📄 draft-ietf-dhc-dhcpv6-opt-prefix-delegation-02.txt
字号:
11.1 Requesting router behaviour The requesting router uses a Request message to populate IA_PDs with prefixes. The requesting router includes one or more IA_PD options in the Request message. The delegating router then returns the prefixes for the IA_PDs to the requesting router in IA_PD options in a Reply message. The requesting router includes IA_PD options in any Renew, or Rebind messages sent by the requesting router. The IA_PD option include all of the prefixes the requesting router currently has associated with that IA_PD. In some circumstances the requesting router may need verification that the delegating router still has a valid binding for the requesting router. Examples of times when a requesting router may ask for such verification include: o The requesting router reboots. o The requesting router's upstream link flaps. o The requesting router is physically disconnected from a wired connection. If such verification is needed the requesting router MUST initiate a Rebind/Reply message exchange as described in the section "Creation and Transmission of Rebind Messages" of the DHCP specification [6], with the exception that the retransmission parameters should be set as for the Confirm message, described in the section "Creation and Transmission of Confirm Messages" of the DHCP specification [6]. The requesting router includes any IA_PDs, along with prefixes associated with those IA_PDs in its Rebind message. Each prefix has valid and preferred lifetimes whose duration is specified in the IA_PD Prefix option for that prefix. The requesting router uses Renew and Rebind messages to request the extension of the lifetimes of a delegated prefix. The requesting router uses a Release message to return a delegated prefix to a delegating router. The prefixes to be released MUST be included in the IA_PDs. The Confirm and Decline message types are not used with Prefix Delegation. Upon the receipt of a valid Reply message, for each IA_PD the requesting router assigns a subnet from each of the delegatedTroan & Droms Expires August 11, 2003 [Page 13]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2003 prefixes to each of the links to which the associated interfaces are attached, with the following exception: the requesting router MUST NOT assign any delegated prefixes or subnets from the delegated prefix(es) to the link through which it received the DHCP message from the delegating router. When a requesting router subnets a delegated prefix, it must assign additional bits to the prefix to generate unique, longer prefixes. For example, if the requesting router in Figure 1 were delegated 3FFE:FFFF:0::/48, it might generate 3FFE:FFFF:0:1::/64 and 3FFE:FFFF:0:2::/64 for assignment to the two links in the subscriber network. If the requesting router were delegated 3FFE:FFFF:0::/48 and 3FFE:FFFF:1::/48, it might assign 3FFE:FFFF:0:1::/64 and 3FFE:FFFF:1:1::/64 to one of the links, and 3FFE:FFFF:0:2::/64 and 3FFE:FFFF:1:2::/64 for assignment to the other link. If the requesting router assigns a delegated prefix to a link to which the router is attached, and begins to send router advertisements for the prefix on the link, the requesting router MUST set the valid lifetime in those advertisements to be no later than the valid lifetime specified in the IA_PD Prefix option. A requesting router MAY use the preferred lifetime specified in the IA_PD Prefix option.11.2 Delegating Router behaviour When a delegating router receives a Request message from a requesting router that contains an IA_PD option, and the delegating router is authorised to delegate prefix(es) to the requesting router, the delegating router selects the prefix(es) to be delegated to the requesting router. The mechanism through which the delegating router selects prefix(es) for delegation is not specified in this document. Section 10.2 gives examples of ways in which a delegating router might select the prefix(es) to be delegated to a requesting router. A delegating router examines the prefix(es) identified in IA_PD Prefix options (in an IA_PD option) in Renew and Rebind messages and responds according to the current status of the prefix(es). The delegating router returns IA_PD Prefix options (within an IA_PD option) with updated lifetimes for each valid prefix in the message from the requesting router. If the delegating router cannot find a binding for the requesting router's IA_PD the delegating router returns the IA_PD containing no prefixes with a Status Code option set to NoBinding in the Reply message. If the delegating router finds that any of the prefixes are not in the requesting router's binding entry, the delegating router returns the prefix to the requesting router with lifetimes of 0.Troan & Droms Expires August 11, 2003 [Page 14]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2003 A delegating router may mark any prefix(es) in IA_PD Prefix options in a Release message from a requesting router as "available", dependent on the mechanism used to acquire the prefix, e.g in the case of a dynamic pool. The delegating router MUST include an IA_PD Prefix option or options (in an IA_PD option) in Reply messages sent to a requesting router.12. Prefix Delegation reconfiguration This section describes prefix delegation in Reconfigure message exchanges.12.1 Delegating Router behaviour The delegating router initiates a configuration message exchange with a requesting router, as described in the section "DHCP Server- Initiated Configuration Exchange" of the DHCP specification [6]. The delegating router specifies the IA_PD option in the Option Request option to cause the requesting router to include an IA_PD option to obtain new information about delegated prefix(es).12.2 Requesting Router behaviour The requesting router responds to a Reconfigure message received from a delegating router as described in the DHCP specification [6]. The requesting router MUST include the IA_PD Prefix option(s) (in an IA_PD option) for prefix(es) that have been delegated to the requesting router by the delegating router from which the Reconfigure message was received.13. Relay agent behaviour A relay agent forwards messages containing Prefix Delegation options in the same way as described in section "Relay Behaviour" of the DHCP specification [6]. If a delegating router communicates with a requesting router through a relay agent, the delegating router may need a protocol or other out-of-band communication to add routing information for delegated prefixes into the provider edge router.14. Security Considerations Security considerations in DHCP are described in the section "Security Considerations" of the DHCP specification [6]. A rogue delegating router can issue bogus prefixes to a requestingTroan & Droms Expires August 11, 2003 [Page 15]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2003 router. This may cause denial of service due to unreachability. An intruder requesting router may be able to mount a denial of service attack by repeated requests for delegated prefixes that exhaust the delegating router's available prefixes. To guard against attacks through prefix delegation, requesting routers and delegating routers SHOULD use DHCP authentication as described in section "Authentication of DHCP messages" in the DHCP specification [6]. For point to point links, where one trusts that there is no man in the middle, or one trusts layer two authentication, DHCP authentication or IPsec may not be necessary. Because a requesting router and delegating routers must each have at least one assigned IPv6 address, the routers may be able to use IPsec for authentication of DHCPv6 messages. The details of using IPsec for DHCPv6 are under development.15. IANA Considerations IANA is requested to assign option codes to these options from the option-code space as defined in section "DHCPv6 Options" of the DHCPv6 specification [6]. IANA is requested to assign a status code to the NoPrefixAvail status code from the status-code space as defined in section "Status Codes" of the DHCPv6 specification [6].16. Acknowledgements Thanks for the input and review by (in alphabetical order) Steve Deering, Dave Forster, Brian Haberman, Tatuya Jinmei, Shin Miyakawa, Pekka Savola, Bernie Volz, Trevor Warwick and Toshi Yamasaki.17. Changes since revision-01 o Clarified the usage of how Preferred/Valid lifetimes should be used in Router Advertisements. o Clarified the use of NoPrefixAvail in the case were the delegating router cannot delegate any prefixes. o Use Rebind/Reply message exchange for binding confirmation rather than Renew/Reply.Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.Troan & Droms Expires August 11, 2003 [Page 16]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2003 [2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [3] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998. [4] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998. [5] Thomson, S. and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998. [6] Droms, R., "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress), November 2002. [7] Aboba, B., Zorn, G. and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001.Informative References [8] Miyakawa, S., "Requirements for IPv6 prefix delegation", draft- ietf-ipv6-prefix-delegation-requirement-00 (work in progress), November 2002.Authors' Addresses Ole Troan Cisco Systems 250 Longwater Avenue Reading RG2 6GB United Kingdom Phone: +44 20 8824 8666 EMail: ot@cisco.com Ralph Droms Cisco Systems 300 Apollo Drive Chelmsford, MA 01824 USA Phone: +1 978 497 4733 EMail: rdroms@cisco.comTroan & Droms Expires August 11, 2003 [Page 17]
Internet-Draft IPv6 Prefix Options for DHCPv6 February 2003Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.Troan & Droms Expires August 11, 2003 [Page 18]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -