draft-ietf-dhc-dhcpv6-24.txt   draft-ietf-dhc-dhcpv6-25.txt 
Internet Engineering Task Force J. Bound Internet Engineering Task Force J. Bound
INTERNET DRAFT Compaq INTERNET DRAFT Hewlett Packard
DHC Working Group M. Carney DHC Working Group M. Carney
Obsoletes: draft-ietf-dhc-dhcpv6-23.txt Sun Microsystems, Inc Obsoletes: draft-ietf-dhc-dhcpv6-24.txt Sun Microsystems, Inc
C. Perkins C. Perkins
Nokia Research Center Nokia Research Center
Ted Lemon Ted Lemon
Nominum Nominum
Bernie Volz Bernie Volz
Ericsson Ericsson
R. Droms(ed.) R. Droms(ed.)
Cisco Systems Cisco Systems
22 Apr 2002 May 24 2002
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
draft-ietf-dhc-dhcpv6-24.txt draft-ietf-dhc-dhcpv6-25.txt
Status of This Memo Status of This Memo
This document is a submission by the Dynamic Host Configuration This document is a submission by the Dynamic Host Configuration
Working Group of the Internet Engineering Task Force (IETF). Comments Working Group of the Internet Engineering Task Force (IETF). Comments
should be submitted to the dhcwg@ietf.org mailing list. should be submitted to the dhcwg@ietf.org mailing list.
Distribution of this memo is unlimited. Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
skipping to change at page 1, line 77 skipping to change at page 1, line 77
2. Requirements 4 2. Requirements 4
3. Background 4 3. Background 4
4. Terminology 5 4. Terminology 5
4.1. IPv6 Terminology . . . . . . . . . . . . . . . . . . . . 5 4.1. IPv6 Terminology . . . . . . . . . . . . . . . . . . . . 5
4.2. DHCP Terminology . . . . . . . . . . . . . . . . . . . . 6 4.2. DHCP Terminology . . . . . . . . . . . . . . . . . . . . 6
5. DHCP Constants 8 5. DHCP Constants 8
5.1. Multicast Addresses . . . . . . . . . . . . . . . . . . . 8 5.1. Multicast Addresses . . . . . . . . . . . . . . . . . . . 8
5.2. Anycast address . . . . . . . . . . . . . . . . . . . . . 8 5.2. UDP ports . . . . . . . . . . . . . . . . . . . . . . . . 8
5.3. UDP ports . . . . . . . . . . . . . . . . . . . . . . . . 8 5.3. DHCP message types . . . . . . . . . . . . . . . . . . . 8
5.4. DHCP message types . . . . . . . . . . . . . . . . . . . 9 5.4. Status Codes . . . . . . . . . . . . . . . . . . . . . . 10
5.5. Status Codes . . . . . . . . . . . . . . . . . . . . . . 10 5.5. Configuration Parameters . . . . . . . . . . . . . . . . 10
5.6. Configuration Parameters . . . . . . . . . . . . . . . . 11
6. Message Formats 11 6. Message Formats 11
7. Relay agent messages 12 7. Relay agent messages 12
7.1. Relay-forward message . . . . . . . . . . . . . . . . . . 13 7.1. Relay-forward message . . . . . . . . . . . . . . . . . . 12
7.2. Relay-reply message . . . . . . . . . . . . . . . . . . . 14 7.2. Relay-reply message . . . . . . . . . . . . . . . . . . . 13
8. Representation and use of domain names 14 8. Representation and use of domain names 13
9. DHCP unique identifier (DUID) 14 9. DHCP unique identifier (DUID) 13
9.1. DUID contents . . . . . . . . . . . . . . . . . . . . . . 15 9.1. DUID contents . . . . . . . . . . . . . . . . . . . . . . 14
9.2. DUID based on link-layer address plus time . . . . . . . 15 9.2. DUID based on link-layer address plus time . . . . . . . 14
9.3. Vendor-assigned unique ID based on Domain Name (VUID-DN) 16 9.3. Vendor-assigned unique ID based on Enterprise Number
9.4. Vendor-assigned unique ID based on Enterprise Number (VUID-EN) . . . . . . . . . . . . . . . . . . . . . . 15
(VUID-EN) . . . . . . . . . . . . . . . . . . . . . . 17 9.4. Link-layer address . . . . . . . . . . . . . . . . . . . 16
9.5. Link-layer address . . . . . . . . . . . . . . . . . . . 18
10. Identity association 19 10. Identity association 17
11. Selecting addresses for assignment to an IA 20 11. Selecting addresses for assignment to an IA 17
12. Management of temporary addresses 21 12. Management of temporary addresses 18
13. Transmission of messages by a client 21 13. Transmission of messages by a client 19
14. Reliability of Client Initiated Message Exchanges 21 14. Reliability of Client Initiated Message Exchanges 19
15. Message validation 23 15. Message validation 21
15.1. Use of Transaction-ID field . . . . . . . . . . . . . . . 23 15.1. Use of Transaction-ID field . . . . . . . . . . . . . . . 21
15.2. Solicit message . . . . . . . . . . . . . . . . . . . . . 23 15.2. Solicit message . . . . . . . . . . . . . . . . . . . . . 21
15.3. Advertise message . . . . . . . . . . . . . . . . . . . . 24 15.3. Advertise message . . . . . . . . . . . . . . . . . . . . 21
15.4. Request message . . . . . . . . . . . . . . . . . . . . . 24 15.4. Request message . . . . . . . . . . . . . . . . . . . . . 22
15.5. Confirm message . . . . . . . . . . . . . . . . . . . . . 24 15.5. Confirm message . . . . . . . . . . . . . . . . . . . . . 22
15.6. Renew message . . . . . . . . . . . . . . . . . . . . . . 24 15.6. Renew message . . . . . . . . . . . . . . . . . . . . . . 22
15.7. Rebind message . . . . . . . . . . . . . . . . . . . . . 25 15.7. Rebind message . . . . . . . . . . . . . . . . . . . . . 22
15.8. Decline messages . . . . . . . . . . . . . . . . . . . . 25 15.8. Decline messages . . . . . . . . . . . . . . . . . . . . 23
15.9. Release message . . . . . . . . . . . . . . . . . . . . . 25 15.9. Release message . . . . . . . . . . . . . . . . . . . . . 23
15.10. Reply message . . . . . . . . . . . . . . . . . . . . . . 25 15.10. Reply message . . . . . . . . . . . . . . . . . . . . . . 23
15.11. Reconfigure message . . . . . . . . . . . . . . . . . . . 26 15.11. Reconfigure message . . . . . . . . . . . . . . . . . . . 24
15.12. Information-request message . . . . . . . . . . . . . . . 26 15.12. Information-request message . . . . . . . . . . . . . . . 24
15.13. Relay-forward message . . . . . . . . . . . . . . . . . . 26 15.13. Relay-forward message . . . . . . . . . . . . . . . . . . 24
15.14. Relay-reply message . . . . . . . . . . . . . . . . . . . 26 15.14. Relay-reply message . . . . . . . . . . . . . . . . . . . 24
16. Client Source Address and Interface Selection 26 16. Client Source Address and Interface Selection 24
17. DHCP Server Solicitation 27 17. DHCP Server Solicitation 25
17.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 27 17.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 25
17.1.1. Creation of Solicit messages . . . . . . . . . . 27 17.1.1. Creation of Solicit messages . . . . . . . . . . 25
17.1.2. Transmission of Solicit Messages . . . . . . . . 28 17.1.2. Transmission of Solicit Messages . . . . . . . . 26
17.1.3. Receipt of Advertise messages . . . . . . . . . . 29 17.1.3. Receipt of Advertise messages . . . . . . . . . . 27
17.1.4. Receipt of Reply message . . . . . . . . . . . . 30 17.1.4. Receipt of Reply message . . . . . . . . . . . . 28
17.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 30 17.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 28
17.2.1. Receipt of Solicit messages . . . . . . . . . . . 30 17.2.1. Receipt of Solicit messages . . . . . . . . . . . 28
17.2.2. Creation and transmission of Advertise messages . 30 17.2.2. Creation and transmission of Advertise messages . 29
17.2.3. Creation and Transmission of Reply messages . . . 31 17.2.3. Creation and Transmission of Reply messages . . . 30
18. DHCP Client-Initiated Configuration Exchange 32 18. DHCP Client-Initiated Configuration Exchange 30
18.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 32 18.1. Client Behavior . . . . . . . . . . . . . . . . . . . . . 31
18.1.1. Creation and transmission of Request messages . . 32 18.1.1. Creation and transmission of Request messages . . 31
18.1.2. Creation and transmission of Confirm messages . . 34 18.1.2. Creation and transmission of Confirm messages . . 32
18.1.3. Creation and transmission of Renew messages . . . 35 18.1.3. Creation and transmission of Renew messages . . . 33
18.1.4. Creation and transmission of Rebind messages . . 36 18.1.4. Creation and transmission of Rebind messages . . 35
18.1.5. Creation and Transmission of Information-request 18.1.5. Creation and Transmission of Information-request
messages . . . . . . . . . . . . . . . . . 37 messages . . . . . . . . . . . . . . . . . 36
18.1.6. Receipt of Reply message in response to a Request, 18.1.6. Receipt of Reply message in response to a Request,
Confirm, Renew, Rebind or Information-request Confirm, Renew, Rebind or Information-request
message . . . . . . . . . . . . . . . . . 38 message . . . . . . . . . . . . . . . . . 36
18.1.7. Creation and transmission of Release messages . . 39 18.1.7. Creation and transmission of Release messages . . 37
18.1.8. Receipt of Reply message in response to a Release 18.1.8. Receipt of Reply message in response to a Release
message . . . . . . . . . . . . . . . . . 40 message . . . . . . . . . . . . . . . . . 39
18.1.9. Creation and transmission of Decline messages . . 40 18.1.9. Creation and transmission of Decline messages . . 39
18.1.10. Receipt of Reply message in response to a Decline 18.1.10. Receipt of Reply message in response to a Decline
message . . . . . . . . . . . . . . . . . 41 message . . . . . . . . . . . . . . . . . 40
18.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 41 18.2. Server Behavior . . . . . . . . . . . . . . . . . . . . . 40
18.2.1. Receipt of Request messages . . . . . . . . . . . 41 18.2.1. Receipt of Request messages . . . . . . . . . . . 40
18.2.2. Receipt of Confirm messages . . . . . . . . . . . 42 18.2.2. Receipt of Confirm messages . . . . . . . . . . . 41
18.2.3. Receipt of Renew messages . . . . . . . . . . . . 43 18.2.3. Receipt of Renew messages . . . . . . . . . . . . 42
18.2.4. Receipt of Rebind messages . . . . . . . . . . . 44 18.2.4. Receipt of Rebind messages . . . . . . . . . . . 43
18.2.5. Receipt of Information-request messages . . . . . 44 18.2.5. Receipt of Information-request messages . . . . . 43
18.2.6. Receipt of Release messages . . . . . . . . . . . 45 18.2.6. Receipt of Release messages . . . . . . . . . . . 44
18.2.7. Receipt of Decline messages . . . . . . . . . . . 45 18.2.7. Receipt of Decline messages . . . . . . . . . . . 45
18.2.8. Transmission of Reply messages . . . . . . . . . 46 18.2.8. Transmission of Reply messages . . . . . . . . . 45
19. DHCP Server-Initiated Configuration Exchange 46 19. DHCP Server-Initiated Configuration Exchange 45
19.1. Server Behavior . . . . . . . . . . . . . . . . . . . . . 46 19.1. Server Behavior . . . . . . . . . . . . . . . . . . . . . 46
19.1.1. Creation and transmission of Reconfigure messages 46 19.1.1. Creation and transmission of Reconfigure messages 46
19.1.2. Time out and retransmission of Reconfigure 19.1.2. Time out and retransmission of Reconfigure
messages . . . . . . . . . . . . . . . . . 47 messages . . . . . . . . . . . . . . . . . 47
19.1.3. Receipt of Renew messages . . . . . . . . . . . . 47 19.1.3. Receipt of Renew messages . . . . . . . . . . . . 47
19.2. Receipt of Information-request messages . . . . . . . . . 48 19.2. Receipt of Information-request messages . . . . . . . . . 47
19.3. Client Behavior . . . . . . . . . . . . . . . . . . . . . 48 19.3. Client Behavior . . . . . . . . . . . . . . . . . . . . . 47
19.3.1. Receipt of Reconfigure messages . . . . . . . . . 48 19.3.1. Receipt of Reconfigure messages . . . . . . . . . 48
19.3.2. Creation and transmission of Renew messages . . . 49 19.3.2. Creation and transmission of Renew messages . . . 48
19.3.3. Creation and transmission of Information-request 19.3.3. Creation and transmission of Information-request
messages . . . . . . . . . . . . . . . . . 49 messages . . . . . . . . . . . . . . . . . 49
19.3.4. Time out and retransmission of Renew or 19.3.4. Time out and retransmission of Renew or
Information-request messages . . . . . . . 49 Information-request messages . . . . . . . 49
19.3.5. Receipt of Reply messages . . . . . . . . . . . . 49 19.3.5. Receipt of Reply messages . . . . . . . . . . . . 49
20. Relay Agent Behavior 50 20. Relay Agent Behavior 49
20.1. Relaying of client messages . . . . . . . . . . . . . . . 50 20.1. Relaying of client messages . . . . . . . . . . . . . . . 49
20.2. Relaying of server messages . . . . . . . . . . . . . . . 50 20.2. Relaying of server messages . . . . . . . . . . . . . . . 50
21. Authentication of DHCP messages 51 21. Authentication of DHCP messages 50
21.1. DHCP threat model . . . . . . . . . . . . . . . . . . . . 51 21.1. DHCP threat model . . . . . . . . . . . . . . . . . . . . 51
21.2. Security of messages sent between servers and relay agents 52 21.2. Security of messages sent between servers and relay agents 51
21.3. Summary of DHCP authentication . . . . . . . . . . . . . 52 21.3. Summary of DHCP authentication . . . . . . . . . . . . . 51
21.4. Replay detection . . . . . . . . . . . . . . . . . . . . 52 21.4. Replay detection . . . . . . . . . . . . . . . . . . . . 52
21.5. Delayed authentication protocol . . . . . . . . . . . . . 53 21.5. Delayed authentication protocol . . . . . . . . . . . . . 52
21.5.1. Management issues in the delayed authentication 21.5.1. Management issues in the delayed authentication
protocol . . . . . . . . . . . . . . . . . 53 protocol . . . . . . . . . . . . . . . . . 52
21.5.2. Use of the Authentication option in the delayed 21.5.2. Use of the Authentication option in the delayed
authentication protocol . . . . . . . . . 53 authentication protocol . . . . . . . . . 53
21.5.3. Message validation . . . . . . . . . . . . . . . 54 21.5.3. Message validation . . . . . . . . . . . . . . . 54
21.5.4. Key utilization . . . . . . . . . . . . . . . . . 54 21.5.4. Key utilization . . . . . . . . . . . . . . . . . 54
21.5.5. Client considerations for delayed authentication 21.5.5. Client considerations for delayed authentication
protocol . . . . . . . . . . . . . . . . . 55 protocol . . . . . . . . . . . . . . . . . 55
21.5.6. Server considerations for delayed authentication 21.5.6. Server considerations for delayed authentication
protocol . . . . . . . . . . . . . . . . . 57 protocol . . . . . . . . . . . . . . . . . 56
22. DHCP options 57 22. DHCP options 57
22.1. Format of DHCP options . . . . . . . . . . . . . . . . . 58 22.1. Format of DHCP options . . . . . . . . . . . . . . . . . 57
22.2. Client Identifier option . . . . . . . . . . . . . . . . 58 22.2. Client Identifier option . . . . . . . . . . . . . . . . 58
22.3. Server Identifier option . . . . . . . . . . . . . . . . 59 22.3. Server Identifier option . . . . . . . . . . . . . . . . 58
22.4. Identity Association option . . . . . . . . . . . . . . . 59 22.4. Identity Association option . . . . . . . . . . . . . . . 59
22.5. Identity Association for Temporary Addresses option . . . 61 22.5. Identity Association for Temporary Addresses option . . . 61
22.6. IA Address option . . . . . . . . . . . . . . . . . . . . 63 22.6. IA Address option . . . . . . . . . . . . . . . . . . . . 62
22.7. Option Request option . . . . . . . . . . . . . . . . . . 64 22.7. Option Request option . . . . . . . . . . . . . . . . . . 63
22.8. Preference option . . . . . . . . . . . . . . . . . . . . 64 22.8. Preference option . . . . . . . . . . . . . . . . . . . . 64
22.9. Elapsed Time . . . . . . . . . . . . . . . . . . . . . . 65 22.9. Elapsed Time . . . . . . . . . . . . . . . . . . . . . . 64
22.10. Client message option . . . . . . . . . . . . . . . . . . 66 22.10. Client message option . . . . . . . . . . . . . . . . . . 65
22.11. Server message option . . . . . . . . . . . . . . . . . . 66 22.11. Server message option . . . . . . . . . . . . . . . . . . 65
22.12. Authentication option . . . . . . . . . . . . . . . . . . 67 22.12. Authentication option . . . . . . . . . . . . . . . . . . 66
22.13. Server unicast option . . . . . . . . . . . . . . . . . . 68 22.13. Server unicast option . . . . . . . . . . . . . . . . . . 67
22.14. Status Code Option . . . . . . . . . . . . . . . . . . . 68 22.14. Status Code Option . . . . . . . . . . . . . . . . . . . 67
22.15. Rapid Commit option . . . . . . . . . . . . . . . . . . . 69 22.15. Rapid Commit option . . . . . . . . . . . . . . . . . . . 68
22.16. User Class Option . . . . . . . . . . . . . . . . . . . . 69 22.16. User Class Option . . . . . . . . . . . . . . . . . . . . 69
22.17. Vendor Class Option . . . . . . . . . . . . . . . . . . . 70 22.17. Vendor Class Option . . . . . . . . . . . . . . . . . . . 70
22.18. Vendor-specific Information option . . . . . . . . . . . 71 22.18. Vendor-specific Information option . . . . . . . . . . . 71
22.19. Interface-Id Option . . . . . . . . . . . . . . . . . . . 72 22.19. Interface-Id Option . . . . . . . . . . . . . . . . . . . 72
22.20. Reconfigure Message option . . . . . . . . . . . . . . . 73 22.20. Reconfigure Message option . . . . . . . . . . . . . . . 73
22.21. Reconfigure Nonce option . . . . . . . . . . . . . . . . 73
23. Security Considerations 73 23. Security Considerations 74
24. Year 2000 considerations 73 24. IANA Considerations 74
24.1. Multicast addresses . . . . . . . . . . . . . . . . . . . 75
24.2. DHCP message types . . . . . . . . . . . . . . . . . . . 75
24.3. DHCP options . . . . . . . . . . . . . . . . . . . . . . 76
24.4. Status codes . . . . . . . . . . . . . . . . . . . . . . 76
24.5. DUID . . . . . . . . . . . . . . . . . . . . . . . . . . 77
24.6. Authentication option . . . . . . . . . . . . . . . . . . 77
25. IANA Considerations 73 25. Acknowledgments 77
25.1. Multicast addresses . . . . . . . . . . . . . . . . . . . 74
25.2. Anycast addresses . . . . . . . . . . . . . . . . . . . . 74
25.3. DHCPv6 message types . . . . . . . . . . . . . . . . . . 74
25.4. DUID . . . . . . . . . . . . . . . . . . . . . . . . . . 75
25.5. DHCPv6 options . . . . . . . . . . . . . . . . . . . . . 75
25.6. Status codes . . . . . . . . . . . . . . . . . . . . . . 76
25.7. Authentication option . . . . . . . . . . . . . . . . . . 76
26. Acknowledgments 77 26. Changes in draft-ietf-dhc-dhcpv6-25.txt 78
References 77 References 80
Chair's Address 79 Chair's Address 81
Authors' Addresses 79 Authors' Addresses 81
A. Appearance of Options in Message Types 81 A. Appearance of Options in Message Types 83
B. Appearance of Options in the Options Field of DHCP Options 81 B. Appearance of Options in the Options Field of DHCP Options 83
C. Full Copyright Statement 82 C. Full Copyright Statement 84
1. Introduction and Overview 1. Introduction and Overview
This document describes DHCP for IPv6 (DHCP), a client/server This document describes DHCP for IPv6 (DHCP), a client/server
protocol that provides managed configuration of devices. protocol that provides managed configuration of devices.
DHCP can provide a device with addresses assigned by a DHCP server DHCP can provide a device with addresses assigned by a DHCP server
and other configuration information. The addresses and additional and other configuration information. The addresses and additional
configuration are carried in options. DHCP can be extended through configuration are carried in options. DHCP can be extended through
the definition of new options to carry configuration information not the definition of new options to carry configuration information not
skipping to change at page 2, line 18 skipping to change at page 2, line 14
The remainder of this introduction summarizes DHCP, explaining The remainder of this introduction summarizes DHCP, explaining
the message exchange mechanisms and example message flows. The the message exchange mechanisms and example message flows. The
message flows in sections 1.3 and 1.4 are intended as illustrations message flows in sections 1.3 and 1.4 are intended as illustrations
of DHCP operation rather than an exhaustive list of all possible of DHCP operation rather than an exhaustive list of all possible
client-server interactions. Sections 17, 18 and 19 explain client client-server interactions. Sections 17, 18 and 19 explain client
and server operation in detail. and server operation in detail.
1.1. Protocols and addressing 1.1. Protocols and addressing
Clients and servers exchange DHCP messages using UDP [17]. The Clients and servers exchange DHCP messages using UDP [16]. The
client uses its link-local address determined through stateless client uses its link-local address determined through stateless
autoconfiguration for transmitting and receiving DHCP messages. autoconfiguration for transmitting and receiving DHCP messages.
DHCP servers receive messages from clients using a reserved, DHCP servers receive messages from clients using a reserved,
link-scoped multicast address. A DHCP client transmits most messages link-scoped multicast address. A DHCP client transmits most messages
to this reserved multicast address, so that the client need not be to this reserved multicast address, so that the client need not be
configured with the address or addresses of DHCP servers. configured with the address or addresses of DHCP servers.
To allow a DHCP client to send a message to a DHCP server that is not To allow a DHCP client to send a message to a DHCP server that is not
attached to the same link, a DHCP relay agent on the client's link attached to the same link, a DHCP relay agent on the client's link
skipping to change at page 4, line 30 skipping to change at page 4, line 30
settings influence protocol behavior are provided to demonstrate settings influence protocol behavior are provided to demonstrate
protocol behavior. An implementation is not required to have them in protocol behavior. An implementation is not required to have them in
the exact form described here, so long as its external behavior is the exact form described here, so long as its external behavior is
consistent with that described in this document. consistent with that described in this document.
3. Background 3. Background
The IPv6 Specification provides the base architecture and design of The IPv6 Specification provides the base architecture and design of
IPv6. Related work in IPv6 that would best serve an implementor IPv6. Related work in IPv6 that would best serve an implementor
to study includes the IPv6 Specification [3], the IPv6 Addressing to study includes the IPv6 Specification [3], the IPv6 Addressing
Architecture [7], IPv6 Stateless Address Autoconfiguration [19], IPv6 Architecture [6], IPv6 Stateless Address Autoconfiguration [18], IPv6
Neighbor Discovery Processing [15], and Dynamic Updates to DNS [20]. Neighbor Discovery Processing [14], and Dynamic Updates to DNS [19].
These specifications enable DHCP to build upon the IPv6 work to These specifications enable DHCP to build upon the IPv6 work to
provide both robust stateful autoconfiguration and autoregistration provide both robust stateful autoconfiguration and autoregistration
of DNS Host Names. of DNS Host Names.
The IPv6 Addressing Architecture specification [7] defines the The IPv6 Addressing Architecture specification [6] defines the
address scope that can be used in an IPv6 implementation, and the address scope that can be used in an IPv6 implementation, and the
various configuration architecture guidelines for network designers various configuration architecture guidelines for network designers
of the IPv6 address space. Two advantages of IPv6 are that support of the IPv6 address space. Two advantages of IPv6 are that support
for multicast is required, and nodes can create link-local addresses for multicast is required, and nodes can create link-local addresses
during initialization. This means that a client can immediately use during initialization. This means that a client can immediately use
its link-local address and a well-known multicast address to begin its link-local address and a well-known multicast address to begin
communications to discover neighbors on the link. For instance, a communications to discover neighbors on the link. For instance, a
client can send a Solicit message and locate a server or relay agent. client can send a Solicit message and locate a server or relay agent.
IPv6 Stateless Address Autoconfiguration [19] specifies procedures IPv6 Stateless Address Autoconfiguration [18] specifies procedures
by which a node may autoconfigure addresses based on router by which a node may autoconfigure addresses based on router
advertisements [15], and the use of a valid lifetime to support advertisements [14], and the use of a valid lifetime to support
renumbering of addresses on the Internet. In addition the renumbering of addresses on the Internet. In addition the
protocol interaction by which a node begins stateless or stateful protocol interaction by which a node begins stateless or stateful
autoconfiguration is specified. DHCP is one vehicle to perform autoconfiguration is specified. DHCP is one vehicle to perform
stateful autoconfiguration. Compatibility with stateless address stateful autoconfiguration. Compatibility with stateless address
autoconfiguration is a design requirement of DHCP. autoconfiguration is a design requirement of DHCP.
IPv6 Neighbor Discovery [15] is the node discovery protocol in IPv6 IPv6 Neighbor Discovery [14] is the node discovery protocol in IPv6
which replaces and enhances functions of ARP [16]. To understand which replaces and enhances functions of ARP [15]. To understand
IPv6 and stateless address autoconfiguration it is strongly IPv6 and stateless address autoconfiguration it is strongly
recommended that implementors understand IPv6 Neighbor Discovery. recommended that implementors understand IPv6 Neighbor Discovery.
Dynamic Updates to DNS [20] is a specification that supports the Dynamic Updates to DNS [19] is a specification that supports the
dynamic update of DNS records for both IPv4 and IPv6. DHCP can use dynamic update of DNS records for both IPv4 and IPv6. DHCP can use
the dynamic updates to DNS to integrate addresses and name space to the dynamic updates to DNS to integrate addresses and name space to
not only support autoconfiguration, but also autoregistration in not only support autoconfiguration, but also autoregistration in
IPv6. IPv6.
4. Terminology 4. Terminology
This sections defines terminology specific to IPv6 and DHCP used in This sections defines terminology specific to IPv6 and DHCP used in
this document. this document.
4.1. IPv6 Terminology 4.1. IPv6 Terminology
IPv6 terminology relevant to this specification from the IPv6 IPv6 terminology relevant to this specification from the IPv6
Protocol [3], IPv6 Addressing Architecture [7], and IPv6 Stateless Protocol [3], IPv6 Addressing Architecture [6], and IPv6 Stateless
Address Autoconfiguration [19] is included below. Address Autoconfiguration [18] is included below.
address An IP layer identifier for an interface address An IP layer identifier for an interface
or a set of interfaces. or a set of interfaces.
anycast address An anycast address identifies a group
of nodes; message sent to an anycast
address is delivered to one node out of
the group of nodes associated with the
address
host Any node that is not a router. host Any node that is not a router.
IP Internet Protocol Version 6 (IPv6). The IP Internet Protocol Version 6 (IPv6). The
terms IPv4 and IPv6 are used only in terms IPv4 and IPv6 are used only in
contexts where it is necessary to avoid contexts where it is necessary to avoid
ambiguity. ambiguity.
interface A node's attachment to a link. interface A node's attachment to a link.
link A communication facility or medium over link A communication facility or medium over
which nodes can communicate at the link which nodes can communicate at the link
layer, i.e., the layer immediately below layer, i.e., the layer immediately
IP. Examples are Ethernet (simple or below IP. Examples are Ethernet (simple
bridged); Token Ring; PPP links, X.25, or bridged); Token Ring; PPP links,
X.25, Frame Relay, or ATM networks; and
Frame Relay, or ATM networks; and
Internet (or higher) layer "tunnels", Internet (or higher) layer "tunnels",
such as tunnels over IPv4 or IPv6 such as tunnels over IPv4 or IPv6
itself. itself.
link-layer identifier A link-layer identifier for an link-layer identifier A link-layer identifier for an
interface. Examples include IEEE 802 interface. Examples include IEEE 802
addresses for Ethernet or Token Ring addresses for Ethernet or Token Ring
network interfaces, and E.164 addresses network interfaces, and E.164 addresses
for ISDN links. for ISDN links.
link-local address An IPv6 address having link-only link-local address An IPv6 address having link-only
scope, indicated by having the prefix scope, indicated by having the prefix
(FE80::0000/64), that can be used to (FE80::0000/10), that can be used to
reach neighboring nodes attached to reach neighboring nodes attached to
the same link. Every interface has a the same link. Every interface has a
link-local address. link-local address.
multicast address An identifier for a set of interfaces multicast address An identifier for a set of interfaces
(typically belonging to different (typically belonging to different
nodes). A packet sent to a multicast nodes). A packet sent to a multicast
address is delivered to all interfaces address is delivered to all interfaces
identified by that address. identified by that address.
neighbor A node attached to the same link. neighbor A node attached to the same link.
node A device that implements IP. node A device that implements IP.
packet An IP header plus payload. packet An IP header plus payload.
prefix The initial bits of an address, or a prefix The initial bits of an address, or a
set of IP address that share the same set of IP addresses that share the same
initial bits. initial bits.
prefix length The number of bits in a prefix. prefix length The number of bits in a prefix.
router A node that forwards IP packets not router A node that forwards IP packets not
explicitly addressed to itself. explicitly addressed to itself.
unicast address An identifier for a single interface. unicast address An identifier for a single interface.
A packet sent to a unicast address is A packet sent to a unicast address is
delivered to the interface identified by delivered to the interface identified by
skipping to change at page 7, line 34 skipping to change at page 7, line 27
DHCP domain A set of links managed by DHCP and DHCP domain A set of links managed by DHCP and
operated by a single administrative operated by a single administrative
entity. entity.
DHCP relay agent (or relay agent) A node that acts as an DHCP relay agent (or relay agent) A node that acts as an
intermediary to deliver DHCP messages intermediary to deliver DHCP messages
between clients and servers, and is on between clients and servers, and is on
the same link as the client. the same link as the client.
DHCP server (or server) A server is a node that responds to DHCP server (or server) A node that responds to requests from
requests from clients, and may or clients, and may or may not be on the
may not be on the same link as the same link as the client(s).
client(s).
DUID A DHCP Unique IDentifier for a DHCP DUID A DHCP Unique IDentifier for a DHCP
participant; each DHCP client and server participant; each DHCP client and server
has exactly one DUID. See section 9 for has exactly one DUID. See section 9 for
details of the ways in which a DUID may details of the ways in which a DUID may
be constructed. be constructed.
Identity association (IA) A collection of addresses assigned to Identity association (IA) A collection of addresses assigned to
a client. Each IA has an associated a client. Each IA has an associated
IAID. A client may have more than one IAID. A client may have more than one
IA assigned to it; for example, one for IA assigned to it; for example, one for
each of its interfaces. each of its interfaces.
Identity association identifier (IAID) An identifier for an IA, Identity association identifier (IAID) An identifier for an IA,
chosen by the client. Each IA has an chosen by the client. Each IA has an
IAID, which is chosen to be unique among IAID, which is chosen to be unique among
all IAIDs for IAs belonging to that all IAIDs for IAs belonging to that
client. client.
message A unit of data carried in a packet, message A unit of data carried as the payload
exchanged among DHCP servers, relay of a UDP datagram, exchanged among DHCP
agents and clients. servers, relay agents and clients.
transaction-ID An unsigned integer to match responses reconfiguration nonce A 64 bit opaque value used to provide
security for Reconfigure messages. A
server generates a cryptographically
strong random number as a nonce and
sends that nonce value to the client.
The server then includes the nonce in
any Reconfigure messages it sends to the
client.
transaction-ID An opaque value used to match responses
with replies initiated either by a with replies initiated either by a
client or server. client or server.
5. DHCP Constants 5. DHCP Constants
This section describes various program and networking constants used This section describes various program and networking constants used
by DHCP. by DHCP.
5.1. Multicast Addresses 5.1. Multicast Addresses
skipping to change at page 8, line 38 skipping to change at page 8, line 38
All_DHCP_Servers (FF05::1:3) A site-scoped multicast address All_DHCP_Servers (FF05::1:3) A site-scoped multicast address
used by a client or relay agent to communicate with used by a client or relay agent to communicate with
servers, either because the client or relay agent servers, either because the client or relay agent
wants to send messages to all servers or because it wants to send messages to all servers or because it
does not know the unicast addresses of the servers. does not know the unicast addresses of the servers.
Note that in order for a client or relay agent to use Note that in order for a client or relay agent to use
this address, it must have an address of sufficient this address, it must have an address of sufficient
scope to be reachable by the servers. All servers scope to be reachable by the servers. All servers
within the site are members of this multicast group. within the site are members of this multicast group.
5.2. Anycast address 5.2. UDP ports
DHCP proposes to use the following reserved anycast address:
DHCP_Anycast (FEC0:0:0:0:FFFF::4) This document proposes the
assignment of the DHCP_Anycast address for use
by clients attached to links that do not support
multicast.
5.3. UDP ports
Clients listen for DHCP messages on UDP port 546. Servers and relay Clients listen for DHCP messages on UDP port 546. Servers and relay
agents listen for DHCP messages on UDP port 547. agents listen for DHCP messages on UDP port 547.
5.4. DHCP message types 5.3. DHCP message types
DHCP defines the following message types. More detail on these DHCP defines the following message types. More detail on these
message types can be found in Section 6. Message types not listed message types can be found in Section 6. Message types not listed
here are reserved for future use. The message code for each message here are reserved for future use. The message code for each message
type is shown with the message name. type is shown with the message name.
SOLICIT (1) A client sends a Solicit message to locate SOLICIT (1) A client sends a Solicit message to locate
servers. servers.
ADVERTISE (2) A server sends an Advertise message to indicate ADVERTISE (2) A server sends an Advertise message to indicate
that it is available for DHCP service, in that it is available for DHCP service, in
response to a Solicit message received from a response to a Solicit message received from a
client. client.
REQUEST (3) A client sends a Request message to request REQUEST (3) A client sends a Request message to request
configuration parameters from a server. configuration parameters from a server.
CONFIRM (4) A client sends a Confirm message to servers to CONFIRM (4) A client sends a Confirm message to any
request that the server validate and confirm available server when it detects that it may
that the addresses and current configuration have moved to a new link to request that the
parameters assigned by the server to the client servers verify that the addresses and current
are still valid. configuration parameters assigned by the server
to the client are still valid.
RENEW (5) A client sends a Renew message to the server RENEW (5) A client sends a Renew message to the server
that originally provided the client's addresses that originally provided the client's addresses
and configuration addresses to update the and configuration parameters to extend the
addresses assigned to the client and the leases on the addresses assigned to the client
lifetimes for those addresses, as well as the and to update other configuration parameters.
current configuration parameters assigned by
the server to the client.
REBIND (6) A client sends a Rebind message to update REBIND (6) A client sends a Rebind message to any
the addresses assigned to the client and the available server to extend the leases on the
lifetimes for those addresses, as well as the addresses assigned to the client and to update
current configuration parameters assigned by other configuration parameters; this message is
the server to the client; this message is sent sent after a client receives no response to a
after a client receives no response to a Renew Renew message.
message.
REPLY (7) A server sends a Reply message containing REPLY (7) A server sends a Reply message containing
assigned addresses and configuration parameters assigned addresses and configuration parameters
in response to a Solicit, Request, Renew, in response to a Solicit, Request, Renew,
Rebind or Information-request message received Rebind or Information-request message received
from a client. A server sends a Reply message from a client. A server sends a Reply message
confirming or denying the validity of the confirming or denying the validity of the
client's addresses and configuration parameters client's addresses and configuration parameters
in response to a Confirm message. A server in response to a Confirm message. A server
sends a Reply message to acknowledge receipt of sends a Reply message to acknowledge receipt of
skipping to change at page 10, line 38 skipping to change at page 10, line 26
message is encapsulated in an option in the message is encapsulated in an option in the
Relay-forward message. Relay-forward message.
RELAY-REPL (13) A server sends a Relay-reply message to a relay RELAY-REPL (13) A server sends a Relay-reply message to a relay
agent to send messages to clients through the agent to send messages to clients through the
relay agent. The server encapsulates the relay agent. The server encapsulates the
client message as an option in the Relay-reply client message as an option in the Relay-reply
message, which the relay agent extracts and message, which the relay agent extracts and
forwards to the client. forwards to the client.
5.5. Status Codes 5.4. Status Codes
DHCPv6 uses status codes to communicate the success or failure of DHCPv6 uses status codes to communicate the success or failure of
operations requested in messages from clients and servers, and to operations requested in messages from clients and servers, and to
provide additional information about the specific cause of the provide additional information about the specific cause of the
failure of a message. The specific status codes are defined in failure of a message. The specific status codes are defined in
section 25.6. section 24.4.
5.6. Configuration Parameters 5.5. Configuration Parameters
This section presents a table of configuration parameters used to This section presents a table of configuration parameters used to
describe the message transmission behavior of clients and servers. describe the message transmission behavior of clients and servers.
Parameter Default Description Parameter Default Description
------------------------------------- -------------------------------------
MIN_SOL_DELAY 1 sec Min delay of first Solicit MIN_SOL_DELAY 1 sec Min delay of first Solicit
MAX_SOL_DELAY 5 secs Max delay of first Solicit MAX_SOL_DELAY 5 secs Max delay of first Solicit
SOL_TIMEOUT 500 msecs Initial Solicit timeout SOL_TIMEOUT 500 msecs Initial Solicit timeout
SOL_MAX_RT 30 secs Max Solicit timeout value SOL_MAX_RT 30 secs Max Solicit timeout value
skipping to change at page 11, line 34 skipping to change at page 11, line 12
REB_TIMEOUT 10 secs Initial Rebind timeout REB_TIMEOUT 10 secs Initial Rebind timeout
REB_MAX_RT 600 secs Max Rebind timeout value REB_MAX_RT 600 secs Max Rebind timeout value
INF_TIMEOUT 500 ms Initial Information-request timeout INF_TIMEOUT 500 ms Initial Information-request timeout
INF_MAX_RT 30 secs Max Information-request timeout value INF_MAX_RT 30 secs Max Information-request timeout value
REL_TIMEOUT 250 msecs Initial Release timeout REL_TIMEOUT 250 msecs Initial Release timeout
REL_MAX_RT 1 sec Max Release timeout REL_MAX_RT 1 sec Max Release timeout
REL_MAX_RC 5 MAX Release attempts REL_MAX_RC 5 MAX Release attempts
DEC_TIMEOUT 250 msecs Initial Decline timeout DEC_TIMEOUT 250 msecs Initial Decline timeout
DEC_MAX_RT 1 sec Max Decline timeout DEC_MAX_RT 1 sec Max Decline timeout
DEC_MAX_RC 5 Max Decline attempts DEC_MAX_RC 5 Max Decline attempts
REC_TIMEOUT 1 sec Initial Reconfigure timeout
REC_MAX_RC 8 Max Reconfigure attempts
6. Message Formats 6. Message Formats
All DHCP messages sent between clients and servers share an identical All DHCP messages sent between clients and servers share an identical
fixed format header and a variable format area for options. fixed format header and a variable format area for options.
All values in the message header and in options are in network order. All values in the message header and in options are in network byte
order.
Options are stored serially in the options field, with no padding
between the options. Options are byte-aligned but are not aligned in
any other way such as on 2 or 4 byte boundaries.
The following diagram illustrates the format of DHCP messages sent The following diagram illustrates the format of DHCP messages sent
between clients and servers: between clients and servers:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| msg-type | transaction-ID | | msg-type | transaction-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. options . . options .
. (variable) . . (variable) .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
msg-type Identifies the DHCP message type; the msg-type Identifies the DHCP message type; the
available message types are listed in available message types are listed in
section 5.4. section 5.3.
transaction-id An unsigned integer used by a client or transaction-id An unsigned integer used by a client or
server to match a response message to a server to match a response message to a
request message. request message.
options Options carried in this message; options are options Options carried in this message; options are
described in section 22. described in section 22.
7. Relay agent messages 7. Relay agent messages
skipping to change at page 14, line 23 skipping to change at page 13, line 23
message message
client-address The client's address, copied from the client-address The client's address, copied from the
relay-forward message relay-forward message
options MUST include a "Server message option"; see options MUST include a "Server message option"; see
section 22.11; MAY include other options section 22.11; MAY include other options
8. Representation and use of domain names 8. Representation and use of domain names
So that domain names may be encoded uniformly and compactly, a So that domain names may be encoded uniformly, a domain name or a
domain name or a list of domain names is encoded using the technique list of domain names is encoded using the technique described in
described in sections 3.1 and 4.1.4 of RFC1035 [12]. Section 4.1.4 section 3.1 of RFC1035 [11]. A domain name or list of domain names
of RFC1035 describes how more than one domain name can be represented in DHCP MUST NOT be stored in compressed form as described in section
in a list of domain names. For use in this specification, in a 4.1.4 of RFC1035.
list of domain names, the compression pointer (see section 4.1.4 of
RFC1035) refers to the offset within the list.
9. DHCP unique identifier (DUID) 9. DHCP unique identifier (DUID)
Each DHCP client and server has a DUID. DHCP servers use DUIDs to Each DHCP client and server has a DUID. DHCP servers use DUIDs to
identify clients for the selection of configuration parameters and identify clients for the selection of configuration parameters and
in the association of IAs with clients. DHCP clients use DUIDs to in the association of IAs with clients. DHCP clients use DUIDs to
identify a server in messages where a server needs to be identified. identify a server in messages where a server needs to be identified.
See sections 22.2 and 22.3 for the representation of a DUID in a DHCP See sections 22.2 and 22.3 for the representation of a DUID in a DHCP
message. message.
Clients and servers MUST treat DUIDs as opaque values and MUST only Clients and servers MUST treat DUIDs as opaque values and MUST only
compare DUIDs for equality. Clients and servers MUST NOT in any compare DUIDs for equality. Clients and servers MUST NOT in any
other way interpret DUIDs. Clients and servers MUST NOT restrict other way interpret DUIDs. Clients and servers MUST NOT restrict
DUIDs to the types defined in this document as additional DUID types DUIDs to the types defined in this document as additional DUID types
may be defined in the future. may be defined in the future.
The DUID is carried in an option because it may be variable length The DUID is carried in an option because it may be variable length
and because it is not required in all DHCP messages. The DUID is and because it is not required in all DHCP messages. The DUID is
designed to be unique across all DHCP clients and servers, and designed to be unique across all DHCP clients and servers, and
consistent for any specific client or server - that is, the DUID consistent for any specific client or server - that is, the DUID used
used by a client or server SHOULD NOT change over time; for example, by a client or server SHOULD NOT change over time if at all possible;
a device's DUID should not change as a result of a change in the for example, a device's DUID should not change as a result of a
device's network hardware. change in the device's network hardware.
The motivation for having more than one type of DUID is that the DUID The motivation for having more than one type of DUID is that the DUID
must be globally unique, and must also be easy to generate. The sort must be globally unique, and must also be easy to generate. The sort
of globally-unique identifier that is easy to generate for any given of globally-unique identifier that is easy to generate for any given
device can differ quite widely. Also, some devices may not contain device can differ quite widely. Also, some devices may not contain
any persistent storage. Retaining a generated DUID in such a device any persistent storage. Retaining a generated DUID in such a device
is not possible, so the DUID scheme must accommodate such devices. is not possible, so the DUID scheme must accommodate such devices.
9.1. DUID contents 9.1. DUID contents
A DUID consists of a two octet type code represented in network A DUID consists of a two octet type code represented in network byte
order, followed by a variable number of octets that make up the order, followed by a variable number of octets that make up the
actual identifier. A DUID can be no more than 256 octets long. The actual identifier. A DUID can be no more than 256 octets long. The
following types are currently defined: following types are currently defined:
1 Link-layer address plus time 1 Link-layer address plus time
2 Vendor-assigned unique ID based on domain name 2 Vendor-assigned unique ID based on domain name
3 Vendor-assigned unique ID based on Enterprise Number 3 Vendor-assigned unique ID based on Enterprise Number
4 Link-layer address 4 Link-layer address
Formats for the variable field of the DUID for each of the above Formats for the variable field of the DUID for each of the above
skipping to change at page 15, line 37 skipping to change at page 14, line 32
9.2. DUID based on link-layer address plus time 9.2. DUID based on link-layer address plus time
This type of DUID consists of a two octet type field containing the This type of DUID consists of a two octet type field containing the
value 1, a two octet hardware type code, four octets containing value 1, a two octet hardware type code, four octets containing
a time value, followed by link-layer address of any one network a time value, followed by link-layer address of any one network
interface that is connected to the DHCP device at the time that the interface that is connected to the DHCP device at the time that the
DUID is generated. The time value is the time that the DUID is DUID is generated. The time value is the time that the DUID is
generated represented in seconds since midnight (UTC), January 1, generated represented in seconds since midnight (UTC), January 1,
2000, modulo 2^32. The hardware type MUST be a valid hardware type 2000, modulo 2^32. The hardware type MUST be a valid hardware type
assigned by the IANA as described in the section on ARP in RFC 826. assigned by the IANA as described in the section on ARP in RFC 826.
Both the time and the hardware type are stored in network order. Both the time and the hardware type are stored in network byte order.
The following diagram illustrates the format of a DUID based on The following diagram illustrates the format of a DUID based on
link-layer address plus time: link-layer address plus time:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | Hardware type (16 bits) | | 1 | Hardware type (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time (32 bits) | | Time (32 bits) |
skipping to change at page 16, line 4 skipping to change at page 14, line 48
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | Hardware type (16 bits) | | 1 | Hardware type (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time (32 bits) | | Time (32 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. link-layer address (variable length) . . link-layer address (variable length) .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The choice of network interface can be completely arbitrary, as long The choice of network interface can be completely arbitrary, as long
as that interface provides a unique link-layer address, and the same as that interface provides a globally unique link-layer address for
DUID should be used in configuring all network interfaces connected the link type, and the same DUID should be used in configuring all
to the device, regardless of which interface's link-layer address was network interfaces connected to the device, regardless of which
used to generate the DUID. interface's link-layer address was used to generate the DUID.
Clients and servers using this type of DUID MUST store the DUID Clients and servers using this type of DUID MUST store the DUID
in stable storage, and MUST continue to use this DUID even if the in stable storage, and MUST continue to use this DUID even if the
network interface used to generate the DUID is removed. Clients and network interface used to generate the DUID is removed. Clients and
servers that do not have any stable storage MUST NOT use this type of servers that do not have any stable storage MUST NOT use this type of
DUID. DUID.
Clients and servers that use this DUID SHOULD attempt to configure Clients and servers that use this DUID SHOULD attempt to configure
the time prior to generating the DUID, if that is possible, and MUST the time prior to generating the DUID, if that is possible, and MUST
use some sort of time source (for example, a real-time clock) in use some sort of time source (for example, a real-time clock) in
skipping to change at page 16, line 38 skipping to change at page 15, line 35
computing devices such as desktop computers and laptop computers, and computing devices such as desktop computers and laptop computers, and
also for devices such as printers, routers, and so on, that contain also for devices such as printers, routers, and so on, that contain
some form of writable non-volatile storage. some form of writable non-volatile storage.
Despite our best efforts, it is possible that this algorithm for Despite our best efforts, it is possible that this algorithm for
generating a DUID could result in a client identifier collision. A generating a DUID could result in a client identifier collision. A
DHCP client that generates a DUID using this mechanism MUST provide DHCP client that generates a DUID using this mechanism MUST provide
an administrative interface that replaces the existing DUID with a an administrative interface that replaces the existing DUID with a
newly-generated DUID of this type. newly-generated DUID of this type.
9.3. Vendor-assigned unique ID based on Domain Name (VUID-DN) 9.3. Vendor-assigned unique ID based on Enterprise Number (VUID-EN)
The vendor-assigned unique ID based on the domain name consists of a
two-octet value giving the length of the identifier, the value of the
identifier and the vendor's registered domain name.
The following diagram summarizes the structure of a VUID-DN:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2 | identifier length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. identifier .
. (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. domain name (variable length) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The source of the identifier is left up to the vendor defining it,
but each identifier part of each VUID-DN MUST be unique to the device
that is using it, and MUST be assigned to the device at the time of
manufacture and stored in some form of non-volatile storage. The
VUID-DN SHOULD be recorded in non-erasable storage. The domain name
is simply any domain name that has been legally registered by the
vendor in the domain name system [11], stored in the form described
in section 8.
If a domain name is being used by a vendor as a vendor identifier,
then the vendor MUST ensure that the domain name has not previously
been used by a different vendor.
An example DUID of this type might look like this:
+---+---+---+---+---+---+---+---+
| 0 | 2 | 0 | 8 | 12|192|132|221|
+---+---+---+---+---+---+---+---+
| 3 | 0 | 9 | 18|101|120| 97|109|
+---+---+---+---+---+---+---+---+
|112|108|101| 46| 99|111|109|
+---+---+---+---+---+---+---+
This example includes the two-octet type of 2, the two-octet length
of 8, eight octets of identifier data, followed by "example.com"
represented in ASCII.
9.4. Vendor-assigned unique ID based on Enterprise Number (VUID-EN)
The vendor-assigned unique ID based on Enterprise Number consists The vendor-assigned unique ID based on Enterprise Number consists of
of the vendor's registered Enterprise Number as maintained by IANA the vendor's registered Private Enterprise Number as maintained by
followed by the value of the identifier. IANA [7] followed by the value of the identifier.
The following diagram summarizes the structure of a VUID-EN: The following diagram summarizes the structure of a VUID-EN:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 3 | Enterprise Number | | 3 | enterprise-number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Enterprise Number (contd) | | | enterprise-number (contd) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. identifier . . identifier .
. (variable length) . . (variable length) .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The source of the identifier is left up to the vendor defining it, The source of the identifier is left up to the vendor defining it,
but each identifier part of each VUID-EN MUST be unique to the device but each identifier part of each VUID-EN MUST be unique to the
that is using it, and MUST be assigned to the device at the time of device that is using it, and MUST be assigned to the device at
manufacture and stored in some form of non-volatile storage. The the time of manufacture and stored in some form of non-volatile
VUID SHOULD be recorded in non-erasable storage. The Enterprise storage. The VUID SHOULD be recorded in non-erasable storage. The
Number is the vendor's Enterprise code from the list "SMI Network enterprise-number is the vendor's registered Private Enterprise
Management Private Enterprise Codes", as maintained by IANA in file Number as maintained by IANA [7]. The enterprise-number is stored as
ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers. The an unsigned 32 bit number.
Enterprise Number is stored as an unsigned 32 bit number.
An example DUID of this type might look like this: An example DUID of this type might look like this:
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
| 0 | 3 | 0 | 0 | 0 | 9| 12|192| | 0 | 3 | 0 | 0 | 0 | 9| 12|192|
+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+
|132|221| 3 | 0 | 9 | 18| |132|221| 3 | 0 | 9 | 18|
+---+---+---+---+---+---+ +---+---+---+---+---+---+
This example includes the two-octet type of 3, the Enterprise Number This example includes the two-octet type of 3, the Enterprise Number
(9), followed by eight octets of identifier data. (9), followed by eight octets of identifier data.
9.5. Link-layer address 9.4. Link-layer address
This type of DUID consists of two octets containing the DUID type 4, This type of DUID consists of two octets containing the DUID type 4,
a two octet network hardware type code, followed by the link-layer a two octet network hardware type code, followed by the link-layer
address of any one network interface that is permanently connected to address of any one network interface that is permanently connected to
the client or server device. For example, this DUID could be used the client or server device. For example, this DUID could be used
by a host that has a network interface implemented in a chip that is by a host that has a network interface implemented in a chip that is
unlikely to be removed and used elsewhere. The hardware type MUST unlikely to be removed and used elsewhere. The hardware type MUST
be a valid hardware type assigned by the IANA as described in the be a valid hardware type assigned by the IANA as described in the
section on ARP in RFC 826. The hardware type is stored in network section on ARP in RFC 826. The hardware type is stored in network
order. byte order.
The following diagram illustrates the format of a DUID based on The following diagram illustrates the format of a DUID based on
link-layer address: link-layer address:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4 | Hardware type (16 bits) | | 4 | Hardware type (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
skipping to change at page 20, line 10 skipping to change at page 17, line 44
configuration changes. configuration changes.
The configuration information in an IA consists of one or more IPv6 The configuration information in an IA consists of one or more IPv6
addresses and other parameters. The parameters are specified as DHCP addresses and other parameters. The parameters are specified as DHCP
options within the IA, and are associated with the addresses in the options within the IA, and are associated with the addresses in the
IA and the interface to which the IA belongs. Other parameters that IA and the interface to which the IA belongs. Other parameters that
are not associated with a particular interface may be specified in are not associated with a particular interface may be specified in
the options section of a DHCP message, outside the scope of any IA. the options section of a DHCP message, outside the scope of any IA.
Each address in an IA has a preferred lifetime and a valid lifetime, Each address in an IA has a preferred lifetime and a valid lifetime,
as defined in RFC2462 [19]. The lifetimes are transmitted from the as defined in RFC2462 [18]. The lifetimes are transmitted from the
DHCP server to the client in the IA option. The lifetimes apply to DHCP server to the client in the IA option. The lifetimes apply to
the use of IPv6 addresses as described in section 5.5.4 of RFC2462. the use of IPv6 addresses as described in section 5.5.4 of RFC2462.
See section 22.4 for the representation of an IA in a DHCP message. See section 22.4 for the representation of an IA in a DHCP message.
11. Selecting addresses for assignment to an IA 11. Selecting addresses for assignment to an IA
A server selects addresses to be assigned to an IA according to the A server selects addresses to be assigned to an IA according to the
address assignment policies determined by the server administrator address assignment policies determined by the server administrator
and the specific information the server determines about the client and the specific information the server determines about the client
skipping to change at page 20, line 52 skipping to change at page 18, line 36
server has enabled the use of unicast message delivery by the server has enabled the use of unicast message delivery by the
client and the client has sent a message for which unicast client and the client has sent a message for which unicast
delivery is allowed) delivery is allowed)
- The DUID supplied by the client - The DUID supplied by the client
- Other information in options supplied by the client - Other information in options supplied by the client
- Other information in options supplied by the relay agent - Other information in options supplied by the relay agent
A server MUST generate link identifiers for unicast addresses with Any unicast address assigned by a server that is based on an
the "u" (universal/local) and "g" (individual/group) bits of the EUI-64 identifier MUST include an interface identifier with the "u"
EUI-64 identifier set to 0 (see RFC 2373). (universal/local) and "g" (individual/group) bits of the interface
identifier set appropriately, as indicated in section 2.5.1 of RFC
2373.
A server MUST NOT assign an address that is otherwise reserved by A server MUST NOT assign an address that is otherwise reserved for
IANA. some other purpose. These reserved addresses may be specified as
128-bit IPv6 addresses or as interface identifiers that are reserved
for all subnets. For example, a server MUST NOT assign reserved
anycast addresses, as defined in RFC2526, from any subnet.
12. Management of temporary addresses 12. Management of temporary addresses
A client may be assigned temporary addresses (temporary addresses A client may be assigned temporary addresses (temporary addresses
are defined in RFC 3041 [14]). Clients and servers simply identify are defined in RFC 3041 [13]). Clients and servers simply identify
addresses as "temporary". DHCPv6 handling of address assignment is addresses as "temporary". DHCPv6 handling of address assignment is
no different for temporary addresses. DHCPv6 says nothing about no different for temporary addresses. DHCPv6 says nothing about
details of temporary addresses like lifetimes, how clients use details of temporary addresses like lifetimes, how clients use
temporary addresses, rules for generating successive temporary temporary addresses, rules for generating successive temporary
addresses, etc. addresses, etc.
Clients ask for temporary addresses and servers assign them. Clients ask for temporary addresses and servers assign them.
Temporary addresses are carried in the Identity Association for Temporary addresses are carried in the Identity Association for
Temporary Addresses (IA_TA) option (see section 22.5). Each IA_TA Temporary Addresses (IA_TA) option (see section 22.5). Each IA_TA
option contains at most one temporary address for each of the option contains at most one temporary address for each of the
skipping to change at page 21, line 33 skipping to change at page 19, line 22
Unless otherwise stated, an IA_TA option is used in the same way in Unless otherwise stated, an IA_TA option is used in the same way in
as an IA option. In the protocol specification, unless otherwise as an IA option. In the protocol specification, unless otherwise
stated, a reference to an IA should be read as either an IA or an stated, a reference to an IA should be read as either an IA or an
IA_TA. IA_TA.
The IAID number space for the IA_TA option IAID number space is The IAID number space for the IA_TA option IAID number space is
separate from the IA option IAID number space. separate from the IA option IAID number space.
The server MAY update the DNS for a temporary address as described in The server MAY update the DNS for a temporary address as described in
section 4 of RFC3041, and MUST NOT update the DNS in any other way section 4 of RFC3041.
for a temporary address.
13. Transmission of messages by a client 13. Transmission of messages by a client
Unless otherwise specified, a client sends DHCP messages to the Unless otherwise specified, a client sends DHCP messages to the
All_DHCP_Relay_Agents_and_Servers or the DHCP_Anycast address. All_DHCP_Relay_Agents_and_Servers.
If the client is attached to a link that supports multicast If the client is attached to a link that supports multicast
transmission, the client sends DHCP messages to the transmission, the client sends DHCP messages to the
All_DHCP_Relay_Agents_and_Servers address. If the client is All_DHCP_Relay_Agents_and_Servers address.
attached to a link that does not support multicast transmission, the
client uses the DHCP_Anycast address.
A client may send some messages directly to a server using unicast, A client may send some messages directly to a server using unicast,
as described in section 22.13. as described in section 22.13.
14. Reliability of Client Initiated Message Exchanges 14. Reliability of Client Initiated Message Exchanges
DHCP clients are responsible for reliable delivery of messages in the DHCP clients are responsible for reliable delivery of messages in the
client-initiated message exchanges described in sections 17 and 18. client-initiated message exchanges described in sections 17 and 18.
If a DHCP client fails to receive an expected response from a server, If a DHCP client fails to receive an expected response from a server,
the client must retransmit its message. This section describes the the client must retransmit its message. This section describes the
retransmission strategy to be used by clients in client-initiated retransmission strategy to be used by clients in client-initiated
message exchanges. message exchanges.
Note that the procedure described in this section is slightly Note that the procedure described in this section is slightly
modified for use with the Solicit message (section 17.1.2). modified when used with the Solicit message. The modified procedure
is described in section 17.1.2.
The client begins the message exchange by transmitting a message to The client begins the message exchange by transmitting a message to
the server. The message exchange terminates when either the client the server. The message exchange terminates when either the client
successfully receives the appropriate response or responses from a successfully receives the appropriate response or responses from a
server or servers, or when the message exchange is considered to have server or servers, or when the message exchange is considered to have
failed according to the retransmission mechanism described below. failed according to the retransmission mechanism described below.
The client retransmission behavior is controlled and described by the The client retransmission behavior is controlled and described by the
following variables: following variables:
skipping to change at page 22, line 43 skipping to change at page 20, line 31
according to the rules given below. If RT expires before the message according to the rules given below. If RT expires before the message
exchange terminates, the client recomputes RT and retransmits the exchange terminates, the client recomputes RT and retransmits the
message. message.
Each of the computations of a new RT include a randomization factor Each of the computations of a new RT include a randomization factor
(RAND), which is a random number chosen with a uniform distribution (RAND), which is a random number chosen with a uniform distribution
between -0.1 and +0.1. The randomization factor is included to between -0.1 and +0.1. The randomization factor is included to
minimize synchronization of messages transmitted by DHCP clients. minimize synchronization of messages transmitted by DHCP clients.
The algorithm for choosing a random number does not need to be The algorithm for choosing a random number does not need to be
cryptographically sound. The algorithm SHOULD produce a different cryptographically sound. The algorithm SHOULD produce a different
sequence of numbers from each invocation of the DHCP client. sequence of random numbers from each invocation of the DHCP client.
RT for the first message transmission is based on IRT: RT for the first message transmission is based on IRT:
RT = 2*IRT + RAND*IRT RT = IRT + RAND*IRT
RT for each subsequent message transmission is based on the previous RT for each subsequent message transmission is based on the previous
value of RT: value of RT:
RT = 2*RTprev + RAND*RTprev RT = 2*RTprev + RAND*RTprev
MRT specifies an upper bound on the value of RT. If MRT has a value MRT specifies an upper bound on the value of RT. If MRT has a value
of 0, there is no upper limit on the value of RT. Otherwise: of 0, there is no upper limit on the value of RT. Otherwise:
if (RT > MRT) if (RT > MRT)
RT = MRT + RAND*MRT RT = MRT + RAND*MRT
MRC specifies an upper bound on the number of times a client may MRC specifies an upper bound on the number of times a client may
retransmit a message. If MRC has a value of 0, the client MUST retransmit a message. Unless MRC is zero, the message exchange fails
continue to retransmit the original message until a response is once the client has transmitted the message MRC times.
received. Otherwise, the message exchange fails once the client has
transmitted the message MRC times.
MRD specifies an upper bound on the length of time a client may MRD specifies an upper bound on the length of time a client may
retransmit a message. If MRD has a value of 0, the client MUST retransmit a message. Unless MRD is zero, the message exchange fails
continue to retransmit the original message until a response is once MRD seconds have elapsed since the client first transmitted the
received. Otherwise, the message exchange fails once the client has message.
transmitted the message MRD seconds.
If both MRC and MRD are non-zero, the message exchange fails whenever If both MRC and MRD are non-zero, the message exchange fails whenever
either of the conditions specified in the previous two paragraphs are either of the conditions specified in the previous two paragraphs are
met. met.
If both MRC and MRD are zero, the client continues to transmit the
message until it receives a response.
15. Message validation 15. Message validation
Servers MUST discard any received messages that include Clients and servers SHOULD discard any messages that contain options
authentication information and fail the authentication check by the that are not allowed to appear in the received message. For example,
server. an Information-request message must not include an IA option.
Clients and server MAY choose to extract information from such a
message if the information is of use to the recipient.
Clients MUST discard any received messages that include Message validation based on DHCP authentication is discussed in
authentication information and fail the authentication check by the section 21.5.3.
client, except as noted in section 21.5.5.2.
15.1. Use of Transaction-ID field 15.1. Use of Transaction-ID field
The "transaction-ID" field holds a value used by clients and servers The "transaction-ID" field holds a value used by clients and servers
to synchronize server responses to client messages. A client SHOULD to synchronize server responses to client messages. A client SHOULD
choose a different transaction-ID for each new message it sends. A choose a different transaction-ID for each new message it sends. A
client MUST leave the transaction-ID unchanged in retransmissions of client MUST leave the transaction-ID unchanged in retransmissions of
a message. a message.
15.2. Solicit message 15.2. Solicit message
Clients MUST discard any received Solicit messages. Clients MUST discard any received Solicit messages.
Servers MUST discard any Solicit messages that do not include a Servers MUST discard any Solicit messages that do not include a
Client Identifier option. Client Identifier option or that do include a Server Identifier
option.
15.3. Advertise message 15.3. Advertise message
Clients MUST discard any received Advertise messages that meet any of Clients MUST discard any received Advertise messages that meet any of
the following conditions: the following conditions:
- the message does not include a Server Identifier option - the message does not include a Server Identifier option
- the message does not include a Client Identifier option - the message does not include a Client Identifier option
skipping to change at page 24, line 42 skipping to change at page 22, line 29
- the contents of the Server Identifier option do not match the - the contents of the Server Identifier option do not match the
server's identifier server's identifier
- the message does not include a Client Identifier option - the message does not include a Client Identifier option
15.5. Confirm message 15.5. Confirm message
Clients MUST discard any received Confirm messages. Clients MUST discard any received Confirm messages.
Servers MUST discard any Confirm messages received that do not Servers MUST discard any Confirm messages received that do not
include a Client Identifier option. include a Client Identifier option or that do include a Server
Identifier option.
15.6. Renew message 15.6. Renew message
Clients MUST discard any received Renew messages. Clients MUST discard any received Renew messages.
Servers MUST discard any received Renew message that meets any of the Servers MUST discard any received Renew message that meets any of the
following conditions: following conditions:
- the message does not include a Server Identifier option - the message does not include a Server Identifier option
skipping to change at page 25, line 4 skipping to change at page 22, line 43
Clients MUST discard any received Renew messages. Clients MUST discard any received Renew messages.
Servers MUST discard any received Renew message that meets any of the Servers MUST discard any received Renew message that meets any of the
following conditions: following conditions:
- the message does not include a Server Identifier option - the message does not include a Server Identifier option
- the contents of the Server Identifier option do not match the - the contents of the Server Identifier option do not match the
server's identifier server's identifier
- the message does not include a Client Identifier option - the message does not include a Client Identifier option
15.7. Rebind message 15.7. Rebind message
Clients MUST discard any received Rebind messages. Clients MUST discard any received Rebind messages.
Servers MUST discard any received Rebind message that does not Servers MUST discard any received Rebind messages that do not include
include a Client Identifier option. a Client Identifier option or that do include a Server Identifier
option.
15.8. Decline messages 15.8. Decline messages
Clients MUST discard any received Decline messages. Clients MUST discard any received Decline messages.
Servers MUST discard any received Decline message that meets any of Servers MUST discard any received Decline message that meets any of
the following conditions: the following conditions:
- the message does not include a Server Identifier option - the message does not include a Server Identifier option
- the contents of the Server Identifier option do not match the - the contents of the Server Identifier option do not match the
server's identifier server's identifier
- the message does not include a Client Identifier option - the message does not include a Client Identifier option
15.9. Release message 15.9. Release message
Clients MUST discard any received Release messages. Clients MUST discard any received Release messages.
Servers MUST discard any received Decline message that meets any of Servers MUST discard any received Release message that meets any of
the following conditions: the following conditions:
- the message does not include a Server Identifier option - the message does not include a Server Identifier option
- the contents of the Server Identifier option do not match the - the contents of the Server Identifier option do not match the
server's identifier server's identifier
- the message does not include a Client Identifier option - the message does not include a Client Identifier option
15.10. Reply message 15.10. Reply message
skipping to change at page 26, line 4 skipping to change at page 23, line 42
15.10. Reply message 15.10. Reply message
Clients MUST discard any received Reply messages that meet any of the Clients MUST discard any received Reply messages that meet any of the
following conditions: following conditions:
- the message does not include a Server Identifier option - the message does not include a Server Identifier option
- the "transaction-ID" field in the message does not match the - the "transaction-ID" field in the message does not match the
value used in the original message value used in the original message
- the message does not include a Client Identifier option and the - the message does not include a Client Identifier option and the
original message from the client contained a Client Identifier original message from the client contained a Client Identifier
option option
- the message includes a Client Identifier option and the contents - the message includes a Client Identifier option and the contents
of the Client Identifier option does not match the DUID of the of the Client Identifier option does not match the DUID of the
client client or the client did not include a Client Identifier option
in the original message
Servers and relay agents MUST discard any received Reply messages. Servers and relay agents MUST discard any received Reply messages.
15.11. Reconfigure message 15.11. Reconfigure message
Servers and relay agents MUST discard any received Reconfigure Servers and relay agents MUST discard any received Reconfigure
messages. messages.
Clients MUST discard any Reconfigure messages that meet any of the Clients MUST discard any Reconfigure messages that fails any of the
following conditions: following conditions:
- the message does not include a Server Identifier option - the message MUST include a Server Identifier option
- the message does not contain an authentication option - the message MUST include one of the available security
mechanisms:
- the message fails the authentication validation performed by the * the server sends a Reconfigure Nonce option whose value
client matches the current server nonce value known to the client
* the server uses DHCP authentication: beginitemize
* the message MUST contain an authentication option
* the message MUST pass the authentication validation performed
by the client
15.12. Information-request message 15.12. Information-request message
Clients MUST discard any received Information-request messages. Clients MUST discard any received Information-request messages.
Servers MAY discard any received Information-request messages that do
not include a Client Identifier option.
Servers MUST discard any received Information-request message that Servers MUST discard any received Information-request message that
includes a Server Identifier option and the DUID in the option does includes a Server Identifier option and the DUID in the option does
not match the server's DUID. not match the server's DUID.
15.13. Relay-forward message 15.13. Relay-forward message
Clients MUST discard any received Relay-forward messages. Clients MUST discard any received Relay-forward messages.
15.14. Relay-reply message 15.14. Relay-reply message
Clients and servers MUST discard any received Relay-reply messages. Clients and servers MUST discard any received Relay-reply messages.
16. Client Source Address and Interface Selection 16. Client Source Address and Interface Selection
When a client sends a DHCP message to the When a client sends a DHCP message to the
All_DHCP_Relay_Agents_and_Servers multicast address, it MUST All_DHCP_Relay_Agents_and_Servers address, it SHOULD send the
use the IPv6 link-local address assigned to the interface for which message through the interface for which configuration information is
the client is interested in obtaining configuration as the source being requested. However, the client MAY send the message through
address in the header of the IP datagram. another interface attached to the same link if and only if the client
is certain the two interface are attached to the same link. In
When a client sends a DHCP message to the DHCP_Anycast address, it addition, the client MUST use the IPv6 link-local address assigned to
MUST use an address assigned to the interface for which the client the interface for which it is requesting configuration information as
is interested in obtaining configuration, which is suitable for use the source address in the header of the IP datagram.
by the server in responding to the client, as the source address in
the header of the IP datagram. See "Default Address Selection for
IPv6" [4] for more details.
When a client sends a DHCP message directly to a server using unicast When a client sends a DHCP message directly to a server using unicast
(after receiving the Server Unicast option from that server), it MUST (after receiving the Server Unicast option from that server), the
use an address assigned to the interface for which the client is source address in the header of the IP datagram MUST be an address
interested in obtaining configuration, which is suitable for use by assigned to the interface for which the client is interested in
the server in responding to the client, as the source address in the obtaining configuration and which is suitable for use by the server
header of the IP datagram. in responding to the client.
The client MUST transmit the message on the link that the interface
for which configuration information is being obtained is attached
to. The client SHOULD send the message through that interface. The
client MAY send the message through another interface attached to the
same link if and only if the client is certain the two interface are
attached to the same link.
17. DHCP Server Solicitation 17. DHCP Server Solicitation
This section describes how a client locates servers that will assign This section describes how a client locates servers that will assign
addresses to IAs belonging to the client. addresses to IAs belonging to the client.
The client is responsible for creating IAs and requesting that a The client is responsible for creating IAs and requesting that a
server assign configuration information, including IPv6 addresses, server assign configuration information, including IPv6 addresses,
to the IA. The client first creates an IA and assigns it an IAID. to the IA. The client first creates an IA and assigns it an IAID.
The client then transmits a Solicit message containing an IA option The client then transmits a Solicit message containing an IA option
describing the IA. Servers that can assign configuration information describing the IA. Servers that can assign configuration information
to the IA respond to the client with an Advertise message. The to the IA respond to the client with an Advertise message. The
client then initiates a configuration exchange as described in client then initiates a configuration exchange as described in
section 18. section 18.
Whenever a client initiates server solicitation with a Solicit
message, it discards any reconfigure nonce values it may have
previously recorded.
17.1. Client Behavior 17.1. Client Behavior
A client uses the Solicit message to discover DHCP servers configured A client uses the Solicit message to discover DHCP servers configured
to serve addresses on the link to which the client is attached. to serve addresses on the link to which the client is attached.
17.1.1. Creation of Solicit messages 17.1.1. Creation of Solicit messages
The client sets the "msg-type" field to SOLICIT. The client generates The client sets the "msg-type" field to SOLICIT. The client generates
a transaction ID and inserts this value in the "transaction-ID" a transaction ID and inserts this value in the "transaction-ID"
field. field.
The client MUST include a Client Identifier option to identify itself The client MUST include a Client Identifier option to identify itself
to the server. The client MUST include one or more IA options for to the server. The client MUST include one or more IA options for
any IAs to which it wants the server to assign addresses. The client any IAs to which it wants the server to assign addresses. The
MAY include addresses in the IAs as a hint to the server about client MAY include addresses in the IAs as a hint to the server
addresses for which the client has a preference. The client MUST about addresses for which the client has a preference. The client
NOT include any other options except those specifically allowed as MUST NOT include any other options in the Solicit message except as
defined by specific options. specifically allowed in the definition of individual options.
The client may send just IA options for the assignment of The client uses IA options to request the assignment of non-temporary
non-temporary addresses, just IA_TA options for the assignment of addresses and uses IA_TA options to request the assignment of
only temporary options, or a mix of both IA and IA_TA options. temporary addresses. Either IA or IA_TA options, or a combination of
both can be included in DHCP messages.
The client MAY request specific options from the server by including The client MAY request specific options from the server by including
an Option Request option (see section 22.7) indicating the options an Option Request option (see section 22.7) as a hint about the
the client is interested in receiving. The client MAY include options the client is interested in receiving. If the client
options with data values as hints to the server about parameter requires a consistent prioritization of the options it receives, it
values the client would like to have returned. includes an Option Request option indicating the options it needs
(see section 17.2.2). The client MAY include options with data
values as hints to the server about parameter values the client would
like to have returned.
If the client will accept a Reply message with committed address If the client will accept a Reply message with committed address
assignments and other resources in response to the Solicit message, assignments and other resources in response to the Solicit message,
the client includes a Rapid Commit option (see section 22.15) in the the client includes a Rapid Commit option (see section 22.15) in the
Solicit message. Solicit message.
17.1.2. Transmission of Solicit Messages 17.1.2. Transmission of Solicit Messages
The first Solicit message from the client on the interface MUST The first Solicit message from the client on the interface MUST
be delayed by a random amount of time between MIN_SOL_DELAY and be delayed by a random amount of time between MIN_SOL_DELAY and
MAX_SOL_DELAY. In the case of a Solicit message transmitted when DHCP MAX_SOL_DELAY. In the case of a Solicit message transmitted when DHCP
is initiated by IPv6 Neighbor Discovery, the delay gives the amount is initiated by IPv6 Neighbor Discovery, the delay gives the amount
of time to wait after the ManagedFlag changes from FALSE to TRUE (see of time to wait after IPv6 Neighbor Discovery causes the client to
section 5.5.3 of RFC2462). This random delay desynchronizes clients invoke the stateful address autoconfiguration protocol (see section
which start at the same time (for example, after a power outage). 5.5.3 of RFC2462). This random delay desynchronizes clients which
start at the same time (for example, after a power outage).
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
IRT SOL_TIMEOUT IRT SOL_TIMEOUT
MRT SOL_MAX_RT MRT SOL_MAX_RT
MRC 0 MRC 0
MRD 0 MRD 0
If the client has included a Rapid Commit option and is waiting for If the client has included a Rapid Commit option and is waiting for
a Reply message, the client terminates the retransmission process as a Reply message, the client terminates the retransmission process
soon as a Reply message is received. as soon as a Reply message is received. If the client receives an
Advertise message that includes a Preference option with a preference
value of 255, the client immediately begins a client-initiated
message exchange (as described in section 18) by sending a Request
message to the server from which the Advertise message was received.
If the client receives an Advertise message that does not include
a Preference option with a preference value of 255, the client
continues to wait until the first RT elapses. If the first RT
elapses and the client has received an Advertise message, the client
SHOULD continue with a client-initiated message exchange by sending a
Request message.
If the client is waiting for an Advertise message, the mechanism in If the client is waiting for an Advertise message, the mechanism in
section 14 is modified as follows for use in the transmission of section 14 is modified as follows for use in the transmission of
Solicit messages. The message exchange is not terminated by the Solicit messages. The message exchange is not terminated by the
receipt of an Advertise before IRT has elapsed. Rather, the client receipt of an Advertise before the first RT has elapsed. Rather, the
collects Advertise messages until IRT has elapsed. Also, the first client collects Advertise messages until the first RT has elapsed.
RT MUST be selected to be strictly greater than IRT by choosing RAND Also, the first RT MUST be selected to be strictly greater than IRT
to be strictly greater than 0. by choosing RAND to be strictly greater than 0.
A client MUST collect Advertise messages for IRT seconds, unless it A client MUST collect Advertise messages for the first RT seconds,
receives an Advertise message with a preference value of 255. The unless it receives an Advertise message with a preference value
preference value is carried in the Preference option (section 22.8). of 255. The preference value is carried in the Preference option
Any Solicit that does not include a Preference option is considered (section 22.8). Any Solicit that does not include a Preference
to have a preference value of 0. If the client receives an Advertise option is considered to have a preference value of 0. If the client
message with a preference value of 255, then the client SHOULD receives an Advertise message with a preference value of 255, then
act immediately on that Advertise message without waiting for any the client SHOULD act immediately on that Advertise message without
additional Advertise messages. waiting for any additional Advertise messages.
If the client does not receive any Advertise messages before IRT If the client does not receive any Advertise messages before
has elapsed, it begins the retransmission mechanism described in the first RT has elapsed, it begins the retransmission mechanism
section 14. The client terminates the retransmission process as described in section 14. The client terminates the retransmission
soon as it receives any Advertise message, and the client acts on process as soon as it receives any Advertise message, and the client
the received Advertise message without waiting for any additional acts on the received Advertise message without waiting for any
Advertise messages. additional Advertise messages.
A DHCP client SHOULD choose MRC and MRD to be 0. If the DHCP client A DHCP client SHOULD choose MRC and MRD to be 0. If the DHCP client
is configured with either MRC or MRD set to a value other than is configured with either MRC or MRD set to a value other than
0, it MUST stop trying to configure the interface if the message 0, it MUST stop trying to configure the interface if the message
exchange fails. After the DHCP client stops trying to configure the exchange fails. After the DHCP client stops trying to configure the
interface, it SHOULD choose to restart the reconfiguration process interface, it SHOULD choose to restart the reconfiguration process
after some external event, such as user input, system restart, or after some external event, such as user input, system restart, or
when the client is attached to a new link. when the client is attached to a new link.
17.1.3. Receipt of Advertise messages 17.1.3. Receipt of Advertise messages
skipping to change at page 30, line 17 skipping to change at page 28, line 21
preference value, addresses advertised, when the advertisement was preference value, addresses advertised, when the advertisement was
received, and so on. received, and so on.
If the client needs to select an alternate server in the case that a If the client needs to select an alternate server in the case that a
chosen server does not respond, the client chooses the next server chosen server does not respond, the client chooses the next server
according to the criteria given above. according to the criteria given above.
17.1.4. Receipt of Reply message 17.1.4. Receipt of Reply message
If the client includes a Rapid Commit option in the Solicit message, If the client includes a Rapid Commit option in the Solicit message,
it will expect a Reply message that includes a Rapid Commit option it will expect a Reply message that includes a Rapid Commit option in
in response. If the client receives a Reply message, it processes response. If the client receives a valid Reply message that includes
the message as described in section 18.1.6. If the client does not a Rapid Commit option, it processes the message as described in
receive a Reply message, the client restarts the server solicitation section 18.1.6.
process by sending a Solicit message that does not include a Rapid
Commit option.
17.2. Server Behavior 17.2. Server Behavior
A server sends an Advertise message in response to Solicit messages A server sends an Advertise message in response to valid Solicit
it receives to announce the availability of the server to the client. messages it receives to announce the availability of the server to
the client.
17.2.1. Receipt of Solicit messages 17.2.1. Receipt of Solicit messages
The server determines the information about the client and its The server determines the information about the client and its
location as described in section 11 and checks its administrative location as described in section 11 and checks its administrative
policy about responding to the client. If the server is not policy about responding to the client. If the server is not
permitted to respond to the client, the server discards the Solicit permitted to respond to the client, the server discards the Solicit
message. message.
If the client has included a Rapid Commit option in the Solicit If the client has included a Rapid Commit option in the Solicit
message and the server has been configured to respond with committed message and the server has been configured to respond with committed
address assignments and other resources, the server responds to the address assignments and other resources, the server responds to the
Solicit with a Reply message as described in section 17.2.3. Solicit with a Reply message as described in section 17.2.3. If the
server has been configured to respond to the client but has not been
configured to respond with committed address assignments and other
resources, the server responds with an Advertise message.
Otherwise, the server generates and sends an Advertise message to the Otherwise, the server generates and sends an Advertise message to the
client. client.
17.2.2. Creation and transmission of Advertise messages 17.2.2. Creation and transmission of Advertise messages
The server sets the "msg-type" field to ADVERTISE and copies the The server sets the "msg-type" field to ADVERTISE and copies the
contents of the transaction-ID field from the Solicit message contents of the transaction-ID field from the Solicit message
received from the client to the Advertise message. The server received from the client to the Advertise message. The server
includes its server identifier in a Server Identifier option. includes its server identifier in a Server Identifier option and
copies the Client Identifier from the Solicit message into the
Advertise message.
The server MAY add a Preference option to carry the preference value The server MAY add a Preference option to carry the preference value
for the Advertise message. The server implementation SHOULD allow for the Advertise message. The server implementation SHOULD allow
the setting of a server preference value by the administrator. the setting of a server preference value by the administrator.
The server preference value MUST default to zero unless otherwise The server preference value MUST default to zero unless otherwise
configured by the server administrator. configured by the server administrator.
The server MUST include IA options in the Advertise message The server MUST include IA options in the Advertise message
containing any addresses that would be assigned to IAs contained in containing any addresses that would be assigned to IAs contained in
the Solicit message from the client. the Solicit message from the client.
If the server will not assign any addresses to IAs in a subsequent If the server will not assign any addresses to IAs in a subsequent
Request from the client, the server MUST send an Advertise message to Request from the client, the server MUST send an Advertise message to
the client that includes only a status code option with the status the client that includes only a status code option with the status
code set to AddrUnavail and a status message for the user. code set to AddrUnavail and a status message for the user.
The server MAY include other options the server will return to the The server includes other options the server will return to the
client in a subsequent Reply message. The information in these client in a subsequent Reply message. The server SHOULD limit the
options will be used by the client in the selection of a server if options returned to the client so that the DHCP message header and
the client receives more than one Advertise message. The server options do not cause fragmentation. The information in these options
SHOULD include options specifying values for options requested by the will be used by the client in the selection of a server if the client
client in an Option Request Option included in the Solicit message. receives more than one Advertise message. If the client has included
an Option Request option in the Solicit message, the server uses that
option as a hint about the options the client has a preference for
receiving from the server.
If the Solicit message was received directly by the server, the If the Solicit message was received directly by the server, the
server unicasts the Advertise message directly to the client using server unicasts the Advertise message directly to the client using
the address in the source address field from the IP datagram in the address in the source address field from the IP datagram in
which the Solicit message was received. The Advertise message MUST which the Solicit message was received. The Advertise message MUST
be unicast through the interface on which the Solicit message was be unicast through the interface on which the Solicit message was
received. received.
If the Solicit message was received in a Relay-forward message, If the Solicit message was received in a Relay-forward message,
the server constructs a Relay-reply message with the Advertise the server constructs a Relay-reply message with the Advertise
message in the payload of a "server-message" option. The server message in the payload of a "server-message" option. If the
unicasts the Relay-reply message directly to the relay agent using Relay-forward messages included an Interface-id option, the server
the address in the source address field from the IP datagram in which copies that option to the Relay-reply message. The server unicasts
the Relay-forward message was received. the Relay-reply message directly to the relay agent using the
address in the source address field from the IP datagram in which the
Relay-forward message was received.
17.2.3. Creation and Transmission of Reply messages 17.2.3. Creation and Transmission of Reply messages
The server MUST commit the assignment of any addresses or other The server MUST commit the assignment of any addresses or other
configuration information message before sending a Reply message to a configuration information message before sending a Reply message to a
client in response to a Solicit message. client in response to a Solicit message.
DISCUSSION: DISCUSSION:
When using the Solicit-Advertise message exchange, a server When using the Solicit-Advertise message exchange, a server
skipping to change at page 32, line 19 skipping to change at page 30, line 37
a Request message for those addresses. a Request message for those addresses.
Typically, servers that are configured to use the Typically, servers that are configured to use the
Solicit-Reply message exchange will be deployed so that only Solicit-Reply message exchange will be deployed so that only
one server will respond to a Solicit message. If more than one server will respond to a Solicit message. If more than
one server responds, the client will only use the addresses one server responds, the client will only use the addresses
from one of the servers and the addresses from the other from one of the servers and the addresses from the other
servers will be committed to the client but not used by the servers will be committed to the client but not used by the
client. client.
The problem of unused addresses can be minimized, for
example, by designing the DHCP service so that only one
server responds to the Solicit or by using relatively short
lifetimes for assigned addresses.
The server includes a Rapid Commit option in the Reply message to The server includes a Rapid Commit option in the Reply message to
indicate that the Reply is in response to a Solicit message. indicate that the Reply is in response to a Solicit message.
The server produces the Reply message as though it had received The server produces the Reply message as though it had received
a Request message, as described in section 18.2.1. The server a Request message, as described in section 18.2.1. The server
transmits the Reply message as described in section 18.2.8. transmits the Reply message as described in section 18.2.8.
18. DHCP Client-Initiated Configuration Exchange 18. DHCP Client-Initiated Configuration Exchange
A client initiates a message exchange with a server or servers A client initiates a message exchange with a server or servers
skipping to change at page 32, line 42 skipping to change at page 31, line 13
so by the application layer, when required by Stateless Address so by the application layer, when required by Stateless Address
Autoconfiguration or as required to extend the lifetime of an address Autoconfiguration or as required to extend the lifetime of an address
(Rebind and Renew messages). (Rebind and Renew messages).
18.1. Client Behavior 18.1. Client Behavior
A client will use Request, Confirm, Renew, Rebind and A client will use Request, Confirm, Renew, Rebind and
Information-request messages to acquire and confirm the Information-request messages to acquire and confirm the
validity of configuration information. The client uses the server validity of configuration information. The client uses the server
identifier information and information about IAs from previous identifier information and information about IAs from previous
Advertise messages for use in constructing Request messages. Advertise messages for use in constructing these messages.
18.1.1. Creation and transmission of Request messages 18.1.1. Creation and transmission of Request messages
The client uses a Request message to populate IAs with addresses The client uses a Request message to populate IAs with addresses
and obtain other configuration information. The client includes and obtain other configuration information. The client includes
one or more IA options in the Request message, with addresses and one or more IA options in the Request message, with addresses and
information about the IAs that were obtained from the server in a information about the IAs that were obtained from the server in a
previous Advertise message. The server then returns addresses and previous Advertise message. The server then returns addresses and
other information about the IAs to the client in IA options in a other information about the IAs to the client in IA options in a
Reply message. Reply message.
skipping to change at page 33, line 16 skipping to change at page 31, line 36
"transaction-ID" field. "transaction-ID" field.
The client places the identifier of the destination server in a The client places the identifier of the destination server in a
Server Identifier option. Server Identifier option.
The client MUST include a Client Identifier option to identify itself The client MUST include a Client Identifier option to identify itself
to the server. The client adds any other appropriate options, to the server. The client adds any other appropriate options,
including one or more IA options (if the client is requesting that including one or more IA options (if the client is requesting that
the server assign it some network addresses). the server assign it some network addresses).
If the client chooses to request specific options from the server, The client MAY request specific options from the server by including
it does so by including an Option Request option (see section 22.7), an Option Request option (see section 22.7) as a hint about the
which MUST include all of the options the client is requesting. The options the client is interested in receiving. If the client
client MAY include options with data values as hints to the server requires a consistent prioritization of the options it receives, it
about parameter values the client would like to have returned. includes an Option Request option indicating the options it needs
(see section 18.2.1). The client MAY include options with data
values as hints to the server about parameter values the client would
like to have returned.
If the client has a source address of sufficient scope that can be If the client has a source address of sufficient scope that can be
used by the server as a return address and the client has received used by the server as a return address and the client has received
a Server Unicast option (section 22.13) from the server, the client a Server Unicast option (section 22.13) from the server, the client
SHOULD unicast the Request message to the server. SHOULD unicast the Request message to the server.
DISCUSSION: DISCUSSION:
Use of multicast or anycast on a link and relay agents Use of multicast on a link and relay agents enables the
enables the inclusion of relay agent options in all messages inclusion of relay agent options in all messages sent by the
sent by the client. The server should enable the use of client. The server should enable the use of unicast only
unicast only when relay agent options will not be used. when relay agent options will not be used.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
IRT REQ_TIMEOUT IRT REQ_TIMEOUT
MRT REQ_MAX_RT MRT REQ_MAX_RT
MRC REQ_MAX_RC MRC REQ_MAX_RC
skipping to change at page 34, line 33 skipping to change at page 33, line 4
acceptability of the addresses with the status in the Reply message acceptability of the addresses with the status in the Reply message
it returns to the client. it returns to the client.
The client sets the "msg-type" field to CONFIRM. The client generates The client sets the "msg-type" field to CONFIRM. The client generates
a transaction ID and inserts this value in the "transaction-ID" a transaction ID and inserts this value in the "transaction-ID"
field. field.
The client MUST include a Client Identifier option to identify itself The client MUST include a Client Identifier option to identify itself
to the server. The client adds any appropriate options, including to the server. The client adds any appropriate options, including
one or more IA options. The client MUST include the addresses the one or more IA options. The client MUST include the addresses the
client currently has associated with those IAs. client currently has associated with those IAs. The client fills in
the T1 and T2 fields in the IA options and the preferred-lifetime and
valid-lifetime fields in the IA Address options with preferred values
or 0 if the client has no preference about those values.
If the client chooses to request specific options from the server, The client MAY request specific options from the server by including
it does so by including an Option Request option (see section 22.7, an Option Request option (see section 22.7) as a hint about the
which MUST include all of the options the client is requesting. The options the client is interested in receiving. If the client
client MAY include options with data values as hints to the server requires a consistent prioritization of the options it receives, it
about parameter values the client would like to have returned. includes an Option Request option indicating the options it needs
(see section 18.2.2). The client MAY include options with data
values as hints to the server about parameter values the client would
like to have returned.
When the client sends the Confirm message, it MUST use an IPv6 When the client sends the Confirm message, it MUST use an IPv6
address that the client has confirmed to be valid on the link to address that the client has confirmed to be valid on the link to
which it is currently attached and that is assigned to the interface which it is currently attached and that is assigned to the interface
for which the client is interested in obtaining configuration for which the client is interested in obtaining configuration
information as the source address in the IP header of the datagram information as the source address in the IP header of the datagram
carrying the Confirm message. carrying the Confirm message.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
skipping to change at page 35, line 45 skipping to change at page 34, line 25
The client places the identifier of the destination server in a The client places the identifier of the destination server in a
Server Identifier option. Server Identifier option.
The client MUST include a Client Identifier option to identify The client MUST include a Client Identifier option to identify
itself to the server. The client adds any appropriate options, itself to the server. The client adds any appropriate options,
including one or more IA options. The client MUST include the list including one or more IA options. The client MUST include the list
of addresses the client currently has associated with the IAs in the of addresses the client currently has associated with the IAs in the
Renew message. Renew message.
If the client chooses to request specific options from the server, The client MAY request specific options from the server by including
it does so by including an Option Request option (see section 22.7), an Option Request option (see section 22.7) as a hint about the
which MUST include all of the options the client is requesting. The options the client is interested in receiving. If the client
client MAY include options with data values as hints to the server requires a consistent prioritization of the options it receives, it
about parameter values the client would like to have returned. includes an Option Request option indicating the options it needs
(see section 18.2.3). The client MAY include options with data
values as hints to the server about parameter values the client would
like to have returned.
If the client has a source address of sufficient scope that can be If the client has a source address of sufficient scope that can be
used by the server as a return address and the client has received a used by the server as a return address and the client has received a
Server Unicast option (see section 22.13) from the server, the client Server Unicast option (see section 22.13) from the server, the client
SHOULD unicast the Renew message to the server. SHOULD unicast the Renew message to the server.
DISCUSSION: DISCUSSION:
Use of multicast or anycast on a link and relay agents Use of multicast on a link and relay agents enables the
enables the inclusion of relay agent options in all messages inclusion of relay agent options in all messages sent by
sent by the client. The server MUST NOT enable the use of the client. The server MUST NOT enable the use of unicast
unicast for a client when relay agent options are required for a client when relay agent options are required for that
for that client. client.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
IRT REN_TIMEOUT IRT REN_TIMEOUT
MRT REP_MAX_RT MRT REP_MAX_RT
MRC 0 MRC 0
MRD 0 MRD Remaining time until T2
The message exchange is terminated when time T2 is reached (see
The mechanism in section 14 is modified as follows for use in the section 18.1.4), at which time the client begins a Rebind message
transmission of Renew messages. The message exchange is terminated exchange.
when time T2 is reached (see section 18.1.4), at which time the
client begins a Rebind message exchange.
18.1.4. Creation and transmission of Rebind messages 18.1.4. Creation and transmission of Rebind messages
At time T2 for an IA (which will only be reached if the server to At time T2 for an IA (which will only be reached if the server to
which the Renew message was sent at time T1 has not responded), which the Renew message was sent at time T1 has not responded),
the client initiates a Rebind/Reply message exchange. The client the client initiates a Rebind/Reply message exchange with any
available server. The client sends the Rebind message to the
All_DHCP_Relay_Agents_and_Servers multicast address. The client
includes an IA option with all addresses currently assigned to the IA includes an IA option with all addresses currently assigned to the IA
in its Rebind message. in its Rebind message.
The client sets the "msg-type" field to REBIND. The client generates The client sets the "msg-type" field to REBIND. The client generates
a transaction ID and inserts this value in the "transaction-ID" a transaction ID and inserts this value in the "transaction-ID"
field. field.
The client MUST include a Client Identifier option to identify The client MUST include a Client Identifier option to identify
itself to the server. The client adds any appropriate options, itself to the server. The client adds any appropriate options,
including one or more IA options. The client MUST include the list including one or more IA options. The client MUST include the list
of addresses the client currently has associated with the IAs in the of addresses the client currently has associated with the IAs in the
Rebind message. Rebind message.
If the client chooses to request specific options from the server, The client MAY request specific options from the server by including
it does so by including an Option Request option (see section 22.7), an Option Request option (see section 22.7) as a hint about the
which MUST include all of the options the client is requesting. The options the client is interested in receiving. If the client
client MAY include options with data values as hints to the server requires a consistent prioritization of the options it receives, it
about parameter values the client would like to have returned. includes an Option Request option indicating the options it needs
(see section 18.2.4). The client MAY include options with data
values as hints to the server about parameter values the client would
like to have returned.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
IRT REB_TIMEOUT IRT REB_TIMEOUT
MRT REB_MAX_RT MRT REB_MAX_RT
MRC 0 MRC 0
MRD 0 MRD Remaining time until valid lifetimes of all addresses have
expired
The mechanism in section 14 is modified as follows for use in the The mechanism in section 14 is modified as follows for use in the
transmission of Rebind messages. The message exchange is terminated transmission of Rebind messages. The message exchange is terminated
when the lifetimes of all of the addresses assigned to the IA expire when the valid lifetimes of all of the addresses assigned to the
(see section 10), at which time the client has several alternative IA expire (see section 10), at which time the client has several
actions to choose from: alternative actions to choose from:
- The client may choose to use a Solicit message to locate a new - The client may choose to use a Solicit message to locate a new
DHCP server and send a Request for the expired IA to the new DHCP server and send a Request for the expired IA to the new
server server
- The client may have other addresses in other IAs, so the client - The client may have other addresses in other IAs, so the client
may choose to discard the expired IA and use the addresses in the may choose to discard the expired IA and use the addresses in the
other IAs other IAs
18.1.5. Creation and Transmission of Information-request messages 18.1.5. Creation and Transmission of Information-request messages
skipping to change at page 37, line 39 skipping to change at page 36, line 28
The client sets the "msg-type" field to INFORMATION-REQUEST. The The client sets the "msg-type" field to INFORMATION-REQUEST. The
client generates a transaction ID and inserts this value in the client generates a transaction ID and inserts this value in the
"transaction-ID" field. "transaction-ID" field.
The client SHOULD include a Client Identifier option to identify The client SHOULD include a Client Identifier option to identify
itself to the server. If the client does not include a Client itself to the server. If the client does not include a Client
Identifier option, the server will not be able to return any Identifier option, the server will not be able to return any
client-specific options to the client, or the server may choose not client-specific options to the client, or the server may choose not
to respond to the message at all. to respond to the message at all.
If the client chooses to request specific options from the server, The client MAY request specific options from the server by including
it does so by including an Option Request option (see section 22.7), an Option Request option (see section 22.7) as a hint about the
which MUST include all of the options the client is requesting. The options the client is interested in receiving. If the client
client MAY include options with data values as hints to the server requires a consistent prioritization of the options it receives, it
about parameter values the client would like to have returned. The includes an Option Request option indicating the options it needs
client MUST NOT include any IA options. (see section 18.2.5). The client MAY include options with data
values as hints to the server about parameter values the client would
If the client has an IPv6 address of sufficient scope, the like to have returned.
client MAY choose to send the Information-request message to the
All_DHCP_Servers multicast address.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
IRT INF_TIMEOUT IRT INF_TIMEOUT
MRT INF_MAX_RT MRT INF_MAX_RT
MRC 0 MRC 0
MRD 0 MRD 0
18.1.6. Receipt of Reply message in response to a Request, Confirm, 18.1.6. Receipt of Reply message in response to a Request, Confirm,
Renew, Rebind or Information-request message Renew, Rebind or Information-request message
Upon the receipt of a valid Reply message in response to a Request, Upon the receipt of a valid Reply message in response to a Request,
Confirm, Renew, Rebind or Information-request message, the client Confirm, Renew, Rebind or Information-request message, the client
extracts the configuration information contained in the Reply. The extracts the configuration information contained in the Reply. The
skipping to change at page 38, line 17 skipping to change at page 37, line 5
18.1.6. Receipt of Reply message in response to a Request, Confirm, 18.1.6. Receipt of Reply message in response to a Request, Confirm,
Renew, Rebind or Information-request message Renew, Rebind or Information-request message
Upon the receipt of a valid Reply message in response to a Request, Upon the receipt of a valid Reply message in response to a Request,
Confirm, Renew, Rebind or Information-request message, the client Confirm, Renew, Rebind or Information-request message, the client
extracts the configuration information contained in the Reply. The extracts the configuration information contained in the Reply. The
client MAY choose to report any status code or message from the client MAY choose to report any status code or message from the
status code option in the Reply message. status code option in the Reply message.
The client SHOULD perform duplicate address detection [19] on each The client SHOULD perform duplicate address detection [18] on each
of the addresses in any IAs it receives in the Reply message before of the addresses in any IAs it receives in the Reply message before
using that address for traffic. If any of the addresses are found using that address for traffic. If any of the addresses are found
to be in use on the link, the client sends a Decline message to the to be in use on the link, the client sends a Decline message to the
server as described in section 18.1.9. server as described in section 18.1.9.
The client records the T1 and T2 times for each IA in the Reply The client records the T1 and T2 times for each IA in the Reply
message. The client records any addresses included with IAs in message. The client records any addresses included with IAs in
the Reply message. The client updates the preferred and valid the Reply message. The client updates the preferred and valid
lifetimes for the addresses in the IA from the lifetime information lifetimes for the addresses in the IA from the lifetime information
in the IA option. The client leaves any addresses that the client in the IA option. The client leaves any addresses that the client
has associated with the IA that are not included in the IA option has associated with the IA that are not included in the IA option
unchanged. unchanged.
If the Reply was received in response to a Renew or Rebind message, If the Reply was received in response to a Request, Renew or Rebind
the client must update the information in any IA option contained in message, the client must update the information in any IA option
the Reply message. The client adds any new addresses from the IA contained in the Reply message. The client adds any new addresses
option to the IA, updates lifetimes for existing addresses in the IA from the IA option to the IA, updates lifetimes for existing
from the IA option and discards any addresses with a lifetime of zero addresses in the IA from the IA option and discards any addresses
in the IA option. with a lifetime of zero in the IA option.
Management of the specific configuration information is detailed in Management of the specific configuration information is detailed in
the definition of each option, in section 22. the definition of each option, in section 22.
When the client receives a NotOnLink status in an IA from the server When the client receives a NotOnLink status in an IA from the server
in response to a Confirm message, the client can assume it needs to in response to a Confirm message, the client can assume it needs to
send a Request to the server to obtain appropriate addresses for the send a Request to the server to obtain appropriate addresses for the
IA. If the client receives any Reply messages that do not indicate IA. If the client receives any Reply messages that do not indicate
a NotOnLink status, the client can use the addresses in the IA and a NotOnLink status, the client can use the addresses in the IA and
ignore any messages that do indicate a NotOnLink status. ignore any messages that do indicate a NotOnLink status.
When the client receives an AddrUnavail status in an IA from the
server for a Request message the client will have to find a new
server to create an IA.
When the client receives a NoBinding status in an IA from the server When the client receives a NoBinding status in an IA from the server
for a Renew message the client can assume it needs to send a Request for a Renew message the client can assume it needs to send a Request
to reestablish an IA with the server. to reestablish an IA with the server.
When the client receives an AddrUnavail status in an IA from the
server for a Renew message the client can assume it needs to send a
Request to reestablish an IA with the server.
When the client receives a NoBinding status in an IA from the server When the client receives a NoBinding status in an IA from the server
for a Rebind message the client can assume it needs to send a Request for a Rebind message the client can assume it needs to send a Request
to reestablish an IA with the server or try another server. to reestablish an IA with the server or try another server.
When the client receives an AddrUnavail status in an IA from the When the client receives an AddrUnavail status in an IA from the
server for a Rebind message the client can assume it needs to send a server for a Rebind message the client can assume it needs to send a
Request to reestablish an IA with the server or try another server. Request to reestablish an IA with the server or try another server.
18.1.7. Creation and transmission of Release messages 18.1.7. Creation and transmission of Release messages
skipping to change at page 39, line 50 skipping to change at page 38, line 26
the source address in the Release message or in any subsequently the source address in the Release message or in any subsequently
transmitted message. transmitted message.
If the client has a source address of sufficient scope that can be If the client has a source address of sufficient scope that can be
used by the server as a return address and the client has received used by the server as a return address and the client has received
a Server Unicast option (section 22.13) from the server, the client a Server Unicast option (section 22.13) from the server, the client
SHOULD unicast the Release message to the server. SHOULD unicast the Release message to the server.
DISCUSSION: DISCUSSION:
Use of multicast or anycast on a link and relay agents Use of multicast on a link and relay agents enables the
enables the inclusion of relay agent options in all messages inclusion of relay agent options in all messages sent by
sent by the client. The server MUST NOT enable the use of the client. The server MUST NOT enable the use of unicast
unicast for a client when relay agent options are required for a client when relay agent options are required for that
for that client. client.
The client SHOULD choose to guarantee the delivery of the Release The client SHOULD choose to guarantee the delivery of the Release
message using the retransmission strategy in section 14. An example message using the retransmission strategy in section 14. An example
of a situation in which a client would not guarantee delivery would of a situation in which a client would not guarantee delivery would
be when the client is powering down or restarting because of some be when the client is powering down or restarting because of some
error condition. error condition.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
skipping to change at page 40, line 26 skipping to change at page 38, line 53
MRT 0 MRT 0
MRC REL_MAX_MRC MRC REL_MAX_MRC
MRD 0 MRD 0
The client MUST abandon the attempt to release addresses if the The client MUST abandon the attempt to release addresses if the
Release message exchange fails. Release message exchange fails.
The client MUST stop using all of the addresses being released as The client MUST stop using all of the addresses being released as
soon as the client begins the Release message exchange process. soon as the client begins the Release message exchange process. If
If addresses are released but the Reply from a DHCP server is addresses are released but the Reply from a DHCP server is lost,
lost, the client will retransmit the Release message, and the the client will retransmit the Release message, and the server may
server may respond with a Reply indicating a status of "Nobinding". respond with a Reply indicating a status of NoBinding. Therefore,
Therefore, the client does not treat a Reply message with a status the client does not treat a Reply message with a status of NoBinding
of "Nobinding" in a Release message exchange as if it indicates an in a Release message exchange as if it indicates an error.
error.
Note that if the client fails to release the addresses, the addresses Note that if the client fails to release the addresses, the addresses
assigned to the IA will be reclaimed by the server when the lifetime assigned to the IA will be reclaimed by the server when the lifetime
of the address expires. of the address expires.
18.1.8. Receipt of Reply message in response to a Release message 18.1.8. Receipt of Reply message in response to a Release message
Upon receipt of a valid Reply message, the client can consider the Upon receipt of a valid Reply message, the client can consider the
Release event successful. Release event successful.
skipping to change at page 41, line 16 skipping to change at page 39, line 42
the source address in the Decline message or in any subsequently the source address in the Decline message or in any subsequently
transmitted message. transmitted message.
If the client has a source address of sufficient scope that can be If the client has a source address of sufficient scope that can be
used by the server as a return address and the client has received used by the server as a return address and the client has received
a Server Unicast option (section 22.13) from the server, the client a Server Unicast option (section 22.13) from the server, the client
SHOULD unicast the Decline message to the server. SHOULD unicast the Decline message to the server.
DISCUSSION: DISCUSSION:
Use of multicast or anycast on a link and relay agents Use of multicast on a link and relay agents enables the
enables the inclusion of relay agent options in all messages inclusion of relay agent options in all messages sent by
sent by the client. The server MUST NOT enable the use of the client. The server MUST NOT enable the use of unicast
unicast for a client when relay agent options are required for a client when relay agent options are required for that
for that client. client.
The client transmits the message according to section 14, using the The client transmits the message according to section 14, using the
following parameters: following parameters:
IRT DEC_TIMEOUT IRT DEC_TIMEOUT
MRT DEC_MAX_RT MRT DEC_MAX_RT
MRC DEC_MAX_RC MRC DEC_MAX_RC
MRD 0 MRD 0
The client MUST abandon the attempt to decline addresses if the The client MUST abandon the attempt to decline addresses if the
Decline message exchange fails. Decline message exchange fails.
If addresses are released but the Reply from a DHCP server is lost,
the client will retransmit the Decline message, and the server may
respond with a Reply indicating a status of NoBinding. Therefore,
the client does not treat a Reply message with a status of NoBinding
in a Decline message exchange as if it indicates an error.
18.1.10. Receipt of Reply message in response to a Decline message 18.1.10. Receipt of Reply message in response to a Decline message
Upon receipt of a valid Reply message, the client can consider the Upon receipt of a valid Reply message, the client can consider the
Decline event successful. Decline event successful.
18.2. Server Behavior 18.2. Server Behavior
For this discussion, the Server is assumed to have been configured in For this discussion, the Server is assumed to have been configured in
an implementation specific manner with configuration of interest to an implementation specific manner with configuration of interest to
clients. clients.
skipping to change at page 42, line 11 skipping to change at page 40, line 42
discards the Request message and responds with a Reply message discards the Request message and responds with a Reply message
containing a status code option with value UseMulticast and no other containing a status code option with value UseMulticast and no other
options. options.
When the server receives a Request the client is requesting the When the server receives a Request the client is requesting the
configuration of IAs by the server. The server creates the bindings configuration of IAs by the server. The server creates the bindings
for that client according to the server's policy and configuration for that client according to the server's policy and configuration
information and records the IAs and other information about the information and records the IAs and other information about the
client. client.
The server contructs a Reply message by setting the "msg-type" field The server constructs a Reply message by setting the "msg-type" field
to REPLY, copying the transaction ID from the Request message into to REPLY, copying the transaction ID from the Request message into
the transaction-ID field. the transaction-ID field.
The server MUST include a Server Identifier option containing the The server MUST include a Server Identifier option containing the
server's DUID and the Client Identifier option from the Request server's DUID and the Client Identifier option from the Request
message in the Reply message. message in the Reply message.
If the server finds that the prefix on one or more IP addresses in If the server finds that the prefix on one or more IP addresses in
any IA in the message from the client is not a valid prefix for the any IA in the message from the client is not a valid prefix for the
link to which the client is connected, the server MUST return the IA link to which the client is connected, the server MUST return the IA
skipping to change at page 42, line 33 skipping to change at page 41, line 14
If the server cannot assign any addresses to any of the IAs in the If the server cannot assign any addresses to any of the IAs in the
message from the client, the server MUST include the IAs in the Reply message from the client, the server MUST include the IAs in the Reply
message with the status field set to AddrUnavail and no addresses in message with the status field set to AddrUnavail and no addresses in
the IA. the IA.
For any IAs to which the server can assign addresses, the server For any IAs to which the server can assign addresses, the server
includes the IA with addresses and other configuration parameters and includes the IA with addresses and other configuration parameters and
records the IA as a new client binding. records the IA as a new client binding.
The server adds options to the Reply message for any other If the server will use a reconfigure nonce value for security of
configuration information to be assigned to the client. If the Reconfigure messages, the server generates a new nonce value for the
Request message contained an Option Request option, the server MUST client, records the value and includes it in a Reconfigure Nonce
include options in the Reply message for any options in the Option option (see section 22.21) in the Reply message.
Request option the server is configured to return to the client. The
server MAY choose to return other options not specified in the Option The server includes other options containing configuration
Request option. information to be returned to the client. The server SHOULD limit
the options returned to the client so that the DHCP message header
and options do not cause fragmentation. If the client has included
an Option Request option in the Solicit message, the server uses that
option as a hint about the options the client has a preference for
receiving from the server.
18.2.2. Receipt of Confirm messages 18.2.2. Receipt of Confirm messages
When the server receives a Confirm message, the client is requesting When the server receives a Confirm message, the client is requesting
confirmation that the configuration information it will use is valid. confirmation that the IP addresses it will use is valid and
The server locates the binding for that client and compares the requesting the most current configuration information for the client.
information in the Confirm message from the client to the information The server compares the addresses in the IA Address options in the
associated with that client. Confirm message from the client with the addresses in the binding for
the client.
If the server finds that the information for the client does not If the server finds that the addresses in the Confirm message do not
match what is in the binding for that client or the configuration match what is in the binding for that client or the addresses in
information is not valid, the server sends a Reply message containing the Confirm message are not appropriate for the link from which the
a Status Code option with the value ConfNoMatch. client sent the Confirm message, the server sends a Reply message
containing a Status Code option with the value ConfNoMatch.
If the server finds that the information for the client does match If the server finds that the addresses in the Confirm message match
the information in the binding for that client, and the configuration the addresses in the binding for that client, and the configuration
information is still valid, the server sends a Reply message information is still valid, the server sends a Reply message
containing a Status Code option with the value Success. containing a Status Code option with the value Success.
If the server cannot determine if the information in the Confirm If the server cannot determine if the information in the Confirm
message is valid or invalid, the server MUST NOT send a reply to the message is valid or invalid, the server MUST NOT send a reply to the
client. For example, if the server does not have a binding for the client. For example, if the server does not have a binding for the
client, but the configuration information in the Confirm message client, but the configuration information in the Confirm message
appears valid, the server does not reply. appears valid, the server does not reply.
The server contructs a Reply message by setting the "msg-type" field The server constructs a Reply message by setting the "msg-type" field
to REPLY, copying the transaction ID from the Confirm message into to REPLY, copying the transaction ID from the Confirm message into
the transaction-ID field. the transaction-ID field.
The server MUST include a Server Identifier option containing the The server MUST include a Server Identifier option containing the
server's DUID and the Client Identifier option from the Confirm server's DUID and the Client Identifier option from the Confirm
message in the Reply message. message in the Reply message.
The server includes IA options for each of the IA options in the
Confirm message. The server chooses values for T1, T2 and lifetimes
for each of the addresses in the IAs according to the server's
configured policies. The values for T1, T2 and the lifetimes sent by
the client are the client's preferences for those values. The server
also includes options for any other configuration information to be
sent to the client.
The server includes other options containing configuration
information to be returned to the client. The server SHOULD limit
the options returned to the client so that the DHCP message header
and options do not cause fragmentation. If the client has included
an Option Request option in the Renew message, the server uses that
option as a hint about the options the client has a preference for
receiving from the server.
The Reply message from the server MUST include a Status Code option. The Reply message from the server MUST include a Status Code option.
18.2.3. Receipt of Renew messages 18.2.3. Receipt of Renew messages
When the server receives a Renew message via unicast from a client to When the server receives a Renew message via unicast from a client to
which the server has not sent a unicast option, the server discards which the server has not sent a unicast option, the server discards
the Renew message and responds with a Reply message containing a the Renew message and responds with a Reply message containing a
status code option with value UseMulticast and no other options. status code option with value UseMulticast and no other options.
When the server receives a Renew and IA option from a client it When the server receives a Renew and IA option from a client it
skipping to change at page 43, line 48 skipping to change at page 42, line 52
If the server finds that any of the addresses are no longer valid If the server finds that any of the addresses are no longer valid
for the client, the server returns the address to the client with for the client, the server returns the address to the client with
lifetimes of 0. lifetimes of 0.
If the server finds the addresses in the IA for the client then the If the server finds the addresses in the IA for the client then the
server sends back the IA to the client with new lifetimes and T1/T2 server sends back the IA to the client with new lifetimes and T1/T2
times, and includes a Status Code option with value Success. The times, and includes a Status Code option with value Success. The
server may choose to change the list of addresses and the lifetimes server may choose to change the list of addresses and the lifetimes
of addresses in IAs that are returned to the client. of addresses in IAs that are returned to the client.
The server contructs a Reply message by setting the "msg-type" field The server constructs a Reply message by setting the "msg-type" field
to REPLY, copying the transaction ID from the Renew message into the to REPLY, copying the transaction ID from the Renew message into the
transaction-ID field. transaction-ID field.
The server MUST include a Server Identifier option containing the The server MUST include a Server Identifier option containing the
server's DUID and the Client Identifier option from the Renew message server's DUID and the Client Identifier option from the Renew message
in the Reply message. in the Reply message.
18.2.4. Receipt of Rebind messages 18.2.4. Receipt of Rebind messages
When the server receives a Rebind and IA option from a client it When the server receives a Rebind and IA option from a client it
skipping to change at page 44, line 21 skipping to change at page 43, line 25
If the server cannot find a client entry for the IA the server If the server cannot find a client entry for the IA the server
returns the IA containing no addresses with status set to NoBinding returns the IA containing no addresses with status set to NoBinding
in the Rebind message. in the Rebind message.
If the server finds that the any of the addresses are no longer valid If the server finds that the any of the addresses are no longer valid
for the client, the server returns the address to the client with for the client, the server returns the address to the client with
lifetimes of 0. lifetimes of 0.
If the server finds the addresses in the IA for the client then the If the server finds the addresses in the IA for the client then the
server SHOULD send back the IA to the client with new lifetimes and server SHOULD send back the IA to the client with new lifetimes and
T1/T2 times if the default is not being used. T1/T2 times.
The server contructs a Reply message by setting the "msg-type" field The server constructs a Reply message by setting the "msg-type" field
to REPLY, copying the transaction ID from the Rebind message into the to REPLY, copying the transaction ID from the Rebind message into the
transaction-ID field. transaction-ID field.
The server MUST include a Server Identifier option containing the The server MUST include a Server Identifier option containing the
server's DUID and the Client Identifier option from the Rebind server's DUID and the Client Identifier option from the Rebind
message in the Reply message. message in the Reply message.
The server adds options to the Reply message for any other The server includes other options containing configuration
configuration information to be assigned to the client. If the information to be returned to the client. The server SHOULD limit
Rebind message contained an Option Request option, the server MUST the options returned to the client so that the DHCP message header
include options in the Reply message for any options in the Option and options do not cause fragmentation. If the client has included
Request option the server is configured to return to the client. The an Option Request option in the Rebind message, the server uses that
server MAY choose to return other options not specified in the Option option as a hint about the options the client has a preference for
Request option. receiving from the server.
18.2.5. Receipt of Information-request messages 18.2.5. Receipt of Information-request messages
When the server receives an Information-request message, the When the server receives an Information-request message, the
client is requesting configuration information that does not client is requesting configuration information that does not
include the assignment of any addresses. The server determines all include the assignment of any addresses. The server determines all
configuration parameters appropriate to the client, based on the configuration parameters appropriate to the client, based on the
server configuration policies known to the server. server configuration policies known to the server.
The server contructs a Reply message by setting the "msg-type" field The server constructs a Reply message by setting the "msg-type" field
to REPLY, copying the transaction ID from the Rebind message into the to REPLY, copying the transaction ID from the Information-request
transaction-ID field. message into the transaction-ID field.
The server MUST include a Server Identifier option containing the The server MUST include a Server Identifier option containing the
server's DUID and the Client Identifier option from the Rebind server's DUID in the Reply message. If the client included a Client
message in the Reply message. Identification option in the Information-request message, the server
copies that option to the Reply message.
The server adds options to the Reply message for all of the The server includes options containing configuration information
configuration parameters to be returned to the client. If the to be returned to the client. The server SHOULD limit the options
Information-request message contained an Option Request option, the returned to the client so that the DHCP message header and options
server MUST include options in the Reply message for any options in do not cause fragmentation. If the client has included an Option
the Option Request option the server is configured to return to the Request option in the Information-request message, the server uses
client. The server MAY choose to return other options not specified that option as a hint about the options the client has a preference
in the Option Request option. for receiving from the server.
If the Information-request message received from the client did If the Information-request message received from the client did
not include a Client Identifier option, the server SHOULD respond not include a Client Identifier option, the server SHOULD respond
with a Reply message containing any configuration parameters with a Reply message containing any configuration parameters
that are not determined by the client's identity. If the server that are not determined by the client's identity. If the server
chooses not to respond, the client may continue to retransmit the chooses not to respond, the client may continue to retransmit the
Information-request message indefinitely. Information-request message indefinitely.
18.2.6. Receipt of Release messages 18.2.6. Receipt of Release messages
When the server receives a Release message via unicast from a When the server receives a Release message via unicast from a
client to which the server has not sent a unicast option, the server client to which the server has not sent a unicast option, the server
discards the Release message and responds with a Reply message discards the Release message and responds with a Reply message
containing a status code option with value UseMulticast and no other containing a status code option with value UseMulticast and no other
options. options.
Upon the receipt of a valid Release message, the server examines the Upon the receipt of a valid Release message, the server examines
IAs and the addresses in the IAs for validity. If the IAs in the the IAs and the addresses in the IAs for validity. If the IAs in
message are in a binding for the client and the addresses in the IAs the message are in a binding for the client and the addresses in
have been assigned by the server to those IAs, the server deletes the IAs have been assigned by the server to those IAs, the server
the addresses from the IAs and makes the addresses available for deletes the addresses from the IAs and makes the addresses available
assignment to other clients. The server ignores invalid addresses for assignment to other clients. The server ignores addresses not
(though it may choose to log an error if it finds an invalid assigned to the IA (though it may choose to log an error if it finds
address). such an address).
After all the addresses have been processed, the server generates a After all the addresses have been processed, the server generates a
Reply message and includes a Status Code option with value Success Reply message and includes a Status Code option with value Success,
and a Server Identifier option with the server's DUID. The server a Server Identifier option with the server's DUID and a Client
MUST NOT include any other options in the Reply message. Identifier option with the client's DUID. For each IA in the Release
message for which the server has no binding information, the server
If the server cannot find a binding for the client, the server adds an IA option using the IAID from the Release message and
sends a Reply message that includes a Status Code option with value includes a Status Code option with the value NoBinding in the IA
NoBinding. option. No other options are included in the IA option.
A server may choose to retain a record of assigned addresses and IAs A server may choose to retain a record of assigned addresses and IAs
after the lifetimes on the addresses have expired to allow the server after the lifetimes on the addresses have expired to allow the server
to reassign the previously assigned addresses to a client. to reassign the previously assigned addresses to a client.
18.2.7. Receipt of Decline messages 18.2.7. Receipt of Decline messages
When the server receives a Decline message via unicast from a When the server receives a Decline message via unicast from a
client to which the server has not sent a unicast option, the server client to which the server has not sent a unicast option, the server
discards the Decline message and responds with a Reply message discards the Decline message and responds with a Reply message
containing a status code option with value UseMulticast and no other containing a status code option with value UseMulticast and no other
options. options.
Upon the receipt of a valid Decline message, the server examines the Upon the receipt of a valid Decline message, the server examines the
IAs and the addresses in the IAs for validity. If the IAs in the IAs and the addresses in the IAs for validity. If the IAs in the
message are in a binding for the client and the addresses in the IAs message are in a binding for the client and the addresses in the IAs
have been assigned by the server to those IA, the server deletes have been assigned by the server to those IA, the server deletes
the addresses from the IAs. The server SHOULD mark the addresses the addresses from the IAs. The server SHOULD mark the addresses
declined by the client so that those addresses are not assigned to declined by the client so that those addresses are not assigned to
other clients, and MAY choose to make a notification that addresses other clients, and MAY choose to make a notification that addresses
were declined. The server ignores invalid addresses (though it may were declined. The server ignores addresses not assigned to the IA
choose to log an error if it finds an invalid address). (though it may choose to log an error if it finds such an address).
After all the address have been processed, the server generates a After all the address have been processed, the server generates a
Reply message and includes a Status Code option with value Success Reply message and includes a Status Code option with value Success,
and a Server Identifier option with the server's DUID. The server a Server Identifier option with the server's DUID and a Client
MUST NOT include any other options in the Reply message. Identifier option with the client's DUID. For each IA in the Release
message for which the server has no binding information, the server
adds an IA option using the IAID from the Release message and
includes a Status Code option with the value NoBinding in the IA
option. No other options are included in the IA option.
18.2.8. Transmission of Reply messages 18.2.8. Transmission of Reply messages
If the Request, Confirm, Renew, Rebind, Release, Decline or If the original message was received directly by the server, the
Information-request message from the client was originally received server unicasts the Reply message directly to the client using the
in a Relay-forward message from a relay, the server places the Reply address in the source address field from the IP datagram in which the
message in the options field of a Relay-response message and copies original message was received. The Reply message MUST be unicast
the link-address and client-address fields from the Relay-forward through the interface on which the original message was received.
message into the Relay-response message.
The server then unicasts the Reply or Relay-reply to the source If the original message was received in a Relay-forward message, the
address from the IP datagram in which the original message was server constructs a Relay-reply message with the Reply message in the
payload of a "server-message" option. If the Relay-forward messages
included an Interface-id option, the server copies that option to the
Relay-reply message. The server unicasts the Relay-reply message
directly to the relay agent using the address in the source address
field from the IP datagram in which the Relay-forward message was
received. received.
19. DHCP Server-Initiated Configuration Exchange 19. DHCP Server-Initiated Configuration Exchange
A server initiates a configuration exchange to cause DHCP clients A server initiates a configuration exchange to cause DHCP clients
to obtain new addresses and other configuration information. For to obtain new addresses and other configuration information. For
example, an administrator may use a server-initiated configuration example, an administrator may use a server-initiated configuration
exchange when links in the DHCP domain are to be renumbered. Other exchange when links in the DHCP domain are to be renumbered. Other
examples include changes in the location of directory servers, examples include changes in the location of directory servers,
addition of new services such as printing, and availability of new addition of new services such as printing, and availability of new
skipping to change at page 47, line 11 skipping to change at page 46, line 25
The server sets the "msg-type" field to RECONFIGURE. The server sets The server sets the "msg-type" field to RECONFIGURE. The server sets
the transaction-id field to 0. The server places its identifier in a the transaction-id field to 0. The server places its identifier in a
Server Identifier option. Server Identifier option.
The server MAY include an Option Request option to inform the client The server MAY include an Option Request option to inform the client
of what information has been changed or new information that has been of what information has been changed or new information that has been
added. In particular, the server specifies the IA option in the added. In particular, the server specifies the IA option in the
Option Request option if the server wants the client to obtain new Option Request option if the server wants the client to obtain new
address information. address information.
The server MUST include an authentication option in the Reconfigure Because of the risk of denial of service attacks against DHCP
message. The server MUST include a Reconfigure Message option clients, the use of a security mechanism is mandated in Reconfigure
(defined in section 22.20) to select whether the client responds with messages.The server MUST use one of the following two security
a Renew message or an Information-Request message. mechanisms:
- The server includes a Reconfigure Nonce option containing the
reconfiugre nonce value currently assigned to the client
- The server includes an authentication option in the Reconfigure
message
The server MUST include a Reconfigure Message option (defined in
section 22.20) to select whether the client responds with a Renew
message or an Information-Request message.
The server MUST NOT include any other options in the Reconfigure The server MUST NOT include any other options in the Reconfigure
except as specifically allowed in the definition of individual except as specifically allowed in the definition of individual
options. options.
A server sends each Reconfigure message to a single DHCP client, A server sends each Reconfigure message to a single DHCP client,
using an IPv6 unicast address of sufficient scope belonging to the using an IPv6 unicast address of sufficient scope belonging to the
DHCP client. The server may obtain the address of the client through DHCP client. The server may obtain the address of the client through
the information that the server has about clients that have been in the information that the server has about clients that have been in
contact with the server, or the server may be configured with the contact with the server, or the server may be configured with the
skipping to change at page 47, line 36 skipping to change at page 47, line 10
To reconfigure more than one client, the server unicasts a separate To reconfigure more than one client, the server unicasts a separate
message to each client. The server may initiate the reconfiguration message to each client. The server may initiate the reconfiguration
of multiple clients concurrently; for example, a server may of multiple clients concurrently; for example, a server may
send a Reconfigure message to additional clients while previous send a Reconfigure message to additional clients while previous
reconfiguration message exchanges are still in progress. reconfiguration message exchanges are still in progress.
The Reconfigure message causes the client to initiate a Renew/Reply The Reconfigure message causes the client to initiate a Renew/Reply
or Information-request/Reply message exchange with the server. The or Information-request/Reply message exchange with the server. The
server interprets the receipt of a Renew or Information-request server interprets the receipt of a Renew or Information-request
message from the client as satisfying the Reconfigure message message (whichever was specified in the original Reconfigure message)
request. from the client as satisfying the Reconfigure message request.
19.1.2. Time out and retransmission of Reconfigure messages 19.1.2. Time out and retransmission of Reconfigure messages
If the server does not receive a Renew or Information-request message If the server does not receive a Renew or Information-request message
from the client in RECREP_MSG_TIMEOUT milliseconds, the server from the client in REC_TIMEOUT milliseconds, the server retransmits
retransmits the Reconfigure message, doubles the RECREP_MSG_TIMEOUT the Reconfigure message, doubles the RECREP_TIMEOUT value and
value and waits again. The server continues this process until waits again. The server continues this process until REC_MAX_R
REC_MSG_ATTEMPTS unsuccessful attempts have been made, at which point unsuccessful attempts have been made, at which point the server
the server SHOULD abort the reconfigure process for that client. SHOULD abort the reconfigure process for that client.
Default and initial values for RECREP_MSG_TIMEOUT and Default and initial values for REC_TIMEOUT and REC_MAX_RT are
REC_MSG_ATTEMPTS are documented in section 5.6. documented in section 5.5.
19.1.3. Receipt of Renew messages 19.1.3. Receipt of Renew messages
The server generates and sends Reply message(s) to the client as The server generates and sends Reply message(s) to the client as
described in sections 18.2.3 and 18.2.8, including options for described in sections 18.2.3 and 18.2.8, including options for
configuration parameters. configuration parameters.
The server MAY choose to send a Reply with the IAs and other The server MAY choose to send a Reply with the IAs and other
parameters to be reconfigured, even if those IAs and parameters were parameters to be reconfigured, even if those IAs and parameters were
not requested in the Renew message from the client. not requested in the Renew message from the client.
skipping to change at page 50, line 29 skipping to change at page 49, line 52
client should be assigned an address in the link-address field. This client should be assigned an address in the link-address field. This
address will be used by the server to determine the link from which address will be used by the server to determine the link from which
the client should be assigned an address and other configuration the client should be assigned an address and other configuration
information. information.
If the relay agent cannot use the address in the link-address field If the relay agent cannot use the address in the link-address field
to identify the interface through which the response to the client to identify the interface through which the response to the client
will be forwarded, the relay agent MUST include an Interface-id will be forwarded, the relay agent MUST include an Interface-id
option (see section 22.19) in the Relay-forward message. The server option (see section 22.19) in the Relay-forward message. The server
will include the Interface-id option in its Relay-reply message. will include the Interface-id option in its Relay-reply message.
The relay agent puts the client's address in the link-address field The relay agent fills in the link-address field as described in the
regardless of whether the relay agent includes an Interface-id option previous paragraph regardless of whether the relay agent includes an
in the Relay-forward message. Interface-id option in the Relay-forward message.
The relay agent copies the source address from the IP datagram The relay agent copies the source address from the IP datagram
in which the message was received from the client into the in which the message was received from the client into the
client-address field in the Relay-forward message. client-address field in the Relay-forward message.
The relay agent constructs a Client Message option (see The relay agent constructs a Client Message option (see
section 22.10) that contains the entire message from the client in section 22.10) that contains the entire DHCP message (excluding
the data field of the option. The relay agent places the Client the IP and UDP headers) from the client in the data field of
Message option along with any "relay agent-specific" options in the the option. The relay agent places the Client Message option
options field of the Relay-forward message. The relay agent sends along with any "relay agent-specific" options in the options
the Relay-forward message to the list of server destination addresses field of the Relay-forward message. The relay agent sends the
with which it has been configured or to the All_DHCP_Servers address Relay-forward message to all the servers in the list of server
if it has not been explicitly configured with server destination destination addresses with which it has been configured or to the
addresses. All_DHCP_Servers address if it has not been explicitly configured
with server destination addresses.
20.2. Relaying of server messages 20.2. Relaying of server messages
The relay agent processes any other options included in the The relay agent processes any other options included in the
Relay-reply message as appropriate to those options. The relay Relay-reply message as appropriate to those options. The relay
agents then discards those options. agents then discards those options.
If the Relay-reply message includes a Interface-id option, the relay If the Relay-reply message includes a Interface-id option, the relay
agent forwards the message from the server to the client on the link agent forwards the message from the server to the client on the link
identified by the Interface-id option. Otherwise, the relay agent identified by the Interface-id option. Otherwise, the relay agent
skipping to change at page 51, line 23 skipping to change at page 50, line 50
Some network administrators may wish to provide authentication of Some network administrators may wish to provide authentication of
the source and contents of DHCP messages. For example, clients may the source and contents of DHCP messages. For example, clients may
be subject to denial of service attacks through the use of bogus be subject to denial of service attacks through the use of bogus
DHCP servers, or may simply be misconfigured due to unintentionally DHCP servers, or may simply be misconfigured due to unintentionally
instantiated DHCP servers. Network administrators may wish to instantiated DHCP servers. Network administrators may wish to
constrain the allocation of addresses to authorized hosts to avoid constrain the allocation of addresses to authorized hosts to avoid
denial of service attacks in "hostile" environments where the network denial of service attacks in "hostile" environments where the network
medium is not physically secured, such as wireless networks or medium is not physically secured, such as wireless networks or
college residence halls. college residence halls.
Because of the risk of denial of service attacks against DHCP
clients, the use of authentication is mandated in Reconfigure
messages. A DHCP server MUST include an authentication option in
Reconfigure messages sent to clients.
The DHCP authentication mechanism is based on the design of The DHCP authentication mechanism is based on the design of
authentication for DHCP for IPv4 [6]. authentication for DHCPv4 [5].
21.1. DHCP threat model 21.1. DHCP threat model
The threat to DHCP is inherently an insider threat (assuming a The threat to DHCP is inherently an insider threat (assuming a
properly configured network where DHCPv6 ports are blocked on the properly configured network where DHCPv6 ports are blocked on the
perimeter gateways of the enterprise). Regardless of the gateway perimeter gateways of the enterprise). Regardless of the gateway
configuration, however, the potential attacks by insiders and configuration, however, the potential attacks by insiders and
outsiders are the same. outsiders are the same.
The attack specific to a DHCP client is the possibility of the The attack specific to a DHCP client is the possibility of the
skipping to change at page 52, line 11 skipping to change at page 51, line 34
masquerading as a valid client. The motivation for this may be for masquerading as a valid client. The motivation for this may be for
"theft of service", or to circumvent auditing for any number of "theft of service", or to circumvent auditing for any number of
nefarious purposes. nefarious purposes.
The threat common to both the client and the server is the resource The threat common to both the client and the server is the resource
"denial of service" (DoS) attack. These attacks typically involve "denial of service" (DoS) attack. These attacks typically involve
the exhaustion of valid addresses, or the exhaustion of CPU or the exhaustion of valid addresses, or the exhaustion of CPU or
network bandwidth, and are present anytime there is a shared network bandwidth, and are present anytime there is a shared
resource. resource.
This threat model does not consider the privacy of the contents
of DHCP messages to be important. DHCP is not used to exchange
authentication or configuration information that must be kept secret
from other networks nodes.
21.2. Security of messages sent between servers and relay agents 21.2. Security of messages sent between servers and relay agents
Relay agents and servers that choose to exchange messages securely Relay agents and servers that choose to exchange messages securely
use the IPsec mechanisms for IPv6 [8]. The way in which IPsec use the IPsec mechanisms for IPv6 [8]. The way in which IPsec
is employed by relay agents and servers is not specified in this is employed by relay agents and servers is not specified in this
document. document.
21.3. Summary of DHCP authentication 21.3. Summary of DHCP authentication
Authentication of DHCP messages is accomplished through the use of Authentication of DHCP messages is accomplished through the use of
the Authentication option (see section 22.12). The authentication the Authentication option (see section 22.12). The authentication
information carried in the Authentication option can be used to information carried in the Authentication option can be used to
reliably identify the source of a DHCP message and to confirm that reliably identify the source of a DHCP message and to confirm that
the contents of the DHCP message have not been tampered with. the contents of the DHCP message have not been tampered with.
The Authentication option provides a framework for multiple The Authentication option provides a framework for multiple
authentication protocols. One such protocols is defined here. authentication protocols. One such protocol is defined here.
Other protocols defined in the future will be specified in separate Other protocols defined in the future will be specified in separate
documents. documents.
The protocol field in the Authentication option identifies the The protocol field in the Authentication option identifies the
specific protocol used to generate the authentication information specific protocol used to generate the authentication information
carried in the option. The algorithm field identifies a specific carried in the option. The algorithm field identifies a specific
algorithm within the authentication protocol; for example, the algorithm within the authentication protocol; for example, the
algorithm field specifies the hash algorithm used to generate the algorithm field specifies the hash algorithm used to generate the
message authentication code (MAC) in the authentication option. The message authentication code (MAC) in the authentication option. The
replay detection method (RDM) field specifies the type of replay replay detection method (RDM) field specifies the type of replay
skipping to change at page 53, line 16 skipping to change at page 52, line 39
If the protocol field is 1, the message is using the "delayed If the protocol field is 1, the message is using the "delayed
authentication" mechanism. In delayed authentication, the client authentication" mechanism. In delayed authentication, the client
requests authentication in its Solicit message and the server replies requests authentication in its Solicit message and the server replies
with an Advertise message that includes authentication information. with an Advertise message that includes authentication information.
This authentication information contains a nonce value generated by This authentication information contains a nonce value generated by
the source as a message authentication code (MAC) to provide message the source as a message authentication code (MAC) to provide message
authentication and entity authentication. authentication and entity authentication.
The use of a particular technique based on the HMAC protocol [9] The use of a particular technique based on the HMAC protocol [9]
using the MD5 hash [18] is defined here. using the MD5 hash [17] is defined here.
21.5.1. Management issues in the delayed authentication protocol 21.5.1. Management issues in the delayed authentication protocol
The "delayed authentication" protocol does not attempt to address The "delayed authentication" protocol does not attempt to address
situations where a client may roam from one administrative domain situations where a client may roam from one administrative domain
to another, i.e. interdomain roaming. This protocol is focused on to another, i.e. interdomain roaming. This protocol is focused on
solving the intradomain problem where the out-of-band exchange of a solving the intradomain problem where the out-of-band exchange of a
shared key is feasible. shared key is feasible.
21.5.2. Use of the Authentication option in the delayed authentication 21.5.2. Use of the Authentication option in the delayed authentication
protocol protocol
In a Solicit message, the Authentication option carries the Protocol, In a Solicit message, the Authentication option carries the Protocol,
Algorithm, RDM and Replay detection fields, but no Authentication Algorithm and fields, but no Replay detection or Authentication
information. information.
In an Advertise, Request, Renew, Rebind, Confirm, Decline, Release In an Advertise, Request, Renew, Rebind, Confirm, Decline, Release
or Information-request message, the Authentication option carries or Information-request message, the Authentication option carries
the Protocol, Algorithm, RDM and Replay detection fields and the Protocol, Algorithm, RDM and Replay detection fields and
Authentication information. Authentication information.
A DHCP message MUST NOT contain more than one Authentication option A DHCP message MUST NOT contain more than one Authentication option
when using the delayed authentication protocol. The Authentication when using the delayed authentication protocol.
option should appear as close to the beginning of the options area
in the DHCP message to facilitate processing of the authentication The format of the Authentication information is:
information.The format of the Authentication information is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key ID | | Key ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| HMAC-MD5 | | HMAC-MD5 |
| | | (128 bits) |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The following definitions will be used in the description of the The following definitions will be used in the description of the
authentication information for delayed authentication, algorithm 1: authentication information for delayed authentication, algorithm 1:
Replay Detection - as defined by the RDM field Replay Detection - as defined by the RDM field
K - a key (secret value) shared K - a key (secret value) shared
between the source and between the source and
destination of the message; destination of the message;
each key has a unique each key has a unique
identifier (key ID) identifier (key ID)
key ID - the unique identifier for the key value key ID - the unique identifier for the key value
skipping to change at page 54, line 18 skipping to change at page 53, line 47
K - a key (secret value) shared K - a key (secret value) shared
between the source and between the source and
destination of the message; destination of the message;
each key has a unique each key has a unique
identifier (key ID) identifier (key ID)
key ID - the unique identifier for the key value key ID - the unique identifier for the key value
used to generate the MAC for this message used to generate the MAC for this message
HMAC-MD5 - the MAC generating function. HMAC-MD5 - the MAC generating function.
The sender computes the MAC using the HMAC generation algorithm [9] The sender computes the MAC using the HMAC generation algorithm [9]
and the MD5 hash function [18]. The entire DHCP message (except and the MD5 hash function [17]. The entire DHCP message (setting
the MAC field of the authentication option itself), including the the MAC field to zero), including the DHCP message header and the
DHCP message header and the options field, is used as input to the options field, is used as input to the HMAC-MD5 computation function.
HMAC-MD5 computation function. The 'key ID' field MUST be set to the The 'key ID' field MUST be set to the identifier of the key used to
identifier of the key used to generate the MAC. generate the MAC.
DISCUSSION: DISCUSSION:
Algorithm 1 specifies the use of HMAC-MD5. Use of a Algorithm 1 specifies the use of HMAC-MD5. Use of a
different technique, such as HMAC-SHA, will be specified as different technique, such as HMAC-SHA, will be specified as
a separate protocol. a separate protocol.
Delayed authentication requires a shared secret key for each Delayed authentication requires a shared secret key for each
client on each DHCP server with which that client may wish client on each DHCP server with which that client may wish
to use the DHCP protocol. Each key has a unique identifier to use the DHCP protocol. Each key has a unique identifier
skipping to change at page 54, line 46 skipping to change at page 54, line 27
in which a DHCP client connects to multiple administrative in which a DHCP client connects to multiple administrative
domains. domains.
21.5.3. Message validation 21.5.3. Message validation
To validate an incoming message, the receiver first checks that To validate an incoming message, the receiver first checks that
the value in the replay detection field is acceptable according to the value in the replay detection field is acceptable according to
the replay detection method specified by the RDM field. Next, the the replay detection method specified by the RDM field. Next, the
receiver computes the MAC as described in [9]. The entire DHCP receiver computes the MAC as described in [9]. The entire DHCP
message (except the MAC field of the authentication option itself), message (except the MAC field of the authentication option itself),
is used as input to the HMAC-MDS computation function. If the MAC is used as input to the HMAC-MD5 computation function. If the MAC
computed by the receiver does not match the MAC contained in the computed by the receiver does not match the MAC contained in the
authentication option, the receiver MUST discard the DHCP message. authentication option, the receiver MUST discard the DHCP message.
21.5.4. Key utilization 21.5.4. Key utilization
Each DHCP client has a key, K. The client uses its key to encode Each DHCP client has a key, K. The server uses the client's DUID to
any messages it sends to the server and to authenticate and verify identify the client's key. The client uses its key to encode any
any messages it receives from the server. The client's key SHOULD messages it sends to the server and to authenticate and verify any
be initially distributed to the client through some out-of-band messages it receives from the server. The client's key is initially
mechanism, and SHOULD be stored locally on the client for use in all distributed to the client through some out-of-band mechanism, and
authenticated DHCP messages. Once the client has been given its key, is stored locally on the client for use in all authenticated DHCP
it SHOULD use that key for all transactions even if the client's messages. Once the client has been given its key, it uses that key
configuration changes; for example, if the client is assigned a new for all transactions even if the client's configuration changes; for
network address. example, if the client is assigned a new network address.
Each DHCP server MUST know, or be able to obtain in a secure manner, Each DHCP server knows, or be able to obtain in a secure manner,
the keys for all authorized clients. If all clients use the same the keys for all authorized clients. If all clients use the same
key, clients can perform both entity and message authentication for key, clients can perform both entity and message authentication for
all messages received from servers. However, the sharing of keys all messages received from servers. However, the sharing of keys
is strongly discouraged as it allows for unauthorized clients to is strongly discouraged as it allows for unauthorized clients to
masquerade as authorized clients by obtaining a copy of the shared masquerade as authorized clients by obtaining a copy of the shared
key and allows for trivial spoofing of an authenticated DHCP server. key and allows for trivial spoofing of an authenticated DHCP server.
To authenticate the identity of individual clients, each client must To authenticate the identity of individual clients, each client must
be configured with a unique key. be configured with a unique key and a key ID for that key.
21.5.5. Client considerations for delayed authentication protocol 21.5.5. Client considerations for delayed authentication protocol
21.5.5.1. Sending Solicit messages 21.5.5.1. Sending Solicit messages
When the client sends a Solicit message and wishes to use When the client sends a Solicit message and wishes to use
authentication, it includes an Authentication option with the desired authentication, it includes an Authentication option with the desired
protocol, algorithm, RDM and replay detection field as described protocol, algorithm and RDM as described in section 21.5. The client
in section 21.5. The client does not include any authentication does not include any replay detection or authentication information
information in the Authentication option. in the Authentication option.
21.5.5.2. Receiving Advertise messages 21.5.5.2. Receiving Advertise messages
The client validates any Advertise messages containing an The client validates any Advertise messages containing an
Authentication option specifying the delayed authentication protocol Authentication option specifying the delayed authentication protocol
using the validation test described in section 21.5.3. using the validation test described in section 21.5.3.
Client behavior if no Advertise messages include authentication Client behavior if no Advertise messages include authentication
information or pass the validation test is controlled by local policy information or pass the validation test is controlled by local policy
on the client. According to client policy, the client MAY choose to on the client. According to client policy, the client MAY choose to
skipping to change at page 56, line 37 skipping to change at page 56, line 21
a key that has been selected for the client through some external a key that has been selected for the client through some external
mechanism. mechanism.
21.5.5.5. Receiving Reply messages 21.5.5.5. Receiving Reply messages
If the client authenticated the Advertise it accepted, the client If the client authenticated the Advertise it accepted, the client
MUST validate the associated Reply message from the server. The MUST validate the associated Reply message from the server. The
client MUST discard the Reply if the message fails to pass validation client MUST discard the Reply if the message fails to pass validation
and MAY log the validation failure. If the Reply fails to pass and MAY log the validation failure. If the Reply fails to pass
validation, the client MUST restart the DHCP configuration process by validation, the client MUST restart the DHCP configuration process by
sending a Solicit message. The client MAY choose to remember which sending a Solicit message.
server replied with a Reply message that failed to pass validation
and discard subsequent messages from that server.
If the client accepted an Advertise message that did not include If the client accepted an Advertise message that did not include
authentication information or did not pass the validation test, the authentication information or did not pass the validation test, the
client MAY accept an unauthenticated Reply message from the server. client MAY accept an unauthenticated Reply message from the server.
21.5.5.6. Receiving Reconfigure messages 21.5.5.6. Receiving Reconfigure messages
The client MUST discard the Reconfigure if the message fails to pass The client MUST discard the Reconfigure if the message fails to pass
validation and MAY log the validation failure. validation and MAY log the validation failure.
skipping to change at page 57, line 45 skipping to change at page 57, line 23
If the server has not previously selected a key for the client, the If the server has not previously selected a key for the client, the
server MUST use a key that has been selected for the client through server MUST use a key that has been selected for the client through
some external mechanism. some external mechanism.
22. DHCP options 22. DHCP options
Options are used to carry additional information and parameters Options are used to carry additional information and parameters
in DHCP messages. Every option shares a common base format, as in DHCP messages. Every option shares a common base format, as
described in section 22.1. All values in options are represented in described in section 22.1. All values in options are represented in
network order. network byte order.
This document describes the DHCP options defined as part of the base This document describes the DHCP options defined as part of the base
DHCP specification. Other options may be defined in the future in DHCP specification. Other options may be defined in the future in
separate documents. separate documents.
Unless otherwise noted, each option may appear only in the options Unless otherwise noted, each option may appear only in the options
area of a DHCP message and may appear only once. If an option does area of a DHCP message and may appear only once. If an option does
appear multiple times, each instance is considered separate and the appear multiple times, each instance is considered separate and the
data areas of the options MUST NOT be concatenated or otherwise data areas of the options MUST NOT be concatenated or otherwise
combined. combined.
skipping to change at page 58, line 34 skipping to change at page 58, line 15
option-data The data for the option; the format of this data option-data The data for the option; the format of this data
depends on the definition of the option. depends on the definition of the option.
DHCPv6 options are scoped by using encapsulation. Some options apply DHCPv6 options are scoped by using encapsulation. Some options apply
generally to the client, some are specific to an IA, and some are generally to the client, some are specific to an IA, and some are
specific to the addresses within an IA. These latter two cases are specific to the addresses within an IA. These latter two cases are
discussed in sections 22.4 and 22.6. discussed in sections 22.4 and 22.6.
22.2. Client Identifier option 22.2. Client Identifier option
The Client Identifier option is used to carry a DUID identifying a The Client Identifier option is used to carry a DUID identifying
client between a client and a server. The Client Identifier option a client between a client and a server. The format of the Client
MUST appear before any IA options in the DHCP message. The format of Identifier option is:
the Client Identifier option is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENTID | option-len | | OPTION_CLIENTID | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. DUID . . DUID .
. (variable length) . . (variable length) .
. . . .
skipping to change at page 59, line 38 skipping to change at page 59, line 4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_SERVERID | option-len | | OPTION_SERVERID | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. DUID . . DUID .
. (variable length) . . (variable length) .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_SERVERID (2) option-code OPTION_SERVERID (2)
option-len Length of DUID in octets option-len Length of DUID in octets
DUID The DUID for the server DUID The DUID for the server
A server MUST process any message it receives that contains a Server
Identifier option with a DUID that matches the server's DUID.
22.4. Identity Association option 22.4. Identity Association option
The Identity Association option (IA option) is used to carry an The Identity Association option (IA option) is used to carry an
identity association, the parameters associated with the IA and the identity association, the parameters associated with the IA and the
addresses associated with the IA. addresses associated with the IA.
Addresses appearing in an IA option are not temporary addresses (see Addresses appearing in an IA option are not temporary addresses (see
section 22.5). section 22.5).
The format of the IA option is: The format of the IA option is:
skipping to change at page 61, line 11 skipping to change at page 60, line 25
The IA-options field encapsulates those options that are specific The IA-options field encapsulates those options that are specific
to this IA. For example, all of the IA Address Options carrying the to this IA. For example, all of the IA Address Options carrying the
addresses associated with this IA are in the IA-options field. addresses associated with this IA are in the IA-options field.
An IA option may only appear in the options area of a DHCP message. An IA option may only appear in the options area of a DHCP message.
A DHCP message may contain multiple IA options. A DHCP message may contain multiple IA options.
The status of any operations involving this IA is indicated in a The status of any operations involving this IA is indicated in a
Status Code option in the IA-options field. Status Code option in the IA-options field.
Note that an IA has no explicit "lifetime" or "lease length" of Note that an IA has no explicit "lifetime" or "lease length" of its
its own. When the lifetimes of all of the addresses in an IA have own. When the valid lifetimes of all of the addresses in an IA
expired, the IA can be considered as having expired. T1 and T2 have expired, the IA can be considered as having expired. T1 and
are included to give servers explicit control over when a client T2 are included to give servers explicit control over when a client
recontacts the server about a specific IA. recontacts the server about a specific IA.
In a message sent by a client to a server, values in the T1 and In a message sent by a client to a server, values in the T1 and
T2 fields indicate the client's preference for those parameters. T2 fields indicate the client's preference for those parameters.
The client may send 0 if it has no preference for T1 and T2. In a The client may send 0 if it has no preference for T1 and T2. In a
message sent by a server to a client, the client MUST use the values message sent by a server to a client, the client MUST use the values
in the T1 and T2 fields for the T1 and T2 parameters. The values in in the T1 and T2 fields for the T1 and T2 parameters. The values in
the T1 and T2 fields are the number of seconds until T1 and T2. the T1 and T2 fields are the number of seconds until T1 and T2.
The server selects the T1 and T2 times to allow the client to extend The server selects the T1 and T2 times to allow the client to extend
skipping to change at page 62, line 36 skipping to change at page 61, line 53
Each IA_TA carries one "set" of temporary addresses; that is, at most Each IA_TA carries one "set" of temporary addresses; that is, at most
one address from each prefix assigned to the link to which the client one address from each prefix assigned to the link to which the client
is attached. is attached.
An IA_TA option may only appear in the options area of a DHCP An IA_TA option may only appear in the options area of a DHCP
message. A DHCP message may contain multiple IA_TA options. message. A DHCP message may contain multiple IA_TA options.
The status of any operations involving this IA is indicated in a The status of any operations involving this IA is indicated in a
Status Code option in the IA-options field. Status Code option in the IA-options field.
Note that an IA has no explicit "lifetime" or "lease length" of Note that an IA has no explicit "lifetime" or "lease length" of its
its own. When the lifetimes of all of the addresses in an IA have own. When the valid lifetimes of all of the addresses in an IA have
expired, the IA can be considered as having expired. expired, the IA can be considered as having expired.
An IA_TA option does not include values for T1 and T2. A client
MAY request that the lifetimes on temporary addresses be extended
by including the addresses in a IA_TA option sent in a Renew or
Rebind message to a server. For example, a client would request
an extension on the lifetime of a temporary address to allow an
application to continue to use an established TCP connection.
The client obtains new temporary addresses by sending an IA_TA option
with a new IAID to a server. Requesting new temporary addresses from
the server is the equivalent of generating new temporary addresses
as described in RFC 3041. The server will generate new temporary
addresses and return them to the client. The client should request
new temporary addresses before the lifetimes on the previously
assigned addresses expire.
A server MUST return the same set of temporary address for the same A server MUST return the same set of temporary address for the same
IA_TA (as identified by the IAID) as long as those addresses are IA_TA (as identified by the IAID) as long as those addresses are
still valid. After the lifetimes of the addresses in an IA_TA have still valid. After the lifetimes of the addresses in an IA_TA have
expired, the IAID may be reused to identify a new IA_TA with new expired, the IAID may be reused to identify a new IA_TA with new
temporary addresses. temporary addresses.
An identity association for temporary addresses option MUST NOT This option MAY appear in a Confirm message if the lifetimes on the
appear in a Renew or Rebind message. This option MAY appear in a temporary addresses in the associated IA have not expired.
Confirm message if the lifetimes on the temporary addresses in the
associated IA have not expired.
22.6. IA Address option 22.6. IA Address option
The IA Address option is used to specify IPv6 addresses associated The IA Address option is used to specify IPv6 addresses associated
with an IA. The IA Address option must be encapsulated in the with an IA. The IA Address option must be encapsulated in the
Options field of an Identity Association option. The Options field Options field of an Identity Association option. The Options field
encapsulates those options that are specific to this address. encapsulates those options that are specific to this address.
The format of the IA Address option is: The format of the IA Address option is:
skipping to change at page 64, line 28 skipping to change at page 64, line 4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ORO | option-len | | OPTION_ORO | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| requested-option-code-1 | requested-option-code-2 | | requested-option-code-1 | requested-option-code-2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ORO (6) option-code OPTION_ORO (6)
option-len 2 * number of requested options option-len 2 * number of requested options
requested-option-code-n The option code for an option requested by requested-option-code-n The option code for an option requested by
the client. the client.
A client MAY include an Option Request option in a Solicit, Request, A client MAY include an Option Request option in a Solicit, Request,
Renew, Rebind, Confirm or Information-request message to inform the Renew, Rebind, Confirm or Information-request message to inform
server about options the client wants the server to send to the the server about options the client wants the server to send to
client. the client. A server MAY include an Option Request option in a
Reconfigure option to indicate which options the client should
request from the server.
22.8. Preference option 22.8. Preference option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_PREFERENCE | option-len | | OPTION_PREFERENCE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| pref-value | | pref-value |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
skipping to change at page 65, line 31 skipping to change at page 65, line 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_ELAPSED_TIME (8) option-code OPTION_ELAPSED_TIME (8)
option-len 2. option-len 2.
elapsed-time The amount of time since the client began its elapsed-time The amount of time since the client began its
current DHCP transaction. This time is expressed in current DHCP transaction. This time is expressed in
hundredths of a second (10^-2 seconds). hundredths of a second (10^-2 seconds).
A client SHOULD include an Elapsed Time option in messages to A client MUST include an Elapsed Time option in messages to indicate
indicate how long the client has been trying to complete a DHCP how long the client has been trying to complete a DHCP transaction.
transaction. Servers and Relay Agents use the data value in this Servers and Relay Agents use the data value in this option as input
option as input to policy controlling how a server responds to a to policy controlling how a server responds to a client message.
client message. For example, the elapsed time option allows a For example, the elapsed time option allows a secondary DHCP server
secondary DHCP server to respond to a request when a primary server to respond to a request when a primary server hasn't answered in a
hasn't answered in a reasonable time. reasonable time.
22.10. Client message option 22.10. Client message option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_CLIENT_MSG | option-len | | OPTION_CLIENT_MSG | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. DHCP-client-message . . DHCP-client-message .
skipping to change at page 67, line 8 skipping to change at page 66, line 18
DHCP-server-message The message received from the server; DHCP-server-message The message received from the server;
forwarded verbatim to the client. forwarded verbatim to the client.
A server sends a DHCP message to be forwarded to a client by a relay A server sends a DHCP message to be forwarded to a client by a relay
agent as the contents of a Server Message option in a Relay-reply agent as the contents of a Server Message option in a Relay-reply
message. message.
22.12. Authentication option 22.12. Authentication option
The Authentication option carries authentication information to The Authentication option carries authentication information to
authenticate the identity and contents of DHCP messages. The authenticate the identity and contents of DHCP messages. The use of
use of the Authentication option is described in section 21. If the Authentication option is described in section 21.
the Authentication option appears in a DHCP message, it should be
included as close to the beginning of the options field as possible
for improved efficiency of authentication processing.
The format of the Authentication option is: The format of the Authentication option is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_AUTH | option-len | | OPTION_AUTH | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Protocol | Algorithm | RDM | Replay detect.| | Protocol | Algorithm | RDM | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| Replay Detection (64 bits) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Replay cont. | Auth. Info |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authentication Information |
| | | |
| Replay Detection (64 bits) +-+-+-+-+-+-+-+-+
| | Auth. Info |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. .
. Authentication Information .
. (variable length) .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_AUTH (11) option-code OPTION_AUTH (11)
option-len 12 + length of Authentication option-len 15 + length of Authentication
Information field Information field
protocol The authentication protocol used in protocol The authentication protocol used in
this authentication option this authentication option
algorithm The algorithm used in the algorithm The algorithm used in the
authentication protocol authentication protocol
RDM The replay detection method used in RDM The replay detection method used in
this authentication option this authentication option
skipping to change at page 69, line 4 skipping to change at page 68, line 18
| OPTION_STATUS_CODE | option-len | | OPTION_STATUS_CODE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| status-code | | | status-code | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. . . .
. status-message . . status-message .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_STATUS_CODE (13) option-code OPTION_STATUS_CODE (13)
option-len 2 + length of status-message option-len 2 + length of status-message
status-code The numeric code for the status encoded in status-code The numeric code for the status encoded in
this option. The status codes are defined in this option. The status codes are defined in
section 5.5. section 24.4.
status-message A UTF-8 encoded text string, which MUST NOT status-message A UTF-8 encoded text string, which MUST NOT
be null-terminated. be null-terminated.
A Status Code option may appear in a DHCP message option, or in the A Status Code option may appear in a DHCP message option, or in the
options area of another option. options area of another option. If the Status Code option does not
appear in a message in which the option could appear, the status of
the message is assumed to be Success.
22.15. Rapid Commit option 22.15. Rapid Commit option
A client MAY include this option in a Solicit message if the client A client MAY include this option in a Solicit message if the client
is prepared to perform the Solicit-Reply message exchange described is prepared to perform the Solicit-Reply message exchange described
in section 17.1.1. in section 17.1.1.
A server MUST include this option in a Reply message sent in response A server MUST include this option in a Reply message sent in response
to a Solicit message when completing the Solicit-Reply message to a Solicit message when completing the Solicit-Reply message
exchange. exchange.
skipping to change at page 69, line 36 skipping to change at page 68, line 53
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_RAPID_COMMIT | 0 | | OPTION_RAPID_COMMIT | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_RAPID_COMMIT (14) option-code OPTION_RAPID_COMMIT (14)
option-len 0 option-len 0
DISCUSSION:
Each server that responds with a Reply to a Solicit that
includes a Rapid Commit option will commit the assigned
addresses in the Reply message to the client, and will not
receive any confirmation that the client has received the
Reply message. Therefore, if more than one server responds
to a Solicit that includes a Rapid Commit option, some
servers will commit addresses that are not actually used by
the client.
The problem of unused addresses can be minimized, for
example, by designing the DHCP service so that only one
server responds to the Solicit or by using relatively short
lifetimes for assigned addresses.
22.16. User Class Option 22.16. User Class Option
This option is used by a client to identify the type or category of This option is used by a client to identify the type or category of
user or applications it represents. The information contained in the user or applications it represents. The information contained in the
data area of this option is contained in one or more opaque fields data area of this option is contained in one or more opaque fields
that represent the user class or classes of which the client is a that represent the user class or classes of which the client is a
member. The user class information carried in this option MUST be member. A server selects configuration information for the client
configurable on the client. based on the classes identified in this option. For example, the
User Class option can be used to configure all clients of people
in the accounting department with a different printer than clients
of people in the marketing department. The user class information
carried in this option MUST be configurable on the client.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_USER_CLASS | option-len | | OPTION_USER_CLASS | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. user-class-data . . user-class-data .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_USER_CLASS (15) option-code OPTION_USER_CLASS (15)
option-len Length of user class data field option-len Length of user class data field
user-class-data The user classes carried by the client. user-class-data The user classes carried by the client.
The data area of the user class option MUST contain one or more The data area of the user class option MUST contain one or more
instances of user class data. Each instance of the user class data instances of user class data. Each instance of the user class data
is formatted as follows: is formatted as follows:
skipping to change at page 70, line 17 skipping to change at page 70, line 4
user-class-data The user classes carried by the client. user-class-data The user classes carried by the client.
The data area of the user class option MUST contain one or more The data area of the user class option MUST contain one or more
instances of user class data. Each instance of the user class data instances of user class data. Each instance of the user class data
is formatted as follows: is formatted as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
| user-class-len | opaque-data | | user-class-len | opaque-data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
The user-class-len is two octets long and specifies the length of the The user-class-len is two octets long and specifies the length of the
opaque user class data in network order. opaque user class data in network byte order.
Servers can interpret the meanings of multiple class specifications A server interprets the classes identified in this option according
in an implementation dependent or configuration dependent manner, and to its configuration to select the appropriate configuration
so the use of multiple classes by a DHCP client should be based on information for the client. A server may use only those user
the specific server implementation and configuration which will be classes that it is configured to interpret in selecting configuration
used to process that User class option. information for a client and ignore any other user classes. In
response to a message containing a User Class option, a server
includes a User Class option containing those classes that were
successfully interpreted by the server, so that the client can be
informed of the classes interpreted by the server.
22.17. Vendor Class Option 22.17. Vendor Class Option
This option is used by a client to identify the vendor that This option is used by a client to identify the vendor that
manufactured the hardware on which the client is running. The manufactured the hardware on which the client is running. The
information contained in the data area of this option is contained information contained in the data area of this option is contained
in one or more opaque fields that identify details of the hardware in one or more opaque fields that identify details of the hardware
configuration. configuration.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 71, line 8 skipping to change at page 70, line 46
option-code OPTION_VENDOR_CLASS (16) option-code OPTION_VENDOR_CLASS (16)
option-len 4 + length of vendor class data field option-len 4 + length of vendor class data field
enterprise-number The vendor's registered Enterprise Number as enterprise-number The vendor's registered Enterprise Number as
registered with IANA. registered with IANA.
vendor-class-data The hardware configuration of the host on vendor-class-data The hardware configuration of the host on
which the client is running. which the client is running.
The vendor-class-data is composed of a series of separate items,
each of which describes some characteristic of the client's hardware
configuration. Examples of vendor-class-data instances might include
the version of the operating system the client is running or the
amount of memory installed on the client.
Each instance of the vendor-class-data is formatted as follows: Each instance of the vendor-class-data is formatted as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
| vendor-class-len | opaque-data | | vendor-class-len | opaque-data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
The vendor-class-len is two octets long and specifies the length of The vendor-class-len is two octets long and specifies the length of
the opaque vendor class data in network order. the opaque vendor class data in network byte order.
A DHCP message MUST NOT contain more than one Vendor Class option.
22.18. Vendor-specific Information option 22.18. Vendor-specific Information option
This option is used by clients and servers to exchange This option is used by clients and servers to exchange
vendor-specific information. The definition of this information is vendor-specific information. The definition of this information is
vendor specific. The vendor is indicated in the enterprise-number vendor specific. The vendor is indicated in the enterprise-number
field. Clients that do not receive desired vendor-specific field. Clients that do not receive desired vendor-specific
information SHOULD make an attempt to operate without it, although information SHOULD make an attempt to operate without it, although
they may do so (and announce they are doing so) in a degraded mode. they may do so (and announce they are doing so) in a degraded mode.
skipping to change at page 71, line 53 skipping to change at page 71, line 48
enterprise-number The vendor's registered Enterprise Number as enterprise-number The vendor's registered Enterprise Number as
registered with IANA. registered with IANA.
option-data An opaque object of option-len octets, option-data An opaque object of option-len octets,
interpreted by vendor-specific code on the interpreted by vendor-specific code on the
clients and servers clients and servers
The encapsulated vendor-specific options field MUST be encoded as a The encapsulated vendor-specific options field MUST be encoded as a
sequence of code/length/value fields of identical format to the DHCP sequence of code/length/value fields of identical format to the DHCP
options field. The option codes are defined by the vendor identified options field. The option codes are defined by the vendor identified
in the enterprise-number field and are not managed by IANA. Each of in the enterprise-number field and are not managed by IANA.
the encapsulated options is formatted as follows.
Each of the encapsulated options is formatted as follows.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| opt-code | option-len | | opt-code | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. option-data . . option-data .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 72, line 50 skipping to change at page 73, line 4
| OPTION_INTERFACE_ID | option-len | | OPTION_INTERFACE_ID | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. interface-id . . interface-id .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_INTERFACE_ID (18) option-code OPTION_INTERFACE_ID (18)
option-len Length of interface-id field option-len Length of interface-id field
interface-id An opaque value of arbitrary length generated interface-id An opaque value of arbitrary length generated
by the relay agent to identify one of the by the relay agent to identify one of the
relay agent's interfaces relay agent's interfaces
The server MUST copy the Interface-Id option from the Relay-Forward The server MUST copy the Interface-Id option from the Relay-Forward
message into the Relay-Reply message the server sends to the relay message into the Relay-Reply message the server sends to the relay
agent in response to the Relay-Forward message. This option MUST NOT agent in response to the Relay-Forward message. This option MUST NOT
appear in any message except a Relay-Forward or Relay-Reply message. appear in any message except a Relay-Forward or Relay-Reply message.
Servers MAY use the Interface-ID for parameter assignment policies. Servers MAY use the Interface-ID for parameter assignment policies.
The Interface-ID SHOULD be considered an opaque value, with policies The Interface-ID SHOULD be considered an opaque value, with policies
based on exact string match only; that is, the Interface-ID SHOULD based on exact string match only; that is, the Interface-ID SHOULD
NOT be internally parsed by the server. NOT be internally parsed by the server. The Interface-ID value for
an interface SHOULD be stable and remain unchanged, for example,
after the relay agent is restarted; if the Interface-ID changes, a
server will not be able to use it reliably in parameter assignment
policies.
22.20. Reconfigure Message option 22.20. Reconfigure Message option
A server includes a Reconfigure Message option in a Reconfigure A server includes a Reconfigure Message option in a Reconfigure
message to indicate to the client whether the client responds with a message to indicate to the client whether the client responds with a
Renew message or an Information-request message. Renew message or an Information-request message.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 73, line 35 skipping to change at page 73, line 43
| msg-type | | msg-type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_RECONF_MSG (19) option-code OPTION_RECONF_MSG (19)
option-len 1 option-len 1
msg-type 1 for Renew message, 2 for msg-type 1 for Renew message, 2 for
Information-request message Information-request message
22.21. Reconfigure Nonce option
If a server uses a reconfigure nonce to provide security for
Reconfigure messages, the server maintains a nonce value for each
client. It initially informs the client of the nonce value and then
includes the nonce value in any Reconfigure message sent to the
client.
The following figure gives the format of the Reconfigure Nonce
option:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_RECONF_NONCE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| reconfigure-nonce |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_RECONF_NONCE (20)
option-len 8
reconfigure-nonce reconfigure nonce value sent to the client
The Reconfigure Nonce option MUST NOT appear in any DHCP message
other than Reply or Reconfigure.
23. Security Considerations 23. Security Considerations
Section 21 describes a threat model and an option that provides an Section 21 describes a threat model and an option that provides an
authentication framework to defend against that threat model. authentication framework to defend against that threat model.
24. Year 2000 considerations 24. IANA Considerations
Since all times are relative to the current time of the transaction, This document defines several new name spaces associated with DHCPv6
there is no problem within the DHCPv6 protocol related to any and DHCPv6 options:
hardcoded dates or two-digit representation of the current year.
25. IANA Considerations - Multicast addresses
This document defines several new name spaces associated with DHCPv6 - Message types
and DHCPv6 options. IANA is requested to manage the allocation of
values from these name spaces, which are described in the remainder
of this section. These name spaces are all to be managed separately
from the name spaces defined for DHCPv4 [5, 1].
New values in each of these name spaces should be approved by the - Option codes
process of IETF consensus [13].
25.1. Multicast addresses - Status codes
Section 5.1 defines the following multicast addresses, which have - DUID
been assigned by IANA for use by DHCPv6:
All_DHCP_Relay_Agents_and_Servers address: FF02::1:2 - Authentication
All_DHCP_Servers address: FF05::1:3 * Protocol
IANA is requested to manage definition of additional multicast * Algorithm
addresses in the future.
25.2. Anycast addresses * RDM
Section 5.2 defines the following anycast address, which is requested IANA is requested to manage a registry of values for each of these
for assignment to DHCP by IANA: name spaces, which are described in the remainder of this section.
DHCP_Anycast: FEC0:0:0:0:FFFF::4 These name spaces are all to be managed separately from the name
spaces defined for DHCPv4 [4, 1].
IANA is requested to manage definition of additional anycast New values in each of these name spaces except for DHCP option codes
addresses in the future. should be approved by the process of IETF consensus [12]. New DHCP
option codes should be approved through expert review by a designated
expert [12].
25.3. DHCPv6 message types 24.1. Multicast addresses
IANA is requested to record the following message types (defined in Section 5.1 defines the following multicast addresses, which have
section 5.4). IANA is requested to manage definition of additional been assigned by IANA for use by DHCPv6:
message types in the future.
All_DHCP_Relay_Agents_and_Servers address: FF02::1:2
All_DHCP_Servers address: FF05::1:3
24.2. DHCP message types
IANA is requested to record the following message types (defined
in section 5.3). IANA is requested to maintain a registry of DHCP
message types.
SOLICIT 1 SOLICIT 1
ADVERTISE 2 ADVERTISE 2
REQUEST 3 REQUEST 3
CONFIRM 4 CONFIRM 4
RENEW 5 RENEW 5
skipping to change at page 75, line 14 skipping to change at page 76, line 5
DECLINE 9 DECLINE 9
RECONFIGURE 10 RECONFIGURE 10
INFORMATION-REQUEST 11 INFORMATION-REQUEST 11
RELAY-FORW 12 RELAY-FORW 12
RELAY-REPL 13 RELAY-REPL 13
25.4. DUID 24.3. DHCP options
IANA is requested to record the following DUID types (as defined in
section 9.1). IANA is requested to manage definition of additional
DUID types in the future.
Link-layer address plus time 1
VUID-DN 2
VUID-EN 3
Link-layer address 4
25.5. DHCPv6 options
IANA is requested to record the following option-codes (as defined IANA is requested to record the following option-codes (as defined in
in section 22). IANA is requested to manage the definition of section 22). IANA is requested to maintain a registry of DHCP option
additional DHCPv6 option-codes in the future. codes.
OPTION_CLIENTID 1 OPTION_CLIENTID 1
OPTION_SERVERID 2 OPTION_SERVERID 2
OPTION_IA 3 OPTION_IA 3
OPTION_IA_TMP 4 OPTION_IA_TMP 4
OPTION_IADDR 5 OPTION_IADDR 5
skipping to change at page 76, line 20 skipping to change at page 76, line 49
OPTION_USER_CLASS 15 OPTION_USER_CLASS 15
OPTION_VENDOR_CLASS 16 OPTION_VENDOR_CLASS 16
OPTION_VENDOR_OPTS 17 OPTION_VENDOR_OPTS 17
OPTION_INTERFACE_ID 18 OPTION_INTERFACE_ID 18
OPTION_RECONF_MSG 19 OPTION_RECONF_MSG 19
25.6. Status codes OPTION_RECONF_NONCE 20
24.4. Status codes
IANA is requested to record the status codes defined in the following IANA is requested to record the status codes defined in the following
table. IANA is requested to manage the definition of additional table. IANA is requested to manage the definition of additional
status codes in the future. status codes in the future.
Name Code Description Name Code Description
---------- ---- ----------- ---------- ---- -----------
Success 0 Success Success 0 Success
UnspecFail 1 Failure, reason unspecified; this UnspecFail 1 Failure, reason unspecified; this
status code is sent by either a client status code is sent by either a client
skipping to change at page 76, line 43 skipping to change at page 77, line 22
document document
AuthFailed 2 Authentication failed or nonexistent AuthFailed 2 Authentication failed or nonexistent
AddrUnavail 3 Addresses unavailable AddrUnavail 3 Addresses unavailable
NoBinding 4 Client record (binding) unavailable NoBinding 4 Client record (binding) unavailable
ConfNoMatch 5 Client record Confirm doesn't match IA ConfNoMatch 5 Client record Confirm doesn't match IA
NotOnLink 6 One or more prefixes of the addresses NotOnLink 6 One or more prefixes of the addresses
in the IA is not valid for the link in the IA is not valid for the link
from which the client message was received from which the client message was received
UseMulticast 7 Sent by a server to a client to force the UseMulticast 7 Sent by a server to a client to force the
client to send messages to the server client to send messages to the server
using the All\_DHCP\_Relay\_Agents\_and\_Servers using the All_DHCP_Relay_Agents_and_Servers
address address
25.7. Authentication option 24.5. DUID
Section 21 defines three new name spaces associated with the IANA is requested to record the following DUID types (as defined in
Authentication Option (section 22.12), which are to be created and section 9.1). IANA is requested to manage definition of additional
maintained by IANA: Protocol, Algorithm and RDM. DUID types in the future.
Initial values assigned from the Protocol name space are 0 (reserved) Link-layer address plus time 1
and 1 (for the delayed authentication Protocol in section 21.5).
Additional protocols may be defined in the future.
The Algorithm name space is specific to individual Protocols. That VUID-EN 2
is, each Protocol has its own Algorithm name space. The guidelines
for assigning Algorithm name space values for a particular protocol
should be specified along with the definition of a new Protocol.
For the delayed authentication Protocol, the Algorithm value 1 Link-layer address 3
is assigned to the HMAC-MD5 generating function as defined in
section 21.5. Additional algorithms for the delayed authentication
protocol may be defined in the future.
The initial value of 0 from the RDM name space is assigned to the 24.6. Authentication option
use of a monotonically increasing value as defined in section 21.4.
Additional replay detection methods may be defined in the future.
26. Acknowledgments Section 21 references three name spaces associated with the
Authentication Option (section 22.12), which are defined in the
authentication mechanism for DHCPv4 [5].
Thanks to the DHC Working Group for their time and input into the The authentication name spaces currently registered by IANA will
specification. In particular, thanks also for the consistent input, apply to both DHCPv6 and DHCPv4. In the future, specifications that
ideas, and review by (in alphabetical order) Thirumalesh Bhat, define new Protocol, Algorithm and RDM mechanisms will explicitly
Vijayabhaskar, Brian Carpenter, Matt Crawford, Francis Dupont, Tony define whether the new mechanisms are used with DHCPv4, DHCPv6 or
Lindstrom, Josh Littlefield, Gerald Maguire, Jack McCann, Thomas both.
Narten, Erik Nordmark, Yakov Rekhter, Mark Stapp, Matt Thomas, Sue
Thomson, and Phil Wells. 25. Acknowledgments
Thanks to the DHC Working Group and the members of the IETF for
their time and input into the specification. In particular, thanks
also for the consistent input, ideas, and review by (in alphabetical
order) Bill Arbaugh, Thirumalesh Bhat, Steve Bellovin, Vijayabhaskar,
Brian Carpenter, Matt Crawford, Francis Dupont, Tony Lindstrom,
Josh Littlefield, Gerald Maguire, Jack McCann, Thomas Narten, Erik
Nordmark, Yakov Rekhter, Mark Stapp, Matt Thomas, Sue Thomson, and
Phil Wells.
Thanks to Steve Deering and Bob Hinden, who have consistently Thanks to Steve Deering and Bob Hinden, who have consistently
taken the time to discuss the more complex parts of the IPv6 taken the time to discuss the more complex parts of the IPv6
specifications. specifications.
Bill Arbaugh reviewed the authentication mechanism described in
section 21.
And, thanks to Steve Deering for pointing out at IETF 51 in London And, thanks to Steve Deering for pointing out at IETF 51 in London
that the DHCPv6 specification has the highest revision number of any that the DHCPv6 specification has the highest revision number of any
Internet Draft. Internet Draft.
26. Changes in draft-ietf-dhc-dhcpv6-25.txt
- Eliminated definition of VUID-DN.
- Changed the second sentence in section 17.1.2 to:
In the case of a Solicit message transmitted when DHCP is
initiated by IPv6 Neighbor Discovery, the delay gives the amount
of time to wait after IPv6 Neighbor Discovery causes the client
to invoke the stateful address autoconfiguration protocol (see
section 5.5.3 of RFC2462).
- Changed Rapid Commit to allow client to use Advertise messages
received while waiting for Reply, rather than restarting with
Solicit; if client receives Advertise with preference 255, client
immediately sends Request to that server.
- Removed the use of All_DHCP_Servers multicast address as
destination address in section 18.1.5.
- Added text improving summary description of Confirm, Renew,
Rebind.
- Removed restriction on extension of lifetimes for temporary
addresses; added text pointing to RFC 3041 for guidance on
extending lifetimes for temporary addresses and when to request
additional temporary addresses.
- Clarified text in section 20 to emphasize that the relay agent
puts an address in the link-address field regardless of whether
it includes an Interface-ID option; added text explaining why the
interface-identifier for an interface should remain stable.
- Changed use of T1/T2 and lifetimes in Confirm message from
client: client uses those fields for preferred values or sets
to 0; server checks only addresses for correctness and returns
values chosen by server for T1/T2 and lifetimes. Clarified
that server checks addresses and returns current configuration
information for the client.
- Description of User Class option extended with an example
and clarified to indicate that use of User Class options is
determined by configuration/policies on server.
- Clarified description of the use of Vendor-specific information
to indicate that client need not receive all requested
vendor-specific information before proceeding with normal
operation.
- Clarified use of Status Code option in Release message.
- Edited section 14 to make clear that a client transmits until it
receives a response only if both MRC and MRD are zero.
- Removed suggestions about ordering options (for example, for
improved performance).
- Edited section 16 to clarify interface selection.
- Removed use of anycast; use of anycast over individual link
technologies will be specified in separate documents.
- Removed replay detection information field from Solicit message
to avoid potential DOS attack.
- Clarified capabilities and constraints on relay agent forwarding.
- Edited definition of vendor class data to clarify that instances
of vendor-class-data are individual characteristics of the
client.
- Added text in section 21.5.4 to specify that client key is
identified by client DUID.
- Removed "Year 2000 Considerations" section; hope we don't need a
"Year 3000 Consideration" section.
- Authentication mechanism now shares Protocol, Algorithm and RDM
name spaces with DHCPv4.
- Added text to specify return of NoBinding if server cannot
find binding for IA in Decline; added text allowing client to
disregard NoBinding in Reply to Decline.
- Clarify that Solicit, Confirm and Rebind are invalid if Server
Identifier option is included.
- Edited text about Option Request option to clarify that the
option is a hint from the client to the server about options the
client has a preference to receive; includes recommendation that
client send Option Request option if it has options it requires.
- Added nonce value for security of Reconfigure messages.
References References
[1] S. Alexander and R. Droms. DHCP Options and BOOTP Vendor [1] S. Alexander and R. Droms. DHCP Options and BOOTP Vendor
Extensions, March 1997. RFC 2132. Extensions, March 1997. RFC 2132.
[2] S. Bradner. Key words for use in RFCs to Indicate Requirement [2] S. Bradner. Key words for use in RFCs to Indicate Requirement
Levels, March 1997. RFC 2119. Levels, March 1997. RFC 2119.
[3] S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6) [3] S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6)
Specification, December 1998. RFC 2460. Specification, December 1998. RFC 2460.
[4] R. Draves. Default Address Selection for IPv6, September 2001. [4] R. Droms. Dynamic Host Configuration Protocol, March 1997. RFC
work in progress.
[5] R. Droms. Dynamic Host Configuration Protocol, March 1997. RFC
2131. 2131.
[6] R. Droms, Editor, W. Arbaugh, and Editor. Authentication for [5] R. Droms, Editor, W. Arbaugh, and Editor. Authentication for
DHCP Messages, June 2001. RFC 3118. DHCP Messages, June 2001. RFC 3118.
[7] R. Hinden and S. Deering. IP Version 6 Addressing Architecture, [6] R. Hinden and S. Deering. IP Version 6 Addressing Architecture,
July 1998. RFC 2373. July 1998. RFC 2373.
[7] IANA. Private Enterprise Numbers.
http://www.iana.org/assignments/enterprise-numbers.
[8] S. Kent and R. Atkinson. Security Architecture for the Internet [8] S. Kent and R. Atkinson. Security Architecture for the Internet
Protocol, November 1998. RFC 2401. Protocol, November 1998. RFC 2401.
[9] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing [9] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing
for Message Authentication, February 1997. RFC 2104. for Message Authentication, February 1997. RFC 2104.
[10] David L. Mills. Network Time Protocol (Version 3) [10] David L. Mills. Network Time Protocol (Version 3)
Specification, Implementation, March 1992. RFC 1305. Specification, Implementation, March 1992. RFC 1305.
[11] P.V. Mockapetris. Domain names - concepts and facilities, [11] P.V. Mockapetris. Domain names - implementation and
November 1987. RFC 1034.
[12] P.V. Mockapetris. Domain names - implementation and
specification, November 1987. RFC 1035. specification, November 1987. RFC 1035.
[13] T. Narten and H. Alvestrand. Guidelines for Writing an IANA [12] T. Narten and H. Alvestrand. Guidelines for Writing an IANA
Considerations Section in RFCs, October 1998. RFC 2434. Considerations Section in RFCs, October 1998. RFC 2434.
[14] T. Narten and R. Draves. Privacy Extensions for Stateless [13] T. Narten and R. Draves. Privacy Extensions for Stateless
Address Autoconfiguration in IPv6, January 2001. RFC 3041. Address Autoconfiguration in IPv6, January 2001. RFC 3041.
[15] T. Narten, E. Nordmark, and W. Simpson. Neighbor Discovery for [14] T. Narten, E. Nordmark, and W. Simpson. Neighbor Discovery for
IP Version 6 (IPv6), December 1998. RFC 2461. IP Version 6 (IPv6), December 1998. RFC 2461.
[16] D.C. Plummer. Ethernet Address Resolution Protocol: Or [15] D.C. Plummer. Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet address converting network protocol addresses to 48.bit Ethernet address
for transmission on Ethernet hardware, November 1982. RFC 826. for transmission on Ethernet hardware, November 1982. RFC 826.
[17] J. Postel. User Datagram Protocol, August 1980. RFC 768. [16] J. Postel. User Datagram Protocol, August 1980. RFC 768.
[18] R. Rivest. The MD5 Message-Digest Algorithm, April 1992. RFC [17] R. Rivest. The MD5 Message-Digest Algorithm, April 1992. RFC
1321. 1321.
[19] S. Thomson and T. Narten. IPv6 Stateless Address [18] S. Thomson and T. Narten. IPv6 Stateless Address
Autoconfiguration, December 1998. RFC 2462. Autoconfiguration, December 1998. RFC 2462.
[20] P. Vixie, Ed., S. Thomson, Y. Rekhter, and J. Bound. Dynamic [19] P. Vixie, Ed., S. Thomson, Y. Rekhter, and J. Bound. Dynamic
Updates in the Domain Name System (DNS UPDATE), April 1997. RFC Updates in the Domain Name System (DNS UPDATE), April 1997. RFC
2136. 2136.
Chair's Address Chair's Address
The working group can be contacted via the current chair: The working group can be contacted via the current chair:
Ralph Droms Ralph Droms
Cisco Systems Cisco Systems
300 Apollo Drive 300 Apollo Drive
Chelmsford, MA 01824 Chelmsford, MA 01824
Phone: (978) 244-4733 Phone: (978) 244-4733
E-mail: rdroms@cisco.com E-mail: rdroms@cisco.com
Authors' Addresses Authors' Addresses
Questions about this memo can be directed to: Questions about this memo can be directed to:
Jim Bound Jim Bound
Compaq Computer Corporation Hewlett Packard Corporation
ZK3-3/W20 ZK3-3/W20
110 Spit Brook Road 110 Spit Brook Road
Nashua, NH 03062-2698 Nashua, NH 03062-2698
USA USA
Voice: +1 603 884 0062 Voice: +1 603 884 0062
E-mail: Jim.Bound@compaq.com E-mail: Jim.Bound@hp.com
Mike Carney Mike Carney
Sun Microsystems, Inc Sun Microsystems, Inc
Mail Stop: UMPK17-202 Mail Stop: UMPK17-202
901 San Antonio Road 901 San Antonio Road
Palo Alto, CA 94303-4900 Palo Alto, CA 94303-4900
USA USA
Voice: +1-650-786-4171 Voice: +1-650-786-4171
E-mail: mwc@eng.sun.com E-mail: mwc@eng.sun.com
skipping to change at page 82, line 5 skipping to change at page 84, line 5
Reconf. * * Reconf. * *
Inform. * * * * Inform. * * * *
R-forw. * * * * * R-forw. * * * * *
R-repl. * * * * * R-repl. * * * * *
B. Appearance of Options in the Options Field of DHCP Options B. Appearance of Options in the Options Field of DHCP Options
The following table indicates with a "*" where options can appear in The following table indicates with a "*" where options can appear in
the options field of other options: the options field of other options:
Option IA/ IAADDR Client Server Option IA/ IAADDR Relay Relay
Field IA_TA Msg. Msg. Field IA_TA Forw. Reply
Client ID * Client ID *
Server ID * Server ID *
IA/IA_TA * IA/IA_TA *
IAADDR * IAADDR *
ORO * ORO *
Pref * Pref *
Time * Time *
Authentic. * Authentic. *
Server Uni. * Server Uni. *
Status Code * * * * * Status Code * * * * *
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/