Internet Engineering Task Force (IETF)                          N. Swamy
Request for Comments: 6842                                 Samsung India
Updates: 2131                                                G. Halwasia
Category: Standards Track                                    P. Jhingran
ISSN: 2070-1721                                            Cisco Systems
                                                            January 2013
        
Internet Engineering Task Force (IETF)                          N. Swamy
Request for Comments: 6842                                 Samsung India
Updates: 2131                                                G. Halwasia
Category: Standards Track                                    P. Jhingran
ISSN: 2070-1721                                            Cisco Systems
                                                            January 2013
        

Client Identifier Option in DHCP Server Replies

DHCP服务器应答中的客户端标识符选项

Abstract

摘要

This document updates RFC 2131 "Dynamic Host Configuration Protocol" by addressing the issues arising from that document's specification that the server MUST NOT return the 'client identifier' option to the client.

本文档更新了RFC 2131“动态主机配置协议”,解决了该文档规范中出现的问题,即服务器不得向客户端返回“客户端标识符”选项。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6842.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6842.

Copyright Notice

版权公告

Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................2
      1.1. Requirements Language ......................................2
   2. Problem Statement ...............................................2
   3. Modification to RFC 2131 ........................................3
   4. Security Considerations .........................................4
   5. Acknowledgments .................................................4
   6. Normative References ............................................4
        
   1. Introduction ....................................................2
      1.1. Requirements Language ......................................2
   2. Problem Statement ...............................................2
   3. Modification to RFC 2131 ........................................3
   4. Security Considerations .........................................4
   5. Acknowledgments .................................................4
   6. Normative References ............................................4
        
1. Introduction
1. 介绍

The Dynamic Host Configuration Protocol (DHCP) defined in [RFC2131] provides configuration parameters to hosts on an IP-based network. DHCP is built on a client-server model, where designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured hosts.

[RFC2131]中定义的动态主机配置协议(DHCP)为基于IP的网络上的主机提供配置参数。DHCP建立在客户机-服务器模型上,在该模型中,指定的DHCP服务器分配网络地址并将配置参数传递给动态配置的主机。

The changes to [RFC2131] defined in this document clarify the use of the 'client identifier' option by the DHCP servers. The clarification addresses the issues (as mentioned in Problem Statement) arising out of the point specified by [RFC2131] that the server MUST NOT return the 'client identifier' option to the client.

本文档中定义的对[RFC2131]的更改澄清了DHCP服务器对“客户端标识符”选项的使用。该澄清解决了[RFC2131]规定的服务器不得向客户端返回“客户端标识符”选项的问题(如问题陈述中所述)。

1.1. Requirements Language
1.1. 需求语言

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

2. Problem Statement
2. 问题陈述

[RFC2131] specifies that a combination of 'client identifier' or 'chaddr' and assigned network address constitute a unique identifier for the client's lease and are used by both the client and server to identify a lease referred in any DHCP messages. [RFC2131] also specifies that the server MUST NOT return the 'client identifier' option in DHCPOFFER and DHCPACK messages. Furthermore, DHCP relay agents and servers implementing [RFC2131] MAY drop the DHCP packets in the absence of both the 'client identifier' and 'chaddr' option.

[RFC2131]指定“客户端标识符”或“chaddr”与分配的网络地址的组合构成客户端租约的唯一标识符,并由客户端和服务器用于标识任何DHCP消息中引用的租约。[RFC2131]还指定服务器不得在DHCPOFFER和DHCPACK消息中返回“客户端标识符”选项。此外,实现[RFC2131]的DHCP中继代理和服务器可以在没有“客户端标识符”和“chaddr”选项的情况下丢弃DHCP数据包。

In some cases, a client may not have a valid hardware address to populate the 'chaddr' field and may set the field to all zeroes. One such example is when DHCP is used to assign an IP address to a mobile phone or a tablet and where the 'chaddr' field is set to zero in DHCP request packets. In such cases, the client usually sets the 'client

在某些情况下,客户端可能没有有效的硬件地址来填充“chaddr”字段,并且可能会将该字段设置为全零。一个这样的例子是,当使用DHCP为移动电话或平板电脑分配IP地址时,DHCP请求数据包中的“chaddr”字段设置为零。在这种情况下,客户机通常设置“客户机”

identifier' option field (to a value as permitted in [RFC2131]), and both the client and server use this field to uniquely identify the client with in a subnet.

标识符的选项字段(设置为[RFC2131]中允许的值),客户端和服务器都使用此字段来唯一标识子网中的客户端。

Note that due to aforementioned recommendations in [RFC2131], valid downstream DHCP packets (DHCPOFFER, DHCPACK, and DHCPNAK) from the server MAY get dropped at the DHCP relay agent in the absence of the 'client identifier' option when the 'chaddr' field is set to zero.

注意,由于[RFC2131]中的上述建议,当“chaddr”字段设置为零时,在没有“客户端标识符”选项的情况下,来自服务器的有效下游DHCP数据包(DHCPOFFER、DHCPACK和DHCPNAK)可能会在DHCP中继代理处丢弃。

The problem may get aggravated when a client receives a response from the server without 'client identifier' and with the 'chaddr' value set to zero, as it cannot guarantee that the response is intended for it. This is due to the fact that even though the 'xid' field is present to map responses with requests, this field alone cannot guarantee that a particular response is for a particular client, as 'xid' values generated by multiple clients within a subnet need not be unique.

当客户端收到来自服务器的响应时,如果没有“客户端标识符”,并且“chaddr”值设置为零,则问题可能会加剧,因为它无法保证响应是针对它的。这是因为,即使存在“xid”字段来映射响应与请求,但仅此字段不能保证特定响应针对特定客户端,因为子网内多个客户端生成的“xid”值不必是唯一的。

Lack of the 'client identifier' option in DHCP reply messages also affects the scenario where multiple DHCP clients may be running on the same host sharing the same 'chaddr'.

DHCP回复消息中缺少“客户端标识符”选项也会影响多个DHCP客户端可能在共享相同“chaddr”的同一主机上运行的场景。

This document attempts to address these problems faced by the DHCP relay agent and client by proposing modification to DHCP server behavior. The solution specified in this document is in line with DHCPv6 [RFC3315] where the server always includes the Client Identifier option in the Reply messages.

本文档试图通过修改DHCP服务器行为来解决DHCP中继代理和客户端面临的这些问题。本文档中指定的解决方案符合DHCPv6[RFC3315],其中服务器在回复消息中始终包含客户机标识符选项。

The requirement for DHCP servers not to return the 'client identifier' option was made purely to conserve the limited space in the packet. It is possible, though unlikely, that clients will drop packets that contain this formerly unexpected option. There are no known client implementations that will drop packets, but the benefit provided by this change outweighs any small risk of such behavior. More harm is being done by not having the 'client identifier' option present than might be done by adding it now.

DHCP服务器不返回“客户端标识符”选项的要求纯粹是为了节省数据包中的有限空间。客户端可能(尽管可能性不大)丢弃包含此以前意外选项的数据包。没有已知的客户机实现会丢弃数据包,但这种更改带来的好处超过了这种行为的任何小风险。与现在添加“客户端标识符”选项相比,不存在“客户端标识符”选项所造成的危害更大。

3. Modification to RFC 2131
3. 对RFC 2131的修改

If the 'client identifier' option is present in a message received from a client, the server MUST return the 'client identifier' option, unaltered, in its response message.

如果从客户端接收的消息中存在“客户端标识符”选项,则服务器必须在其响应消息中返回未更改的“客户端标识符”选项。

The following table is extracted from Section 4.3.1 of [RFC2131] and relevant fields are modified accordingly to overcome the problems mentioned in this document.

下表摘自[RFC2131]第4.3.1节,并对相关字段进行了相应修改,以克服本文件中提到的问题。

   Option                    DHCPOFFER    DHCPACK            DHCPNAK
   ------                    ---------    -------            -------
   Client identifier (if     MUST         MUST               MUST
     sent by client)
   Client identifier (if     MUST NOT     MUST NOT           MUST NOT
     not sent by client)
        
   Option                    DHCPOFFER    DHCPACK            DHCPNAK
   ------                    ---------    -------            -------
   Client identifier (if     MUST         MUST               MUST
     sent by client)
   Client identifier (if     MUST NOT     MUST NOT           MUST NOT
     not sent by client)
        

When a client receives a DHCP message containing a 'client identifier' option, the client MUST compare that client identifier to the one it is configured to send. If the two client identifiers do not match, the client MUST silently discard the message.

当客户端接收到包含“客户端标识符”选项的DHCP消息时,客户端必须将该客户端标识符与其配置为发送的标识符进行比较。如果两个客户端标识符不匹配,则客户端必须以静默方式丢弃消息。

4. Security Considerations
4. 安全考虑

This specification does not add any new security considerations other than the ones already mentioned in [RFC2131]. It is worth noting that DHCP clients routinely connect to different IP networks managed by different network providers. DHCP clients have no a priori knowledge of which network they are connecting to. Consequently, the client identifier will, by definition, be routinely shared with network operators and could be used in ways that violate the user's privacy. This is a problem that existed in [RFC2131]. This document does nothing to address this problem.

除了[RFC2131]中已经提到的安全注意事项外,本规范没有添加任何新的安全注意事项。值得注意的是,DHCP客户端通常连接到由不同网络提供商管理的不同IP网络。DHCP客户端对于他们连接到的网络没有先验知识。因此,根据定义,客户端标识符将定期与网络运营商共享,并可能以侵犯用户隐私的方式使用。这是[RFC2131]中存在的问题。本文件对解决这一问题没有任何作用。

5. Acknowledgments
5. 致谢

The authors would like to thank Bernie Volz, Ted Lemon, Barr Hibbs, Richard Johnson, Barry Leiba, Stephen Farrell, and Adrian Farrel for insightful discussions and review.

作者要感谢Bernie Volz、Ted Lemon、Barr Hibbs、Richard Johnson、Barry Leiba、Stephen Farrell和Adrian Farrel的深入讨论和评论。

6. Normative References
6. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.

[RFC2131]Droms,R.,“动态主机配置协议”,RFC21311997年3月。

[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.

[RFC3315]Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。

Authors' Addresses

作者地址

Narasimha Swamy Nelakuditi Samsung India Block-B, Bagmane Lakeview, 66/1, Bagmane Tech Park, Byrasandra, C.V. Raman Nagar, Bangalore, 560093 India

Narasimha Swamy Nelakuditi三星印度B区,巴格曼湖景,巴格曼科技园66/1,Byrasandra,C.V.Raman Nagar,班加罗尔,560093印度

   Phone: +91 80 4181 9999
   EMail: nn.swamy@samsung.com
        
   Phone: +91 80 4181 9999
   EMail: nn.swamy@samsung.com
        

Gaurav Halwasia Cisco Systems SEZ Unit, Cessna Business Park Sarjapur Marathalli Outer Ring Road Bangalore, 560103 India

印度班加罗尔塞斯纳商业园Sarjapur Marathalli外环路高拉夫哈瓦西亚思科系统经济特区分部,560103

   Phone: +91 80 4426 1321
   EMail: ghalwasi@cisco.com
        
   Phone: +91 80 4426 1321
   EMail: ghalwasi@cisco.com
        

Prashant Jhingran Cisco Systems SEZ Unit, Cessna Business Park Sarjapur Marathalli Outer Ring Road Bangalore, 560103 India

印度班加罗尔塞斯纳商业园Sarjapur Maratalli外环路Prashant Jhingran思科系统经济特区部门,邮编560103

   Phone: +91 80 4426 1800
   EMail: pjhingra@cisco.com
        
   Phone: +91 80 4426 1800
   EMail: pjhingra@cisco.com