<
 draft-ietf-dhc-dhcpv6-19.txt   draft-ietf-dhc-dhcpv6-20.txt 
Internet Engineering Task Force J. Bound Internet Engineering Task Force J. Bound
INTERNET DRAFT Compaq INTERNET DRAFT Compaq
DHC Working Group M. Carney DHC Working Group M. Carney
Obsoletes: draft-ietf-dhc-dhcpv6-18.txt Sun Microsystems, Inc Obsoletes: draft-ietf-dhc-dhcpv6-19.txt Sun Microsystems, Inc
C. Perkins C. Perkins
Nokia Research Center Nokia Research Center
R. Droms(ed.) R. Droms(ed.)
Cisco Systems Cisco Systems
30 June 2001 15 Oct 2001
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
draft-ietf-dhc-dhcpv6-19.txt draft-ietf-dhc-dhcpv6-20.txt
Status of This Memo Status of This Memo
This document is a submission by the Dynamic Host Configuration This document is a submission by the Dynamic Host Configuration
Working Group of the Internet Engineering Task Force (IETF). Comments Working Group of the Internet Engineering Task Force (IETF). Comments
should be submitted to the dhcp-v6@bucknell.edu mailing list. should be submitted to the dhcwg@ietf.org mailing list.
Distribution of this memo is unlimited. Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 1, line 62 skipping to change at page 1, line 62
Status of This Memo i Status of This Memo i
Abstract i Abstract i
1. Introduction 1 1. Introduction 1
2. Requirements 1 2. Requirements 1
3. Background 1 3. Background 1
4. Design Goals 3 4. Design Goals 2
5. Non-Goals 3 5. Non-Goals 3
6. Terminology 4 6. Terminology 3
6.1. IPv6 Terminology . . . . . . . . . . . . . . . . . . . . 4 6.1. IPv6 Terminology . . . . . . . . . . . . . . . . . . . . 3
6.2. DHCP Terminology . . . . . . . . . . . . . . . . . . . . 5 6.2. DHCP Terminology . . . . . . . . . . . . . . . . . . . . 5
7. DHCP Constants 6 7. DHCP Constants 6
7.1. Multicast Addresses . . . . . . . . . . . . . . . . . . . 6 7.1. Multicast Addresses . . . . . . . . . . . . . . . . . . . 6
7.2. UDP ports . . . . . . . . . . . . . . . . . . . . . . . . 7 7.2. UDP ports . . . . . . . . . . . . . . . . . . . . . . . . 6
7.3. DHCP message types . . . . . . . . . . . . . . . . . . . 7 7.3. DHCP message types . . . . . . . . . . . . . . . . . . . 7
7.4. Error Values . . . . . . . . . . . . . . . . . . . . . . 9 7.4. Status Codes . . . . . . . . . . . . . . . . . . . . . . 8
7.4.1. Generic Error Values . . . . . . . . . . . . . . 9 7.4.1. Generic Status Codes . . . . . . . . . . . . . . 9
7.4.2. Server-specific Error Values . . . . . . . . . . 9 7.4.2. Server-specific Status Codes . . . . . . . . . . 9
7.5. Configuration Variables . . . . . . . . . . . . . . . . . 9 7.5. Configuration Variables . . . . . . . . . . . . . . . . . 10
8. Overview 10
8.1. How does a node know to use DHCP? . . . . . . . . . . . . 10
8.2. What if the client and server(s) are on different links? 10
8.3. How does a client request configuration parameters from
servers? . . . . . . . . . . . . . . . . . . . . . . . 11
8.4. How do clients and servers identify and manage addresses? 11
8.5. Can a client release its assigned addresses before the lease
expires? . . . . . . . . . . . . . . . . . . . . . . . 12
8.6. What if the client determines one or more of its assigned
addresses are already being used by another client? . 12
8.7. How are clients notified of server configuration changes? 12
9. Message Formats 12
9.1. DHCP Solicit Message Format . . . . . . . . . . . . . . . 13
9.2. DHCP Advertise Message Format . . . . . . . . . . . . . . 13
9.3. DHCP Request Message Format . . . . . . . . . . . . . . . 14
9.4. DHCP Confirm Message Format . . . . . . . . . . . . . . . 14
9.5. DHCP Renew Message Format . . . . . . . . . . . . . . . . 15
9.6. DHCP Rebind Message Format . . . . . . . . . . . . . . . 15
9.7. DHCP Reply Message Format . . . . . . . . . . . . . . . . 15
9.8. DHCP Release Message Format . . . . . . . . . . . . . . . 16
9.9. DHCP Decline Message Format . . . . . . . . . . . . . . . 16
9.10. DHCP Reconfigure-init Message Format . . . . . . . . . . 17
10. Relay messages 17 8. Message Formats 10
10.1. Relay-forward message . . . . . . . . . . . . . . . . . . 17 8.1. DHCP Solicit Message Format . . . . . . . . . . . . . . . 11
10.2. Relay-reply message . . . . . . . . . . . . . . . . . . . 18 8.2. DHCP Advertise Message Format . . . . . . . . . . . . . . 11
8.3. DHCP Request Message Format . . . . . . . . . . . . . . . 12
8.4. DHCP Confirm Message Format . . . . . . . . . . . . . . . 12
8.5. DHCP Renew Message Format . . . . . . . . . . . . . . . . 12
8.6. DHCP Rebind Message Format . . . . . . . . . . . . . . . 12
8.7. DHCP Reply Message Format . . . . . . . . . . . . . . . . 13
8.8. DHCP Release Message Format . . . . . . . . . . . . . . . 13
8.9. DHCP Decline Message Format . . . . . . . . . . . . . . . 13
8.10. DHCP Reconfigure-init Message Format . . . . . . . . . . 13
11. DHCP unique identifier (DUID) 18 9. Relay messages 14
9.1. Relay-forward message . . . . . . . . . . . . . . . . . . 14
9.2. Relay-reply message . . . . . . . . . . . . . . . . . . . 15
12. Identity association 18 10. DHCP unique identifier (DUID) 15
10.1. DUID contents . . . . . . . . . . . . . . . . . . . . . . 15
10.2. DUID based on link-layer address plus time . . . . . . . 16
10.3. Vendor-assigned unique ID. . . . . . . . . . . . . . . . 17
10.4. Link-layer address . . . . . . . . . . . . . . . . . . . 17
13. DHCP Server Solicitation 19 11. Identity association 18
13.1. Solicit Message Validation . . . . . . . . . . . . . . . 19
13.2. Advertise Message Validation . . . . . . . . . . . . . . 19
13.3. Client Behavior . . . . . . . . . . . . . . . . . . . . . 19
13.3.1. Creation and sending of the Solicit message . . . 19
13.3.2. Time out and retransmission of Solicit Messages . 20
13.3.3. Receipt of Advertise messages . . . . . . . . . . 20
13.4. Server Behavior . . . . . . . . . . . . . . . . . . . . . 21
13.4.1. Receipt of Solicit messages . . . . . . . . . . . 21
13.4.2. Creation and sending of Advertise messages . . . 21
14. DHCP Client-Initiated Configuration Exchange 22 12. Selecting addresses for assignment to an IA 18
14.1. Client Message Validation . . . . . . . . . . . . . . . . 23
14.2. Server Message Validation . . . . . . . . . . . . . . . . 23
14.3. Client Behavior . . . . . . . . . . . . . . . . . . . . . 24
14.3.1. Creation and sending of Request messages . . . . 24
14.3.2. Creation and sending of Confirm messages . . . . 25
14.3.3. Creation and sending of Renew messages . . . . . 26
14.3.4. Creation and sending of Rebind messages . . . . . 27
14.3.5. Receipt of Reply message in response to a Request,
Confirm, Renew or Rebind message . . . . . 28
14.3.6. Creation and sending of Release messages . . . . 29
14.3.7. Time out and retransmission of Release Messages . 30
14.3.8. Receipt of Reply message in response to a Release
message . . . . . . . . . . . . . . . . . 30
14.3.9. Creation and sending of Decline messages . . . . 30
14.3.10. Time out and retransmission of Decline Messages . 31
14.3.11. Receipt of Reply message in response to a Release
message . . . . . . . . . . . . . . . . . 31
14.4. Server Behavior . . . . . . . . . . . . . . . . . . . . . 31
14.4.1. Receipt of Request messages . . . . . . . . . . . 32
14.4.2. Receipt of Confirm messages . . . . . . . . . . . 32
14.4.3. Receipt of Renew messages . . . . . . . . . . . . 33
14.4.4. Receipt of Rebind messages . . . . . . . . . . . 34
14.4.5. Receipt of Release messages . . . . . . . . . . . 35
14.4.6. Sending of Reply messages . . . . . . . . . . . . 36
15. DHCP Server-Initiated Configuration Exchange 36 13. Reliability of Client Initiated Message Exchanges 19
15.1. Reconfigure-init Message Validation . . . . . . . . . . . 36
15.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 36
15.2.1. Creation and sending of Reconfigure-init messages 36
15.2.2. Time out and retransmission of Reconfigure-init
messages . . . . . . . . . . . . . . . . . 37
15.2.3. Receipt of Request messages . . . . . . . . . . . 37
15.3. Client Behavior . . . . . . . . . . . . . . . . . . . . . 38
15.3.1. Receipt of Reconfigure-init messages . . . . . . 38
15.3.2. Creation and sending of Request messages . . . . 39
15.3.3. Time out and retransmission of Request messages . 39
15.3.4. Receipt of Reply messages . . . . . . . . . . . . 39
16. Relay Behavior 39 14. Message validation 20
16.1. Relaying of client messages . . . . . . . . . . . . . . . 39 14.1. Use of Transaction-ID field . . . . . . . . . . . . . . . 21
16.2. Relaying of server messages . . . . . . . . . . . . . . . 40 14.2. Solicit message . . . . . . . . . . . . . . . . . . . . . 21
14.3. Advertise message . . . . . . . . . . . . . . . . . . . . 21
14.4. Request message . . . . . . . . . . . . . . . . . . . . . 21
14.5. Confirm message . . . . . . . . . . . . . . . . . . . . . 21
14.6. Renew message . . . . . . . . . . . . . . . . . . . . . . 21
14.7. Rebind message . . . . . . . . . . . . . . . . . . . . . 22
14.8. Decline messages . . . . . . . . . . . . . . . . . . . . 22
14.9. Release message . . . . . . . . . . . . . . . . . . . . . 22
14.10. Reply message . . . . . . . . . . . . . . . . . . . . . . 22
14.11. Reconfigure-init message . . . . . . . . . . . . . . . . 22
14.12. Relay-forward message . . . . . . . . . . . . . . . . . . 23
14.13. Relay-reply message . . . . . . . . . . . . . . . . . . . 23
17. Authentication of DHCP messages 40 15. DHCP Server Solicitation 23
17.1. DHCP threat model . . . . . . . . . . . . . . . . . . . . 40 15.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 23
17.2. Summary of DHCP authentication . . . . . . . . . . . . . 41 15.1.1. Creation of Solicit messages . . . . . . . . . . 23
17.3. Replay detection . . . . . . . . . . . . . . . . . . . . 41 15.1.2. Transmission of Solicit Messages . . . . . . . . 23
17.4. Configuration token protocol . . . . . . . . . . . . . . 42 15.1.3. Receipt of Advertise messages . . . . . . . . . . 25
17.5. Delayed authentication protocol . . . . . . . . . . . . . 42 15.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 25
17.5.1. Management issues in the delayed authentication 15.2.1. Receipt of Solicit messages . . . . . . . . . . . 25
protocol . . . . . . . . . . . . . . . . . 42 15.2.2. Creation and transmission of Advertise messages . 26
17.5.2. Use of the Authentication option in the delayed
authentication protocol . . . . . . . . . 43
17.5.3. Message validation . . . . . . . . . . . . . . . 44
17.5.4. Key utilization . . . . . . . . . . . . . . . . . 44
17.5.5. Client considerations for delayed authentication
protocol . . . . . . . . . . . . . . . . . 44
17.5.6. Receiving Advertise messages . . . . . . . . . . 45
17.5.7. Server considerations for delayed authentication
protocol . . . . . . . . . . . . . . . . . 46
18. DHCP options 46 16. DHCP Client-Initiated Configuration Exchange 26
18.1. Format of DHCP options . . . . . . . . . . . . . . . . . 47 16.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 27
18.2. DHCP unique identifier option . . . . . . . . . . . . . . 47 16.1.1. Creation and transmission of Request messages . . 27
18.3. Identity association option . . . . . . . . . . . . . . . 47 16.1.2. Creation and transmission of Confirm messages . . 28
18.4. Option request option . . . . . . . . . . . . . . . . . . 50 16.1.3. Creation and transmission of Renew messages . . . 29
18.5. Client message option . . . . . . . . . . . . . . . . . . 50 16.1.4. Creation and transmission of Rebind messages . . 31
18.6. Server message option . . . . . . . . . . . . . . . . . . 51 16.1.5. Receipt of Reply message in response to a Request,
18.7. Retransmission parameter option . . . . . . . . . . . . . 51 Confirm, Renew or Rebind message . . . . . 32
18.8. DSTM Global IPv4 Address Option . . . . . . . . . . . . . 51 16.1.6. Creation and transmission of Release messages . . 33
18.9. Authentication option . . . . . . . . . . . . . . . . . . 52 16.1.7. Receipt of Reply message in response to a Release
18.10. Server unicast option . . . . . . . . . . . . . . . . . . 53 message . . . . . . . . . . . . . . . . . 35
18.11. Domain Search Option . . . . . . . . . . . . . . . . . . 53 16.1.8. Creation and transmission of Decline messages . . 35
18.12. Domain Name Server Option . . . . . . . . . . . . . . . . 54 16.1.9. Receipt of Reply message in response to a Decline
message . . . . . . . . . . . . . . . . . 36
16.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 36
16.2.1. Receipt of Request messages . . . . . . . . . . . 36
16.2.2. Receipt of Confirm messages . . . . . . . . . . . 37
16.2.3. Receipt of Renew messages . . . . . . . . . . . . 38
16.2.4. Receipt of Rebind messages . . . . . . . . . . . 39
16.2.5. Receipt of Release messages . . . . . . . . . . . 40
16.2.6. Receipt of Decline messages . . . . . . . . . . . 40
16.2.7. Sending of Reply messages . . . . . . . . . . . . 41
19. DHCP Client Implementor Notes 55 17. DHCP Server-Initiated Configuration Exchange 41
19.1. Primary Interface . . . . . . . . . . . . . . . . . . . . 55 17.1. Server Behavior . . . . . . . . . . . . . . . . . . . . . 41
19.2. Advertise Message and Configuration Parameter Caching . . 55 17.1.1. Creation and transmission of Reconfigure-init
19.3. Time out and retransmission variables . . . . . . . . . . 55 messages . . . . . . . . . . . . . . . . . 41
19.4. Server Preference . . . . . . . . . . . . . . . . . . . . 56 17.1.2. Time out and retransmission of Reconfigure-init
messages . . . . . . . . . . . . . . . . . 42
17.1.3. Receipt of Request messages . . . . . . . . . . . 42
17.2. Client Behavior . . . . . . . . . . . . . . . . . . . . . 43
17.2.1. Receipt of Reconfigure-init messages . . . . . . 43
17.2.2. Creation and sending of Request messages . . . . 44
17.2.3. Time out and retransmission of Request messages . 44
17.2.4. Receipt of Reply messages . . . . . . . . . . . . 44
20. DHCP Server Implementor Notes 56 18. Relay Behavior 44
20.1. Client Bindings . . . . . . . . . . . . . . . . . . . . . 56 18.1. Relaying of client messages . . . . . . . . . . . . . . . 45
20.2. Reconfigure-init Considerations . . . . . . . . . . . . . 56 18.2. Relaying of server messages . . . . . . . . . . . . . . . 45
20.3. Server Preference . . . . . . . . . . . . . . . . . . . . 56
20.4. Request Message Transaction-ID Cache . . . . . . . . . . 57
21. DHCP Relay Implementor Notes 57 19. Authentication of DHCP messages 45
19.1. DHCP threat model . . . . . . . . . . . . . . . . . . . . 46
19.2. Security of messages sent between servers and relay agents 46
19.3. Summary of DHCP authentication . . . . . . . . . . . . . 46
19.4. Replay detection . . . . . . . . . . . . . . . . . . . . 47
19.5. Configuration token protocol . . . . . . . . . . . . . . 47
19.6. Delayed authentication protocol . . . . . . . . . . . . . 48
19.6.1. Management issues in the delayed authentication
protocol . . . . . . . . . . . . . . . . . 48
19.6.2. Use of the Authentication option in the delayed
authentication protocol . . . . . . . . . 48
19.6.3. Message validation . . . . . . . . . . . . . . . 49
19.6.4. Key utilization . . . . . . . . . . . . . . . . . 49
19.6.5. Client considerations for delayed authentication
protocol . . . . . . . . . . . . . . . . . 50
19.6.6. Server considerations for delayed authentication
protocol . . . . . . . . . . . . . . . . . 51
22. Security 57 20. DHCP options 52
20.1. Format of DHCP options . . . . . . . . . . . . . . . . . 52
20.2. DHCP unique identifier option . . . . . . . . . . . . . . 53
20.3. Identity association option . . . . . . . . . . . . . . . 53
20.4. Option request option . . . . . . . . . . . . . . . . . . 56
20.5. Preference option . . . . . . . . . . . . . . . . . . . . 56
20.6. Elapsed Time . . . . . . . . . . . . . . . . . . . . . . 57
20.7. Client message option . . . . . . . . . . . . . . . . . . 57
20.8. Server message option . . . . . . . . . . . . . . . . . . 58
20.9. DSTM Global IPv4 Address Option . . . . . . . . . . . . . 58
20.10. Authentication option . . . . . . . . . . . . . . . . . . 59
20.11. Server unicast option . . . . . . . . . . . . . . . . . . 60
20.12. Domain Search Option . . . . . . . . . . . . . . . . . . 60
20.13. Domain Name Server Option . . . . . . . . . . . . . . . . 61
20.14. Status Code Option . . . . . . . . . . . . . . . . . . . 61
20.15. Circuit-ID Option . . . . . . . . . . . . . . . . . . . . 62
20.16. User Class Option . . . . . . . . . . . . . . . . . . . . 63
20.17. Vendor Class Option . . . . . . . . . . . . . . . . . . . 63
23. Year 2000 considerations 57 21. Security Considerations 65
24. IANA Considerations 57 22. Year 2000 considerations 65
24.1. DHCPv6 options . . . . . . . . . . . . . . . . . . . . . 57
24.2. Multicast addresses . . . . . . . . . . . . . . . . . . . 58
24.3. Status codes . . . . . . . . . . . . . . . . . . . . . . 58
24.4. Retransmission parameter option . . . . . . . . . . . . . 58
24.5. Authentication option . . . . . . . . . . . . . . . . . . 58
25. Acknowledgments 59 23. IANA Considerations 65
23.1. Multicast addresses . . . . . . . . . . . . . . . . . . . 65
23.2. DHCPv6 message types . . . . . . . . . . . . . . . . . . 65
23.3. DUID . . . . . . . . . . . . . . . . . . . . . . . . . . 65
23.4. DHCPv6 options . . . . . . . . . . . . . . . . . . . . . 66
23.5. Status codes . . . . . . . . . . . . . . . . . . . . . . 66
23.6. Authentication option . . . . . . . . . . . . . . . . . . 66
A. Comparison between DHCPv4 and DHCPv6 59 24. Acknowledgments 66
B. Full Copyright Statement 61 A. Comparison between DHCPv4 and DHCPv6 67
C. Changes in this draft 61 B. Full Copyright Statement 69
C.1. Reconfigure-init . . . . . . . . . . . . . . . . . . . . 62
C.2. Authentication . . . . . . . . . . . . . . . . . . . . . 62
C.3. Confirm message . . . . . . . . . . . . . . . . . . . . . 62
C.4. Failure of Rebind message . . . . . . . . . . . . . . . . 63
C.5. Server behavior in response to Release message . . . . . 63
C.6. Client behavior when sending a Release message . . . . . 63
C.7. IA option . . . . . . . . . . . . . . . . . . . . . . . . 63
C.8. DSTM option . . . . . . . . . . . . . . . . . . . . . . . 63
C.9. Server unicast option . . . . . . . . . . . . . . . . . . 64
C.10. Domain search option . . . . . . . . . . . . . . . . . . 64
C.11. DNS servers option . . . . . . . . . . . . . . . . . . . 64
C.12. DUID and IAID . . . . . . . . . . . . . . . . . . . . . . 64
C.13. Continuing to poll with Solicit . . . . . . . . . . . . . 64
C.14. Using DHCPv6 without address assignment . . . . . . . . . 64
C.15. Potential crossing in flight of Request and Reconfigure-init
messages . . . . . . . . . . . . . . . . . . . . . . . 64
D. Open Issues for Working Group Discussion 64 References 69
D.1. Generation and use of DUID and IAID . . . . . . . . . . . 65
D.2. Address registration . . . . . . . . . . . . . . . . . . 65
D.3. Prefix advertisement . . . . . . . . . . . . . . . . . . 65
D.4. DHCP-DNS interaction . . . . . . . . . . . . . . . . . . 65
D.5. Use of term "agent" . . . . . . . . . . . . . . . . . . . 65
D.6. Additional options . . . . . . . . . . . . . . . . . . . 65
D.7. Operational parameters . . . . . . . . . . . . . . . . . 65
Chair's Address 68 Chair's Address 71
Author's Address 68 Authors' Addresses 71
1. Introduction 1. Introduction
This document describes DHCP for IPv6 (DHCP), a UDP [18] This document describes DHCP for IPv6 (DHCP), a UDP [18]
client/server protocol designed to reduce the cost of management client/server protocol designed to reduce the cost of management
of IPv6 nodes in environments where network managers require more of IPv6 nodes in environments where network managers require more
control over the allocation of IPv6 addresses and configuration control over the allocation of IPv6 addresses and configuration
of network stack parameters than that offered by "IPv6 Stateless of network stack parameters than that offered by "IPv6 Stateless
Autoconfiguration" [20]. DHCP is a stateful counterpart to Address Autoconfiguration" [20]. DHCP is a stateful counterpart to
stateless autoconfiguration. Note that both stateful and stateless stateless autoconfiguration. Note that both stateful and stateless
autoconfiguration can be used concurrently in the same environment, autoconfiguration can be used concurrently in the same environment,
leveraging the strengths of both mechanisms in order to reduce the leveraging the strengths of both mechanisms in order to reduce the
cost of ownership and management of network nodes. cost of ownership and management of network nodes.
DHCP reduces the cost of ownership by centralizing the management DHCP reduces the cost of ownership by centralizing the management
of network resources such as IP addresses, routing information, OS of network resources such as IP addresses, routing information, OS
installation information, directory service information, and other installation information, directory service information, and other
such information on a few DHCP servers, rather than distributing such such information on a few DHCP servers, rather than distributing such
information in local configuration files among each network node. information in local configuration files among each network node.
DHCP is designed to be easily extended to carry new configuration DHCP is designed to be easily extended to carry new configuration
parameters through the addition of new DHCP "options" defined to parameters through the addition of new DHCP "options" defined to
carry this information. carry this information.
Those readers familiar with DHCP for IPv4 [7] will find DHCP for IPv6 Those readers familiar with DHCP for IPv4 [7] will find DHCP for IPv6
provides a superset of features, and benefits from the additional provides a superset of features, and benefits from the additional
features of IPv6 and freedom from BOOTP [5]-backward compatibility features of IPv6 and freedom from the constraints of backward
constraints. For more information about the differences between DHCP compatibility with BOOTP [5]. For more information about the
for IPv6 and DHCP for IPv4, see Appendix A. differences between DHCP for IPv6 and DHCP for IPv4, see Appendix A.
2. Requirements 2. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [3]. document, are to be interpreted as described in [3].
This document also makes use of internal conceptual variables This document also makes use of internal conceptual variables
to describe protocol behavior and external variables that an to describe protocol behavior and external variables that an
implementation must allow system administrators to change. The implementation must allow system administrators to change. The
specific variable names, how their values change, and how their specific variable names, how their values change, and how their
settings influence protocol behavior are provided to demonstrate settings influence protocol behavior are provided to demonstrate
protocol behavior. An implementation is not required to have them in protocol behavior. An implementation is not required to have them in
the exact form described here, so long as its external behavior is the exact form described here, so long as its external behavior is
consistent with that described in this document. consistent with that described in this document.
3. Background 3. Background
Related work in IPv6 that would best serve an implementor to study
is the IPv6 Specification [6], the IPv6 Addressing Architecture [9],
IPv6 Stateless Address Autoconfiguration [20], IPv6 Neighbor
Discovery Processing [16], and Dynamic Updates to DNS [22]. These
specifications enable DHCP to build upon the IPv6 work to provide
both robust stateful autoconfiguration and autoregistration of DNS
Host Names.
The IPv6 Specification provides the base architecture and design of The IPv6 Specification provides the base architecture and design of
IPv6. A key point for DHCP implementors to understand is that IPv6 IPv6. Related work in IPv6 that would best serve an implementor
requires that every link in the Internet have an MTU of 1280 octets to study is the IPv6 Specification [6], the IPv6 Addressing
or greater (in IPv4 the requirement is 68 octets). This means that Architecture [9], IPv6 Stateless Address Autoconfiguration [20], IPv6
a UDP packet of 536 octets will always pass through an internetwork Neighbor Discovery Processing [16], and Dynamic Updates to DNS [22].
(less 40 octets for the IPv6 header), as long as there are no IP These specifications enable DHCP to build upon the IPv6 work to
options prior to the UDP header in the packet. But, IPv6 does not provide both robust stateful autoconfiguration and autoregistration
support fragmentation at routers, so that fragmentation takes place of DNS Host Names.
end-to-end between hosts. If a DHCP implementation needs to send a
packet greater than 1500 octets it can either fragment the UDP packet
into fragments of 1500 octets or less, or use Path MTU Discovery [11]
to determine the size of the packet that will traverse a network
path.
DHCP clients use Path MTU discovery when they have an address of
sufficient scope to reach the DHCP server. If a DHCP client does not
have such an address, that client MUST fragment its packets if the
resultant message size is greater than the minimum 1280 octets.
Path MTU Discovery for IPv6 is supported for both UDP and TCP and
can cause end-to-end fragmentation when the PMTU changes for a
destination.
The IPv6 Addressing Architecture specification [9] defines the The IPv6 Addressing Architecture specification [9] defines the
address scope that can be used in an IPv6 implementation, and the address scope that can be used in an IPv6 implementation, and the
various configuration architecture guidelines for network designers various configuration architecture guidelines for network designers
of the IPv6 address space. Two advantages of IPv6 are that support of the IPv6 address space. Two advantages of IPv6 are that support
for multicast is required, and nodes can create link-local addresses for multicast is required, and nodes can create link-local addresses
during initialization. This means that a client can immediately use during initialization. This means that a client can immediately use
its link-local address and a well-known multicast address to begin its link-local address and a well-known multicast address to begin
communications to discover neighbors on the link. For instance, a communications to discover neighbors on the link. For instance, a
client can send a Solicit message and locate a server or relay. client can send a Solicit message and locate a server or relay.
IPv6 Stateless Address Autoconfiguration [20] (Addrconf) specifies IPv6 Stateless Address Autoconfiguration [20] specifies procedures
procedures by which a node may autoconfigure addresses based on by which a node may autoconfigure addresses based on router
router advertisements [16], and the use of a valid lifetime to advertisements [16], and the use of a valid lifetime to support
support renumbering of addresses on the Internet. In addition the renumbering of addresses on the Internet. In addition the
protocol interaction by which a node begins stateless or stateful protocol interaction by which a node begins stateless or stateful
autoconfiguration is specified. DHCP is one vehicle to perform autoconfiguration is specified. DHCP is one vehicle to perform
stateful autoconfiguration. Compatibility with addrconf is a design stateful autoconfiguration. Compatibility with stateless address
requirement of DHCP (see Section 4). autoconfiguration is a design requirement of DHCP (see Section 4).
IPv6 Neighbor Discovery [16] is the node discovery protocol in IPv6 IPv6 Neighbor Discovery [16] is the node discovery protocol in IPv6
which replaces and enhances functions of ARP [17]. To understand which replaces and enhances functions of ARP [17]. To understand
IPv6 and Addrconf it is strongly recommended that implementors IPv6 and stateless address autoconfiguration it is strongly
understand IPv6 Neighbor Discovery. recommended that implementors understand IPv6 Neighbor Discovery.
Dynamic Updates to DNS [22] is a specification that supports the Dynamic Updates to DNS [22] is a specification that supports the
dynamic update of DNS records for both IPv4 and IPv6. DHCP can use dynamic update of DNS records for both IPv4 and IPv6. DHCP can use
the dynamic updates to DNS to integrate addresses and name space to the dynamic updates to DNS to integrate addresses and name space to
not only support autoconfiguration, but also autoregistration in not only support autoconfiguration, but also autoregistration in
IPv6. IPv6.
4. Design Goals 4. Design Goals
- DHCP is a mechanism rather than a policy. Network administrators - DHCP is a mechanism rather than a policy. Network administrators
set their administrative policies through the configuration set their administrative policies through the configuration
parameters they place upon the DHCP servers in the DHCP domain parameters they place upon the DHCP servers in the DHCP domain
they're managing. DHCP is simply used to deliver parameters they're managing. DHCP is simply used to deliver parameters
according to that policy to each of the DHCP clients within the according to that policy to each of the DHCP clients within the
domain. domain.
- DHCP is compatible with IPv6 stateless autoconf [20]. - DHCP is compatible with IPv6 stateless address
autoconfiguration [20], statically configured, non-participating
nodes and with existing network protocol implementations.
- DHCP does not require manual configuration of network parameters - DHCP does not require manual configuration of network parameters
on DHCP clients, except in cases where such configuration is on DHCP clients, except in cases where such configuration is
needed for security reasons. A node configuring itself using needed for security reasons. A node configuring itself using
DHCP should require no user intervention. DHCP should require no user intervention.
- DHCP does not require a server on each link. To allow for scale - DHCP does not require a server on each link. To allow for scale
and economy, DHCP must work across DHCP relays. and economy, DHCP must work across DHCP relays.
- DHCP coexists with statically configured, non-participating nodes
and with existing network protocol implementations.
- DHCP clients can operate on a link without IPv6 routers present. - DHCP clients can operate on a link without IPv6 routers present.
- DHCP will provide the ability to renumber network(s) when - DHCP will provide the ability to renumber network(s) when
required by network administrators [4]. required by network administrators [4].
- A DHCP client can make multiple, different requests for - A DHCP client can make multiple, different requests for
configuration parameters when necessary from one or more DHCP configuration parameters when necessary from one or more DHCP
servers at any time. servers at any time.
- DHCP will contain the appropriate time out and retransmission - DHCP will contain the appropriate time out and retransmission
skipping to change at page 4, line 7 skipping to change at page 3, line 36
- How a DHCP server stores its DHCP data. - How a DHCP server stores its DHCP data.
- How to manage a DHCP domain or DHCP server. - How to manage a DHCP domain or DHCP server.
- How a DHCP relay is configured or what sort of information it may - How a DHCP relay is configured or what sort of information it may
log. log.
6. Terminology 6. Terminology
This sections defines terminology specific to IPv6 and DHCP used in
this document.
6.1. IPv6 Terminology 6.1. IPv6 Terminology
IPv6 terminology relevant to this specification from the IPv6 IPv6 terminology relevant to this specification from the IPv6
Protocol [6], IPv6 Addressing Architecture [9], and IPv6 Stateless Protocol [6], IPv6 Addressing Architecture [9], and IPv6 Stateless
Address Autoconfiguration [20] is included below. Address Autoconfiguration [20] is included below.
address An IP layer identifier for an interface or address An IP layer identifier for an interface or
a set of interfaces. a set of interfaces.
unicast address An identifier for a single interface. unicast address An identifier for a single interface.
skipping to change at page 4, line 50 skipping to change at page 4, line 32
bridged); Token Ring; PPP links, X.25, bridged); Token Ring; PPP links, X.25,
Frame Relay, or ATM networks; and Internet Frame Relay, or ATM networks; and Internet
(or higher) layer "tunnels", such as (or higher) layer "tunnels", such as
tunnels over IPv4 or IPv6 itself. tunnels over IPv4 or IPv6 itself.
link-layer identifier A link-layer identifier for an interface. link-layer identifier A link-layer identifier for an interface.
Examples include IEEE 802 addresses for Examples include IEEE 802 addresses for
Ethernet or Token Ring network interfaces, Ethernet or Token Ring network interfaces,
and E.164 addresses for ISDN links. and E.164 addresses for ISDN links.
link-local address An IP address having link-only link-local address An IPv6 address having link-only
scope, indicated by having the prefix scope, indicated by having the prefix
(FE80::0000/64), that can be used to reach (FE80::0000/64), that can be used to reach
neighboring nodes attached to the same neighboring nodes attached to the same
link. Every interface has a link-local link. Every interface has a link-local
address. address.
message A unit of data carried in a packet, message A unit of data carried in a packet,
exchanged between DHCP agents and clients. exchanged between DHCP agents and clients.
neighbor A node attached to the same link. neighbor A node attached to the same link.
skipping to change at page 5, line 27 skipping to change at page 5, line 9
prefix length The number of bits in a prefix. prefix length The number of bits in a prefix.
router A node that forwards IP packets not router A node that forwards IP packets not
explicitly addressed to itself. explicitly addressed to itself.
6.2. DHCP Terminology 6.2. DHCP Terminology
Terminology specific to DHCP can be found below. Terminology specific to DHCP can be found below.
abort status A status value returned to the
application that has invoked a DHCP
client operation, indicating anything
other than success.
agent address The address of a neighboring DHCP Agent agent address The address of a neighboring DHCP Agent
on the same link as the DHCP client. on the same link as the DHCP client.
binding A binding (or, client binding) is a binding A binding (or, client binding) is a
group of server data records containing group of server data records containing
the server's information about the the information the server has about
addresses in an IA and any other the addresses in an IA and any other
configuration information assigned to configuration information assigned to
the client. A binding is indexed by the the client. A binding is indexed by the
tuple <DUID, IAID>. tuple <DUID, IAID>.
DHCP Dynamic Host Configuration Protocol DHCP Dynamic Host Configuration Protocol
for IPv6. The terms DHCPv4 and DHCPv6 for IPv6. The terms DHCPv4 and DHCPv6
are used only in contexts where it is are used only in contexts where it is
necessary to avoid ambiguity. necessary to avoid ambiguity.
configuration parameter An element of the configuration configuration parameter An element of the configuration
skipping to change at page 6, line 26 skipping to change at page 5, line 55
client(s). client(s).
DHCP relay (or relay) A node that acts as an intermediary to DHCP relay (or relay) A node that acts as an intermediary to
deliver DHCP messages between clients deliver DHCP messages between clients
and servers, and is on the same link as and servers, and is on the same link as
a client. a client.
DHCP agent (or agent) Either a DHCP server on the same link as DHCP agent (or agent) Either a DHCP server on the same link as
a client, or a DHCP relay. a client, or a DHCP relay.
DUID A DHCP unique identifier for a client. DUID A DHCP Unique IDentifier for a client.
Identity association (IA) A collection of addresses assigned to Identity association (IA) A collection of addresses assigned to
a client. Each IA has an associated a client. Each IA has an associated
IAID. An IA may have 0 or more addresses IAID. An IA may have 0 or more addresses
associated with it. associated with it.
Identity association identifier (IAID) An identifier for an IA, Identity association identifier (IAID) An identifier for an IA,
chosen by the client. Each IA has an chosen by the client. Each IA has an
IAID, which is chosen to be unique among IAID, which is chosen to be unique among
all IAIDs for IAs belonging to that all IAIDs for IAs belonging to that
skipping to change at page 6, line 52 skipping to change at page 6, line 29
7. DHCP Constants 7. DHCP Constants
This section describes various program and networking constants used This section describes various program and networking constants used
by DHCP. by DHCP.
7.1. Multicast Addresses 7.1. Multicast Addresses
DHCP makes use of the following multicast addresses: DHCP makes use of the following multicast addresses:
All DHCP Agents address: FF02::1:2 This link-scoped multicast All_DHCP_Agents address: FF02::1:2 This link-scoped multicast
address is used by clients to communicate with the address is used by clients to communicate with the
on-link agent(s) when they do not know those agents' on-link agent(s) when they do not know the link-local
link-local address(es). All agents (servers and address(es) for those agents. All agents (servers and
relays) are members of this multicast group. relays) are members of this multicast group.
All DHCP Servers address: FF05::1:3 This site-scoped multicast All_DHCP_Servers address: FF05::1:3 This site-scoped multicast
address is used by clients or relays to communicate address is used by clients or relays to communicate
with server(s), either because they want to send with server(s), either because they want to send
messages to all servers or because they do not know messages to all servers or because they do not know
the server(s) unicast address(es). Note that in order the server(s) unicast address(es). Note that in order
for a client to use this address, it must have an for a client to use this address, it must have an
address of sufficient scope to be reachable by the address of sufficient scope to be reachable by the
server(s). All servers within the site are members of server(s). All servers within the site are members of
this multicast group. this multicast group.
7.2. UDP ports 7.2. UDP ports
skipping to change at page 7, line 36 skipping to change at page 7, line 14
agents as the destination port for messages sent to agents as the destination port for messages sent to
clients. clients.
547 Agent port. Used as the destination port by clients 547 Agent port. Used as the destination port by clients
for messages sent to agents. Used as the destination for messages sent to agents. Used as the destination
port by relays for messages sent to servers. port by relays for messages sent to servers.
7.3. DHCP message types 7.3. DHCP message types
DHCP defines the following message types. More detail on these DHCP defines the following message types. More detail on these
message types can be found in Section 9. Message types 0 and message types can be found in Section 8. Message types 0 and 13-255
TBD--255 are reserved and MUST be silently ignored. The message code are reserved for future use. The message code for each message type
for each message type is shown with the message name. is shown with the message name.
SOLICIT (1) The DHCP Solicit (or Solicit) message is used SOLICIT (1) The Solicit message is used by clients to
by clients to locate servers. locate servers.
ADVERTISE (2) The DHCP Advertise (or Advertise) message is ADVERTISE (2) The Advertise message is used by servers
used by servers responding to Solicits. responding to Solicits.
REQUEST (3) The DHCP Request (or Request) message is REQUEST (3) The Request message is used by clients
used by clients to request configuration to request configuration parameters from
parameters from servers. servers.
CONFIRM (4) The DHCP Confirm (or Confirm) message is used CONFIRM (4) The Confirm message is used by clients to
by clients to confirm that the addresses confirm that the addresses assigned to an IA
assigned to an IA and the lifetimes for and the lifetimes for those addresses, as
those addresses, as well as the current well as the current configuration parameters
configuration parameters assigned by the assigned by the server to the client are
server to the client are still valid. still valid.
RENEW (5) The DHCP Renew (or Renew) message is used by RENEW (5) The Renew message is used by clients to
clients to obtain the addresses assigned to obtain the addresses assigned to an IA and
an IA and the lifetimes for those addresses, the lifetimes for those addresses, as well as
as well as the current configuration the current configuration parameters assigned
parameters assigned by the server to the by the server to the client. A client sends
client. A client sends a Renew message to a Renew message to the server that originally
the server that originally assigned the IA assigned the IA when the lease on an IA is
when the lease on an IA is about to expire. about to expire.
REBIND (6) The DHCP Rebind (or Rebind) message is REBIND (6) The Rebind message is used by clients to
used by clients to obtain the addresses obtain the addresses assigned to an IA and
assigned to an IA and the lifetimes for the lifetimes for those addresses, as well as
those addresses, as well as the current the current configuration parameters assigned
configuration parameters assigned by the by the server to the client. A clients
server to the client. A clients sends a sends a Rebind message to all available DHCP
Rebind message to all available DHCP servers servers when the lease on an IA is about to
when the lease on an IA is about to expire. expire.
REPLY (7) The DHCP Reply (or Reply) message is used REPLY (7) The Reply message is used by servers
by servers responding to Request, Confirm, responding to Request, Confirm, Renew,
Renew, Rebind, Release and Decline messages. Rebind, Release and Decline messages. In the
In the case of responding to a Request, case of responding to a Request, Confirm,
Confirm, Renew or Rebind message, the Reply Renew or Rebind message, the Reply contains
contains configuration parameters destined configuration parameters destined for the
for the client. client.
RELEASE (8) The DHCP Release (or Release) message is used RELEASE (8) The Release message is used by clients to
by clients to return one or more IP addresses return one or more IP addresses to servers.
to servers.
DECLINE (9) The DHCP Decline (or Decline) message is used DECLINE (9) The Decline message is used by clients to
by clients to indicate that the client has indicate that the client has determined that
determined that one or more addresses in an one or more addresses in an IA are already
IA are already in use on the link to which in use on the link to which the client is
the client is connected. connected.
RECONFIG-INIT (10) The DHCP Reconfigure-init (or RECONFIG-INIT (10) The Reconfigure-init message is sent by
Reconfigure-init) message is sent by
server(s) to inform client(s) that the server(s) to inform client(s) that the
server(s) has new or updated configuration server(s) has new or updated configuration
parameters, and that the client(s) are to parameters, and that the client(s) are to
initiate a Request/Reply transaction with the initiate a Request/Reply transaction with the
server(s) in order to receive the updated server(s) in order to receive the updated
information. information.
RELAY-FORW (11) The DHCP Relay-forward (or Relay-forward) RELAY-FORW (11) The Relay-forward message is used by relays
message is used by relays to forward to forward client messages to servers. The
client messages to servers. The client client message is encapsulated in an option
message is encapsulated in an option in the in the Relay-forward message.
Relay-forward message.
RELAY-REPL (12) The DHCP Relay-reply (or Relay-reply) RELAY-REPL (12) The Relay-reply message is used by servers
message is used by servers to send messages to send messages to clients through a relay.
to clients through a relay. The server The server encapsulates the client message
encapsulates the client message as an option as an option in the Relay-reply message,
in the Relay-reply message, which the relay which the relay extracts and forwards to the
extracts and forwards to the client. client.
7.4. Error Values 7.4. Status Codes
This section describes error values exchanged between DHCP This section describes status codes exchanged between DHCP
implementations. implementations. These status codes may appear in the Status Code
option or in the status field of an IA.
7.4.1. Generic Error Values 7.4.1. Generic Status Codes
The following symbolic names are used between client and server The status codes in this section are used between clients and servers
implementations to convey error conditions. The following table to convey status conditions. The following table contains the status
contains the actual numeric values for each name. Note that the codes, the name for each code (as used in this document) and a brief
numeric values do not start at 1, nor are they consecutive. The description. Note that the numeric values do not start at 1, nor are
errors are organized in logical groups. they consecutive. The status codes are organized in logical groups.
_______________________________________________________________ Name Code Description
|Error_Name___|Error_ID|_Description_________________________|_ ---------- ---- -----------
|Success______|00______|_Success_____________________________|_ Success 0 Success
|UnspecFail___|16______|_Failure,_reason_unspecified_________|_ UnspecFail 16 Failure, reason unspecified
|AuthFailed___|17______|_Authentication_failed_or_nonexistent|_ AuthFailed 17 Authentication failed or nonexistent
|PoorlyFormed_|18______|_Poorly_formed_message_______________|_ PoorlyFormed 18 Poorly formed message
|Unavail______|19______|_Addresses_unavailable_______________|_ AddrUnavail 19 Addresses unavailable
OptionUnavail 20 Requested options unavailable
7.4.2. Server-specific Error Values 7.4.2. Server-specific Status Codes
The following symbolic names are used by server implementations to The status codes in this section are used by servers to convey status
convey error conditions to clients. The following table contains the conditions to clients. The following table contains the status
actual numeric values for each name. codes, the name for each code (as used in this document) and a brief
_______________________________________________________________ description. Note that the numeric values do not start at 1, nor are
|Error_Name____|Error_ID|_Description________________________|_ they consecutive. The status codes are organized in logical groups.
|NoBinding_____|20______|_Client_record_(binding)_unavailable|_
|ConfNoMatch___|21______|_Client_record_Confirm_not_match_IA_|_
|RenwNoMatch___|22______|_Client_record_Renew_not_match_IA___|_ Name Code Description
|RebdNoMatch___|23______|_Client_record_Rebind_not_match_IA__|_ ---- ---- -----------
|InvalidSource_|24______|_Invalid_Client_IP_address__________|_ NoBinding 32 Client record (binding) unavailable
|NoServer______|25______|_Relay_cannot_find_Server_Address___|_ ConfNoMatch 33 Client record Confirm not match IA
|ICMPError_____|64______|_Server_unreachable_(ICMP_error)____|_ RenwNoMatch 34 Client record Renew not match IA
RebdNoMatch 35 Client record Rebind not match IA
InvalidSource 36 Invalid Client IP address
NoServer 37 Relay cannot find Server Address
NoPrefixMatch 38 One or more prefixes of the addresses
in the IA is not valid for the link
from which the client message was received
ICMPError 64 Server unreachable (ICMP error)
7.5. Configuration Variables 7.5. Configuration Variables
This section presents a table of client and server configuration This section presents a table of client and server configuration
variables and the default or initial values for these variables. The variables and the default or initial values for these variables.
client-specific variables MAY be configured on the server and MAY be
delivered to the client through the "DHCP Retransmission Parameter
Option" in a Reply message.
_________________________________________________________________________ Parameter Default Description
|Parameter__________|Default|_Description______________________________|_ -------------------------------------
|MIN_SOL_DELAY______|1______|_MIN_(secs)_to_delay_1st_mesg_____________|_ MIN_SOL_DELAY 1 sec Min delay of first Solicit
|MAX_SOL_DELAY______|5______|_MAX_(secs)_to_delay_1st_mesg_____________|_ MAX_SOL_DELAY 5 secs Max delay of first Solicit
|ADV_MSG_TIMEOUT____|500____|_SOL_Retrans_timer_(msecs)________________|_ SOL_TIMEOUT 500 msecs Initial Solicit timeout
|ADV_MSG_MAX________|30_____|_MAX_timer_value_(secs)___________________|_ SOL_MAX_RT 30 secs Max Solicit timeout value
|SOL_MAX_ATTEMPTS___|-1_____|_MAX_attempts_(-1_=_infinite)_____________|_ REQ_TIMEOUT 250 msecs Initial Request timeout
|REP_MSG_TIMEOUT____|250____|_Retrans_timer_(msecs)_for_Reply__________|_ REQ_MAX_RT 30 secs Max Request timeout value
|QRY_MSG_ATTEMPTS___|10_____|_MAX_Request/Confirm/Renew/Rebind_attempts|_ REQ_MAX_RC 10 Max Request retry attempts
|REL_MSG_ATTEMPTS___|5______|_MAX_Release/Decline_attempts_____________|_ CNF_TIMEOUT 250 msecs Initial Confirm timeout
|RECREP_MSG_TIMEOUT_|2000___|_Retrans_timer_(msecs)____________________|_ CNF_MAX_RT 1 sec Max Confirm timeout
|REC_MSG_ATTEMPTS___|10_____|_Reconfigure_attempts_____________________|_ CNF_MAX_RD 10 secs Max Confirm duration
|REC_THRESHOLD______|100____|_%_of_required_clients____________________|_ REN_TIMEOUT 10 sec Initial Renew timeout
|SRVR_PREF_WAIT_____|2______|_Advertise_Collect_timer_(secs)___________|_ REN_MAX_RT 600 secs Max Renew timeout value
REB_TIMEOUT 10 sec Initial Rebind timeout
REB_MAX_RT 600 secs Max Rebind timeout value
REL_TIMEOUT 250 msecs Initial Release timeout
REL_MAX_RT 1 sec Max Release timeout
REL_MAX_RC 5 MAX Release/Decline attempts
DEC_TIMEOUT 250 msecs Initial Release timeout
DEC_MAX_RT 1 sec Max Release timeout
DEC_MAX_RC 5 MAX Release/Decline attempts
8. Overview 8. Message Formats
This section provides a general overview of the interaction between All DHCP messages sent between clients and servers share an identical
the functional entities of DHCP. The overview is organized as a fixed format header and a variable format area for options. Not all
series of questions and answers. Details of DHCP such as message fields in the header are used in every message.
formats and retransmissions can be found in later sections of this
document.
8.1. How does a node know to use DHCP? All values in the message header and in options are in network byte
order.
An unconfigured node determines that it is to use DHCP for The following diagram illustrates the DHCP message header:
configuration of an interface by detecting the presence (or absence)
of routers on the link. If router(s) are present, the node examines
router advertisements to determine if DHCP should be used to
configure the interface. If there are no routers present, then
the node MUST use DHCP to configure the interface. Details of
this process can be found in neighbor discovery [16] and stateless
autoconfiguration [20].
8.2. What if the client and server(s) are on different links? 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| msg-type | transaction-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| server-address |
| (16 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. options .
. (variable) .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Use of DHCP in such environments requires one or more DHCP relays The following sections describe the use of the fields in the DHCP
be set up on the client's link, because a client may only have a message header in each of the DHCP messages. In these descriptions,
link-local address. Relays receive messages from the client and fields that are not used in a message are marked as "unused". All
forward them to some set of servers within the DHCP domain. The unused fields in a message MUST be transmitted as zeroes and ignored
client message is forwarded verbatim as an option in the message by the receiver of the message.
from the relay to the server. A relay will include one of its own
addresses (of sufficient scope) from the interface on the same link
as the client, as well as the prefix length of that address, in its
message to the server. Servers receiving the forwarded traffic
use this information to aid in selecting configuration parameters
appropriate to the client's link.
Servers use relays to forward messages to clients. The message 8.1. DHCP Solicit Message Format
intended for the client is carried as an option in the message to the
relay. The relay extracts the message from the option and forwards
it to the client. Servers use the relay's address as the destination
to forward client-destined messages for final delivery by the relay.
Relays forward client messages to servers using some combination msg-type SOLICIT
of the All DHCP Servers site-local multicast address, some other
(perhaps a combination) of site-local multicast addresses set up
within the DHCP domain to include the servers in that domain, or a
list of unicast addresses for servers. The network administrator
makes relay configuration decisions based upon the topological
requirements (scope) of the DHCP domain they are managing. Note
that if the DHCP domain spans more than the site-local scope, then
the relays MUST be configured with global addresses for the client's
link so as to be reachable by servers outside the relays' site-local
environment.
8.3. How does a client request configuration parameters from servers? transaction-ID An unsigned integer generated by the client used
to identify this Solicit message.
To request configuration parameters, the client forms a Request server-address (unused) MUST be 0
message, and sends it to the server either directly (the server is
on the same link as the client) or indirectly (through the on-link
relay). The client MAY include a Option Request Option 18.4 (ORO)
along with other options to request specific information from the
server. Note that the client MAY form multiple Request messages
and send each of them to different servers to request potentially
different information (perhaps based upon what was advertised) in
order to satisfy its needs. As a client's needs may change over time
(perhaps based upon an application's requirements), the client may
form additional Request messages to request additional information as
it is needed.
The server(s) respond with Reply messages containing the requested options See section 20.
configuration parameters, which can include status information
regarding the information requested by the client. The Reply MAY
also include additional information.
8.4. How do clients and servers identify and manage addresses? 8.2. DHCP Advertise Message Format
Servers and clients manage addresses in groups called "identity msg-type ADVERTISE
associations." Each identity association (IA) is identified using
a unique identifier. An identity association may contain one or
more IPv6 addresses. DHCP servers assign addresses to identity
associations. DHCP clients use the addresses in an identity
association to configure interfaces. There is always at least one
identity association per interface that a client wishes to configure.
Each address in an IA has its own preferred and valid lifetime. Over
time, the server may change the characteristics of the addresses in
an IA; for example, by changing the preferred or valid lifetime for
an address in the IA. The server may also add or delete addresses
from an IA; for example, deleting old addresses and adding new
addresses to renumber a client. A client can request the current
list of addresses assigned to an IA from a server through an exchange
of protocol messages.
8.5. Can a client release its assigned addresses before the lease transaction-ID An unsigned integer used to identify this
expires? Advertise message. Copied from the Solicit
message received from the client.
A client forms a Release message, including options identifying server-address The IP address of the server that generated this
the IA to be released. The client sends the Release to the server message. The address must have sufficient scope
which assigned the addresses to the client initially. If that to be reachable from the client.
server cannot be reached after a certain number of attempts (see
section 7.5), the client can abandon the Release attempt. In this
case, the address(es) in the IA will be reclaimed by the server(s)
when the lifetimes on the addresses expire.
8.6. What if the client determines one or more of its assigned addresses options See section 20.
are already being used by another client?
If the client determines through a mechanism like Duplicate Address 8.3. DHCP Request Message Format
Detection [20] that the address it was assigned by the server is
already in use by another client, the client will send a Decline
message to the server.
8.7. How are clients notified of server configuration changes? msg-type REQUEST
There are two possibilities. Either the clients discover the new transaction-ID An unsigned integer generated by the client used
information when they revisit the server(s) to request additional to identify this Request message.
configuration information/extend the lifetime on an address. or
through a server-initiated event known as a reconfigure event.
The reconfiguration feature of DHCP offers network administrators server-address The IP address of the server to which the this
the opportunity to update configuration information on DHCP clients message is directed, copied from an Advertise
whenever necessary. To signal the need for client reconfiguration, message.
the server will unicast a Reconfigure-init message to each client
individually. A Reconfigure-init is a trigger which will cause the
client(s) to initiate a standard Request/Reply exchange with the
server in order to acquire the new or updated addresses.
9. Message Formats options See section 20.
Each DHCP message has an identical fixed format header; some messages 8.4. DHCP Confirm Message Format
also allow a variable format area for options. Not all fields in
the header are used in every message. In this section, every field
is described for every message and fields that are not used in a
message are marked as "unused". All unused fields in a message MUST
be transmitted as zeroes and ignored by the receiver of the message.
The DHCP message header: msg-type CONFIRM
transaction-ID An unsigned integer generated by the client used
to identify this Confirm message.
server-address MUST be zero.
options See section 20.
8.5. DHCP Renew Message Format
msg-type RENEW
transaction-ID An unsigned integer generated by the client used
to identify this Renew message.
server-address The IP address of the server to which this Renew
message is directed, which MUST be the address
of the server from which the IAs in this message
were originally assigned.
options See section 20.
8.6. DHCP Rebind Message Format
msg-type REBIND
transaction-ID An unsigned integer generated by the client used
to identify this Rebind message.
server-address MUST be zero.
options See section 20.
8.7. DHCP Reply Message Format
msg-type REPLY
transaction-ID An unsigned integer used to identify this
Reply message. Copied from the client Request,
Confirm, Renew or Rebind message received from
the client.
server-address The IP address of the server. The address must
have sufficient scope to be reachable from the
client.
options See section 20.
8.8. DHCP Release Message Format
msg-type RELEASE
transaction-ID An unsigned integer generated by the client used
to identify this Release message.
server-address The IP address of the server that assigned the
addresses.
options See section 20.
8.9. DHCP Decline Message Format
msg-type DECLINE
transaction-ID An unsigned integer generated by the client used
to identify this Decline message.
server-address The IP address of the server that assigned the
addresses.
options See section 20.
8.10. DHCP Reconfigure-init Message Format
msg-type RECONFIG-INIT
transaction-ID An unsigned integer generated by the server used
to identify this Reconfigure-init message.
server-address The IP address of the DHCP server issuing the
Reconfigure-init message. The address must have
sufficient scope to be reachable from the client.
options See section 20.
9. Relay messages
Relay agents exchange messages with servers to forward messages
between clients and servers that are not connected to the same link.
There are two relay messages, which share the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| msg-type | preference | transaction-ID | | msg-type | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ |
| link-prefix |
| | | |
| client-link-local-address |
| (16 octets) |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| | |
+-+-+-+-+-+-+-+-+ |
| client-return-address |
| | | |
| server-address |
| (16 octets) |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| | |
+-+-+-+-+-+-+-+-+ |
. . . .
. options . . options (variable number and length) .... .
| (variable) | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
9.1. DHCP Solicit Message Format The following sections describe the use of the Relay message header.
msg-type SOLICIT 9.1. Relay-forward message
preference (unused) MUST be 0 The following table defines the use of message fields in a
Relay-forward message.
transaction-ID An unsigned integer generated by the msg-type RELAY-FORW
client used to identify this Solicit
message.
client-link-local-address The link-local address of the link-prefix An address with a prefix that is assigned
interface for which the client is to the link from which the client should
using DHCP. be assigned an address.
server-address (unused) MUST be 0 client-return-address The source address from the IP datagram
in which the message from the client was
received by the relay agent
options See section 18. options MUST include a "Client message option";
see section 20.7; MAY include other
options added by the relay agent
9.2. DHCP Advertise Message Format 9.2. Relay-reply message
msg-type ADVERTISE The following table defines the use of message fields in a
Relay-forward message.
preference An unsigned integer indicating a msg-type RELAY-REPL
server's willingness to provide
service to the client.
transaction-ID An unsigned integer used to identify link-prefix An address with a prefix that is assigned
this Advertise message. Copied from to the link from which the client should
the client's Solicit message. be assigned an address.
client-link-local-address The IP link-local address of the client-return-address The source address from the IP datagram
client interface from which the client in which the message from the client was
issued the Solicit message. received by the relay agent
server-address The IP address of the server that options MUST include a "Server message option";
generated this message. If the DHCP see section 20.8; MAY include other
domain crosses site boundaries, then options
this address MUST be globally-scoped.
options See section 18. 10. DHCP unique identifier (DUID)
9.3. DHCP Request Message Format Each DHCP client has a DUID. DHCP servers use DUIDs to identify
clients for the selection of configuration parameters and in
the association of IAs with clients. See section 20.2 for the
representation of a DUID in a DHCP message.
msg-type REQUEST Servers MUST treat DUIDs as opaque values and must only compare DUIDs
for equality. Servers MUST NOT in any other way interpret DUIDs.
Servers MUST NOT restrict DUIDs to the types defined in this document
as additional DUID types may be defined in the future.
preference (unused) MUST be 0 The DUID is carried in an option because it may be variable length
and because it is not required in all DHCP options (e.g., messages
sent by servers need not include a DUID). The DUID must be unique
across all DHCP clients, and it must also be consistent for the same
client - that is, the DUID used by a client SHOULD NOT change over
time; for example, as a result of network hardware reconfiguration.
transaction-ID An unsigned integer generated by the The motivation for having more than one type of DUID is that the DUID
client used to identify this Request must be globally unique, and must also be easy to generate. The sort
message. of globally-unique identifier that is easy to generate for any given
device can differ quite widely. Also, some devices may not contain
any persistent storage. Retaining a generated DUID in such a device
is not possible, so the DUID scheme must accommodate such devices.
client-link-local-address The link-local address of the client 10.1. DUID contents
interface from which the client will
issue the Request message.
server-address The IP address of the server to which A DUID consists of a sixteen-bit type code represented in network
the this message is directed, copied order, followed by a variable number of octets that make up the
from an Advertise message. actual identifier. A DUID can be no more than 256 octets long. The
following types are currently defined:
options See section 18. 1 Link-layer address plus time
2 Vendor-assigned unique ID
3 Link-layer address
9.4. DHCP Confirm Message Format Formats for the variable field of the DUID for each of the above
types are shown below.
msg-type CONFIRM 10.2. DUID based on link-layer address plus time
preference (unused) MUST be 0 This type of DUID consists of four octets containing a time value,
followed by a two octet network hardware type code, followed by
link-layer address of any one network interface that is connected
to the DHCP client device at the time that the DUID is generated.
The time value is the time that the DUID is generated represented
in seconds since midnight (UTC), January 1, 2000, modulo 2^32. The
hardware type MUST be a valid hardware type assigned by the IANA as
described in the section on ARP in RFC 826. Both the time and the
hardware type are stored in network order.
transaction-ID An unsigned integer generated by the 0 1 2 3
client used to identify this Confirm 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
message. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time (32 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hardware type (16 bits) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. .
. link-layer address (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
client-link-local-address The link-local address of the client The choice of network interface can be completely arbitrary, as long
interface from which the client will as that interface provides a unique link-layer address, and the same
issue the Confirm message. DUID should be used in configuring all network interfaces connected
to the device, regardless of which interface's link-layer address was
used to generate the DUID.
server-address MUST be zero. DHCP clients using this type of DUID MUST store the DUID in stable
storage, and MUST continue to use this DUID even if the network
interface used to generate the DUID is removed. DHCP clients that do
not have any stable storage MUST NOT use this type of DUID.
options See section 18. DHCP clients that use this DUID SHOULD attempt to configure the time
prior to generating the DUID, if that is possible, and MUST use some
sort of time source (e.g., a real-time clock) in generating the
DUID, even if that time source is not configured by the user prior
to generating the DUID. The use of a time source makes it unlikely
that if the network interface is removed from the client and another
client then uses the same network interface to generate a DUID,
that two identical DUIDs will be generated. A DUID collision is
very unlikely even if the clocks haven't been configured prior to
generating the DUID.
9.5. DHCP Renew Message Format This method of DUID generation is recommended for all general purpose
computing devices such as desktop computers and laptop computers, and
also for devices such as printers, routers, and so on, that contain
some form of writable non-volatile storage.
msg-type RENEW 10.3. Vendor-assigned unique ID.
preference (unused) MUST be 0 The vendor-assigned unique ID consists of an eight-octet
vendor-unique identifier, followed by the vendor's registered domain
name.
transaction-ID An unsigned integer generated by the 0 1 2 3
client used to identify this Renew 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
message. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VUID (64 bits) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. domain name (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
client-link-local-address The link-local address of the client The structure of the VUID is left up to the vendor defining it, but
interface from which the client will each device containing such a VUID MUST be unique to each device
issue the Renew message. that is using it, and MUST be assigned to the device at the time of
manufacture and stored in some form of non-volatile storage. The
VUID SHOULD be recorded in non-erasable storage. The domain name is
simply any domain name that has been legally registered by the vendor
in the domain name system, stored in canonical form. An example DUID
of this type might look like this:
server-address The IP address of the server to which +--+---+---+---+-+-+-+--+---+---+--+---+---+---+---+--+--+---+---+
this Renew message is directed, which |12|192|132|221|3|0|9|18|101|120|97|109|112|108|101|46|99|111|109|
MUST be the address of the server from +--+---+---+---+-+-+-+--+---+---+--+---+---+---+---+--+--+---+---+
which the IAs in this message were
originally assigned.
options See section 18. This is eight octets of VUID data, followed by "example.com"
represented in ASCII.
9.6. DHCP Rebind Message Format 10.4. Link-layer address
msg-type REBIND This type of DUID consists of a two octet network hardware type code,
followed by the link-layer address of any one network interface that
is permanently connected to the DHCP client device. The hardware
type MUST be a valid hardware type assigned by the IANA as described
in the section on ARP in RFC 826. The hardware type is stored in
network order.
preference (unused) MUST be 0 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hardware type (16 bits) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. .
. link-layer address (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
transaction-ID An unsigned integer generated by the The choice of network interface can be completely arbitrary, as
client used to identify this Rebind long as that interface provides a unique link-layer address and
message. is permanently attached to the device on which the DUID is being
generated. The same DUID should be used in configuring all network
interfaces connected to the device, regardless of which interface's
link-layer address was used to generate the DUID.
client-link-local-address The link-local address of the client This type of DUID is recommended for devices that have a
interface from which the client will permanently-connected network interface with a link-layer address and
issue the Rebind message. do not have nonvolatile, writable stable storage. This type of DUID
MUST NOT be used by DHCP clients that cannot tell whether or not a
network interface is permanently attached to the device on which the
DHCP client is running.
server-address MUST be zero. 11. Identity association
options See section 18. An "identity-association" (IA) is a construct through which a server
and a client can identify, group and manage IPv6 addresses. Each IA
consists of an IAID and a list of associated IPv6 addresses (the list
may be empty). A client associates an IA with one of its interfaces
and uses the IA to obtain IPv6 addresses for that interface from a
server.
9.7. DHCP Reply Message Format See section 20.3 for the representation of an IA in a DHCP message.
msg-type REPLY 12. Selecting addresses for assignment to an IA
preference An unsigned integer indicating a A server selects addresses to be assigned to an IA according to the
server's willingness to provide address assignment policies determined by the server administrator
service to the client. and the specific information the server determines about the client
from the following sources:
transaction-ID An unsigned integer used to identify - The link to which the client is attached:
this Reply message. Copied from the
client's Request, Confirm, Renew or
Rebind message.
client-link-local-address The link-local address of the * If the server receives the message directly from the client
interface for which the client is and the source address in the IP datagram in which the
using DHCP. message was received is a link-local address, then the client
is on the same link to which the interface over which the
message was received is attached
* If the server receives the message directly from the client
and the source address in the IP datagram in which the
message was received is not a link-local address, then the
client is on the link identified by the source address in the
IP datagram
server-address The IP address of the server. * If the server receives the message from a forwarding relay
If the DHCP domain crosses site agent, then the client is on the same link as the one to
boundaries, then this address MUST be which the interface identified by the link-prefix field in
globally-scoped. the message from the relay is attached
options See section 18. - The DUID supplied by the client
9.8. DHCP Release Message Format - Other information in options supplied by the client
msg-type RELEASE - Other information in options supplied by the relay agent
preference (unused) MUST be 0 13. Reliability of Client Initiated Message Exchanges
transaction-ID An unsigned integer generated by the DHCP clients are responsible for reliable delivery of messages in the
client used to identify this Release client-initiated message exchanges described in sections 15 and 16.
message. If a DHCP client fails to receive an expected response from a server,
the client must retransmit its message. This section describes the
retransmission strategy to be used by clients in client-initiated
message exchanges.
client-link-local-address The client's link-local address for The client begins the message exchange by transmitting a message to
the interface from which the client the server. The message exchange terminates when either the client
will send the Release message. successfully receives the appropriate response or responses from a
server or servers, or when the message exchange is considered to have
failed according to the retransmission mechanism described below.
server-address The IP address of the server that The client retransmission behavior is controlled and describe by five
assigned the IA. variables:
options See section 18. RT Retransmission timeout
9.9. DHCP Decline Message Format IRT Initial retransmission time
msg-type DECLINE MRC Maximum retransmission count
preference (unused) MUST be 0 MRT Maximum retransmission time
transaction-ID An unsigned integer generated by the MRD Maximum retransmission duration
client used to identify this Decline
RAND Randomization factor
With each message transmission or retransmission, the client sets RT
according to the rules given below. If RT expires before the message
exchange terminates, the client recomputes RT and retransmits the
message. message.
client-link-local-address The client's link-local address for Each of the computations of a new RT include a randomization factor
the interface from which the client (RAND), which is a random number chosen with a uniform distribution
will send the Decline message. between -0.1 and +0.1. The randomization factor is included to
minimize synchronization of messages transmitted by DHCP clients.
The algorithm for choosing a random number does not need to be
cryptographically sound. The algorithm SHOULD produce a different
sequence of numbers from each invocation of the DHCP client.
server-address The IP address of the server that RT for the first message transmission is based on IRT:
assigned the addresses.
options See section 18. RT = 2*IRT + RAND*IRT
9.10. DHCP Reconfigure-init Message Format RT for each subsequent message transmission is based on the previous
value of RT:
msg-type RECONFIG-INIT RT = 2*RTprev + RAND*RTprev
preference (unused) MUST be 0 MRT specifies an upper bound on the value of RT. If MRT has a value
of 0, there is no upper limit on the value of RT. Otherwise:
transaction-ID (unused) MUST be 0 if (RT > MRT)
RT = MRT + RAND*MRT
client-link-local-address (unused) MUST be 0 MRC specifies an upper bound on the number of times a client may
retransmit a message. If MRC has a value of 0, the client MUST
continue to retransmit the original message until a response is
received. Otherwise, the message exchange fails if the client
attempts to transmit the original message more than MRC times.
server-address The IP address of the DHCP server MRD specifies an upper bound on the length of time a client may
issuing the Reconfigure-init message. retransmit a message. If MRD has a value of 0, the client MUST
MUST be of sufficient scope to be continue to retransmit the original message until a response is
reachable by all clients. received. Otherwise, the message exchange fails if the client
attempts to transmit the original message more than MRD seconds.
options See section 18. If both MRC and MRD are non-zero, the message exchange fails whenever
either of the conditions specified in the previous paragraph are met.
10. Relay messages 14. Message validation
Relay agents exchange messages with servers to forward messages Servers MUST discard any received messages that include
between clients and servers that are not connected to the same link. authentication information and fail the authentication check by the
server.
10.1. Relay-forward message Clients MUST discard any received messages that include
authentication information and fail the authentication check by the
client, except as noted in section 19.6.5.2.
0 1 2 3 14.1. Use of Transaction-ID field
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| msg-type | prefix length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| relay-address |
| |
| |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| options (variable number and length) .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
msg-type RELAY-FORW The "transaction-ID" field holds a value used by clients and servers
to synchronize server responses to client messages. A client SHOULD
choose a different transaction-ID for each new message it sends. A
client MUST leave the transaction-ID unchanged in retransmissions of
a message.
prefix-length The length of the prefix in the address in the 14.2. Solicit message
"relay-address" field.
relay-address An address assigned to the interface through which Clients MUST discard any received Solicit messages.
the message from the client was received.
options MUST include a "Client message option"; see Relay agents MUST discard any Solicit messages received through port
section 18.5. 546.
10.2. Relay-reply message 14.3. Advertise message
0 1 2 3 Clients MUST discard any received Advertise messages in which the
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 "Transaction-ID" field value does not match the value the client used
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ in its Solicit message.
| msg-type | prefix length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| relay-address |
| |
| |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| options (variable number and length) .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
msg-type RELAY-REPL Servers and relay agents MUST discard any received Advertise
messages.
prefix-length The length of the prefix in the address in the 14.4. Request message
"relay-address" field.
relay-address An address identifying the interface through which Clients MUST discard any received Request messages.
the message from the server should be forwarded;
copied from the "relay-forward" message.
options MUST include a "Server message option"; see Relay agents MUST discard any Request messages received through port
section 18.6. 546.
11. DHCP unique identifier (DUID) Servers MUST discard any received Request message in which the value
in the ``server-address'' field does not match any of the addresses
used by the server.
Each DHCP client has a DUID. DHCP servers use DUIDs to identify 14.5. Confirm message
clients for the selection of configuration parameters and in
the association of IAs with clients. See section 18.2 for the
representation of a DUID in a DHCP message.
DISCUSSION: Clients MUST discard any received Confirm messages.
The syntax, rules for selecting and requirements for gloabl Relay agents MUST discard any Confirm messages received through port
uniqueness in DUIDs are TBD. 546.
The DUID is carried in an option because it may be variable 14.6. Renew message
length and because it is not required in all DHCP options
(e.g., messages sent by servers need not include a DUID).
12. Identity association Clients MUST discard any received Renew messages.
An "identity-association" (IA) is a construct through which a server Relay agents MUST discard any Renew messages received through port
and a client can identify, group and manage IPv6 addresses. Each IA 546.
consists of an IAID and a list of associated IPv6 addresses (the list
may be empty). A client associates an IA with one of its interfaces
and uses the IA to obtain IPv6 addresses for that interface from a
server.
See section 18.3 for the representation of an IA in a DHCP message. Servers MUST discard any received Renew message in which the value in
the ``server-address'' field does not match any of the addresses used
by the server.
13. DHCP Server Solicitation 14.7. Rebind message
This section describes how a client locates servers. The behavior Clients MUST discard any received Rebind messages.
of client and server implementations is discussed, along with the
messages they use.
13.1. Solicit Message Validation Relay agents MUST discard any Rebind messages received through port
546.
Clients MUST silently discard any received Solicit messages. 14.8. Decline messages
Agents MUST silently discard any received Solicit messages if the Clients MUST discard any received Decline messages.
"client-link-local-address" field does not contain a valid link-local
address.
13.2. Advertise Message Validation Relay agents MUST discard any Decline messages received through port
546.
Servers MUST discard any received Advertise messages. Servers MUST discard any received Decline message in which the value
in the ``server-address'' field does not match any of the addresses
used by the server.
Clients MUST discard any Advertise messages that meet any of the 14.9. Release message
following criteria:
o The "Transaction-ID" field value does not match the value the Clients MUST discard any received Release messages.
client used in its Solicit message.
o The "client-link-local-address" field value does not match the Relay agents MUST discard any Release messages received through port
link-local address of the interface upon which the client sent 546.
the Solicit message.
13.3. Client Behavior Servers MUST discard any received Release message in which the value
in the ``server-address'' field does not match any of the addresses
used by the server.
Clients use the Solicit message to discover DHCP servers configured 14.10. Reply message
Clients MUST discard any received Reply messages in which the
``transaction-ID'' field in the message does not match the value used
in the original message.
Servers and relay agents MUST discard any received Reply messages.
14.11. Reconfigure-init message
Servers and relay agents MUST discard any received Reconfigure-init
messages.
Clients MUST discard any Reconfigure-init messages that do not
contain an authentication option or that fail the authentication
performed by the client.
14.12. Relay-forward message
Clients MUST discard any received Relay-forward messages.
14.13. Relay-reply message
Clients and servers MUST discard any received Relay-reply messages.
15. DHCP Server Solicitation
This section describes how a client locates servers.
15.1. Client Behavior
A client uses the Solicit message to discover DHCP servers configured
to serve addresses on the link to which the client is attached. to serve addresses on the link to which the client is attached.
13.3.1. Creation and sending of the Solicit message 15.1.1. Creation of Solicit messages
The client sets the "msg-type" field to SOLICIT, and places the The client sets the "msg-type" field to SOLICIT. The client generates
link-local address of the interface it wishes to configure in the a transaction ID and inserts this value in the "transaction-ID"
"client-link-local-address" field. field.
The client generates a transaction ID inserts this value in the The client MUST include a DUID option to identify itself to the
"transaction-ID" field. server. The client MUST include options for any IAs to which it
wants the server to assign addresses. The client MAY choose not to
include any IAs in the Solicit message if it does not need to request
that any addresses be assigned. The client MAY include addresses in
the IAs as a hint to the server about addresses for which the client
may have a preference. The client MAY include an Option Request
Option in the Solicit message. The client MUST NOT include any other
options except those specifically allowed as defined by specific
options.
The client includes a DUID option to identify itself to the server. 15.1.2. Transmission of Solicit Messages
The client MUST include options for any IAs to which the client is
expecting to have the server assign addresses. Because the client
does not have any IAs with addresses when sending a Solicit message,
all of the IAs MUST be empty. The client MAY include an Option
Request Option in the Solicit message. The client MUST NOT include
any other options except those specifically allowed as defined by
specific options.
The client sends the Solicit message to the All DHCP Agents The client sends the Solicit message to the All_DHCP_Agents
multicast address, destination port 547. The source port selection multicast address. The client MUST use an IPv6 address assigned
can be arbitrary, although it SHOULD be possible using a client to the interface for which the client is interested in obtaining
configuration facility to set a specific source port value. configuration information as the source address in the IP header of
the datagram carrying the Solicit message.
13.3.2. Time out and retransmission of Solicit Messages The Solicit message MUST be transmitted on the link that the
interface for which configuration information is being obtained
is attached to. The client SHOULD send the message through that
interface. The client MAY send the message through another interface
attached to the same link if and only if the client is certain the
the two interface are attached to the same link.
The client's first Solicit message on the interface MUST be delayed The first Solicit message from the client on the interface MUST
by a random amount of time between the interval of MIN_SOL_DELAY and be delayed by a random amount of time between MIN_SOL_DELAY and
MAX_SOL_DELAY. This random delay desynchronizes clients which start MAX_SOL_DELAY. This random delay desynchronizes clients which start
at the same time (e.g., after a power outage). at the same time (e.g., after a power outage).
The client waits ADV_MSG_TIMEOUT, collecting Advertise messages. The client transmits the message according to section 13, using the
If no Advertise messages are received, the client retransmits following parameters:
the Solicit, and doubles the ADV_MSG_TIMEOUT value. This process
continues until either one or more Advertise messages are received or
ADV_MSG_TIMEOUT reaches the ADV_MSG_MAX value. Thereafter, Solicits
are retransmitted every ADV_MSG_MAX until SOL_MAX_ATTEMPTS have been
made, at which time the client MAY choose to stop trying to DHCP
configure the interface. An event external to DHCP is required
to restart the DHCP configuration process. A DHCP client MAY,
alternatively, choose to continue sending Solicit messages at the
ADV_MSG_MAX interval.
Default and initial values for MIN_SOL_DELAY, MAX_SOL_DELAY, IRT SOL_TIMEOUT
ADV_MSG_TIMEOUT, AND ADV_MSG_MAX are documented in section 7.5.
13.3.3. Receipt of Advertise messages MRT SOL_MAX_RT
Upon receipt of one or more validated Advertise messages, the client MRC 0
MRD 0
The mechanism in section 13 is modified as follows for use in the
transmission of Solicit messages. The message exchange is not
terminated by the receipt of an Advertise before SOL_TIMEOUT has
elapsed. Rather, the client collects Advertise messages until
SOL_TIMEOUT has elapsed. The first RT MUST be selected to be
strictly greater than SOL_TIMEOUT by choosing RAND to be strictly
greater than 0.
A client MUST collect Advertise messages for SOL_TIMEOUT seconds,
unless it receives an Advertise message with a preference value
of 255. The preference value is carried in the Preference option
(section 20.5). Any Solicit that does not include a Preference
option is considered to have a preference value of 0. If the client
receives an Advertise message with a preference value of 255, then
the client MAY act immediately on that Advertise message without
waiting for any more additional Advertise messages.
A DHCP client SHOULD choose MRC and MRD to be 0. If the DHCP client
is configured with either MRC or MRD set to a value other than
0, it MUST stop trying to configure the interface if the message
exchange fails. After the DHCP client stops trying to configure the
interface, it MAY choose to restart the reconfiguration process after
some external event, such as user input, system restart, or when the
client is attached to a new link.
15.1.3. Receipt of Advertise messages
The client MUST ignore any Advertise message that includes a Status
Code option containing the value AddrUnavail, with the exception that
the client MAY display the associated status message to the user.
Upon receipt of one or more valid Advertise messages, the client
selects one or more Advertise messages based upon the following selects one or more Advertise messages based upon the following
criteria. criteria.
- Those Advertise messages with the highest server preference - Those Advertise messages with the highest server preference value
value (see section 19.4) are preferred over all other Advertise are preferred over all other Advertise messages.
messages.
- Within a group of Advertise messages with the same server - Within a group of Advertise messages with the same server
preference value, a client MAY select those servers whose preference value, a client MAY select those servers whose
Advertise messages advertise information of interest to Advertise messages advertise information of interest to the
the client. For example, one server may be advertising the client. For example, the client may choose a server that
availability of IP addresses which have an address scope of returned an advertisement with configuration options of interest
interest to the client. to the client.
- The client MAY choose a less-preferred server if that server has
a better set of advertised parameters, such as the available
addresses advertised in IAs.
Once a client has selected Advertise message(s), the client will Once a client has selected Advertise message(s), the client will
typically store information about each server, such as server typically store information about each server, such as server
preference value, addresses advertised, when the advertisement was preference value, addresses advertised, when the advertisement was
received, and so on. Depending on the requirements of the client's received, and so on. Depending on the requirements of the user that
invoking user, the client MAY initiate a configuration exchange with invoked the DHCP client, the client MAY initiate a configuration
the server(s) immediately, or MAY defer this exchange until later. exchange with the server(s) immediately, or MAY defer this exchange
until later.
If the client needs to select an alternate server in the case that a If the client needs to select an alternate server in the case that a
chosen server does not respond, the client chooses the server with chosen server does not respond, the client chooses the next server
the next highest preference value. according to the criteria given above.
The client MAY choose a less-preferred server if that server has a
better set of advertised parameters, such as the available addresses
advertised in IAs.
13.4. Server Behavior
For this discussion, the server is assumed to have been configured in 15.2. Server Behavior
an implementation specific manner. This configuration is assumed to
contain all network topology information for the DHCP domain, as well
as any necessary authentication information.
13.4.1. Receipt of Solicit messages A server sends an Advertise message in response to Solicit messages
it receives to announce the availability of the server to the client.
If the server receives a Solicit message, the client must be on the 15.2.1. Receipt of Solicit messages
same link as the server. If the server receives a Relay-forward
message containing a Solicit message, the client must be on the
link to which the prefix identified by the "relay-address" and
"prefix-length" fields in the Relay-forward message is assigned.
The server records the "relay-address" field from the Relay-forward
message and extracts the solicit message from the "client-message"
option.
If administrative policy permits the server to respond to a client on The server determines the information about the client and its
that link, the server will generate and send an Advertise message to location as described in section 12. If administrative policy
the client. permits the server to respond to the client, the server will generate
and send an Advertise message to the client.
13.4.2. Creation and sending of Advertise messages 15.2.2. Creation and transmission of Advertise messages
The server sets the "msg-type" field to ADVERTISE and copies the The server sets the "msg-type" field to ADVERTISE and copies the
values of the following fields from the client's Solicit to the contents of the transaction-ID field from the Solicit message
Advertise message: received from the client to the Advertise message. The server places
one of its IP addresses (determined through administrator setting)
o transaction-ID in the "server-address" field of the Advertise message. The server
MAY add a Preference option to carry the preference value for the
Advertise message.
o client-link-local-address The server implementation SHOULD allow the setting of a server
The server places one of its IP addresses (determined through preference value by the administrator. The server preference value
administrator setting) in the "server-address" field of the Advertise MUST default to zero unless otherwise configured by the server
message. The server sets the "preference" field according to its administrator.
configuration information. See section 20.3 for a description of
server preference.
The server MUST include options to the Advertise message containing The server MUST include IA options in the Advertise message
any addresses that would be assigned to IAs contained in the Solicit containing any addresses that would be assigned to IAs contained in
message from the client. The server MAY include other options the the Solicit message from the client. If the Solicit message from the
server will return to the client in a subsequent Reply message. client included no IAs, the server MUST not include any IAs in the
The information in these options will be used by the client in the Advertise message. If the server will not assign any addresses to
selection of a server if the client receives more than one Advertise IAs in a subsequent Request from the client, the server MAY choose to
message. send an Advertise message to the client that includes only a status
code option with the status code set to AddrUnavail and a status
message for the user.
If the Solicit message was received in a Relay-forward message, the The server MAY include other options the server will return to the
server constructs a Relay-reply message with the Advertise message in client in a subsequent Reply message. The information in these
the payload of a "server-message" option. The server unicasts the options will be used by the client in the selection of a server if
Relay-reply message to the address in the "relay-address" field from the client receives more than one Advertise message. The server
the Relay-forward message. SHOULD include options specifying values for options requested by the
client in an Option Request Option included in the Solicit message.
If the Solicit message was received directly by the server, the If the Solicit message was received directly by the server, the
server unicasts the Advertise message directly to the client using server unicasts the Advertise message directly to the client using
the "client-link-local-address" field value as the destination the address in the source address field from the IP datagram in
address. The Advertise message MUST be unicast through the interface which the Solicit message was received. The Advertise message MUST
on which the Solicit message was received. be unicast through the interface on which the Solicit message was
received.
14. DHCP Client-Initiated Configuration Exchange If the Solicit message was received in a Relay-forward message,
the server constructs a Relay-reply message with the Advertise
message in the payload of a "server-message" option. The server
unicasts the Relay-reply message directly to the relay agent using
the address in the source address field from the IP datagram in which
the Relay-forward message was received.
16. DHCP Client-Initiated Configuration Exchange
A client initiates a message exchange with a server or servers to A client initiates a message exchange with a server or servers to
acquire or update configuration information of interest. The client acquire or update configuration information of interest. The client
may initiate the configuration exchange as part of the operating may initiate the configuration exchange as part of the operating
system configuration process or when requested to do so by the system configuration process or when requested to do so by the
application layer. application layer.
The client uses the following messages to initiate a configuration 16.1. Client Behavior
event:
Request Obtain initial configuration information (from a server
identified in a previously received Advertise message)
when the client has no assigned addresses
Confirm Confirm the validity of assigned addresses and other
configuration changes through the server from which the
configuration information was obtained when the client's
assigned addresses may not be valid; for example, when
the client reboots or loses its connection to a link
Renew Extend the lease on an IA through the server that
originally assigned the IA
Rebind Extend the lease on an IA through any server willing to
extend the lease
Release Release the lease on an IA and release all of the
addresses contained in the IA,
Decline Decline the assignment of one or more addresses in an
IA.
A client uses the Release/Reply message exchange to indicate to the
DHCP server that the client will no longer be using the addresses in
the released IA.
A client uses the Decline/Reply message exchange to indicate to the
DHCP server that the client has detected that one or more addresses
assigned by the server is already in use on the client's link.
14.1. Client Message Validation
Clients MUST silently discard any received client messages (Request,
Confirm, Renew, Rebind, Release or Decline messages).
Agents MUST discard any received client messages in which the A client will use Request, Confirm, Renew and Rebind messages to
"client-link-local-address" field does not contain a valid link-local acquire and confirm the validity of configuration information. The
address. client uses the server address information from previous Advertise
message(s) for use in constructing Request and Renew message(s).
Note that a client may request configuration information from one or
more servers at any time.
Servers MUST discard any received client messages in which the 16.1.1. Creation and transmission of Request messages
"options" field contains an authentication option, and the server
cannot successfully authenticate the client.
Servers MUST discard any received Request, Renew, Release or Decline If the client is using stateful address configuration and needs
message in which the "server-address" field value does not match any either an initial set of addresses or additional addresses, it
of the server's addresses. MUST send a Request message to obtain new addresses and other
configuration information. The client includes one or more IAs in
the Request message, to which the server assigns new addresses. The
server then returns IA(s) to the client in a Reply message.
14.2. Server Message Validation The client generates a transaction ID and inserts this value in the
"transaction-ID" field.
Servers MUST silently discard any received server messages The client places the address of the destination server in the
(Advertise, Reply or Reconfigure-init messages). "server-address" field.
Clients MUST discard any server messages that meet any of the The client MUST include a DUID option to identify itself to the
following criteria: server. The client adds any other appropriate options, including
one or more IA options (if the client is requesting that the server
assign it some network addresses). The list of addresses in each
included IA MUST be empty. If the client is not requesting that the
server assign it any addresses, the client omits the IA option.
o The "transaction-ID" field value in the server message does If the client has a source address that can be used by the server
not match the value the client used in its Request or Release as a return address and the client has received a Client Unicast
option (section 20.11) from the server, the client SHOULD unicast
the Request message to the server. Otherwise, the client MUST send
the Request message to the All_DHCP_Agents multicast address. The
client MUST use an address assigned to the interface for which the
client is interested in obtaining configuration information as the
source address in the IP header of the datagram carrying the Request
message. message.
o The "client-link-local-address" field value in the server message DISCUSSION:
does not match the link-local address of the interface from which
the client sent in its Request, Confirm, Renew, Rebind, Release
or Decline message.
o The server message contains an authentication option, and the
client's attempt to authenticate the message fails.
Relays MUST discard any Relay-reply message in which the
"client-link-local-address" in the encapsulated Reply message does
not contain a valid link-local address.
14.3. Client Behavior
A client will use Request, Confirm, Renew and Rebind messages to
acquire and confirm the validity of configuration information. A
client may initiate such an exchange automatically in order to
acquire the necessary network parameters to communicate with nodes
off-link. The client uses the server address information from
previous Advertise message(s) for use in constructing Request and
Renew message(s). Note that a client may request configuration
information from one or more servers at any time.
A client uses the Release message in the management of IAs when Use of multicast and relay agents enables the inclusion of
the client has been instructed to release the IA prior to the IA relay agent options in all messages sent by the client. The
expiration time since it is no longer needed. server should enable the use of unicast only when relay
agent options will not be used.
A client uses the Decline message when the client has determined If the client multicasts the Request message, the message MUST be
through DAD or some other method that one or more of the addresses transmitted on the link that the interface for which configuration
assigned by the server in the IA is already in use by a different information is being obtained is attached to. The client SHOULD send
client. the message through that interface. The client MAY send the message
through another interface attached to the same link if and only if
the client is certain the the two interface are attached to the same
link.
14.3.1. Creation and sending of Request messages The client transmits the message according to section 13, using the
following parameters:
If a client has no valid IPv6 addresses of sufficient scope to IRT REQ_TIMEOUT
communicate with a DHCP server, it may send a Request message to
obtain new addresses. The client includes one or more IAs in the
Request message, to which the server assigns new addresses. The
server then returns IA(s) to the client in a Reply message.
The client sets the "msg-type" field to REQUEST, and places MRT REQ_MAX_RT
the link-local address of the interface it wishes to acquire
configuration information for in the "client-link-local-address"
field.
The client generates a transaction ID inserts this value in the MRC REQ_MAX_RC
"transaction-ID" field.
The client places the address of the destination server in the MRD 0
"server-address" field.
The client adds a DUID option to identify itself to the server. The If the message exchange fails, the client MAY choose one of the
client adds any other approppriate options, including one or more IA following actions:
options (if the client is requesting that the server assign it some
network addresses). The list of addresses in each included IA MUST
be empty. If the client is not requesting that the server assign it
any addresses, the client omits the IA option.
The client sends the Request message to the All DHCP Agents - Select another server from a list of servers known to the client;
multicast address, destination port 547. The source port selection e. g., servers that responded with an Advertise message
can be arbitrary, although it SHOULD be possible using a client
configuration facility to set a specific source port value.
The server will respond to the Request message with a Reply - Initiate the server discovery process described in section 15
message. If no Reply message is received within REP_MSG_TIMEOUT
milliseconds, the client retransmits the Request with the same
transaction-ID, and doubles the REP_MSG_TIMEOUT value, and waits
again. The client continues this process until a Reply is received
or REQUEST_MSG_ATTEMPTS unsuccessful attempts have been made, at
which time the client MUST abort the configuration attempt. The
client SHOULD report the abort status to the application layer.
Default and initial values for REP_MSG_TIMEOUT and REQ_MSG_ATTEMPTS - Terminate the configuration process and report failure
are documented in section 7.5.
14.3.2. Creation and sending of Confirm messages 16.1.2. Creation and transmission of Confirm messages
Whenever a client may have moved to a new link, its IPv6 addresses Whenever a client may have moved to a new link, its IPv6 addresses
may no longer be valid. Examples of times when a client may have and other configuration information may no longer be valid. Examples
moved to a new link include: of times when a client may have moved to a new link include:
o The client reboots o The client reboots
o The client is physically disconnected from a wired connection o The client is physically disconnected from a wired connection
o The client returns from sleep mode o The client returns from sleep mode
o The client using a wireless technology changes cells o The client using a wireless technology changes cells
In any situation when a client may have moved to a new link, the In any situation when a client may have moved to a new link, the
client MUST initiate a Confirm/Reply message exchange. The client client MUST initiate a Confirm/Reply message exchange. The client
includes any IAs, along with the addresses associated with those IAs, includes any IAs, along with the addresses associated with those IAs,
in its Confirm message. Any responding servers will indicate the in its Confirm message. Any responding servers will indicate the
acceptability of the addresses with the status in the IA it returns acceptability of the addresses with the status in the Reply message
to the client. it returns to the client.
The client sets the "msg-type" field to CONFIRM, and places The client sets the "msg-type" field to CONFIRM. The client generates
the link-local address of the interface it wishes to acquire a transaction ID and inserts this value in the "transaction-ID"
configuration information for in the "client-link-local-address"
field. field.
The client generates a transaction ID inserts this value in the
"transaction-ID" field.
The client sets the "server-address" field to 0. The client sets the "server-address" field to 0.
The client adds a DUID option to identify itself to the server. The The client MUST include a DUID option to identify itself to the
client adds any appropriate options, including one or more IA options server. The client adds any appropriate options, including one or
(if the client is requesting that the server confirm the validity of more IA options (if the client is requesting that the server confirm
some network addresses). If the client does include any IA options, the validity of some IPv6 addresses). If the client does include
it MUST include the list of addresses the client currently has any IA options, it MUST include the list of addresses the client
associated with that IA. currently has associated with that IA.
The client sends the Confirm message to the All DHCP Agents The client sends the Confirm message to the All_DHCP_Agents
multicast address, destination port 547. The source port selection multicast address. The client MUST use an IPv6 address assigned
can be arbitrary, although it SHOULD be possible using a client to the interface for which the client is interested in obtaining
configuration facility to set a specific source port value. configuration information as the source address in the IP header of
the datagram carrying the Confirm message.
Servers will respond to the Confirm message with a Reply message. If The Confirm message MUST be transmitted on the link that the
no Confirm message is received within REP_MSG_TIMEOUT milliseconds, interface for which configuration information is being obtained
the client retransmits the Confirm with the same transaction-ID, is attached to. The client SHOULD send the message through that
and doubles the REP_MSG_TIMEOUT value, and waits again. The client interface. The client MAY send the message through another interface
continues this process until a Reply is received or QRY_MSG_ATTEMPTS attached to the same link if and only if the client is certain the
unsuccessful attempts have been made, at which time the client MUST the two interface are attached to the same link.
abort the configuration attempt. The client SHOULD report the abort
status to the application layer.
Default and initial values for REP_MSG_TIMEOUT and QRY_MSG_ATTEMPTS The client transmits the message according to section 13, using the
are documented in section 7.5. following parameters:
If the client receives no response to its Confirm message, it MAY IRT CNF_TIMEOUT
restart the configuration process by locating a DHCP server with an
Advertise message and sending a Request to that server, as described
in section 14.3.1.
14.3.3. Creation and sending of Renew messages MRT CNF_MAX_RT
MRC 0
MRD CNF_MAX_RD
If the client receives no responses before the message transmission
process as described in section 13 terminates, the client SHOULD
continue to use any IP addresses, using the last known lifetimes for
those addresses, and SHOULD continue to use any other previously
obtained configuration parameters.
16.1.3. Creation and transmission of Renew messages
IPv6 addresses assigned to a client through an IA use the same IPv6 addresses assigned to a client through an IA use the same
preferred and valid lifetimes as IPv6 addresses obtained through preferred and valid lifetimes as IPv6 addresses obtained through
stateless autoconfiguration. The server assigns preferred and valid stateless address autoconfiguration. The server assigns preferred
lifetimes to the IPv6 addresses it assigns to an IA. To extend those and valid lifetimes to the IPv6 addresses it assigns to an IA. To
lifetimes, the client sends a Request to the server containing an extend those lifetimes, the client sends a Renew message to the
"IA option" for the IA and its associated addresses. The server server containing an "IA option" for the IA and its associated
determines new lifetimes for the addresses in the IA according to addresses. The server determines new lifetimes for the addresses in
the server's administrative configuration. The server may also add the IA according to the administrative configuration of the server.
new addresses to the IA. The server remove addresses from the IA by The server may also add new addresses to the IA. The server may
setting the preferred and valid lifetimes of those addresses to zero. remove addresses from the IA by setting the preferred and valid
lifetimes of those addresses to zero.
The server controls the time at which the client contacts the server The server controls the time at which the client contacts the server
to extend the lifetimes on assigned addresses through the T1 and to extend the lifetimes on assigned addresses through the T1 and
T2 parameters assigned to an IA. If the server does not assign an T2 parameters assigned to an IA. If the server does not assign an
explicit value to T1 or T2 for an IA, T1 defaults to 0.5 times the explicit value to T1 or T2 for an IA, T1 defaults to 0.5 times the
shortest preferred lifetime of any address assigned to the IA and shortest preferred lifetime of any address assigned to the IA and
T2 defaults to 0.875 times the shortest preferred lifetime of any T2 defaults to 0.875 times the shortest preferred lifetime of any
address assigned to the IA. address assigned to the IA.
At time T1 for an IA, the client initiates a Request/Reply message At time T1 for an IA, the client initiates a Renew/Reply message
exchange to extend the lifetimes on any addresses in the IA. The exchange to extend the lifetimes on any addresses in the IA. The
client includes an IA option with all addresses currently assigned to client includes an IA option with all addresses currently assigned to
the IA in its Request message. The client sends this Request message the IA in its Renew message.
to the All DHCP Agents multicast address.
The client sets the "msg-type" field to RENEW, and places
the link-local address of the interface it wishes to acquire
configuration information for in the "client-link-local-address"
field.
The client generates a transaction ID inserts this value in the The client sets the "msg-type" field to RENEW. The client generates a
"transaction-ID" field. transaction ID and inserts this value in the "transaction-ID" field.
The client places the address of the destination server in the The client places the address of the destination server in the
"server-address" field. "server-address" field.
The client adds a DUID option to identify itself to the server. The The client MUST include a DUID option to identify itself to the
client adds any appropriate options, including one or more IA options server. The client adds any appropriate options, including one or
(if the client is requesting that the server extend the lease on some more IA options (if the client is requesting that the server extend
IAs; note that the client may check the status of other configuration the lease on some IAs; note that the client may check the status of
parameters without asking for lease extensions). If the client does other configuration parameters without asking for lease extensions).
include any IA options, it MUST include the list of addresses the If the client does include any IA options, it MUST include the list
client currently has associated with that IA. of addresses the client currently has associated with that IA.
The client sends the Renew message to the All DHCP Agents multicast If the client has a source address that can be used by the server as
address, destination port 547. The source port selection can a return address and the client has received a Client Unicast option
be arbitrary, although it SHOULD be possible using a client (section 20.11) from the server, the client SHOULD unicast the Renew
configuration facility to set a specific source port value. message to the server. Otherwise, the client sends the Renew message
to the All_DHCP_Agents multicast address. The client MUST use an
address assigned to the interface for which the client is interested
in obtaining configuration information as the source address in the
IP header of the datagram carrying the Renew message.
The server will respond to the Renew message with a Reply message. If the Renew message is multicast, it MUST be transmitted on the
If no Reply message is received within REP_MSG_TIMEOUT milliseconds, link that the interface for which configuration information is being
the client retransmits the Renew with the same transaction-ID, and obtained is attached to. The client SHOULD send the message through
doubles the REP_MSG_TIMEOUT value, and waits again. The client that interface. The client MAY send the message through another
continues this process until a Reply is received or until time T2 is interface attached to the same link if and only if the client is
reached (see section 14.3.4). certain the the two interface are attached to the same link.
Default and initial values for REP_MSG_TIMEOUT are documented in The client transmits the message according to section 13, using the
section 7.5. following parameters:
14.3.4. Creation and sending of Rebind messages IRT REN_TIMEOUT
MRT REP_MAX_RT
MRC 0
MRD 0
The mechanism in section 13 is modified as follows for use in the
transmission of Renew messages. The message exchange is terminated
when time T2 is reached (see section 16.1.4), at which time the
client begins a Rebind message exchange.
16.1.4. Creation and transmission of Rebind messages
At time T2 for an IA (which will only be reached if the server to At time T2 for an IA (which will only be reached if the server to
which the Renew message was sent at time T1 has not responded), which the Renew message was sent at time T1 has not responded),
the client initiates a Rebind/Reply message exchange. The client the client initiates a Rebind/Reply message exchange. The client
includes an IA option with all addresses currently assigned to the IA includes an IA option with all addresses currently assigned to the
in its Rebind message. The client sends this message to the All DHCP IA in its Rebind message. The client sends this message to the
Agents multicast address. All_DHCP_Agents multicast address.
The client sets the "msg-type" field to REBIND, and places
the link-local address of the interface it wishes to acquire
configuration information for in the "client-link-local-address"
field.
The client generates a transaction ID inserts this value in the The client sets the "msg-type" field to REBIND. The client generates
"transaction-ID" field. a transaction ID inserts this value in the "transaction-ID" field.
The client sets the "server-address" field to 0. The client sets the "server-address" field to 0.
The client adds a DUID option to identify itself to the server. The client MUST include a DUID option to identify itself to the
The client adds any appropriate options, including one or more IA server. The client adds any appropriate options, including one or
options. If the client does include any IA options (if the client is more IA options. If the client does include any IA options (if the
requesting that the server extend the lease on some IAs; note that client is requesting that the server extend the lease on some IAs;
the client may check the status of other configuration parameters note that the client may check the status of other configuration
without asking for lease extensions), it MUST include the list of parameters without asking for lease extensions), it MUST include the
addresses the client currently has associated with that IA. list of addresses the client currently has associated with that IA.
The client sends the Rebind message to the All DHCP Agents multicast The client sends the Rebind message to the All_DHCP_Agents
address, destination port 547. The source port selection can multicast address. The client MUST use an IPv6 address assigned
be arbitrary, although it SHOULD be possible using a client to the interface for which the client is interested in obtaining
configuration facility to set a specific source port value. configuration information as the source address in the IP header of
the datagram carrying the Rebind message.
The server will respond to the Rebind message with a Reply message. The Rebind message MUST be transmitted on the link that the interface
If no Reply message is received within REP_MSG_TIMEOUT milliseconds, for which configuration information is being obtained is attached
the client retransmits the Rebind with the same transaction-ID, and to. The client SHOULD send the message through that interface. The
doubles the REP_MSG_TIMEOUT value, and waits again. The client client MAY send the message through another interface attached to the
continues this process until a Reply is received. same link if and only if the client is certain the the two interface
are attached to the same link.
Default and initial values for REP_MSG_TIMEOUT are documented in The client transmits the message according to section 13, using the
section 7.5. following parameters:
The client has several alternatives to choose from if it receives no IRT REB_TIMEOUT
response to its Rebind message.
MRT REB_MAX_RT
MRC 0
MRD 0
The mechanism in section 13 is modified as follows for use in the
transmission of Rebind messages. The message exchange is terminated
when the lease for the IA expires (see section 11), at which time the
client has several alternative actions to choose from:
- When the lease on the IA expires, the client may choose to use a - When the lease on the IA expires, the client may choose to use a
Solicit message to locate a new DHCP server and send a Request Solicit message to locate a new DHCP server and send a Request
for the expired IA to the new server for the expired IA to the new server
- Some addresses in the IA may have lifetimes that extend beyond - Some addresses in the IA may have lifetimes that extend beyond
the lease of the IA, so the client may choose to continue to use the lease of the IA, so the client may choose to continue to use
those addresses; once all of the addresses have expired, the those addresses; once all of the addresses have expired, the
client may choose to locate a new DHCP server client may choose to locate a new DHCP server
- The client may have other addresses in other IAs, so the client - The client may have other addresses in other IAs, so the client
may choose to discard the expired IA and use the addresses in the may choose to discard the expired IA and use the addresses in the
other IAs other IAs
14.3.5. Receipt of Reply message in response to a Request, Confirm, 16.1.5. Receipt of Reply message in response to a Request, Confirm,
Renew or Rebind message Renew or Rebind message
Upon the receipt of a valid Reply message in response to a Upon the receipt of a valid Reply message in response to a
Request, Confirm, Renew or Rebind message, the client extracts the Request, Confirm, Renew or Rebind message, the client extracts the
configuration information contained in the Reply. If the "status" configuration information contained in the Reply. The client MAY
field contains a non-zero value, the client reports the error status choose to report any status code or message from the status code
to the application layer. option in the Reply message.
The client SHOULD perform duplicate address detection [20] on each of
the addresses in any IAs it receives in the Reply message. If any of
the addresses are found to be in use on the link, the client sends a
Decline message to the server as described in section 16.1.8.
The client records the T1 and T2 times for each IA in the Reply The client records the T1 and T2 times for each IA in the Reply
message. The client records any addresses included with IAs in message. The client records any addresses included with IAs in
the Reply message. The client updates the preferred and valid the Reply message. The client updates the preferred and valid
lifetimes for the addresses in the IA from the lifetime information lifetimes for the addresses in the IA from the lifetime information
in the IA option. The client leaves any addresses that the client in the IA option. The client leaves any addresses that the client
has associated with the IA that are not included in the IA option has associated with the IA that are not included in the IA option
unchanged. unchanged.
Management of the specific configuration information is detailed in Management of the specific configuration information is detailed in
the definition of each option, in section 18. the definition of each option, in section 20.
When the client receives an Unavail error status in an IA from the When the client receives a NoPrefixMatch status in an IA from the
server the client can assume it needs to send a Request to the server
to obtain appropriate addresses for the IA. If the client receives
any Reply messages that do not indicate a NoPrefixMatch status, the
client can use the addresses in the IA and ignore any messages that
do indicate a NoPrefixMatch status.
When the client receives an AddrUnavail status in an IA from the
server for a Request message the client will have to find a new server for a Request message the client will have to find a new
server to create an IA. server to create an IA.
When the client receives a NoBinding error status in an IA from the When the client receives a NoBinding status status in an IA from the
server for a Confirm message the client can assume it needs to send a server for a Confirm message the client can assume it needs to send a
Request to reestablish an IA with the server. Request to reestablish an IA with the server.
When the client receives a Conf_NoMatch error status in an IA from When the client receives a ConfNoMatch status in an IA from the
the server for a Confirm message the client can send a Renew message server for a Confirm message the client can send a Renew message to
to the server to extend the lease for the addresses. the server to extend the lease for the addresses.
When the client receives a NoBinding error status in an IA from the When the client receives a NoBinding status in an IA from the server
for a Renew message the client can assume it needs to send a Request
to reestablish an IA with the server.
When the client receives a RenwNoMatch status in an IA from the
server for a Renew message the client can assume it needs to send a server for a Renew message the client can assume it needs to send a
Request to reestablish an IA with the server. Request to reestablish an IA with the server.
When the client receives a Renw_NoMatch error status in an IA from When the client receives an AddrUnavail status in an IA from the
the server for a Renew message the client can assume it needs to send
a Request to reestablish an IA with the server.
When the client receives an Unavail error status in an IA from the
server for a Renew message the client can assume it needs to send a server for a Renew message the client can assume it needs to send a
Request to reestablish an IA with the server. Request to reestablish an IA with the server.
When the client receives a NoBinding error status in an IA from the When the client receives a NoBinding status in an IA from the server
for a Rebind message the client can assume it needs to send a Request
to reestablish an IA with the server or try another server.
When the client receives a RebdNoMatch status in an IA from the
server for a Rebind message the client can assume it needs to send a server for a Rebind message the client can assume it needs to send a
Request to reestablish an IA with the server or try another server. Request to reestablish an IA with the server or try another server.
When the client receives a Rebd_NoMatch error status in an IA from When the client receives an AddrUnavail status in an IA from the
the server for a Rebind message the client can assume it needs to
send a Request to reestablish an IA with the server or try another
server.
When the client receives an Unavail error status in an IA from the
server for a Rebind message the client can assume it needs to send a server for a Rebind message the client can assume it needs to send a
Request to reestablish an IA with the server or try another server. Request to reestablish an IA with the server or try another server.
14.3.6. Creation and sending of Release messages 16.1.6. Creation and transmission of Release messages
The client sets the "msg-type" field to RELEASE, and places the
link-local address of the interface associated with the configuration
information it wishes to release in the "client-link-local-address"
field.
The client generates a transaction ID and places this value in the The client sets the "msg-type" field to RELEASE. The client generates
"transaction-ID" field. a transaction ID and places this value in the "transaction-ID" field.
The client places the IP address of the server that allocated the The client places the IP address of the server that allocated the
address(es) in the "server-address" field. address(es) in the "server-address" field.
The client adds a DUID option to identify itself to the server. The The client MUST include a DUID option to identify itself to the
client includes options containing the IAs it is releasing in the server. The client includes options containing the IAs it is
"options" field. The addresses to be released MUST be included in releasing in the "options" field. The addresses to be released
the IAs. The appropriate "status" field in the options MUST be set MUST be included in the IAs. The appropriate "status" field in the
to indicate the reason for the release. options MUST be set to indicate the reason for the release.
If the client is configured to use authentication, the client The client MUST NOT use any of the addresses in the IAs in the
generates the appropriate authentication option, and adds this option message as the source address in the Release message or in any
to the "options" field. Note that the authentication option MUST be subsequently transmitted message.
the last option in the "options" field. See section 18.9 for more
details about the authentication option.
The client sends the Release message to the All DHCP Agents multicast If the client has a source address that can be used by the server
address. as a return address and the client has received a Client Unicast
option (section 20.11) from the server, the client SHOULD unicast the
Release message to the server. Otherwise, the client MUST send the
Release message to the All_DHCP_Agents multicast address. The client
MUST use an address for the interface to which the IAs in the Release
message are assigned as the source address for the Release message.
14.3.7. Time out and retransmission of Release Messages DISCUSSION:
Use of multicast and relay agents enables the inclusion of
relay agent options in all messages sent by the client. The
server should enable the use of unicast only when relay
agent options will not be used.
If the Release message is multicast, it MUST be transmitted on the
link that the interface for which configuration information is being
obtained is attached to. The client SHOULD send the message through
that interface. The client MAY send the message through another
interface attached to the same link if and only if the client is
certain the the two interface are attached to the same link.
A client MAY choose to wait for a Reply message from the server in A client MAY choose to wait for a Reply message from the server in
response to the Release message. If the client does wait for a response to the Release message. If the client does wait for a
Reply, the client MAY choose to retransmit the Release message. Reply, the client MAY choose to retransmit the Release message.
If no Reply message is received within REP_MSG_TIMEOUT milliseconds, The client transmits the message according to section 13, using the
the client retransmits the Release, doubles the REP_MSG_TIMEOUT following parameters:
value, and waits again. The client continues this process until a
Reply is received or REL_MSG_ATTEMPTS unsuccessful attempts have been
made, at which time the client SHOULD abort the release attempt.
The client SHOULD return the abort status to the application, if an
application initiated the release.
Default and initial values for REP_MSG_TIMEOUT and REL_MSG_ATTEMPTS IRT REL_TIMEOUT
are documented in section 7.5.
MRT 0
MRC REL_MAX_MRC
MRD 0
The client MUST abandon the attempt to release addresses if the
Release message exchange fails.
The client MUST stop using all of the addresses in the IA(s) being
released as soon as the client begins the Release message exchange
process. If an IA is released but the Reply from a DHCP server
is lost, the client will retransmit the Release message, and the
server may respond with a Reply indicating a status of "Nobinding".
Therefore, the client does not treat a Reply message with a status
of "Nobinding" in a Release message exchange as if it indicates an
error.
Note that if the client fails to release the IA, the addresses Note that if the client fails to release the IA, the addresses
assigned to the IA will be reclaimed by the server when the lease assigned to the IA will be reclaimed by the server when the lease
associated with it expires. associated with it expires.
14.3.8. Receipt of Reply message in response to a Release message 16.1.7. Receipt of Reply message in response to a Release message
Upon receipt of a valid Reply message, the client can consider the Upon receipt of a valid Reply message, the client can consider the
Release event successful, and SHOULD return the successful status to Release event successful, and SHOULD return the successful status to
the application layer, if an application initiated the release. the application layer, if an application initiated the release.
14.3.9. Creation and sending of Decline messages 16.1.8. Creation and transmission of Decline messages
The client sets the "msg-type" field to DECLINE, and places the
link-local address of the interface associated with the configuration
information it wishes to decline in the "client-link-local-address"
field.
The client generates a transaction ID and places this value in the The client sets the "msg-type" field to DECLINE. The client generates
"transaction-ID" field. a transaction ID and places this value in the "transaction-ID" field.
The client places the IP address of the server that allocated the The client places the IP address of the server that allocated the
address(es) in the "server-address" field. address(es) in the "server-address" field.
The client adds a DUID option to identify itself to the server. The The client MUST include a DUID option to identify itself to the
client includes options containing the IAs it is declining in the server. The client includes options containing the IAs it is
"options" field. The addresses to be released MUST be included in declining in the "options" field. The addresses to be released
the IAs. The appropriate "status" field in the options MUST be set MUST be included in the IAs. The appropriate "status" field in the
to indicate the reason for declining the address. options MUST be set to indicate the reason for declining the address.
If the client is configured to use authentication, the client The client MUST NOT use any of the addresses in the IAs in the
generates the appropriate authentication option, and adds this option message as the source address in the Decline message or in any
to the "options" field. Note that the authentication option MUST be subsequently transmitted message.
the last option in the "options" field. See section 18.9 for more
details about the authentication option.
The client send the Decline message to the All DHCP Agents multicast If the client has a source address that can be used by the server
address. as a return address and the client has received a Client Unicast
option (section 20.11) from the server, the client SHOULD unicast the
Decline message to the server. Otherwise, the client MUST send the
Decline message to the All_DHCP_Agents multicast address. The client
MUST use an IPv6 address for the interface to which the IAs in the
Release message are assigned as the source address for the Decline
message.
14.3.10. Time out and retransmission of Decline Messages DISCUSSION:
If no Reply message is received within REP_MSG_TIMEOUT milliseconds, Use of multicast and relay agents enables the inclusion of
the client retransmits the Decline, doubles the REP_MSG_TIMEOUT relay agent options in all messages sent by the client. The
value, and waits again. The client continues this process until a server should enable the use of unicast only when relay
Reply is received or REL_MSG_ATTEMPTS unsuccessful attempts have agent options will not be used.
been made, at which time the client SHOULD abort the attempt to
decline the address. The client SHOULD return the abort status to
the application, if an application initiated the release.
Default and initial values for REP_MSG_TIMEOUT and REL_MSG_ATTEMPTS If the Decline message is multicast, it MUST be transmitted on the
are documented in section 7.5. link that the interface for which configuration information is being
obtained is attached to. The client SHOULD send the message through
that interface. The client MAY send the message through another
interface attached to the same link if and only if the client is
certain the the two interface are attached to the same link.
14.3.11. Receipt of Reply message in response to a Release message The client transmits the message according to section 13, using the
following parameters:
IRT DEC_TIMEOUT
MRT DEC_MAX_RT
MRC DEC_MAX_RC
MRD 0
The client MUST abandon the attempt to decline addresses if the
Decline message exchange fails.
16.1.9. Receipt of Reply message in response to a Decline message
Upon receipt of a valid Reply message, the client can consider the Upon receipt of a valid Reply message, the client can consider the
Release event successful, and SHOULD return the successful status to Decline event successful.
the application layer, if an application initiated the release.
14.4. Server Behavior 16.2. Server Behavior
For this discussion, the Server is assumed to have been configured in For this discussion, the Server is assumed to have been configured in
an implementation specific manner with configuration of interest to an implementation specific manner with configuration of interest to
clients. clients.
14.4.1. Receipt of Request messages 16.2.1. Receipt of Request messages
The server MAY choose to discard Request messages received via
unicast from a client to which the server has not sent a unicast
option.
Upon the receipt of a valid Request message from a client the server Upon the receipt of a valid Request message from a client the server
can respond to, (implementation-specific administrative policy can respond to, (implementation-specific administrative policy
satisfied) the server scans the options field. satisfied) the server scans the options field.
The server then constructs a Reply message and sends it to the The server then constructs a Reply message and sends it to the
client. client.
The server SHOULD process each option for the client in an The server SHOULD process each option for the client in an
implementation-specific manner. The server MUST construct a Reply implementation-specific manner. The server MUST construct a Reply
message containing the following values: message containing the following values:
msg-type REPLY msg-type REPLY
preference Enter the server's preference to transaction-ID The transaction-ID from the Request message.
provide services to the client.
transaction-ID Enter the transaction-ID from the
Request message.
client-link-local address Enter the client-link-local address
from the Request message.
server address Enter the IP address of the server. server address One of the IP addresses assigned to the interface
through which the server received the message
from the client.
When the server receives a Request and IA option is included the When the server receives a Request and IA option is included the
client is requesting the configuration of a new IA by the server. client is requesting the configuration of a new IA by the server.
The server MUST take the clients IA and associate a binding for that The server MUST take the IA from the client and associate a binding
client in an implementation-specific manner within the server's for that client in an implementation-specific manner within the
configuration parameter database for DHCP clients. configuration parameter database for DHCP clients managed by the
server.
If the server cannot provide addresses to the client it SHOULD send If the server finds that the prefix on one or more IP addresses in
back an empty IA to the client with the status field set to Unavail. any IA in the message fro the client is not a valid prefix for the
link to which the client is connected, the server MUST return the IA
to the client with the status field set to NoPrefixMatch.
If the server cannot provide addresses to the client it SHOULD
send back an empty IA to the client with the status field set to
AddrUnavail.
If the server can provide addresses to the client it MUST send back If the server can provide addresses to the client it MUST send back
the IA to the client with all fields entered and a status of Success, the IA to the client with all fields entered and a status of Success,
and add the IA as a new client binding. and add the IA as a new client binding.
The server adds options to the Reply message for any other The server adds options to the Reply message for any other
configuration information to be assigned to the client. configuration information to be assigned to the client.
14.4.2. Receipt of Confirm messages 16.2.2. Receipt of Confirm messages
Upon the receipt of a valid Confirm message from a client the server Upon the receipt of a valid Confirm message from a client the server
can respond to, (implementation-specific administrative policy can respond to, (implementation-specific administrative policy
satisfied) the server scans the options field. satisfied) the server scans the options field.
The server then constructs a Reply message and sends it to the The server then constructs a Reply message and sends it to the
client. client.
The server SHOULD process each option for the client in an The server SHOULD process each option for the client in an
implementation-specific manner. The server MUST construct a Reply implementation-specific manner. The server MUST construct a Reply
message containing the following values: message containing the following values:
msg-type REPLY msg-type REPLY
preference Enter the server's preference to transaction-ID The transaction-ID from the Confirm message.
provide services to the client.
transaction-ID Enter the transaction-ID from the server address One of the IP addresses assigned to the interface
Confirm message. through which the server received the message
from the client.
client-link-local address Enter the client-link-local address When the server receives a Confirm message, the client is requesting
from the Confirm message. confirmation that the configuration information it will use is valid.
The server SHOULD locate the binding for that client and compare the
information in the Confirm message from the client to the information
associated with that client.
server address Enter the server's address. If the server cannot determine if the information in the Confirm
message is valid or invalid, the server MUST NOT send a reply to the
client. For example, if the server does not have a binding for the
client, but the configuration information in the Confirm message
appears valid, the server does not reply.
When the server receives a Confirm and an IA option is included the If the server finds that the information for the client does not
client is requesting confirmation that the addresses in the IA are match what is in the binding for that client or the configuration
valid. The server SHOULD locate the clients binding and verify the information is not valid, the server sends a Reply message containing
information in the IA from the client matches the information stored a Status Code option with the value ConfNoMatch.
for that client.
If the server cannot find a client entry for this IA the server If the server finds that the information for the client does match
SHOULD return an empty IA with status set to NoBinding. the information in the binding for that client, and the configuration
information is still valid, the server sends a Reply message
containing a Status Code option with the value Success.
If the server finds that the information for the client does not The Reply message from the server MUST contain a Status Code option
match what is in the server's records for that client the server and MUST NOT include any other options.
should send back an empty IA with status set to Conf_NoMatch.
If the server finds a match to the Confirm then the server should 16.2.3. Receipt of Renew messages
send back the IA to the client with status set to success.
14.4.3. Receipt of Renew messages The server MAY choose to discard Renew messages received via unicast
from a client to which the server has not sent a unicast option.
Upon the receipt of a valid Renew message from a client the server Upon the receipt of a valid Renew message from a client the server
can respond to, (implementation-specific administrative policy can respond to, (implementation-specific administrative policy
satisfied) the server scans the options field. satisfied) the server scans the options field.
The server then constructs a Reply message and sends it to the The server then constructs a Reply message and sends it to the
client. client.
The server SHOULD process each option for the client in an The server SHOULD process each option for the client in an
implementation-specific manner. The server MUST construct a Reply implementation-specific manner. The server MUST construct a Reply
message containing the following values: message containing the following values:
msg-type REPLY msg-type REPLY
preference Enter the server's preference to transaction-ID The transaction-ID from the Confirm message.
provide services to the client.
transaction-ID Enter the transaction-ID from the
Confirm message.
client-link-local address Enter the client-link-local address
from the Confirm message.
server address Enter the server's address. server address One of the IP addresses assigned to the interface
through which the server received the message
from the client.
When the server receives a Renew and IA option from a client it When the server receives a Renew and IA option from a client it
SHOULD locate the clients binding and verify the information in the SHOULD locate the clients binding and verify the information in the
IA from the client matches the information stored for that client. IA from the client matches the information stored for that client.
If the server cannot find a client entry for this IA the server If the server cannot find a client entry for this IA the server
SHOULD return an empty IA with status set to NoBinding. SHOULD return an empty IA with status set to NoBinding.
If the server finds that the addresses in the IA for the client do If the server finds that the addresses in the IA for the client do
not match the clients binding the server should return an empty IA not match the clients binding the server should return an empty IA
with status set to Renw_NoMatch. with status set to RenwNoMatch.
If the server cannot Renew addresses for the client it SHOULD send If the server cannot Renew addresses for the client it SHOULD
back an empty IA to the client with the status field set to Unavail. send back an empty IA to the client with the status field set to
AddrUnavail.
If the server finds the addresses in the IA for the client then the If the server finds the addresses in the IA for the client then the
server SHOULD send back the IA to the client with new lease times server SHOULD send back the IA to the client with new lease times
and T1/T2 times if the default is not being used, and set status to and T1/T2 times if the default is not being used, and set status to
Success. Success.
14.4.4. Receipt of Rebind messages 16.2.4. Receipt of Rebind messages
Upon the receipt of a valid Rebind message from a client the server Upon the receipt of a valid Rebind message from a client the server
can respond to, (implementation-specific administrative policy can respond to, (implementation-specific administrative policy
satisfied) the server scans the options field. satisfied) the server scans the options field.
The server then constructs a Reply message and sends it to the The server then constructs a Reply message and sends it to the
client. client.
The server SHOULD process each option for the client in an The server SHOULD process each option for the client in an
implementation-specific manner. The server MUST construct a Reply implementation-specific manner. The server MUST construct a Reply
message containing the following values: message containing the following values:
msg-type REPLY msg-type REPLY
preference Enter the server's preference to transaction-ID The transaction-ID from the Confirm message.
provide services to the client.
transaction-ID Enter the transaction-ID from the
Confirm message.
client-link-local address Enter the client-link-local address
from the Confirm message.
server address Enter the server's address. server address One of the IP addresses assigned to the interface
through which the server received the message
from the client.
When the server receives a Rebind and IA option from a client it When the server receives a Rebind and IA option from a client it
SHOULD locate the clients binding and verify the information in the SHOULD locate the clients binding and verify the information in the
IA from the client matches the information stored for that client. IA from the client matches the information stored for that client.
If the server cannot find a client entry for this IA the server If the server cannot find a client entry for this IA the server
SHOULD return an empty IA with status set to NoBinding. SHOULD return an empty IA with status set to NoBinding.
If the server finds that the addresses in the IA for the client do If the server finds that the addresses in the IA for the client do
not match the clients binding the server should return an empty IA not match the clients binding the server should return an empty IA
with status set to Rebd_NoMatch. with status set to RebdNoMatch.
If the server cannot Rebind addresses for the client it SHOULD send If the server cannot Rebind addresses for the client it SHOULD
back an empty IA to the client with the status field set to Unavail. send back an empty IA to the client with the status field set to
AddrUnavail.
If the server finds the addresses in the IA for the client then the If the server finds the addresses in the IA for the client then the
server SHOULD send back the IA to the client with new lease times server SHOULD send back the IA to the client with new lease times
and T1/T2 times if the default is not being used, and set status to and T1/T2 times if the default is not being used, and set status to
Success. Success.
DISCUSSION: There is a significant difference between Renew and Rebind messages:
Because the Renew message is processed by a single server, the
responding server can actually change the addresses in the IA.
However, because multiple servers may respond to a Rebind, all they
can safely do is update T1, T2 (for the IA) and lifetimes (for
individual addresses).
There is a significant difference between Renew and Rebind 16.2.5. Receipt of Release messages
messages: Because the Rebind message is processed by a
single server, the respnding server can actually change the
addresses in the IA. However, because multiple servers may
repsond to a Rebind, all they can safely do is update T1, T2
(for the IA) and lifetimes (for individual addresses).
14.4.5. Receipt of Release messages The server MAY choose to discard Release messages received via
unicast from a client to which the server has not sent a unicast
option.
Upon the receipt of a valid Release message, the server examines the Upon the receipt of a valid Release message, the server examines the
IAs and the addresses in the IAs for validity. If the IAs in the IAs and the addresses in the IAs for validity. If the IAs in the
message are in a binding for the client and the addresses in the IAs message are in a binding for the client and the addresses in the IAs
have been assigned by the server to those IA, the server deletes have been assigned by the server to those IAs, the server deletes
the addresses from the IAs and makes the addresses available for the addresses from the IAs and makes the addresses available for
assignment to other clients. assignment to other clients.
The server then generates a Reply message. If all of the IAs were The server then generates a Reply message. If all of the IAs were
valid and the addresses successfully released,, the server sets the valid and the addresses successfully released, the server includes
"status" field to "Success". If any of the IAs were invalid or if a Status Code option with value Success. If any of the IAs were
any of the addresses were not successfully released, the server invalid or if any of the addresses were not successfully released,
releases none of the addresses in the message and sets the "status" the server leaves all of the IAs in the message unchanged (the server
field to "NoBinding"(section 7.4). releases none of the addresses in any of the IAs in the message) and
includes a Status Code option with value NoBinding. The server MUST
If the client successfully releases some but not all of the addresses NOT include any other options in the Reply message.
in an IA, the IA continues to exist and holds the remaining,
unreleased addresses.
A client can send an option containing an IA with no listed addresses A client can send an option containing an IA with no listed addresses
to release implicitly all of the addresses in the IA. to release implicitly all of the addresses in the IA.
A server is not required to (but may choose to as an implementation A server is not required to (but may choose to as an implementation
strategy) retain any record of an IA from which all of the addresses strategy) retain any record of an IA from which all of the addresses
have been released. have been released.
14.4.6. Sending of Reply messages 16.2.6. Receipt of Decline messages
If the Request, Confirm, Renew, Rebind or Release message from The server MAY choose to discard Decline messages received via
the client was originally received by the server, the server unicast from a client to which the server has not sent a unicast
unicasts the Reply message to the link-local address in the option.
"client-link-local-address" field.
If the message was originally received in a Forward-request or Upon the receipt of a valid Decline message, the server examines the
Forward-release message from a relay, the server places the Reply IAs and the addresses in the IAs for validity. If the IAs in the
message in the options field of a Response-reply message and unicasts message are in a binding for the client and the addresses in the IAs
the message to the relay's address from the original message. have been assigned by the server to those IA, the server deletes
the addresses from the IAs. The server SHOULD mark the addresses
declined by the client so that those addresses are not assigned to
other clients, and MAY choose to make a notification that addresses
were declined.
15. DHCP Server-Initiated Configuration Exchange The server then generates a Reply message. If all of the IAs were
valid and the addresses successfully declined,, the server includes
a Status Code option with value Success. If any of the IAs were
invalid or if any of the addresses were not successfully declined,
the server leaves all of the IAs in the message unchanged (the server
releases none of the addresses in any of the IAs in the message) and
includes a Status Code option with value NoBinding. The server MUST
NOT include any other options in the Reply message.
A server initiates a configuration exchange to force DHCP clients A client can send an option containing an IA with no listed addresses
to decline implicitly all of the addresses in the IA.
16.2.7. Sending of Reply messages
If the Request, Confirm, Renew, Rebind, Release or Decline message
from the client was originally received in a Relay-forward message
from a relay, the server places the Reply message in the options
field of a Relay-response message and copies the link-prefix and
client-return-address fields from the Relay-forward message into the
Relay-response message.
The server then unicasts the Reply or Relay-reply to the source
address from the IP datagram in which the original message was
received.
17. DHCP Server-Initiated Configuration Exchange
A server initiates a configuration exchange to cause DHCP clients
to obtain new addresses and other configuration information. For to obtain new addresses and other configuration information. For
example, an administrator may use a server-initiated configuration example, an administrator may use a server-initiated configuration
exchange when links in the DHCP domain are to be renumbered. Other exchange when links in the DHCP domain are to be renumbered. Other
examples include changes in the location of directory servers, examples include changes in the location of directory servers,
addition of new services such as printing, and availability of new addition of new services such as printing, and availability of new
software (system or application). software (system or application).
15.1. Reconfigure-init Message Validation 17.1. Server Behavior
Agents MUST silently discard any received Reconfigure-init messages.
Clients MUST discard any Reconfigure-init messages that do
not contain an authentication option or that fail the client's
authentication check.
15.2. Server Behavior
A server sends a Reconfigure-init message to cause a client to A server sends a Reconfigure-init message to cause a client to
initiate immediately a Request/Reply message exchange with the initiate immediately a Request/Reply message exchange with the
server. server.
15.2.1. Creation and sending of Reconfigure-init messages 17.1.1. Creation and transmission of Reconfigure-init messages
The server sets the "msg-type" field to RECONFIG-INIT. The server The server sets the "msg-type" field to RECONFIG-INIT. The server
generates a transaction-ID and inserts it in the "transaction-ID" generates a transaction-ID and inserts it in the "transaction-ID"
field. The server places its address (of appropriate scope) in the field. The server places its address (of appropriate scope) in the
"server-address" field. "server-address" field.
The server MAY include an ORO option to inform the client of what The server MAY include an ORO option to inform the client of what
information has been changed or new information that has been added. information has been changed or new information that has been added.
In particular, the server specifies the IA option in the ORO if the In particular, the server specifies the IA option in the ORO if the
server wants the client to obtain new address information. server wants the client to obtain new address information.
The server MUST include an authentication option with the appropriate The server MUST include an authentication option with the appropriate
settings and add that option as the last option in the "options" settings and add that option as the last option in the "options"
field of the Reconfigure-init message. field of the Reconfigure-init message.
The server MUST NOT include any other options in the Reconfigure-init The server MUST NOT include any other options in the Reconfigure-init
except as specifically allowed in the definition of individual except as specifically allowed in the definition of individual
options. options.
skipping to change at page 37, line 18 skipping to change at page 42, line 16
server wants the client to obtain new address information. server wants the client to obtain new address information.
The server MUST include an authentication option with the appropriate The server MUST include an authentication option with the appropriate
settings and add that option as the last option in the "options" settings and add that option as the last option in the "options"
field of the Reconfigure-init message. field of the Reconfigure-init message.
The server MUST NOT include any other options in the Reconfigure-init The server MUST NOT include any other options in the Reconfigure-init
except as specifically allowed in the definition of individual except as specifically allowed in the definition of individual
options. options.
The server unicasts the Reconfigure-init message to one client. The A server sends each Reconfigure-init message to a single DHCP client,
server may unicast Reconfigure-init messages to more than one client using an IPv6 unicast address of sufficient scope belonging to the
concurrently; for example, to reliably reconfigure all known clients, DHCP client. The server may obtain the address of the client through
the server will unicast a Reconfigure-init message to each client. the information that the server has about clients that have been in
contact with the server, or the server may be configured with the
address of the client through some external agent.
After the server sends the Reconfigure-init message, it waits for a To reconfigure more than one client, the server unicasts a separate
Request message from those clients confirming that each client has message to each client. The server may initiate the reconfiguration
received the Reconfigure-init and are thus initiating a Request/Reply of multiple clients concurrently; for example, a server may send
transaction with the server. a Reconfigure-init message to additional clients while previous
reconfiguration message exchanges are still in progress.
15.2.2. Time out and retransmission of Reconfigure-init messages The Reconfigure-init message causes the client to initiate a
Request/Reply message exchange with the server. The server
interprets the receipt of a Request message from the client as
satisfying the Reconfigure-init message request.
17.1.2. Time out and retransmission of Reconfigure-init messages
If the server does not receive a Request message from the client If the server does not receive a Request message from the client
in RECREP_MSG_TIMEOUT milliseconds, the server retransmits in RECREP_MSG_TIMEOUT milliseconds, the server retransmits
the Reconfigure-init message, doubles the RECREP_MSG_TIMEOUT the Reconfigure-init message, doubles the RECREP_MSG_TIMEOUT
value and waits again. The server continues this process until value and waits again. The server continues this process until
REC_MSG_ATTEMPTS unsuccessful attempts have been made, at which point REC_MSG_ATTEMPTS unsuccessful attempts have been made, at which point
the server SHOULD abort the reconfigure process. the server SHOULD abort the reconfigure process for that client.
Default and initial values for RECREP_MSG_TIMEOUT and Default and initial values for RECREP_MSG_TIMEOUT and
REC_MSG_ATTEMPTS are documented in section 7.5. REC_MSG_ATTEMPTS are documented in section 7.5.
15.2.3. Receipt of Request messages 17.1.3. Receipt of Request messages
The server generates and sends Reply message(s) to the client as The server generates and sends Reply message(s) to the client as
described in section 14.4.6, including in the "options" field new described in section 16.2.7, including in the "options" field new
values for configuration parameters. values for configuration parameters.
It is possible that the client may send a Request message after the It is possible that the client may send a Request message after the
server has sent a Reconfigure-init but before the Reconfigure-init is server has sent a Reconfigure-init but before the Reconfigure-init
received by the client. In this case, the client's Request message is received by the client. In this case, the Request message from
may not include all of the IAs and requests for parameters to be the client may not include all of the IAs and requests for parameters
reconfigured by the server. To accommodate this scenario, the server to be reconfigured by the server. To accommodate this scenario, the
MAY choose to send a Reply with the IAs and other parameters to server MAY choose to send a Reply with the IAs and other parameters
be reconfigured, even if those IAs and parameters were not in the to be reconfigured, even if those IAs and parameters were not in the
Request message from the client. Request message from the client.
15.3. Client Behavior 17.2. Client Behavior
A client MUST always monitor UDP port 546 for Reconfigure-init A client MUST always monitor UDP port 546 for Reconfigure-init
messages on interfaces upon which it has acquired DHCP parameters. messages on interfaces upon which it has acquired DHCP parameters.
Since the results of a reconfiguration event may affect application Since the results of a reconfiguration event may affect application
layer programs, the client SHOULD log these events, and MAY notify layer programs, the client SHOULD log these events, and MAY notify
these programs of the change through an implementation-specific these programs of the change through an implementation-specific
interface. interface.
15.3.1. Receipt of Reconfigure-init messages 17.2.1. Receipt of Reconfigure-init messages
Upon receipt of a valid Reconfigure-init message, the client Upon receipt of a valid Reconfigure-init message, the client
initiates a Request/Reply transaction with the server. While initiates a Request/Reply transaction with the server. While
the Request/Reply transaction is in progress, the client silently the Request/Reply transaction is in progress, the client silently
discards any Reconfigure-init messages it receives. discards any Reconfigure-init messages it receives.
DISCUSSION: DISCUSSION:
The Reconfigure-init message acts as a trigger that signals The Reconfigure-init message acts as a trigger that signals
the client to complete a successful Request/Reply message the client to complete a successful Request/Reply message
exchange. Once the client has received a Recongfigure-init, exchange. Once the client has received a Reconfigure-init,
the client proceeds with the Request/Reply message the client proceeds with the Request/Reply message
exchange (retransmitting the Request if necessary); the exchange (retransmitting the Request if necessary); the
client ignores any additional Reconfigure-init messages client ignores any additional Reconfigure-init messages
(regardless of the transaction ID in the Reconfigure-init (regardless of the transaction ID in the Reconfigure-init
message) until the Request/Reply exchange is complete. message) until the Request/Reply exchange is complete.
Subsequent Reconfigure-init messages (again independent Subsequent Reconfigure-init messages (again independent
of the transaction ID) cause the client to initiate a new of the transaction ID) cause the client to initiate a new
Request/Reply exchange. Request/Reply exchange.
How does this mechanism work in the face of duplicated How does this mechanism work in the face of duplicated
or retransmitted Reconfigure-init messages? Duplicate or retransmitted Reconfigure-init messages? Duplicate
messages will be ignored because the client will begin messages will be ignored because the client will begin
the Request/Reply exchange after the receipt of the the Request/Reply exchange after the receipt of the
first Reconfigure-init. Retransmitted messages will first Reconfigure-init. Retransmitted messages will
either trigger the Request/Reply exchange (if the first either trigger the Request/Reply exchange (if the first
Reconfigure-init was not received by the client) or will Reconfigure-init was not received by the client) or will
be ignored. The server can discontinue retransmission of be ignored. The server can discontinue retransmission of
Reconfigure-init messages to the client once the server Reconfigure-init messages to the client once the server
receives the client's Request. receives the Request from the client.
It might be possible for a duplicate or retransmitted It might be possible for a duplicate or retransmitted
Reconfigure-init to be sufficiently delayed (and Reconfigure-init to be sufficiently delayed (and
delivered out of order) to arrive at the client after delivered out of order) to arrive at the client after
the Request/Reply exchange (initiated by the original the Request/Reply exchange (initiated by the original
Reconfigure-init) has been completed. In this case, the Reconfigure-init) has been completed. In this case, the
client would initiate a redundant Request/Reply exchange. client would initiate a redundant Request/Reply exchange.
The likelihood of delayed and out of order delivery is small The likelihood of delayed and out of order delivery is small
enough to be ignored. The consequence of the redundant enough to be ignored. The consequence of the redundant
exchange is inefficiency rather than incorrect operation. exchange is inefficiency rather than incorrect operation.
15.3.2. Creation and sending of Request messages 17.2.2. Creation and sending of Request messages
When responding to a Reconfigure-init, the client creates and When responding to a Reconfigure-init, the client creates and
sends the Request message in exactly the same manner as outlined in sends the Request message in exactly the same manner as outlined in
section 14.3.1 with the following difference: section 16.1.1 with the following difference:
IAs The client includes IA options containing the addresses the IAs The client includes IA options containing the addresses the
client currently has assigned to those IAs for the interface client currently has assigned to those IAs for the interface
through which the Reconfigure-init message was received. through which the Reconfigure-init message was received.
15.3.3. Time out and retransmission of Request messages 17.2.3. Time out and retransmission of Request messages
The client uses the same variables and retransmission algorithm as it The client uses the same variables and retransmission algorithm as it
does with Request messages generated as part of a client-initiated does with Request messages generated as part of a client-initiated
configuration exchange. See section 14.3.1 for details. configuration exchange. See section 16.1.1 for details.
15.3.4. Receipt of Reply messages 17.2.4. Receipt of Reply messages
Upon the receipt of a valid Reply message, the client extracts the Upon the receipt of a valid Reply message, the client extracts the
contents of the "options" field, and sets (or resets) configuration contents of the "options" field, and sets (or resets) configuration
parameters appropriately. The client records and updates the parameters appropriately. The client records and updates the
lifetimes for any addresses specified in IAs in the Reply message. lifetimes for any addresses specified in IAs in the Reply message.
If the configuration parameters changed were requested by the If the configuration parameters changed were requested by the
application layer, the client notifies the application layer of the application layer, the client notifies the application layer of the
changes using an implementation-specific interface. changes using an implementation-specific interface.
As discussed in section 15.2.3, the Reply from the server may include As discussed in section 17.1.3, the Reply from the server may include
IAs and parameters that were not included in the Request message from IAs and parameters that were not included in the Request message from
the client. The client MUST configure itself with all of the IAs and the client. The client MUST configure itself with all of the IAs and
parameters in the Reply from the server. parameters in the Reply from the server.
16. Relay Behavior 18. Relay Behavior
For this discussion, the Relay may be configured to use a list of For this discussion, the Relay may be configured to use a list of
server destination addresses, which may include unicast addresses, server destination addresses, which may include unicast addresses,
the All DHCP Servers multicast address, or other multicast addresses the All_DHCP_Servers multicast address, or other multicast addresses
selected by the network administrator. If the Relay has not been selected by the network administrator. If the Relay has not been
explicitly configured, it will use the All DHCP Servers multicast explicitly configured, it MUST use the All_DHCP_Servers multicast
address as the default. address as the default.
16.1. Relaying of client messages 18.1. Relaying of client messages
When a Relay receives a valid client message, it constructs When a Relay receives a valid client message, it constructs a
a Relay-forward message. The relay places an address from Relay-forward message. The relay places an address with a prefix
the interface on which the client message was received in the assigned to the link on which the client should be assigned an
"relay-address" field and the prefix length for that address in the address in the link-prefix field. This address will be used by the
"prefix-length" field. This address will be used by the server to server to determine the link from which the client should be assigned
identify the link to which the client is connected and will be used an address and other configuration information.
by the relay to forward the Advertise message from the server back to
the client.
The relay constructs a "client-message" option 18.5 that contains If the relay cannot use the address in the link-prefix field to
identify the interface through which the response to the client
will be forwarded, the relay MUST include a circuit-id option (see
section 20.15)in the Relay-forward message. The server will include
the circuit-id option in its Relay-reply message.
The relay copies the source address from the IP datagram in which the
message was received from the client into the client-return-address
field in the Relay-forward message.
The relay constructs a "client-message" option 20.7 that contains
the entire message from the client in the data field of the the entire message from the client in the data field of the
option. The relay places the "relay-message" option along with any option. The relay places the "relay-message" option along with any
"relay-specific" options in the options field of the Relay-forward "relay-specific" options in the options field of the Relay-forward
message. The Relay then sends the Relay-forward message to the list message. The Relay then sends the Relay-forward message to the list
of server destination addresses that it has been configured with. of server destination addresses that it has been configured with.
16.2. Relaying of server messages 18.2. Relaying of server messages
When the relay receives a Relay-reply message, it extracts the server When the relay receives a Relay-reply message, it extracts the server
message from the "server-message" option and forwards the message message from the "server-message" option. If the Relay-reply message
to the address in the client-link-local-address field in the server includes a circuit-id option, the relay forwards the message from the
message. The relay forwards the server message through the interface server to the client on the link identified by the circuit-id option.
identified in the "relay-address" field in the Relay-reply message. Otherwise, the relay forwards the message on the link identified
by the link-prefix option. In either case, the relay forwards the
message to the address in the client-return-address field in the
Relay-reply message.
17. Authentication of DHCP messages 19. Authentication of DHCP messages
Some network administrators may wish to provide authentication of Some network administrators may wish to provide authentication of
the source and contents of DHCP messages. For example, clients may the source and contents of DHCP messages. For example, clients may
be subject to denial of service attacks through the use of bogus be subject to denial of service attacks through the use of bogus
DHCP servers, or may simply be misconfigured due to unintentionally DHCP servers, or may simply be misconfigured due to unintentionally
instantiated DHCP servers. Network administrators may wish to instantiated DHCP servers. Network administrators may wish to
constrain the allocation of addresses to authorized hosts to avoid constrain the allocation of addresses to authorized hosts to avoid
denial of service attacks in "hostile" environments where the network denial of service attacks in "hostile" environments where the network
medium is not physically secured, such as wireless networks or medium is not physically secured, such as wireless networks or
college residence halls. college residence halls.
Because of the risk of denial of service attacks against DHCP Because of the risk of denial of service attacks against DHCP
clients, the use of authentication is mandated in Reconfigure-init clients, the use of authentication is mandated in Reconfigure-init
messages. A DHCP server MUST include an authentication option in messages. A DHCP server MUST include an authentication option in
Reconfigure-init messages sent to clients. Reconfigure-init messages sent to clients.
The DHCP authentication mechanism is based on the design of The DHCP authentication mechanism is based on the design of
authentication for DHCP for IPv4 [8]. authentication for DHCP for IPv4 [8].
17.1. DHCP threat model 19.1. DHCP threat model
The threat to DHCP is inherently an insider threat (assuming a The threat to DHCP is inherently an insider threat (assuming a
properly configured network where DHCPv6 ports are blocked on properly configured network where DHCPv6 ports are blocked on the
the enterprise's perimeter gateways.) Regardless of the gateway perimeter gateways of the enterprise). Regardless of the gateway
configuration, however, the potential attacks by insiders and configuration, however, the potential attacks by insiders and
outsiders are the same. outsiders are the same.
The attack specific to a DHCP client is the possibility of the The attack specific to a DHCP client is the possibility of the
establishment of a "rogue" server with the intent of providing establishment of a "rogue" server with the intent of providing
incorrect configuration information to the client. The motivation incorrect configuration information to the client. The motivation
for doing so may be to establish a "man in the middle" attack or it for doing so may be to establish a "man in the middle" attack or it
may be for a "denial of service" attack. may be for a "denial of service" attack.
There is another threat to DHCP clients from mistakenly or There is another threat to DHCP clients from mistakenly or
skipping to change at page 41, line 23 skipping to change at page 46, line 40
"theft of service", or to circumvent auditing for any number of "theft of service", or to circumvent auditing for any number of
nefarious purposes. nefarious purposes.
The threat common to both the client and the server is the resource The threat common to both the client and the server is the resource
"denial of service" (DoS) attack. These attacks typically involve "denial of service" (DoS) attack. These attacks typically involve
the exhaustion of valid addresses, or the exhaustion of CPU or the exhaustion of valid addresses, or the exhaustion of CPU or
network bandwidth, and are present anytime there is a shared network bandwidth, and are present anytime there is a shared
resource. In current practice, redundancy mitigates DoS attacks the resource. In current practice, redundancy mitigates DoS attacks the
best. best.
17.2. Summary of DHCP authentication 19.2. Security of messages sent between servers and relay agents
Relay agents and servers that choose to exchange messages securely
use the IPsec mechanisms for IPv6 [10]. The way in which IPsec
is employed by relay agents and servers is not specified in this
document.
19.3. Summary of DHCP authentication
Authentication of DHCP messages is accomplished through the use of Authentication of DHCP messages is accomplished through the use of
the Authentication option. The authentication information carried the Authentication option. The authentication information carried
in the Authentication option can be used to reliably identify the in the Authentication option can be used to reliably identify the
source of a DHCP message and to confirm that the contents of the DHCP source of a DHCP message and to confirm that the contents of the DHCP
message have not been tampered with. message have not been tampered with.
The Authentication option provides a framework for multiple The Authentication option provides a framework for multiple
authentication protocols. Two such protocols are defined here. authentication protocols. Two such protocols are defined here.
Other protocols defined in the future will be specified in separate Other protocols defined in the future will be specified in separate
skipping to change at page 41, line 45 skipping to change at page 47, line 19
The protocol field in the Authentication option identifies the The protocol field in the Authentication option identifies the
specific protocol used to generate the authentication information specific protocol used to generate the authentication information
carried in the option. The algorithm field identifies a specific carried in the option. The algorithm field identifies a specific
algorithm within the authentication protocol; for example, the algorithm within the authentication protocol; for example, the
algorithm field specifies the hash algorithm used to generate the algorithm field specifies the hash algorithm used to generate the
message authentication code (MAC) in the authentication option. The message authentication code (MAC) in the authentication option. The
replay detection method (RDM) field specifies the type of replay replay detection method (RDM) field specifies the type of replay
detection used in the replay detection field. detection used in the replay detection field.
17.3. Replay detection 19.4. Replay detection
The Replay Detection Method (RDM) field determines the type of replay The Replay Detection Method (RDM) field determines the type of replay
detection used in the Replay Detection field. detection used in the Replay Detection field.
If the RDM field contains 0x00, the replay detection field MUST be If the RDM field contains 0x00, the replay detection field MUST be
set to the value of a monotonically increasing counter. Using a set to the value of a monotonically increasing counter. Using a
counter value such as the current time of day (e.g., an NTP-format counter value such as the current time of day (e.g., an NTP-format
timestamp [12]) can reduce the danger of replay attacks. This method timestamp [12]) can reduce the danger of replay attacks. This method
MUST be supported by all protocols. MUST be supported by all protocols.
17.4. Configuration token protocol 19.5. Configuration token protocol
If the protocol field is 0, the authentication information field If the protocol field is 0, the authentication information field
holds a simple configuration token. The configuration token is an holds a simple configuration token. The configuration token is an
opaque, unencoded value known to both the sender and receiver. The opaque, unencoded value known to both the sender and receiver. The
sender inserts the configuration token in the DHCP message and the sender inserts the configuration token in the DHCP message and the
receiver matches the token from the message to the shared token. If receiver matches the token from the message to the shared token. If
the configuration option is present and the token from the message the configuration option is present and the token from the message
does not match the shared token, the receiver MUST discard the does not match the shared token, the receiver MUST discard the
message. message.
skipping to change at page 42, line 29 skipping to change at page 48, line 5
protection against inadvertently instantiated DHCP servers. protection against inadvertently instantiated DHCP servers.
DISCUSSION: DISCUSSION:
The intent here is to pass a constant, non-computed token The intent here is to pass a constant, non-computed token
such as a plain-text password. Other types of entity such as a plain-text password. Other types of entity
authentication using computed tokens such as Kerberos authentication using computed tokens such as Kerberos
tickets or one-time passwords will be defined as separate tickets or one-time passwords will be defined as separate
protocols. protocols.
17.5. Delayed authentication protocol 19.6. Delayed authentication protocol
If the protocol field is 1, the message is using the "delayed If the protocol field is 1, the message is using the "delayed
authentication" mechanism. In delayed authentication, the client authentication" mechanism. In delayed authentication, the client
requests authentication in its Solicit message and the server replies requests authentication in its Solicit message and the server replies
with an Advertise message that includes authentication information. with an Advertise message that includes authentication information.
This authentication information contains a nonce value generated by This authentication information contains a nonce value generated by
the source as a message authentication code (MAC) to provide message the source as a message authentication code (MAC) to provide message
authentication and entity authentication. authentication and entity authentication.
The use of a particular technique based on the HMAC protocol [10] The use of a particular technique based on the HMAC protocol [11]
using the MD5 hash [19] is defined here. using the MD5 hash [19] is defined here.
17.5.1. Management issues in the delayed authentication protocol 19.6.1. Management issues in the delayed authentication protocol
The "delayed authentication" protocol does not attempt to address The "delayed authentication" protocol does not attempt to address
situations where a client may roam from one administrative domain situations where a client may roam from one administrative domain
to another, i.e. interdomain roaming. This protocol is focused on to another, i.e. interdomain roaming. This protocol is focused on
solving the intradomain problem where the out-of-band exchange of a solving the intradomain problem where the out-of-band exchange of a
shared secret is feasible. shared secret is feasible.
17.5.2. Use of the Authentication option in the delayed authentication 19.6.2. Use of the Authentication option in the delayed authentication
protocol protocol
In a Solicit message, the Authentication option carries the Protocol, In a Solicit message, the Authentication option carries the Protocol,
Algorithm, RDM and Replay detection fields, but no Authentication Algorithm, RDM and Replay detection fields, but no Authentication
information. information.
In an Advertise, Request, Renew, Rebind or Confirm message, the In an Advertise, Request, Renew, Rebind or Confirm message, the
Authentication option carries the Protocol, Algorithm, RDM and Replay Authentication option carries the Protocol, Algorithm, RDM and Replay
detection fields and Authentication information. The format of the detection fields and Authentication information. The format of the
Authentication information is: Authentication information is:
skipping to change at page 43, line 39 skipping to change at page 49, line 9
authentication information for delayed authentication, algorithm 1: authentication information for delayed authentication, algorithm 1:
Replay Detection - as defined by the RDM field Replay Detection - as defined by the RDM field
K - a secret value shared between the source and K - a secret value shared between the source and
destination of the message; each secret has a destination of the message; each secret has a
unique identifier (secret ID) unique identifier (secret ID)
secret ID - the unique identifier for the secret value secret ID - the unique identifier for the secret value
used to generate the MAC for this message used to generate the MAC for this message
HMAC-MD5 - the MAC generating function. HMAC-MD5 - the MAC generating function.
The sender computes the MAC using the HMAC generation algorithm [10] The sender computes the MAC using the HMAC generation algorithm [11]
and the MD5 hash function [19]. The entire DHCP message (except and the MD5 hash function [19]. The entire DHCP message (except
as noted below), including the DHCP message header and the options the MAC field of the authentication option itself), including the
field, is used as input to the HMAC-MD5 computation function. The DHCP message header and the options field, is used as input to the
'secret ID' field MUST be set to the identifier of the secret used to HMAC-MD5 computation function. The 'secret ID' field MUST be set to
generate the MAC. the identifier of the secret used to generate the MAC.
DISCUSSION: DISCUSSION:
Algorithm 1 specifies the use of HMAC-MD5. Use of a Algorithm 1 specifies the use of HMAC-MD5. Use of a
different technique, such as HMAC-SHA, will be specified as different technique, such as HMAC-SHA, will be specified as
a separate protocol. a separate protocol.
Delayed authentication requires a shared secret key for each Delayed authentication requires a shared secret key for each
client on each DHCP server with which that client may wish client on each DHCP server with which that client may wish
to use the DHCP protocol. Each secret key has a unique to use the DHCP protocol. Each secret key has a unique
identifier that can be used by a receiver to determine which identifier that can be used by a receiver to determine which
secret was used to generate the MAC in the DHCP message. secret was used to generate the MAC in the DHCP message.
Therefore, delayed authentication may not scale well in an Therefore, delayed authentication may not scale well in an
architecture in which a DHCP client connects to multiple architecture in which a DHCP client connects to multiple
administrative domains. administrative domains.
17.5.3. Message validation 19.6.3. Message validation
To validate an incoming message, the receiver first checks that To validate an incoming message, the receiver first checks that
the value in the replay detection field is acceptable according the value in the replay detection field is acceptable according
to the replay detection method specified by the RDM field. Next, to the replay detection method specified by the RDM field. Next,
the receiver computes the MAC as described in [10]. The receiver the receiver computes the MAC as described in [11]. The receiver
MUST set the 'MAC' field of the authentication option to all 0s for MUST set the 'MAC' field of the authentication option to all 0s for
computation of the MAC, and because a DHCP relay agent may alter
the values of the 'giaddr' and 'hops' fields in the DHCP message,
the contents of those two fields MUST also be set to zero for the
computation of the MAC. If the MAC computed by the receiver does not computation of the MAC. If the MAC computed by the receiver does not
match the MAC contained in the authentication option, the receiver match the MAC contained in the authentication option, the receiver
MUST discard the DHCP message. MUST discard the DHCP message.
17.5.4. Key utilization 19.6.4. Key utilization
Each DHCP client has a key, K. The client uses its key to encode Each DHCP client has a key, K. The client uses its key to encode
any messages it sends to the server and to authenticate and verify any messages it sends to the server and to authenticate and verify
any messages it receives from the server. The client's key SHOULD any messages it receives from the server. The client's key SHOULD
be initially distributed to the client through some out-of-band be initially distributed to the client through some out-of-band
mechanism, and SHOULD be stored locally on the client for use in all mechanism, and SHOULD be stored locally on the client for use in all
authenticated DHCP messages. Once the client has been given its key, authenticated DHCP messages. Once the client has been given its key,
it SHOULD use that key for all transactions even if the client's it SHOULD use that key for all transactions even if the client's
configuration changes; e.g., if the client is assigned a new network configuration changes; e.g., if the client is assigned a new network
address. address.
Each DHCP server MUST know, or be able to obtain in a secure manner, Each DHCP server MUST know, or be able to obtain in a secure manner,
the keys for all authorized clients. If all clients use the same the keys for all authorized clients. If all clients use the same
key, clients can perform both entity and message authentication for key, clients can perform both entity and message authentication for
all messages received from servers. However, the sharing of keys all messages received from servers. However, the sharing of keys
is strongly discouraged as it allows for unauthorized clients to is strongly discouraged as it allows for unauthorized clients to
masquerade as authorized clients by obtaining a copy of the shared masquerade as authorized clients by obtaining a copy of the shared
key. To authenticate the identity of individual clients, each client key. To authenticate the identity of individual clients, each client
MUST be configured with a unique key. MUST be configured with a unique key.
17.5.5. Client considerations for delayed authentication protocol 19.6.5. Client considerations for delayed authentication protocol
17.5.5.1. Sending Solicit messages 19.6.5.1. Sending Solicit messages
When the client sends a Solicit message and wishes to use When the client sends a Solicit message and wishes to use
authentication, it includes an Authentication option with the desired authentication, it includes an Authentication option with the desired
protocol, algorithm, RDM and replay detection field as described protocol, algorithm, RDM and replay detection field as described
in section 17.5. The client does not include any authentication in section 19.6. The client does not include any authentication
information in the Authentication option. information in the Authentication option.
17.5.6. Receiving Advertise messages 19.6.5.2. Receiving Advertise messages
The client validates any Advertise messages containing an The client validates any Advertise messages containing an
Authentication option specifying the delayed authentication protocol Authentication option specifying the delayed authentication protocol
using the validation test described in section 17.5.3. using the validation test described in section 19.6.3.
Client behavior if no Advertise messages include authentication Client behavior if no Advertise messages include authentication
information or pass the validation test is controlled by local policy information or pass the validation test is controlled by local policy
on the client. According to client policy, the client MAY choose to on the client. According to client policy, the client MAY choose to
respond to a Advertise message that has not been authenticated. respond to a Advertise message that has not been authenticated.
The decision to set local policy to accept unauthenticated messages The decision to set local policy to accept unauthenticated messages
should be made with care. Accepting an unauthenticated Advertise should be made with care. Accepting an unauthenticated Advertise
message can make the client vulnerable to spoofing and other message can make the client vulnerable to spoofing and other
attacks. If local users are not explicitly informed that the client attacks. If local users are not explicitly informed that the client
skipping to change at page 45, line 34 skipping to change at page 51, line 5
A client MUST be configurable to discard unauthenticated messages, A client MUST be configurable to discard unauthenticated messages,
and SHOULD be configured by default to discard unauthenticated and SHOULD be configured by default to discard unauthenticated
messages. A client MAY choose to differentiate between Advertise messages. A client MAY choose to differentiate between Advertise
messages with no authentication information and Advertise messages messages with no authentication information and Advertise messages
that do not pass the validation test; for example, a client might that do not pass the validation test; for example, a client might
accept the former and discard the latter. If a client does accept an accept the former and discard the latter. If a client does accept an
unauthenticated message, the client SHOULD inform any local users and unauthenticated message, the client SHOULD inform any local users and
SHOULD log the event. SHOULD log the event.
17.5.6.1. Sending Request, Confirm, Renew, Rebind or Release messages 19.6.5.3. Sending Request, Confirm, Renew, Rebind or Release messages
If the client authenticated the Advertise message through which the If the client authenticated the Advertise message through which the
client selected the server, the client MUST generate authentication client selected the server, the client MUST generate authentication
information for subsequent Request, Confirm, Renew, Rebind or Release information for subsequent Request, Confirm, Renew, Rebind or Release
messages sent to the server as described in section 17.5. When the messages sent to the server as described in section 19.6. When the
client sends a subsequent message, it MUST use the same secret used client sends a subsequent message, it MUST use the same secret used
by the server to generate the authentication information. by the server to generate the authentication information.
17.5.6.2. Receiving Reply messages 19.6.5.4. Receiving Reply messages
If the client authenticated the Advertise it accepted, the client If the client authenticated the Advertise it accepted, the client
MUST validate the associated Reply message from the server. The MUST validate the associated Reply message from the server. The
client MUST discard the Reply if the message fails to pass validation client MUST discard the Reply if the message fails to pass validation
and MAY log the validation failure. If the Reply fails to pass and MAY log the validation failure. If the Reply fails to pass
validation, the client MUST restart the DHCP configuration process by validation, the client MUST restart the DHCP configuration process by
sending a Solicit message. The client MAY choose to remember which sending a Solicit message. The client MAY choose to remember which
server replied with a Reply message that failed to pass validation server replied with a Reply message that failed to pass validation
and discard subsequent messages from that server. and discard subsequent messages from that server.
If the client accepted an Advertise message that did not include If the client accepted an Advertise message that did not include
authentication information or did not pass the validation test, the authentication information or did not pass the validation test, the
client MAY accept an unauthenticated Reply message from the server. client MAY accept an unauthenticated Reply message from the server.
17.5.7. Server considerations for delayed authentication protocol 19.6.6. Server considerations for delayed authentication protocol
17.5.7.1. Receiving Solicit messages and Sending Advertise messages 19.6.6.1. Receiving Solicit messages and Sending Advertise messages
The server selects a secret for the client and includes The server selects a secret for the client and includes
authentication information in the Advertise message returned to the authentication information in the Advertise message returned to the
client as specified in section 17.5. The server MUST record the client as specified in section 19.6. The server MUST record the
identifier of the secret selected for the client and use that same identifier of the secret selected for the client and use that same
secret for validating subsequent messages with the client. secret for validating subsequent messages with the client.
17.5.7.2. Receiving Request, Confirm, Renew, Rebind or Release messages 19.6.6.2. Receiving Request, Confirm, Renew, Rebind or Release messages
and Sending Reply messages and Sending Reply messages
The server uses the secret identified in the message and validates The server uses the secret identified in the message and validates
the message as specified in section 17.5.3. If the message fails to the message as specified in section 19.6.3. If the message fails to
pass validation or the server does not know the secret identified by pass validation or the server does not know the secret identified by
the 'secret ID' field, the server MUST discard the message and MAY the 'secret ID' field, the server MUST discard the message and MAY
choose to log the validation failure. choose to log the validation failure.
If the message passes the validation procedure, the server responds If the message passes the validation procedure, the server responds
to the specific message as described in section 14.4. The server to the specific message as described in section 16.2. The server
MUST include authentication information generated using the secret MUST include authentication information generated using the secret
identified in the received message as specified in section 17.5. identified in the received message as specified in section 19.6.
17.5.7.3. Sending Reconfigure-Init messages 19.6.6.3. Sending Reconfigure-Init messages
The server MUST include authentication information in a The server MUST include authentication information in a
Reconfigure-Init message, generated as specified in section 17.5 Reconfigure-Init message, generated as specified in section 19.6
using the secret the server initially selected for the client to using the secret the server initially selected for the client to
which the Reconfigure-Init message is to be sent. which the Reconfigure-Init message is to be sent.
18. DHCP options 20. DHCP options
Options are used to carry additional information and parameters Options are used to carry additional information and parameters
in DHCP messages. Every option shares a common base format, as in DHCP messages. Every option shares a common base format, as
described in section 18.1. described in section 20.1.
This document describes the DHCP options defined as part of the base This document describes the DHCP options defined as part of the base
DHCP specification. Other options may be defined in the future in a DHCP specification. Other options may be defined in the future in a
separate document. separate document.
18.1. Format of DHCP options 20.1. Format of DHCP options
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| option-code | option-len | | option-code | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| option-data | | option-data |
| (option-len octets) | | (option-len octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code An unsigned integer identifying the specific option option-code An unsigned integer identifying the specific option
type carried in this option. type carried in this option.
option-len An unsigned integer giving the length of the data in option-len An unsigned integer giving the length of the data in
this option in octets. this option in octets.
option-data The data for the option; the format of this data option-data The data for the option; the format of this data
depends on the definition of the option. depends on the definition of the option.
18.2. DHCP unique identifier option 20.2. DHCP unique identifier option
The DHCP unique identifier option is used to carry a DUID. The format The DHCP unique identifier option is used to carry a DUID. The format
for the DUID is keyed to mark the type of identifier and is of for the DUID is keyed to mark the type of identifier and is of
variable length. The format of the DUID option is: variable length. The format of the DUID option is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION DUID | option-len | | OPTION DUID | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DUID type | DUID len | | DUID type | DUID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| DUID | | |
. . . DUID (cont.) .
. . . .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
18.3. Identity association option 20.3. Identity association option
The identity association option is used to carry an identity The identity association option is used to carry an identity
association, the parameters associated with the IA and the addresses association, the parameters associated with the IA and the addresses
assigned to the IA. assigned to the IA.
The format of the IA option is: The format of the IA option is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 48, line 46 skipping to change at page 54, line 48
| valid lifetime (cont.) |T| addr status | prefix length | | valid lifetime (cont.) |T| addr status | prefix length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| IPv6 address | | IPv6 address |
| (16 octets) | | (16 octets) |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_IA (1) option-code OPTION_IA (TBD)
option-len Variable; equal to 24 + num-addrs*26 option-len Variable; equal to 24 + num-addrs*26
IA ID The unique identifier for this IA; chosen by IA ID The unique identifier for this IA; chosen by
the client the client
T1 The time at which the client contacts the T1 The time at which the client contacts the
server from which the addresses in the IA server from which the addresses in the IA
were obtained to extend the lifetimes of the were obtained to extend the lifetimes of the
addresses assigned to the IA. addresses assigned to the IA.
T2 The time at which the client contacts any T2 The time at which the client contacts any
available server to extend the lifetimes of available server to extend the lifetimes of
the addresses assigned to the IA. the addresses assigned to the IA.
T When set to 1, indicates that this address is T When set to 1, indicates that this address is
skipping to change at page 49, line 49 skipping to change at page 55, line 51
expired, the IA can be considered as having expired. T1 and T2 expired, the IA can be considered as having expired. T1 and T2
are included to give servers explicit control over when a client are included to give servers explicit control over when a client
recontacts the server about a specific IA. recontacts the server about a specific IA.
The 'T' bit identifies the associated address as a temporary address. The 'T' bit identifies the associated address as a temporary address.
If the server is configured to assign temporary addresses to the If the server is configured to assign temporary addresses to the
client, the server marks those temporary addresses with the 'T' client, the server marks those temporary addresses with the 'T'
bit. The number of temporary addresses assigned to the client and bit. The number of temporary addresses assigned to the client and
the lifetimes of those addresses is determined by the administrative the lifetimes of those addresses is determined by the administrative
configuration of the server. The 'T' bit only identifies an address configuration of the server. The 'T' bit only identifies an address
as a temporary address; identification of an address as ``temporary'' as a temporary address; identification of an address as "temporary"
has no implication on the lifetime of the extensibility of the has no implication on the lifetime of the extensibility of the
lifetime of the address. lifetime of the address.
18.4. Option request option 20.4. Option request option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ORO | option-len | | OPTION_ORO | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| requested-option-code-1 | requested-option-code-2 | | requested-option-code-1 | requested-option-code-2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ORO (2) option-code OPTION_ORO (TBD)
option-len Variable; equal to twice the number of option codes option-len Variable; equal to twice the number of option codes
carried in this option. carried in this option.
option-data A list of the option codes for the options requested option-data A list of the option codes for the options requested
in this option. in this option.
18.5. Client message option A client MAY include an Option Request option in a Solicit, Request,
Renew, Rebind or Confirm message to inform the server about options
the client wants the server to send to the client.
20.5. Preference option
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_PREFERENCE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| pref value |
+-+-+-+-+-+-+-+-+
option-code OPTION_PREFERENCE (TBD)
option-len MUST be 1
option-data The preference value for the server in this message.
A server MAY include a Preference option in an Advertise message to
control the selection of a server by the client. See section 15.1.3
for the use of the Preference option by the client and the
interpretation of Preference option data value.
20.6. Elapsed Time
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ELAPSED_TIME | option_len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| elapsed time |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ELAPSED_TIME (TBD)
option-len MUST be 2
option-data The amount of time since the client began its
current DHCP transaction. This time is expressed in
hundredths of a second (10^-2 seconds).
A client MAY include an Elapsed Time option in messages to indicate
how long the client has been trying to complete a DHCP transaction.
Servers MAY use the data value in this option as input to policy
controlling how a server responds to a client message.
20.7. Client message option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENT_MSG | option-len | | OPTION_CLIENT_MSG | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DHCP client message | | DHCP client message |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_CLIENT_MSG (3) option-code OPTION_CLIENT_MSG (TBD)
option-len Variable; equal to the length of the forwarded DHCP option-len Variable; equal to the length of the forwarded DHCP
client message. client message.
option-data The message received from the client; forwarded option-data The message received from the client; forwarded
verbatim to the server. verbatim to the server.
18.6. Server message option 20.8. Server message option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_SERVER_MSG | option-len | | OPTION_SERVER_MSG | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DHCP server message | | DHCP server message |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_SERVER_MSG (4) option-code OPTION_SERVER_MSG (TBD)
option-len Variable; equal to the length of the forwarded DHCP option-len Variable; equal to the length of the forwarded DHCP
server message. server message.
option-data The message received from the server; forwarded option-data The message received from the server; forwarded
verbatim to the client. verbatim to the client.
18.7. Retransmission parameter option 20.9. DSTM Global IPv4 Address Option
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_RETRANS_PARM | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| option-data |
| (option-len octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_RETRANS_PARM (5)
option-len An unsigned integer giving the length of the data in
this option in octets.
option-data TBD - The details of the operational parameters to
be set in the client
18.8. DSTM Global IPv4 Address Option
The DSTM Global IPv4 Address Option informs a client or server that The DSTM Global IPv4 Address Option informs a client or server that
the Identity Association Option (IA) following this option will the Identity Association Option (IA) following this option will
contain an IPv4-Mapped IPv6 Address [9] in the case of a Client contain an IPv4-Mapped IPv6 Address [9] in the case of a Client
receiving the option, or is a Request for an IPv4-Mapped IPv6 Address receiving the option, or is a Request for an IPv4-Mapped IPv6 Address
from a client in the case of a DHCPv6 Server receiving the option. from a client in the case of a DHCPv6 Server receiving the option.
The option can also provide a set of IPv6 addresses to be used as the The option can also provide a set of IPv6 addresses to be used as the
Tunnel Endpoint (TEP) to encapsulate an IPv6 packet within IPv6. Tunnel Endpoint (TEP) to encapsulate an IPv6 packet within IPv6.
This option can be used with the Request, Reply, and Reconfigure-Init This option can be used with the Request, Reply, and Reconfigure-Init
skipping to change at page 52, line 19 skipping to change at page 58, line 48
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_DSTM | option-length | | OPTION_DSTM | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Tunnel End Point (TEP) | | Tunnel End Point (TEP) |
| (If Present) | | (If Present) |
| (16 octets) | | (16 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option code OPTION_DSTM (7) option code OPTION_DSTM (TBD)
option length Variable: 0 or multiple of 16 option length Variable: 0 or multiple of 16
tunnel end point IPv6 Address or addresses if Present tunnel end point IPv6 Address or addresses if Present
A DSTM IPv4 Global Address Option MUST only apply to the IA following A DSTM IPv4 Global Address Option MUST only apply to the IA following
this option. this option.
18.9. Authentication option 20.10. Authentication option
The Authentication option carries authentication information to The Authentication option carries authentication information to
authenticate the identity and contents of DHCP messages. The use of authenticate the identity and contents of DHCP messages. The use of
the Authentication option is described in section 17. the Authentication option is described in section 19.
The format of the Authentication option is: The format of the Authentication option is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_AUTH | option-length | | OPTION_AUTH | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Protocol | Algorithm | RDM | Replay detect.| | Protocol | Algorithm | RDM | Replay detect.|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 53, line 23 skipping to change at page 60, line 5
this authentication option this authentication option
Replay detection The replay detection information for Replay detection The replay detection information for
the RDM the RDM
Authentication information The authentication information, Authentication information The authentication information,
as specified by the protocol and as specified by the protocol and
algorithm used in this authentication algorithm used in this authentication
option option
18.10. Server unicast option 20.11. Server unicast option
This option is used by a server to send to a client to inform the This option is used by a server to send to a client to inform
client it can send a Request, Renew, Confirm, Release, and Decline by the client it MAY send a Request, Renew, Release, and Decline by
unicasting directly to the server instead of the ALL-DHCPv6-Agents unicasting directly to the server instead of the All_DHCPv6_Agents
Multicast address as an optimization, when the client as an address Multicast address as an optimization, when the client as an address
of sufficient scope to reach the server. of sufficient scope to reach the server.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_UNICAST | option-length | | OPTION_UNICAST | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_UNICAST (TBD) option-code OPTION_UNICAST (TBD)
option-length 0 option-length 0
This option only applies to the server address that sends this to the This option only applies to the server address that sends this to the
client. client.
18.11. Domain Search Option 20.12. Domain Search Option
This option provides a list of domain names a client can use to This option provides a list of domain names a client can use to
resolve DNS names. resolve DNS names.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_DOMAIN_SEARCH_LIST | option-length | | OPTION_DOMAIN_SEARCH_LIST | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Domain Search List | | Domain Search List |
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
msg type OPTION_DOMAIN_SEARCH_LIST (TBD) option-code OPTION_DOMAIN_SEARCH_LIST (TBD)
option-length variable option-length variable
Domain Search List The DNS domain search list the client Domain Search List The DNS domain search list the client
should use to resolve names. should use to resolve names.
So that the search list may be encoded compactly and uniformly, So that the search list may be encoded compactly and uniformly,
search strings in the search list are concatenated and encoded using search strings in the search list are concatenated and encoded using
the technique described in section 4.1 of [13]. the technique described in section 4.1 of [13].
For use in this specification, the compression pointer (see section For use in this specification, the compression pointer (see section
4.1.4 of [13]) refers to the offset within the SearchString portion 4.1.4 of [13]) refers to the offset within the SearchString portion
of the option. of the option.
18.12. Domain Name Server Option 20.13. Domain Name Server Option
This option provides a list of Domain Name System [13] that a client This option provides a list of Domain Name System [13] that a client
name resolver can use to access DNS services. There must be at least name resolver can use to access DNS services. There must be at least
1 server listed in this option. 1 server listed in this option.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_DNS_SERVERS | option_length | | OPTION_DNS_SERVERS | option_length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 54, line 47 skipping to change at page 61, line 29
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| DNS server (IP address) | | DNS server (IP address) |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
msg-type OPTION_DNS_SERVERS (TBD) option-code OPTION_DNS_SERVERS (11)
option-length variable option-length variable
DNS server IPv6 address of a DNS name server for the DNS server IPv6 address of a DNS name server for the
client to use. The DNS servers are listed in client to use. The DNS servers are listed in
the order of preference for use by the client the order of preference for use by the client
resolver. resolver.
19. DHCP Client Implementor Notes 20.14. Status Code Option
This section provides helpful information for the client implementor This option returns indications of status not related to a specific
regarding their implementations. The text described here is not part option.
of the protocol, but rather a discussion of implementation features
we feel the implementor should consider during implementation.
19.1. Primary Interface 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_STATUS_CODE | option-length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| status-code | status-message |
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Since configuration parameters acquired through DHCP can be option-code OPTION_STATUS_CODE (TBD)
interface-specific or more general, the client implementor SHOULD option-length variable
provide a mechanism by which the client implementation can be
configured to specify which interface is the primary interface. The
client SHOULD always query the DHCP data associated with the primary
interface for non-interface specific configuration parameters. An
implementation MAY implement a list of interfaces which would be
scanned in order to satisfy the general request. In either case, the
first interface scanned is considered the primary interface.
By allowing the specification of a primary interface, the client status-code The numeric code for the status encoded in
implementor identifies which interface is authoritative for this option. The status codes are defined in
non-interface specific parameters, which prevents configuration section 7.4.
information ambiguity within the client implementation.
19.2. Advertise Message and Configuration Parameter Caching status-message A UTF-8 encoded text string, which MUST NOT
be null-terminated.
If the hardware the client is running on permits it, the implementor 20.15. Circuit-ID Option
SHOULD provide a cache for Advertise messages and a cache of
configuration parameters received through DHCP. Providing these
caches prevents unnecessary DHCP traffic and the subsequent load
this generates on the servers. The implementor SHOULD provide a
configuration knob for setting the amount of time the cache(s) are
valid.
19.3. Time out and retransmission variables This option provides a mechanism through which a relay agent can
identify the network attachment point through which a message was
received from a DHCP client.
Note that the client time out and retransmission variables outlined 0 1 2 3
in section 7.5 can be configured on the server and sent to the client 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
through the use of the "DHCP Retransmission Parameter Option", which +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
is documented in section 18.7. A client implementation SHOULD be | OPTION_CIRCUIT_ID | option_length |
able to reset these variables using the values from this option. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Circuit-ID |
. .
. .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
19.4. Server Preference option-code OPTION_CIRCUIT_ID (TBD)
A client MUST wait for SRVR_PREF_WAIT seconds after sending a DHCP option-length variable
Solicit message to collect Advertise messages and compare their
preferences (see section 20.3), unless it receives an Advertise
message with a preference of 255. If the client receives an
Advertise message with a preference of 255, then the client MAY act
immediately on that Advertise without waiting for any more additional
Advertise messages.
20. DHCP Server Implementor Notes Circuit-ID An opaque value of arbitrary length; this
value must uniquely identify one of the
network attachments used by the relay agent
This section provides helpful information for the server implementor. 20.16. User Class Option
20.1. Client Bindings This option is used by a client to identify the type or category of
user or applications it represents. The information contained in
this option is an opaque field that represents the user class of
which the client is a member. Based on this class, a DHCP server
selects the appropriate address pool to assign an address to the
client and the appropriate configuration parameters.
A server implementation MUST use the IA's DUID and the prefix 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
specification from which the client sent its Request message(s) as an +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
index for finding configuration parameters assigned to the client. | OPTION_USER_CLASS | option-len |
While it isn't critical to keep track of the other parameters +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
assigned to a client, the server MUST keep track of the addresses it | user class data |
has assigned to an IA. | . . . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The server should periodically scan its bindings for addresses whose option-code TBD
leases have expired. When the server finds expired addresses, it
MUST delete the assignment of those addresses, thereby making these
addresses available to other clients.
The client bindings MUST be stored in non-volatile storage. option-len Variable; If n user classes are carried
by the option, the length of the option
option-len = sum of each of the user class
lengths + 2*n.
The server implementation should provide policy knobs to control option-data The user classes carried by the client.
whether or not the lifetimes on assigned addresses are renewable, and
by how long.
20.2. Reconfigure-init Considerations The user class option may contain one or more instances of user class
data. Each instance of the user class data is formatted as follows:
A server implementation MUST provide an interface to the +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
administrator for initiating reconfigure-init events. | user class1 len | user1 class data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
20.3. Server Preference The user class length is two octets long and specifies the length of
the opaque user class data in network byte order.
The server implementation SHOULD allow the setting of a server Servers may interpret the meanings of multiple class specifications
preference value by the administrator. The server preference in an implementation dependent or configuration dependent manner,
variable is an unsigned single octet value (0--255), with the lowest and so the use of multiple classes by a DHCP client should be based
preference being 0 and the highest 255. Clients will choose higher on the specific server implementation and configuration which will
preference servers over those with lower preference values. If you be used to process that User class option. Servers not equipped to
don't choose to implement this feature in your server, you MUST set interpret the user class information sent by a client MUST ignore it
the server preference field to 0 in the Advertise messages generated (although it may be reported).
by your server.
20.4. Request Message Transaction-ID Cache 20.17. Vendor Class Option
In order to improve performance, a server implementation MAY include This option is used by clients and servers to exchange vendor-
an in memory transaction-ID cache. This cache is indexed by client specific information. The definition of this information is vendor
binding and transaction-ID, and enables the server to quickly specific. The vendor is indicated in the vendor class identifier
determine whether a Request is a retransmission or a new Request option. Servers not equipped to interpret the vendor-specific
without the cost of a database lookup. If an implementor chooses to information sent by a client MUST ignore it (although it may be
implement this cache, then they SHOULD provide a configuration knob reported). Clients which do not receive desired vendor-specific
to tune the lifetime of the cache entries. information SHOULD make an attempt to operate without it, although
they may do so(and announce they are doing so) in a degraded mode.
21. DHCP Relay Implementor Notes 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_VENDOR_CLASS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| option-data |
| . . . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
A relay implementation SHOULD allow the specification of a list of option-code TBD
destination addresses for forwarded messages. This list MAY contain
any mixture of unicast addresses and multicast addresses.
If a relay receives an ICMP message in response to a DHCP message it option-len Variable
has forwarded, it SHOULD log this event.
22. Security option-data The information is an opaque object of
option-len octets, presumably interpreted
by vendor-specific code on the clients and
servers
Section 17 describes a threat model and an option that provides an If a vendor potentially encodes more than one item of information
in this option, then the vendor SHOULD encode the option using
"Encapsulated vendor-specific options".
The Encapsulated vendor-specific options field SHOULD be encoded as a
sequence of code/length/value fields of identical syntax to the DHCP
options field.
When encapsulated vendor-specific extensions are used, each of the
encapsulated options is formatted as follows.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| opt_code | opt_len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| option-data |
| . . . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
opt_code The code for the encapsulated option
opt_len The length of the encapsulated option
option-data The data area for the encapsulated option
21. Security Considerations
Section 19 describes a threat model and an option that provides an
authentication framework to defend against that threat model. authentication framework to defend against that threat model.
23. Year 2000 considerations 22. Year 2000 considerations
Since all times are relative to the current time of the transaction, Since all times are relative to the current time of the transaction,
there is no problem within the DHCPv6 protocol related to any there is no problem within the DHCPv6 protocol related to any
hardcoded dates or two-digit representation of the current year. hardcoded dates or two-digit representation of the current year.
24. IANA Considerations 23. IANA Considerations
This document defines several new name spaces associated with DHCPv6 This document defines several new name spaces associated with DHCPv6
and DHCPv6 options. IANA is requested to manage the allocation of and DHCPv6 options. IANA is requested to manage the allocation of
values from these name spaces. values from these name spaces, which are described in the remainder
of this section. These name spaces are all to be managed separately
from the name spaces defined for DHCPv4 [7, 2].
New values in each of these name spaces should be approved by the New values in each of these name spaces should be approved by the
process of IETF Consensus [14]. process of IETF consensus [14].
24.1. DHCPv6 options 23.1. Multicast addresses
This document defines message types TBD to be received by UDP at port Section 7.1 defines the following multicast addresses, which have
numbers 546 and 547. Additional message types may be defined in the been assigned by IANA for use by DHCPv6:
future.
24.2. Multicast addresses All_DHCP_Agents address: FF02::1:2
Section 7.1 lists several multicast addresses used by DHCP. All_DHCP_Servers address: FF05::1:3
Additional multicast addresses may be defined in the future.
24.3. Status codes IANA is requested to manage definition of additional multicast
addresses in the future.
Section 9.7 defines several status codes that are to be returned with 23.2. DHCPv6 message types
the Reply message. The non-zero values for these status codes that
are currently specified are shown in the table in section 7.4.
24.4. Retransmission parameter option IANA is requested to record the message types defined in section 7.3.
IANA is requested to manage definition of additional message types in
the future.
There is a DHCPv6 option described in section 18.7, which allows 23.3. DUID
clients and servers to exchange values for some of the timing
and retransmission parameters defined in section 7.5. Adding new
parameters in the future would require extending the values by which
the parameters are indicated in the DHCP option. Since there needs
to be a list kept, the default values for each parameter should also
be stored as part of the list.
24.5. Authentication option IANA is requested to record the DUID types defined in section 10.1.
IANA is requested to manage definition of additional DUID types in
the future.
Section 17 defines three new name spaces associated with the 23.4. DHCPv6 options
Authentication Option (section 18.9), which are to be created and
IANA is requested to assign option-codes to the options defined
in section 20.1. IANA is requested to manage the definition of
additional DHCPv6 option-codes in the future.
23.5. Status codes
IANA is requested to record the status codes defined in section 7.4.
IANA is requested to manage the definition of additional status codes
in the future.
23.6. Authentication option
Section 19 defines three new name spaces associated with the
Authentication Option (section 20.10), which are to be created and
maintained by IANA: Protocol, Algorithm and RDM. maintained by IANA: Protocol, Algorithm and RDM.
Initial values assigned from the Protocol name space are 0 (for the Initial values assigned from the Protocol name space are 0 (for the
configuration token Protocol in section 17.4) and 1 (for the delayed configuration token Protocol in section 19.5) and 1 (for the delayed
authentication Protocol in section 17.5). Additional protocols may authentication Protocol in section 19.6). Additional protocols may
be defined in the future. be defined in the future.
The Algorithm name space is specific to individual Protocols. That The Algorithm name space is specific to individual Protocols. That
is, each Protocol has its own Algorithm name space. The guidelines is, each Protocol has its own Algorithm name space. The guidelines
for assigning Algorithm name space values for a particular protocol for assigning Algorithm name space values for a particular protocol
should be specified along with the definition of a new Protocol. should be specified along with the definition of a new Protocol.
For the configuration token Protocol, the Algorithm field MUST be For the configuration token Protocol, the Algorithm field MUST be
0, as described in section 17.4. For the delayed authentication 0, as described in section 19.5. For the delayed authentication
Protocol, the Algorithm value 1 is assigned to the HMAC-MD5 Protocol, the Algorithm value 1 is assigned to the HMAC-MD5
generating function as defined in section 17.5. Additional generating function as defined in section 19.6. Additional
algorithms for the delayed authentication protocol may be defined in algorithms for the delayed authentication protocol may be defined in
the future. the future.
The initial value of 0 from the RDM name space is assigned to the The initial value of 0 from the RDM name space is assigned to the
use of a monotonically increasing value as defined in section 17.3. use of a monotonically increasing value as defined in section 19.4.
Additional replay detection methods may be defined in the future. Additional replay detection methods may be defined in the future.
25. Acknowledgments 24. Acknowledgments
Thanks to the DHC Working Group for their time and input into the Thanks to the DHC Working Group for their time and input into the
specification. Ralph Droms and Thomas Narten have had a major specification. Ralph Droms and Thomas Narten have had a major
role in shaping the continued improvement of the protocol by their role in shaping the continued improvement of the protocol by their
careful reviews. Many thanks to Matt Crawford, Erik Nordmark, Gerald careful reviews. Many thanks to Matt Crawford, Erik Nordmark, Gerald
Maguire, and Mike Carney for their studied review as part of the Maguire, and Mike Carney for their studied review as part of the
Last Call process. Thanks also for the consistent input, ideas, and Last Call process. Thanks also for the consistent input, ideas, and
review by (in alphabetical order) Brian Carpenter, Francis DuPont, review by (in alphabetical order) Brian Carpenter, Francis DuPont,
Ted Lemon, Jack McCann, Yakov Rekhter, Matt Thomas, Sue Thomson, Ted Lemon, Jack McCann, Yakov Rekhter, Matt Thomas, Sue Thomson,
Bernie Volz and Phil Wells. Bernie Volz and Phil Wells.
Thanks to Steve Deering and Bob Hinden, who have consistently Thanks to Steve Deering and Bob Hinden, who have consistently
taken the time to discuss the more complex parts of the IPv6 taken the time to discuss the more complex parts of the IPv6
specifications. specifications.
Bill Arbaugh reviewed the authentication mechanism described in Bill Arbaugh reviewed the authentication mechanism described in
section 17. section 19.
The Domain Search option described in section 18.11 is based on the The Domain Search option described in section 20.12 is based on the
DHCPv4 domain search option, [1], and was reviewed by Bernard Aboba. DHCPv4 domain search option, [1], and was reviewed by Bernard Aboba.
A. Comparison between DHCPv4 and DHCPv6 A. Comparison between DHCPv4 and DHCPv6
This appendix is provided for readers who will find it useful to see This appendix is provided for readers who will find it useful to see
a model and architecture comparison between DHCPv4 [7, 2] and DHCPv6. a model and architecture comparison between DHCPv4 [7, 2] and DHCPv6.
There are three key reasons for the differences: There are three key reasons for the differences:
o IPv6 inherently supports a new model and architecture for o IPv6 inherently supports a new model and architecture for
communications and autoconfiguration of addresses. communications and autoconfiguration of addresses.
skipping to change at page 60, line 6 skipping to change at page 67, line 45
relay. relay.
o The need for BOOTP compatibility and the broadcast flag have been o The need for BOOTP compatibility and the broadcast flag have been
removed. removed.
o Multicast and address scoping in IPv6 permit the design of o Multicast and address scoping in IPv6 permit the design of
discovery packets that would inherently define their range by the discovery packets that would inherently define their range by the
multicast address for the function required. multicast address for the function required.
o Stateful autoconfiguration has to coexist and integrate with o Stateful autoconfiguration has to coexist and integrate with
stateless autoconfiguration supporting Duplicate Address stateless address autoconfiguration supporting duplicate address
Detection and the two IPv6 lifetimes, to facilitate the dynamic detection [20] and the two IPv6 address lifetimes, to facilitate
renumbering of addresses and the management of those addresses. the dynamic renumbering of addresses and the management of those
addresses.
o Multiple addresses per interface are inherently supported in o Multiple addresses per interface are inherently supported in
IPv6. IPv6.
o Some DHCPv4 options are unnecessary now because the configuration o Some DHCPv4 options are unnecessary now because the configuration
parameters are either obtained through IPv6 Neighbor Discovery or parameters are either obtained through IPv6 Neighbor Discovery or
the Service Location protocol [21]. the Service Location protocol [21].
DHCPv6 Architecture/Model Changes: DHCPv6 Architecture/Model Changes:
o The message type is the first octet in the packet. o The message type is the first octet in the packet.
o IPv6 Address allocations are now handled in a message option as o IPv6 Address allocations are now handled in a message option as
opposed to the message header. opposed to the message header.
o Client/Server bindings are now mandatory and take advantage of o Client/Server bindings are now mandatory and take advantage
the client's link-local address to always permit communications of the link-local address of the client to always permit
either directly from an on-link server, or from a off-link server communications either directly from an on-link server, or from a
through an on-link relay. off-link server through an on-link relay.
o Servers are discovered by a client Solicit, followed by a server o Servers are discovered by a client Solicit, followed by a server
Advertise message Advertise message
o The client will know if the server is on-link or off-link. o The client will know if the server is on-link or off-link.
o The on-link relay may locate off-link server addresses from o The on-link relay may locate off-link server addresses from
system configuration or by the use of a site-wide multicast system configuration or by the use of a site-wide multicast
packet. packet.
skipping to change at page 61, line 50 skipping to change at page 69, line 40
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
C. Changes in this draft
This section describes the changes between this version of the DHCPv6
specification and draft-ietf-dhc-dhcpv6-19.txt.
C.1. Reconfigure-init
The client behavior in response to a Reconfigure-init message
described in section 15 has been changed. When the client receives
a Reconfigure-init message, the client goes into "Reconfigure"
mode. The client initiates a Request/Reply exchange in which the
XID in client Request is independent of server Reconfigure-init XID.
The server waits for the next Request message from the client to
determine if the client has received the Reconfigure-init.
To avoid redundant Request/Reply messages exchanges, the client
ignores subsequent Reconfigure-init messages until it completes the
Request/Reply exchange.
Use of multicast for Reconfigure-init message delivery has been
removed:
- Multicast only saves, at most, 1/3 of the messages when
reconfiguring multiple clients
- Multicast might cause an implosion of Request messages;
additional complexity in the client and protocol messages would
be required to add delay to spread out Request messages
- Authentication of multicast Reconfigure-init messages (where a
single message must be authenticated by multiple clients) is an
open problem
Text has been added clarifying that the ORO option applies to IAs as
well as other options. The server may choose to omit the IA option
from the ORO in the Reconfigure-init message.
The Reconfigure-delay option (used only by multicast
Reconfigure-init) has been removed.
The transaction ID feild in the Reconfigure-init message header is
now marked as "(unused) MUST be zero".
C.2. Authentication
DHCPv4-style authentication has been added to this draft in
section 17.
C.3. Confirm message
The following DISCUSSION was removed from the description of the
Confirm message:
DISCUSSION:
This section used to allow servers to change the addresses
in an IA. Without some additional mechanism, servers
responding to Confirm messages can't change safely
change the addresses in IAs (although they can change
the lifetimes), because servers may send back different
addresses.
C.4. Failure of Rebind message
In section 14.3.4, the alternatives for client behavior in the
case that the client receives no response to a Rebind message were
taken out of a DISCUSSION section and made part of the spec. These
alternatives are really an implementation issue and not part of the
DHCPv6 spec.
C.5. Server behavior in response to Release message
The following DISCUSSION was merged into the text describing server
behavior in response to a Release message in section 14.4.5:
DISCUSSION:
What is the behavior of the server relative to a "partially
released" IA; i.e., an IA for which some but not all
addresses are released?
Can a client send an empty IA to release all addresses in
the IA?
If the IA becomes empty - all addresses are released - can
the server discard any record of the IA?
C.6. Client behavior when sending a Release message
Text has been added to section 14.3.6 clarifying that a client MAY
(but not MUST) wait for a Reply to a Release message.
C.7. IA option
The format diagram has been corrected to include the prefix length
and address status with each address. PROPOSAL - use left-most bit
in address status to indicate whether an address is "temporary".
C.8. DSTM option
Definition of DSTM option has been updated to carry multiple IPv6
addresses as tunnel endpoints.
C.9. Server unicast option
An option to allow clients to use unicast where possible has been
added in section 18.10.
C.10. Domain search option
An option to pass a domain name search list to a client has been
added in section 18.11.
C.11. DNS servers option
An option to pass a list of DNS options to a client has been added in
section 18.12.
C.12. DUID and IAID
The "DHCP unique identifier" is defined as a typed, variable length
value (see section 18.2). The DUID is carried in an option. The
details of the DUID are TBD.
The "IA identifier" is defined as a 4 octet identifier, unique among
all IAIDs for IAs from a client.
C.13. Continuing to poll with Solicit
Text has been added to section 13.3.2 allowing a client to continue
to send Solicit messages at low frequency indefinitely.
C.14. Using DHCPv6 without address assignment
Text has been added to section 14.3.1 allowing a client to send a
Solicit message containing no IAs to request other configuration
information without address assignment (equivalent to DHCPv4
DHCPINFORM).
C.15. Potential crossing in flight of Request and Reconfigure-init
messages
Text has been added to section 15 addressing the case in which the
client sends a Request after a server has sent a Reconfigure-init but
before the client receives the Reconfigure-init.
D. Open Issues for Working Group Discussion
This section contains some items for discussion by the working group.
D.1. Generation and use of DUID and IAID
Details for generation and use of DUID and IA identifiers is TBD.
D.2. Address registration
Should there be a way for a DHCP client to register stateless
autoconfig addresses with the server?
D.3. Prefix advertisement
Can a DHCP server advertise prefixes? This function might be used
to provide managed temporary addresses - the server advertises a
prefix and the client then registers selected addresses with the DHCP
server.
D.4. DHCP-DNS interaction
Interaction among DHCP servers, clients and DNS servers should be
discussed in this document.
What is relationship between DHCP-DNS for IPv4 (work-in-progress) and
DHCP-DNS interaction requirements for IPv6?
D.5. Use of term "agent"
The term "agent", taken to mean "relay agent or server", may be
confusing. "relay agent or server" might be clearer.
D.6. Additional options
Which additional options should be included in this base spec
document? How should we reserve space for "local options" (as in
DHCPv4)?
D.7. Operational parameters
Should servers have an option to set operational parameters -
retransmission timeouts, number of retries - in clients?
References References
[1] B. Aboba. DHCP Domain Search Option. Internet Draft, Internet [1] B. Aboba. DHCP Domain Search Option. Internet Draft, Internet
Engineering Task Force, December 2000. Work in progress. Engineering Task Force, December 2000. Work in progress.
[2] S. Alexander and R. Droms. DHCP Options and BOOTP Vendor [2] S. Alexander and R. Droms. DHCP Options and BOOTP Vendor
Extensions. Request for Comments (Draft Standard) 2132, Extensions, March 1997. RFC 2132.
Internet Engineering Task Force, March 1997.
[3] S. Bradner. Key words for use in RFCs to Indicate Requirement [3] S. Bradner. Key words for use in RFCs to Indicate Requirement
Levels. Request for Comments (Best Current Practice) 2119, Levels, March 1997. RFC 2119.
Internet Engineering Task Force, March 1997.
[4] S. Bradner and A. Mankin. The Recommendation for the IP Next [4] S. Bradner and A. Mankin. The Recommendation for the IP Next
Generation Protocol. Request for Comments (Proposed Standard) Generation Protocol, January 1995. RFC 1752.
1752, Internet Engineering Task Force, January 1995.
[5] W. J. Croft and J. Gilmore. Bootstrap Protocol. Request for [5] W.J. Croft and J. Gilmore. Bootstrap Protocol, September 1985.
Comments 951, Internet Engineering Task Force, September 1985. RFC 951.
[6] S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6) [6] S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6)
Specification. Request for Comments (Draft Standard) 2460, Specification, December 1998. RFC 2460.
Internet Engineering Task Force, December 1998.
[7] R. Droms. Dynamic Host Configuration Protocol. Request for [7] R. Droms. Dynamic Host Configuration Protocol, March 1997. RFC
Comments (Draft Standard) 2131, Internet Engineering Task Force, 2131.
March 1997.
[8] R. Droms and W. Arbaugh. Authentication for DHCP Messages. [8] R. Droms and W. Arbaugh. Authentication for DHCP Messages.
Internet Draft, Internet Engineering Task Force, January 2001. Internet Draft, Internet Engineering Task Force, January 2001.
Work in progress. Work in progress.
[9] R. Hinden and S. Deering. IP Version 6 Addressing Architecture. [9] R. Hinden and S. Deering. IP Version 6 Addressing Architecture,
Request for Comments (Proposed Standard) 2373, Internet July 1998. RFC 2373.
Engineering Task Force, July 1998.
[10] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing [10] S. Kent and R. Atkinson. Security Architecture for the Internet
for Message Authentication. Request for Comments Protocol, November 1998. RFC 2401.
(Informational) 2104, Internet Engineering Task Force,
February 1997.
[11] J. McCann, S. Deering, and J. Mogul. Path MTU Discovery for [11] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing
IP version 6. Request for Comments (Proposed Standard) 1981, for Message Authentication, February 1997. RFC 2104.
Internet Engineering Task Force, August 1996.
[12] David L. Mills. Network Time Protocol (Version 3) [12] David L. Mills. Network Time Protocol (Version 3)
Specification, Implementation. Request for Comments (Draft Specification, Implementation, March 1992. RFC 1305.
Standard) 1305, Internet Engineering Task Force, March 1992.
[13] P. V. Mockapetris. Domain names - implementation and [13] P. V. Mockapetris. Domain names - implementation and
specification. Request for Comments (Standard) 1035, Internet specification, November 1987. RFC 1035.
Engineering Task Force, November 1987.
[14] T. Narten and H. Alvestrand. Guidelines for Writing an IANA [14] T. Narten and H. Alvestrand. Guidelines for Writing an IANA
Considerations Section in RFCs. Request for Comments (Best Considerations Section in RFCs, October 1998. RFC 2434.
Current Practice) 2434, Internet Engineering Task Force, October
1998.
[15] T. Narten and R. Draves. Privacy Extensions for Stateless [15] T. Narten and R. Draves. Privacy Extensions for Stateless
Address Autoconfiguration in IPv6. Request for Comments Address Autoconfiguration in IPv6, January 2001. RFC 3041.
(Proposed Standard) 3041, Internet Engineering Task Force,
January 2001.
[16] T. Narten, E. Nordmark, and W. Simpson. Neighbor Discovery for [16] T. Narten, E. Nordmark, and W. Simpson. Neighbor Discovery for