www.it.uc3m.es/cjbc/
Phone: +34 91624 6236 EMail: cjbc@it.uc3m.es URI: http://www.it.uc3m.es/cjbc/