Internet Engineering Task Force                                 J. Bound
INTERNET DRAFT                                                    Compaq
DHC Working Group                                              M. Carney
Obsoletes:  draft-ietf-dhc-dhcpv6-22.txt  draft-ietf-dhc-dhcpv6-23.txt           Sun Microsystems, Inc
                                                              C. Perkins
                                                   Nokia Research Center
                                                               Ted Lemon
                                                                 Nominum
                                                             Bernie Volz
                                                                Ericsson
                                                           R. Droms(ed.)
                                                           Cisco Systems
                                                              1 Feb
                                                             22 Apr 2002

         Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
                      draft-ietf-dhc-dhcpv6-23.txt
                      draft-ietf-dhc-dhcpv6-24.txt

Status of This Memo

   This document is a submission by the Dynamic Host Configuration
   Working Group of the Internet Engineering Task Force (IETF). Comments
   should be submitted to the dhcwg@ietf.org mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

    The list of current Internet-Drafts can be accessed at:
         http://www.ietf.org/ietf/1id-abstracts.txt
    The list of Internet-Draft Shadow Directories can be accessed at:
         http://www.ietf.org/shadow.html.

Abstract

   The Dynamic Host Configuration Protocol for IPv6 (DHCP) enables
   DHCP servers to pass configuration parameters such as IPv6 network
   addresses to IPv6 nodes.  It offers the capability of automatic
   allocation of reusable network addresses and additional configuration
   flexibility.  This protocol is a stateful counterpart to "IPv6
   Stateless Address Autoconfiguration" [21], (RFC2462), and can be used
   separately or concurrently with the latter to obtain configuration
   parameters.

                                Contents

Status of This Memo                                                    i

Abstract                                                               i

 1. Introduction and Overview                                          1

 2. Requirements                                                       2

 3. Background                                                         2

 4. Design Goals                                                       3

 5. Non-Goals                                                          4

 6. Terminology                                                        4
     6.1. IPv6 Terminology
     1.1. Protocols and addressing  . . . . . . . . . . . . . . . .    2
     1.2. Protocol implementation . . . .    4
     6.2. DHCP Terminology . . . . . . . . . . . . .    2
     1.3. Client-server exchanges involving two messages  . . . . .    3
     1.4. Client-server exchanges involving four messages . .    5

 7. DHCP Constants                                                     7
     7.1. Multicast Addresses . . .    3

 2. Requirements                                                       4

 3. Background                                                         4

 4. Terminology                                                        5
     4.1. IPv6 Terminology  . . . . . . . . . . . . . . . .    7
     7.2. UDP ports . . . .    5
     4.2. DHCP Terminology  . . . . . . . . . . . . . . . . . . . .    7
     7.3.    6

 5. DHCP message types Constants                                                     8
     5.1. Multicast Addresses . . . . . . . . . . . . . . . . . . .    8
     7.4. Status Codes
     5.2. Anycast address . . . . . . . . . . . . . . . . . . . . .    8
     5.3. UDP ports .    9
           7.4.1. Generic Status Codes . . . . . . . . . . . . . .    9
           7.4.2. Server-specific Status Codes . . . . . . . . .    8
     5.4. DHCP message types  .   10
     7.5. Configuration Variables . . . . . . . . . . . . . . . . .   11

 8. Message Formats                                                   11
     8.1. DHCP Solicit Message Format .    9
     5.5. Status Codes  . . . . . . . . . . . . . .   12
     8.2. DHCP Advertise Message Format . . . . . . . .   10
     5.6. Configuration Parameters  . . . . . .   12
     8.3. DHCP Request Message Format . . . . . . . . . .   11

 6. Message Formats                                                   11

 7. Relay agent messages                                              12
     7.1. Relay-forward message . . . . .   12
     8.4. DHCP Confirm Message Format . . . . . . . . . . . . .   13
     7.2. Relay-reply message . .   13
     8.5. DHCP Renew Message Format . . . . . . . . . . . . . . . .   13
     8.6. .   14

 8. Representation and use of domain names                            14

 9. DHCP Rebind Message Format unique identifier (DUID)                                     14
     9.1. DUID contents . . . . . . . . . . . . . . .   13
     8.7. DHCP Reply Message Format . . . . . . .   15
     9.2. DUID based on link-layer address plus time  . . . . . . .   15
     9.3. Vendor-assigned unique ID based on Domain Name (VUID-DN)    16
     9.4. Vendor-assigned unique ID based on Enterprise Number
             (VUID-EN)  . .   13
     8.8. DHCP Release Message Format . . . . . . . . . . . . . . .   13
     8.9. DHCP Decline Message Format . . . . .   17
     9.5. Link-layer address  . . . . . . . . . .   14
    8.10. DHCP Reconfigure Message Format . . . . . . . . .   18

10. Identity association                                              19

11. Selecting addresses for assignment to an IA                       20

12. Management of temporary addresses                                 21

13. Transmission of messages by a client                              21

14. Reliability of Client Initiated Message Exchanges                 21

15. Message validation                                                23
    15.1. Use of Transaction-ID field . . . .   14
    8.11. Information-Request Message Format . . . . . . . . . . .   14

 9. Relay messages                                                    14
     9.1. Relay-forward   23
    15.2. Solicit message . . . . . . . . . . . . . . . . . .   15
     9.2. Relay-reply message . . . . . . . . . .   23
    15.3. Advertise message . . . . . . . . .   16

10. Representation and use of domain names                            16

11. DHCP unique identifier (DUID)                                     16
    11.1. DUID contents . . . . . . . . . . .   24
    15.4. Request message . . . . . . . . . . .   17
    11.2. DUID based on link-layer address plus time . . . . . . .   17
    11.3. Vendor-assigned unique ID (VUID) . . .   24
    15.5. Confirm message . . . . . . . . .   18
    11.4. Link-layer address . . . . . . . . . . . .   24
    15.6. Renew message . . . . . . .   19

12. Identity association                                              20

13. Selecting addresses for assignment to an IA                       21

14. Management of temporary addresses                                 22

15. Reliability of Client Initiated Message Exchanges                 23

16. Message validation                                                24
    16.1. Use of Transaction-ID field . . . . . . . . . . . . . . .   24
    16.2. Solicit
    15.7. Rebind message  . . . . . . . . . . . . . . . . . . . . .   25
    16.3. Advertise message
    15.8. Decline messages  . . . . . . . . . . . . . . . . . . . .   25
    16.4. Request
    15.9. Release message . . . . . . . . . . . . . . . . . . . . .   25
    16.5. Confirm
   15.10. Reply message . . . . . . . . . . . . . . . . . . . . . .   25
    16.6. Renew
   15.11. Reconfigure message . . . . . . . . . . . . . . . . . . . . . .   26
    16.7. Rebind
   15.12. Information-request message . . . . . . . . . . . . . . .   26
   15.13. Relay-forward message . . . . . .   26
    16.8. Decline messages  . . . . . . . . . . . . .   26
   15.14. Relay-reply message . . . . . . .   26
    16.9. Release message . . . . . . . . . . . .   26

16. Client Source Address and Interface Selection                     26

17. DHCP Server Solicitation                                          27
    17.1. Client Behavior . . . . . . . . .   27
   16.10. Reply message . . . . . . . . . . . .   27
          17.1.1. Creation of Solicit messages  . . . . . . . . . .   27
   16.11. Reconfigure message .
          17.1.2. Transmission of Solicit Messages  . . . . . . . .   28
          17.1.3. Receipt of Advertise messages . . . . . . . . . .   27
   16.12. Information-request   29
          17.1.4. Receipt of Reply message  . . . . . . . . . . . . . . .   27
   16.13. Relay-forward message .   30
    17.2. Server Behavior . . . . . . . . . . . . . . . . .   28
   16.14. Relay-reply message . . . .   30
          17.2.1. Receipt of Solicit messages . . . . . . . . . . .   30
          17.2.2. Creation and transmission of Advertise messages .   30
          17.2.3. Creation and Transmission of Reply messages . . .   28

17. Client Source Address and Interface Selection                     28   31

18. DHCP Server Solicitation                                          28 Client-Initiated Configuration Exchange                      32
    18.1. Client Behavior . . . . . . . . . . . . . . . . . . . . .   29   32
          18.1.1. Creation and transmission of Solicit Request messages . . . . . . . . . .   29   32
          18.1.2. Transmission Creation and transmission of Solicit Messages  . . Confirm messages . . . . . .   29
          18.1.3. Receipt of Advertise messages . . . . . . . . . .   30
    18.2. Server Behavior . . . . . . . . . . . . . . . . . . . . .   31
          18.2.1. Receipt of Solicit messages . . . . . . . . . . .   31
          18.2.2. Creation and transmission of Advertise messages .   31

19. DHCP Client-Initiated Configuration Exchange                      32
    19.1. Client Behavior . . . . . . . . . . . . . . . . . . . . .   33
          19.1.1. Creation and transmission of Request messages . .   33
          19.1.2. Creation and transmission of Confirm messages . .   34
          19.1.3. Creation and transmission of Renew messages   34
          18.1.3. Creation and transmission of Renew messages . . .   35
          19.1.4.
          18.1.4. Creation and transmission of Rebind messages  . .   37
          19.1.5.   36
          18.1.5. Creation and Transmission of Information-request
                          messages . . . . . . . . . . . . . . . . .  38
          19.1.6.  37
          18.1.6. Receipt of Reply message in response to a Request,
                          Confirm, Renew, Rebind or Information-request
                          message  . . . . . . . . . . . . . . . . .  38
          19.1.7.
          18.1.7. Creation and transmission of Release messages . .   40
          19.1.8.   39
          18.1.8. Receipt of Reply message in response to a Release
                          message  . . . . . . . . . . . . . . . . .  41
          19.1.9.  40
          18.1.9. Creation and transmission of Decline messages . .   41
         19.1.10.   40
         18.1.10. Receipt of Reply message in response to a Decline
                          message  . . . . . . . . . . . . . . . . .  42
    19.2.  41
    18.2. Server Behavior . . . . . . . . . . . . . . . . . . . . .   42
          19.2.1.   41
          18.2.1. Receipt of Request messages . . . . . . . . . . .   42
          19.2.2.   41
          18.2.2. Receipt of Confirm messages . . . . . . . . . . .   43
          19.2.3.   42
          18.2.3. Receipt of Renew messages . . . . . . . . . . . .   44
          19.2.4.   43
          18.2.4. Receipt of Rebind messages  . . . . . . . . . . .   45
          19.2.5.   44
          18.2.5. Receipt of Information-request messages . . . . .   46
          19.2.6.   44
          18.2.6. Receipt of Release messages . . . . . . . . . . .   47
          19.2.7.   45
          18.2.7. Receipt of Decline messages . . . . . . . . . . .   47
          19.2.8.   45
          18.2.8. Transmission of Reply messages  . . . . . . . . .   47

20.   46

19. DHCP Server-Initiated Configuration Exchange                      48
    20.1.                      46
    19.1. Server Behavior . . . . . . . . . . . . . . . . . . . . .   48
          20.1.1.   46
          19.1.1. Creation and transmission of Reconfigure messages   48
          20.1.2.   46
          19.1.2. Time out and retransmission of Reconfigure
                          messages . . . . . . . . . . . . . . . . .  49
          20.1.3.  47
          19.1.3. Receipt of Renew messages . . . . . . . . . . . .   49
    20.2.   47
    19.2. Receipt of Information-request messages . . . . . . . . .   49
    20.3.   48
    19.3. Client Behavior . . . . . . . . . . . . . . . . . . . . .   50
          20.3.1.   48
          19.3.1. Receipt of Reconfigure messages . . . . . . . . .   50
          20.3.2.   48
          19.3.2. Creation and transmission of Renew messages . . .   51
          20.3.3.   49
          19.3.3. Creation and transmission of Information-request
                          messages . . . . . . . . . . . . . . . . .  51
          20.3.4.  49
          19.3.4. Time out and retransmission of Renew or
                          Information-request messages . . . . . . .  51
          20.3.5.  49
          19.3.5. Receipt of Reply messages . . . . . . . . . . . .   51

21.   49

20. Relay Agent Behavior                                                    52
    21.1.                                              50
    20.1. Relaying of client messages . . . . . . . . . . . . . . .   52
    21.2.   50
    20.2. Relaying of server messages . . . . . . . . . . . . . . .   52

22.   50

21. Authentication of DHCP messages                                   53
    22.1.                                   51
    21.1. DHCP threat model . . . . . . . . . . . . . . . . . . . .   53
    22.2.   51
    21.2. Security of messages sent between servers and relay agents  54
    22.3.  52
    21.3. Summary of DHCP authentication  . . . . . . . . . . . . .   54
    22.4.   52
    21.4. Replay detection  . . . . . . . . . . . . . . . . . . . .   54
    22.5. Configuration token protocol  . . . . . . . . . . . . . .   54
    22.6.   52
    21.5. Delayed authentication protocol . . . . . . . . . . . . .   55
          22.6.1.   53
          21.5.1. Management issues in the delayed authentication
                          protocol . . . . . . . . . . . . . . . . .  55
          22.6.2.  53
          21.5.2. Use of the Authentication option in the delayed
                          authentication protocol  . . . . . . . . .  55
          22.6.3.  53
          21.5.3. Message validation  . . . . . . . . . . . . . . .   56
          22.6.4.   54
          21.5.4. Key utilization . . . . . . . . . . . . . . . . .   57
          22.6.5.   54
          21.5.5. Client considerations for delayed authentication
                          protocol . . . . . . . . . . . . . . . . .  57
          22.6.6.  55
          21.5.6. Server considerations for delayed authentication
                          protocol . . . . . . . . . . . . . . . . .  59

23.  57

22. DHCP options                                                      60
    23.1.                                                      57
    22.1. Format of DHCP options  . . . . . . . . . . . . . . . . .   60
    23.2.   58
    22.2. Client Identifier option  . . . . . . . . . . . . . . . .   60
    23.3.   58
    22.3. Server Identifier option  . . . . . . . . . . . . . . . .   61
    23.4.   59
    22.4. Identity association Association option . . . . . . . . . . . . . . .   59
    22.5. Identity Association for Temporary Addresses option . . .   61
    23.5.
    22.6. IA Address option . . . . . . . . . . . . . . . . . . . .   63
    23.6. Requested Temporary Addresses (RTA) Option  . . . . . . .   65
    23.7.
    22.7. Option Request option . . . . . . . . . . . . . . . . . .   65
    23.8.   64
    22.8. Preference option . . . . . . . . . . . . . . . . . . . .   66
    23.9.   64
    22.9. Elapsed Time  . . . . . . . . . . . . . . . . . . . . . .   67
   23.10.   65
   22.10. Client message option . . . . . . . . . . . . . . . . . .   67
   23.11.   66
   22.11. Server message option . . . . . . . . . . . . . . . . . .   68
   23.12.   66
   22.12. Authentication option . . . . . . . . . . . . . . . . . .   68
   23.13.   67
   22.13. Server unicast option . . . . . . . . . . . . . . . . . .   69
   23.14.   68
   22.14. Status Code Option  . . . . . . . . . . . . . . . . . . .   70
   23.15.   68
   22.15. Rapid Commit option . . . . . . . . . . . . . . . . . . .   69
   22.16. User Class Option . . . . . . . . . . . . . . . . . . . .   70
   23.16.   69
   22.17. Vendor Class Option . . . . . . . . . . . . . . . . . . .   70
   22.18. Vendor-specific Information option  . . . . . . . . . . .   71
   23.17.
   22.19. Interface-Id Option . . . . . . . . . . . . . . . . . . .   72

24.
   22.20. Reconfigure Message option  . . . . . . . . . . . . . . .   73

23. Security Considerations                                           73

25.

24. Year 2000 considerations                                          73

26.

25. IANA Considerations                                               74
    26.1.                                               73
    25.1. Multicast addresses . . . . . . . . . . . . . . . . . . .   74
    26.2.
    25.2. Anycast addresses . . . . . . . . . . . . . . . . . . . .   74
    25.3. DHCPv6 message types  . . . . . . . . . . . . . . . . . .   74
    26.3.
    25.4. DUID  . . . . . . . . . . . . . . . . . . . . . . . . . .   74
    26.4.   75
    25.5. DHCPv6 options  . . . . . . . . . . . . . . . . . . . . .   74
    26.5.   75
    25.6. Status codes  . . . . . . . . . . . . . . . . . . . . . .   74
    26.6.   76
    25.7. Authentication option . . . . . . . . . . . . . . . . . .   75

27.   76

26. Acknowledgments                                                   75                                                   77

References                                                            75                                                            77

Chair's Address                                                       77                                                       79

Authors' Addresses                                                    77                                                    79

 A. Appearance of Options in Message Types                            79                            81

 B. Appearance of Options in the Options Field of DHCP Messages       79 Options        81

 C. Full Copyright Statement                                          80                                          82

1. Introduction and Overview

   This document describes DHCP for IPv6 (DHCP), a UDP [19] client/server
   protocol designed to reduce the cost of management
   of IPv6 nodes in environments where network managers require more
   control over the allocation of IPv6 addresses and that provides managed configuration of network stack parameters than that offered by "IPv6 Stateless
   Address Autoconfiguration" [21]. devices.

   DHCP is can provide a stateful counterpart to
   stateless autoconfiguration.  Note that both stateful device with addresses assigned by a DHCP server
   and stateless
   autoconfiguration other configuration information.  The addresses and additional
   configuration are carried in options.  DHCP can be used concurrently in the same environment,
   leveraging extended through
   the strengths definition of both mechanisms in order new options to reduce carry configuration information not
   specified in this document.

   DHCP is the
   cost of ownership "stateful address autoconfiguration protocol" and management of network nodes.

   DHCP reduces the cost
   "stateful autoconfiguration protocol" referred to in RFC2462, "IPv6
   Stateless Address Autoconfiguration".

   The remainder of ownership by centralizing this introduction summarizes DHCP, explaining
   the management
   of network resources such as IP addresses, routing information, OS
   installation information, directory service information, message exchange mechanisms and other
   such information on a few example message flows.  The
   message flows in sections 1.3 and 1.4 are intended as illustrations
   of DHCP servers, operation rather than distributing such
   information in local configuration files among an exhaustive list of all network node. possible
   client-server interactions.  Sections 17, 18 and 19 explain client
   and server operation in detail.

1.1. Protocols and addressing

   Clients and servers exchange DHCP is designed to be easily extended to carry new configuration
   parameters messages using UDP [17].  The
   client uses its link-local address determined through the addition of new stateless
   autoconfiguration for transmitting and receiving DHCP "options" defined messages.

   DHCP servers receive messages from clients using a reserved,
   link-scoped multicast address.  A DHCP client transmits most messages
   to
   carry this information.

   Those readers familiar reserved multicast address, so that the client need not be
   configured with the address or addresses of DHCP for IPv4 [7] will find servers.

   To allow a DHCP for
   IPv6 provides client to send a superset of message to a DHCP server that is not
   attached to the features of same link, a DHCP and benefits from relay agent on the additional features client's link
   will forward messages between the client and server.  The operation
   of IPv6 the relay agent is transparent to the client and freedom from the constraints discussion
   of
   backward compatibility with BOOTP [4].

2. Requirements

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear message exchanges in the remainder of this
   document, are to be interpreted as described in [2].

   This document also makes use section will omit the
   description of internal conceptual variables
   to describe protocol behavior and external variables that an
   implementation must allow system administrators message forwarding by relay agents.

   Once the client has determined the address of a server, it may
   under some circumstances send messages directly to change.  The
   specific variable names, how their values change, the server using
   unicast.

1.2. Protocol implementation

   This specification for DHCP includes messages and how their
   settings influence protocol descriptions of
   client and server behavior are provided to demonstrate
   protocol behavior.  An implementation is not required to have them for several different functions.  Some
   clients and servers will be deployed in
   the exact form described here, so long as its external behavior is
   consistent with that described situations in this document.

3. Background

   The IPv6 Specification provides the base architecture and design which not all
   of
   IPv6.  Related work in IPv6 the functions will be required.  For example, a client that would best serve an implementor uses
   stateless autoconfiguration to study includes the determine its IPv6 Specification [5], addresses would
   use only the IPv6 Addressing
   Architecture [9], IPv6 Stateless Address Autoconfiguration [21], IPv6
   Neighbor Discovery Processing [17], Information-request and Dynamic Updates to DNS [22].
   These specifications enable DHCP to build upon the IPv6 work Reply messages to
   provide both robust stateful autoconfiguration obtain other
   configuration information.

   Clients and autoregistration
   of DNS Host Names.

   The IPv6 Addressing Architecture specification [9] defines the
   address scope servers that can be used in an IPv6 implementation, and the
   various configuration architecture guidelines for network designers do not use all of the IPv6 address space.  Two advantages functions of IPv6 are that support DHCP
   need not implement processing for multicast is required, and nodes can create link-local addresses
   during initialization.  This means those DHCP messages that a will not
   be used.  A client can immediately use
   its link-local address and or server that receives a well-known multicast address to begin
   communications message that it is not
   prepared to discover neighbors on the link. process may simply discard that message.  For instance, example, a
   DHCP server that only provides configuration information and does not
   do IPv6 address assignment can respond to only Information-request
   messages and discard other messages such as Solicit or Request
   messages.

1.3. Client-server exchanges involving two messages

   A DHCP client can send obtain configuration information such as a Solicit list
   of available DNS servers or NTP servers through a single message
   and locate reply exchanged with a DHCP server.  To obtain configuration
   information the client first sends an Information-Request message
   to the All_DHCP_Relay_Agents_and_Servers multicast address.  The
   server or relay.

   IPv6 Stateless Address Autoconfiguration [21] specifies procedures
   by which responds with a node may autoconfigure addresses based on router
   advertisements [17], Reply message containing the configuration
   information for the client.

   This message exchange assumes that the client requires only
   configuration information and does not require the use assignment of a valid lifetime any
   IPv6 addresses.  Because the server need not keep any dynamic state
   information about individual clients to support
   renumbering of addresses on the Internet.  In addition the
   protocol interaction by which this two message
   exchange, a node begins stateless or stateful
   autoconfiguration is specified.  DHCP is one vehicle to perform
   stateful autoconfiguration.  Compatibility server that provides just configuration information can
   be realized with stateless address
   autoconfiguration is a design requirement of DHCP (see Section 4). relatively simple and small implementation.

   When a server has IPv6 Neighbor Discovery [17] is addresses and other configuration information
   committed to a client, the node discovery protocol in IPv6
   which replaces client and enhances functions server may be able to complete
   the exchange using only two messages, instead of ARP [18].  To understand
   IPv6 four messages as
   described in the next section.  In this case, the client sends a
   Solicit message to the All_DHCP_Relay_Agents_and_Servers requesting
   the assignment of addresses and stateless address autoconfiguration it is strongly
   recommended other configuration information.
   This message includes an indication that implementors understand IPv6 Neighbor Discovery.

   Dynamic Updates to DNS [22] the client is a specification willing to
   accept an immediate Reply message from the server.  The server that supports
   is willing to commit the
   dynamic update assignment of DNS records for both IPv4 addresses to the client
   immediately responds with a Reply message.  The configuration
   information and IPv6.  DHCP can the addresses in the Reply message are then
   immediately available for use by the dynamic updates to DNS client.

   Each address assigned to integrate addresses the client has associated preferred and name space
   valid lifetimes specified by the server.  To request an extension
   of the lifetimes assigned to
   not only support autoconfiguration, but also autoregistration in
   IPv6.

4. Design Goals

    -  DHCP is an address, the client sends a mechanism rather than Renew
   message to the server.  The server sends a policy.  Network administrators
       set their administrative policies through Reply message to the configuration
       parameters they place upon
   client with the DHCP servers in new lifetimes, allowing the DHCP domain
       they're managing.  DHCP is simply used to deliver parameters
       according client to that policy continue to each of use
   the DHCP clients within address without interruption.

1.4. Client-server exchanges involving four messages

   To request the
       domain.

    -  DHCP is compatible with assignment of one or more IPv6 stateless address
       autoconfiguration [21], statically configured, non-participating
       nodes and with existing network protocol implementations.

    - addresses, a
   client first locates a DHCP does not require manual configuration server and then requests the
   assignment of network parameters
       on DHCP clients, except in cases where such configuration is
       needed for security reasons.  A node configuring itself using
       DHCP should require no user intervention.

    -  DHCP does not require a server on each link.  To allow for scale addresses and economy, DHCP must work across DHCP relays.

    -  DHCP clients can operate on other configuration information
   from the server.  The client sends a link without IPv6 routers present.

    -  DHCP will provide Solicit message to the ability
   All_DHCP_Relay_Agents_and_Servers address to renumber network(s) when
       required by network administrators [3].

    -  A find available DHCP client
   servers.  Any server that can make multiple, different requests for
       configuration parameters when necessary from meet the client's requirements
   responds with an Advertise message.  The client then chooses one or more DHCP
       servers at any time.

    -  DHCP will contain
   of the appropriate time out servers and retransmission
       mechanisms sends a Request message to efficiently operate in environments the server asking
   for confirmed assignment of addresses and other configuration
   information.  The server responds with high
       latency a Reply message that contains
   the confirmed addresses and low bandwidth characteristics.

5. Non-Goals

   This specification explicitly does not cover configuration.

   As described in the following:

    -  Specification of previous section, the client sends a DHCP server Renew
   messages to the server protocol.

    -  How a DHCP server stores to extend the lifetimes associated with its DHCP data.

    -  How
   addresses, allowing the client to manage a DHCP domain or DHCP server.

    -  How a DHCP relay is configured or what sort of information it may
       log.

6. Terminology

   This sections defines terminology specific continue to IPv6 use those addresses
   without interruption.

2. Requirements

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and DHCP used OPTIONAL, when they appear in this document.

6.1. IPv6 Terminology

   IPv6 terminology relevant
   document, are to this specification from the IPv6
   Protocol [5], IPv6 be interpreted as described in [2].

   This document also makes use of internal conceptual variables
   to describe protocol behavior and external variables that an
   implementation must allow system administrators to change.  The
   specific variable names, how their values change, and how their
   settings influence protocol behavior are provided to demonstrate
   protocol behavior.  An implementation is not required to have them in
   the exact form described here, so long as its external behavior is
   consistent with that described in this document.

3. Background

   The IPv6 Specification provides the base architecture and design of
   IPv6.  Related work in IPv6 that would best serve an implementor
   to study includes the IPv6 Specification [3], the IPv6 Addressing
   Architecture [9], and [7], IPv6 Stateless Address Autoconfiguration [21] is included below. [19], IPv6
   Neighbor Discovery Processing [15], and Dynamic Updates to DNS [20].
   These specifications enable DHCP to build upon the IPv6 work to
   provide both robust stateful autoconfiguration and autoregistration
   of DNS Host Names.

   The IPv6 Addressing Architecture specification [7] defines the
   address                   An IP layer identifier for scope that can be used in an interface
                                or a set IPv6 implementation, and the
   various configuration architecture guidelines for network designers
   of interfaces.

      unicast the IPv6 address           An identifier space.  Two advantages of IPv6 are that support
   for a single interface.
                                A packet sent to a unicast address multicast is
                                delivered to the interface identified by required, and nodes can create link-local addresses
   during initialization.  This means that address.

      multicast address         An identifier for a set of interfaces
                                (typically belonging to different
                                nodes).  A packet sent to client can immediately use
   its link-local address and a well-known multicast address is delivered to all interfaces
                                identified by begin
   communications to discover neighbors on the link.  For instance, a
   client can send a Solicit message and locate a server or relay agent.

   IPv6 Stateless Address Autoconfiguration [19] specifies procedures
   by which a node may autoconfigure addresses based on router
   advertisements [15], and the use of a valid lifetime to support
   renumbering of addresses on the Internet.  In addition the
   protocol interaction by which a node begins stateless or stateful
   autoconfiguration is specified.  DHCP is one vehicle to perform
   stateful autoconfiguration.  Compatibility with stateless address
   autoconfiguration is a design requirement of DHCP.

   IPv6 Neighbor Discovery [15] is the node discovery protocol in IPv6
   which replaces and enhances functions of ARP [16].  To understand
   IPv6 and stateless address autoconfiguration it is strongly
   recommended that address. implementors understand IPv6 Neighbor Discovery.

   Dynamic Updates to DNS [20] is a specification that supports the
   dynamic update of DNS records for both IPv4 and IPv6.  DHCP can use
   the dynamic updates to DNS to integrate addresses and name space to
   not only support autoconfiguration, but also autoregistration in
   IPv6.

4. Terminology

   This sections defines terminology specific to IPv6 and DHCP used in
   this document.

4.1. IPv6 Terminology

   IPv6 terminology relevant to this specification from the IPv6
   Protocol [3], IPv6 Addressing Architecture [7], and IPv6 Stateless
   Address Autoconfiguration [19] is included below.

      address                   An IP layer identifier for an interface
                                or a set of interfaces.

      anycast address           An anycast address identifies a group
                                of nodes; message sent to an anycast
                                address is delivered to one node out of
                                the group of nodes associated with the
                                address

      host                      Any node that is not a router.

      IP                        Internet Protocol Version 6 (IPv6).  The
                                terms IPv4 and IPv6 are used only in
                                contexts where it is necessary to avoid
                                ambiguity.

      interface                 A node's attachment to a link.

      link                      A communication facility or medium over
                                which nodes can communicate at the link
                                layer, i.e., the layer immediately below
                                IP. Examples are Ethernet (simple or
                                bridged); Token Ring; PPP links, X.25,

                                Frame Relay, or ATM networks; and
                                Internet (or higher) layer "tunnels",
                                such as tunnels over IPv4 or IPv6
                                itself.

      link-layer identifier     A link-layer identifier for an
                                interface.  Examples include IEEE 802
                                addresses for Ethernet or Token Ring
                                network interfaces, and E.164 addresses
                                for ISDN links.

      link-local address        An IPv6 address having link-only
                                scope, indicated by having the prefix
                                (FE80::0000/64), that can be used to
                                reach neighboring nodes attached to
                                the same link.  Every interface has a
                                link-local address.

      neighbor                  A node attached

      multicast address         An identifier for a set of interfaces
                                (typically belonging to different
                                nodes).  A packet sent to a multicast
                                address is delivered to all interfaces
                                identified by that address.

      neighbor                  A node attached to the same link.

      node                      A device that implements IP.

      packet                    An IP header plus payload.

      prefix                    The initial bits of an address, or a
                                set of IP address that share the same
                                initial bits.

      prefix length             The number of bits in a prefix.

      router                    A node that forwards IP packets not
                                explicitly addressed to itself.

6.2.

      unicast address           An identifier for a single interface.
                                A packet sent to a unicast address is
                                delivered to the interface identified by
                                that address.

4.2. DHCP Terminology

   Terminology specific to DHCP can be found below.

      agent address             The address of a neighboring DHCP Agent
                                on the same link as the DHCP client.

      binding                   A binding (or, client binding) is a
                                group of server data records containing
                                the information the server has about
                                the addresses in an IA and any other
                                configuration information assigned to
                                the client.  A binding is indexed by
                                the tuple <DUID, IAID>.

      DHCP                      Dynamic Host Configuration Protocol
                                for IPv6.  The terms DHCPv4 and DHCPv6
                                are used only in contexts where it IA-type, IAID> (where
                                IA-type is
                                necessary to avoid ambiguity. the type of address in the
                                IA; for example, temporary)

      configuration parameter   An element of the configuration
                                information set on the server and
                                delivered to the client using DHCP.
                                Such parameters may be used to carry
                                information to be used by a node to
                                configure its network subsystem and
                                enable communication on a link or
                                internetwork, for example.

      DHCP                      Dynamic Host Configuration Protocol
                                for IPv6.  The terms DHCPv4 and DHCPv6
                                are used only in contexts where it is
                                necessary to avoid ambiguity.

      DHCP client (or client)   A node that initiates requests on a link
                                to obtain configuration parameters from
                                one or more DHCP servers.

      DHCP domain               A set of links managed by DHCP and
                                operated by a single administrative
                                entity.

      DHCP server (or server)   A server is a node that responds to
                                requests from clients, and may or
                                may not be on the same link as the
                                client(s).

      DHCP relay agent (or relay) relay agent) A node that acts as an
                                intermediary to deliver DHCP messages
                                between clients and servers, and is on
                                the same link as
                                a the client.

      DHCP agent server (or agent)     Either a DHCP server)   A server is a node that responds to
                                requests from clients, and may or
                                may not be on the same link as
                                a client, or a DHCP relay. the
                                client(s).

      DUID                      A DHCP Unique IDentifier for a DHCP
                                participant; each DHCP client and server
                                has exactly one DUID. See section 9 for
                                details of the ways in which a DUID may
                                be constructed.

      Identity association (IA) A collection of addresses assigned to
                                a client.  Each IA has an associated
                                IAID. An IA A client may have 0 or more addresses
                                associated with it. than one
                                IA assigned to it; for example, one for
                                each of its interfaces.

      Identity association identifier (IAID) An identifier for an IA,
                                chosen by the client.  Each IA has an
                                IAID, which is chosen to be unique among
                                all IAIDs for IAs belonging to that
                                client.

      message                   A unit of data carried in a packet,
                                exchanged between among DHCP servers, relay
                                agents and clients.

      transaction-ID            An unsigned integer to match responses
                                with replies initiated either by a
                                client or server.

7.

5. DHCP Constants

   This section describes various program and networking constants used
   by DHCP.

7.1.

5.1. Multicast Addresses

   DHCP makes use of the following multicast addresses:

      All_DHCP_Agents

      All_DHCP_Relay_Agents_and_Servers (FF02::1:2) This A link-scoped
                  multicast address
                        is used by clients a client to communicate with the
                        on-link agent(s) when they do not know the
                        link-local address(es) for those agents.  All
                  neighboring (i.e., on-link) relay agents (servers and relays) servers.
                  All servers and relay agents are members of this
                  multicast group.

      All_DHCP_Servers (FF05::1:3) This A site-scoped multicast address is
                  used by clients a client or relays relay agent to communicate with
                        server(s),
                  servers, either because they want the client or relay agent
                  wants to send messages to all servers or because they do it
                  does not know the server(s) unicast address(es). addresses of the servers.
                  Note that in order for a client or relay agent to use
                  this address, it must have an address of sufficient
                  scope to be reachable by the server(s). servers.  All servers
                  within the site are members of this multicast group.

7.2. UDP ports

5.2. Anycast address

   DHCP uses proposes to use the following destination UDP [19] port numbers.  While
   source ports MAY be arbitrary, client implementations SHOULD permit
   their specification through a local configuration parameter to
   facilitate reserved anycast address:

      DHCP_Anycast (FEC0:0:0:0:FFFF::4) This document proposes the use
                  assignment of DHCP through firewalls.

      546        Client port.  Used by servers as the destination port
                 for messages sent to clients and relays.  Used by relay
                 agents as the destination port DHCP_Anycast address for messages sent to
                 clients.

      547        Agent port.  Used as the destination port use
                  by clients attached to links that do not support
                  multicast.

5.3. UDP ports

   Clients listen for DHCP messages sent to agents.  Used as the destination on UDP port by relays 546.  Servers and relay
   agents listen for DHCP messages sent to servers.

7.3. on UDP port 547.

5.4. DHCP message types

   DHCP defines the following message types.  More detail on these
   message types can be found in Section 8. 6.  Message types not listed
   here are reserved for future use.  The message code for each message
   type is shown with the message name.

      SOLICIT (1)        The        A client sends a Solicit message is used by clients to locate
                         servers.

      ADVERTISE (2)      The      A server sends an Advertise message to indicate
                         that it is used by servers
                         responding available for DHCP service, in
                         response to Solicits. a Solicit message received from a
                         client.

      REQUEST (3)        The        A client sends a Request message is used by clients to request
                         configuration parameters from servers. a server.

      CONFIRM (4)        The        A client sends a Confirm message is used by clients to servers to
                         request that the server validate and confirm
                         that the addresses assigned to an IA and the lifetimes for those addresses, as
                         well as the current configuration
                         parameters assigned by the server to the client
                         are still valid.

      RENEW (5)          The          A client sends a Renew message is used by clients to the server
                         that originally provided the client's addresses
                         and configuration addresses to update the
                         addresses assigned to an IA the client and the
                         lifetimes for those addresses, as well as the
                         current configuration parameters assigned by
                         the server to the client.

      REBIND (6)         A client sends a
                         Renew Rebind message to update
                         the server that originally
                         populated addresses assigned to the IA at time T1.

      REBIND (6)         The Rebind message is used by clients to extend client and the
                         lifetimes of addresses assigned to an IA, for those addresses, as well as the
                         current configuration parameters assigned by
                         the server to the client.  A
                         client sends a Rebind client; this message to all available
                         DHCP servers at time T2 only is sent
                         after the a client
                         has been unable receives no response to contact the server that
                         originally populated the IA with a Renew
                         message.

      REPLY (7)          The          A server sends a Reply message is used by servers
                         responding to Request, Confirm, Renew, Rebind,
                         Information-request, Release containing
                         assigned addresses and Decline
                         messages.  In the case of responding configuration parameters
                         in response to a Solicit, Request, Confirm, Information-request,
                         Renew or Renew,
                         Rebind message, the or Information-request message received
                         from a client.  A server sends a Reply contains message
                         confirming or denying the validity of the
                         client's addresses and configuration parameters destined for the
                         client.
                         in response to a Confirm message.  A server
                         sends a Reply message to acknowledge receipt of
                         a Release or Decline message.

      RELEASE (8)        The        A client sends a Release message is used by clients to
                         indicate to a the server
                         that assigned addresses to the client to
                         indicate that the client will no longer use one
                         or more addresses in an IA. of the assigned addresses.

      DECLINE (9)        The        A client sends a Decline message is used by clients to a server to
                         indicate that the client has determined that
                         one or more addresses in an IA assigned by the server
                         are already in use on the link to which the
                         client is connected.

      RECONFIGURE (10)   The   A server sends a Reconfigure message is sent by to a server
                         client to inform a the client that the server has
                         new or updated configuration parameters, and
                         that the client is to initiate a Renew/Reply
                         or Information-request/Reply transaction with
                         the server in order to receive the updated
                         information.

      INFORMATION-REQUEST (11) The A client sends an Information-request
                         message is sent
                         by clients to a server to request configuration
                         parameters without the assignment of any IP
                         addresses to the client.

      RELAY-FORW (12)    The    A relay agent sends a Relay-forward message is used by relays to
                         forward client messages to servers.  The client
                         message is encapsulated in an option in the
                         Relay-forward message.

      RELAY-REPL (13)    The    A server sends a Relay-reply message is used by servers to a relay
                         agent to send messages to clients through a relay. the
                         relay agent.  The server encapsulates the
                         client message as an option in the Relay-reply
                         message, which the relay agent extracts and
                         forwards to the client.

7.4.

5.5. Status Codes

   This section describes status codes exchanged between DHCP
   implementations.  These

   DHCPv6 uses status codes may appear in to communicate the Status Code
   option success or in the status field failure of an IA.

7.4.1. Generic Status Codes

   The status codes
   operations requested in this section are used between messages from clients and servers
   to convey status conditions.  The following table contains the status
   codes, the name for each code (as used in this document) servers, and a brief
   description.  Note that the numeric values do not start at 1, nor are
   they consecutive.  The status codes are organized in logical groups.

   Name         Code Description
   ----------   ---- -----------
   Success         0 Success
   UnspecFail     16 Failure, reason unspecified
   AuthFailed     17 Authentication failed or nonexistent
   PoorlyFormed   18 Poorly formed message
   AddrUnavail    19 Addresses unavailable
   OptionUnavail  20 Requested options unavailable

7.4.2. Server-specific Status Codes

   The status codes in this section are used by servers to convey status
   conditions to clients.  The following table contains
   provide additional information about the status
   codes, specific cause of the name for each code (as used in this document) and
   failure of a brief
   description.  Note that the numeric values do not start at 1, nor are
   they consecutive. message.  The specific status codes are organized in logical groups.

   Name         Code Description
   ----         ---- -----------
   NoBinding      32 Client record (binding) unavailable
   ConfNoMatch    33 Client record Confirm doesn't match IA
   RenwNoMatch    34 Client record Renew doesn't match IA
   RebdNoMatch    35 Client record Rebind doesn't match IA
   InvalidSource  36 Invalid Client IP address
   NoPrefixMatch  37 One or more prefixes of the addresses defined in the IA is not valid for the link
                     from which the client message was received

7.5.
   section 25.6.

5.6. Configuration Variables Parameters

   This section presents a table of client and server configuration
   variables and parameters used to
   describe the default or initial values for these variables. message transmission behavior of clients and servers.

      Parameter     Default  Description
   -------------------------------------
   MIN_SOL_DELAY     1 sec   Min delay of first Solicit
   MAX_SOL_DELAY     5 secs  Max delay of first Solicit
   SOL_TIMEOUT     500 msecs Initial Solicit timeout
   SOL_MAX_RT       30 secs  Max Solicit timeout value
   REQ_TIMEOUT     250 msecs Initial Request timeout
   REQ_MAX_RT       30 secs  Max Request timeout value
   REQ_MAX_RC       10       Max Request retry attempts
   CNF_TIMEOUT     250 msecs Initial Confirm timeout
   CNF_MAX_RT        1 sec   Max Confirm timeout
   CNF_MAX_RD       10 secs  Max Confirm duration
   REN_TIMEOUT      10 sec   Initial Renew timeout
   REN_MAX_RT      600 secs  Max Renew timeout value
   REB_TIMEOUT      10 secs  Initial Rebind timeout
   REB_MAX_RT      600 secs  Max Rebind timeout value
   INF_TIMEOUT     500 ms    Initial Information-request timeout
   INF_MAX_RT       30 secs  Max Information-request timeout value
   REL_TIMEOUT     250 msecs Initial Release timeout
   REL_MAX_RT        1 sec   Max Release timeout
   REL_MAX_RC        5       MAX Release attempts
   DEC_TIMEOUT     250 msecs Initial Decline timeout
   DEC_MAX_RT        1 sec   Max Decline timeout
   DEC_MAX_RC        5       Max Decline attempts

8.

6. Message Formats

   All DHCP messages sent between clients and servers share an identical
   fixed format header and a variable format area for options.  Not all
   fields in the header are used in every message.

   All values in the message header and in options are in network order.

   The following diagram illustrates the format of DHCP messages sent
   between clients and servers:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type   |               transaction-ID                  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     .                            options                            .
     .                          (variable)                           .
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following sections describe the use of the fields in

      msg-type             Identifies the DHCP message header in each of type; the DHCP messages.  In these descriptions,
   fields that
                           available message types are not used listed in
                           section 5.4.

      transaction-id       An unsigned integer used by a client or
                           server to match a response message to a
                           request message.

      options              Options carried in this message; options are marked as "unused".  All
   unused fields
                           described in a message MUST be transmitted as zeroes section 22.

7. Relay agent messages

   Relay agents exchange messages with servers to forward messages
   between clients and ignored
   by servers that are not connected to the receiver of same link.

   There are two relay agent messages, which share the message.

8.1. DHCP Solicit Message Format following format:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type         SOLICIT

      transaction-ID   An unsigned integer generated by   |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     |                         link-address                          |
     |                                                               |
     |                                                               |
     |               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     |               |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     |                        client-address                         |
     |                                                               |
     |                                                               |
     |               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     |               |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     .                                                               .
     .            options (variable number and length)   ....        .
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following sections describe the client used
                       to identify this Solicit use of the Relay Agent message
   header.

7.1. Relay-forward message

   The following table defines the use of message fields in a
   Relay-forward message.

      options          See section 23.

8.2. DHCP Advertise Message Format

      msg-type         ADVERTISE

      transaction-ID   An unsigned integer         RELAY-FORW

      link-address     A global or site-local address that will be used
                       by the server to identify this
                       Advertise message.  Copied the link on which the
                       client is located.

      client-address   The address of the client from which the Solicit message
                       to be forwarded was received from the client.

      options          See          MUST include a "Client message option" (see
                       section 23.

8.3. DHCP Request Message Format

      msg-type         REQUEST

      transaction-ID   An unsigned integer generated 22.10); MAY include other options added
                       by the client used
                       to identify this Request relay agent

7.2. Relay-reply message

   The following table defines the use of message fields in a
   Relay-reply message.

      options          See section 23.

8.4. DHCP Confirm Message Format

      msg-type         CONFIRM

      transaction-ID   An unsigned integer generated by         RELAY-REPL

      link-address     The link-address copied from the client used
                       to identify this Confirm message. Relay-forward
                       message

      client-address   The client's address, copied from the
                       relay-forward message

      options          See          MUST include a "Server message option"; see
                       section 23.

8.5. DHCP Renew Message Format

      msg-type         RENEW

      transaction-ID   An unsigned integer generated by 22.11; MAY include other options

8. Representation and use of domain names

   So that domain names may be encoded uniformly and compactly, a
   domain name or a list of domain names is encoded using the client used
                       to identify technique
   described in sections 3.1 and 4.1.4 of RFC1035 [12].  Section 4.1.4
   of RFC1035 describes how more than one domain name can be represented
   in a list of domain names.  For use in this Renew message.

      options          See specification, in a
   list of domain names, the compression pointer (see section 23.

8.6. DHCP Rebind Message Format

      msg-type         REBIND

      transaction-ID   An unsigned integer generated by 4.1.4 of
   RFC1035) refers to the offset within the list.

9. DHCP unique identifier (DUID)

   Each DHCP client used and server has a DUID. DHCP servers use DUIDs to
   identify this Rebind message.

      options          See section 23.

8.7. clients for the selection of configuration parameters and
   in the association of IAs with clients.  DHCP Reply Message Format

      msg-type         REPLY

      transaction-ID   An unsigned integer used clients use DUIDs to
   identify this
                       Reply message.  Copied from the client Request,
                       Confirm, Renew or Rebind message received from
                       the client.

      options          See section 23.

8.8. DHCP Release Message Format

      msg-type         RELEASE

      transaction-ID   An unsigned integer generated by the client used
                       to identify this Release message.

      options          See section 23.

8.9. DHCP Decline Message Format

      msg-type         DECLINE

      transaction-ID   An unsigned integer generated by the client used
                       to identify this Decline message.

      options          See section 23.

8.10. DHCP Reconfigure Message Format

      msg-type         RECONFIG

      transaction-ID   An unsigned integer generated by the a server used
                       to identify this Reconfigure message.

      options          See section 23.

8.11. Information-Request Message Format

      msg-type         INFORMATION-REQUEST

      transaction-ID   An unsigned integer generated by the client used
                       to identify this Information-request message.

      options          See section 23.

9. Relay messages

   Relay agents exchange messages with servers to forward in messages
   between clients and servers that are not connected where a server needs to the same link.

   There are two relay messages, which share the following format:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type   |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     |                         link-address                          |
     |                                                               |
     |                                                               |
     |               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     |               |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     |                     client-return-address                     |
     |                                                               |
     |                                                               |
     |               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     |               |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     .                                                               .
     .            options (variable number and length)   ....        .
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following be identified.
   See sections describe the use of the Relay message header.

9.1. Relay-forward message

   The following table defines 22.2 and 22.3 for the use representation of message fields a DUID in a
   Relay-forward DHCP
   message.

      msg-type                RELAY-FORW

      link-address            An address with a prefix that is assigned

   Clients and servers MUST treat DUIDs as opaque values and MUST only
   compare DUIDs for equality.  Clients and servers MUST NOT in any
   other way interpret DUIDs.  Clients and servers MUST NOT restrict
   DUIDs to the link from which the client should types defined in this document as additional DUID types
   may be assigned an address.

      client-return-address   The IPv6 source address defined in which the
                              message from the client was received by
                              the relay agent

      options                 MUST include a "Client message option";
                              see section 23.10; MAY include other
                              options added by the relay agent

9.2. Relay-reply message future.

   The following table defines the use of message fields DUID is carried in a
   Relay-reply message.

      msg-type                RELAY-REPL

      link-address an option because it may be variable length
   and because it is not required in all DHCP messages.  The link-address copied from the
                              Relay-forward message; used by the relay
                              agent to select the link on which the
                              message DUID is returned
   designed to be unique across all DHCP clients and servers, and
   consistent for any specific client or server - that is, the DUID
   used by a client

      client-return-address   The source address from the IP datagram or server SHOULD NOT change over time; for example,
   a device's DUID should not change as a result of a change in which the message from the client was
                              received by
   device's network hardware.

   The motivation for having more than one type of DUID is that the relay agent

      options                 MUST include a "Server message option";
                              see section 23.11; MAY include other
                              options

10. Representation DUID
   must be globally unique, and use must also be easy to generate.  The sort
   of domain names

   So globally-unique identifier that domain names is easy to generate for any given
   device can differ quite widely.  Also, some devices may be encoded uniformly and compactly, not contain
   any persistent storage.  Retaining a
   domain name or generated DUID in such a list of domain names device
   is encoded using not possible, so the technique
   described in sections 3.1 and 4.1.4 DUID scheme must accommodate such devices.

9.1. DUID contents

   A DUID consists of RFC1035 [14].  Section 4.1.4 a two octet type code represented in network
   order, followed by a variable number of RFC1035 describes how octets that make up the
   actual identifier.  A DUID can be no more than one 256 octets long.  The
   following types are currently defined:

       1        Link-layer address plus time
       2        Vendor-assigned unique ID based on domain name can be represented
   in a list
       3        Vendor-assigned unique ID based on Enterprise Number
       4        Link-layer address

   Formats for the variable field of domain names.  For use in this specification, in a
   list the DUID for each of the above
   types are shown below.

9.2. DUID based on link-layer address plus time

   This type of DUID consists of domain names, a two octet type field containing the compression pointer (see section 4.1.4
   value 1, a two octet hardware type code, four octets containing
   a time value, followed by link-layer address of
   RFC1035) refers any one network
   interface that is connected to the offset within DHCP device at the list.

   If a single domain name time that the
   DUID is generated.  The time value is being used by a vendor as a vendor
   identifier, then the vendor MUST ensure time that the domain name has not
   previously been used by a different vendor.

11. DHCP unique identifier (DUID)

   Each DHCP client and server has DUID is
   generated represented in seconds since midnight (UTC), January 1,
   2000, modulo 2^32.  The hardware type MUST be a DUID. DHCP servers use DUIDs to
   identify clients for valid hardware type
   assigned by the selection of configuration parameters IANA as described in the section on ARP in RFC 826.
   Both the time and the hardware type are stored in network order.

   The following diagram illustrates the association format of IAs with clients.  DHCP clients use DUIDs to
   identify a server in messages where DUID based on
   link-layer address plus time:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               1               |    Hardware type (16 bits)    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Time (32 bits)                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .             link-layer address (variable length)              .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   The choice of network interface can be completely arbitrary, as long
   as that interface provides a server needs to be identified.
   See sections 23.3 unique link-layer address, and 23.2 for the representation of a same
   DUID should be used in a DHCP
   message. configuring all network interfaces connected
   to the device, regardless of which interface's link-layer address was
   used to generate the DUID.

   Clients and servers using this type of DUID MUST treat DUIDs as opaque values store the DUID
   in stable storage, and MUST only
   compare DUIDs for equality. continue to use this DUID even if the
   network interface used to generate the DUID is removed.  Clients and
   servers that do not have any stable storage MUST NOT in any
   other way interpret DUIDs. use this type of
   DUID.

   Clients and servers MUST NOT restrict
   DUIDs that use this DUID SHOULD attempt to configure
   the time prior to generating the types defined DUID, if that is possible, and MUST
   use some sort of time source (for example, a real-time clock) in this document as additional DUID types
   may
   generating the DUID, even if that time source could not be defined in configured
   prior to generating the future. DUID. The DUID is carried in an option because use of a time source makes it may
   unlikely that two identical DUIDs will be variable length
   and because it is not required in all DHCP options.  The DUID generated if the network
   interface is
   designed to be unique across all DHCP clients and servers, removed from the client and
   consistent for any specific another client or server - that is, then uses
   the same network interface to generate a DUID. A DUID used
   by a client or server SHOULD NOT change over time, for example, as a
   result of network hardware reconfiguration.

   The motivation for having more than one type of DUID collision is that
   very unlikely even if the DUID
   must be globally unique, and must also be easy clocks haven't been configured prior to generate.  The sort
   generating the DUID.

   This method of globally-unique identifier that DUID generation is easy to generate recommended for any given
   device can differ quite widely.  Also, some all general purpose
   computing devices may not such as desktop computers and laptop computers, and
   also for devices such as printers, routers, and so on, that contain
   any persistent
   some form of writable non-volatile storage.  Retaining

   Despite our best efforts, it is possible that this algorithm for
   generating a generated DUID could result in such a device
   is not possible, so the DUID scheme must accommodate such devices.

11.1. DUID contents client identifier collision.  A DUID consists of a sixteen-bit type code represented in network
   order, followed by
   DHCP client that generates a variable number of octets DUID using this mechanism MUST provide
   an administrative interface that make up replaces the
   actual identifier.  A existing DUID can be no more than 256 octets long.  The
   following types are currently defined:

       1        Link-layer address plus time
       2 with a
   newly-generated DUID of this type.

9.3. Vendor-assigned unique ID
       3        Link-layer address

   Formats for the variable field of the DUID for each of the above
   types are shown below.

11.2. DUID based on link-layer address plus time

   This type of DUID consists of a two octet type field containing the
   value 1, a two octet hardware type code, four octets containing
   a time value, followed by link-layer address of any one network
   interface that is connected to the DHCP device at the time that Domain Name (VUID-DN)

   The vendor-assigned unique ID based on the
   DUID is generated.  The time domain name consists of a
   two-octet value is the time that giving the DUID is
   generated represented in seconds since midnight (UTC), January 1,
   2000, modulo 2^32.  The hardware type MUST be a valid hardware type
   assigned by length of the IANA as described in identifier, the section on ARP in RFC 826.
   Both value of the time
   identifier and the hardware type are stored in network order. vendor's registered domain name.

   The following diagram illustrates summarizes the format structure of a DUID based on
   link-layer address plus time: VUID-DN:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               1               2               |    Hardware type (16 bits)       identifier length       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Time (32 bits)                         |
   .                                                               .
   .                           identifier                          .
   .                       (variable length)                       .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .             link-layer address                  domain name (variable length)                .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The choice of network interface can be completely arbitrary, as long
   as that interface provides a unique link-layer address, and the same
   DUID should be used in configuring all network interfaces connected
   to the device, regardless of which interface's link-layer address was
   used to generate the DUID.

   Clients and servers using this type source of DUID MUST store the DUID
   in stable storage, and MUST continue to use this DUID even if the
   network interface used to generate the DUID identifier is removed.  Clients and
   servers that do not have any stable storage MUST NOT use this type of
   DUID.

   Clients and servers that use this DUID SHOULD attempt to configure
   the time prior left up to generating the DUID, if that is possible, and MUST
   use some sort vendor defining it,
   but each identifier part of time source (e.g., a real-time clock) in generating
   the DUID, even if that time source could not each VUID-DN MUST be configured prior unique to
   generating the DUID. The use of a time source makes it unlikely device
   that
   two identical DUIDs will be generated if the network interface is
   removed from the client using it, and another client then uses the same network
   interface MUST be assigned to generate a DUID. A DUID collision is very unlikely even
   if the clocks haven't been configured prior to generating device at the DUID.

   This method time of DUID generation is recommended for all general purpose
   computing devices such as desktop computers and laptop computers, and
   also for devices such as printers, routers,
   manufacture and so on, that contain stored in some form of writable non-volatile storage.

11.3.  The
   VUID-DN SHOULD be recorded in non-erasable storage.  The domain name
   is simply any domain name that has been legally registered by the
   vendor in the domain name system [11], stored in the form described
   in section 8.

   If a domain name is being used by a vendor as a vendor identifier,
   then the vendor MUST ensure that the domain name has not previously
   been used by a different vendor.

   An example DUID of this type might look like this:

   +---+---+---+---+---+---+---+---+
   | 0 | 2 | 0 | 8 | 12|192|132|221|
   +---+---+---+---+---+---+---+---+
   | 3 | 0 | 9 | 18|101|120| 97|109|
   +---+---+---+---+---+---+---+---+
   |112|108|101| 46| 99|111|109|
   +---+---+---+---+---+---+---+

   This example includes the two-octet type of 2, the two-octet length
   of 8, eight octets of identifier data, followed by "example.com"
   represented in ASCII.

9.4. Vendor-assigned unique ID (VUID) based on Enterprise Number (VUID-EN)

   The vendor-assigned unique ID based on Enterprise Number consists
   of a two-octet value giving
   the length of the identifier, vendor's registered Enterprise Number as maintained by IANA
   followed by the value of the idnetifier and the
   vendor's registered domain name. identifier.

   The following diagram summarizes the structure of a VUID: VUID-EN:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               2               3               |       identifier length       Enterprise Number       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   |   Enterprise Number (contd)   |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   .                           identifier                          .
   .                       (variable length)                       .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                  domain name (variable length)                .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The source of the identifier is left up to the vendor defining it,
   but each identifier part of each VUID VUID-EN MUST be unique to the device
   that is using it, and MUST be assigned to the device at the time of
   manufacture and stored in some form of non-volatile storage.  The
   VUID SHOULD be recorded in non-erasable storage.  The domain name Enterprise
   Number is simply any domain name that has been legally registered by the
   vendor in the domain name system [13], stored in vendor's Enterprise code from the form described list "SMI Network
   Management Private Enterprise Codes", as maintained by IANA in section 10. file
   ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers.  The
   Enterprise Number is stored as an unsigned 32 bit number.

   An example DUID of this type might look like this:

   +---+---+---+---+---+---+---+---+
   | 0 | 2 3 | 0 | 8 0 | 12|192|132|221|
   +---+---+---+---+---+---+---+---+ 0 |  9| 12|192|
   +---+---+---+---+---+---+---+---+
   |132|221| 3 | 0 | 9 | 18|101|120| 97|109|
   +---+---+---+---+---+---+---+---+
   |112|108|101| 46| 99|111|109|
   +---+---+---+---+---+---+---+ 18|
   +---+---+---+---+---+---+

   This example includes the two-octet type of 2, 3, the two-octet length
   of 8, Enterprise Number
   (9), followed by eight octets of identifier data, followed by "example.com"
   represented in ASCII.

11.4. data.

9.5. Link-layer address

   This type of DUID consists of two octets containing the DUID type 3, 4,
   a two octet network hardware type code, followed by the link-layer
   address of any one network interface that is permanently connected to
   the client or server device and cannot device.  For example, this DUID could be removed. used
   by a host that has a network interface implemented in a chip that is
   unlikely to be removed and used elsewhere.  The hardware type MUST
   be a valid hardware type assigned by the IANA as described in the
   section on ARP in RFC 826.  The hardware type is stored in network
   order.

   The following diagram illustrates the format of a DUID based on
   link-layer address:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               3               4               |    Hardware type (16 bits)    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .             link-layer address (variable length)              .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The choice of network interface can be completely arbitrary, as
   long as that interface provides a unique link-layer address and
   is permanently attached to the device on which the DUID is being
   generated.  The same DUID should be used in configuring all network
   interfaces connected to the device, regardless of which interface's
   link-layer address was used to generate the DUID.

   This type of DUID is recommended for devices that have a
   permanently-connected network interface with a link-layer address and
   do not have nonvolatile, writable stable storage.  This type of DUID
   MUST NOT be used by DHCP clients or servers that cannot tell whether
   or not a network interface is permanently attached to the device on
   which the DHCP client is running.

12.

10. Identity association

   An "identity-association" (IA) is a construct through which a server
   and a client can identify, group and manage IPv6 addresses.  Each IA
   consists of an IAID and associated configuration information.

   A client must associate at least one distinct IA with each of
   its network interfaces and uses that IA to obtain configuration
   information from a server for that interface.  Other distinct IAs may
   be associated with applications.  Each IA must be
   associated with exactly one interface.

   The IAID uniquely identifies the IA and must be chosen to be unique
   among the IAIDs on the client.  The IAID is chosen by the client.
   For any given use of an IA by the client, the IAID for that IA MUST
   be consistent across restarts of the DHCP client.  The client may
   maintain consistency either by storing the IAID in non-volatile
   storage or by using an algorithm that will consistently produce the
   same IAID as long as the configuration of the client has not changed.
   There may be no way for a client to maintain consistency of the IAIDs
   if it does not have non-volatile storage and the client's hardware
   configuration changes.

   The configuration information in an IA consists of one or more IPv6
   addresses and other parameters.  The parameters are specified as DHCP
   options within the IA, and are associated with the addresses in the
   IA and the interface to which the IA belongs.  Other parameters that
   are not associated with a particular interface may be specified in
   the options section of a DHCP message, outside the scope of any IA.

   Each address in an IA has a preferred lifetime and a valid lifetime,
   as defined in RFC2462 [21]. [19].  The lifetimes are transmitted from the
   DHCP server to the client in the IA option.  The lifetimes apply to
   the use of IPv6 addresses as described in section 5.5.4 of RFC2462.
   An address whose valid lifetime has expired MAY be discarded from the
   IA.

   See section 23.4 22.4 for the representation of an IA in a DHCP message.

13.

11. Selecting addresses for assignment to an IA

   A server selects addresses to be assigned to an IA according to the
   address assignment policies determined by the server administrator
   and the specific information the server determines about the client
   from some combination of the following sources:

    -  The link to which the client is attached.  The server determines
       the link as follows:

        *  If the server receives the message directly from the client
           and the source address in the IP datagram in which the
           message was received is a link-local address, then the client
           is on the same link to which the interface over which the
           message was received is attached

        *  If the server receives the message from a forwarding relay
           agent, then the client is on the same link as the one to
           which the interface identified by the link-address field in
           the message from the relay agent is attached

    -  The DUID supplied by the client

    -  Other information in options supplied by the client

    -  Other information in options supplied by the relay agent

    -

        *  If the server receives the message directly from the client
           and the source address in the IP datagram in which the
           message was received is not a link-local address, then the
           client is on the link identified by the source address in the
           IP datagram (note that this situation can occur only if the
           server has enabled the use of unicast message delivery by the
           client and the client has sent a message for which unicast
           delivery is allowed)

    -  The addresses that DUID supplied by the server selects for client

    -  Other information in options supplied by the client MUST be valid on

    -  Other information in options supplied by the relay agent

   A server MUST generate link to which identifiers for unicast addresses with
   the interface is attached, regardless "u" (universal/local) and "g" (individual/group) bits of the way in
   which the
   EUI-64 identifier set to 0 (see RFC 2373).

   A server selects the addresses.

14. MUST NOT assign an address that is otherwise reserved by
   IANA.

12. Management of temporary addresses

   A client may be assigned temporary addresses [16]. (temporary addresses
   are defined in RFC 3041 [14]).  Clients and servers simply label identify
   addresses as "temporary".  DHCPv6 handling of address lifetimes and lifetime extensions assignment is
   no different for temporary addresses.  DHCPv6 says nothing about
   details of temporary addresses like lifetimes, lifetime extensions, how clients use
   temporary addresses, rules for generating successive temporary
   addresses, etc.

   In DHCP, temporary addresses are identified with T-bit set in the IA
   Address Option(see section 23.5).  A client may have zero or more
   temporary addresses.  Addresses with the T-bit set MUST be intended
   for the client to use for the general purposes described in RFC3041.
   Addresses that otherwise have short lifetimes or are not intended to
   be renewed by the server MUST NOT have the T-bit set.

   Clients ask for temporary addresses and servers assign them.  When
   a client sends an IA to a server, the client lists all of the
   temporary addresses it knows about and optionally indicates how many
   additional temporary
   Temporary addresses it wants are carried in the Requested Identity Association for
   Temporary Addresses Option(see (IA_TA) option (see section 23.6).  The server compares the number
   of requested additional temporary addresses against any previously
   allocated 22.5).  Each IA_TA
   option contains at most one temporary addresses address for the IA that were not reported
   by the client in the IA but still have some reasonable preferred
   lifetime left.  If the number each of temporary addresses is less than the
   requested number, the server adds additional temporary addresses to
   the IA to satisfy the requested number (subject to server policy).

   DISCUSSION:

      It is important that the server include any allocated
      temporary addresses that were not reported by the client as
      it is possible the client never received an earlier Reply
      that contained these additional temporary addresses.  If
      the server did not consider these, a client that fails to
      receive a server's reply might cause the server to allocate
      many temporary addresses.

   When the valid lifetime
   prefixes on a temporary address expires, both the
   client and server silently discard the address from the IA. The
   discarded address no longer counts against the client's allotment of
   temporary addresses.

   A server SHOULD NOT assign a client temporary addresses without link to which the client having specifically asked for it.  The client is not obligated attached.

   Unless otherwise stated, an IA_TA option is used in the same way in
   as an IA option.  In the protocol specification, unless otherwise
   stated, a reference to install address(es) that it receives and did not request and can
   release any addresses it does not want. an IA should be read as either an IA or an
   IA_TA.

   The IAID number space for the IA_TA option IAID number space is
   separate from the IA option IAID number space.

   The server MAY update the DNS for a temporary address as described in
   section 4 of RFC3041, and MUST NOT update the DNS in any other way
   for a temporary address.

15.

13. Transmission of messages by a client

   Unless otherwise specified, a client sends DHCP messages to the
   All_DHCP_Relay_Agents_and_Servers or the DHCP_Anycast address.

   If the client is attached to a link that supports multicast
   transmission, the client sends DHCP messages to the
   All_DHCP_Relay_Agents_and_Servers address.  If the client is
   attached to a link that does not support multicast transmission, the
   client uses the DHCP_Anycast address.

   A client may send some messages directly to a server using unicast,
   as described in section 22.13.

14. Reliability of Client Initiated Message Exchanges

   DHCP clients are responsible for reliable delivery of messages in the
   client-initiated message exchanges described in sections 18 17 and 19. 18.
   If a DHCP client fails to receive an expected response from a server,
   the client must retransmit its message.  This section describes the
   retransmission strategy to be used by clients in client-initiated
   message exchanges.

   Note that the procedure described in this section is slightly
   modified for use with the Solicit message (section 18.1.2). 17.1.2).

   The client begins the message exchange by transmitting a message to
   the server.  The message exchange terminates when either the client
   successfully receives the appropriate response or responses from a
   server or servers, or when the message exchange is considered to have
   failed according to the retransmission mechanism described below.

   The client retransmission behavior is controlled and described by the
   following variables:

      RT     Retransmission timeout

      IRT    Initial retransmission time

      MRC    Maximum retransmission count

      MRT    Maximum retransmission time

      MRD    Maximum retransmission duration

      RAND   Randomization factor

   With each message transmission or retransmission, the client sets RT
   according to the rules given below.  If RT expires before the message
   exchange terminates, the client recomputes RT and retransmits the
   message.

   Each of the computations of a new RT include a randomization factor
   (RAND), which is a random number chosen with a uniform distribution
   between -0.1 and +0.1.  The randomization factor is included to
   minimize synchronization of messages transmitted by DHCP clients.
   The algorithm for choosing a random number does not need to be
   cryptographically sound.  The algorithm SHOULD produce a different
   sequence of numbers from each invocation of the DHCP client.

   RT for the first message transmission is based on IRT:

      RT = 2*IRT + RAND*IRT

   RT for each subsequent message transmission is based on the previous
   value of RT:

      RT = 2*RTprev + RAND*RTprev
   MRT specifies an upper bound on the value of RT. If MRT has a value
   of 0, there is no upper limit on the value of RT. Otherwise:

    if (RT > MRT)
       RT = MRT + RAND*MRT

   MRC specifies an upper bound on the number of times a client may
   retransmit a message.  If MRC has a value of 0, the client MUST
   continue to retransmit the original message until a response is
   received.  Otherwise, the message exchange fails once the client has
   transmitted the message MRC times.

   MRD specifies an upper bound on the length of time a client may
   retransmit a message.  If MRD has a value of 0, the client MUST
   continue to retransmit the original message until a response is
   received.  Otherwise, the message exchange fails once the client has
   transmitted the message MRD seconds.

   If both MRC and MRD are non-zero, the message exchange fails whenever
   either of the conditions specified in the previous two paragraphs are
   met.

16.

15. Message validation

   Servers MUST discard any received messages that include
   authentication information and fail the authentication check by the
   server.

   Clients MUST discard any received messages that include
   authentication information and fail the authentication check by the
   client, except as noted in section 22.6.5.2.

16.1. 21.5.5.2.

15.1. Use of Transaction-ID field

   The "transaction-ID" field holds a value used by clients and servers
   to synchronize server responses to client messages.  A client SHOULD
   choose a different transaction-ID for each new message it sends.  A
   client MUST leave the transaction-ID unchanged in retransmissions of
   a message.

16.2.

15.2. Solicit message

   Clients MUST discard any received Solicit messages.

   Relay agents MUST discard any Solicit messages received through port
   546.

   Servers MUST discard any Solicit messages that do not include a
   Client Identifier option.

16.3.

15.3. Advertise message

   Clients MUST discard any received Advertise messages that meet any of
   the following conditions:

    -  the message does not include a Server Identifier option

    -  the message does not include a Client Identifier option

    -  the contents of the Client Identifier option does not match the
       client's DUID

    -  the "Transaction-ID" field value does not match the value the
       client used in its Solicit message

   Servers and relay agents MUST discard any received Advertise
   messages.

16.4.

15.4. Request message

   Clients MUST discard any received Request messages.

   Relay agents MUST discard any Request messages received through port
   546.

   Servers MUST discard any received Request message that meet any of
   the following conditions:

    -  the message does not include a Server Identifier option

    -  the contents of the Server Identifier option do not match the
       server's identifier

    -  the message does not include a Client Identifier option

16.5.

15.5. Confirm message

   Clients MUST discard any received Confirm messages.

   Relay agents MUST discard any Confirm messages received through port
   546.

   Servers MUST discard any Confirm messages received that do not
   include a Client Identifier option.

16.6.

15.6. Renew message

   Clients MUST discard any received Renew messages.

   Relay agents MUST discard any Renew messages received through port
   546.

   Servers MUST discard any received Renew message that meets any of the
   following conditions:

    -  the message does not include a Server Identifier option

    -  the contents of the Server Identifier option do not match the
       server's identifier
    -  the message does not include a Client Identifier option

16.7.

15.7. Rebind message

   Clients MUST discard any received Rebind messages.

   Relay agents MUST discard any Rebind messages received through port
   546.

   Servers MUST discard any received Rebind message that does not
   include a Client Identifier option.

16.8.

15.8. Decline messages

   Clients MUST discard any received Decline messages.

   Relay agents MUST discard any Decline messages received through port
   546.

   Servers MUST discard any received Decline message that meets any of
   the following conditions:

    -  the message does not include a Server Identifier option

    -  the contents of the Server Identifier option do not match the
       server's identifier

    -  the message does not include a Client Identifier option

16.9.

15.9. Release message

   Clients MUST discard any received Release messages.

   Relay agents

   Servers MUST discard any Release messages received through port
   546. Decline message that meets any of
   the following conditions:

    -  the message does not include a Server Identifier option

    -  the contents of the Server Identifier option do not match the
       server's identifier

    -  the message does not include a Client Identifier option

16.10.

15.10. Reply message

   Clients MUST discard any received Reply messages that meet any of the
   following conditions:

    -  the message does not include a Server Identifier option

    -  the "transaction-ID" field in the message does not match the
       value used in the original message
    -  the message does not include a Client Identifier option and the
       original message from the client contained a Client Identifier
       option

    -  the message includes a Client Identifier option and the contents
       of the Client Identifier option does not match the DUID of the
       client

   Servers and relay agents MUST discard any received Reply messages.

16.11.

15.11. Reconfigure message

   Servers and relay agents MUST discard any received Reconfigure
   messages.

   Clients MUST discard any Reconfigure messages that meet any of the
   following conditions:

    -  the message does not include a Server Identifier option

    -  the message does not contain an authentication option

    -  the message fails the authentication validation performed by the
       client

16.12.

15.12. Information-request message

   Clients MUST discard any received Information-request messages.

   Relay agents MUST discard any Information-request messages received
   through port 546.

   Servers MAY choose to discard any received Information-request messages that do
   not include a Client Identifier option.

   Servers MUST discard any received Information-request message that
   includes a Server Identifier option and the DUID in the option does
   not match the server's DUID.

16.13.

15.13. Relay-forward message

   Clients MUST discard any received Relay-forward messages.

16.14.

15.14. Relay-reply message

   Clients and servers MUST discard any received Relay-reply messages.

17.

16. Client Source Address and Interface Selection

   When a client sends a DHCP message to the All_DHCP_Agents
   All_DHCP_Relay_Agents_and_Servers multicast address, it MUST
   use the IPv6 link-local address assigned to the interface for which
   the client is interested in obtaining configuration as the source
   address in the header of the IP datagram.

   When a client sends a DHCP message to the DHCP_Anycast address, it
   MUST use an address assigned to the interface for which the client
   is interested in obtaining configuration, which is suitable for use
   by the server in responding to the client, as the source address in
   the header of the IP datagram.  See "Default Address Selection for
   IPv6" [4] for more details.

   When a client sends a DHCP message directly to a server using unicast
   (after receiving the Server Unicast option from that server), it MUST
   use an address assigned to the interafce interface for which the client is
   interested in obtaining configuration, which is suitable for use by
   the server in responding to the client, as the source address in the
   header of the IP datagram.  See "Default Address Selection for
   IPv6" [6] for more details.

   The client MUST transmit the message on the link that the interface
   for which configuration information is being obtained is attached
   to.  The client SHOULD send the message through that interface.  The
   client MAY send the message through another interface attached to the
   same link if and only if the client is certain the two interface are
   attached to the same link.

18.

17. DHCP Server Solicitation

   This section describes how a client locates servers that will assign
   addresses to IAs belonging to the client.

   The client is responsible for creating IAs and requesting that a
   server assign configuration information, including IPv6 addresses,
   to the IA. The client first creates an IA and assigns it an IAID.
   The client then transmits a Solicit message containing an IA option
   describing the IA. Servers that can assign configuration information
   to the IA respond to the client with an Advertise message.  The
   client then initiates a configuration exchange as described in
   section 19.

18.1. 18.

17.1. Client Behavior

   A client uses the Solicit message to discover DHCP servers configured
   to serve addresses on the link to which the client is attached.

18.1.1.

17.1.1. Creation of Solicit messages

   The client sets the "msg-type" field to SOLICIT. The client generates
   a transaction ID and inserts this value in the "transaction-ID"
   field.

   The client MUST include a Client Identifier option to identify itself
   to the server.  The client MUST include one or more IA options for
   any IAs to which it wants the server to assign addresses.  The client
   MAY include addresses in the IAs as a hint to the server about
   addresses for which the client has a preference.  The client MAY
   include an Option Request Option in the Solicit message.  The client MUST
   NOT include any other options except those specifically allowed as
   defined by specific options.

   If

   The client may send just IA options for the assignment of
   non-temporary addresses, just IA_TA options for the assignment of
   only temporary options, or a mix of both IA and IA_TA options.

   The client chooses to MAY request specific options from the server,
   it does so server by including
   an Option Request option (see section 23.7,
   which MUST include all of 22.7) indicating the options
   the client is requesting. interested in receiving.  The client MAY include
   options with data values as hints to the server about parameter
   values the client would like to have returned.

18.1.2. Transmission of Solicit Messages

   The client sends

   If the Solicit client will accept a Reply message with committed address
   assignments and other resources in response to the All_DHCP_Agents multicast
   address. Solicit message,
   the client includes a Rapid Commit option (see section 22.15) in the
   Solicit message.

17.1.2. Transmission of Solicit Messages

   The first Solicit message from the client on the interface MUST
   be delayed by a random amount of time between MIN_SOL_DELAY and
   MAX_SOL_DELAY. In the case of a Solicit message transmitted when DHCP
   is initiated by IPv6 Neighbor Discovery, the delay gives the amount
   of time to wait after the ManagedFlag changes from FALSE to TRUE (see
   section 5.5.3 of RFC2462).  This random delay desynchronizes clients
   which start at the same time (e.g., (for example, after a power outage).

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   SOL_TIMEOUT

      MRT   SOL_MAX_RT

      MRC   0

      MRD   0

   The

   If the client has included a Rapid Commit option and is waiting for
   a Reply message, the client terminates the retransmission process as
   soon as a Reply message is received.

   If the client is waiting for an Advertise message, the mechanism in
   section 15 14 is modified as follows for use in the transmission of
   Solicit messages.  The message exchange is not terminated by the
   receipt of an Advertise before IRT has elapsed.  Rather, the client
   collects Advertise messages until IRT has elapsed.  Also, the first
   RT MUST be selected to be strictly greater than IRT by choosing RAND
   to be strictly greater than 0.

   A client MUST collect Advertise messages for IRT seconds, unless it
   receives an Advertise message with a preference value of 255.  The
   preference value is carried in the Preference option (section
   23.8). 22.8).
   Any Solicit that does not include a Preference option is considered
   to have a preference value of 0.  If the client receives an Advertise
   message with a preference value of 255, then the client
   MAY SHOULD
   act immediately on that Advertise message without waiting for any
   additional Advertise messages.

   If the client does not receive any Advertise messages before IRT
   has elapsed, it begins the retransmission mechanism described in
   section 15. 14.  The client terminates the retransmission process as
   soon as it recieves receives any Advertise message, and the client acts on
   the received Advertise message without waiting for any additional
   Advertise messages.

   A DHCP client SHOULD choose MRC and MRD to be 0.  If the DHCP client
   is configured with either MRC or MRD set to a value other than
   0, it MUST stop trying to configure the interface if the message
   exchange fails.  After the DHCP client stops trying to configure the
   interface, it SHOULD choose to restart the reconfiguration process
   after some external event, such as user input, system restart, or
   when the client is attached to a new link.

18.1.3.

17.1.3. Receipt of Advertise messages

   The client MUST ignore any Advertise message that includes a Status
   Code option containing the value AddrUnavail, with the exception that
   the client MAY display the associated status message to the user.

   Upon receipt of one or more valid Advertise messages, the client
   selects one or more Advertise messages based upon the following
   criteria.

    -  Those Advertise messages with the highest server preference value
       are preferred over all other Advertise messages.

    -  Within a group of Advertise messages with the same server
       preference value, a client MAY select those servers whose
       Advertise messages advertise information of interest to the
       client.  For example, the client may choose a server that
       returned an advertisement with configuration options of interest
       to the client.

    -  The client MAY choose a less-preferred server if that server has
       a better set of advertised parameters, such as the available
       addresses advertised in IAs.

   Once a client has selected Advertise message(s), the client will
   typically store information about each server, such as server
   preference value, addresses advertised, when the advertisement was
   received, and so on.  Depending on the requirements of the user that
   invoked the DHCP client, the client MAY initiate a configuration
   exchange with the server(s) immediately, or MAY defer this exchange
   until later.

   If the client needs to select an alternate server in the case that a
   chosen server does not respond, the client chooses the next server
   according to the criteria given above.

18.2.

17.1.4. Receipt of Reply message

   If the client includes a Rapid Commit option in the Solicit message,
   it will expect a Reply message that includes a Rapid Commit option
   in response.  If the client receives a Reply message, it processes
   the message as described in section 18.1.6.  If the client does not
   receive a Reply message, the client restarts the server solicitation
   process by sending a Solicit message that does not include a Rapid
   Commit option.

17.2. Server Behavior

   A server sends an Advertise message in response to Solicit messages
   it receives to announce the availability of the server to the client.

18.2.1.

17.2.1. Receipt of Solicit messages

   The server determines the information about the client and its
   location as described in section 13.  If 11 and checks its administrative
   policy
   permits about responding to the client.  If the server is not
   permitted to respond to the client, the server will generate discards the Solicit
   message.

   If the client has included a Rapid Commit option in the Solicit
   message and send the server has been configured to respond with committed
   address assignments and other resources, the server responds to the
   Solicit with a Reply message as described in section 17.2.3.

   Otherwise, the server generates and sends an Advertise message to the
   client.

18.2.2.

17.2.2. Creation and transmission of Advertise messages

   The server sets the "msg-type" field to ADVERTISE and copies the
   contents of the transaction-ID field from the Solicit message
   received from the client to the Advertise message.  The server
   includes its server identifier in a Server Identifier option.

   The server MAY add a Preference option to carry the preference value
   for the Advertise message.  The server implementation SHOULD allow
   the setting of a server preference value by the administrator.
   The server preference value MUST default to zero unless otherwise
   configured by the server administrator.

   The server MUST include IA options in the Advertise message
   containing any addresses that would be assigned to IAs contained in
   the Solicit message from the client.  The server MAY include some or
   all of the IA options from the client in the Advertise message.

   If the server will not assign any addresses to IAs in a subsequent
   Request from the client, the server SHOULD either MUST send an Advertise message to
   the client that includes only a status code option with
   the status code set to AddrUnavail and a status message for the user
   or not respond to the Solicit message.

   The server may choose to assign fewer temporary addresses than
   the client requested with an RTA option (see section 23.6) and
   includes a status code of Success in the IA. If the server will
   assign no temporary addresses, the server client that includes only a status code of
   AddrUnavail. option with the status
   code set to AddrUnavail and a status message for the user.

   The server MAY include other options the server will return to the
   client in a subsequent Reply message.  The information in these
   options will be used by the client in the selection of a server if
   the client receives more than one Advertise message.  The server
   SHOULD include options specifying values for options requested by the
   client in an Option Request Option included in the Solicit message.

   If the Solicit message was received directly by the server, the
   server unicasts the Advertise message directly to the client using
   the address in the source address field from the IP datagram in
   which the Solicit message was received.  The Advertise message MUST
   be unicast through the interface on which the Solicit message was
   received.

   If the Solicit message was received in a Relay-forward message,
   the server constructs a Relay-reply message with the Advertise
   message in the payload of a "server-message" option.  The server
   unicasts the Relay-reply message directly to the relay agent using
   the address in the source address field from the IP datagram in which which
   the Relay-forward message was received.

17.2.3. Creation and Transmission of Reply messages

   The server MUST commit the assignment of any addresses or other
   configuration information message before sending a Reply message to a
   client in response to a Solicit message.

   DISCUSSION:

      When using the Solicit-Advertise message exchange, a server
      need not commit the assignment of configuration information
      to the client or otherwise keep state about the client
      before the server sends the Advertise message to the client.
      The client will choose one of the responding servers and
      send a Request message to obtain configuration information.
      The other servers can make any addresses they might have
      offered to the client available for assignment to other
      clients.

      When using the Solicit-Reply message exchange, the server
      commits the assignment of any addresses before sending the
      Reply message.  The client can assume it has been assigned
      the addresses in the Reply message and does not need to send
      a Request message for those addresses.

      Typically, servers that are configured to use the
      Solicit-Reply message exchange will be deployed so that only
      one server will respond to a Solicit message.  If more than
      one server responds, the client will only use the addresses
      from one of the servers and the addresses from the other
      servers will be committed to the client but not used by the
      client.

   The server includes a Rapid Commit option in the Reply message to
   indicate that the Reply is in response to a Solicit message.

   The server produces the Reply message as though it had received
   a Request message, as described in section 18.2.1.  The server
   transmits the Relay-forward Reply message was received.

19. as described in section 18.2.8.

18. DHCP Client-Initiated Configuration Exchange

   A client initiates a message exchange with a server or servers
   to acquire or update configuration information of interest.  The
   client may initiate the configuration exchange as part of the
   operating system configuration process or process, when requested to do
   so by the application layer.

19.1. layer, when required by Stateless Address
   Autoconfiguration or as required to extend the lifetime of an address
   (Rebind and Renew messages).

18.1. Client Behavior

   A client will use Request, Confirm, Renew, Rebind and
   Information-request messages to acquire and confirm the
   validity of configuration information.  The client uses the server
   identifier information and information about IAs from previous
   Advertise messages for use in constructing Request messages.  Note
   that a client may request configuration information from one or more
   servers at any time.

19.1.1.

18.1.1. Creation and transmission of Request messages

   The client uses a Request message to populate IAs with addresses
   and obtain other configuration information.  The client includes
   one or more IA options in the Request message, with addresses and
   information about the IAs that were obtained from the server in a
   previous Advertise message.  The server then returns addresses and
   other information about the IAs to the client in IA options in a
   Reply message.

   The client generates a transaction ID and inserts this value in the
   "transaction-ID" field.

   The client places the identifier of the destination server in a
   Server Identifier option.

   The client MUST include a Client Identifier option to identify itself
   to the server.  The client adds any other appropriate options,
   including one or more IA options (if the client is requesting that
   the server assign it some network addresses).  The list of addresses
   in each included IA MUST include the addresses received by the client
   in a previous Advertise message.

   If the client chooses to request specific options from the server,
   it does so by including an Option Request option (see section 23.7, 22.7),
   which MUST include all of the options the client is requesting.  The
   client MAY include options with data values as hints to the server
   about parameter values the client would like to have returned.

   If the client has a source address of sufficient scope that can be
   used by the server as a return address and the client has received
   a Server Unicast option (section 23.13) 22.13) from the server, the client
   SHOULD unicast the Request message to the server.  Otherwise, the
   client MUST send the Request message to the All_DHCP_Agents multicast
   address.

   DISCUSSION:

      Use of multicast or anycast on a link and relay agents
      enables the inclusion of relay agent options in all messages
      sent by the client.  The server should enable the use of
      unicast only when relay agent options will not be used.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   REQ_TIMEOUT

      MRT   REQ_MAX_RT

      MRC   REQ_MAX_RC

      MRD   0

   If the message exchange fails, the client MAY choose one of the
   following actions:

    -  Select another server from a list of servers known to the client;
       e.  g.,
       for example, servers that responded with an Advertise message

    -  Initiate the server discovery process described in section 18 17

    -  Terminate the configuration process and report failure

19.1.2.

18.1.2. Creation and transmission of Confirm messages

   Whenever a client may have moved to a new link, its IPv6 addresses
   and other configuration information may no longer be valid.  Examples
   of times when a client may have moved to a new link include:

     o The client reboots

     o The client is physically disconnected from a wired connection

     o The client returns from sleep mode

     o The client using a wireless technology changes access points

   In any situation when a client may have moved to a new link, the
   client MUST initiate a Confirm/Reply message exchange.  The client
   includes any IAs, along with the addresses associated with those IAs,
   in its Confirm message.  Any responding servers will indicate the
   acceptability of the addresses with the status in the Reply message
   it returns to the client.

   The client sets the "msg-type" field to CONFIRM. The client generates
   a transaction ID and inserts this value in the "transaction-ID"
   field.

   The client MUST include a Client Identifier option to identify itself
   to the server.  The client adds any appropriate options, including
   one or more IA options.  The client MUST include the addresses the
   client currently has associated with those IAs.

   If the client chooses to request specific options from the server,
   it does so by including an Option Request option (see section 23.7, 22.7,
   which MUST include all of the options the client is requesting.  The
   client MAY include options with data values as hints to the server
   about parameter values the client would like to have returned.

   The

   When the client sends the Confirm message to the All_DHCP_Agents multicast
   address.  The client message, it MUST use an IPv6
   address that the client has confirmed to be valid on the link to
   which it is currently attached and that is assigned to the interface
   for which the client is interested in obtaining configuration
   information as the source address in the IP header of the datagram
   carrying the Confirm message.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   CNF_TIMEOUT

      MRT   CNF_MAX_RT

      MRC   0

      MRD   CNF_MAX_RD
   If the client receives no responses before the message transmission
   process as described in section 15 14 terminates, the client SHOULD
   continue to use any IP addresses, using the last known lifetimes for
   those addresses, and SHOULD continue to use any other previously
   obtained configuration parameters.

19.1.3.

18.1.3. Creation and transmission of Renew messages

   To extend the valid and preferred lifetimes associated with
   addresses, the client sends a Renew message to the server containing
   an "IA option" IA option for the IA and its associated addresses.  The server
   determines new lifetimes for the addresses in the IA according to the
   administrative configuration of the server.  The server may also add
   new addresses to the IA. The server may remove addresses from the IA
   by setting the preferred and valid lifetimes of those addresses to
   zero.

   The server controls the time at which the client contacts the server
   to extend the lifetimes on assigned addresses through the T1 and T2
   parameters assigned to an IA.

   If T1 or T2 is set to 0 by the server, the client does not send a
   Renew or Rebind message, respectively, for the IA.

   At time T1 for an IA, the client initiates a Renew/Reply message
   exchange to extend the lifetimes on any addresses in the IA. The
   client includes an IA option with all addresses currently assigned to
   the IA in its Renew message.

   The client sets the "msg-type" field to RENEW. The client generates a
   transaction ID and inserts this value in the "transaction-ID" field.

   The client places the identifier of the destination server in a
   Server Identifier option.

   The client MUST include a Client Identifier option to identify
   itself to the server.  The client adds any appropriate options,
   including one or more IA options (if the client is requesting that
   the server extend the lifetimes of the addresses assigned to those
   IAs; note that the client may check the status of other configuration
   parameters without asking for lifetime extensions). options.  The client MUST include the list
   of addresses the client currently has associated with the IAs in the
   Renew message.

   If the client chooses to request specific options from the server,
   it does so by including an Option Request option (see section 23.7, 22.7),
   which MUST include all of the options the client is requesting.  The
   client MAY include options with data values as hints to the server
   about parameter values the client would like to have returned.

   If the client has a source address of sufficient scope that can be
   used by the server as a return address and the client has received a
   Server Unicast option (section 23.13) (see section 22.13) from the server, the client
   SHOULD unicast the Renew message to the server.  Otherwise, the
   client sends the Renew message to the All_DHCP_Agents multicast
   address.

   DISCUSSION:

      Use of multicast or anycast on a link and relay agents
      enables the inclusion of relay agent options in all messages
      sent by the client.  The server MUST NOT enable the use of
      unicast for a client when relay agent options are required
      for that client.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   REN_TIMEOUT

      MRT   REP_MAX_RT

      MRC   0

      MRD   0

   The mechanism in section 15 14 is modified as follows for use in the
   transmission of Renew messages.  The message exchange is terminated
   when time T2 is reached (see section 19.1.4), 18.1.4), at which time the
   client begins a Rebind message exchange.

19.1.4.

18.1.4. Creation and transmission of Rebind messages

   At time T2 for an IA (which will only be reached if the server to
   which the Renew message was sent at time T1 has not responded),
   the client initiates a Rebind/Reply message exchange.  The client
   includes an IA option with all addresses currently assigned to the IA
   in its Rebind message.

   The client sends this message to the
   All_DHCP_Agents multicast address.

   The client sets the "msg-type" field to REBIND. The client generates
   a transaction ID and inserts this value in the "transaction-ID"
   field.

   The client MUST include a Client Identifier option to identify
   itself to the server.  The client adds any appropriate options,
   including one or more IA options.  The client MUST include the list
   of addresses the client currently has associated with the IAs in the
   Rebind message.

   If the client chooses to request specific options from the server,
   it does so by including an Option Request option (see section 23.7, 22.7),
   which MUST include all of the options the client is requesting.  The
   client MAY include options with data values as hints to the server
   about parameter values the client would like to have returned.

   The client sends the Rebind message to the All_DHCP_Agents multicast
   address.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   REB_TIMEOUT
      MRT   REB_MAX_RT

      MRC   0

      MRD   0

   The mechanism in section 15 14 is modified as follows for use in the
   transmission of Rebind messages.  The message exchange is terminated
   when the lifetimes of all of the addresses assigned to the IA expire
   (see section 12), 10), at which time the client has several alternative
   actions to choose from:

    -  The client may choose to use a Solicit message to locate a new
       DHCP server and send a Request for the expired IA to the new
       server

    -  The client may have other addresses in other IAs, so the client
       may choose to discard the expired IA and use the addresses in the
       other IAs

19.1.5.

18.1.5. Creation and Transmission of Information-request messages

   The client uses an Information-request message to obtain
   configuration information without having addresses assigned to it.

   The client sets the "msg-type" field to INFORMATION-REQUEST. The
   client generates a transaction ID and inserts this value in the
   "transaction-ID" field.

   The client SHOULD include a Client Identifier option to identify
   itself to the server.  If the client does not include a Client
   Identifier option, the server will not be able to return any
   client-specific options to the client. client, or the server may choose not
   to respond to the message at all.

   If the client chooses to request specific options from the server,
   it does so by including an Option Request option (see section 23.7, 22.7),
   which MUST include all of the options the client is requesting.  The
   client MAY include options with data values as hints to the server
   about parameter values the client would like to have returned.  The
   client MUST NOT include any IA options.

   If the client has an IPv6 address of sufficient scope, the
   client MAY choose to send the Information-request message to the
   All_DHCP_Servers multicast address.  Otherwise, the client MUST MAY choose to send the Information-request message to the All_DHCP_Agents
   All_DHCP_Servers multicast address.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   INF_TIMEOUT

      MRT   INF_MAX_RT
      MRC   0

      MRD   0

19.1.6.

18.1.6. Receipt of Reply message in response to a Request, Confirm,
   Renew, Rebind or Information-request message

   Upon the receipt of a valid Reply message in response to a Request,
   Confirm, Renew, Rebind or Information-request message, the client
   extracts the configuration information contained in the Reply.  The
   client MAY choose to report any status code or message from the
   status code option in the Reply message.

   The client SHOULD perform duplicate address detection [21] [19] on each
   of the addresses in any IAs it receives in the Reply message after
   a Request message. before
   using that address for traffic.  If any of the addresses are found
   to be in use on the link, the client sends a Decline message to the
   server as described in section 19.1.9. 18.1.9.

   The client records the T1 and T2 times for each IA in the Reply
   message.  The client records any addresses included with IAs in
   the Reply message.  The client updates the preferred and valid
   lifetimes for the addresses in the IA from the lifetime information
   in the IA option.  The client leaves any addresses that the client
   has associated with the IA that are not included in the IA option
   unchanged.

   The client SHOULD respond to the server with a Release message for
   any addresses in the Reply message that have a valid lifetime of 0.
   The client constructs and transmits this message as described in
   section 19.1.7.

   If the Reply was received in response to a Renew or Rebind message,
   the client must update the information in any IA option contained in
   the Reply message.  The client adds any new addresses from the IA
   option to the IA, updates lifetimes for existing addresses in the IA
   from the IA option and discards any addresses with a lifetime of zero
   in the IA option.

   Management of the specific configuration information is detailed in
   the definition of each option, in section 23. 22.

   When the client receives a NoPrefixMatch NotOnLink status in an IA from the server
   in response to a Confirm message, the client can assume it needs to
   send a Request to the server to obtain appropriate addresses for the
   IA. If the client receives any Reply messages that do not indicate
   a NoPrefixMatch NotOnLink status, the client can use the addresses in the IA and
   ignore any messages that do indicate a NoPrefixMatch NotOnLink status.

   When the client receives an AddrUnavail status in an IA from the
   server for a Request message the client will have to find a new
   server to create an IA.

   When the client receives a NoBinding status in an IA from the server
   for a Confirm message the client can assume it needs to send a
   Request to reestablish an IA with the server.

   When the client receives a ConfNoMatch status in an IA from the
   server for a Confirm message the client can send a Renew message to
   the server to extend the lifetimes of the addresses.

   When the client receives a NoBinding status in an IA from the server
   for a Renew message the client can assume it needs to send a Request
   to reestablish an IA with the server.

   When the client receives a RenwNoMatch status in an IA from the
   server for a Renew message the client can assume it needs to send a Request
   to reestablish an IA with the server.

   When the client receives an AddrUnavail status in an IA from the
   server for a Renew message the client can assume it needs to send a
   Request to reestablish an IA with the server.

   When the client receives a NoBinding status in an IA from the server
   for a Rebind message the client can assume it needs to send a Request
   to reestablish an IA with the server or try another server.

   When the client receives a RebdNoMatch status in an IA from the
   server for a Rebind message the client can assume it needs to send a
   Request to reestablish an IA with the server or try another server.

   When the client receives an AddrUnavail status in an IA from the
   server for a Rebind message the client can assume it needs to send a
   Request to reestablish an IA with the server or try another server.

19.1.7.

18.1.7. Creation and transmission of Release messages

   To release one or more addresses, a client sends a Release message to
   the server.

   The client sets the "msg-type" field to RELEASE. The client generates
   a transaction ID and places this value in the "transaction-ID" field.

   The client places the identifier of the server that allocated the
   address(es) in a Server Identifier option.

   The client MUST include a Client Identifier option to identify itself
   to the server.  The client includes options containing the IAs for
   the addresses it is releasing in the "options" field.  The addresses
   to be released MUST be included in the IAs.  The client continues to use any other  Any addresses in for the IAs.  The appropriate "status" field in
   IAs the options
   MUST client wishes to continue to use should not be set in added to indicate the reason for
   the release. IAs.

   The client MUST NOT use any of the addresses in the IAs in the
   message if is releasing as
   the source address in the Release message or in any subsequently
   transmitted message.

   If the client has a source address of sufficient scope that can be
   used by the server as a return address and the client has received
   a Server Unicast option (section 23.13) 22.13) from the server, the client
   SHOULD unicast the Release message to the server.  Otherwise, the
   client MUST send the Release message to the All_DHCP_Agents multicast
   address.

   DISCUSSION:

      Use of multicast or anycast on a link and relay agents
      enables the inclusion of relay agent options in all messages
      sent by the client.  The server MUST NOT enable the use of
      unicast for a client when relay agent options are required
      for that client.

   A

   The client MAY SHOULD choose to wait for a Reply message from guarantee the server in
   response to delivery of the Release message.  If
   message using the client does wait for retransmission strategy in section 14.  An example
   of a situation in which a
   Reply, the client MAY choose to retransmit would not guarantee delivery would
   be when the Release message. client is powering down or restarting because of some
   error condition.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   REL_TIMEOUT

      MRT   0

      MRC   REL_MAX_MRC

      MRD   0

   The client MUST abandon the attempt to release addresses if the
   Release message exchange fails.

   The client MUST stop using all of the addresses in the IA(s) being released as
   soon as the client begins the Release message exchange process.
   If an IA is addresses are released but the Reply from a DHCP server is
   lost, the client will retransmit the Release message, and the
   server may respond with a Reply indicating a status of "Nobinding".
   Therefore, the client does not treat a Reply message with a status
   of "Nobinding" in a Release message exchange as if it indicates an
   error.

   Note that if the client fails to release the IA, addresses, the addresses
   assigned to the IA will be reclaimed by the server when the lifetime
   of the address expires.

19.1.8.

18.1.8. Receipt of Reply message in response to a Release message

   Upon receipt of a valid Reply message, the client can consider the
   Release event successful.

19.1.9.

18.1.9. Creation and transmission of Decline messages

   The client sets the "msg-type" field to DECLINE. The client generates
   a transaction ID and places this value in the "transaction-ID" field.

   The client places the identifier of the server that allocated the
   address(es) in a Server Identifier option.

   The client MUST include a Client Identifier option to identify itself
   to the server.  The client includes options containing the IAs for
   the addresses it is declining in the "options" field.  The addresses
   to be declined MUST be included in the IAs.  The client continues to use other  Any addresses
   in for the IAs.  The appropriate "status" field in
   IAs the options MUST client wishes to continue to use should not be
   set in added to indicate the reason for declining
   the address. IAs.

   The client MUST NOT use any of the addresses in the IAs in the
   message it is declining as
   the source address in the Decline message or in any subsequently
   transmitted message.

   If the client has a source address of sufficient scope that can be
   used by the server as a return address and the client has received
   a Server Unicast option (section 23.13) 22.13) from the server, the client
   SHOULD unicast the Decline message to the server.  Otherwise, the
   client MUST send the Decline message to the All_DHCP_Agents multicast
   address.

   DISCUSSION:

      Use of multicast or anycast on a link and relay agents
      enables the inclusion of relay agent options in all messages
      sent by the client.  The server MUST NOT enable the use of
      unicast for a client when relay agent options are required
      for that client.

   The client transmits the message according to section 15, 14, using the
   following parameters:

      IRT   DEC_TIMEOUT

      MRT   DEC_MAX_RT

      MRC   DEC_MAX_RC

      MRD   0

   The client MUST abandon the attempt to decline addresses if the
   Decline message exchange fails.

19.1.10.

18.1.10. Receipt of Reply message in response to a Decline message

   Upon receipt of a valid Reply message, the client can consider the
   Decline event successful.

19.2.

18.2. Server Behavior

   For this discussion, the Server is assumed to have been configured in
   an implementation specific manner with configuration of interest to
   clients.

19.2.1.

18.2.1. Receipt of Request messages

   The

   When the server MAY choose to discard receives a Request messages received message via unicast from a
   client to which the server has not sent a unicast
   option.

   When the server receives a Request the client is requesting the
   configuration of a new IA by option, the server.  The server MUST take the
   IA from
   discards the client Request message and associate a binding for that client in an
   implementation-specific manner within the configuration parameter
   database for DHCP clients managed by the server.

   Upon the receipt of responds with a valid Request Reply message from
   containing a client the server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans status code option with value UseMulticast and no other
   options.

   When the options field.

   The server then constructs receives a Reply message and sends it to Request the client is requesting the
   client.
   configuration of IAs by the server.  The server SHOULD process each option for creates the bindings
   for that client in an
   implementation-specific manner. according to the server's policy and configuration
   information and records the IAs and other information about the
   client.

   The server MUST construct contructs a Reply message containing by setting the following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID "msg-type" field
   to REPLY, copying the transaction ID from the Request message. message into
   the transaction-ID field.

   The server MUST include a Server Identifier option containing the
   server's DUID and the Client Identifier option from the Request
   message in the Reply message.

   If the server finds that the prefix on one or more IP addresses in
   any IA in the message from the client is not a valid prefix for the
   link to which the client is connected, the server MUST return the IA
   to the client with the status field set to NoPrefixMatch. NotOnLink.

   If the server cannot assign any addresses to any of the IAs in the
   message from the client, the server SHOULD MUST include the IAs in the Reply
   message with the status field set to AddrUnavail and no addresses in
   the IA.

   For any IAs to which the server can assign addresses, the server
   includes the IA with addresses and other configuration parameters a status of
   Success, and add
   records the IA as a new client binding.

   The server may choose to assign fewer temporary addresses than
   the client requested with an RTA option (see section 23.6) and
   includes a status code of Success in the IA. If the server chooses to
   assign no temporary addresses, the server includes a status code of
   AddrUnavail.

   The server adds options to the Reply message for any other
   configuration information to be assigned to the client.

19.2.2.  If the
   Request message contained an Option Request option, the server MUST
   include options in the Reply message for any options in the Option
   Request option the server is configured to return to the client.  The
   server MAY choose to return other options not specified in the Option
   Request option.

18.2.2. Receipt of Confirm messages

   When the server receives a Confirm message, the client is requesting
   confirmation that the configuration information it will use is valid.
   The server SHOULD locate locates the binding for that client and compare the
   information in the Confirm message from the client to the information
   associated with that client.

   Upon the receipt of a valid Confirm message from a client the server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans the options field.

   If the server cannot determine if the information in the Confirm
   message is valid or invalid, the server MUST NOT send a reply to the
   client.  For example, if the server does not have a binding for the
   client, but compares the configuration
   information in the Confirm message
   appears valid, from the server does not reply. client to the information
   associated with that client.

   If the server finds that the information for the client does not
   match what is in the binding for that client or the configuration
   information is not valid, the server sends a Reply message containing
   a Status Code option with the value ConfNoMatch.

   If the server finds that the information for the client does match
   the information in the binding for that client, and the configuration
   information is still valid, the server sends a Reply message
   containing a Status Code option with the value Success.

   The

   If the server SHOULD process each option cannot determine if the information in the Confirm
   message is valid or invalid, the server MUST NOT send a reply to the
   client.  For example, if the server does not have a binding for the client
   client, but the configuration information in an
   implementation-specific manner. the Confirm message
   appears valid, the server does not reply.

   The server MUST construct contructs a Reply message containing by setting the following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID "msg-type" field
   to REPLY, copying the transaction ID from the Confirm message. message into
   the transaction-ID field.

   The server MUST include a Server Identifier option containing the
   server's DUID and the Client Identifier option from the Confirm
   message in the Reply message.

   The Reply message from the server MUST contain include a Status Code option
   and MUST NOT include any other options.

19.2.3. option.

18.2.3. Receipt of Renew messages

   The

   When the server MAY choose to discard receives a Renew messages received message via unicast from a client to
   which the server has not sent a unicast option.

   Upon option, the server discards
   the receipt of a valid Renew message from and responds with a client the server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans the options field. Reply message containing a
   status code option with value UseMulticast and no other options.

   When the server receives a Renew and IA option from a client it
   SHOULD locate
   locates the clients client's binding and verify verifies that the information in the
   IA from the client matches the information stored for that client.

   If the server cannot find a client entry for this the IA the server
   SHOULD return an
   returns the IA containing no addresses with status set to
   NoBinding. NoBinding
   in the Renew message.

   If the server finds that any of the addresses in the IA are no longer valid
   for the client
   do not match the client binding the server should return an IA
   containing no addresses with status set to RenwNoMatch.

   If client, the server cannot Renew addresses for returns the client it SHOULD send
   back an IA containing no addresses address to the client with the status
   field set to AddrUnavail.
   lifetimes of 0.

   If the server finds the addresses in the IA for the client then the
   server SHOULD send sends back the IA to the client with new lifetimes and T1/T2 times if the default is not being used,
   times, and set status to includes a Status Code option with value Success.  The
   server may choose to change the list of addresses and the lifetimes
   of addresses in IAs that are returned to the client.

   The server may choose to assign fewer temporary addresses than
   the client requested with an RTA option (see section 23.6) and
   includes contructs a status code of Success in the IA. If Reply message by setting the server chooses "msg-type" field
   to
   assign no temporary addresses, REPLY, copying the server includes a status code of
   AddrUnavail.

   The server SHOULD process each option for transaction ID from the client in an
   implementation-specific manner.  The server MUST construct a Reply Renew message containing into the following values:

      msg-type         REPLY
   transaction-ID   The transaction-ID from the Confirm message. field.

   The server MUST include a Server Identifier option containing the
   server's DUID and the Client Identifier option from the Renew message
   in the Reply message.

19.2.4.

18.2.4. Receipt of Rebind messages

   Upon the receipt of a valid Rebind message from a client the server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans the options field.

   When the server receives a Rebind and IA option from a client it
   SHOULD locate
   locates the clients client's binding and verify verifies that the information in the
   IA from the client matches the information stored for that client.

   If the server cannot find a client entry for this IA the server
   SHOULD return an IA containing no addresses with status set to
   NoBinding.

   If the server finds that the addresses in the IA for the client
   do not match the client binding
   returns the server should return an IA containing no addresses with status set to RebdNoMatch.

   If NoBinding
   in the server cannot Rebind addresses for the client it SHOULD send
   back an IA containing no addresses to the client with the status
   field set to AddrUnavail. message.

   If the server finds that the addresses in any of the IA addresses are no longer valid
   for the client then client, the server SHOULD send back returns the IA address to the client with new
   lifetimes and
   T1/T2 times if of 0.

   If the default is not being used, and set status to
   Success.

   The server may choose to assign fewer temporary addresses than finds the client requested with an RTA option (see section 23.6) and
   includes a status code of Success addresses in the IA. If the server will
   assign no temporary addresses, IA for the client then the server includes a status code of
   AddrUnavail.

   The
   server SHOULD process each option for send back the IA to the client in an
   implementation-specific manner. with new lifetimes and
   T1/T2 times if the default is not being used.

   The server MUST construct contructs a Reply message containing by setting the following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID "msg-type" field
   to REPLY, copying the transaction ID from the Confirm message. Rebind message into the
   transaction-ID field.

   The server MUST include a Server Identifier option containing the
   server's DUID and the Client Identifier option from the Rebind
   message in the Reply message.

19.2.5.

   The server adds options to the Reply message for any other
   configuration information to be assigned to the client.  If the
   Rebind message contained an Option Request option, the server MUST
   include options in the Reply message for any options in the Option
   Request option the server is configured to return to the client.  The
   server MAY choose to return other options not specified in the Option
   Request option.

18.2.5. Receipt of Information-request messages

   When the server receives an Information-request message, the
   client is requesting configuration information that does not
   include the assignment of any addresses.  The server SHOULD determine determines all
   configuration parameters appropriate to the client, based on the
   server configuration policies known to the server.

   Upon the receipt of

   The server contructs a valid Information-request Reply message from a client by setting the server can respond to, (implementation-specific administrative
   policy satisfied) "msg-type" field
   to REPLY, copying the server scans transaction ID from the options Rebind message into the
   transaction-ID field.

   The server
   then constructs MUST include a Server Identifier option containing the
   server's DUID and the Client Identifier option from the Rebind
   message in the Reply message.

   The server adds options to the Reply message and sends it for all of the
   configuration parameters to be returned to the client.

   The  If the
   Information-request message contained an Option Request option, the
   server SHOULD process each option for MUST include options in the client Reply message for any options in an
   implementation-specific manner.
   the Option Request option the server is configured to return to the
   client.  The server MUST construct a Reply
   message containing MAY choose to return other options not specified
   in the following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID Option Request option.

   If the Information-request message received from the Confirm message.

   The server MUST client did
   not include a Server Client Identifier option containing the
   server's DUID in option, the Reply message.

   The server adds options to the SHOULD respond
   with a Reply message for all of the containing any configuration parameters
   that are not determined by the client's identity.  If the server
   chooses not to be returned respond, the client may continue to retransmit the client.

19.2.6.
   Information-request message indefinitely.

18.2.6. Receipt of Release messages

   The

   When the server MAY choose to discard receives a Release messages received message via unicast from a
   client to which the server has not sent a unicast
   option. option, the server
   discards the Release message and responds with a Reply message
   containing a status code option with value UseMulticast and no other
   options.

   Upon the receipt of a valid Release message, the server examines the
   IAs and the addresses in the IAs for validity.  If the IAs in the
   message are in a binding for the client and the addresses in the IAs
   have been assigned by the server to those IAs, the server deletes
   the addresses from the IAs and makes the addresses available for
   assignment to other clients.  The server ignores invalid addresses
   (though it may choose to log an error if it finds an invalid
   address).

   After all the addresses have been processed, the server generates a
   Reply message and includes a Status Code option with value Success
   and a Server Identifier option with the server's DUID. The server
   MUST NOT include any other options in the Reply message.

   If the server cannot find a binding for the client, the server
   sends a Reply message that includes a Status Code option with value
   NoBinding.

   A server is not required to (but may choose to as an implementation
   strategy) retain any a record of an IA from which all of assigned addresses and IAs
   after the lifetimes on the addresses have been released.

19.2.7. expired to allow the server
   to reassign the previously assigned addresses to a client.

18.2.7. Receipt of Decline messages

   The

   When the server MAY choose to discard receives a Decline messages received message via unicast from a
   client to which the server has not sent a unicast
   option. option, the server
   discards the Decline message and responds with a Reply message
   containing a status code option with value UseMulticast and no other
   options.

   Upon the receipt of a valid Decline message, the server examines the
   IAs and the addresses in the IAs for validity.  If the IAs in the
   message are in a binding for the client and the addresses in the IAs
   have been assigned by the server to those IA, the server deletes
   the addresses from the IAs.  The server SHOULD mark the addresses
   declined by the client so that those addresses are not assigned to
   other clients, and MAY choose to make a notification that addresses
   were declined.  The server ignores invalid addresses (though it may
   choose to log an error if it finds an invalid address).

   After all the address have been processed, the server generates a
   Reply message and includes a Status Code option with value Success
   and a Server Identifier option with the server' server's DUID. The server
   MUST NOT include any other options in the Reply message.

19.2.8.

18.2.8. Transmission of Reply messages

   If the Request, Confirm, Renew, Rebind, Release, Decline or
   Information-request message from the client was originally received
   in a Relay-forward message from a relay, the server places the Reply
   message in the options field of a Relay-response message and copies
   the link-address and client-return-address client-address fields from the Relay-forward
   message into the Relay-response message.

   The server then unicasts the Reply or Relay-reply to the source
   address from the IP datagram in which the original message was
   received.

20.

19. DHCP Server-Initiated Configuration Exchange

   A server initiates a configuration exchange to cause DHCP clients
   to obtain new addresses and other configuration information.  For
   example, an administrator may use a server-initiated configuration
   exchange when links in the DHCP domain are to be renumbered.  Other
   examples include changes in the location of directory servers,
   addition of new services such as printing, and availability of new
   software (system or application).

20.1.
   software.

19.1. Server Behavior

   A server sends a Reconfigure message to cause a client to initiate
   immediately a Renew/Reply or Information-request/Reply message
   exchange with the server.

20.1.1.

19.1.1. Creation and transmission of Reconfigure messages

   The server sets the "msg-type" field to RECONFIGURE. The server
   generates a transaction-ID and inserts it in sets
   the "transaction-ID"
   field. transaction-id field to 0.  The server places its identifier in a
   Server Identifier option.

   The server MAY include an Option Request option to inform the client
   of what information has been changed or new information that has been
   added.  In particular, the server specifies the IA option in the
   Option Request option if the server wants the client to obtain new
   address information.

   The server MUST include an authentication option with the appropriate
   settings and add that option as the last authentication option in the "options"
   field of the Reconfigure
   message.  The server MUST include a Reconfigure Message option
   (defined in section 22.20) to select whether the client responds with
   a Renew message or an Information-Request message.

   The server MUST NOT include any other options in the Reconfigure
   except as specifically allowed in the definition of individual
   options.

   A server sends each Reconfigure message to a single DHCP client,
   using an IPv6 unicast address of sufficient scope belonging to the
   DHCP client.  The server may obtain the address of the client through
   the information that the server has about clients that have been in
   contact with the server, or the server may be configured with the
   address of the client through some external agent.

   To reconfigure more than one client, the server unicasts a separate
   message to each client.  The server may initiate the reconfiguration
   of multiple clients concurrently; for example, a server may
   send a Reconfigure message to additional clients while previous
   reconfiguration message exchanges are still in progress.

   The Reconfigure message causes the client to initiate a Renew/Reply
   or Information-request/Reply message exchange with the server.  The
   server interprets the receipt of a Renew or Information-request
   message from the client as satisfying the Reconfigure message
   request.

20.1.2.

19.1.2. Time out and retransmission of Reconfigure messages

   If the server does not receive a Renew or Information-request message
   from the client in RECREP_MSG_TIMEOUT milliseconds, the server
   retransmits the Reconfigure message, doubles the RECREP_MSG_TIMEOUT
   value and waits again.  The server continues this process until
   REC_MSG_ATTEMPTS unsuccessful attempts have been made, at which point
   the server SHOULD abort the reconfigure process for that client.

   Default and initial values for RECREP_MSG_TIMEOUT and
   REC_MSG_ATTEMPTS are documented in section 7.5.

20.1.3. 5.6.

19.1.3. Receipt of Renew messages

   The server generates and sends Reply message(s) to the client as
   described in section 19.2.8, sections 18.2.3 and 18.2.8, including in the "options" field new
   values options for
   configuration parameters.

   It is possible that the client may send a Renew message after the
   server has sent a Reconfigure but before the Reconfigure is received
   by the client.  In this case, the Renew message from the client
   may not include all of the IAs and requests for parameters to be
   reconfigured by the server.  To accommodate this scenario, the

   The server MAY choose to send a Reply with the IAs and other
   parameters to be reconfigured, even if those IAs and parameters were
   not in the Renew
   message from the client.

20.2. Receipt of Information-request messages

   If the server has assigned addresses to one or more IAs that belong
   to the responding client, the server MUST silently discard the
   Information-request message.

   If the client has requested options in an Option Request option that
   the server is unable to provide to the client, the server MAY send
   a Reply message with only those options it can provide.  If the
   server sends a Reply message that does not include all of the options requested by the client, it MUST include a Status Code option with
   code OptionUnavail.

   The server generates and sends Reply message(s) to the client as
   described in section 19.2.8, including in the "options" field new
   values for configuration parameters.

   It is possible that the client may send an Information-request
   message after the server has sent a Reconfigure but before
   the Reconfigure is received by the client.  In this case, the
   Information-request Renew message from the client may not request all of
   the parameters client.

19.2. Receipt of Information-request messages

   The server generates and sends Reply message(s) to be reconfigured by the server.  To accommodate
   this scenario, the client as
   described in sections 18.2.5 and 18.2.8, including options for
   configuration parameters.

   The server MAY choose to send a Reply with the other parameters to
   be reconfigured, even if those parameters were not specified in the
   Information-request message from the client.

20.3.

19.3. Client Behavior

   A client MUST always monitor UDP port 546 for accept Reconfigure messages
   on sent to UDP port 546on
   interfaces for which it has acquired DHCP parameters. configuration information
   through DHCP. These messages may be sent at any time.  Since the
   results of a reconfiguration event may affect application layer
   programs, the client SHOULD log these events, and MAY notify these
   programs of the change through an implementation-specific interface.

20.3.1.

19.3.1. Receipt of Reconfigure messages

   Upon receipt of a valid Reconfigure message, the client initiates a
   transaction with the server. server by sending a Reply or Information-request
   message.  While the transaction is in progress, the client silently
   discards any Reconfigure messages it receives.

   If the client has IAs with addresses that have been assigned by the
   server from which the Reconfigure message was received, the

   The client
   MUST respond responds with either a Renew message.  Otherwise, the client responds
   with message or an
   Information-request message. message as indicated by the Reconfigure
   Message option (as defined in section 22.20).

   DISCUSSION:

      The Reconfigure message acts as a trigger that signals the
      client to complete a successful message exchange.  Once
      the client has received a Reconfigure, the client proceeds
      with the message exchange (retransmitting the Renew or
      Information-request message if necessary); the client
      ignores any additional Reconfigure messages (regardless
      of the transaction ID in the Reconfigure message) until
      the exchange is complete.  Subsequent Reconfigure messages
      (again independent of the transaction ID) cause the client
      to initiate a new exchange.

      How does this mechanism work in the face of duplicated or
      retransmitted Reconfigure messages?  Duplicate messages
      will be ignored because the client will begin the exchange
      after the receipt of the first Reconfigure.  Retransmitted
      messages will either trigger the exchange (if the first
      Reconfigure was not received by the client) or will be
      ignored.  The server can discontinue retransmission of
      Reconfigure messages to the client once the server receives
      the Renew or Information-request message from the client.

      It might be possible for a duplicate or retransmitted
      Reconfigure to be sufficiently delayed (and delivered out of
      order) to arrive at the client after the exchange (initiated
      by the original Reconfigure) has been completed.  In this
      case, the client would initiate a redundant exchange.  The
      likelihood of delayed and out of order delivery is small
      enough to be ignored.  The consequence of the redundant
      exchange is inefficiency rather than incorrect operation.

20.3.2.

19.3.2. Creation and transmission of Renew messages

   When responding to a Reconfigure, the client creates and sends
   the Renew message in exactly the same manner as outlined in
   section 19.1.3, 18.1.3, with the exception:  if the server included on Option
   Request option specifying the IA option, the client MUST include IA
   options containing the addresses the client currently has assigned to
   ALL IAs for the interface through which the Reconfigure message was
   received.

20.3.3.

19.3.3. Creation and transmission of Information-request messages

   When responding to a Reconfigure, the client creates and sends the
   Information-request message in exactly the same manner as outlined in
   section 19.1.5, 18.1.5, with the exception that the client includes a Server
   Identifier option with the identifier from the Reconfigure message to
   which the client is responding.

20.3.4.

19.3.4. Time out and retransmission of Renew or Information-request
   messages

   The client uses the same variables and retransmission algorithm as
   it does with Renew or Information-request messages generated as part
   of a client-initiated configuration exchange.  See sections 19.1.3 18.1.3
   and 19.1.5 18.1.5 for details.

20.3.5.

19.3.5. Receipt of Reply messages

   Upon the receipt of a valid Reply message, the client extracts the
   contents of the "options" field, and sets (or resets) configuration
   parameters appropriately.  The client records and updates the
   lifetimes for any addresses specified in IAs in the Reply message.
   If the configuration parameters changed were requested by the
   application layer, the client notifies the application layer of the
   changes using an implementation-specific interface.

21.

20. Relay Agent Behavior

   For this discussion, the Relay relay agent MAY be configured to use a
   list of server destination addresses, which MAY include unicast
   addresses, the All_DHCP_Servers multicast address, or other multicast
   addresses selected by the network administrator.  If the Relay relay agent
   has not been explicitly configured, it MUST use the All_DHCP_Servers
   multicast address as the default.

21.1.

20.1. Relaying of client messages

   When a Relay relay agent receives a valid client message, it constructs
   a Relay-forward message.  The relay agent places an a global or
   site-scoped address with a prefix assigned to the link on which the
   client should be assigned an address in the link-address field.  This
   address will be used by the server to determine the link from which
   the client should be assigned an address and other configuration
   information.

   If the relay agent cannot use the address in the link-address field
   to identify the interface through which the response to the client
   will be forwarded, the relay agent MUST include an Interface-id
   option (see section 23.17) 22.19) in the Relay-forward message.  The server
   will include the Interface-id option in its Relay-reply message.
   The relay agent puts the client's address in the link-address field
   regardless of whether the relay agent includes an Interface-id option
   in the Relay-forward message.

   The relay agent copies the source address from the IP datagram
   in which the message was received from the client into the client-return-address
   client-address field in the Relay-forward message.

   The relay agent constructs a "client-message" Client Message option 23.10 (see
   section 22.10) that contains the entire message from the client in
   the data field of the option.  The relay agent places the "relay-message" Client
   Message option along with any
   "relay-specific" "relay agent-specific" options in the
   options field of the Relay-forward message.  The Relay MUST send relay agent sends
   the Relay-forward message to the list of server destination addresses
   with which it has been configured.

21.2. configured or to the All_DHCP_Servers address
   if it has not been explicitly configured with server destination
   addresses.

20.2. Relaying of server messages

   When the

   The relay receives a Relay-reply message, it extracts agent processes any other options included in the server
   Relay-reply message from the "server-message" option. as appropriate to those options.  The relay
   agents then discards those options.

   If the Relay-reply message includes a Interface-id option, the relay
   agent forwards the message from the server to the client on the link
   identified by the Interface-id option.  Otherwise, the relay agent
   forwards the message on the link identified by the link-address
   field.

   In either case, the relay relay agent extracts the server message from the
   Server Message option (see section 22.11) and forwards the message to
   the address in the client-return-address client-address field in the Relay-reply message.

22.

21. Authentication of DHCP messages

   Some network administrators may wish to provide authentication of
   the source and contents of DHCP messages.  For example, clients may
   be subject to denial of service attacks through the use of bogus
   DHCP servers, or may simply be misconfigured due to unintentionally
   instantiated DHCP servers.  Network administrators may wish to
   constrain the allocation of addresses to authorized hosts to avoid
   denial of service attacks in "hostile" environments where the network
   medium is not physically secured, such as wireless networks or
   college residence halls.

   Because of the risk of denial of service attacks against DHCP
   clients, the use of authentication is mandated in Reconfigure
   messages.  A DHCP server MUST include an authentication option in
   Reconfigure messages sent to clients.

   The DHCP authentication mechanism is based on the design of
   authentication for DHCP for IPv4 [8].

22.1. [6].

21.1. DHCP threat model

   The threat to DHCP is inherently an insider threat (assuming a
   properly configured network where DHCPv6 ports are blocked on the
   perimeter gateways of the enterprise).  Regardless of the gateway
   configuration, however, the potential attacks by insiders and
   outsiders are the same.

   The attack specific to a DHCP client is the possibility of the
   establishment of a "rogue" server with the intent of providing
   incorrect configuration information to the client.  The motivation
   for doing so may be to establish a "man in the middle" attack or it
   may be for a "denial of service" attack.

   There is another threat to DHCP clients from mistakenly or
   accidentally configured DHCP servers that answer DHCP client requests
   with unintentionally incorrect configuration parameters.

   The threat specific to a DHCP server is an invalid client
   masquerading as a valid client.  The motivation for this may be for
   "theft of service", or to circumvent auditing for any number of
   nefarious purposes.

   The threat common to both the client and the server is the resource
   "denial of service" (DoS) attack.  These attacks typically involve
   the exhaustion of valid addresses, or the exhaustion of CPU or
   network bandwidth, and are present anytime there is a shared
   resource.  In current practice, redundancy mitigates DoS attacks the
   best.

22.2.

21.2. Security of messages sent between servers and relay agents

   Relay agents and servers that choose to exchange messages securely
   use the IPsec mechanisms for IPv6 [10]. [8].  The way in which IPsec
   is employed by relay agents and servers is not specified in this
   document.

22.3.

21.3. Summary of DHCP authentication

   Authentication of DHCP messages is accomplished through the use of
   the Authentication option. option (see section 22.12).  The authentication
   information carried in the Authentication option can be used to
   reliably identify the source of a DHCP message and to confirm that
   the contents of the DHCP message have not been tampered with.

   The Authentication option provides a framework for multiple
   authentication protocols.  Two  One such protocols are is defined here.
   Other protocols defined in the future will be specified in separate
   documents.

   The protocol field in the Authentication option identifies the
   specific protocol used to generate the authentication information
   carried in the option.  The algorithm field identifies a specific
   algorithm within the authentication protocol; for example, the
   algorithm field specifies the hash algorithm used to generate the
   message authentication code (MAC) in the authentication option.  The
   replay detection method (RDM) field specifies the type of replay
   detection used in the replay detection field.

22.4.

21.4. Replay detection

   The Replay Detection Method (RDM) field determines the type of replay
   detection used in the Replay Detection field.

   If the RDM field contains 0x00, the replay detection field MUST
   be set to the value of a monotonically increasing counter.  Using
   a counter value such as the current time of day (e.g., (for example, an
   NTP-format timestamp [12]) [10]) can reduce the danger of replay attacks.
   This method MUST be supported by all protocols.

22.5. Configuration token protocol

   If the protocol field is 0, the authentication information field
   holds a simple configuration token.  The configuration token is an
   opaque, unencoded value known to both the sender and receiver.  The
   sender inserts the configuration token in the DHCP message and the
   receiver matches the token from the message to the shared token.  If
   the configuration option is present and the token from the message
   does not match the shared token, the receiver MUST discard the
   message.

   Configuration token may be used to pass a plain-text configuration
   token and provides only weak entity authentication and no message
   authentication.  This protocol is only useful for rudimentary
   protection against inadvertently instantiated DHCP servers.

   DISCUSSION:

      The intent here is to pass a constant, non-computed token
      such as a plain-text password.  Other types of entity
      authentication using computed tokens such as Kerberos
      tickets or one-time passwords will be defined as separate
      protocols.

22.6.

21.5. Delayed authentication protocol

   If the protocol field is 1, the message is using the "delayed
   authentication" mechanism.  In delayed authentication, the client
   requests authentication in its Solicit message and the server replies
   with an Advertise message that includes authentication information.
   This authentication information contains a nonce value generated by
   the source as a message authentication code (MAC) to provide message
   authentication and entity authentication.

   The use of a particular technique based on the HMAC protocol [11] [9]
   using the MD5 hash [20] [18] is defined here.

22.6.1.

21.5.1. Management issues in the delayed authentication protocol

   The "delayed authentication" protocol does not attempt to address
   situations where a client may roam from one administrative domain
   to another, i.e.  interdomain roaming.  This protocol is focused on
   solving the intradomain problem where the out-of-band exchange of a
   shared secret key is feasible.

22.6.2.

21.5.2. Use of the Authentication option in the delayed authentication
   protocol

   In a Solicit message, the Authentication option carries the Protocol,
   Algorithm, RDM and Replay detection fields, but no Authentication
   information.

   In an Advertise, Request, Renew, Rebind, Confirm, Decline, Release
   or Information-request message, the Authentication option carries
   the Protocol, Algorithm, RDM and Replay detection fields and
   Authentication information.

   A DHCP message MUST NOT contain more than one Authentication option
   when using the delayed authentication protocol.  The Authentication
   option should appear as close to the beginning of the options area
   in the DHCP message to facilitate processing of the authentication
   information.The format of the Authentication information is:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                     Secret                            Key ID (32 bits)                             |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                                                               |
  |                           HMAC-MD5 (128 bits)                            |
  |                                                               |
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   The following definitions will be used in the description of the
   authentication information for delayed authentication, algorithm 1:

   Replay Detection  - as defined by the RDM field
   K                 - a secret value key (secret value) shared
                       between the source and
                       destination of the message;
                       each secret key has a unique
                       identifier (secret (key ID)
   secret
   key ID            - the unique identifier for the secret key value
                       used to generate the MAC for this message
   HMAC-MD5          - the MAC generating function.

   The sender computes the MAC using the HMAC generation algorithm [11] [9]
   and the MD5 hash function  [20]. [18].  The entire DHCP message (except
   the MAC field of the authentication option itself), including the
   DHCP message header and the options field, is used as input to the
   HMAC-MD5 computation function.  The 'secret 'key ID' field MUST be set to the
   identifier of the secret key used to generate the MAC.

   DISCUSSION:

      Algorithm 1 specifies the use of HMAC-MD5.  Use of a
      different technique, such as HMAC-SHA, will be specified as
      a separate protocol.

      Delayed authentication requires a shared secret key for each
      client on each DHCP server with which that client may wish
      to use the DHCP protocol.  Each secret key has a unique identifier
      that can be used by a receiver to determine which
      secret key was
      used to generate the MAC in the DHCP message.  Therefore,
      delayed authentication may not scale well in an architecture
      in which a DHCP client connects to multiple administrative
      domains.

22.6.3.

21.5.3. Message validation

   To validate an incoming message, the receiver first checks that
   the value in the replay detection field is acceptable according to
   the replay detection method specified by the RDM field.  Next, the
   receiver computes the MAC as described in [11]. [9].  The receiver
   MUST set entire DHCP
   message (except the 'MAC' MAC field of the authentication option itself),
   is used as input to all 0s for
   computation of the MAC. HMAC-MDS computation function.  If the MAC
   computed by the receiver does not match the MAC contained in the
   authentication option, the receiver MUST discard the DHCP message.

22.6.4.

21.5.4. Key utilization

   Each DHCP client has a key, K. The client uses its key to encode
   any messages it sends to the server and to authenticate and verify
   any messages it receives from the server.  The client's key SHOULD
   be initially distributed to the client through some out-of-band
   mechanism, and SHOULD be stored locally on the client for use in all
   authenticated DHCP messages.  Once the client has been given its key,
   it SHOULD use that key for all transactions even if the client's
   configuration changes; e.g., for example, if the client is assigned a new
   network address.

   Each DHCP server MUST know, or be able to obtain in a secure manner,
   the keys for all authorized clients.  If all clients use the same
   key, clients can perform both entity and message authentication for
   all messages received from servers.  However, the sharing of keys
   is strongly discouraged as it allows for unauthorized clients to
   masquerade as authorized clients by obtaining a copy of the shared
   key.
   key and allows for trivial spoofing of an authenticated DHCP server.
   To authenticate the identity of individual clients, each client
   MUST must
   be configured with a unique key.

22.6.5.

21.5.5. Client considerations for delayed authentication protocol

22.6.5.1.

21.5.5.1. Sending Solicit messages

   When the client sends a Solicit message and wishes to use
   authentication, it includes an Authentication option with the desired
   protocol, algorithm, RDM and replay detection field as described
   in section 22.6. 21.5.  The client does not include any authentication
   information in the Authentication option.

22.6.5.2.

21.5.5.2. Receiving Advertise messages

   The client validates any Advertise messages containing an
   Authentication option specifying the delayed authentication protocol
   using containing an
   Authentication option specifying the delayed authentication protocol
   using the validation test described in section 21.5.3.

   Client behavior if no Advertise messages include authentication
   information or pass the validation test is controlled by local policy
   on the client.  According to client policy, the client MAY choose to
   respond to a Advertise message that has not been authenticated.

   The decision to set local policy to accept unauthenticated messages
   should be made with care.  Accepting an unauthenticated Advertise
   message can make the client vulnerable to spoofing and other
   attacks.  If local users are not explicitly informed that the client
   has accepted an unauthenticated Advertise message, the users may
   incorrectly assume that the client has received an authenticated
   address and is not subject to DHCP attacks through unauthenticated
   messages.

   A client MUST be configurable to discard unauthenticated messages,
   and SHOULD be configured by default to discard unauthenticated
   messages if the client has been configured with an authentication
   key or other authentication information.  A client MAY choose to
   differentiate between Advertise messages with no authentication
   information and Advertise messages that do not pass the validation
   test; for example, a client might accept the former and discard the
   latter.  If a client does accept an unauthenticated message, the
   client SHOULD inform any local users and SHOULD log the event.

21.5.5.3. Sending Request, Confirm, Renew, Rebind, Decline or Release
   messages

   If the client authenticated the Advertise message through which the
   client selected the server, the client MUST generate authentication
   information for subsequent Request, Confirm, Renew, Rebind or Release
   messages sent to the validation test server as described in section 22.6.3.

   Client behavior if no Advertise messages include authentication
   information or pass 21.5.  When the validation test is controlled
   client sends a subsequent message, it MUST use the same key used by local policy
   on
   the client.  According server to client policy, generate the authentication information.

21.5.5.4. Sending Information-request messages

   If the server has selected a key for the client MAY choose to
   respond to in a Advertise previous message that
   exchange (see section 21.5.6.1, the client MUST use the same key
   to generate the authentication information.  If the client has not
   previously been authenticated.

   The decision to set local policy to accept unauthenticated messages
   should be made given a key with care.  Accepting an unauthenticated Advertise
   message can make the server, the client vulnerable to spoofing and other
   attacks.  If local users are not explicitly informed MUST use
   a key that has been selected for the client
   has accepted an unauthenticated through some external
   mechanism.

21.5.5.5. Receiving Reply messages

   If the client authenticated the Advertise message, it accepted, the users may
   incorrectly assume that client
   MUST validate the associated Reply message from the server.  The
   client has received an authenticated
   address MUST discard the Reply if the message fails to pass validation
   and is not subject MAY log the validation failure.  If the Reply fails to DHCP attacks through unauthenticated
   messages.

   A pass
   validation, the client MUST be configurable to discard unauthenticated messages,
   and SHOULD be configured restart the DHCP configuration process by default
   sending a Solicit message.  The client MAY choose to remember which
   server replied with a Reply message that failed to pass validation
   and discard unauthenticated
   messages.  A subsequent messages from that server.

   If the client MAY choose to differentiate between accepted an Advertise
   messages with no message that did not include
   authentication information and Advertise messages
   that do or did not pass the validation test; for example, a client might
   accept the former and discard test, the latter.  If a
   client does MAY accept an unauthenticated message, Reply message from the server.

21.5.5.6. Receiving Reconfigure messages

   The client SHOULD inform any local users MUST discard the Reconfigure if the message fails to pass
   validation and
   SHOULD MAY log the event.

22.6.5.3. validation failure.

21.5.6. Server considerations for delayed authentication protocol

21.5.6.1. Receiving Solicit messages and Sending Request, Confirm, Renew, Rebind, Decline or Release Advertise messages

   If

   The server selects a key for the client authenticated and includes authentication
   information in the Advertise message through which returned to the client selected as
   specified in section 21.5.  The server MUST record the server, identifier of
   the key selected for the client MUST generate authentication
   information and use that same key for validating
   subsequent messages with the client.

21.5.6.2. Receiving Request, Confirm, Renew, Rebind or Release messages sent to the
   and Sending Reply messages

   The server uses the key identified in the message and validates the
   message as described specified in section 22.6.  When 21.5.3.  If the
   client sends a subsequent message, it MUST use message fails to pass
   validation or the same secret used server does not know the key identified by the 'key
   ID' field, the server MUST discard the message and MAY choose to log
   the validation failure.

   If the message passes the validation procedure, the server responds
   to generate the specific message as described in section 18.2.  The server
   MUST include authentication information.

22.6.5.4. information generated using the key
   identified in the received message as specified in section 21.5.

21.5.6.3. Sending Information-request Reconfigure messages

   If the client has negotiated

   The server MUST include an Authentication option in a secret with Reconfigure
   message, generated as specified in section 21.5 using the key the
   server through a
   previous message exchange, initially selected for the client MUST use the same secret used
   by the server to generate which the authentication information. Reconfigure
   message is to be sent.

   If the
   client server has not negotiated previously selected a secret with key for the server, client, the client
   server MUST use a secret key that has been selected for the client through
   some external mechanism.

22.6.5.5. Receiving Reply messages

   If the client authenticated the Advertise it accepted, the client
   MUST validate the associated Reply message from the server.  The
   client MUST discard the Reply if the message fails

22. DHCP options

   Options are used to pass validation carry additional information and MAY log parameters
   in DHCP messages.  Every option shares a common base format, as
   described in section 22.1.  All values in options are represented in
   network order.

   This document describes the validation failure.  If DHCP options defined as part of the Reply fails to pass
   validation, base
   DHCP specification.  Other options may be defined in the client MUST restart future in
   separate documents.

   Unless otherwise noted, each option may appear only in the DHCP configuration process by
   sending a Solicit message.  The client MAY choose to remember which
   server replied with options
   area of a Reply DHCP message that failed to pass validation and discard subsequent messages from that server. may appear only once.  If the client accepted an Advertise message that did not include
   authentication information option does
   appear multiple times, each instance is considered separate and the
   data areas of the options MUST NOT be concatenated or did not pass otherwise
   combined.

22.1. Format of DHCP options

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          option-code          |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     |                      (option-len octets)                      |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   An unsigned integer identifying the validation test, specific option
                    type carried in this option.

      option-len    An unsigned integer giving the
   client MAY accept an unauthenticated Reply message from length of the server.

22.6.5.6. Receiving Reconfigure messages
                    option-data field in this option in octets.

      option-data   The client MUST validate data for the Reconfigure message from option; the server.
   The client MUST discard format of this data
                    depends on the Reconfigure if definition of the message fails option.

   DHCPv6 options are scoped by using encapsulation.  Some options apply
   generally to pass
   validation the client, some are specific to an IA, and MAY log some are
   specific to the validation failure.

22.6.6. Server considerations for delayed authentication protocol

22.6.6.1. Receiving Solicit messages addresses within an IA. These latter two cases are
   discussed in sections 22.4 and Sending Advertise messages 22.6.

22.2. Client Identifier option

   The server selects Client Identifier option is used to carry a DUID identifying a
   client between a secret for the client and includes
   authentication information a server.  The Client Identifier option
   MUST appear before any IA options in the Advertise message returned to DHCP message.  The format of
   the
   client as specified Client Identifier option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |        OPTION_CLIENTID        |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                              DUID                             .
     .                        (variable length)                      .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_CLIENTID (1)

      option-len    Length of DUID in section 22.6. octets

      DUID          The server MUST record the
   identifier of the secret selected DUID for the client and use that same
   secret for validating subsequent messages with the client.

22.6.6.2. Receiving Request, Confirm, Renew, Rebind or Release messages
   and Sending Reply messages

22.3. Server Identifier option

   The server uses the secret identified in the message and validates
   the message as specified in section 22.6.3.  If the message fails Server Identifier option is used to
   pass validation or the server does not know the secret identified by
   the 'secret ID' field, the carry a DUID identifying
   a server MUST discard the message between a client and MAY
   choose to log the validation failure.

   If the message passes the validation procedure, the server responds
   to the specific message as described in section 19.2. a server.  The server
   MUST include authentication information generated using the secret
   identified in format of the received message as specified Server
   Identifier option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |        OPTION_SERVERID        |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                              DUID                             .
     .                        (variable length)                      .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_SERVERID (2)

      option-len    Length of DUID in section 22.6.

22.6.6.3. Sending Reconfigure messages octets

      DUID          The server MUST include authentication information in a Reconfigure
   message, generated as specified in section 22.6 using the secret the
   server initially negotiated with the client to which DUID for the Reconfigure
   message server

22.4. Identity Association option

   The Identity Association option (IA option) is used to be sent.

   If carry an
   identity association, the server has not previously negotiated a secret parameters associated with the client, IA and the server MUST use a secret that has been selected for
   addresses associated with the client
   through some external mechanism.

23. DHCP options

   Options are used to carry additional information and parameters IA.

   Addresses appearing in DHCP messages.  Every an IA option shares a common base format, as
   described in are not temporary addresses (see
   section 23.1.  All values in options is represented in
   network order.

   This document describes the DHCP options defined as part 22.5).

   The format of the base
   DHCP specification.  Other options may be defined in the future in a
   separate document.

23.1. Format of DHCP options IA option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          option-code           OPTION_IA           |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                        IAID (4 octets)                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                      (option-len octets)                              T1                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T2                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     .                           IA-options                          .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   An unsigned integer identifying          OPTION_IA (3)

      option-len           12 + length of IA-options field

      IAID                 The unique identifier for this IA; the IAID
                           must be unique among the identifiers for all
                           of this client's IAs.  The number space for
                           IA IAIDs is separate from the number space
                           for IA_TA IAIDs.

      T1                   The time at which the client contacts the
                           server from which the addresses in the IA
                           were obtained to extend the lifetimes of
                           the addresses assigned to the IA; T1 is a
                           time duration relative to the current time
                           expressed in units of seconds

      T2                   The time at which the client contacts any
                           available server to extend the lifetimes of
                           the addresses assigned to the IA; T2 is a
                           time duration relative to the specific option
                    type carried current time
                           expressed in units of seconds

      IA-options           Options associated with this option.

      option-len    An unsigned integer giving the length IA.

   The IA-options field encapsulates those options that are specific
   to this IA. For example, all of the
                    option-data field in IA Address Options carrying the
   addresses associated with this option IA are in octets.

      option-data   The data for the option; IA-options field.

   An IA option may only appear in the format options area of a DHCP message.
   A DHCP message may contain multiple IA options.

   The status of any operations involving this data
                    depends on IA is indicated in a
   Status Code option in the definition IA-options field.

   Note that an IA has no explicit "lifetime" or "lease length" of
   its own.  When the option.

   DHCPv6 options are scoped by using encapsulation.  Some options apply
   generally to lifetimes of all of the client, some are specific to addresses in an IA, IA have
   expired, the IA can be considered as having expired.  T1 and some T2
   are
   specific included to give servers explicit control over when a client
   recontacts the addresses within an server about a specific IA. These latter two cases are
   discussed

   In a message sent by a client to a server, values in sections 23.4 the T1 and 23.5.

23.2. Client Identifier option
   T2 fields indicate the client's preference for those parameters.
   The Client Identifier option is used to carry client may send 0 if it has no preference for T1 and T2.  In a DUID identifying
   message sent by a
   client between server to a client, the client MUST use the values
   in the T1 and T2 fields for the T1 and T2 parameters.  The values in
   the T1 and T2 fields are the number of seconds until T1 and a server. T2.

   The Client Identifier option
   MUST appear before server selects the T1 and T2 times to allow the client to extend
   the lifetimes of any IA options addresses in the DHCP message.  The format IA before the lifetimes expire,
   even if the server is unavailable for some short period of time.
   Recommended values for T1 and T2 are .5 and .8 times the DUID option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |        OPTION_CLIENTID        |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                              DUID                             .
     .                        (variable length)                      .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_CLIENTID (TBD)

      option-len    Length shortest
   preferred lifetime of DUID the addresses in octets

      option-data   The DUID for the client

23.3. Server Identifier option

   The Server Identifier option is used to carry a DUID identifying
   a IA, respectively.  If the
   server between does not intend for a client and a server.  The format of to extend the Server
   Identifier option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |        OPTION_SERVERID        |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                              DUID                             .
     .                        (variable length)                      .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_SERVERID (TBD)

      option-len    Length lifetimes of DUID the
   addresses in octets

      option-data   The DUID for an IA, the server sets T1 and T2 to 0.

   T1 is the time at which the client begins the lifetime extension
   process by sending a Renew message to the server

23.4. that originally
   assigned the addresses to the IA. T2 is the time at which the client
   starts sending a Rebind message to any server.

   T1 and T2 are specified as unsigned integers that specify the time
   in seconds relative to the time at which the messages containing the
   option is received.

22.5. Identity association Association for Temporary Addresses option

   The identity association Identity Association for Temporary Addresses (IA_TA) option is
   used to carry an identity
   association, IA, the parameters associated with the IA and the
   addresses
   assigned to associated with the IA. All of the addresses in this option
   are used by the client as temporary addresses, as defined in RFC
   3041.

   The format of the IA IA_TA option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION IA         OPTION_IA_TA          |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                        IAID (4 octets)                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T1                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T2                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |  IA  Status   |                                               |
     +-+-+-+-+-+-+-+-+                                                               |
     .                            Options                           IA-options                          .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_IA (TBD)          OPTION_IA_TA (4)

      option-len           See section 23.           4 + length of IA-options field

      IAID                 The unique identifier for this IA.

      T1                   The time at which IA; the client contacts IAID
                           must be unique among the
                           server identifiers for all
                           of this client's IAs.  The number space for
                           IA_TA IAIDs is separate from which the addresses in the number space
                           for IA
                           were obtained to extend the lifetimes of the
                           addresses assigned to the IAIDs.

      IA-options           Options associated with this IA.

      T2

   The time at which the client contacts any
                           available server IA-Options field encapsulates those options that are specific
   to extend the lifetimes this IA. For example, all of the IA Address Options carrying the
   addresses associated with this IA are in the IA-options field.

   Each IA_TA carries one "set" of temporary addresses; that is, at most
   one address from each prefix assigned to the IA.

      IA status            Status of link to which the IA client
   is attached.

   An IA_TA option may only appear in this option. the options              Options associated with this IA. area of a DHCP
   message.  A DHCP message may contain multiple IA_TA options.

   The Options field encapsulates those options that are specific
   to this IA. For example, all status of the Address Options carrying the
   addresses associated with any operations involving this IA are is indicated in a
   Status Code option in the Options IA-options field.

   Note that an IA has no explicit "lifetime" or "lease length" of
   its own.  When the lifetimes of all of the addresses in an IA have
   expired, the IA can be considered as having expired.  T1 and T2
   are included to give servers explicit control over when a client
   recontacts the server about a specific IA.

   In a message sent by a client to a server, values in the T1 and
   T2 fields indicate the client's preference for those parameters.
   The client may send 0 if it has no preference for T1 and T2.  In a
   message sent by a

   A server to a client, the client MUST use the values
   in the T1 and T2 fields for the T1 and T2 parameters.  The values in
   the T1 and T2 fields are return the number of seconds until T1 and T2.

   The server MUST same set the T1 and T2 times to values that will allow
   the client to extend as appropriate the lifetimes of any addresses
   in the IA. If the server does not intend for a client to extend the
   lifetimes of a particular address in an IA, the server MAY set the
   renewal time values to occur after the lifetimes on that temporary address
   expire.

   T1 is the time at which the client SHOULD begin the lifetime
   extension process by sending a Renew message to the server that
   originally assigned the addresses to the IA. T2 is the time at which
   the client SHOULD start sending a Rebind message to any server.  A
   client MAY begin for the lifetime extension process prior to T1 if it
   needs additional same
   IA_TA (as identified by the IAID) as long as those addresses for some reason.

   T1 and T2 are specified as unsigned integers that specify
   still valid.  After the time lifetimes of the addresses in seconds relative an IA_TA have
   expired, the IAID may be reused to identify a new IA_TA with new
   temporary addresses.

   An identity association for temporary addresses option MUST NOT
   appear in a Renew or Rebind message.  This option MAY appear in a
   Confirm message if the time at which lifetimes on the messages containing temporary addresses in the
   option is received.

23.5.
   associated IA have not expired.

22.6. IA Address option

   The IA Address option is used to specify IPv6 addresses associated
   with an IA. The IA Address option must be encapsulated in the
   Options field of an Identity Association option.  The Options field
   encapsulates those options that are specific to this address.

   The format of the IA Address option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          OPTION_IAADDR        |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |T| addr status | prefix length
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                                                               |
     |      preferred lifetime                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | pref. lifetime (cont.)        |        valid lifetime                      preferred-lifetime                       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | valid lifetime (cont.)        |                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                        valid-lifetime                         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                            Options                        IAaddr-options                         .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_IADDR (TBD) (5)

      option-len    See section 23.

      T             When set to 1, indicates that this address is a
                    "temporary address" [16]; when set to 0, the address
                    is not a temporary address.

      addr status   Status of this address in this IA.

      prefix length Prefix    24 + length for this address. of IAaddr-options field

      IPv6 address  An IPv6 address

      preferred lifetime

      preferred-lifetime The preferred lifetime for the IPv6 address in
                    the option.

      valid lifetime option, expressed in units of seconds

      valid-lifetime The valid lifetime for the IPv6 address in the
                    option

      options
                    option, expressed in units of seconds

      IAaddr-options Options associated with this address

   In a message sent by a client to a server, values in the preferred
   and valid lifetime fields indicate the client's preference for those
   parameters.  The client may send 0 if it has no preference for the
   preferred and valid lifetimes.  In a message sent by a server to a
   client, the client MUST use the values in the preferred and valid
   lifetime fields for the preferred and valid lifetimes.  The values in
   the preferred and valid lifetimes are the number of seconds remaining
   in each lifetime.

   One

   An IA Address option may appear only in an IA option or more an IA_TA
   option.  More than one IA Address Options can appear anywhere in an IA option
   or an IA_TA option.

23.6. Requested Temporary Addresses (RTA)

   The status of any operations involving this IA Address is indicated
   in a Status Code option in the IAaddr-options field.

22.7. Option Request option

   The Requested Temporary Addresses (RTA) Option Request option is used by to identify a list of options in a
   message between a client to
   request and a server to assign additional temporary addresses to an IA. server.

   The format of the Option Request option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION_RTA           OPTION_ORO          |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | num-requested    requested-option-code-1    |
     +-+-+-+-+-+-+-+-+    requested-option-code-2    |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              ...                              |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code     OPTION_RTA (TBD)   OPTION_ORO (6)

      option-len      See section 23.

      num-requested   The    2 * number of additional temporary addresses the
                      client is requesting.  This is requested options

      requested-option-code-n The option code for an unsigned value.

   This option MUST only be sent requested by a
                    the client.

   A client and only MAY include an Option Request option in a Solicit, Request,
   Renew, Rebind, Confirm or Rebind message.  It MUST only appear encapsulated
   within an Identity association option.  A Information-request message to inform the
   server about options the client MUST only include
   this option when it wants the server to have additional temporary address
   allocated; a client SHOULD NOT send this option if 'num-requested' is
   0.

23.7. Option Request to the
   client.

22.8. Preference option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_PREFERENCE       |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |  pref-value   |
     +-+-+-+-+-+-+-+-+

      option-code   OPTION_PREFERENCE (7)
      option-len    1.

      pref-value    The Option Request option is used to identify a list of options preference value for the server in this message.

   A server MAY include a Preference option in an Advertise message between to
   control the selection of a server by the client.  See section 17.1.3
   for the use of the Preference option by the client and a server.

   The format of the Option Request
   interpretation of Preference option is: data value.

22.9. Elapsed Time

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION_ORO      OPTION_ELAPSED_TIME      |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    requested-option-code-1    |    requested-option-code-2    |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              ...          elapsed-time         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_ORO (TBD)   OPTION_ELAPSED_TIME (8)

      option-len    See section 23.

      requested-option-code-n    2.

      elapsed-time  The option code for an option requested by amount of time since the client. client began its
                    current DHCP transaction.  This time is expressed in
                    hundredths of a second (10^-2 seconds).

   A client MAY SHOULD include an Option Request Elapsed Time option in a Solicit, Request,
   Renew, Rebind, Confirm or Information-request message messages to inform
   indicate how long the
   server about options client has been trying to complete a DHCP
   transaction.  Servers and Relay Agents use the data value in this
   option as input to policy controlling how a server responds to a
   client wants message.  For example, the elapsed time option allows a
   secondary DHCP server to send respond to the
   client.

23.8. Preference a request when a primary server
   hasn't answered in a reasonable time.

22.10. Client message option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_PREFERENCE       OPTION_CLIENT_MSG       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |  pref value                                                               |
     +-+-+-+-+-+-+-+-+
     .                      DHCP-client-message                      .
     .                                                               .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_PREFERENCE (TBD)   OPTION_CLIENT_MSG (9)

      option-len    See section 23.

      pref value    Length of DHCP client message.

      DHCP-client-message The preference value for message received from the server in this message. client;
                    forwarded verbatim to the server.

   A server MAY include relay agent forwards a Preference option in an Advertise message from a client to
   control the selection of a server by the client.  See section 18.1.3
   for as the use
   contents of the Preference a Client Message option by the client and the
   interpretation of Preference in a Relay-forward message.

22.11. Server message option data value.

23.9. Elapsed Time

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      OPTION_ELAPSED_TIME       OPTION_SERVER_MSG       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          elapsed time                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                       DHCP-server-message                     .
     .                                                               .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_ELAPSED_TIME (TBD)   OPTION_SERVER_MSG (10)

      option-len    See section 23.

      elapsed time  The amount    Length of time since DHCP server message.

      DHCP-server-message The message received from the client began its
                    current server;
                    forwarded verbatim to the client.

   A server sends a DHCP transaction.  This time is expressed in
                    hundredths of message to be forwarded to a second (10^-2 seconds).

   A client MAY include an Elapsed Time by a relay
   agent as the contents of a Server Message option in messages a Relay-reply
   message.

22.12. Authentication option

   The Authentication option carries authentication information to indicate
   how long
   authenticate the client has been trying to complete a DHCP transaction.
   Servers identity and Relay Agents MAY contents of DHCP messages.  The
   use of the data value Authentication option is described in this section 21.  If
   the Authentication option
   as input to policy controlling how appears in a server responds DHCP message, it should be
   included as close to a client
   message.

23.10. Client message the beginning of the options field as possible
   for improved efficiency of authentication processing.

   The format of the Authentication option is:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       OPTION_CLIENT_MSG          OPTION_AUTH          |          option-len           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Protocol    |   Algorithm   |      RDM      | Replay detect.|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Replay Detection (64 bits)                 |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Replay cont.                  | Auth. Info    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                   Authentication Information                  |
   |                                                               |
     .                      DHCP client message                      .
     .                                                               .
     .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_CLIENT_MSG (TBD)                  OPTION_AUTH (11)

      option-len    See section 23.

      DHCP client message                   12 + length of Authentication
                                   Information field

      protocol                     The message received from authentication protocol used in
                                   this authentication option

      algorithm                    The algorithm used in the client;
                    forwarded verbatim
                                   authentication protocol

      RDM                          The replay detection method used in
                                   this authentication option

      Replay detection             The replay detection information for
                                   the RDM

      Authentication information   The authentication information,
                                   as specified by the protocol and
                                   algorithm used in this authentication
                                   option

22.13. Server unicast option

   The server sends this option to a client to indicate to the client
   that it is allowed to unicast messages to the server.

   A relay agent forwards a message from  The server
   specifies the IPv6 address to which the client is to send unicast
   messages in the server-address field.  When a client receives this
   option, where permissible and appropriate, the client sends messages
   directly to a the server as using the
   contents IPv6 address specified in the
   server-address field of a Client Message option the option.

   Details about when the client may send messages to the server using
   unicast are in a Relay-forward message.

23.11. Server message option section 18.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       OPTION_SERVER_MSG          OPTION_UNICAST       |        option-len             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
     .                       DHCP server message                     .
     .                                                               .
     .                                                               .
   |                       server-address                          |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_SERVER_MSG (TBD)     OPTION_UNICAST (12)

      option-len    See section 23.

      DHCP server message      16

      server-address  The message received from the server;
                    forwarded verbatim IP address to which the client.

   A server sends a DHCP message to be forwarded to a client by a relay
   agent as the contents of a Server Message should send
                      messages delivered using unicast

22.14. Status Code Option

   This option in returns a Relay-reply
   message.

23.12. Authentication option

   The Authentication option carries authentication information status indication related to
   authenticate the identity and contents of DHCP messages.  The use of
   the Authentication option is described in section 22.  If present,
   the Authentication option MUST appear as the first message
   or option in the DHCP
   message.

   The format of the Authentication option is: which it appears.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_AUTH       OPTION_STATUS_CODE      |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Protocol    |   Algorithm   |      RDM      | Replay detect.|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Replay Detection (64 bits)                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Replay cont.                  | Auth. Info    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |           Authentication Information          status-code          |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   .                                                               .
   .                        status-message                         .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code                  OPTION_AUTH (TBD)

      option-len                   See section 23.

      protocol                     The authentication protocol used in
                                   this authentication option

      algorithm                    The algorithm used in the
                                   authentication protocol

      RDM                          The replay detection method used in
                                   this authentication option

      Replay detection          OPTION_STATUS_CODE (13)
      option-len           2 + length of status-message

      status-code          The replay detection information numeric code for the RDM

      Authentication information   The authentication information,
                                   as specified by the protocol and
                                   algorithm used status encoded in
                           this authentication option.  The status codes are defined in
                           section 5.5.

      status-message       A UTF-8 encoded text string, which MUST NOT
                           be null-terminated.

   A Status Code option

23.13. Server unicast may appear in a DHCP message option, or in the
   options area of another option.

22.15. Rapid Commit option

   The server

   A client MAY send include this option to in a client to indicate to Solicit message if the client
   that
   is allowed to unicast messages prepared to perform the server.  The Solicit-Reply message exchange described
   in section 17.1.1.

   A server
   specifies the IPv6 address to which the client is to send unicast
   messages MUST include this option in the server-address field.  When a client receives this
   option, where permissible, the client MAY send messages directly to
   the server using the IPv6 address specified Reply message sent in the server-address
   field of the option.

   Details about when the client may send messages response
   to a Solicit message when completing the server using
   unicast are in section 19. Solicit-Reply message
   exchange.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_UNICAST       |        option-len             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                       server-address                          |
   |                                                               |      OPTION_RAPID_COMMIT      |               0               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code     OPTION_UNICAST (TBD)     OPTION_RAPID_COMMIT (14)

      option-len      See section 23.

      server-address  The IP address      0

22.16. User Class Option

   This option is used by a client to identify the type or category of
   user or applications it represents.  The information contained in the
   data area of this option is contained in one or more opaque fields
   that represent the user class or classes of which the client should send
                      messages delivered using unicast

23.14. Status Code Option

   This is a
   member.  The user class information carried in this option returns a status indication related to MUST be
   configurable on the DHCP message
   in which it appears.

    0                   1                   2                   3 client.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_STATUS_CODE       OPTION_USER_CLASS       |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          status-code          |         status-message        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   |                              ...                              |
     .                                                               .
     .                          user-class-data                      .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      option-code          OPTION_STATUS_CODE (TBD)          OPTION_USER_CLASS (15)

      option-len           See section 23.

      status-code           Length of user class data field

      user-class-data      The numeric code for user classes carried by the status encoded in
                           this option. client.

   The status codes are defined data area of the user class option MUST contain one or more
   instances of user class data.  Each instance of the user class data
   is formatted as follows:

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
     |        user-class-len         |          opaque-data          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+

   The user-class-len is two octets long and specifies the length of the
   opaque user class data in
                           section 7.4.

      status-message       A UTF-8 encoded text string, network order.

   Servers can interpret the meanings of multiple class specifications
   in an implementation dependent or configuration dependent manner, and
   so the use of multiple classes by a DHCP client should be based on
   the specific server implementation and configuration which MUST NOT will be null-terminated.

23.15.
   used to process that User class option.

22.17. Vendor Class Option

   This option is used by a client to identify the type or category of
   user or applications it represents. vendor that
   manufactured the hardware on which the client is running.  The
   information contained in the data area of this option is contained
   in one or more opaque fields that represent the user class or classes identify details of which the client is a
   member.  The user class information carried in this option MUST be
   configurable on the client. hardware
   configuration.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_USER_CLASS      OPTION_VENDOR_CLASS      |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          user class data                      |                       enterprise-number                       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                       vendor-class-data                       .
     .                             . . .                             .                             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          TBD          OPTION_VENDOR_CLASS (16)

      option-len           See section 23.

      user           4 + length of vendor class data field

      enterprise-number    The user classes carried by the client. vendor's registered Enterprise Number as
                           registered with IANA.

      vendor-class-data    The data area hardware configuration of the user class option MUST contain one or more
   instances of user class data. host on
                           which the client is running.

   Each instance of the user class data vendor-class-data is formatted as follows:

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
     |        user class len       vendor-class-len        |         user class data          opaque-data          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+

   The user class len vendor-class-len is two octets long and specifies the length of
   the opaque user vendor class data in network order.

   Servers can interpret the meanings of multiple class specifications
   in an implementation dependent or configuration dependent manner,
   and so the use of multiple classes by a

   A DHCP client should be based
   on the specific server implementation and configuration which will
   be used to process that User class option.  Servers not equipped to
   interpret the user class information sent by a client message MUST ignore it
   (although it may be reported).

23.16. NOT contain more than one Vendor Class Option option.

22.18. Vendor-specific Information option

   This option is used by clients and servers to exchange
   vendor-specific information.  The definition of this information is
   vendor specific.  The vendor is indicated in the vendor
   class identifier option.  Servers not equipped to interpret
   the vendor-specific information sent by a client MUST ignore it
   (although it may be reported). enterprise-number
   field.  Clients which that do not receive desired vendor-specific
   information SHOULD make an attempt to operate without it, although
   they may do so (and announce they are doing so) in a degraded mode.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      OPTION_VENDOR_CLASS      OPTION_VENDOR_OPTS       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                           vendor-id                       enterprise-number                       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     .                                                               .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     .                          .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          TBD          OPTION_VENDOR_OPTS (17)

      option-len           See section 23.

      vendor-id            A domain name belonging to the vendor used to
                           identify the vendor that defined this vendor
                           class option.           4 + length of option-data field

      enterprise-number    The vendor's registered Enterprise Number as
                           registered with IANA.

      option-data          An opaque object of option-len octets,
                           presumably
                           interpreted by vendor-specific code on the
                           clients and servers

   The vendor-id must adhere to the rules in section 10.

   The Encapsulated encapsulated vendor-specific options field MUST be encoded as a
   sequence of code/length/value fields of identical format to the DHCP
   options field.  The option codes are defined by the vendor identified
   in the enterprise-number field and are not managed by IANA. Each of
   the encapsulated options is formatted as follows.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          opt-code             |             option-len        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |
     .                                                               .
     .                          option-data                          |
     |                          .
     .                                                               .                             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      opt-code             The code for the encapsulated encapsulated option

      option-len           An unsigned integer giving the length of the
                           option-data field in this encapsulated option
                           in octets.

      option-data          The data area for the encapsulated option

   Multiple instances of the Vendor-specific Information option may
   appear in a DHCP message.  Each instance of the option is interpreted
   according to the option

      option-len           See section 23.

      option-data          The data area for codes defined by the encapsulated vendor identified by the
   Enterprise Number in that option.  A DHCP message MUST NOT contain
   more than one Vendor-specific Information option

23.17. with the same
   Enterprise Number.

22.19. Interface-Id Option

   The relay agent MAY send the Interface-id option to identify the
   interface on which the client message was received.  If a relay agent
   receives a Relay-reply message with an Interface-id option, the
   relay agent forwards the message to the client through the interface
   identified by the option option.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      OPTION_INTERFACE_ID      |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                         Interface-Id                          |
   .                                                               .
   .                         interface-id                          .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_INTERFACE_ID (TBD) (18)

      option-len           See section 23.

      Interface-Id           Length of interface-id field

      interface-id         An opaque value of arbitrary length generated
                           by the relay agent to identify one of the
                           relay agent's interfaces
   The server MUST copy the Interface-Id option from the Relay-Forward
   message into the Relay-Reply message the server sends to the relay
   agent in response to the Relay-Forward message.  This option MUST NOT
   appear in any message except a Relay-Forward or Relay-Reply message.

   Servers MAY use the Interface-ID for parameter assignment policies.
   The Interface-ID SHOULD be considered an opaque value, with policies
   based on exact string match only; that is, the Interface-ID SHOULD
   NOT be internally parsed by the server.

24.

22.20. Reconfigure Message option

   A server includes a Reconfigure Message option in a Reconfigure
   message to indicate to the client whether the client responds with a
   Renew message or an Information-request message.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      OPTION_RECONF_MSG        |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          msg-type             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_RECONF_MSG (19)

      option-len           1

      msg-type             1 for Renew message, 2 for
                           Information-request message

23. Security Considerations

   Section 22 21 describes a threat model and an option that provides an
   authentication framework to defend against that threat model.

25.

24. Year 2000 considerations

   Since all times are relative to the current time of the transaction,
   there is no problem within the DHCPv6 protocol related to any
   hardcoded dates or two-digit representation of the current year.

26.

25. IANA Considerations

   This document defines several new name spaces associated with DHCPv6
   and DHCPv6 options.  IANA is requested to manage the allocation of
   values from these name spaces, which are described in the remainder
   of this section.  These name spaces are all to be managed separately
   from the name spaces defined for DHCPv4 [7, [5, 1].

   New values in each of these name spaces should be approved by the
   process of IETF consensus [15].

26.1. [13].

25.1. Multicast addresses

   Section 7.1 5.1 defines the following multicast addresses, which have
   been assigned by IANA for use by DHCPv6:

      All_DHCP_Agents

      All_DHCP_Relay_Agents_and_Servers address:   FF02::1:2

      All_DHCP_Servers address:                    FF05::1:3

   IANA is requested to manage definition of additional multicast
   addresses in the future.

26.2.

25.2. Anycast addresses

   Section 5.2 defines the following anycast address, which is requested
   for assignment to DHCP by IANA:

      DHCP_Anycast:  FEC0:0:0:0:FFFF::4

   IANA is requested to manage definition of additional anycast
   addresses in the future.

25.3. DHCPv6 message types

   IANA is requested to record the following message types defined (defined in
   section 7.3. 5.4).  IANA is requested to manage definition of additional
   message types in the future.

26.3.

      SOLICIT               1

      ADVERTISE             2

      REQUEST               3

      CONFIRM               4

      RENEW                 5

      REBIND                6

      REPLY                 7

      RELEASE               8
      DECLINE               9

      RECONFIGURE           10

      INFORMATION-REQUEST   11

      RELAY-FORW            12

      RELAY-REPL            13

25.4. DUID

   IANA is requested to record the following DUID types (as defined in
   section 11.1. 9.1).  IANA is requested to manage definition of additional
   DUID types in the future.

26.4.

      Link-layer address plus time   1

      VUID-DN                        2

      VUID-EN                        3

      Link-layer address             4

25.5. DHCPv6 options

   IANA is requested to assign option-codes to record the options following option-codes (as defined
   in section 23. 22).  IANA is requested to manage the definition of
   additional DHCPv6 option-codes in the future.

26.5.

      OPTION_CLIENTID       1

      OPTION_SERVERID       2

      OPTION_IA             3

      OPTION_IA_TMP         4

      OPTION_IADDR          5

      OPTION_ORO            6

      OPTION_PREFERENCE     7

      OPTION_ELAPSED_TIME   8

      OPTION_CLIENT_MSG     9

      OPTION_SERVER_MSG     10

      OPTION_AUTH           11
      OPTION_UNICAST        12

      OPTION_STATUS_CODE    13

      OPTION_RAPID_COMMIT   14

      OPTION_USER_CLASS     15

      OPTION_VENDOR_CLASS   16

      OPTION_VENDOR_OPTS    17

      OPTION_INTERFACE_ID   18

      OPTION_RECONF_MSG     19

25.6. Status codes

   IANA is requested to record the status codes defined in section 7.4. the following
   table.  IANA is requested to manage the definition of additional
   status codes in the future.

26.6.

   Name         Code Description
   ----------   ---- -----------
   Success         0 Success
   UnspecFail      1 Failure, reason unspecified; this
                     status code is sent by either a client
                     or a server to indicate a failure
                     not explicitly specified in this
                     document
   AuthFailed      2 Authentication failed or nonexistent
   AddrUnavail     3 Addresses unavailable
   NoBinding       4 Client record (binding) unavailable
   ConfNoMatch     5 Client record Confirm doesn't match IA
   NotOnLink       6 One or more prefixes of the addresses
                     in the IA is not valid for the link
                     from which the client message was received
   UseMulticast    7 Sent by a server to a client to force the
                     client to send messages to the server
                     using the All\_DHCP\_Relay\_Agents\_and\_Servers
                     address

25.7. Authentication option

   Section 22 21 defines three new name spaces associated with the
   Authentication Option (section 23.12), 22.12), which are to be created and
   maintained by IANA: Protocol, Algorithm and RDM.

   Initial values assigned from the Protocol name space are 0 (for the
   configuration token Protocol in section 22.5) (reserved)
   and 1 (for the delayed authentication Protocol in section 22.6). 21.5).
   Additional protocols may be defined in the future.

   The Algorithm name space is specific to individual Protocols.  That
   is, each Protocol has its own Algorithm name space.  The guidelines
   for assigning Algorithm name space values for a particular protocol
   should be specified along with the definition of a new Protocol.

   For the configuration token Protocol, the Algorithm field MUST be
   0, as described in section 22.5.  For the delayed authentication Protocol, the Algorithm value 1
   is assigned to the HMAC-MD5 generating function as defined in
   section 22.6. 21.5.  Additional algorithms for the delayed authentication
   protocol may be defined in the future.

   The initial value of 0 from the RDM name space is assigned to the
   use of a monotonically increasing value as defined in section 22.4. 21.4.
   Additional replay detection methods may be defined in the future.

27.

26. Acknowledgments

   Thanks to the DHC Working Group for their time and input into the
   specification.  In particular, thanks also for the consistent input,
   ideas, and review by (in alphabetical order) Thirumalesh Bhat,
   Vijayabhaskar, Brian Carpenter, Matt Crawford, Francis Dupont, Tony
   Lindstrom, Josh Littlefield, Gerald Maguire, Jack McCann, Thomas
   Narten, Erik Nordmark, Yakov Rekhter, Mark Stapp, Matt Thomas, Sue
   Thomson, and Phil Wells.

   Thanks to Steve Deering and Bob Hinden, who have consistently
   taken the time to discuss the more complex parts of the IPv6
   specifications.

   Bill Arbaugh reviewed the authentication mechanism described in
   section 22. 21.

   And, thanks to Steve Deering for pointing out at IETF 51 in London
   that the DHCPv6 specification has the highest revision number of any
   Internet Draft.

References

    [1] S. Alexander and R. Droms.  DHCP Options and BOOTP Vendor
        Extensions, March 1997.  RFC 2132.

    [2] S. Bradner.  Key words for use in RFCs to Indicate Requirement
        Levels, March 1997.  RFC 2119.

    [3] S. Bradner and A. Mankin.  The Recommendation for the IP Next
        Generation Protocol, January 1995.  RFC 1752.

    [4] W.J. Croft and J. Gilmore.  Bootstrap Protocol, September 1985.
        RFC 951.

    [5] S. Deering and R. Hinden.  Internet Protocol, Version 6 (IPv6)
        Specification, December 1998.  RFC 2460.

    [6]

    [4] R. Draves.  Default Address Selection for IPv6, September 2001.
        work in progress.

    [7]

    [5] R. Droms.  Dynamic Host Configuration Protocol, March 1997.  RFC
        2131.

    [8]

    [6] R. Droms, Editor, W. Arbaugh, and Editor.  Authentication for
        DHCP Messages, June 2001.  RFC 3118.

    [9]

    [7] R. Hinden and S. Deering.  IP Version 6 Addressing Architecture,
        July 1998.  RFC 2373.

   [10]

    [8] S. Kent and R. Atkinson.  Security Architecture for the Internet
        Protocol, November 1998.  RFC 2401.

   [11]

    [9] H. Krawczyk, M. Bellare, and R. Canetti.  HMAC: Keyed-Hashing
        for Message Authentication, February 1997.  RFC 2104.

   [12]

   [10] David L. Mills.  Network Time Protocol (Version 3)
        Specification, Implementation, March 1992.  RFC 1305.

   [13]

   [11] P.V. Mockapetris.  Domain names - concepts and facilities,
        November 1987.  RFC 1034.

   [14]

   [12] P.V. Mockapetris.  Domain names - implementation and
        specification, November 1987.  RFC 1035.

   [15]

   [13] T. Narten and H. Alvestrand.  Guidelines for Writing an IANA
        Considerations Section in RFCs, October 1998.  RFC 2434.

   [16]

   [14] T. Narten and R. Draves.  Privacy Extensions for Stateless
        Address Autoconfiguration in IPv6, January 2001.  RFC 3041.

   [17]

   [15] T. Narten, E. Nordmark, and W. Simpson.  Neighbor Discovery for
        IP Version 6 (IPv6), December 1998.  RFC 2461.

   [18]

   [16] D.C. Plummer.  Ethernet Address Resolution Protocol:  Or
        converting network protocol addresses to 48.bit Ethernet address
        for transmission on Ethernet hardware, November 1982.  RFC 826.

   [19]

   [17] J. Postel.  User Datagram Protocol, August 1980.  RFC 768.

   [20]

   [18] R. Rivest.  The MD5 Message-Digest Algorithm, April 1992.  RFC
        1321.

   [21]

   [19] S. Thomson and T. Narten.  IPv6 Stateless Address
        Autoconfiguration, December 1998.  RFC 2462.

   [22]

   [20] P. Vixie, Ed., S. Thomson, Y. Rekhter, and J. Bound.  Dynamic
        Updates in the Domain Name System (DNS UPDATE), April 1997.  RFC
        2136.

Chair's Address

   The working group can be contacted via the current chair:

         Ralph Droms
         Cisco Systems
         300 Apollo Drive
         Chelmsford, MA 01824

         Phone:  (978) 244-4733
         E-mail:  rdroms@cisco.com

Authors' Addresses

   Questions about this memo can be directed to:

        Jim Bound
        Compaq Computer Corporation
        ZK3-3/W20
        110 Spit Brook Road
        Nashua, NH 03062-2698
        USA
        Voice:  +1 603 884 0062
        E-mail:  Jim.Bound@compaq.com

        Mike Carney
        Sun Microsystems, Inc
        Mail Stop:  UMPK17-202
        901 San Antonio Road
        Palo Alto, CA 94303-4900
        USA
        Voice:  +1-650-786-4171
        E-mail:  mwc@eng.sun.com

        Charles E. Perkins
        Communications Systems Lab
        Nokia Research Center
        313 Fairchild Drive
        Mountain View, California 94043
        USA
        Voice:  +1-650 625-2986
        E-mail:  charliep@iprg.nokia.com
        Fax:  +1 650 625-2502

        Ted Lemon
        Nominum, Inc.
        950 Charter Street
        Redwood City, CA 94043
        E-mail:  Ted.Lemon@nominum.com

        Bernie Volz
        Ericsson
        959 Concord St
        Framingham, MA 01701
        Voice:  +1-508-875-3162
        Fax:  +1-508-875-3018
        E-mail:  bernie.volz@ericsson.com

        Ralph Droms
        Cisco Systems
        300 Apollo Drive
        Chelmsford, MA 01824
        USA
        Voice:  +1 978 479 4733
        E-mail:  rdroms@cisco.com

A. Appearance of Options in Message Types

   The following table indicates with a "*" the options are allowed in
   each DHCP message type:

        Client Server IA    RTA IA/  Option Pref  Time Client Server
          ID     ID  IA_TA Request            Forw.  Forw.            Msg.   Msg.
Solicit    *           *     *           *
Advert.    *      *    *           *     *     *
Request    *      *    *     *           *
Confirm    *           *     *           *
Renew      *      *    *     *           *
Rebind     *           *     *           *
Decline    *      *    *     *           *
Release    *      *    *     *           *
Reply      *      *    *           *     *     *
Reconf.    *      *          *
Inform.    * (see note)      *
R-forw.           *
R-forw.                                        *
R-repl.                                              *     *

   NOTE:

      Only included in Information-Request messages that are sent
      in response to a Reconfigure (see section 20.3.3). 19.3.3).

         Auth Server Status  Rap. User  Vendor Vendor Inter. Recon.
              Unica.  Code  Comm. Class Class  Spec.    ID    Msg.
Solicit    *                  *     *     *      *
Advert.    *           *            *     *      *
Request    *                        *     *      *
Confirm    *                        *     *      *
Renew      *                        *     *      *
Rebind     *                        *     *      *
Decline    *           *            *     *      *
Release    *           *            *     *      *
Reply      *    *      *            *     *      *
Reconf.    *                                                   *
Inform.    *                        *     *      *
R-forw.    *                        *     *      *      *
R-repl.    *                        *     *      *      *

B. Appearance of Options in the Options Field of DHCP Messages Options

   The following table indicates with a "*" where options can appear in
   the options field or encapsulated in of other options:

             Option   IA   IA/   IAADDR RTA Client Server
             Field                       Forw.  Forw.   IA_TA          Msg.   Msg.
Client msg.                                * ID      *
Server msg.                                *      *
DUID ID      *
IA
IA/IA_TA       *
IAADDR                 *
RTA                            *
ORO            *
Pref           *
Time           *
Client Forw.   *
Server Forw.   *
DSTM Addr.     *
DSTM Tunnel    *
Authentic.     *
Server Uni.    *
Dom. Srch.     *
Dom. Server    *
Status Cod. Code    *       *      *
Circ. ID      *      *
Rapid Comm.    *
User Class     *
Vend.
Vendor Class   *
Vendor Info.   *
Interf. ID                           *      *
Reconf. msg.   *

C. Full Copyright Statement

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph
   are included on all such copies and derivative works.  However,
   this document itself may not be modified in any way, such as by
   removing the copyright notice or references to the Internet Society
   or other Internet organizations, except as needed for the purpose
   of developing Internet standards in which case the procedures
   for copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.