Internet Engineering Task Force (IETF) A. Matsumoto
Request for Comments: 7078 T. Fujisaki
Category: Standards Track NTT
ISSN: 2070-1721 T. Chown
University of Southampton
January 2014
Internet Engineering Task Force (IETF) A. Matsumoto
Request for Comments: 7078 T. Fujisaki
Category: Standards Track NTT
ISSN: 2070-1721 T. Chown
University of Southampton
January 2014
Distributing Address Selection Policy Using DHCPv6
使用DHCPv6分发地址选择策略
Abstract
摘要
RFC 6724 defines default address selection mechanisms for IPv6 that allow nodes to select an appropriate address when faced with multiple source and/or destination addresses to choose between. RFC 6724 allows for the future definition of methods to administratively configure the address selection policy information. This document defines a new DHCPv6 option for such configuration, allowing a site administrator to distribute address selection policy overriding the default address selection parameters and policy table, and thus allowing the administrator to control the address selection behavior of nodes in their site.
RFC 6724定义了IPv6的默认地址选择机制,允许节点在面临多个源地址和/或目标地址时选择适当的地址。RFC 6724允许将来定义用于管理配置地址选择策略信息的方法。本文档为此类配置定义了一个新的DHCPv6选项,允许站点管理员分发地址选择策略,覆盖默认的地址选择参数和策略表,从而允许管理员控制其站点中节点的地址选择行为。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7078.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7078.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从该文档中提取的代码组件必须
include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
包括信托法律条款第4.e节中所述的简化BSD许可证文本,且不提供简化BSD许可证中所述的担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
[RFC6724] describes default algorithms for selecting an address when a node has multiple destination and/or source addresses to choose from by using an address selection policy. This specification defines a new DHCPv6 option for configuring the default policy table.
[RFC6724]描述了当节点有多个目标和/或源地址可供选择时,使用地址选择策略选择地址的默认算法。此规范定义了一个新的DHCPv6选项,用于配置默认策略表。
Some problems were identified with the default address selection policy as originally defined in [RFC3484]. As a result, RFC 3484 was updated and obsoleted by [RFC6724]. While this update corrected a number of issues identified from operational experience, it is unlikely that any default policy will suit all scenarios, and thus mechanisms to control the source address selection policy will be necessary. Requirements for those mechanisms are described in [RFC5221], while solutions are discussed in [ADDR-SEL]. Those documents have helped shape the improvements in the default address selection algorithm in [RFC6724] as well as the requirements for the DHCPv6 option defined in this specification.
在[RFC3484]中最初定义的默认地址选择策略中发现了一些问题。因此,[RFC6724]更新并淘汰了RFC 3484。虽然此更新纠正了从运行经验中发现的一些问题,但任何默认策略都不可能适合所有场景,因此需要控制源地址选择策略的机制。[RFC5221]中描述了这些机制的要求,而[ADDR-SEL]中讨论了解决方案。这些文档帮助形成了[RFC6724]中默认地址选择算法的改进以及本规范中定义的DHCPv6选项的要求。
This option's concept is to serve as a hint for a node about how to behave in the network. Ultimately, while the node's administrator can control how to deal with the received policy information, the implementation SHOULD follow the method described below uniformly to ease troubleshooting and to reduce operational costs.
此选项的概念是作为节点在网络中如何行为的提示。最终,虽然节点的管理员可以控制如何处理接收到的策略信息,但实现应统一遵循下面描述的方法,以简化故障排除并降低运营成本。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
This document uses the terminology defined in [RFC2460] and the DHCPv6 specification defined in [RFC3315]
本文件使用[RFC2460]中定义的术语和[RFC3315]中定义的DHCPv6规范
The Address Selection option provides the address selection policy table and some other configuration parameters.
地址选择选项提供地址选择策略表和一些其他配置参数。
An Address Selection option contains zero or more policy table options. Multiple policy table options in an Address Selection option constitute a single policy table. When an Address Selection option does not contain a policy table option, it may be used to just convey the A and P flags for Automatic Row Additions and Privacy Preference, respectively.
地址选择选项包含零个或多个策略表选项。地址选择选项中的多个策略表选项构成单个策略表。当地址选择选项不包含策略表选项时,可以使用它分别传递自动行添加和隐私首选项的a和P标志。
The format of the Address Selection option is given below.
地址选择选项的格式如下所示。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |A|P| |
+-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS |
| (variable length) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |A|P| |
+-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS |
| (variable length) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Address Selection Option Format
图1:地址选择选项格式
option-code: OPTION_ADDRSEL (84).
选项代码:选项_ADDRSEL(84)。
option-len: The total length of the Reserved field, A and P flags, and POLICY TABLE OPTIONS in octets.
option len:保留字段、A和P标志以及策略表选项的总长度(以八位字节为单位)。
Reserved: Reserved field. The server MUST set this value to 0, and the client MUST ignore its content.
保留:保留字段。服务器必须将此值设置为0,客户端必须忽略其内容。
A: Automatic Row Addition flag. This flag toggles the Automatic Row Addition flag at client hosts, which is described in Section 2.1 of [RFC6724]. If this flag is set to 1, it does not change client host behavior; that is, a client MAY automatically add additional site-specific rows to the policy table. If set to 0, the Automatic Row Addition flag is disabled, and a client SHOULD NOT automatically add rows to the policy table. If the option contains a POLICY TABLE option, this flag is meaningless,
A:自动行添加标志。此标志切换客户端主机上的自动行添加标志,如[RFC6724]第2.1节所述。如果此标志设置为1,则不会更改客户端主机行为;也就是说,客户端可以自动向策略表中添加其他特定于站点的行。如果设置为0,则禁用自动行添加标志,客户端不应自动向策略表添加行。如果该选项包含策略表选项,则此标志没有意义,
and automatic row addition SHOULD NOT be performed against the distributed policy table. This flag SHOULD be set to 0 only when the Automatic Row Addition at client hosts is harmful for site-specific reasons.
不应对分布式策略表执行自动行添加。仅当客户端主机上的自动行添加由于站点特定的原因而有害时,此标志才应设置为0。
P: Privacy Preference flag. This flag toggles the Privacy Preference flag on client hosts, which is described in Section 5 of [RFC6724]. If this flag is set to 1, it does not change client host behavior; that is, a client will prefer temporary addresses [RFC4941]. If set to 0, the Privacy Preference flag is disabled, and a client will prefer public addresses. This flag SHOULD be set to 0 only when the temporary addresses should not be preferred for site-specific reasons.
P:隐私偏好标志。此标志切换客户端主机上的隐私首选项标志,如[RFC6724]第5节所述。如果此标志设置为1,则不会更改客户端主机行为;也就是说,客户机更喜欢临时地址[RFC4941]。如果设置为0,则禁用隐私首选项标志,客户端将首选公共地址。仅当由于特定于站点的原因不应首选临时地址时,此标志才应设置为0。
POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table options, as described below. This option corresponds to a row in the policy table defined in Section 2.1 of [RFC6724].
策略表选项:零个或多个地址选择策略表选项,如下所述。此选项对应于[RFC6724]第2.1节中定义的策略表中的一行。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL_TABLE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| label | precedence | prefix-len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| prefix (variable length) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL_TABLE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| label | precedence | prefix-len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| prefix (variable length) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Address Selection Policy Table Option Format
图2:地址选择策略表选项格式
option-code: OPTION_ADDRSEL_TABLE (85).
选项代码:选项添加表(85)。
option-len: The total length of the label field, precedence field, prefix-len field, and prefix field.
选项len:标签字段、优先级字段、前缀len字段和前缀字段的总长度。
label: An 8-bit unsigned integer; this value is for correlation of source address prefixes and destination address prefixes. This field is used to deliver a label value in the [RFC6724] policy table.
标签:8位无符号整数;此值用于源地址前缀和目标地址前缀的相关性。此字段用于在[RFC6724]策略表中传递标签值。
precedence: An 8-bit unsigned integer; this value is used for sorting destination addresses. This field is used to deliver a precedence value in the [RFC6724] policy table.
优先级:8位无符号整数;此值用于对目标地址进行排序。此字段用于在[RFC6724]策略表中传递优先级值。
prefix-len: An 8-bit unsigned integer; the number of leading bits in the prefix that are valid. The value ranges from 0 to 128. If an option with a prefix length greater than 128 is included, the whole Address Selection option MUST be ignored.
前缀len:8位无符号整数;前缀中有效的前导位数。该值的范围为0到128。如果包含前缀长度大于128的选项,则必须忽略整个地址选择选项。
prefix: A variable-length field containing an IP address or the prefix of an IP address. An IPv4-mapped address [RFC4291] must be used to represent an IPv4 address as a prefix value.
前缀:包含IP地址或IP地址前缀的可变长度字段。IPv4映射地址[RFC4291]必须用于将IPv4地址表示为前缀值。
This field is padded with zeros up to the nearest octet boundary when prefix-len is not divisible by 8. This can be expressed using the following equation: (prefix-len + 7)/8
当前缀len不能被8整除时,该字段用零填充到最近的八位字节边界。这可以用以下等式表示:(前缀len+7)/8
So, the length of this field should be between 0 and 16 bytes.
因此,这个字段的长度应该在0到16字节之间。
For example, the prefix 2001:db8::/60 would be encoded with a prefix-len of 60; the prefix would be 8 octets and would contain octets 20 01 0d b8 00 00 00 00.
例如,前缀2001:db8::/60将使用前缀len 60进行编码;前缀为8个八位字节,包含八位字节20 01 0d b8 00。
This section describes how to process a received Address Selection option at the DHCPv6 client.
本节介绍如何在DHCPv6客户端处理接收到的地址选择选项。
This option's concept is to serve as a hint for a node about how to behave in the network. Ultimately, while the node's administrator can control how to deal with the received policy information, the implementation SHOULD follow the method described below uniformly to ease troubleshooting and to reduce operational costs.
此选项的概念是作为节点在网络中如何行为的提示。最终,虽然节点的管理员可以控制如何处理接收到的策略信息,但实现应统一遵循下面描述的方法,以简化故障排除并降低运营成本。
[RFC6724] defines two flags (A and P) and the default policy table. Also, users are usually able to configure the flags and the policy table to satisfy their own requirements.
[RFC6724]定义了两个标志(A和P)和默认策略表。此外,用户通常能够配置标志和策略表以满足自己的需求。
The client implementation SHOULD provide the following choices to the user.
客户端实现应该为用户提供以下选择。
(a) replace the existing flags and active policy table with the DHCPv6 distributed flags and policy table.
(a) 用DHCPv6分布式标志和策略表替换现有标志和活动策略表。
(b) preserve the existing flags and active policy table, whether this be the default policy table or the user configured policy.
(b) 保留现有标志和活动策略表,无论这是默认策略表还是用户配置的策略。
Choice (a) SHOULD be the default, i.e., that the policy table is not explicitly configured by the user.
选项(a)应为默认值,即用户未显式配置策略表。
When the information from the DHCP server goes stale, the flags and the policy table received from the DHCP server SHOULD be deprecated. The local configuration SHOULD be restored when the DHCP-supplied configuration has been deprecated. In order to implement this, a host can retain the local configuration even after the flags and the policy table is updated by the distributed flags and policy table.
当来自DHCP服务器的信息过时时,应从DHCP服务器接收的标志和策略表应弃用。当DHCP提供的配置已被弃用时,应恢复本地配置。为了实现这一点,即使分布式标志和策略表更新了标志和策略表,主机也可以保留本地配置。
The received information can be considered stale in several cases, e.g., when the interface goes down, the DHCP server does not respond for a certain amount of time, or the Information Refresh Time has expired.
在某些情况下,接收到的信息可能被视为过时,例如,当接口关闭时,DHCP服务器在一定时间内没有响应,或者信息刷新时间已过期。
The policy table, and other parameters specified in this document, are node-global information by their nature. One reason being that the outbound interface is usually chosen after destination address selection. So a host cannot make use of multiple address selection policies even if they are stored per interface.
策略表和本文档中指定的其他参数本质上是节点全局信息。一个原因是出站接口通常是在目标地址选择之后选择的。因此,主机不能使用多个地址选择策略,即使它们存储在每个接口上。
The policy table is defined as a whole, so the slightest addition/ deletion from the policy table brings a change in the semantics of the policy.
策略表是作为一个整体定义的,因此策略表中最轻微的添加/删除都会带来策略语义的变化。
It also should be noted that the absence of a DHCP-distributed policy from a certain network interface should not infer that the network administrator does not care about address selection policy at all, because it may mean there is a preference to use the default address selection policy. So, it should be safe to assume that the default address selection policy should be used where no overriding policy is provided.
还应注意,特定网络接口中没有DHCP分布式策略并不意味着网络管理员根本不关心地址选择策略,因为这可能意味着首选使用默认地址选择策略。因此,可以安全地假设,在没有提供覆盖策略的情况下,应该使用默认地址选择策略。
Under the above assumptions, we can specify how to handle received policy as follows.
在上述假设下,我们可以如下指定如何处理收到的保单。
In the absence of distributed policy for a certain network interface, the default address selection policy SHOULD be used. A node should use Address Selection options by default in any of the following two cases:
如果某个网络接口没有分布式策略,则应使用默认地址选择策略。在以下两种情况下,节点默认情况下应使用地址选择选项:
1: A single-homed host SHOULD use default address selection options, where the host belongs exclusively to one administrative network domain, usually through one active network interface.
1:单个托管主机应使用默认地址选择选项,其中主机仅属于一个管理网络域,通常通过一个活动网络接口。
2: Hosts that use advanced heuristics to deal with multiple received policies that are defined outside the scope of this document SHOULD use Address Selection options.
2:使用高级试探法处理多个接收到的、在本文档范围之外定义的策略的主机应使用地址选择选项。
Implementations MAY provide configuration options to enable this protocol on a per-interface basis.
实现可以提供配置选项,以在每个接口的基础上启用此协议。
Implementations MAY store distributed address selection policies per interface. They can be used effectively on implementations that adopt per-application interface selection.
实现可以为每个接口存储分布式地址选择策略。它们可以有效地用于采用每个应用程序接口选择的实现。
o The value 'label' is passed as an unsigned integer, but there is no special meaning for the value; that is, whether it is a large or small number. It is used to select a preferred source address prefix corresponding to a destination address prefix by matching the same label value within the DHCP message. DHCPv6 clients SHOULD convert this label to a representation appropriate for the local implementation (e.g., string).
o 值“label”作为无符号整数传递,但该值没有特殊含义;也就是说,无论是一个大的数字还是一个小的数字。它用于通过匹配DHCP消息中的相同标签值来选择与目标地址前缀相对应的首选源地址前缀。DHCPv6客户端应将此标签转换为适合本地实现的表示形式(例如字符串)。
o The maximum number of address selection rules that may be conveyed in one DHCPv6 message depends on the prefix length of each rule and the maximum DHCPv6 message size defined in [RFC3315]. It is possible to carry over 3,000 rules in one DHCPv6 message (maximum UDP message size). However, it should not be expected that DHCP clients, servers, and relay agents can handle UDP fragmentation. Network administrators SHOULD consider local limitations to the maximum DHCPv6 message size that can be reliably transported via their specific local infrastructure to end nodes; therefore, they SHOULD consider the number of options, the total size of the options, and the resulting DHCPv6 message size when defining their policy table.
o 一条DHCPv6消息中可传输的地址选择规则的最大数量取决于每个规则的前缀长度和[RFC3315]中定义的最大DHCPv6消息大小。在一条DHCPv6消息中可以携带3000条以上的规则(最大UDP消息大小)。但是,DHCP客户端、服务器和中继代理不能处理UDP碎片。网络管理员应考虑本地DHCPv6消息大小的本地限制,其可通过其特定的本地基础设施可靠地传输到端节点;因此,在定义策略表时,他们应该考虑选项的数量、选项的总大小以及由此产生的DHCPv6消息大小。
A rogue DHCPv6 server could issue bogus address selection policies to a client. This might lead to incorrect address selection by the client, and the affected packets might be blocked at an outgoing ISP because of ingress filtering, incur additional network charges, or be misdirected to an attacker's machine. Alternatively, an IPv6 transition mechanism might be preferred over native IPv6, even if it is available. To guard against such attacks, a legitimate DHCPv6 server should communicate through a secure, trusted channel, such as a channel protected by IPsec, Secure Neighbor Discovery (SEND), and DHCP authentication, as described in Section 21 of [RFC3315]. A commonly used alternative mitigation is to employ DHCP snooping at Layer 2.
恶意DHCPv6服务器可能会向客户端发出虚假的地址选择策略。这可能会导致客户端选择不正确的地址,并且受影响的数据包可能会由于入口过滤而在传出ISP处被阻止,产生额外的网络费用,或者被错误地定向到攻击者的计算机。或者,IPv6转换机制可能优于本机IPv6,即使它可用。为了防范此类攻击,合法的DHCPv6服务器应通过安全、可信的通道进行通信,如[RFC3315]第21节所述,受IPsec、安全邻居发现(SEND)和DHCP身份验证保护的通道。一种常用的替代缓解措施是在第2层使用DHCP侦听。
Another threat surrounds the potential privacy concern as described in the security considerations section of [RFC6724], whereby an attacker can send packets with different source addresses to a destination to solicit different source addresses in the responses from that destination. This issue will not be modified by the introduction of this option, regardless of whether or not the host is multihomed.
另一个威胁围绕着[RFC6724]的安全注意事项部分所述的潜在隐私问题,攻击者可以向目的地发送具有不同源地址的数据包,以在该目的地的响应中请求不同的源地址。无论主机是否为多宿主机,此选项的引入都不会修改此问题。
IANA has assigned option codes to OPTION_ADDRSEL (84) and OPTION_ADDRSEL_TABLE (85) from the "DHCP Option Codes" registry (http://www.iana.org/assignments/dhcpv6-parameters/).
IANA已将选项代码从“DHCP选项代码”注册表分配给选项_ADDRSEL(84)和选项_ADDRSEL_表(85)(http://www.iana.org/assignments/dhcpv6-parameters/).
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3315]Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, September 2012.
[RFC6724]Thaler,D.,Draves,R.,Matsumoto,A.,和T.Chown,“互联网协议版本6(IPv6)的默认地址选择”,RFC 67242012年9月。
[ADDR-SEL] Chown, T., Ed., and A. Matsumoto, Ed., "Considerations for IPv6 Address Selection Policy Changes", Work in Progress, April 2013.
[ADDR-SEL]Chown,T.,Ed.,和A.Matsumoto,Ed.“IPv6地址选择策略更改的考虑因素”,正在进行的工作,2013年4月。
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[RFC2460]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,1998年12月。
[RFC3484] Draves, R., "Default Address Selection for Internet Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3484]Draves,R.,“互联网协议版本6(IPv6)的默认地址选择”,RFC 3484,2003年2月。
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.
[RFC4291]Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 42912006年2月。
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, September 2007.
[RFC4941]Narten,T.,Draves,R.,和S.Krishnan,“IPv6中无状态地址自动配置的隐私扩展”,RFC 49412007年9月。
[RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, "Problem Statement for Default Address Selection in Multi-Prefix Environments: Operational Issues of RFC 3484 Default Rules", RFC 5220, July 2008.
[RFC5220]Matsumoto,A.,Fujisaki,T.,Hiromi,R.,和K.Kanayama,“多前缀环境中默认地址选择的问题陈述:RFC 3484默认规则的操作问题”,RFC 52202008年7月。
[RFC5221] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, "Requirements for Address Selection Mechanisms", RFC 5221, July 2008.
[RFC5221]Matsumoto,A.,Fujisaki,T.,Hiromi,R.,和K.Kanayama,“地址选择机制的要求”,RFC 52212008年7月。
The authors would like to thank to Dave Thaler, Pekka Savola, Remi Denis-Courmont, Francois-Xavier Le Bail, Ole Troan, Bob Hinden, Dmitry Anipko, Ray Hunter, Rui Paulo, Brian E. Carpenter, Tom Petch, and the members of 6man's address selection design team for their invaluable contributions to this document.
作者要感谢Dave Thaler、Pekka Savola、Remi Denis Courmont、Francois Xavier Le Bail、Ole Troan、Bob Hinden、Dmitry Anipko、Ray Hunter、Rui Paulo、Brian E.Carpenter、Tom Petch以及6man地址选择设计团队的成员对本文件的宝贵贡献。
[RFC5220] gives several cases where address selection problems happen. This section contains some examples for solving those cases by using the DHCP option defined in this text to update the hosts' policy table in a network, accordingly. There is also some discussion of example policy tables in Sections 10.3 to 10.7 of RFC 6724.
[RFC5220]给出了发生地址选择问题的几种情况。本节包含通过使用本文中定义的DHCP选项相应地更新网络中主机的策略表来解决这些情况的一些示例。RFC 6724第10.3节至第10.7节还对示例策略表进行了一些讨论。
In the case described in Section 2.1.2 of [RFC5220], the following policy table should be distributed when the Router performs static routing and directs the default route to ISP1 as per Figure 2. By putting the same label value to all IPv6 addresses (::/0) and the local subnet (2001:db8:1000:1::/64), a host picks a source address in this subnet to send a packet via the default route.
在[RFC5220]第2.1.2节所述的情况下,当路由器执行静态路由并按照图2将默认路由指向ISP1时,应分发以下策略表。通过向所有IPv6地址(::/0)和本地子网(2001:db8:1000:1::/64)添加相同的标签值,主机会选择此子网中的源地址,以通过默认路由发送数据包。
Prefix Precedence Label
::1/128 50 0
::/0 40 1
2001:db8:1000:1::/64 45 1
2001:db8:8000:1::/64 45 14
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Prefix Precedence Label
::1/128 50 0
::/0 40 1
2001:db8:1000:1::/64 45 1
2001:db8:8000:1::/64 45 14
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
In the case described in Section 2.1.3 of [RFC5220], the following policy table should be distributed. By splitting the closed network prefix (2001:db8:8000::/36) from all IPv6 addresses (::/0) and giving different labels, the closed network prefix will only be used when packets are destined for the closed network.
在[RFC5220]第2.1.3节所述的情况下,应分发以下策略表。通过从所有IPv6地址(::/0)中拆分封闭网络前缀(2001:db8:8000::/36)并提供不同的标签,封闭网络前缀将仅在数据包发送到封闭网络时使用。
Prefix Precedence Label
::1/128 50 0
::/0 40 1
2001:db8:8000::/36 45 14
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Prefix Precedence Label
::1/128 50 0
::/0 40 1
2001:db8:8000::/36 45 14
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
In the case described in Section 2.2.1 of [RFC5220], the following policy table should be distributed to prioritize IPv6. This case is also described in [RFC6724].
在[RFC5220]第2.2.1节所述的情况下,应分发以下策略表以确定IPv6的优先级。[RFC6724]中也描述了这种情况。
Prefix Precedence Label
::1/128 50 0
::/0 40 1
::ffff:0:0/96 100 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Prefix Precedence Label
::1/128 50 0
::/0 40 1
::ffff:0:0/96 100 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
In the case described in Section 2.2.3 of [RFC5220], the following policy table should be distributed, or the Automatic Row Addition flag should be set to 1. By splitting the Unique Local Address (ULA) in this site (fc12:3456:789a::/48) from all IPv6 addresses (::/0) and giving it higher precedence, the ULA will be used to connect to servers in the same site.
在[RFC5220]第2.2.3节所述的情况下,应分发以下策略表,或将自动行添加标志设置为1。通过将此站点(fc12:3456:789a::/48)中的唯一本地地址(ULA)与所有IPv6地址(::/0)分离并赋予其更高的优先级,ULA将用于连接到同一站点中的服务器。
Prefix Precedence Label
::1/128 50 0
fc12:3456:789a::/48 45 14
::/0 40 1
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Prefix Precedence Label
::1/128 50 0
fc12:3456:789a::/48 45 14
::/0 40 1
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Authors' Addresses
作者地址
Arifumi Matsumoto NTT NT Lab 3-9-11 Midori-Cho Musashino-shi, Tokyo 180-8585 Japan
松本明文NTT实验室3-9-11 Midori Cho Musashino shi,日本东京180-8585
Phone: +81 422 59 3334
EMail: arifumi@nttv6.net
Phone: +81 422 59 3334
EMail: arifumi@nttv6.net
Tomohiro Fujisaki NTT NT Lab 3-9-11 Midori-Cho Musashino-shi, Tokyo 180-8585 Japan
藤崎智宏NTT实验室3-9-11 Midori Cho Musashino shi,日本东京180-8585
Phone: +81 422 59 7351
EMail: fujisaki@nttv6.net
Phone: +81 422 59 7351
EMail: fujisaki@nttv6.net
Tim Chown University of Southampton Southampton, Hampshire SO17 1BJ United Kingdom
提姆南安普敦大学,南安普顿,汉普郡SO17 1BJ英国
EMail: tjc@ecs.soton.ac.uk
EMail: tjc@ecs.soton.ac.uk