From 9a7cd23540a28980b8daced47fdd77e11186307c Mon Sep 17 00:00:00 2001 From: amanita Date: Mon, 18 Nov 2019 15:21:20 +0100 Subject: [PATCH] added some ipv6 specifications --- technikzeugs/theorie/ipv6/rfc3646.txt | 395 ++ technikzeugs/theorie/ipv6/rfc7084.txt | 1179 ++++ technikzeugs/theorie/ipv6/rfc8415.txt | 8627 +++++++++++++++++++++++++ 3 files changed, 10201 insertions(+) create mode 100644 technikzeugs/theorie/ipv6/rfc3646.txt create mode 100644 technikzeugs/theorie/ipv6/rfc7084.txt create mode 100644 technikzeugs/theorie/ipv6/rfc8415.txt diff --git a/technikzeugs/theorie/ipv6/rfc3646.txt b/technikzeugs/theorie/ipv6/rfc3646.txt new file mode 100644 index 0000000..42dbd67 --- /dev/null +++ b/technikzeugs/theorie/ipv6/rfc3646.txt @@ -0,0 +1,395 @@ + + + + + + +Network Working Group R. Droms, Ed. +Request for Comments: 3646 Cisco Systems +Category: Standards Track December 2003 + + + DNS Configuration options for Dynamic Host + Configuration Protocol for IPv6 (DHCPv6) + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2003). All Rights Reserved. + +Abstract + + This document describes Dynamic Host Configuration Protocol for IPv6 + (DHCPv6) options for passing a list of available DNS recursive name + servers and a domain search list to a client. + +1. Introduction + + This document describes two options for passing configuration + information related to Domain Name Service (DNS) (RFC 1034 [6] and + RFC 1035 [1]) in DHCPv6 (RFC 3315 [2]). + +2. Terminology + + The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, + SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be + interpreted as described in BCP 14, RFC 2119 [3]. + + Throughout this document, unless otherwise specified, the acronym + DHCP refers to DHCP for IPv6 (DHCPv6) as specified in RFC 3315. + + This document uses terminology specific to IPv6 and DHCP as defined + in section "Terminology" of RFC 3315. + + + + + + + + +Droms Standards Track [Page 1] + +RFC 3646 DNS Configuration Options for DHCPv6 December 2003 + + +3. DNS Recursive Name Server option + + The DNS Recursive Name Server option provides a list of one or more + IPv6 addresses of DNS recursive name servers to which a client's DNS + resolver MAY send DNS queries [1]. The DNS servers are listed in the + order of preference for use by the client resolver. + + The format of the DNS Recursive Name Server option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_DNS_SERVERS | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | DNS-recursive-name-server (IPv6 address) | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | DNS-recursive-name-server (IPv6 address) | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + option-code: OPTION_DNS_SERVERS (23) + + option-len: Length of the list of DNS recursive name + servers in octets; must be a multiple of + 16 + + DNS-recursive-name-server: IPv6 address of DNS recursive name server + +4. Domain Search List option + + The Domain Search List option specifies the domain search list the + client is to use when resolving hostnames with DNS. This option does + not apply to other name resolution mechanisms. + + + + + + + + + + + +Droms Standards Track [Page 2] + +RFC 3646 DNS Configuration Options for DHCPv6 December 2003 + + + The format of the Domain Search List option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_DOMAIN_LIST | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | searchlist | + | ... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + option-code: OPTION_DOMAIN_LIST (24) + + option-len: Length of the 'searchlist' field in octets + + searchlist: The specification of the list of domain names in the + Domain Search List + + The list of domain names in the 'searchlist' MUST be encoded as + specified in section "Representation and use of domain names" of RFC + 3315. + +5. Appearance of these options + + The DNS Recursive Name Server option MUST NOT appear in any other + than the following messages: Solicit, Advertise, Request, Renew, + Rebind, Information-Request, and Reply. + + The Domain Search List option MUST NOT appear in any other than the + following messages: Solicit, Advertise, Request, Renew, Rebind, + Information-Request, and Reply. + +6. Security Considerations + + The DNS Recursive Name Server option may be used by an intruder DHCP + server to cause DHCP clients to send DNS queries to an intruder DNS + recursive name server. The results of these misdirected DNS queries + may be used to spoof DNS names. + + To avoid attacks through the DNS Recursive Name Server option, the + DHCP client SHOULD require DHCP authentication (see section + "Authentication of DHCP messages" in RFC 3315) before installing a + list of DNS recursive name servers obtained through authenticated + DHCP. + + The Domain Search List option may be used by an intruder DHCP server + to cause DHCP clients to search through invalid domains for + incompletely specified domain names. The results of these + + + +Droms Standards Track [Page 3] + +RFC 3646 DNS Configuration Options for DHCPv6 December 2003 + + + misdirected searches may be used to spoof DNS names. Note that + support for DNSSEC [4] will not avert this attack, because the + resource records in the invalid domains may be legitimately signed. + + The degree to which a host is vulnerable to attack via an invalid + domain search option is determined in part by DNS resolver behavior. + RFC1535 [7] contains a discussion of security weaknesses related to + implicit as well as explicit domain searchlists, and provides + recommendations relating to resolver searchlist processing. Section + 6 of RFC1536 [5] also addresses this vulnerability, and recommends + that resolvers: + + 1. Use searchlists only when explicitly specified; no implicit + searchlists should be used. + + 2. Resolve a name that contains any dots by first trying it as an + FQDN and if that fails, with the names in the searchlist appended. + + 3. Resolve a name containing no dots by appending with the searchlist + right away, but once again, no implicit searchlists should be + used. + + In order to minimize potential vulnerabilities it is recommended + that: + + 1. Hosts implementing the domain search option SHOULD also implement + the searchlist recommendations of RFC1536, section 6. + + 2. Where DNS parameters such as the domain searchlist or DNS servers + have been manually configured, these parameters SHOULD NOT be + overridden by DHCP. + + 3. A host SHOULD require the use of DHCP authentication (see section + "Authentication of DHCP messages" in RFC 3315) prior to accepting + a domain search option. + +7. IANA Considerations + + IANA has assigned an option code to the DNS Recursive Name Server + option (23) and to the Domain Search List option (24) from the DHCP + option code space defined in section "IANA Considerations" of RFC + 3315. + +8. Acknowledgements + + This option was originally part of the DHCPv6 specification, written + by Jim Bound, Mike Carney, Charlie Perkins, Ted Lemon, Bernie Volz + and Ralph Droms. + + + +Droms Standards Track [Page 4] + +RFC 3646 DNS Configuration Options for DHCPv6 December 2003 + + + The analysis of the potential attack through the domain search list + is taken from the specification of the DHCPv4 Domain Search option, + RFC3397 [8]. + + Thanks to Rob Austein, Alain Durand, Peter Koch, Tony Lindstrom and + Pekka Savola for their contributions to this document. + +9. References + +9.1. Normative References + + [1] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + [2] Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B. and R. + Droms (ed.), "Dynamic Host Configuration Protocol for IPv6 + (DHCPv6)", RFC 3315, May 2003. + + [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [4] Eastlake, D., "Domain Name System Security Extensions", RFC + 2535, March 1999. + + [5] Kumar, A., Postel, J., Neuman, C., Danzig, P. and S. Miller, + "Common DNS Implementation Errors and Suggested Fixes", RFC + 1536, October 1993. + +9.2. Informative References + + [6] Mockapetris, P., "Domain names - concepts and facilities", STD + 13, RFC 1034, November 1987. + + [7] Gavron, E., "A Security Problem and Proposed Correction With + Widely Deployed DNS Software", RFC 1535, October 1993. + + [8] Aboba, B. and S. Cheshire, "Dynamic Host Configuration Protocol + (DHCP) Domain Search Option", RFC 3397, November 2002. + + + + + + + + + + + + + +Droms Standards Track [Page 5] + +RFC 3646 DNS Configuration Options for DHCPv6 December 2003 + + +Intellectual Property Statement + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; neither does it represent that it + has made any effort to identify any such rights. Information on the + IETF's procedures with respect to rights in standards-track and + standards-related documentation can be found in BCP-11. Copies of + claims of rights made available for publication and any assurances of + licenses to be made available, or the result of an attempt made to + obtain a general license or permission for the use of such + proprietary rights by implementors or users of this specification can + be obtained from the IETF Secretariat. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + +Author's Address + + Ralph Droms, Editor + Cisco Systems + 1414 Massachusetts Ave. + Boxboro, MA 01719 + USA + + Phone: +1 978 936 1674 + EMail: rdroms@cisco.com + + + + + + + + + + + + + + + + + + + +Droms Standards Track [Page 6] + +RFC 3646 DNS Configuration Options for DHCPv6 December 2003 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2003). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assignees. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Droms Standards Track [Page 7] + diff --git a/technikzeugs/theorie/ipv6/rfc7084.txt b/technikzeugs/theorie/ipv6/rfc7084.txt new file mode 100644 index 0000000..ba07671 --- /dev/null +++ b/technikzeugs/theorie/ipv6/rfc7084.txt @@ -0,0 +1,1179 @@ + + + + + + +Internet Engineering Task Force (IETF) H. Singh +Request for Comments: 7084 W. Beebee +Obsoletes: 6204 Cisco Systems, Inc. +Category: Informational C. Donley +ISSN: 2070-1721 CableLabs + B. Stark + AT&T + November 2013 + + + Basic Requirements for IPv6 Customer Edge Routers + +Abstract + + This document specifies requirements for an IPv6 Customer Edge (CE) + router. Specifically, the current version of this document focuses + on the basic provisioning of an IPv6 CE router and the provisioning + of IPv6 hosts attached to it. The document also covers IP transition + technologies. Two transition technologies in RFC 5969's IPv6 Rapid + Deployment on IPv4 Infrastructures (6rd) and RFC 6333's Dual-Stack + Lite (DS-Lite) are covered in the document. The document obsoletes + RFC 6204. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Not all documents + approved by the IESG are a candidate for any level of Internet + Standard; see Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc7084. + + + + + + + + + + + + + +Singh, et al. Informational [Page 1] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + +Copyright Notice + + Copyright (c) 2013 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction ....................................................3 + 1.1. Requirements Language ......................................3 + 2. Terminology .....................................................4 + 3. Architecture ....................................................5 + 3.1. Current IPv4 End-User Network Architecture .................5 + 3.2. IPv6 End-User Network Architecture .........................5 + 3.2.1. Local Communication .................................7 + 4. Requirements ....................................................7 + 4.1. General Requirements .......................................7 + 4.2. WAN-Side Configuration .....................................8 + 4.3. LAN-Side Configuration ....................................12 + 4.4. Transition Technologies Support ...........................14 + 4.4.1. 6rd ................................................14 + 4.4.2. Dual-Stack Lite (DS-Lite) ..........................15 + 4.5. Security Considerations ...................................16 + 5. Acknowledgements ...............................................17 + 6. Contributors ...................................................17 + 7. References .....................................................18 + 7.1. Normative References ......................................18 + 7.2. Informative References ....................................20 + + + + + + + + + + + + + + +Singh, et al. Informational [Page 2] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + +1. Introduction + + This document defines basic IPv6 features for a residential or small- + office router, referred to as an "IPv6 CE router", in order to + establish an industry baseline for features to be implemented on such + a router. + + These routers typically also support IPv4. + + Mixed environments of dual-stack hosts and IPv6-only hosts (behind + the CE router) can be more complex if the IPv6-only devices are using + a translator to access IPv4 servers [RFC6144]. Support for such + mixed environments is not in scope of this document. + + This document specifies how an IPv6 CE router automatically + provisions its WAN interface, acquires address space for provisioning + of its LAN interfaces, and fetches other configuration information + from the service provider network. Automatic provisioning of more + complex topology than a single router with multiple LAN interfaces is + out of scope for this document. + + See [RFC4779] for a discussion of options available for deploying + IPv6 in service provider access networks. + + The document also covers the IP transition technologies that were + available at the time this document was written. Two transition + technologies in 6rd [RFC5969] and DS-Lite [RFC6333] are covered in + the document. + +1.1. Requirements Language + + Take careful note: Unlike other IETF documents, the key words "MUST", + "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", + "RECOMMENDED", "MAY", and "OPTIONAL" in this document are not used as + described in RFC 2119 [RFC2119]. This document uses these keywords + not strictly for the purpose of interoperability, but rather for the + purpose of establishing industry-common baseline functionality. As + such, the document points to several other specifications (preferable + in RFC or stable form) to provide additional guidance to implementers + regarding any protocol implementation required to produce a + successful CE router that interoperates successfully with a + particular subset of currently deploying and planned common IPv6 + access networks. + + + + + + + + +Singh, et al. Informational [Page 3] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + +2. Terminology + + End-User Network one or more links attached to the IPv6 CE + router that connect IPv6 hosts. + + IPv6 Customer Edge Router a node intended for home or small-office + use that forwards IPv6 packets not + explicitly addressed to itself. The IPv6 + CE router connects the end-user network to + a service provider network. + + IPv6 Host any device implementing an IPv6 stack + receiving IPv6 connectivity through the + IPv6 CE router. + + LAN Interface an IPv6 CE router's attachment to a link in + the end-user network. Examples are + Ethernet (simple or bridged), 802.11 + wireless, or other LAN technologies. An + IPv6 CE router may have one or more + network-layer LAN interfaces. + + Service Provider an entity that provides access to the + Internet. In this document, a service + provider specifically offers Internet + access using IPv6, and it may also offer + IPv4 Internet access. The service provider + can provide such access over a variety of + different transport methods such as DSL, + cable, wireless, and others. + + WAN Interface an IPv6 CE router's attachment to a link + used to provide connectivity to the service + provider network; example link technologies + include Ethernet (simple or bridged), PPP + links, Frame Relay, or ATM networks, as + well as Internet-layer (or higher-layer) + "tunnels", such as tunnels over IPv4 or + IPv6 itself. + + + + + + + + + + + + +Singh, et al. Informational [Page 4] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + +3. Architecture + +3.1. Current IPv4 End-User Network Architecture + + An end-user network will likely support both IPv4 and IPv6. It is + not expected that an end user will change their existing network + topology with the introduction of IPv6. There are some differences + in how IPv6 works and is provisioned; these differences have + implications for the network architecture. A typical IPv4 end-user + network consists of a "plug and play" router with NAT functionality + and a single link behind it, connected to the service provider + network. + + A typical IPv4 NAT deployment by default blocks all incoming + connections. Opening of ports is typically allowed using a Universal + Plug and Play Internet Gateway Device (UPnP IGD) [UPnP-IGD] or some + other firewall control protocol. + + Another consequence of using private address space in the end-user + network is that it provides stable addressing; that is, it never + changes even when you change service providers, and the addresses are + always there even when the WAN interface is down or the customer edge + router has not yet been provisioned. + + Many existing routers support dynamic routing (which learns routes + from other routers), and advanced end-users can build arbitrary, + complex networks using manual configuration of address prefixes + combined with a dynamic routing protocol. + +3.2. IPv6 End-User Network Architecture + + The end-user network architecture for IPv6 should provide equivalent + or better capabilities and functionality than the current IPv4 + architecture. + + + + + + + + + + + + + + + + + +Singh, et al. Informational [Page 5] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + The end-user network is a stub network. Figure 1 illustrates the + model topology for the end-user network. + + +-------+-------+ \ + | Service | \ + | Provider | | Service + | Router | | Provider + +-------+-------+ | Network + | / + | Customer / + | Internet Connection / + | + +------+--------+ \ + | IPv6 | \ + | Customer Edge | \ + | Router | / + +---+-------+-+-+ / + Network A | | Network B | End-User + ---+-------------+----+- --+--+-------------+--- | Network(s) + | | | | \ + +----+-----+ +-----+----+ +----+-----+ +-----+----+ \ + |IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | / + | | | | | | | | / + +----------+ +-----+----+ +----------+ +----------+ / + + Figure 1: An Example of a Typical End-User Network + + This architecture describes the: + + o Basic capabilities of an IPv6 CE router + + o Provisioning of the WAN interface connecting to the service + provider + + o Provisioning of the LAN interfaces + + For IPv6 multicast traffic, the IPv6 CE router may act as a Multicast + Listener Discovery (MLD) proxy [RFC4605] and may support a dynamic + multicast routing protocol. + + The IPv6 CE router may be manually configured in an arbitrary + topology with a dynamic routing protocol. Automatic provisioning and + configuration are described for a single IPv6 CE router only. + + + + + + + + +Singh, et al. Informational [Page 6] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + +3.2.1. Local Communication + + Link-local IPv6 addresses are used by hosts communicating on a single + link. Unique Local IPv6 Unicast Addresses (ULAs) [RFC4193] are used + by hosts communicating within the end-user network across multiple + links, but without requiring the application to use a globally + routable address. The IPv6 CE router defaults to acting as the + demarcation point between two networks by providing a ULA boundary, a + multicast zone boundary, and ingress and egress traffic filters. + + At the time of this writing, several host implementations do not + handle the case where they have an IPv6 address configured and no + IPv6 connectivity, either because the address itself has a limited + topological reachability (e.g., ULA) or because the IPv6 CE router is + not connected to the IPv6 network on its WAN interface. To support + host implementations that do not handle multihoming in a multi-prefix + environment [MULTIHOMING-WITHOUT-NAT], the IPv6 CE router should not, + as detailed in the requirements below, advertise itself as a default + router on the LAN interface(s) when it does not have IPv6 + connectivity on the WAN interface or when it is not provisioned with + IPv6 addresses. For local IPv6 communication, the mechanisms + specified in [RFC4191] are used. + + ULA addressing is useful where the IPv6 CE router has multiple LAN + interfaces with hosts that need to communicate with each other. If + the IPv6 CE router has only a single LAN interface (IPv6 link), then + link-local addressing can be used instead. + + Coexistence with IPv4 requires any IPv6 CE router(s) on the LAN to + conform to these recommendations, especially requirements ULA-5 and + L-4 below. + +4. Requirements + +4.1. General Requirements + + The IPv6 CE router is responsible for implementing IPv6 routing; that + is, the IPv6 CE router must look up the IPv6 destination address in + its routing table to decide to which interface it should send the + packet. + + In this role, the IPv6 CE router is responsible for ensuring that + traffic using its ULA addressing does not go out the WAN interface + and does not originate from the WAN interface. + + + + + + + +Singh, et al. Informational [Page 7] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + G-1: An IPv6 CE router is an IPv6 node according to the IPv6 Node + Requirements specification [RFC6434]. + + G-2: The IPv6 CE router MUST implement ICMPv6 according to + [RFC4443]. In particular, point-to-point links MUST be handled + as described in Section 3.1 of [RFC4443]. + + G-3: The IPv6 CE router MUST NOT forward any IPv6 traffic between + its LAN interface(s) and its WAN interface until the router has + successfully completed the IPv6 address and the delegated + prefix acquisition process. + + G-4: By default, an IPv6 CE router that has no default router(s) on + its WAN interface MUST NOT advertise itself as an IPv6 default + router on its LAN interfaces. That is, the "Router Lifetime" + field is set to zero in all Router Advertisement messages it + originates [RFC4861]. + + G-5: By default, if the IPv6 CE router is an advertising router and + loses its IPv6 default router(s) and/or detects loss of + connectivity on the WAN interface, it MUST explicitly + invalidate itself as an IPv6 default router on each of its + advertising interfaces by immediately transmitting one or more + Router Advertisement messages with the "Router Lifetime" field + set to zero [RFC4861]. + +4.2. WAN-Side Configuration + + The IPv6 CE router will need to support connectivity to one or more + access network architectures. This document describes an IPv6 CE + router that is not specific to any particular architecture or service + provider and that supports all commonly used architectures. + + IPv6 Neighbor Discovery and DHCPv6 protocols operate over any type of + IPv6-supported link layer, and there is no need for a link-layer- + specific configuration protocol for IPv6 network-layer configuration + options as in, e.g., PPP IP Control Protocol (IPCP) for IPv4. This + section makes the assumption that the same mechanism will work for + any link layer, be it Ethernet, the Data Over Cable Service Interface + Specification (DOCSIS), PPP, or others. + + + + + + + + + + + +Singh, et al. Informational [Page 8] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + WAN-side requirements: + + W-1: When the router is attached to the WAN interface link, it MUST + act as an IPv6 host for the purposes of stateless [RFC4862] or + stateful [RFC3315] interface address assignment. + + W-2: The IPv6 CE router MUST generate a link-local address and + finish Duplicate Address Detection according to [RFC4862] prior + to sending any Router Solicitations on the interface. The + source address used in the subsequent Router Solicitation MUST + be the link-local address on the WAN interface. + + W-3: Absent other routing information, the IPv6 CE router MUST use + Router Discovery as specified in [RFC4861] to discover a + default router(s) and install a default route(s) in its routing + table with the discovered router's address as the next hop. + + W-4: The router MUST act as a requesting router for the purposes of + DHCPv6 prefix delegation ([RFC3633]). + + W-5: The IPv6 CE router MUST use a persistent DHCP Unique Identifier + (DUID) for DHCPv6 messages. The DUID MUST NOT change between + network-interface resets or IPv6 CE router reboots. + + W-6: The WAN interface of the CE router SHOULD support a Port + Control Protocol (PCP) client as specified in [RFC6887] for use + by applications on the CE router. The PCP client SHOULD follow + the procedure specified in Section 8.1 of [RFC6887] to discover + its PCP server. This document takes no position on whether + such functionality is enabled by default or mechanisms by which + users would configure the functionality. Handling PCP requests + from PCP clients in the LAN side of the CE router is out of + scope. + + Link-layer requirements: + + WLL-1: If the WAN interface supports Ethernet encapsulation, then + the IPv6 CE router MUST support IPv6 over Ethernet [RFC2464]. + + WLL-2: If the WAN interface supports PPP encapsulation, the IPv6 CE + router MUST support IPv6 over PPP [RFC5072]. + + WLL-3: If the WAN interface supports PPP encapsulation, in a dual- + stack environment with IPCP and IPV6CP running over one PPP + logical channel, the Network Control Protocols (NCPs) MUST be + treated as independent of each other and start and terminate + independently. + + + + +Singh, et al. Informational [Page 9] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + Address assignment requirements: + + WAA-1: The IPv6 CE router MUST support Stateless Address + Autoconfiguration (SLAAC) [RFC4862]. + + WAA-2: The IPv6 CE router MUST follow the recommendations in + Section 4 of [RFC5942], and in particular the handling of + the L flag in the Router Advertisement Prefix Information + option. + + WAA-3: The IPv6 CE router MUST support DHCPv6 [RFC3315] client + behavior. + + WAA-4: The IPv6 CE router MUST be able to support the following + DHCPv6 options: Identity Association for Non-temporary + Address (IA_NA), Reconfigure Accept [RFC3315], and + DNS_SERVERS [RFC3646]. The IPv6 CE router SHOULD be able to + support the DNS Search List (DNSSL) option as specified in + [RFC3646]. + + WAA-5: The IPv6 CE router SHOULD implement the Network Time + Protocol (NTP) as specified in [RFC5905] to provide a time + reference common to the service provider for other + protocols, such as DHCPv6, to use. If the CE router + implements NTP, it requests the NTP Server DHCPv6 option + [RFC5908] and uses the received list of servers as primary + time reference, unless explicitly configured otherwise. LAN + side support of NTP is out of scope for this document. + + WAA-6: If the IPv6 CE router receives a Router Advertisement + message (described in [RFC4861]) with the M flag set to 1, + the IPv6 CE router MUST do DHCPv6 address assignment + (request an IA_NA option). + + WAA-7: If the IPv6 CE router does not acquire a global IPv6 + address(es) from either SLAAC or DHCPv6, then it MUST create + a global IPv6 address(es) from its delegated prefix(es) and + configure those on one of its internal virtual network + interfaces, unless configured to require a global IPv6 + address on the WAN interface. + + WAA-8: The CE router MUST support the SOL_MAX_RT option [RFC7083] + and request the SOL_MAX_RT option in an Option Request + Option (ORO). + + + + + + + +Singh, et al. Informational [Page 10] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + WAA-9: As a router, the IPv6 CE router MUST follow the weak host + (Weak End System) model [RFC1122]. When originating packets + from an interface, it will use a source address from another + one of its interfaces if the outgoing interface does not + have an address of suitable scope. + + WAA-10: The IPv6 CE router SHOULD implement the Information Refresh + Time option and associated client behavior as specified in + [RFC4242]. + + Prefix delegation requirements: + + WPD-1: The IPv6 CE router MUST support DHCPv6 prefix delegation + requesting router behavior as specified in [RFC3633] + (Identity Association for Prefix Delegation (IA_PD) option). + + WPD-2: The IPv6 CE router MAY indicate as a hint to the delegating + router the size of the prefix it requires. If so, it MUST + ask for a prefix large enough to assign one /64 for each of + its interfaces, rounded up to the nearest nibble, and SHOULD + be configurable to ask for more. + + WPD-3: The IPv6 CE router MUST be prepared to accept a delegated + prefix size different from what is given in the hint. If the + delegated prefix is too small to address all of its + interfaces, the IPv6 CE router SHOULD log a system management + error. [RFC6177] covers the recommendations for service + providers for prefix allocation sizes. + + WPD-4: By default, the IPv6 CE router MUST initiate DHCPv6 prefix + delegation when either the M or O flags are set to 1 in a + received Router Advertisement (RA) message. Behavior of the + CE router to use DHCPv6 prefix delegation when the CE router + has not received any RA or received an RA with the M and the + O bits set to zero is out of scope for this document. + + WPD-5: Any packet received by the CE router with a destination + address in the prefix(es) delegated to the CE router but not + in the set of prefixes assigned by the CE router to the LAN + must be dropped. In other words, the next hop for the + prefix(es) delegated to the CE router should be the null + destination. This is necessary to prevent forwarding loops + when some addresses covered by the aggregate are not + reachable [RFC4632]. + + + + + + + +Singh, et al. Informational [Page 11] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + (a) The IPv6 CE router SHOULD send an ICMPv6 Destination + Unreachable message in accordance with Section 3.1 of + [RFC4443] back to the source of the packet, if the packet is + to be dropped due to this rule. + + WPD-6: If the IPv6 CE router requests both an IA_NA and an IA_PD + option in DHCPv6, it MUST accept an IA_PD option in DHCPv6 + Advertise/Reply messages, even if the message does not + contain any addresses, unless configured to only obtain its + WAN IPv6 address via DHCPv6; see [DHCPv6-STATEFUL-ISSUES]. + + WPD-7: By default, an IPv6 CE router MUST NOT initiate any dynamic + routing protocol on its WAN interface. + + WPD-8: The IPv6 CE router SHOULD support the [RFC6603] Prefix + Exclude option. + +4.3. LAN-Side Configuration + + The IPv6 CE router distributes configuration information obtained + during WAN interface provisioning to IPv6 hosts and assists IPv6 + hosts in obtaining IPv6 addresses. It also supports connectivity of + these devices in the absence of any working WAN interface. + + An IPv6 CE router is expected to support an IPv6 end-user network and + IPv6 hosts that exhibit the following characteristics: + + 1. Link-local addresses may be insufficient for allowing IPv6 + applications to communicate with each other in the end-user + network. The IPv6 CE router will need to enable this + communication by providing globally scoped unicast addresses or + ULAs [RFC4193], whether or not WAN connectivity exists. + + 2. IPv6 hosts should be capable of using SLAAC and may be capable of + using DHCPv6 for acquiring their addresses. + + 3. IPv6 hosts may use DHCPv6 for other configuration information, + such as the DNS_SERVERS option for acquiring DNS information. + + Unless otherwise specified, the following requirements apply to the + IPv6 CE router's LAN interfaces only. + + ULA requirements: + + ULA-1: The IPv6 CE router SHOULD be capable of generating a ULA + prefix [RFC4193]. + + + + + +Singh, et al. Informational [Page 12] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + ULA-2: An IPv6 CE router with a ULA prefix MUST maintain this prefix + consistently across reboots. + + ULA-3: The value of the ULA prefix SHOULD be configurable. + + ULA-4: By default, the IPv6 CE router MUST act as a site border + router according to Section 4.3 of [RFC4193] and filter + packets with local IPv6 source or destination addresses + accordingly. + + ULA-5: An IPv6 CE router MUST NOT advertise itself as a default + router with a Router Lifetime greater than zero whenever all + of its configured and delegated prefixes are ULA prefixes. + + LAN requirements: + + L-1: The IPv6 CE router MUST support router behavior according to + Neighbor Discovery for IPv6 [RFC4861]. + + L-2: The IPv6 CE router MUST assign a separate /64 from its + delegated prefix(es) (and ULA prefix if configured to provide + ULA addressing) for each of its LAN interfaces. + + L-3: An IPv6 CE router MUST advertise itself as a router for the + delegated prefix(es) (and ULA prefix if configured to provide + ULA addressing) using the "Route Information Option" specified + in Section 2.3 of [RFC4191]. This advertisement is + independent of having or not having IPv6 connectivity on the + WAN interface. + + L-4: An IPv6 CE router MUST NOT advertise itself as a default + router with a Router Lifetime [RFC4861] greater than zero if + it has no prefixes configured or delegated to it. + + L-5: The IPv6 CE router MUST make each LAN interface an advertising + interface according to [RFC4861]. + + L-6: In Router Advertisement messages ([RFC4861]), the Prefix + Information option's A and L flags MUST be set to 1 by + default. + + L-7: The A and L flags' ([RFC4861]) settings SHOULD be user + configurable. + + L-8: The IPv6 CE router MUST support a DHCPv6 server capable of + IPv6 address assignment according to [RFC3315] OR a stateless + DHCPv6 server according to [RFC3736] on its LAN interfaces. + + + + +Singh, et al. Informational [Page 13] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + L-9: Unless the IPv6 CE router is configured to support the DHCPv6 + IA_NA option, it SHOULD set the M flag to zero and the O flag + to 1 in its Router Advertisement messages [RFC4861]. + + L-10: The IPv6 CE router MUST support providing DNS information in + the DHCPv6 DNS_SERVERS and DOMAIN_LIST options [RFC3646]. + + L-11: The IPv6 CE router MUST support providing DNS information in + the Router Advertisement Recursive DNS Server (RDNSS) and DNS + Search List options. Both options are specified in [RFC6106]. + + L-12: The IPv6 CE router SHOULD make available a subset of DHCPv6 + options (as listed in Section 5.3 of [RFC3736]) received from + the DHCPv6 client on its WAN interface to its LAN-side DHCPv6 + server. + + L-13: If the delegated prefix changes, i.e., the current prefix is + replaced with a new prefix without any overlapping time + period, then the IPv6 CE router MUST immediately advertise the + old prefix with a Preferred Lifetime of zero and a Valid + Lifetime of either a) zero or b) the lower of the current + Valid Lifetime and two hours (which must be decremented in + real time) in a Router Advertisement message as described in + Section 5.5.3, (e) of [RFC4862]. + + L-14: The IPv6 CE router MUST send an ICMPv6 Destination Unreachable + message, code 5 (Source address failed ingress/egress policy) + for packets forwarded to it that use an address from a prefix + that has been invalidated. + +4.4. Transition Technologies Support + +4.4.1. 6rd + + 6rd [RFC5969] specifies an automatic tunneling mechanism tailored to + advance deployment of IPv6 to end users via a service provider's IPv4 + network infrastructure. Key aspects include automatic IPv6 prefix + delegation to sites, stateless operation, simple provisioning, and + service that is equivalent to native IPv6 at the sites that are + served by the mechanism. It is expected that such traffic is + forwarded over the CE router's native IPv4 WAN interface and not + encapsulated in another tunnel. + + The CE router SHOULD support 6rd functionality. If 6rd is supported, + it MUST be implemented according to [RFC5969]. The following CE + Requirements also apply: + + + + + +Singh, et al. Informational [Page 14] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + 6rd requirements: + + 6RD-1: The IPv6 CE router MUST support 6rd configuration via the 6rd + DHCPv4 Option 212. If the CE router has obtained an IPv4 + network address through some other means such as PPP, it + SHOULD use the DHCPINFORM request message [RFC2131] to + request the 6rd DHCPv4 Option. The IPv6 CE router MAY use + other mechanisms to configure 6rd parameters. Such + mechanisms are outside the scope of this document. + + 6RD-2: If the IPv6 CE router is capable of automated configuration + of IPv4 through IPCP (i.e., over a PPP connection), it MUST + support user-entered configuration of 6rd. + + 6RD-3: If the CE router supports configuration mechanisms other than + the 6rd DHCPv4 Option 212 (user-entered, TR-069 [TR-069], + etc.), the CE router MUST support 6rd in "hub and spoke" + mode. 6rd in "hub and spoke" requires all IPv6 traffic to go + to the 6rd Border Relay. In effect, this requirement removes + the "direct connect to 6rd" route defined in Section 7.1.1 of + [RFC5969]. + + 6RD-4: A CE router MUST allow 6rd and native IPv6 WAN interfaces to + be active alone as well as simultaneously in order to support + coexistence of the two technologies during an incremental + migration period such as a migration from 6rd to native IPv6. + + 6RD-5: Each packet sent on a 6rd or native WAN interface MUST be + directed such that its source IP address is derived from the + delegated prefix associated with the particular interface + from which the packet is being sent (Section 4.3 of + [RFC3704]). + + 6RD-6: The CE router MUST allow different as well as identical + delegated prefixes to be configured via each (6rd or native) + WAN interface. + + 6RD-7: In the event that forwarding rules produce a tie between 6rd + and native IPv6, by default, the IPv6 CE router MUST prefer + native IPv6. + +4.4.2. Dual-Stack Lite (DS-Lite) + + Dual-Stack Lite [RFC6333] enables both continued support for IPv4 + services and incentives for the deployment of IPv6. It also + de-couples IPv6 deployment in the service provider network from the + rest of the Internet, making incremental deployment easier. Dual- + Stack Lite enables a broadband service provider to share IPv4 + + + +Singh, et al. Informational [Page 15] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + addresses among customers by combining two well-known technologies: + IP in IP (IPv4-in-IPv6) and Network Address Translation (NAT). It is + expected that DS-Lite traffic is forwarded over the CE router's + native IPv6 WAN interface, and not encapsulated in another tunnel. + + The IPv6 CE router SHOULD implement DS-Lite functionality. If + DS-Lite is supported, it MUST be implemented according to [RFC6333]. + This document takes no position on simultaneous operation of Dual- + Stack Lite and native IPv4. The following CE router requirements + also apply: + + WAN requirements: + + DLW-1: The CE router MUST support configuration of DS-Lite via the + DS-Lite DHCPv6 option [RFC6334]. The IPv6 CE router MAY use + other mechanisms to configure DS-Lite parameters. Such + mechanisms are outside the scope of this document. + + DLW-2: The IPv6 CE router MUST NOT perform IPv4 Network Address + Translation (NAT) on IPv4 traffic encapsulated using DS-Lite. + + DLW-3: If the IPv6 CE router is configured with an IPv4 address on + its WAN interface, then the IPv6 CE router SHOULD disable the + DS-Lite Basic Bridging BroadBand (B4) element. + +4.5. Security Considerations + + It is considered a best practice to filter obviously malicious + traffic (e.g., spoofed packets, "Martian" addresses, etc.). Thus, + the IPv6 CE router ought to support basic stateless egress and + ingress filters. The CE router is also expected to offer mechanisms + to filter traffic entering the customer network; however, the method + by which vendors implement configurable packet filtering is beyond + the scope of this document. + + Security requirements: + + S-1: The IPv6 CE router SHOULD support [RFC6092]. In particular, + the IPv6 CE router SHOULD support functionality sufficient for + implementing the set of recommendations in [RFC6092], + Section 4. This document takes no position on whether such + functionality is enabled by default or mechanisms by which + users would configure it. + + + + + + + + +Singh, et al. Informational [Page 16] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + S-2: The IPv6 CE router SHOULD support ingress filtering in + accordance with BCP 38 [RFC2827]. Note that this requirement + was downgraded from a MUST from RFC 6204 due to the difficulty + of implementation in the CE router and the feature's redundancy + with upstream router ingress filtering. + + S-3: If the IPv6 CE router firewall is configured to filter incoming + tunneled data, the firewall SHOULD provide the capability to + filter decapsulated packets from a tunnel. + +5. Acknowledgements + + Thanks to the following people (in alphabetical order) for their + guidance and feedback: + + Mikael Abrahamsson, Tore Anderson, Merete Asak, Rajiv Asati, Scott + Beuker, Mohamed Boucadair, Rex Bullinger, Brian Carpenter, Tassos + Chatzithomaoglou, Lorenzo Colitti, Remi Denis-Courmont, Gert Doering, + Alain Durand, Katsunori Fukuoka, Brian Haberman, Tony Hain, Thomas + Herbst, Ray Hunter, Joel Jaeggli, Kevin Johns, Erik Kline, Stephen + Kramer, Victor Kuarsingh, Francois-Xavier Le Bail, Arifumi Matsumoto, + David Miles, Shin Miyakawa, Jean-Francois Mule, Michael Newbery, + Carlos Pignataro, John Pomeroy, Antonio Querubin, Daniel Roesen, + Hiroki Sato, Teemu Savolainen, Matt Schmitt, David Thaler, Mark + Townsley, Sean Turner, Bernie Volz, Dan Wing, Timothy Winters, James + Woodyatt, Carl Wuyts, and Cor Zwart. + + This document is based in part on CableLabs' eRouter specification. + The authors wish to acknowledge the additional contributors from the + eRouter team: + + Ben Bekele, Amol Bhagwat, Ralph Brown, Eduardo Cardona, Margo Dolas, + Toerless Eckert, Doc Evans, Roger Fish, Michelle Kuska, Diego + Mazzola, John McQueen, Harsh Parandekar, Michael Patrick, Saifur + Rahman, Lakshmi Raman, Ryan Ross, Ron da Silva, Madhu Sudan, Dan + Torbet, and Greg White. + +6. Contributors + + The following people have participated as co-authors or provided + substantial contributions to this document: Ralph Droms, Kirk + Erichsen, Fred Baker, Jason Weil, Lee Howard, Jean-Francois Tremblay, + Yiu Lee, John Jason Brzozowski, and Heather Kirksey. Thanks to Ole + Troan for editorship in the original RFC 6204 document. + + + + + + + +Singh, et al. Informational [Page 17] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + +7. References + +7.1. Normative References + + [RFC1122] Braden, R., "Requirements for Internet Hosts - + Communication Layers", STD 3, RFC 1122, October 1989. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC + 2131, March 1997. + + [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet + Networks", RFC 2464, December 1998. + + [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: + Defeating Denial of Service Attacks which employ IP Source + Address Spoofing", BCP 38, RFC 2827, May 2000. + + [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., + and M. Carney, "Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)", RFC 3315, July 2003. + + [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic + Host Configuration Protocol (DHCP) version 6", RFC 3633, + December 2003. + + [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host + Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, + December 2003. + + [RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed + Networks", BCP 84, RFC 3704, March 2004. + + [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol + (DHCP) Service for IPv6", RFC 3736, April 2004. + + [RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and + More-Specific Routes", RFC 4191, November 2005. + + [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast + Addresses", RFC 4193, October 2005. + + [RFC4242] Venaas, S., Chown, T., and B. Volz, "Information Refresh + Time Option for Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)", RFC 4242, November 2005. + + + + +Singh, et al. Informational [Page 18] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + [RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control + Message Protocol (ICMPv6) for the Internet Protocol + Version 6 (IPv6) Specification", RFC 4443, March 2006. + + [RFC4605] Fenner, B., He, H., Haberman, B., and H. Sandick, + "Internet Group Management Protocol (IGMP) / Multicast + Listener Discovery (MLD)-Based Multicast Forwarding + ("IGMP/MLD Proxying")", RFC 4605, August 2006. + + [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing + (CIDR): The Internet Address Assignment and Aggregation + Plan", BCP 122, RFC 4632, August 2006. + + [RFC4779] Asadullah, S., Ahmed, A., Popoviciu, C., Savola, P., and + J. Palet, "ISP IPv6 Deployment Scenarios in Broadband + Access Networks", RFC 4779, January 2007. + + [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, + "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, + September 2007. + + [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless + Address Autoconfiguration", RFC 4862, September 2007. + + [RFC5072] Varada, S., Haskins, D., and E. Allen, "IP Version 6 over + PPP", RFC 5072, September 2007. + + [RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network + Time Protocol Version 4: Protocol and Algorithms + Specification", RFC 5905, June 2010. + + [RFC5908] Gayraud, R. and B. Lourdelet, "Network Time Protocol (NTP) + Server Option for DHCPv6", RFC 5908, June 2010. + + [RFC5942] Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet + Model: The Relationship between Links and Subnet + Prefixes", RFC 5942, July 2010. + + [RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 + Infrastructures (6rd) -- Protocol Specification", RFC + 5969, August 2010. + + [RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in + Customer Premises Equipment (CPE) for Providing + Residential IPv6 Internet Service", RFC 6092, January + 2011. + + + + + +Singh, et al. Informational [Page 19] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, + "IPv6 Router Advertisement Options for DNS Configuration", + RFC 6106, November 2010. + + [RFC6177] Narten, T., Huston, G., and L. Roberts, "IPv6 Address + Assignment to End Sites", BCP 157, RFC 6177, March 2011. + + [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- + Stack Lite Broadband Deployments Following IPv4 + Exhaustion", RFC 6333, August 2011. + + [RFC6334] Hankins, D. and T. Mrugalski, "Dynamic Host Configuration + Protocol for IPv6 (DHCPv6) Option for Dual-Stack Lite", + RFC 6334, August 2011. + + [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node + Requirements", RFC 6434, December 2011. + + [RFC6603] Korhonen, J., Savolainen, T., Krishnan, S., and O. Troan, + "Prefix Exclude Option for DHCPv6-based Prefix + Delegation", RFC 6603, May 2012. + + [RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. + Selkirk, "Port Control Protocol (PCP)", RFC 6887, April + 2013. + + [RFC7083] Droms, R., "Modification to Default Values of SOL_MAX_RT + and INF_MAX_RT", RFC 7083, November 2013. + +7.2. Informative References + + [DHCPv6-STATEFUL-ISSUES] + Troan, O. and B. Volz, "Issues with multiple stateful + DHCPv6 options", Work in Progress, May 2013. + + [MULTIHOMING-WITHOUT-NAT] + Troan, O., Ed., Miles, D., Matsushima, S., Okimoto, T., + and D. Wing, "IPv6 Multihoming without Network Address + Translation", Work in Progress, December 2010. + + [RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for + IPv4/IPv6 Translation", RFC 6144, April 2011. + + [TR-069] Broadband Forum, "CPE WAN Management Protocol", TR-069 + Amendment 4, July 2011, + . + + + + + +Singh, et al. Informational [Page 20] + +RFC 7084 IPv6 CE Router Requirements November 2013 + + + [UPnP-IGD] UPnP Forum, , "InternetGatewayDevice:2 Device Template + Version 1.01", December 2010, + . + +Authors' Addresses + + Hemant Singh + Cisco Systems, Inc. + 1414 Massachusetts Ave. + Boxborough, MA 01719 + USA + + Phone: +1 978 936 1622 + EMail: shemant@cisco.com + URI: http://www.cisco.com/ + + + Wes Beebee + Cisco Systems, Inc. + 1414 Massachusetts Ave. + Boxborough, MA 01719 + USA + + Phone: +1 978 936 2030 + EMail: wbeebee@cisco.com + URI: http://www.cisco.com/ + + + Chris Donley + CableLabs + 858 Coal Creek Circle + Louisville, CO 80027 + USA + + EMail: c.donley@cablelabs.com + + + Barbara Stark + AT&T + 1057 Lenox Park Blvd. NE + Atlanta, GA 30319 + USA + + EMail: barbara.stark@att.com + + + + + + + +Singh, et al. Informational [Page 21] + diff --git a/technikzeugs/theorie/ipv6/rfc8415.txt b/technikzeugs/theorie/ipv6/rfc8415.txt new file mode 100644 index 0000000..c52bcb3 --- /dev/null +++ b/technikzeugs/theorie/ipv6/rfc8415.txt @@ -0,0 +1,8627 @@ + + + + + + +Internet Engineering Task Force (IETF) T. Mrugalski +Request for Comments: 8415 M. Siodelski +Obsoletes: 3315, 3633, 3736, 4242, 7083, ISC + 7283, 7550 B. Volz +Category: Standards Track A. Yourtchenko +ISSN: 2070-1721 Cisco + M. Richardson + SSW + S. Jiang + Huawei + T. Lemon + Nibbhaya Consulting + T. Winters + UNH-IOL + November 2018 + + + Dynamic Host Configuration Protocol for IPv6 (DHCPv6) + +Abstract + + This document describes the Dynamic Host Configuration Protocol for + IPv6 (DHCPv6): an extensible mechanism for configuring nodes with + network configuration parameters, IP addresses, and prefixes. + Parameters can be provided statelessly, or in combination with + stateful assignment of one or more IPv6 addresses and/or IPv6 + prefixes. DHCPv6 can operate either in place of or in addition to + stateless address autoconfiguration (SLAAC). + + This document updates the text from RFC 3315 (the original DHCPv6 + specification) and incorporates prefix delegation (RFC 3633), + stateless DHCPv6 (RFC 3736), an option to specify an upper bound for + how long a client should wait before refreshing information (RFC + 4242), a mechanism for throttling DHCPv6 clients when DHCPv6 service + is not available (RFC 7083), and relay agent handling of unknown + messages (RFC 7283). In addition, this document clarifies the + interactions between models of operation (RFC 7550). As such, this + document obsoletes RFC 3315, RFC 3633, RFC 3736, RFC 4242, RFC 7083, + RFC 7283, and RFC 7550. + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 1] + +RFC 8415 DHCP for IPv6 November 2018 + + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc8415. + +Copyright Notice + + Copyright (c) 2018 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + This document may contain material from IETF Documents or IETF + Contributions published or made publicly available before November + 10, 2008. The person(s) controlling the copyright in some of this + material may not have granted the IETF Trust the right to allow + modifications of such material outside the IETF Standards Process. + Without obtaining an adequate license from the person(s) controlling + the copyright in such materials, this document may not be modified + outside the IETF Standards Process, and derivative works of it may + not be created outside the IETF Standards Process, except to format + it for publication as an RFC or to translate it into languages other + than English. + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 2] + +RFC 8415 DHCP for IPv6 November 2018 + + +Table of Contents + + 1. Introduction ....................................................6 + 1.1. Relationship to Previous DHCPv6 Standards ..................7 + 1.2. Relationship to DHCPv4 .....................................8 + 2. Requirements ....................................................8 + 3. Background ......................................................8 + 4. Terminology .....................................................9 + 4.1. IPv6 Terminology ...........................................9 + 4.2. DHCP Terminology ..........................................11 + 5. Client/Server Exchanges ........................................16 + 5.1. Client/Server Exchanges Involving Two Messages ............16 + 5.2. Client/Server Exchanges Involving Four Messages ...........17 + 5.3. Server/Client Exchanges ...................................18 + 6. Operational Models .............................................18 + 6.1. Stateless DHCP ............................................18 + 6.2. DHCP for Non-temporary Address Assignment .................19 + 6.3. DHCP for Prefix Delegation ................................19 + 6.4. DHCP for Customer Edge Routers ............................22 + 6.5. DHCP for Temporary Addresses ..............................22 + 6.6. Multiple Addresses and Prefixes ...........................22 + 7. DHCP Constants .................................................23 + 7.1. Multicast Addresses .......................................23 + 7.2. UDP Ports .................................................24 + 7.3. DHCP Message Types ........................................24 + 7.4. DHCP Option Codes .........................................26 + 7.5. Status Codes ..............................................26 + 7.6. Transmission and Retransmission Parameters ................27 + 7.7. Representation of Time Values and "Infinity" as a + Time Value ................................................28 + 8. Client/Server Message Formats ..................................29 + 9. Relay Agent/Server Message Formats .............................30 + 9.1. Relay-forward Message .....................................31 + 9.2. Relay-reply Message .......................................31 + 10. Representation and Use of Domain Names ........................32 + 11. DHCP Unique Identifier (DUID) .................................32 + 11.1. DUID Contents ............................................33 + 11.2. DUID Based on Link-Layer Address Plus Time (DUID-LLT) ....33 + 11.3. DUID Assigned by Vendor Based on Enterprise + Number (DUID-EN) .........................................35 + 11.4. DUID Based on Link-Layer Address (DUID-LL) ...............36 + 11.5. DUID Based on Universally Unique Identifier (DUID-UUID) ..37 + 12. Identity Association ..........................................37 + 12.1. Identity Associations for Address Assignment .............38 + 12.2. Identity Associations for Prefix Delegation ..............38 + + + + + + +Mrugalski, et al. Standards Track [Page 3] + +RFC 8415 DHCP for IPv6 November 2018 + + + 13. Assignment to an IA ...........................................39 + 13.1. Selecting Addresses for Assignment to an IA_NA ...........39 + 13.2. Assignment of Temporary Addresses ........................40 + 13.3. Assignment of Prefixes for IA_PD .........................41 + 14. Transmission of Messages by a Client ..........................41 + 14.1. Rate Limiting ............................................41 + 14.2. Client Behavior when T1 and/or T2 Are 0 ..................42 + 15. Reliability of Client-Initiated Message Exchanges .............43 + 16. Message Validation ............................................45 + 16.1. Use of Transaction IDs ...................................45 + 16.2. Solicit Message ..........................................46 + 16.3. Advertise Message ........................................46 + 16.4. Request Message ..........................................46 + 16.5. Confirm Message ..........................................47 + 16.6. Renew Message ............................................47 + 16.7. Rebind Message ...........................................47 + 16.8. Decline Message ..........................................47 + 16.9. Release Message ..........................................48 + 16.10. Reply Message ...........................................48 + 16.11. Reconfigure Message .....................................48 + 16.12. Information-request Message .............................49 + 16.13. Relay-forward Message ...................................49 + 16.14. Relay-reply Message .....................................49 + 17. Client Source Address and Interface Selection .................49 + 17.1. Source Address and Interface Selection for + Address Assignment .......................................49 + 17.2. Source Address and Interface Selection for Prefix + Delegation ...............................................50 + 18. DHCP Configuration Exchanges ..................................50 + 18.1. A Single Exchange for Multiple IA Options ................53 + 18.2. Client Behavior ..........................................53 + 18.2.1. Creation and Transmission of Solicit Messages .....55 + 18.2.2. Creation and Transmission of Request Messages .....57 + 18.2.3. Creation and Transmission of Confirm Messages .....59 + 18.2.4. Creation and Transmission of Renew Messages .......60 + 18.2.5. Creation and Transmission of Rebind Messages ......62 + 18.2.6. Creation and Transmission of + Information-request Messages ......................63 + 18.2.7. Creation and Transmission of Release Messages .....64 + 18.2.8. Creation and Transmission of Decline Messages .....65 + 18.2.9. Receipt of Advertise Messages .....................67 + 18.2.10. Receipt of Reply Messages ........................68 + 18.2.10.1. Reply for Solicit (with Rapid + Commit), Request, Renew, or Rebind ......69 + 18.2.10.2. Reply for Release and Decline ...........72 + 18.2.10.3. Reply for Confirm .......................72 + 18.2.10.4. Reply for Information-request ...........72 + + + + +Mrugalski, et al. Standards Track [Page 4] + +RFC 8415 DHCP for IPv6 November 2018 + + + 18.2.11. Receipt of Reconfigure Messages ..................72 + 18.2.12. Refreshing Configuration Information .............73 + 18.3. Server Behavior ..........................................74 + 18.3.1. Receipt of Solicit Messages .......................75 + 18.3.2. Receipt of Request Messages .......................77 + 18.3.3. Receipt of Confirm Messages .......................79 + 18.3.4. Receipt of Renew Messages .........................79 + 18.3.5. Receipt of Rebind Messages ........................81 + 18.3.6. Receipt of Information-request Messages ...........83 + 18.3.7. Receipt of Release Messages .......................84 + 18.3.8. Receipt of Decline Messages .......................85 + 18.3.9. Creation of Advertise Messages ....................85 + 18.3.10. Transmission of Advertise and Reply Messages .....87 + 18.3.11. Creation and Transmission of Reconfigure + Messages .........................................87 + 18.4. Reception of Unicast Messages ............................88 + 19. Relay Agent Behavior ..........................................89 + 19.1. Relaying a Client Message or a Relay-forward Message .....89 + 19.1.1. Relaying a Message from a Client ..................90 + 19.1.2. Relaying a Message from a Relay Agent .............90 + 19.1.3. Relay Agent Behavior with Prefix Delegation .......91 + 19.2. Relaying a Relay-reply Message ...........................91 + 19.3. Construction of Relay-reply Messages .....................91 + 19.4. Interaction between Relay Agents and Servers .............92 + 20. Authentication of DHCP Messages ...............................93 + 20.1. Security of Messages Sent between Servers and + Relay Agents .............................................94 + 20.2. Summary of DHCP Authentication ...........................94 + 20.3. Replay Detection .........................................94 + 20.4. Reconfiguration Key Authentication Protocol (RKAP) .......95 + 20.4.1. Use of the Authentication Option in RKAP ..........96 + 20.4.2. Server Considerations for RKAP ....................96 + 20.4.3. Client Considerations for RKAP ....................97 + 21. DHCP Options ..................................................97 + 21.1. Format of DHCP Options ...................................98 + 21.2. Client Identifier Option .................................99 + 21.3. Server Identifier Option .................................99 + 21.4. Identity Association for Non-temporary Addresses + Option ..................................................100 + 21.5. Identity Association for Temporary Addresses Option .....102 + 21.6. IA Address Option .......................................104 + 21.7. Option Request Option ...................................106 + 21.8. Preference Option .......................................108 + 21.9. Elapsed Time Option .....................................108 + 21.10. Relay Message Option ...................................109 + 21.11. Authentication Option ..................................110 + 21.12. Server Unicast Option ..................................111 + 21.13. Status Code Option .....................................112 + + + +Mrugalski, et al. Standards Track [Page 5] + +RFC 8415 DHCP for IPv6 November 2018 + + + 21.14. Rapid Commit Option ....................................114 + 21.15. User Class Option ......................................115 + 21.16. Vendor Class Option ....................................116 + 21.17. Vendor-specific Information Option .....................117 + 21.18. Interface-Id Option ....................................119 + 21.19. Reconfigure Message Option .............................121 + 21.20. Reconfigure Accept Option ..............................121 + 21.21. Identity Association for Prefix Delegation Option ......122 + 21.22. IA Prefix Option .......................................124 + 21.23. Information Refresh Time Option ........................126 + 21.24. SOL_MAX_RT Option ......................................127 + 21.25. INF_MAX_RT Option ......................................128 + 22. Security Considerations ......................................130 + 23. Privacy Considerations .......................................133 + 24. IANA Considerations ..........................................133 + 25. Obsoleted Mechanisms .........................................138 + 26. References ...................................................139 + 26.1. Normative References ....................................139 + 26.2. Informative References ..................................140 + Appendix A. Summary of Changes ...................................146 + Appendix B. Appearance of Options in Message Types ...............149 + Appendix C. Appearance of Options in the "options" Field of DHCP + Options ..............................................151 + Acknowledgments ..................................................152 + Authors' Addresses ...............................................153 + +1. Introduction + + This document describes DHCP for IPv6 (DHCPv6), a client/server + protocol that provides managed configuration of devices. The basic + operation of DHCPv6 provides configuration for clients connected to + the same link as the server. Relay agent functionality is also + defined for enabling communication between clients and servers that + are not on the same link. + + DHCPv6 can provide a device with addresses assigned by a DHCPv6 + server and other configuration information; this data is carried in + options. DHCPv6 can be extended through the definition of new + options to carry configuration information not specified in this + document. + + DHCPv6 also provides a mechanism for automated delegation of IPv6 + prefixes using DHCPv6, as originally specified in [RFC3633]. Through + this mechanism, a delegating router can delegate prefixes to + requesting routers. Use of this mechanism is specified as part of + [RFC7084] and by [TR-187]. + + + + + +Mrugalski, et al. Standards Track [Page 6] + +RFC 8415 DHCP for IPv6 November 2018 + + + DHCP can also be used just to provide other configuration options + (i.e., no addresses or prefixes). That implies that the server does + not have to track any state; thus, this mode is called "stateless + DHCPv6". Mechanisms necessary to support stateless DHCPv6 are much + smaller than mechanisms needed to support stateful DHCPv6. [RFC3736] + was written to document just those portions of DHCPv6 needed to + support DHCPv6 stateless operation. + + The remainder of this introduction summarizes the relationship to the + previous DHCPv6 standards (see Section 1.1) and clarifies the stance + with regard to DHCPv4 (see Section 1.2). Section 5 describes the + message exchange mechanisms to illustrate DHCP operation rather than + provide an exhaustive list of all possible interactions, and + Section 6 provides an overview of common operational models. + Section 18 explains client and server operation in detail. + +1.1. Relationship to Previous DHCPv6 Standards + + The initial specification of DHCPv6 was defined in [RFC3315], and a + number of follow-up documents were published over the years: + + - [RFC3633] ("IPv6 Prefix Options for Dynamic Host Configuration + Protocol (DHCP) version 6") + + - [RFC3736] ("Stateless Dynamic Host Configuration Protocol (DHCP) + Service for IPv6") + + - [RFC4242] ("Information Refresh Time Option for Dynamic Host + Configuration Protocol for IPv6 (DHCPv6)") + + - [RFC7083] ("Modification to Default Values of SOL_MAX_RT and + INF_MAX_RT") + + - [RFC7283] ("Handling Unknown DHCPv6 Messages") + + - [RFC7550] ("Issues and Recommendations with Multiple Stateful + DHCPv6 Options") + + This document provides a unified, corrected, and cleaned-up + definition of DHCPv6 that also covers all applicable errata filed + against older RFCs (see the list in Appendix A). As such, it + obsoletes the RFCs listed in the previous paragraph. Also, there are + a small number of mechanisms that were obsoleted; see Section 25 and + Appendix A. + + + + + + + +Mrugalski, et al. Standards Track [Page 7] + +RFC 8415 DHCP for IPv6 November 2018 + + +1.2. Relationship to DHCPv4 + + The operational models and relevant configuration information for + DHCPv4 [RFC2131] [RFC2132] and DHCPv6 are sufficiently different that + integration between the two services is not included in this + document. [RFC3315] suggested that future work might be to extend + DHCPv6 to carry IPv4 address and configuration information. However, + the current consensus of the IETF is that DHCPv4 should be used + rather than DHCPv6 when conveying IPv4 configuration information to + nodes. For IPv6-only networks, [RFC7341] describes a transport + mechanism to carry DHCPv4 messages using the DHCPv6 protocol for the + dynamic provisioning of IPv4 address and configuration information. + + Merging DHCPv4 and DHCPv6 configuration is out of scope for this + document. [RFC4477] discusses some issues and possible strategies + for running DHCPv4 and DHCPv6 services together. While [RFC4477] is + a bit dated, it provides a good overview of the issues at hand. + +2. Requirements + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + + This document also makes use of internal conceptual variables to + describe protocol behavior and external variables that an + implementation must allow system administrators to change. The + specific variable names, how their values change, and how their + settings influence protocol behavior are provided to demonstrate + protocol behavior. An implementation is not required to have them in + the exact form described here, as long as its external behavior is + consistent with that described in this document. + +3. Background + + [RFC8200] ("Internet Protocol, Version 6 (IPv6) Specification") + provides the base architecture and design of IPv6. In addition to + [RFC8200], related work in IPv6 that an implementer would be best + served to study includes + + - [RFC4291] ("IP Version 6 Addressing Architecture") + + - [RFC4862] ("IPv6 Stateless Address Autoconfiguration") + + - [RFC4861] ("Neighbor Discovery for IP version 6 (IPv6)") + + + + +Mrugalski, et al. Standards Track [Page 8] + +RFC 8415 DHCP for IPv6 November 2018 + + + These specifications enable DHCP to build upon the IPv6 work to + provide robust stateful autoconfiguration. + + [RFC4291] defines the address scope that can be used in an IPv6 + implementation and also provides various configuration architecture + guidelines for network designers of the IPv6 address space. Two + advantages of IPv6 are that support for multicast is required and + nodes can create link-local addresses during initialization. The + availability of these features means that a client can use its + link-local address and a well-known multicast address to discover and + communicate with DHCP servers or relay agents on its link. + + [RFC4862] specifies procedures by which a node may autoconfigure + addresses based on Router Advertisements [RFC4861] and the use of a + valid lifetime to support renumbering of addresses on the Internet. + Compatibility with stateless address autoconfiguration is a design + requirement of DHCP. + + IPv6 Neighbor Discovery [RFC4861] is the node discovery protocol in + IPv6 that replaces and enhances functions of ARP [RFC826]. To + understand IPv6 and stateless address autoconfiguration, it is + strongly recommended that implementers understand IPv6 Neighbor + Discovery. + +4. Terminology + + This section defines terminology specific to IPv6 and DHCP used in + this document. + +4.1. IPv6 Terminology + + IPv6 terminology from [RFC8200], [RFC4291], and [RFC4862] relevant to + this specification is included below. + + address An IP-layer identifier for an interface or + a set of interfaces. + + GUA Global unicast address (see [RFC4291]). + + host Any node that is not a router. + + IP Internet Protocol Version 6 (IPv6). The + terms "IPv4" and "IPv6" are used only in + contexts where it is necessary to avoid + ambiguity. + + interface A node's attachment to a link. + + + + +Mrugalski, et al. Standards Track [Page 9] + +RFC 8415 DHCP for IPv6 November 2018 + + + link A communication facility or medium over + which nodes can communicate at the link + layer, i.e., the layer immediately below + IP. Examples are Ethernet (simple or + bridged); Point-to-Point Protocol (PPP) and + PPP over Ethernet (PPPoE) links; and + Internet-layer (or higher) "tunnels", such + as tunnels over IPv4 or IPv6 itself. + + link-layer identifier A link-layer identifier for an interface -- + for example, IEEE 802 addresses for + Ethernet or Token Ring network interfaces. + + link-local address An IPv6 address having a link-only scope, + indicated by having the prefix (fe80::/10), + that can be used to reach neighboring nodes + attached to the same link. Every IPv6 + interface on which DHCPv6 can reasonably be + useful has a link-local address. + + multicast address An identifier for a set of interfaces + (typically belonging to different nodes). + A packet sent to a multicast address is + delivered to all interfaces identified by + that address. + + neighbor A node attached to the same link. + + node A device that implements IP. + + packet An IP header plus payload. + + prefix The initial bits of an address, or a set + of IP addresses that share the same + initial bits. + + prefix length The number of bits in a prefix. + + router A node that forwards IP packets not + explicitly addressed to itself. + + ULA Unique local address (see [RFC4193]). + + unicast address An identifier for a single interface. A + packet sent to a unicast address is + delivered to the interface identified by + that address. + + + + +Mrugalski, et al. Standards Track [Page 10] + +RFC 8415 DHCP for IPv6 November 2018 + + +4.2. DHCP Terminology + + Terminology specific to DHCP can be found below. + + appropriate to the link An address is "appropriate to the link" + when the address is consistent with the + DHCP server's knowledge of the network + topology, prefix assignment, and address + assignment policies. + + binding A binding (or client binding) is a group of + server data records containing the + information the server has about the + addresses or delegated prefixes in an + Identity Association (IA) or configuration + information explicitly assigned to the + client. Configuration information that has + been returned to a client through a policy, + such as the information returned to all + clients on the same link, does not require + a binding. A binding containing + information about an IA is indexed by the + tuple (where IA-type + is the type of lease in the IA -- for + example, temporary). A binding containing + configuration information for a client is + indexed by . See below for + definitions of DUID, IA, and IAID. + + configuration parameter An element of the configuration information + set on the server and delivered to the + client using DHCP. Such parameters may be + used to carry information to be used by a + node to configure its network subsystem and + enable communication on a link or + internetwork, for example. + + container option An option that encapsulates other options + (for example, the IA_NA option (see + Section 21.4) may contain IA Address + options (see Section 21.6)). + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 11] + +RFC 8415 DHCP for IPv6 November 2018 + + + delegating router The router that acts as a DHCP server and + responds to requests for delegated + prefixes. This document primarily uses the + term "DHCP server" or "server" when + discussing the "delegating router" + functionality of prefix delegation (see + Section 1). + + DHCP Dynamic Host Configuration Protocol for + IPv6. The terms "DHCPv4" and "DHCPv6" are + used only in contexts where it is necessary + to avoid ambiguity. + + DHCP client Also referred to as "client". A node that + initiates requests on a link to obtain + configuration parameters from one or more + DHCP servers. The node may act as a + requesting router (see below) if it + supports prefix delegation. + + DHCP domain A set of links managed by DHCP and operated + by a single administrative entity. + + DHCP relay agent Also referred to as "relay agent". A node + that acts as an intermediary to deliver + DHCP messages between clients and servers. + In certain configurations, there may be + more than one relay agent between clients + and servers, so a relay agent may send DHCP + messages to another relay agent. + + DHCP server Also referred to as "server". A node that + responds to requests from clients. It may + or may not be on the same link as the + client(s). Depending on its capabilities, + if it supports prefix delegation it may + also feature the functionality of a + delegating router. + + DUID A DHCP Unique Identifier for a DHCP + participant. Each DHCP client and server + has exactly one DUID. See Section 11 for + details of the ways in which a DUID may be + constructed. + + + + + + + +Mrugalski, et al. Standards Track [Page 12] + +RFC 8415 DHCP for IPv6 November 2018 + + + encapsulated option A DHCP option that is usually only + contained in another option. For example, + the IA Address option is contained in IA_NA + or IA_TA options (see Section 21.5). See + Section 9 of [RFC7227] for a more complete + definition. + + IA Identity Association: a collection of + leases assigned to a client. Each IA has + an associated IAID (see below). A client + may have more than one IA assigned to it -- + for example, one for each of its + interfaces. Each IA holds one type of + lease; for example, an identity association + for temporary addresses (IA_TA) holds + temporary addresses, and an identity + association for prefix delegation (IA_PD) + holds delegated prefixes. Throughout this + document, "IA" is used to refer to an + identity association without identifying + the type of a lease in the IA. At the time + of writing this document, there are three + IA types defined: IA_NA, IA_TA, and IA_PD. + New IA types may be defined in the future. + + IA option(s) At the time of writing this document, one + or more IA_NA, IA_TA, and/or IA_PD options. + New IA types may be defined in the future. + + IAID Identity Association Identifier: an + identifier for an IA, chosen by the client. + Each IA has an IAID, which is chosen to be + unique among IAIDs for IAs of a specific + type that belong to that client. + + IA_NA Identity Association for Non-temporary + Addresses: an IA that carries assigned + addresses that are not temporary addresses + (see "IA_TA"). See Section 21.4 for + details on the IA_NA option. + + IA_PD Identity Association for Prefix Delegation: + an IA that carries delegated prefixes. See + Section 21.21 for details on the IA_PD + option. + + + + + + +Mrugalski, et al. Standards Track [Page 13] + +RFC 8415 DHCP for IPv6 November 2018 + + + IA_TA Identity Association for Temporary + Addresses: an IA that carries temporary + addresses (see [RFC4941]). See + Section 21.5 for details on the IA_TA + option. + + lease A contract by which the server grants the + use of an address or delegated prefix to + the client for a specified period of time. + + message A unit of data carried as the payload of a + UDP datagram, exchanged among DHCP servers, + relay agents, and clients. + + Reconfigure key A key supplied to a client by a server. + Used to provide security for Reconfigure + messages (see Section 7.3 for the list of + available message types). + + relaying A DHCP relay agent relays DHCP messages + between DHCP participants. + + requesting router The router that acts as a DHCP client and + is requesting prefix(es) to be assigned. + This document primarily uses the term "DHCP + client" or "client" when discussing the + "requesting router" functionality of prefix + delegation (see Section 1). + + retransmission Another attempt to send the same DHCP + message by a client or server, as a result + of not receiving a valid response to the + previously sent messages. The + retransmitted message is typically modified + prior to sending, as required by the DHCP + specifications. In particular, the client + updates the value of the Elapsed Time + option in the retransmitted message. + + RKAP The Reconfiguration Key Authentication + Protocol (see Section 20.4). + + singleton option An option that is allowed to appear only + once as a top-level option or at any + encapsulation level. Most options are + singletons. + + + + + +Mrugalski, et al. Standards Track [Page 14] + +RFC 8415 DHCP for IPv6 November 2018 + + + T1 The time interval after which the client is + expected to contact the server that did the + assignment to extend (renew) the lifetimes + of the addresses assigned (via IA_NA + option(s)) and/or prefixes delegated (via + IA_PD option(s)) to the client. T1 is + expressed as an absolute value in messages + (in seconds), is conveyed within IA + containers (currently the IA_NA and IA_PD + options), and is interpreted as a time + interval since the packet's reception. The + value stored in the T1 field in IA options + is referred to as the T1 value. The actual + time when the timer expires is referred to + as the T1 time. + + T2 The time interval after which the client is + expected to contact any available server to + extend (rebind) the lifetimes of the + addresses assigned (via IA_NA option(s)) + and/or prefixes delegated (via IA_PD + option(s)) to the client. T2 is expressed + as an absolute value in messages (in + seconds), is conveyed within IA containers + (currently the IA_NA and IA_PD options), + and is interpreted as a time interval since + the packet's reception. The value stored + in the T2 field in IA options is referred + to as the T2 value. The actual time when + the timer expires is referred to as the + T2 time. + + top-level option An option conveyed in a DHCP message + directly, i.e., not encapsulated in any + other option, as described in Section 9 of + [RFC7227]. + + transaction ID An opaque value used to match responses + with replies initiated by either a client + or a server. + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 15] + +RFC 8415 DHCP for IPv6 November 2018 + + +5. Client/Server Exchanges + + Clients and servers exchange DHCP messages using UDP (see [RFC768] + and BCP 145 [RFC8085]). The client uses a link-local address or + addresses determined through other mechanisms for transmitting and + receiving DHCP messages. + + A DHCP client sends most messages using a reserved, link-scoped + multicast destination address so that the client need not be + configured with the address or addresses of DHCP servers. + + To allow a DHCP client to send a message to a DHCP server that is not + attached to the same link, a DHCP relay agent on the client's link + will relay messages between the client and server. The operation of + the relay agent is transparent to the client. The discussion of + message exchanges in the remainder of this section will omit the + description of the relaying of messages by relay agents. + + Once the client has determined the address of a server, it may, under + some circumstances, send messages directly to the server using + unicast. + +5.1. Client/Server Exchanges Involving Two Messages + + When a DHCP client does not need to have a DHCP server assign IP + addresses or delegated prefixes to it, the client can obtain other + configuration information such as a list of available DNS servers + [RFC3646] or NTP servers [RFC5908] through a single message and reply + exchange with a DHCP server. To obtain other configuration + information, the client first sends an Information-request message to + the All_DHCP_Relay_Agents_and_Servers multicast address. Servers + respond with a Reply message containing the other configuration + information for the client. + + A client may also request the server to expedite address assignment + and/or prefix delegation by using a two-message exchange instead of + the normal four-message exchange as discussed in the next section. + Expedited assignment can be requested by the client, and servers may + or may not honor the request (see Sections 18.3.1 and 21.14 for more + details and why servers may not honor this request). Clients may + request this expedited service in environments where it is likely + that there is only one server available on a link and no expectation + that a second server would become available, or when completing the + configuration process as quickly as possible is a priority. + + + + + + + +Mrugalski, et al. Standards Track [Page 16] + +RFC 8415 DHCP for IPv6 November 2018 + + + To request the expedited two-message exchange, the client sends a + Solicit message to the All_DHCP_Relay_Agents_and_Servers multicast + address requesting the assignment of addresses and/or delegated + prefixes and other configuration information. This message includes + an indication (the Rapid Commit option; see Section 21.14) that the + client is willing to accept an immediate Reply message from the + server. The server that is willing to commit the assignment of + addresses and/or delegated prefixes to the client immediately + responds with a Reply message. The configuration information and the + addresses and/or delegated prefixes in the Reply message are then + immediately available for use by the client. + + Each address or delegated prefix assigned to the client has + associated preferred and valid lifetimes specified by the server. To + request an extension of the lifetimes assigned to an address or + delegated prefix, the client sends a Renew message to the server. + The server sends a Reply message to the client with the new + lifetimes, allowing the client to continue to use the address or + delegated prefix without interruption. If the server is unable to + extend the lifetime of an address or delegated prefix, it indicates + this by returning the address or delegated prefix with lifetimes of + 0. At the same time, the server may assign other addresses or + delegated prefixes. + + See Section 18 for descriptions of additional two-message exchanges + between the client and server. + +5.2. Client/Server Exchanges Involving Four Messages + + To request the assignment of one or more addresses and/or delegated + prefixes, a client first locates a DHCP server and then requests the + assignment of addresses and/or delegated prefixes and other + configuration information from the server. The client sends a + Solicit message to the All_DHCP_Relay_Agents_and_Servers multicast + address to find available DHCP servers. Any server that can meet the + client's requirements responds with an Advertise message. The client + then chooses one of the servers and sends a Request message to the + server asking for confirmed assignment of addresses and/or delegated + prefixes and other configuration information. The server responds + with a Reply message that contains the confirmed addresses, delegated + prefixes, and configuration. + + As described in the previous section, the client can request an + extension of the lifetimes assigned to addresses or delegated + prefixes (this is a two-message exchange). + + + + + + +Mrugalski, et al. Standards Track [Page 17] + +RFC 8415 DHCP for IPv6 November 2018 + + +5.3. Server/Client Exchanges + + A server that has previously communicated with a client and + negotiated for the client to listen for Reconfigure messages may send + the client a Reconfigure message to initiate the client to update its + configuration by sending an Information-request, Renew, or Rebind + message. The client then performs the two-message exchange as + described earlier. This can be used to expedite configuration + changes to a client, such as the need to renumber a network (see + [RFC6879]). + +6. Operational Models + + This section describes some of the current most common DHCP + operational models. The described models are not mutually exclusive + and are sometimes used together. For example, a device may start in + stateful mode to obtain an address and, at a later time when an + application is started, request additional parameters using + stateless mode. + + This document assumes that the DHCP servers and the client, + communicating with the servers via a specific interface, belong to a + single provisioning domain. + + DHCP may be extended to support additional stateful services that may + interact with one or more of the models described below. Such + interaction should be considered and documented as part of any future + protocol extension. + +6.1. Stateless DHCP + + Stateless DHCP [RFC3736] is used when DHCP is not used for obtaining + a lease but a node (DHCP client) desires one or more DHCP "other + configuration" parameters, such as a list of DNS recursive name + servers or DNS domain search lists [RFC3646]. Stateless DHCP may be + used when a node initially boots or at any time the software on the + node requires some missing or expired configuration information that + is available via DHCP. + + This is the simplest and most basic operation for DHCP and requires a + client (and a server) to support only two messages -- + Information-request and Reply. Note that DHCP servers and relay + agents typically also need to support the Relay-forward and + Relay-reply messages to accommodate operation when clients and + servers are not on the same link. + + + + + + +Mrugalski, et al. Standards Track [Page 18] + +RFC 8415 DHCP for IPv6 November 2018 + + +6.2. DHCP for Non-temporary Address Assignment + + This model of operation was the original motivation for DHCP. It is + appropriate for situations where stateless address autoconfiguration + alone is insufficient or impractical, e.g., because of network + policy, additional requirements such as dynamic updates to the DNS, + or client-specific requirements. + + The model of operation for non-temporary address assignment is as + follows. The server is provided with prefixes from which it may + allocate addresses to clients, as well as any related network + topology information as to which prefixes are present on which links. + A client requests a non-temporary address to be assigned by the + server. The server allocates an address or addresses appropriate for + the link on which the client is connected. The server returns the + allocated address or addresses to the client. + + Each address has associated preferred and valid lifetimes, which + constitute an agreement about the length of time over which the + client is allowed to use the address. A client can request an + extension of the lifetimes on an address and is required to terminate + the use of an address if the valid lifetime of the address expires. + + Typically, clients request other configuration parameters, such as + the DNS name server addresses and domain search lists, when + requesting addresses. + + Clients can also request more than one address or set of addresses + (see Sections 6.6 and 12). + +6.3. DHCP for Prefix Delegation + + The prefix delegation mechanism, originally described in [RFC3633], + is another stateful mode of operation and was originally intended for + simple delegation of prefixes from a delegating router (DHCP server) + to requesting routers (DHCP clients). It is appropriate for + situations in which the delegating router (1) does not have knowledge + about the topology of the networks to which the requesting router is + attached and (2) does not require other information aside from the + identity of the requesting router to choose a prefix for delegation. + This mechanism is appropriate for use by an ISP to delegate a prefix + to a subscriber, where the delegated prefix would possibly be + subnetted and assigned to the links within the subscriber's network. + [RFC7084] and [RFC7368] describe such use in detail. + + The design of this prefix delegation mechanism meets the requirements + for prefix delegation in [RFC3769]. + + + + +Mrugalski, et al. Standards Track [Page 19] + +RFC 8415 DHCP for IPv6 November 2018 + + + While [RFC3633] assumes that the DHCP client is a router (hence the + use of "requesting router") and that the DHCP server is a router + (hence the use of "delegating router"), DHCP prefix delegation itself + does not require that the client forward IP packets not addressed to + itself and thus does not require that the client (or server) be a + router as defined in [RFC8200]. Also, in many cases (such as + tethering or hosting virtual machines), hosts are already forwarding + IP packets and thus are operating as routers as defined in [RFC8200]. + Therefore, this document mostly replaces "requesting router" with + "client" and "delegating router" with "server". + + The model of operation for prefix delegation is as follows. A server + is provisioned with prefixes to be delegated to clients. A client + requests prefix(es) from the server, as described in Section 18. The + server chooses prefix(es) for delegation and responds with prefix(es) + to the client. The client is then responsible for the delegated + prefix(es). For example, the client might assign a subnet from a + delegated prefix to one of its interfaces and begin sending Router + Advertisements for the prefix on that link. + + Each prefix has an associated preferred lifetime and valid lifetime, + which constitute an agreement about the length of time over which the + client is allowed to use the prefix. A client can request an + extension of the lifetimes on a delegated prefix and is required to + terminate the use of a delegated prefix if the valid lifetime of the + prefix expires. + + + + + + + + + + + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 20] + +RFC 8415 DHCP for IPv6 November 2018 + + + Figure 1 illustrates a network architecture in which prefix + delegation could be used. + + ______________________ \ + / \ \ + | ISP core network | \ + \__________ ___________/ | + | | + +-------+-------+ | + | Aggregation | | ISP + | device | | network + | (delegating | | + | router) | | + +-------+-------+ | + | / + |Network link to / + |subscriber premises / + | + +------+------+ \ + | CPE | \ + | (requesting | \ + | router) | | + +----+---+----+ | + | | | Subscriber + ---+-------------+-----+ +-----+------ | network + | | | | + +----+-----+ +-----+----+ +----+-----+ | + |Subscriber| |Subscriber| |Subscriber| / + | PC | | PC | | PC | / + +----------+ +----------+ +----------+ / + + Figure 1: Prefix Delegation Network + + In this example, the server (delegating router) is configured with a + set of prefixes to be used for assignment to customers at the time of + each customer's first connection to the ISP service. The prefix + delegation process begins when the client (requesting router) + requests configuration information through DHCP. The DHCP messages + from the client are received by the server in the aggregation device. + When the server receives the request, it selects an available prefix + or prefixes for delegation to the client. The server then returns + the prefix or prefixes to the client. + + The client subnets the delegated prefix and assigns the longer + prefixes to links in the subscriber's network. In a typical scenario + based on the network shown in Figure 1, the client subnets a single + delegated /48 prefix into /64 prefixes and assigns one /64 prefix to + each of the links in the subscriber network. + + + +Mrugalski, et al. Standards Track [Page 21] + +RFC 8415 DHCP for IPv6 November 2018 + + + The prefix delegation options can be used in conjunction with other + DHCP options carrying other configuration information to the client. + + The client may, in turn, provide DHCP service to nodes attached to + the internal network. For example, the client may obtain the + addresses of DNS and NTP servers from the ISP server and then pass + that configuration information on to the subscriber hosts through a + DHCP server in the client (requesting router). + + If the client uses a delegated prefix to configure addresses on + interfaces on itself or other nodes behind it, the preferred and + valid lifetimes of those addresses MUST be no longer than the + remaining preferred and valid lifetimes, respectively, for the + delegated prefix at any time. In particular, if the delegated prefix + or a prefix derived from it is advertised for stateless address + autoconfiguration [RFC4862], the advertised preferred and valid + lifetimes MUST NOT exceed the corresponding remaining lifetimes of + the delegated prefix. + +6.4. DHCP for Customer Edge Routers + + The DHCP requirements and network architecture for Customer Edge + Routers are described in [RFC7084]. This model of operation combines + address assignment (see Section 6.2) and prefix delegation (see + Section 6.3). In general, this model assumes that a single set of + transactions between the client and server will assign or extend the + client's non-temporary addresses and delegated prefixes. + +6.5. DHCP for Temporary Addresses + + Temporary addresses were originally introduced to avoid privacy + concerns with stateless address autoconfiguration, which based + 64 bits of the address on the EUI-64 (see [RFC4941]. They were added + to DHCP to provide complementary support when stateful address + assignment is used. + + Temporary address assignment works mostly like non-temporary address + assignment (see Section 6.2); however, these addresses are generally + intended to be used for a short period of time and not to have their + lifetimes extended, though they can be if required. + +6.6. Multiple Addresses and Prefixes + + DHCP allows a client to receive multiple addresses. During typical + operation, a client sends one instance of an IA_NA option and the + server assigns at most one address from each prefix assigned to the + link to which the client is attached. In particular, the server can + be configured to serve addresses out of multiple prefixes for a given + + + +Mrugalski, et al. Standards Track [Page 22] + +RFC 8415 DHCP for IPv6 November 2018 + + + link. This is useful in cases such as when a network renumbering + event is in progress. In a typical deployment, the server will grant + one address for each IA_NA option (see Section 21.4). + + A client can explicitly request multiple addresses by sending + multiple IA_NA options (and/or IA_TA options; see Section 21.5). A + client can send multiple IA_NA (and/or IA_TA) options in its initial + transmissions. Alternatively, it can send an extra Request message + with additional new IA_NA (and/or IA_TA) options (or include them in + a Renew message). + + The same principle also applies to prefix delegation. In principle, + DHCP allows a client to request new prefixes to be delegated by + sending additional IA_PD options (see Section 21.21). However, a + typical operator usually prefers to delegate a single, larger prefix. + In most deployments, it is recommended that the client request a + larger prefix in its initial transmissions rather than request + additional prefixes later on. + + The exact behavior of the server (whether to grant additional + addresses and prefixes or not) is up to the server policy and is out + of scope for this document. + + For more information on how the server distinguishes between IA + option instances, see Section 12. + +7. DHCP Constants + + This section describes various program and networking constants used + by DHCP. + +7.1. Multicast Addresses + + DHCP makes use of the following multicast addresses: + + All_DHCP_Relay_Agents_and_Servers (ff02::1:2) + A link-scoped multicast address used by a client to communicate + with neighboring (i.e., on-link) relay agents and servers. All + servers and relay agents are members of this multicast group. + + All_DHCP_Servers (ff05::1:3) + A site-scoped multicast address used by a relay agent to + communicate with servers, either because the relay agent wants to + send messages to all servers or because it does not know the + unicast addresses of the servers. Note that in order for a relay + agent to use this address, it must have an address of sufficient + + + + + +Mrugalski, et al. Standards Track [Page 23] + +RFC 8415 DHCP for IPv6 November 2018 + + + scope to be reachable by the servers. All servers within the site + are members of this multicast group on the interfaces that are + within the site. + +7.2. UDP Ports + + Clients listen for DHCP messages on UDP port 546. Servers and relay + agents listen for DHCP messages on UDP port 547. + +7.3. DHCP Message Types + + DHCP defines the following message types. The formats of these + messages are provided in Sections 8 and 9. Additional message types + have been defined and may be defined in the future; see + . The numeric + encoding for each message type is shown in parentheses. + + SOLICIT (1) A client sends a Solicit message to locate + servers. + + ADVERTISE (2) A server sends an Advertise message to + indicate that it is available for DHCP + service, in response to a Solicit message + received from a client. + + REQUEST (3) A client sends a Request message to request + configuration parameters, including + addresses and/or delegated prefixes, from a + specific server. + + CONFIRM (4) A client sends a Confirm message to any + available server to determine whether the + addresses it was assigned are still + appropriate to the link to which the client + is connected. + + RENEW (5) A client sends a Renew message to the + server that originally provided the + client's leases and configuration + parameters to extend the lifetimes on the + leases assigned to the client and to update + other configuration parameters. + + + + + + + + + +Mrugalski, et al. Standards Track [Page 24] + +RFC 8415 DHCP for IPv6 November 2018 + + + REBIND (6) A client sends a Rebind message to any + available server to extend the lifetimes on + the leases assigned to the client and to + update other configuration parameters; this + message is sent after a client receives no + response to a Renew message. + + REPLY (7) A server sends a Reply message containing + assigned leases and configuration + parameters in response to a Solicit, + Request, Renew, or Rebind message received + from a client. A server sends a Reply + message containing configuration parameters + in response to an Information-request + message. A server sends a Reply message in + response to a Confirm message confirming or + denying that the addresses assigned to the + client are appropriate to the link to which + the client is connected. A server sends a + Reply message to acknowledge receipt of a + Release or Decline message. + + RELEASE (8) A client sends a Release message to the + server that assigned leases to the client + to indicate that the client will no longer + use one or more of the assigned leases. + + DECLINE (9) A client sends a Decline message to a + server to indicate that the client has + determined that one or more addresses + assigned by the server are already in use + on the link to which the client is + connected. + + RECONFIGURE (10) A server sends a Reconfigure message to a + client to inform the client that the server + has new or updated configuration parameters + and that the client is to initiate a + Renew/Reply, Rebind/Reply, or + Information-request/Reply transaction with + the server in order to receive the updated + information. + + INFORMATION-REQUEST (11) A client sends an Information-request + message to a server to request + configuration parameters without the + assignment of any leases to the client. + + + + +Mrugalski, et al. Standards Track [Page 25] + +RFC 8415 DHCP for IPv6 November 2018 + + + RELAY-FORW (12) A relay agent sends a Relay-forward message + to relay messages to servers, either + directly or through another relay agent. + The received message -- either a client + message or a Relay-forward message from + another relay agent -- is encapsulated in + an option in the Relay-forward message. + + RELAY-REPL (13) A server sends a Relay-reply message to a + relay agent containing a message that the + relay agent delivers to a client. The + Relay-reply message may be relayed by other + relay agents for delivery to the + destination relay agent. + + The server encapsulates the client message + as an option in the Relay-reply message, + which the relay agent extracts and relays + to the client. + +7.4. DHCP Option Codes + + DHCP makes extensive use of options in messages; some of these are + defined later, in Section 21. Additional options are defined in + other documents or may be defined in the future (see [RFC7227] for + guidance on new option definitions). + +7.5. Status Codes + + DHCP uses status codes to communicate the success or failure of + operations requested in messages from clients and servers and to + provide additional information about the specific cause of the + failure of a message. The specific status codes are defined in + Section 21.13. + + If the Status Code option (see Section 21.13) does not appear in a + message in which the option could appear, the status of the message + is assumed to be Success. + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 26] + +RFC 8415 DHCP for IPv6 November 2018 + + +7.6. Transmission and Retransmission Parameters + + This section presents a table of values used to describe the message + transmission behavior of clients and servers. Some of the values are + adjusted by a randomization factor and backoffs (see Section 15). + Transmissions may also be influenced by rate limiting (see + Section 14.1). + + +-----------------+------------------+------------------------------+ + | Parameter | Default | Description | + +-----------------+------------------+------------------------------+ + | SOL_MAX_DELAY | 1 sec | Max delay of first Solicit | + | | | | + | SOL_TIMEOUT | 1 sec | Initial Solicit timeout | + | | | | + | SOL_MAX_RT | 3600 secs | Max Solicit timeout value | + | | | | + | REQ_TIMEOUT | 1 sec | Initial Request timeout | + | | | | + | REQ_MAX_RT | 30 secs | Max Request timeout value | + | | | | + | REQ_MAX_RC | 10 | Max Request retry attempts | + | | | | + | CNF_MAX_DELAY | 1 sec | Max delay of first Confirm | + | | | | + | CNF_TIMEOUT | 1 sec | Initial Confirm timeout | + | | | | + | CNF_MAX_RT | 4 secs | Max Confirm timeout | + | | | | + | CNF_MAX_RD | 10 secs | Max Confirm duration | + | | | | + | REN_TIMEOUT | 10 secs | Initial Renew timeout | + | | | | + | REN_MAX_RT | 600 secs | Max Renew timeout value | + | | | | + | REB_TIMEOUT | 10 secs | Initial Rebind timeout | + | | | | + | REB_MAX_RT | 600 secs | Max Rebind timeout value | + | | | | + | INF_MAX_DELAY | 1 sec | Max delay of first | + | | | Information-request | + | | | | + | INF_TIMEOUT | 1 sec | Initial Information-request | + | | | timeout | + | | | | + | INF_MAX_RT | 3600 secs | Max Information-request | + | | | timeout value | + | | | | + + + +Mrugalski, et al. Standards Track [Page 27] + +RFC 8415 DHCP for IPv6 November 2018 + + + | REL_TIMEOUT | 1 sec | Initial Release timeout | + | | | | + | REL_MAX_RC | 4 | Max Release retry attempts | + | | | | + | DEC_TIMEOUT | 1 sec | Initial Decline timeout | + | | | | + | DEC_MAX_RC | 4 | Max Decline retry attempts | + | | | | + | REC_TIMEOUT | 2 secs | Initial Reconfigure timeout | + | | | | + | REC_MAX_RC | 8 | Max Reconfigure attempts | + | | | | + | HOP_COUNT_LIMIT | 8 | Max hop count in a | + | | | Relay-forward message | + | | | | + | IRT_DEFAULT | 86400 secs (24 | Default information refresh | + | | hours) | time | + | | | | + | IRT_MINIMUM | 600 secs | Min information refresh time | + | | | | + | MAX_WAIT_TIME | 60 secs | Max required time to wait | + | | | for a response | + +-----------------+------------------+------------------------------+ + + Table 1: Transmission and Retransmission Parameters + +7.7. Representation of Time Values and "Infinity" as a Time Value + + All time values for lifetimes, T1, and T2 are unsigned 32-bit + integers and are expressed in units of seconds. The value 0xffffffff + is taken to mean "infinity" when used as a lifetime (as in [RFC4861]) + or a value for T1 or T2. + + Setting the valid lifetime of an address or a delegated prefix to + 0xffffffff ("infinity") amounts to a permanent assignment of an + address or delegation to a client and should only be used in cases + where permanent assignments are desired. + + Care should be taken in setting T1 or T2 to 0xffffffff ("infinity"). + A client will never attempt to extend the lifetimes of any addresses + in an IA with T1 set to 0xffffffff. A client will never attempt to + use a Rebind message to locate a different server to extend the + lifetimes of any addresses in an IA with T2 set to 0xffffffff. + + + + + + + + +Mrugalski, et al. Standards Track [Page 28] + +RFC 8415 DHCP for IPv6 November 2018 + + +8. Client/Server Message Formats + + All DHCP messages sent between clients and servers share an identical + fixed-format header and a variable-format area for options. + + All values in the message header and in options are in network byte + order. + + Options are stored serially in the "options" field, with no padding + between the options. Options are byte-aligned but are not aligned in + any other way (such as on 2-byte or 4-byte boundaries). + + The following diagram illustrates the format of DHCP messages sent + between clients and servers: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | msg-type | transaction-id | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + . options . + . (variable number and length) . + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 2: Client/Server Message Format + + msg-type Identifies the DHCP message type; the + available message types are listed in + Section 7.3. A 1-octet field. + + transaction-id The transaction ID for this message exchange. + A 3-octet field. + + options Options carried in this message; options are + described in Section 21. A variable-length + field (4 octets less than the size of the + message). + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 29] + +RFC 8415 DHCP for IPv6 November 2018 + + +9. Relay Agent/Server Message Formats + + Relay agents exchange messages with other relay agents and servers to + relay messages between clients and servers that are not connected to + the same link. + + All values in the message header and in options are in network byte + order. + + Options are stored serially in the "options" field, with no padding + between the options. Options are byte-aligned but are not aligned in + any other way (such as on 2-byte or 4-byte boundaries). + + There are two relay agent messages (Relay-forward and Relay-reply), + which share the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | msg-type | hop-count | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | | + | link-address | + | | + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | | + | peer-address | + | | + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + . . + . options (variable number and length) .... . + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 3: Relay Agent/Server Message Format + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 30] + +RFC 8415 DHCP for IPv6 November 2018 + + + The following sections describe the use of the relay agent message + header. + +9.1. Relay-forward Message + + The following table defines the use of message fields in a + Relay-forward message. + + msg-type RELAY-FORW (12). A 1-octet field. + + hop-count Number of relay agents that have already + relayed this message. A 1-octet field. + + link-address An address that may be used by the server to + identify the link on which the client is + located. This is typically a globally scoped + unicast address (i.e., GUA or ULA), but see + the discussion in Section 19.1.1. A 16-octet + field. + + peer-address The address of the client or relay agent from + which the message to be relayed was received. + A 16-octet field. + + options MUST include a Relay Message option (see + Section 21.10); MAY include other options, + such as the Interface-Id option (see + Section 21.18), added by the relay agent. A + variable-length field (34 octets less than + the size of the message). + + See Section 13.1 for an explanation of how the link-address field + is used. + +9.2. Relay-reply Message + + The following table defines the use of message fields in a + Relay-reply message. + + msg-type RELAY-REPL (13). A 1-octet field. + + hop-count Copied from the Relay-forward message. + A 1-octet field. + + link-address Copied from the Relay-forward message. + A 16-octet field. + + + + + +Mrugalski, et al. Standards Track [Page 31] + +RFC 8415 DHCP for IPv6 November 2018 + + + peer-address Copied from the Relay-forward message. + A 16-octet field. + + options MUST include a Relay Message option (see + Section 21.10); MAY include other options, + such as the Interface-Id option (see + Section 21.18). A variable-length field + (34 octets less than the size of the + message). + +10. Representation and Use of Domain Names + + So that domain names may be encoded uniformly, a domain name or a + list of domain names is encoded using the technique described in + Section 3.1 of [RFC1035]. A domain name, or list of domain names, in + DHCP MUST NOT be stored in compressed form as described in + Section 4.1.4 of [RFC1035]. + +11. DHCP Unique Identifier (DUID) + + Each DHCP client and server has a DUID. DHCP servers use DUIDs to + identify clients for the selection of configuration parameters and in + the association of IAs with clients. DHCP clients use DUIDs to + identify a server in messages where a server needs to be identified. + See Sections 21.2 and 21.3 for details regarding the representation + of a DUID in a DHCP message. + + Clients and servers MUST treat DUIDs as opaque values and MUST only + compare DUIDs for equality. Clients and servers SHOULD NOT in any + other way interpret DUIDs. Clients and servers MUST NOT restrict + DUIDs to the types defined in this document, as additional DUID types + may be defined in the future. It should be noted that an attempt to + parse a DUID to obtain a client's link-layer address is unreliable, + as there is no guarantee that the client is still using the same + link-layer address as when it generated its DUID. Also, such an + attempt will be more and more unreliable as more clients adopt + privacy measures such as those defined in [RFC7844]. If this + capability is required, it is recommended to rely on the Client + Link-Layer Address option instead [RFC6939]. + + The DUID is carried in an option because it may be variable in length + and because it is not required in all DHCP messages. The DUID is + designed to be unique across all DHCP clients and servers, and stable + for any specific client or server. That is, the DUID used by a + client or server SHOULD NOT change over time if at all possible; for + example, a device's DUID should not change as a result of a change in + the device's network hardware or changes to virtual interfaces (e.g., + + + + +Mrugalski, et al. Standards Track [Page 32] + +RFC 8415 DHCP for IPv6 November 2018 + + + logical PPP (over Ethernet) interfaces that may come and go in + Customer Premises Equipment routers). The client may change its DUID + as specified in [RFC7844]. + + The motivation for having more than one type of DUID is that the DUID + must be globally unique and must also be easy to generate. The sort + of globally unique identifier that is easy to generate for any given + device can differ quite widely. Also, some devices may not contain + any persistent storage. Retaining a generated DUID in such a device + is not possible, so the DUID scheme must accommodate such devices. + +11.1. DUID Contents + + A DUID consists of a 2-octet type code represented in network byte + order, followed by a variable number of octets that make up the + actual identifier. The length of the DUID (not including the type + code) is at least 1 octet and at most 128 octets. The following + types are currently defined: + + +------+------------------------------------------------------+ + | Type | Description | + +------+------------------------------------------------------+ + | 1 | Link-layer address plus time | + | 2 | Vendor-assigned unique ID based on Enterprise Number | + | 3 | Link-layer address | + | 4 | Universally Unique Identifier (UUID) [RFC6355] | + +------+------------------------------------------------------+ + + Table 2: DUID Types + + Formats for the variable field of the DUID for the first three of the + above types are shown below. The fourth type, DUID-UUID [RFC6355], + can be used in situations where there is a UUID stored in a device's + firmware settings. + +11.2. DUID Based on Link-Layer Address Plus Time (DUID-LLT) + + This type of DUID consists of a 2-octet type field containing the + value 1, a 2-octet hardware type code, and 4 octets containing a time + value, followed by the link-layer address of any one network + interface that is connected to the DHCP device at the time that the + DUID is generated. The time value is the time that the DUID is + generated, represented in seconds since midnight (UTC), January 1, + 2000, modulo 2^32. The hardware type MUST be a valid hardware type + assigned by IANA; see [IANA-HARDWARE-TYPES]. Both the time and the + hardware type are stored in network byte order. For Ethernet + hardware types, the link-layer address is stored in canonical form, + as described in [RFC2464]. + + + +Mrugalski, et al. Standards Track [Page 33] + +RFC 8415 DHCP for IPv6 November 2018 + + + The following diagram illustrates the format of a DUID-LLT: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | DUID-Type (1) | hardware type (16 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | time (32 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . link-layer address (variable length) . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 4: DUID-LLT Format + + The choice of network interface can be completely arbitrary, as long + as that interface provides a globally unique link-layer address for + the link type; the same DUID-LLT SHOULD be used in configuring all + network interfaces connected to the device, regardless of which + interface's link-layer address was used to generate the DUID-LLT. + + Clients and servers using this type of DUID MUST store the DUID-LLT + in stable storage and MUST continue to use this DUID-LLT even if the + network interface used to generate the DUID-LLT is removed. Clients + and servers that do not have any stable storage MUST NOT use this + type of DUID. + + Clients and servers that use this DUID SHOULD attempt to configure + the time prior to generating the DUID, if that is possible, and MUST + use some sort of time source (for example, a real-time clock) in + generating the DUID, even if that time source could not be configured + prior to generating the DUID. The use of a time source makes it + unlikely that two identical DUID-LLTs will be generated if the + network interface is removed from the client and another client then + uses the same network interface to generate a DUID-LLT. A collision + between two DUID-LLTs is very unlikely even if the clocks have not + been configured prior to generating the DUID. + + This method of DUID generation is recommended for all general-purpose + computing devices such as desktop computers and laptop computers, and + also for devices such as printers, routers, and so on, that contain + some form of writable non-volatile storage. + + + + + + + + +Mrugalski, et al. Standards Track [Page 34] + +RFC 8415 DHCP for IPv6 November 2018 + + + It is possible that this algorithm for generating a DUID could result + in a client identifier collision. A DHCP client that generates a + DUID-LLT using this mechanism MUST provide an administrative + interface that replaces the existing DUID with a newly generated + DUID-LLT. + +11.3. DUID Assigned by Vendor Based on Enterprise Number (DUID-EN) + + The vendor assigns this form of DUID to the device. This DUID + consists of the 4-octet vendor's registered Private Enterprise Number + as maintained by IANA [IANA-PEN] followed by a unique identifier + assigned by the vendor. The following diagram summarizes the + structure of a DUID-EN: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | DUID-Type (2) | enterprise-number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | enterprise-number (contd) | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + . identifier . + . (variable length) . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 5: DUID-EN Format + + The source of the identifier is left up to the vendor defining it, + but each identifier part of each DUID-EN MUST be unique to the device + that is using it, and MUST be assigned to the device no later than at + the first usage and stored in some form of non-volatile storage. + This typically means being assigned during the manufacturing process + in the case of physical devices or, in the case of virtual machines, + when the image is created or booted for the first time. The + generated DUID SHOULD be recorded in non-erasable storage. The + enterprise-number is the vendor's registered Private Enterprise + Number as maintained by IANA [IANA-PEN]. The enterprise-number is + stored as an unsigned 32-bit number. + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 35] + +RFC 8415 DHCP for IPv6 November 2018 + + + An example DUID of this type might look like this: + + +---+---+---+---+---+---+---+---+ + | 0 | 2 | 0 | 0 | 0 | 9| 12|192| + +---+---+---+---+---+---+---+---+ + |132|211| 3 | 0 | 9 | 18| + +---+---+---+---+---+---+ + + Figure 6: DUID-EN Example + + This example includes the 2-octet type of 2 and the Enterprise Number + (9), followed by 8 octets of identifier data (0x0CC084D303000912). + +11.4. DUID Based on Link-Layer Address (DUID-LL) + + This type of DUID consists of 2 octets containing a DUID type of 3 + and a 2-octet network hardware type code, followed by the link-layer + address of any one network interface that is permanently connected to + the client or server device. For example, a node that has a network + interface implemented in a chip that is unlikely to be removed and + used elsewhere could use a DUID-LL. The hardware type MUST be a + valid hardware type assigned by IANA; see [IANA-HARDWARE-TYPES]. The + hardware type is stored in network byte order. The link-layer + address is stored in canonical form, as described in [RFC2464]. The + following diagram illustrates the format of a DUID-LL: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | DUID-Type (3) | hardware type (16 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . link-layer address (variable length) . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 7: DUID-LL Format + + The choice of network interface can be completely arbitrary, as long + as that interface provides a unique link-layer address and is + permanently attached to the device on which the DUID-LL is being + generated. The same DUID-LL SHOULD be used in configuring all + network interfaces connected to the device, regardless of which + interface's link-layer address was used to generate the DUID. + + + + + + + +Mrugalski, et al. Standards Track [Page 36] + +RFC 8415 DHCP for IPv6 November 2018 + + + A DUID-LL is recommended for devices that have a permanently + connected network interface with a link-layer address and do not have + nonvolatile, writable stable storage. A DUID-LL SHOULD NOT be used + by DHCP clients or servers that cannot tell whether or not a network + interface is permanently attached to the device on which the DHCP + client is running. + +11.5. DUID Based on Universally Unique Identifier (DUID-UUID) + + This type of DUID consists of 16 octets containing a 128-bit UUID. + [RFC6355] details when to use this type and how to pick an + appropriate source of the UUID. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | DUID-Type (4) | UUID (128 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | | + | | + | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- + + Figure 8: DUID-UUID Format + +12. Identity Association + + An Identity Association (IA) is a construct through which a server + and a client can identify, group, and manage a set of related IPv6 + addresses or delegated prefixes. Each IA consists of an IAID and + associated configuration information. + + The IAID uniquely identifies the IA and MUST be chosen to be unique + among the IAIDs for that IA type on the client (e.g., an IA_NA with + an IAID of 0 and an IA_PD with an IAID of 0 are each considered + unique). The IAID is chosen by the client. For any given use of an + IA by the client, the IAID for that IA MUST be consistent across + restarts of the DHCP client. The client may maintain consistency by + either storing the IAID in non-volatile storage or using an algorithm + that will consistently produce the same IAID as long as the + configuration of the client has not changed. There may be no way for + a client to maintain consistency of the IAIDs if it does not have + non-volatile storage and the client's hardware configuration changes. + If the client uses only one IAID, it can use a well-known value, + e.g., zero. + + + + + +Mrugalski, et al. Standards Track [Page 37] + +RFC 8415 DHCP for IPv6 November 2018 + + + If the client wishes to obtain a distinctly new address or prefix and + deprecate the existing one, the client sends a Release message to the + server for the IAs using the original IAID. The client then creates + a new IAID, to be used in future messages to obtain leases for the + new IA. + +12.1. Identity Associations for Address Assignment + + A client must associate at least one distinct IA with each of its + network interfaces for which it is to request the assignment of IPv6 + addresses from a DHCP server. The client uses the IAs assigned to an + interface to obtain configuration information from a server for that + interface. Each such IA must be associated with exactly one + interface. + + The configuration information in an IA_NA option consists of one or + more IPv6 addresses along with the T1 and T2 values for the IA. See + Section 21.4 for details regarding the representation of an IA_NA in + a DHCP message. + + The configuration information in an IA_TA option consists of one or + more IPv6 addresses. See Section 21.5 for details regarding the + representation of an IA_TA in a DHCP message. + + Each address in an IA has a preferred lifetime and a valid lifetime, + as defined in [RFC4862]. The lifetimes are transmitted from the DHCP + server to the client in the IA Address option (see Section 21.6). + The lifetimes apply to the use of addresses; see Section 5.5.4 of + [RFC4862]. + +12.2. Identity Associations for Prefix Delegation + + An IA_PD is different from an IA for address assignment in that it + does not need to be associated with exactly one interface. One IA_PD + can be associated with the client, with a set of interfaces, or with + exactly one interface. A client configured to request delegated + prefixes must create at least one distinct IA_PD. It may associate a + distinct IA_PD with each of its downstream network interfaces and use + that IA_PD to obtain a prefix for that interface from the server. + + The configuration information in an IA_PD option consists of one or + more prefixes along with the T1 and T2 values for the IA_PD. See + Section 21.21 for details regarding the representation of an IA_PD in + a DHCP message. + + + + + + + +Mrugalski, et al. Standards Track [Page 38] + +RFC 8415 DHCP for IPv6 November 2018 + + + Each delegated prefix in an IA has a preferred lifetime and a valid + lifetime, as defined in [RFC4862]. The lifetimes are transmitted + from the DHCP server to the client in the IA Prefix option (see + Section 21.22). The lifetimes apply to the use of delegated + prefixes; see Section 5.5.4 of [RFC4862]. + +13. Assignment to an IA + +13.1. Selecting Addresses for Assignment to an IA_NA + + A server selects addresses to be assigned to an IA_NA according to + the address assignment policies determined by the server + administrator and the specific information the server determines + about the client from some combination of the following sources: + + - The link to which the client is attached. The server determines + the link as follows: + + * If the server receives the message directly from the client and + the source address in the IP datagram in which the message was + received is a link-local address, then the client is on the + same link to which the interface over which the message was + received is attached. + + * If the server receives the message from a forwarding relay + agent, then the client is on the same link as the one to which + the interface, identified by the link-address field in the + message from the relay agent, is attached. According to + [RFC6221], the server MUST ignore any link-address field whose + value is zero. The link-address in this case may come from any + of the Relay-forward messages encapsulated in the received + Relay-forward, and in general the most encapsulated (closest + Relay-forward to the client) has the most useful value. + + * If the server receives the message directly from the client and + the source address in the IP datagram in which the message was + received is not a link-local address, then the client is on the + link identified by the source address in the IP datagram (note + that this situation can occur only if the server has enabled + the use of unicast message delivery by the client and the + client has sent a message for which unicast delivery is + allowed). + + - The DUID supplied by the client. + + + + + + + +Mrugalski, et al. Standards Track [Page 39] + +RFC 8415 DHCP for IPv6 November 2018 + + + - Other information in options supplied by the client, e.g., IA + Address options (see Section 21.6) that include the client's + requests for specific addresses. + + - Other information in options supplied by the relay agent. + + By default, DHCP server implementations SHOULD NOT generate + predictable addresses (see Section 4.7 of [RFC7721]). Server + implementers are encouraged to review [RFC4941], [RFC7824], and + [RFC7707] as to possible considerations for how to generate + addresses. + + A server MUST NOT assign an address that is otherwise reserved for + some other purpose. For example, a server MUST NOT assign addresses + that use a reserved IPv6 Interface Identifier [RFC5453] [RFC7136] + [IANA-RESERVED-IID]. + + See [RFC7969] for a more detailed discussion on how servers determine + a client's location on the network. + +13.2. Assignment of Temporary Addresses + + A client may request the assignment of temporary addresses (see + [RFC4941] for the definition of temporary addresses). DHCP handling + of address assignment is no different for temporary addresses. + + Clients ask for temporary addresses, and servers assign them. + Temporary addresses are carried in the IA_TA option (see + Section 21.5). Each IA_TA option typically contains at least one + temporary address for each of the prefixes on the link to which the + client is attached. + + The lifetime of the assigned temporary address is set in the IA + Address option (see Section 21.6) encapsulated in the IA_TA option. + It is RECOMMENDED to set short lifetimes, typically shorter than + TEMP_VALID_LIFETIME and TEMP_PREFERRED_LIFETIME (see Section 5 of + [RFC4941]). + + A DHCP server implementation MAY generate temporary addresses, + referring to the algorithm defined in Section 3.2.1 of [RFC4941], + with the additional condition that any new address is not the same as + any assigned address. + + The server MAY update the DNS for a temporary address, as described + in Section 4 of [RFC4941]. + + + + + + +Mrugalski, et al. Standards Track [Page 40] + +RFC 8415 DHCP for IPv6 November 2018 + + + On the clients, by default, temporary addresses are preferred in + source address selection, according to Rule 7 in Section 5 of + [RFC6724]. However, this policy can be overridden. + + One of the most important properties of a temporary address is to + make it difficult to link the address to different actions over time. + So, it is NOT RECOMMENDED for a client to renew temporary addresses, + though DHCP provides for such a possibility (see Section 21.5). + +13.3. Assignment of Prefixes for IA_PD + + The mechanism through which the server selects prefix(es) for + delegation is not specified in this document. Examples of ways in + which the server might select prefix(es) for a client include static + assignment based on subscription to an ISP, dynamic assignment from a + pool of available prefixes, and selection based on an external + authority such as a RADIUS server using the Framed-IPv6-Prefix option + as described in [RFC3162]. + +14. Transmission of Messages by a Client + + Unless otherwise specified in this document or in a document that + describes how IPv6 is carried over a specific type of link (for link + types that do not support multicast), a client sends DHCP messages to + the All_DHCP_Relay_Agents_and_Servers multicast address. + + DHCP servers SHOULD NOT check to see whether the Layer 2 address used + was multicast or not, as long as the Layer 3 address was correct. + + A client uses multicast to reach all servers or an individual server. + An individual server is indicated by specifying that server's DUID in + a Server Identifier option (see Section 21.3) in the client's + message. (All servers will receive this message, but only the + indicated server will respond.) All servers are indicated when this + option is not supplied. + + A client may send some messages directly to a server using unicast, + as described in Section 21.12. + +14.1. Rate Limiting + + In order to avoid prolonged message bursts that may be caused by + possible logic loops, a DHCP client MUST limit the rate of DHCP + messages it transmits or retransmits. One example is that a client + obtains an address or delegated prefix but does not like the + response, so it reverts back to the Solicit procedure, discovers the + same (sole) server, requests an address or delegated prefix, and gets + the same address or delegated prefix as before (as the server has + + + +Mrugalski, et al. Standards Track [Page 41] + +RFC 8415 DHCP for IPv6 November 2018 + + + this previously requested lease assigned to this client). This loop + can repeat infinitely if there is not a quit/stop mechanism. + Therefore, a client must not initiate transmissions too frequently. + + A recommended method for implementing the rate-limiting function is a + token bucket (see Appendix A of [RFC3290]), limiting the average rate + of transmission to a certain number in a certain time interval. This + method of bounding burstiness also guarantees that the long-term + transmission rate will not be exceeded. + + A transmission rate limit SHOULD be configurable. A possible default + could be 20 packets in 20 seconds. + + For a device that has multiple interfaces, the limit MUST be enforced + on a per-interface basis. + + Rate limiting of forwarded DHCP messages and server-side messages is + out of scope for this specification. + +14.2. Client Behavior when T1 and/or T2 Are 0 + + In certain cases, T1 and/or T2 values may be set to 0. Currently, + there are three such cases: + + 1. a client received an IA_NA option (see Section 21.4) with a zero + value + + 2. a client received an IA_PD option (see Section 21.21) with a zero + value + + 3. a client received an IA_TA option (see Section 21.5) (which does + not contain T1 and T2 fields and these leases are not generally + renewed) + + This is an indication that the renew and rebind times are left to the + discretion of the client. However, they are not completely + discretionary. + + When T1 and/or T2 values are set to 0, the client MUST choose a time + to avoid packet storms. In particular, it MUST NOT transmit + immediately. If the client received multiple IA options, it SHOULD + pick renew and/or rebind transmission times so all IA options are + handled in one exchange, if possible. The client MUST choose renew + and rebind times to not violate rate-limiting restrictions as defined + in Section 14.1. + + + + + + +Mrugalski, et al. Standards Track [Page 42] + +RFC 8415 DHCP for IPv6 November 2018 + + +15. Reliability of Client-Initiated Message Exchanges + + DHCP clients are responsible for reliable delivery of messages in the + client-initiated message exchanges described in Section 18. If a + DHCP client fails to receive an expected response from a server, the + client must retransmit its message according to the retransmission + strategy described in this section. + + Note that the procedure described in this section is slightly + modified when used with the Solicit message. The modified procedure + is described in Section 18.2.1. + + The client begins the message exchange by transmitting a message to + the server. The message exchange terminates when either (1) the + client successfully receives the appropriate response or responses + from a server or servers or (2) the message exchange is considered to + have failed according to the retransmission mechanism described + below. + + The client MUST update an "elapsed-time" value within an Elapsed Time + option (see Section 21.9) in the retransmitted message. In some + cases, the client may also need to modify values in IA Address + options (see Section 21.6) or IA Prefix options (see Section 21.22) + if a valid lifetime for any of the client's leases expires before + retransmission. Thus, whenever this document refers to a + "retransmission" of a client's message, it refers to both modifying + the original message and sending this new message instance to the + server. + + The client retransmission behavior is controlled and described by the + following variables: + + RT Retransmission timeout + + IRT Initial retransmission time + + MRC Maximum retransmission count + + MRT Maximum retransmission time + + MRD Maximum retransmission duration + + RAND Randomization factor + + Specific values for each of these parameters relevant to the various + messages are given in the subsections of Section 18.2, using values + defined in Table 1 in Section 7.6. The algorithm for RAND is common + across all message transmissions. + + + +Mrugalski, et al. Standards Track [Page 43] + +RFC 8415 DHCP for IPv6 November 2018 + + + With each message transmission or retransmission, the client sets RT + according to the rules given below. If RT expires before the message + exchange terminates, the client recomputes RT and retransmits the + message. + + Each of the computations of a new RT includes a randomization factor + (RAND), which is a random number chosen with a uniform distribution + between -0.1 and +0.1. The randomization factor is included to + minimize synchronization of messages transmitted by DHCP clients. + + The algorithm for choosing a random number does not need to be + cryptographically sound. The algorithm SHOULD produce a different + sequence of random numbers from each invocation of the DHCP client. + + RT for the first message transmission is based on IRT: + + RT = IRT + RAND*IRT + + RT for each subsequent message transmission is based on the previous + value of RT: + + RT = 2*RTprev + RAND*RTprev + + MRT specifies an upper bound on the value of RT (disregarding the + randomization added by the use of RAND). If MRT has a value of 0, + there is no upper limit on the value of RT. Otherwise: + + if (RT > MRT) + RT = MRT + RAND*MRT + + MRC specifies an upper bound on the number of times a client may + retransmit a message. Unless MRC is zero, the message exchange fails + once the client has transmitted the message MRC times. + + MRD specifies an upper bound on the length of time a client may + retransmit a message. Unless MRD is zero, the message exchange fails + once MRD seconds have elapsed since the client first transmitted the + message. + + If both MRC and MRD are non-zero, the message exchange fails whenever + either of the conditions specified in the previous two paragraphs + is met. + + If both MRC and MRD are zero, the client continues to transmit the + message until it receives a response. + + + + + + +Mrugalski, et al. Standards Track [Page 44] + +RFC 8415 DHCP for IPv6 November 2018 + + + A client is not expected to listen for a response during the entire + RT period and may turn off listening capabilities after waiting at + least the shorter of RT and MAX_WAIT_TIME due to power consumption + saving or other reasons. Of course, a client MUST listen for a + Reconfigure if it has negotiated for its use with the server. + +16. Message Validation + + This section describes which options are valid in which kinds of + message types and explains what to do when a client or server + receives a message that contains known options that are invalid for + that message. For example, an IA option is not allowed to appear in + an Information-request message. + + Clients and servers MAY choose to either (1) extract information from + such a message if the information is of use to the recipient or + (2) ignore such a message completely and just discard it. + + If a server receives a message that it considers invalid, it MAY send + a Reply message (or Advertise message, as appropriate) with a Server + Identifier option (see Section 21.3), a Client Identifier option (see + Section 21.2) (if one was included in the message), and a Status Code + option (see Section 21.13) with status UnspecFail. + + Clients, relay agents, and servers MUST NOT discard messages that + contain unknown options (or instances of vendor options with unknown + enterprise-number values). These should be ignored as if they were + not present. This is critical to provide for future extensions of + DHCP. + + A server MUST discard any Solicit, Confirm, Rebind, or + Information-request messages it receives with a Layer 3 unicast + destination address. + + A client or server MUST discard any received DHCP messages with an + unknown message type. + +16.1. Use of Transaction IDs + + The "transaction-id" field holds a value used by clients and servers + to synchronize server responses to client messages. A client SHOULD + generate a random number that cannot easily be guessed or predicted + to use as the transaction ID for each new message it sends. Note + that if a client generates easily predictable transaction + identifiers, it may become more vulnerable to certain kinds of + attacks from off-path intruders. A client MUST leave the transaction + ID unchanged in retransmissions of a message. + + + + +Mrugalski, et al. Standards Track [Page 45] + +RFC 8415 DHCP for IPv6 November 2018 + + +16.2. Solicit Message + + Clients MUST discard any received Solicit messages. + + Servers MUST discard any Solicit messages that do not include a + Client Identifier option or that do include a Server Identifier + option. + +16.3. Advertise Message + + Clients MUST discard any received Advertise message that meets any of + the following conditions: + + - the message does not include a Server Identifier option (see + Section 21.3). + + - the message does not include a Client Identifier option (see + Section 21.2). + + - the contents of the Client Identifier option do not match the + client's DUID. + + - the "transaction-id" field value does not match the value the + client used in its Solicit message. + + Servers and relay agents MUST discard any received Advertise + messages. + +16.4. Request Message + + Clients MUST discard any received Request messages. + + Servers MUST discard any received Request message that meets any of + the following conditions: + + - the message does not include a Server Identifier option (see + Section 21.3). + + - the contents of the Server Identifier option do not match the + server's DUID. + + - the message does not include a Client Identifier option (see + Section 21.2). + + + + + + + + +Mrugalski, et al. Standards Track [Page 46] + +RFC 8415 DHCP for IPv6 November 2018 + + +16.5. Confirm Message + + Clients MUST discard any received Confirm messages. + + Servers MUST discard any received Confirm messages that do not + include a Client Identifier option (see Section 21.2) or that do + include a Server Identifier option (see Section 21.3). + +16.6. Renew Message + + Clients MUST discard any received Renew messages. + + Servers MUST discard any received Renew message that meets any of the + following conditions: + + - the message does not include a Server Identifier option (see + Section 21.3). + + - the contents of the Server Identifier option do not match the + server's identifier. + + - the message does not include a Client Identifier option (see + Section 21.2). + +16.7. Rebind Message + + Clients MUST discard any received Rebind messages. + + Servers MUST discard any received Rebind messages that do not include + a Client Identifier option (see Section 21.2) or that do include a + Server Identifier option (see Section 21.3). + +16.8. Decline Message + + Clients MUST discard any received Decline messages. + + Servers MUST discard any received Decline message that meets any of + the following conditions: + + - the message does not include a Server Identifier option (see + Section 21.3). + + - the contents of the Server Identifier option do not match the + server's identifier. + + - the message does not include a Client Identifier option (see + Section 21.2). + + + + +Mrugalski, et al. Standards Track [Page 47] + +RFC 8415 DHCP for IPv6 November 2018 + + +16.9. Release Message + + Clients MUST discard any received Release messages. + + Servers MUST discard any received Release message that meets any of + the following conditions: + + - the message does not include a Server Identifier option (see + Section 21.3). + + - the contents of the Server Identifier option do not match the + server's identifier. + + - the message does not include a Client Identifier option (see + Section 21.2). + +16.10. Reply Message + + Clients MUST discard any received Reply message that meets any of the + following conditions: + + - the message does not include a Server Identifier option (see + Section 21.3). + + - the "transaction-id" field in the message does not match the value + used in the original message. + + If the client included a Client Identifier option (see Section 21.2) + in the original message, the Reply message MUST include a Client + Identifier option, and the contents of the Client Identifier option + MUST match the DUID of the client. If the client did not include a + Client Identifier option in the original message, the Reply message + MUST NOT include a Client Identifier option. + + Servers and relay agents MUST discard any received Reply messages. + +16.11. Reconfigure Message + + Servers and relay agents MUST discard any received Reconfigure + messages. + + Clients MUST discard any Reconfigure message that meets any of the + following conditions: + + - the message was not unicast to the client. + + - the message does not include a Server Identifier option (see + Section 21.3). + + + +Mrugalski, et al. Standards Track [Page 48] + +RFC 8415 DHCP for IPv6 November 2018 + + + - the message does not include a Client Identifier option (see + Section 21.2) that contains the client's DUID. + + - the message does not include a Reconfigure Message option (see + Section 21.19). + + - the Reconfigure Message option msg-type is not a valid value. + + - the message does not include authentication (such as RKAP; see + Section 20.4) or fails authentication validation. + +16.12. Information-request Message + + Clients MUST discard any received Information-request messages. + + Servers MUST discard any received Information-request message that + meets any of the following conditions: + + - the message includes a Server Identifier option (see + Section 21.3), and the DUID in the option does not match the + server's DUID. + + - the message includes an IA option. + +16.13. Relay-forward Message + + Clients MUST discard any received Relay-forward messages. + +16.14. Relay-reply Message + + Clients and servers MUST discard any received Relay-reply messages. + +17. Client Source Address and Interface Selection + + The client's behavior regarding interface selection is different, + depending on the purpose of the configuration. + +17.1. Source Address and Interface Selection for Address Assignment + + When a client sends a DHCP message to the + All_DHCP_Relay_Agents_and_Servers multicast address, it SHOULD send + the message through the interface for which configuration information + (including the addresses) is being requested. However, the client + MAY send the message through another interface if the interface for + which configuration is being requested is a logical interface without + direct link attachment or the client is certain that two interfaces + are attached to the same link. + + + + +Mrugalski, et al. Standards Track [Page 49] + +RFC 8415 DHCP for IPv6 November 2018 + + + When a client sends a DHCP message directly to a server using unicast + (after receiving the Server Unicast option (see Section 21.12) from + that server), the source address in the header of the IPv6 datagram + MUST be an address assigned to the interface for which the client is + interested in obtaining configuration and that is suitable for use by + the server in responding to the client. + +17.2. Source Address and Interface Selection for Prefix Delegation + + Delegated prefixes are not associated with a particular interface in + the same way as addresses are for address assignment as mentioned in + Section 17.1 above. + + When a client sends a DHCP message for the purpose of prefix + delegation, it SHOULD be sent on the interface associated with the + upstream router (typically, connected to an ISP network); see + [RFC7084]. The upstream interface is typically determined by + configuration. This rule applies even in the case where a separate + IA_PD is used for each downstream interface. + + When a client sends a DHCP message directly to a server using unicast + (after receiving the Server Unicast option (see Section 21.12) from + that server), the source address SHOULD be an address that is from + the upstream interface and that is suitable for use by the server in + responding to the client. + +18. DHCP Configuration Exchanges + + A client initiates a message exchange with a server or servers to + acquire or update configuration information of interest. A client + has many reasons to initiate the configuration exchange. Some of the + more common ones are: + + 1. as part of the operating system configuration/bootstrap process, + + 2. when requested to do so by the application layer (through an + operating-system-specific API), + + 3. when a Router Advertisement indicates that DHCPv6 is available + for address configuration (see Section 4.2 of [RFC4861]), + + 4. as required to extend the lifetime of address(es) and/or + delegated prefix(es), using Renew and Rebind messages, or + + 5. upon the receipt of a Reconfigure message, when requested to do + so by a server. + + + + + +Mrugalski, et al. Standards Track [Page 50] + +RFC 8415 DHCP for IPv6 November 2018 + + + The client is responsible for creating IAs and requesting that a + server assign addresses and/or delegated prefixes to the IAs. The + client first creates the IAs and assigns IAIDs to them. The client + then transmits a Solicit message containing the IA options describing + the IAs. The client MUST NOT be using any of the addresses or + delegated prefixes for which it tries to obtain the bindings by + sending the Solicit message. In particular, if the client had some + valid bindings and has chosen to start the server discovery process + to obtain the same bindings from a different server, the client MUST + stop using the addresses and delegated prefixes for the bindings that + it had obtained from the previous server (see Section 18.2.7 for more + details on what "stop using" means in this context) and that it is + now trying to obtain from a new server. + + A DHCP client that does not need to have a DHCP server assign IP + addresses or delegated prefixes to it can obtain configuration + information such as a list of available DNS servers [RFC3646] or NTP + servers [RFC5908] through a single message and reply exchange with a + DHCP server. To obtain configuration information, the client first + sends an Information-request message (see Section 18.2.6) to the + All_DHCP_Relay_Agents_and_Servers multicast address. Servers respond + with a Reply message containing the configuration information for the + client (see Section 18.3.6). + + To request the assignment of one or more addresses or delegated + prefixes, a client first locates a DHCP server and then requests the + assignment of addresses/prefixes and other configuration information + from the server. The client does this by sending the Solicit message + (see Section 18.2.1) to the All_DHCP_Relay_Agents_and_Servers + multicast address and collecting Advertise messages from the servers + that respond to the client's message; the client then selects a + server from which it wants to obtain configuration information. This + process is referred to as server discovery. When the client has + selected the server, it sends a Request message to that server as + described in Section 18.2.2. + + A client willing to perform the Solicit/Reply message exchange + described in Section 18.2.1 includes a Rapid Commit option (see + Section 21.14) in its Solicit message. + + Servers that can assign addresses or delegated prefixes to the IAs + respond to the client with an Advertise message or Reply message if + the client included a Rapid Commit option and the server is + configured to accept it. + + If the server responds with an Advertise message, the client + initiates a configuration exchange as described in Section 18.2.2. + + + + +Mrugalski, et al. Standards Track [Page 51] + +RFC 8415 DHCP for IPv6 November 2018 + + + A server may initiate a message exchange with a client by sending a + Reconfigure message to cause the client to send a Renew, Rebind, or + Information-request message to refresh its configuration information + as soon as the Reconfigure message is received by the client. + + Figure 9 shows a timeline diagram of the messages exchanged between a + client and two servers for the typical lifecycle of one or more + leases. This starts with the four-message Solicit/Advertise/ + Request/Reply exchange to obtain the lease(s), followed by a + two-message Renew/Reply exchange to extend the lifetime on the + lease(s), and then ends with a two-message Release/Reply exchange to + end the client's use of the lease(s). + + Server Server + (not selected) Client (selected) + + v v v + | | | + | Begins initialization | + | | | + start of | _____________/|\_____________ | + 4-message |/ Solicit | Solicit \| + exchange | | | + Determines | Determines + configuration | configuration + | | | + |\ | ____________/| + | \________ | /Advertise | + | Advertise\ |/ | + | \ | | + | Collects Advertises | + | \ | | + | Selects configuration | + | | | + | _____________/|\_____________ | + |/ Request | Request \| + | | | + | | Commits configuration + | | | + end of | | _____________/| + 4-message | |/ Reply | + exchange | | | + | Initialization complete | + | | | + . . . + . . . + | T1 (renewal) timer expires | + | | | + + + +Mrugalski, et al. Standards Track [Page 52] + +RFC 8415 DHCP for IPv6 November 2018 + + + 2-message | _____________/|\_____________ | + exchange |/ Renew | Renew \| + | | | + | | Commits extended lease(s) + | | | + | | _____________/| + | |/ Reply | + . . . + . . . + | | | + | Graceful shutdown | + | | | + 2-message | _____________/|\_____________ | + exchange |/ Release | Release \| + | | | + | | Discards lease(s) + | | | + | | _____________/| + | |/ Reply | + | | | + v v v + + Figure 9: Timeline Diagram of the Messages Exchanged between a Client + and Two Servers for the Typical Lifecycle of One or More Leases + +18.1. A Single Exchange for Multiple IA Options + + This document assumes that a client SHOULD use a single transaction + for all of the IA options required on an interface; this simplifies + the client implementation and reduces the potential number of + transactions required (for the background on this design choice, + refer to Section 4 of [RFC7550]). To facilitate a client's use of a + single transaction for all IA options, servers MUST return the same + T1/T2 values for all IA options in a Reply (see Sections 18.3.2, + 18.3.4, and 18.3.5) so that the client will generate a single + transaction when renewing or rebinding its leases. However, because + some servers may not yet conform to this requirement, a client MUST + be prepared to select appropriate T1/T2 times as described in + Section 18.2.4. + +18.2. Client Behavior + + A client uses the Solicit message to discover DHCP servers configured + to assign leases or return other configuration parameters on the link + to which the client is attached. + + A client uses Request, Renew, Rebind, Release, and Decline messages + during the normal lifecycle of addresses and delegated prefixes. + + + +Mrugalski, et al. Standards Track [Page 53] + +RFC 8415 DHCP for IPv6 November 2018 + + + When a client detects that it may have moved to a new link, it uses + Confirm if it only has addresses and Rebind if it has delegated + prefixes (and addresses). It uses Information-request messages when + it needs configuration information but no addresses and no prefixes. + + When a client requests multiple IA option types or multiple instances + of the same IA types in a Solicit, Request, Renew, or Rebind, it is + possible that the available server(s) may only be configured to offer + a subset of them. When possible, the client SHOULD use the best + configuration available and continue to request the additional IAs in + subsequent messages. This allows the client to maintain a single + session and state machine. In practice, especially in the case of + handling IA_NA and IA_PD requests [RFC7084], this situation should be + rare or a result of a temporary operational error. Thus, it is more + likely that the client will get all configuration if it continues, in + each subsequent configuration exchange, to request all the + configuration information it is programmed to try to obtain, + including any stateful configuration options for which no results + were returned in previous message exchanges. + + Upon receipt of a Reconfigure message from the server, a client + responds with a Renew, Rebind, or Information-request message as + indicated by the Reconfigure Message option (see Section 21.19). The + client SHOULD be suspicious of the Reconfigure message (they may be + faked), and it MUST NOT abandon any resources it might have already + obtained. The client SHOULD treat the Reconfigure message as if the + T1 timer had expired. The client will expect the server to send IAs + and/or other configuration information to the client in a Reply + message. + + If the client has a source address of sufficient scope that can be + used by the server as a return address and the client has received a + Server Unicast option (see Section 21.12) from the server, the client + SHOULD unicast any Request, Renew, Release, and Decline messages to + the server. + + Use of unicast may avoid delays due to the relaying of messages by + relay agents, as well as avoid overhead on servers due to the + delivery of client messages to multiple servers. However, requiring + the client to relay all DHCP messages through a relay agent enables + the inclusion of relay agent options in all messages sent by the + client. The server should enable the use of unicast only when relay + agent options will not be used. + + + + + + + + +Mrugalski, et al. Standards Track [Page 54] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.1. Creation and Transmission of Solicit Messages + + The client sets the "msg-type" field to SOLICIT. The client + generates a transaction ID and inserts this value in the + "transaction-id" field. + + The client MUST include a Client Identifier option (see Section 21.2) + to identify itself to the server. The client includes IA options for + any IAs to which it wants the server to assign leases. + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + The client uses IA_NA options (see Section 21.4) to request the + assignment of non-temporary addresses, IA_TA options (see + Section 21.5) to request the assignment of temporary addresses, and + IA_PD options (see Section 21.21) to request prefix delegation. + IA_NA, IA_TA, or IA_PD options, or a combination of all, can be + included in DHCP messages. In addition, multiple instances of any IA + option type can be included. + + The client MAY include addresses in IA Address options (see + Section 21.6) encapsulated within IA_NA and IA_TA options as hints to + the server about the addresses for which the client has a preference. + + The client MAY include values in IA Prefix options (see + Section 21.22) encapsulated within IA_PD options as hints for the + delegated prefix and/or prefix length for which the client has a + preference. See Section 18.2.4 for more on prefix-length hints. + + The client MUST include an Option Request option (ORO) (see + Section 21.7) to request the SOL_MAX_RT option (see Section 21.24) + and any other options the client is interested in receiving. The + client MAY additionally include instances of those options that are + identified in the Option Request option, with data values as hints to + the server about parameter values the client would like to have + returned. + + The client includes a Reconfigure Accept option (see Section 21.20) + if the client is willing to accept Reconfigure messages from the + server. + + The client MUST NOT include any other options in the Solicit message, + except as specifically allowed in the definition of individual + options. + + + + + +Mrugalski, et al. Standards Track [Page 55] + +RFC 8415 DHCP for IPv6 November 2018 + + + The first Solicit message from the client on the interface SHOULD be + delayed by a random amount of time between 0 and SOL_MAX_DELAY. This + random delay helps desynchronize clients that start a DHCP session at + the same time, such as after recovery from a power failure or after a + router outage after seeing that DHCP is available in Router + Advertisement messages (see Section 4.2 of [RFC4861]). + + The client transmits the message according to Section 15, using the + following parameters: + + IRT SOL_TIMEOUT + + MRT SOL_MAX_RT + + MRC 0 + + MRD 0 + + A client that wishes to use the Rapid Commit two-message exchange + includes a Rapid Commit option (see Section 21.14) in its Solicit + message. The client may receive a number of different replies from + different servers. The client will make note of any valid Advertise + messages that it receives. The client will discard any Reply + messages that do not contain the Rapid Commit option. + + Upon receipt of a valid Reply with the Rapid Commit option, the + client processes the message as described in Section 18.2.10. + + At the end of the first RT period, if no suitable Reply messages are + received but the client has valid Advertise messages, then the client + processes the Advertise as described in Section 18.2.9. + + If the client subsequently receives a valid Reply message that + includes a Rapid Commit option, it does one of the following: + + - processes the Reply message as described in Section 18.2.10 and + discards any Reply messages received in response to the Request + message + + - processes any Reply messages received in response to the Request + message and discards the Reply message that includes the Rapid + Commit option + + If the client is waiting for an Advertise message, the mechanism + described in Section 15 is modified as follows for use in the + transmission of Solicit messages. The message exchange is not + terminated by the receipt of an Advertise before the first RT has + elapsed. Rather, the client collects valid Advertise messages until + + + +Mrugalski, et al. Standards Track [Page 56] + +RFC 8415 DHCP for IPv6 November 2018 + + + the first RT has elapsed. Also, the first RT MUST be selected to be + strictly greater than IRT by choosing RAND to be strictly greater + than 0. + + A client MUST collect valid Advertise messages for the first + RT seconds, unless it receives a valid Advertise message with a + preference value of 255. The preference value is carried in the + Preference option (see Section 21.8). Any valid Advertise that does + not include a Preference option is considered to have a preference + value of 0. If the client receives a valid Advertise message that + includes a Preference option with a preference value of 255, the + client immediately begins a client-initiated message exchange (as + described in Section 18.2.2) by sending a Request message to the + server from which the Advertise message was received. If the client + receives a valid Advertise message that does not include a Preference + option with a preference value of 255, the client continues to wait + until the first RT elapses. If the first RT elapses and the client + has received a valid Advertise message, the client SHOULD continue + with a client-initiated message exchange by sending a Request + message. + + If the client does not receive any valid Advertise messages before + the first RT has elapsed, it then applies the retransmission + mechanism described in Section 15. The client terminates the + retransmission process as soon as it receives any valid Advertise + message, and the client acts on the received Advertise message + without waiting for any additional Advertise messages. + + A DHCP client SHOULD choose MRC and MRD values of 0. If the DHCP + client is configured with either MRC or MRD set to a value other than + 0, it MUST stop trying to configure the interface if the message + exchange fails. After the DHCP client stops trying to configure the + interface, it SHOULD restart the reconfiguration process after some + external event, such as user input, system restart, or when the + client is attached to a new link. + +18.2.2. Creation and Transmission of Request Messages + + The client uses a Request message to populate IAs with leases and + obtain other configuration information. The client includes one or + more IA options in the Request message. The server then returns + leases and other information about the IAs to the client in IA + options in a Reply message. + + The client sets the "msg-type" field to REQUEST. The client + generates a transaction ID and inserts this value in the + "transaction-id" field. + + + + +Mrugalski, et al. Standards Track [Page 57] + +RFC 8415 DHCP for IPv6 November 2018 + + + The client MUST include the identifier of the destination server in a + Server Identifier option (see Section 21.3). + + The client MUST include a Client Identifier option (see Section 21.2) + to identify itself to the server. The client adds any other + appropriate options, including one or more IA options. + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + The client MUST include an Option Request option (see Section 21.7) + to request the SOL_MAX_RT option (see Section 21.24) and any other + options the client is interested in receiving. The client MAY + additionally include instances of those options that are identified + in the Option Request option, with data values as hints to the server + about parameter values the client would like to have returned. + + The client includes a Reconfigure Accept option (see Section 21.20) + if the client is willing to accept Reconfigure messages from the + server. + + The client transmits the message according to Section 15, using the + following parameters: + + IRT REQ_TIMEOUT + + MRT REQ_MAX_RT + + MRC REQ_MAX_RC + + MRD 0 + + If the message exchange fails, the client takes an action based on + the client's local policy. Examples of actions the client might take + include the following: + + - Select another server from a list of servers known to the client + -- for example, servers that responded with an Advertise message. + + - Initiate the server discovery process described in Section 18. + + - Terminate the configuration process and report failure. + + + + + + + + +Mrugalski, et al. Standards Track [Page 58] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.3. Creation and Transmission of Confirm Messages + + The client uses a Confirm message when it has only addresses (no + delegated prefixes) assigned by a DHCP server to determine if it is + still connected to the same link when the client detects a change in + network information as described in Section 18.2.12. + + The client sets the "msg-type" field to CONFIRM. The client + generates a transaction ID and inserts this value in the + "transaction-id" field. + + The client MUST include a Client Identifier option (see Section 21.2) + to identify itself to the server. + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + The client includes IA options for all of the IAs assigned to the + interface for which the Confirm message is being sent. The IA + options include all of the addresses the client currently has + associated with those IAs. The client SHOULD set the T1 and T2 + fields in any IA_NA options (see Section 21.4) and the + preferred-lifetime and valid-lifetime fields in the IA Address + options (see Section 21.6) to 0, as the server will ignore these + fields. + + The first Confirm message from the client on the interface MUST be + delayed by a random amount of time between 0 and CNF_MAX_DELAY. The + client transmits the message according to Section 15, using the + following parameters: + + IRT CNF_TIMEOUT + + MRT CNF_MAX_RT + + MRC 0 + + MRD CNF_MAX_RD + + If the client receives no responses before the message transmission + process terminates, as described in Section 15, the client SHOULD + continue to use any leases, using the last known lifetimes for those + leases, and SHOULD continue to use any other previously obtained + configuration parameters. + + + + + + +Mrugalski, et al. Standards Track [Page 59] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.4. Creation and Transmission of Renew Messages + + To extend the preferred and valid lifetimes for the leases assigned + to the IAs and obtain new addresses or delegated prefixes for IAs, + the client sends a Renew message to the server from which the leases + were obtained; the Renew message includes IA options for the IAs + whose lease lifetimes are to be extended. The client includes IA + Address options (see Section 21.6) within IA_NA (see Section 21.4) + and IA_TA (see Section 21.5) options for the addresses assigned to + the IAs. The client includes IA Prefix options (see Section 21.22) + within IA_PD options (see Section 21.21) for the delegated prefixes + assigned to the IAs. + + The server controls the time at which the client should contact the + server to extend the lifetimes on assigned leases through the T1 and + T2 values assigned to an IA. However, as the client SHOULD + renew/rebind all IAs from the server at the same time, the client + MUST select T1 and T2 times from all IA options that will guarantee + that the client initiates transmissions of Renew/Rebind messages not + later than at the T1/T2 times associated with any of the client's + bindings (earliest T1/T2). + + At time T1, the client initiates a Renew/Reply message exchange to + extend the lifetimes on any leases in the IA. + + A client MUST also initiate a Renew/Reply message exchange before + time T1 if the client's link-local address used in previous + interactions with the server is no longer valid and it is willing to + receive Reconfigure messages. + + If T1 or T2 had been set to 0 by the server (for an IA_NA or IA_PD) + or there are no T1 or T2 times (for an IA_TA) in a previous Reply, + the client may, at its discretion, send a Renew or Rebind message, + respectively. The client MUST follow the rules defined in + Section 14.2. + + The client sets the "msg-type" field to RENEW. The client generates + a transaction ID and inserts this value in the "transaction-id" + field. + + The client MUST include a Server Identifier option (see Section 21.3) + in the Renew message, identifying the server with which the client + most recently communicated. + + The client MUST include a Client Identifier option (see Section 21.2) + to identify itself to the server. The client adds any appropriate + options, including one or more IA options. + + + + +Mrugalski, et al. Standards Track [Page 60] + +RFC 8415 DHCP for IPv6 November 2018 + + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + For IAs to which leases have been assigned, the client includes a + corresponding IA option containing an IA Address option for each + address assigned to the IA and an IA Prefix option for each prefix + assigned to the IA. The client MUST NOT include addresses and + prefixes in any IA option that the client did not obtain from the + server or that are no longer valid (that have a valid lifetime of 0). + + The client MAY include an IA option for each binding it desires but + has been unable to obtain. In this case, if the client includes the + IA_PD option to request prefix delegation, the client MAY include the + IA Prefix option encapsulated within the IA_PD option, with the + "IPv6-prefix" field set to 0 and the "prefix-length" field set to the + desired length of the prefix to be delegated. The server MAY use + this value as a hint for the prefix length. The client SHOULD NOT + include an IA Prefix option with the "IPv6-prefix" field set to 0 + unless it is supplying a hint for the prefix length. + + The client includes an Option Request option (see Section 21.7) to + request the SOL_MAX_RT option (see Section 21.24) and any other + options the client is interested in receiving. The client MAY + include options with data values as hints to the server about + parameter values the client would like to have returned. + + The client transmits the message according to Section 15, using the + following parameters: + + IRT REN_TIMEOUT + + MRT REN_MAX_RT + + MRC 0 + + MRD Remaining time until earliest T2 + + The message exchange is terminated when the earliest time T2 is + reached. While the client is responding to a Reconfigure, the client + ignores and discards any additional Reconfigure messages it may + receive. + + The message exchange is terminated when the earliest time T2 is + reached, at which point the client begins the Rebind message exchange + (see Section 18.2.5). + + + + + +Mrugalski, et al. Standards Track [Page 61] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.5. Creation and Transmission of Rebind Messages + + At time T2 (which will only be reached if the server to which the + Renew message was sent starting at time T1 has not responded), the + client initiates a Rebind/Reply message exchange with any available + server. + + A Rebind is also used to verify delegated prefix bindings but with + different retransmission parameters as described in Section 18.2.3. + + The client constructs the Rebind message as described in + Section 18.2.4, with the following differences: + + - The client sets the "msg-type" field to REBIND. + + - The client does not include the Server Identifier option (see + Section 21.3) in the Rebind message. + + The client transmits the message according to Section 15, using the + following parameters: + + IRT REB_TIMEOUT + + MRT REB_MAX_RT + + MRC 0 + + MRD Remaining time until valid lifetimes of all leases in all + IAs have expired + + If all leases for an IA have expired, the client may choose to + include this IA in subsequent Rebind messages to indicate that the + client is interested in assignment of the leases to this IA. + + The message exchange is terminated when the valid lifetimes of all + leases across all IAs have expired, at which time the client uses the + Solicit message to locate a new DHCP server and sends a Request for + the expired IAs to the new server. If the terminated Rebind exchange + was initiated as a result of receiving a Reconfigure message, the + client ignores and discards the Reconfigure message. + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 62] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.6. Creation and Transmission of Information-request Messages + + The client uses an Information-request message to obtain + configuration information without having addresses and/or delegated + prefixes assigned to it. + + The client sets the "msg-type" field to INFORMATION-REQUEST. The + client generates a transaction ID and inserts this value in the + "transaction-id" field. + + The client SHOULD include a Client Identifier option (see + Section 21.2) to identify itself to the server (however, see + Section 4.3.1 of [RFC7844] for reasons why a client may not want to + include this option). If the client does not include a Client + Identifier option, the server will not be able to return any + client-specific options to the client, or the server may choose not + to respond to the message at all. + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + The client MUST include an Option Request option (see Section 21.7) + to request the INF_MAX_RT option (see Section 21.25), the Information + Refresh Time option (see Section 21.23), and any other options the + client is interested in receiving. The client MAY include options + with data values as hints to the server about parameter values the + client would like to have returned. + + When responding to a Reconfigure, the client includes a Server + Identifier option (see Section 21.3) with the identifier from the + Reconfigure message to which the client is responding. + + The first Information-request message from the client on the + interface MUST be delayed by a random amount of time between 0 and + INF_MAX_DELAY. The client transmits the message according to + Section 15, using the following parameters: + + IRT INF_TIMEOUT + + MRT INF_MAX_RT + + MRC 0 + + MRD 0 + + + + + + +Mrugalski, et al. Standards Track [Page 63] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.7. Creation and Transmission of Release Messages + + To release one or more leases, a client sends a Release message to + the server. + + The client sets the "msg-type" field to RELEASE. The client + generates a transaction ID and places this value in the + "transaction-id" field. + + The client places the identifier of the server that allocated the + lease(s) in a Server Identifier option (see Section 21.3). + + The client MUST include a Client Identifier option (see Section 21.2) + to identify itself to the server. + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + The client includes options containing the IAs for the leases it is + releasing in the "options" field. The leases to be released MUST be + included in the IAs. Any leases for the IAs the client wishes to + continue to use MUST NOT be added to the IAs. + + The client MUST stop using all of the leases being released before + the client begins the Release message exchange process. For an + address, this means the address MUST have been removed from the + interface. For a delegated prefix, this means the prefix MUST have + been advertised with a Preferred Lifetime and a Valid Lifetime of 0 + in a Router Advertisement message as described in part (e) of + Section 5.5.3 of [RFC4862]; also see requirement L-13 in Section 4.3 + of [RFC7084]. + + The client MUST NOT use any of the addresses it is releasing as the + source address in the Release message or in any subsequently + transmitted message. + + Because Release messages may be lost, the client should retransmit + the Release if no Reply is received. However, there are scenarios + where the client may not wish to wait for the normal retransmission + timeout before giving up (e.g., on power down). Implementations + SHOULD retransmit one or more times but MAY choose to terminate the + retransmission procedure early. + + + + + + + + +Mrugalski, et al. Standards Track [Page 64] + +RFC 8415 DHCP for IPv6 November 2018 + + + The client transmits the message according to Section 15, using the + following parameters: + + IRT REL_TIMEOUT + + MRT 0 + + MRC REL_MAX_RC + + MRD 0 + + If leases are released but the Reply from a DHCP server is lost, the + client will retransmit the Release message, and the server may + respond with a Reply indicating a status of NoBinding. Therefore, + the client does not treat a Reply message with a status of NoBinding + in a Release message exchange as if it indicates an error. + + Note that if the client fails to release the lease, each lease + assigned to the IA will be reclaimed by the server when the valid + lifetime of that lease expires. + +18.2.8. Creation and Transmission of Decline Messages + + If a client detects that one or more addresses assigned to it by a + server are already in use by another node, the client sends a Decline + message to the server to inform it that the address is suspect. + + The Decline message is not used in prefix delegation; thus, the + client MUST NOT include IA_PD options (see Section 21.21) in the + Decline message. + + The client sets the "msg-type" field to DECLINE. The client + generates a transaction ID and places this value in the + "transaction-id" field. + + The client places the identifier of the server that allocated the + address(es) in a Server Identifier option (see Section 21.3). + + The client MUST include a Client Identifier option (see Section 21.2) + to identify itself to the server. + + The client MUST include an Elapsed Time option (see Section 21.9) to + indicate how long the client has been trying to complete the current + DHCP message exchange. + + + + + + + +Mrugalski, et al. Standards Track [Page 65] + +RFC 8415 DHCP for IPv6 November 2018 + + + The client includes options containing the IAs for the addresses it + is declining in the "options" field. The addresses to be declined + MUST be included in the IAs. Any addresses for the IAs the client + wishes to continue to use should not be added to the IAs. + + The client MUST NOT use any of the addresses it is declining as the + source address in the Decline message or in any subsequently + transmitted message. + + The client transmits the message according to Section 15, using the + following parameters: + + IRT DEC_TIMEOUT + + MRT 0 + + MRC DEC_MAX_RC + + MRD 0 + + If addresses are declined but the Reply from a DHCP server is lost, + the client will retransmit the Decline message, and the server may + respond with a Reply indicating a status of NoBinding. Therefore, + the client does not treat a Reply message with a status of NoBinding + in a Decline message exchange as if it indicates an error. + + The client SHOULD NOT send a Release message for other bindings it + may have received just because it sent a Decline message. The client + SHOULD retain the non-conflicting bindings. The client SHOULD treat + the failure to acquire a binding (due to the conflict) as equivalent + to not having received the binding, insofar as how it behaves when + sending Renew and Rebind messages. + + + + + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 66] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.9. Receipt of Advertise Messages + + Upon receipt of one or more valid Advertise messages, the client + selects one or more Advertise messages based upon the following + criteria. + + - Those Advertise messages with the highest server preference value + SHOULD be preferred over all other Advertise messages. The client + MAY choose a less preferred server if that server has a better set + of advertised parameters, such as the available set of IAs, as + well as the set of other configuration options advertised. + + - Within a group of Advertise messages with the same server + preference value, a client MAY select those servers whose + Advertise messages advertise information of interest to the + client. + + Once a client has selected Advertise message(s), the client will + typically store information about each server, such as the server + preference value, addresses advertised, when the advertisement was + received, and so on. + + In practice, this means that the client will maintain independent + per-IA state machines for each selected server. + + If the client needs to select an alternate server in the case that a + chosen server does not respond, the client chooses the next server + according to the criteria given above. + + The client MUST process any SOL_MAX_RT option (see Section 21.24) and + INF_MAX_RT option (see Section 21.25) present in an Advertise + message, even if the message contains a Status Code option (see + Section 21.13) indicating a failure, and the Advertise message will + be discarded by the client. A client SHOULD only update its + SOL_MAX_RT and INF_MAX_RT values if all received Advertise messages + that contained the corresponding option specified the same value; + otherwise, it should use the default value (see Section 7.6). + + The client MUST ignore any Advertise message that contains no + addresses (IA Address options (see Section 21.6) encapsulated in + IA_NA options (see Section 21.4) or IA_TA options (see Section 21.5)) + and no delegated prefixes (IA Prefix options (see Section 21.22) + encapsulated in IA_PD options (see Section 21.21)), with the + exception that the client: + + - MUST process an included SOL_MAX_RT option and + + - MUST process an included INF_MAX_RT option. + + + +Mrugalski, et al. Standards Track [Page 67] + +RFC 8415 DHCP for IPv6 November 2018 + + + A client can record in an activity log or display to the user any + associated status message(s). + + The client ignoring an Advertise message MUST NOT restart the Solicit + retransmission timer. + +18.2.10. Receipt of Reply Messages + + Upon the receipt of a valid Reply message in response to a Solicit + with a Rapid Commit option (see Section 21.14), Request, Confirm, + Renew, Rebind, or Information-request message, the client extracts + the top-level Status Code option (see Section 21.13) if present. + + The client MUST process any SOL_MAX_RT option (see Section 21.24) and + INF_MAX_RT option (see Section 21.25) present in a Reply message, + even if the message contains a Status Code option indicating a + failure. + + If the client receives a Reply message with a status code of + UnspecFail, the server is indicating that it was unable to process + the client's message due to an unspecified failure condition. If the + client retransmits the original message to the same server to retry + the desired operation, the client MUST limit the rate at which it + retransmits the message and limit the duration of the time during + which it retransmits the message (see Section 14.1). + + If the client receives a Reply message with a status code of + UseMulticast, the client records the receipt of the message and sends + subsequent messages to the server through the interface on which the + message was received using multicast. The client resends the + original message using multicast. + + Otherwise (no status code or another status code), the client + processes the Reply as described below based on the original message + for which the Reply was received. + + The client MAY choose to report any status code or message from the + Status Code option in the Reply message. + + When a client received a configuration option in an earlier Reply and + then sends a Renew, Rebind, or Information-request and the requested + option is not present in the Reply, the client SHOULD stop using the + previously received configuration information. In other words, the + client should behave as if it never received this configuration + option and return to the relevant default state. If there is no + viable way to stop using the received configuration information, the + values received/configured from the option MAY persist if there are + no other sources for that data and they have no external impact. For + + + +Mrugalski, et al. Standards Track [Page 68] + +RFC 8415 DHCP for IPv6 November 2018 + + + example, a client that previously received a Client FQDN option (see + [RFC4704]) and used it to set up its hostname is allowed to continue + using it if there is no reasonable way for a node to unset its + hostname and it has no external impact. As a counter-example, a + client that previously received an NTP server address from the DHCP + server and does not receive it anymore MUST stop using the configured + NTP server address. The client SHOULD be open to other sources of + the same configuration information. This behavior does not apply to + any IA options, as their processing is described in detail in the + next section. + + When a client receives a requested option that has an updated value + from what was previously received, the client SHOULD make use of that + updated value as soon as possible for its configuration information. + +18.2.10.1. Reply for Solicit (with Rapid Commit), Request, Renew, or + Rebind + + If the client receives a NotOnLink status from the server in response + to a Solicit (with a Rapid Commit option; see Section 21.14) or a + Request, the client can either reissue the message without specifying + any addresses or restart the DHCP server discovery process (see + Section 18). + + If the Reply was received in response to a Solicit (with a Rapid + Commit option), Request, Renew, or Rebind message, the client updates + the information it has recorded about IAs from the IA options + contained in the Reply message: + + - Calculate T1 and T2 times (based on T1 and T2 values sent in the + packet and the packet reception time), if appropriate for the + IA type. + + - Add any new leases in the IA option to the IA as recorded by the + client. + + - Update lifetimes for any leases in the IA option that the client + already has recorded in the IA. + + - Discard any leases from the IA, as recorded by the client, that + have a valid lifetime of 0 in the IA Address or IA Prefix option. + + - Leave unchanged any information about leases the client has + recorded in the IA but that were not included in the IA from the + server. + + + + + + +Mrugalski, et al. Standards Track [Page 69] + +RFC 8415 DHCP for IPv6 November 2018 + + + If the client can operate with the addresses and/or prefixes obtained + from the server: + + - The client uses the addresses, delegated prefixes, and other + information from any IAs that do not contain a Status Code option + with the NoAddrsAvail or NoPrefixAvail status code. The client + MAY include the IAs for which it received the NoAddrsAvail or + NoPrefixAvail status code, with no addresses or prefixes, in + subsequent Renew and Rebind messages sent to the server, to retry + obtaining the addresses or prefixes for these IAs. + + - The client MUST perform duplicate address detection as per + Section 5.4 of [RFC4862], which does list some exceptions, on each + of the received addresses in any IAs on which it has not performed + duplicate address detection during processing of any of the + previous Reply messages from the server. The client performs the + duplicate address detection before using the received addresses + for any traffic. If any of the addresses are found to be in use + on the link, the client sends a Decline message to the server for + those addresses as described in Section 18.2.8. + + - For each assigned address that does not have any associated + reachability information (see the definition of "on-link" in + Section 2.1 of [RFC4861]), in order to avoid the problems + described in [RFC4943], the client MUST NOT assume that any + addresses are reachable on-link as a result of receiving an IA_NA + or IA_TA. Addresses obtained from an IA_NA or IA_TA MUST NOT be + used to form an implicit prefix with a length other than 128. + + - For each delegated prefix, the client assigns a subnet to each of + the links to which the associated interfaces are attached. + + When a client subnets a delegated prefix, it must assign + additional bits to the prefix to generate unique, longer prefixes. + For example, if the client in Figure 1 were delegated + 2001:db8:0::/48, it might generate 2001:db8:0:1::/64 and + 2001:db8:0:2::/64 for assignment to the two links in the + subscriber network. If the client were delegated 2001:db8:0::/48 + and 2001:db8:5::/48, it might assign 2001:db8:0:1::/64 and + 2001:db8:5:1::/64 to one of the links, and 2001:db8:0:2::/64 and + 2001:db8:5:2::/64 for assignment to the other link. + + If the client uses a delegated prefix to configure addresses on + interfaces on itself or other nodes behind it, the preferred and + valid lifetimes of those addresses MUST be no longer than the + remaining preferred and valid lifetimes, respectively, for the + delegated prefix at any time. In particular, if the delegated + + + + +Mrugalski, et al. Standards Track [Page 70] + +RFC 8415 DHCP for IPv6 November 2018 + + + prefix or a prefix derived from it is advertised for stateless + address autoconfiguration [RFC4862], the advertised preferred and + valid lifetimes MUST NOT exceed the corresponding remaining + lifetimes of the delegated prefix. + + Management of the specific configuration information is detailed in + the definition of each option in Section 21. + + If the Reply message contains any IAs but the client finds no usable + addresses and/or delegated prefixes in any of these IAs, the client + may either try another server (perhaps restarting the DHCP server + discovery process) or use the Information-request message to obtain + other configuration information only. + + When the client receives a Reply message in response to a Renew or + Rebind message, the client: + + - Sends a Request message to the server that responded if any of the + IAs in the Reply message contain the NoBinding status code. The + client places IA options in this message for all IAs. The client + continues to use other bindings for which the server did not + return an error. + + - Sends a Renew/Rebind if any of the IAs are not in the Reply + message, but as this likely indicates that the server that + responded does not support that IA type, sending immediately is + unlikely to produce a different result. Therefore, the client + MUST rate-limit its transmissions (see Section 14.1) and MAY just + wait for the normal retransmission time (as if the Reply message + had not been received). The client continues to use other + bindings for which the server did return information. + + - Otherwise accepts the information in the IA. + + Whenever a client restarts the DHCP server discovery process or + selects an alternate server as described in Section 18.2.9, the + client SHOULD stop using all the addresses and delegated prefixes for + which it has bindings and try to obtain all required leases from the + new server. This facilitates the client using a single state machine + for all bindings. + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 71] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.2.10.2. Reply for Release and Decline + + When the client receives a valid Reply message in response to a + Release message, the client considers the Release event completed, + regardless of the Status Code option (see Section 21.13) returned by + the server. + + When the client receives a valid Reply message in response to a + Decline message, the client considers the Decline event completed, + regardless of the Status Code option(s) returned by the server. + +18.2.10.3. Reply for Confirm + + If the client receives any Reply messages that indicate a status of + Success (explicit or implicit), the client can use the addresses in + the IA and ignore any messages that indicate a NotOnLink status. + When the client only receives one or more Reply messages with the + NotOnLink status in response to a Confirm message, the client + performs DHCP server discovery as described in Section 18. + +18.2.10.4. Reply for Information-request + + Refer to Section 21.23 for details on how the Information Refresh + Time option (whether or not present in the Reply) should be handled + by the client. + +18.2.11. Receipt of Reconfigure Messages + + A client receives Reconfigure messages sent to UDP port 546 on + interfaces for which it has acquired configuration information + through DHCP. These messages may be sent at any time. Since the + results of a reconfiguration event may affect application-layer + programs, the client SHOULD log these events and MAY notify these + programs of the change through an implementation-specific interface. + + Upon receipt of a valid Reconfigure message, the client responds with + a Renew message, a Rebind message, or an Information-request message + as indicated by the Reconfigure Message option (see Section 21.19). + The client ignores the "transaction-id" field in the received + Reconfigure message. While the transaction is in progress, the + client discards any Reconfigure messages it receives. + + The Reconfigure message acts as a trigger that signals the client to + complete a successful message exchange. Once the client has received + a Reconfigure, the client proceeds with the message exchange + (retransmitting the Renew, Rebind, or Information-request message if + necessary); the client MUST ignore any additional Reconfigure + messages until the exchange is complete. + + + +Mrugalski, et al. Standards Track [Page 72] + +RFC 8415 DHCP for IPv6 November 2018 + + + Duplicate messages will be ignored because the client will begin the + exchange after the receipt of the first Reconfigure. Retransmitted + messages will either (1) trigger the exchange (if the first + Reconfigure was not received by the client) or (2) be ignored. The + server MAY discontinue retransmission of Reconfigure messages to the + client once the server receives the Renew, Rebind, or + Information-request message from the client. + + It might be possible for a duplicate or retransmitted Reconfigure to + be sufficiently delayed (and delivered out of order) that it arrives + at the client after the exchange (initiated by the original + Reconfigure) has been completed. In this case, the client would + initiate a redundant exchange. The likelihood of delayed and + out-of-order delivery is small enough to be ignored. The consequence + of the redundant exchange is inefficiency rather than incorrect + operation. + +18.2.12. Refreshing Configuration Information + + Whenever a client may have moved to a new link, the + prefixes/addresses assigned to the interfaces on that link may no + longer be appropriate for the link to which the client is attached. + Examples of times when a client may have moved to a new link include + the following: + + - The client reboots (and has stable storage and persistent DHCP + state). + + - The client is reconnected to a link on which it has obtained + leases. + + - The client returns from sleep mode. + + - The client changes access points (e.g., if using Wi-Fi + technology). + + When the client detects that it may have moved to a new link and it + has obtained addresses and no delegated prefixes from a server, the + client SHOULD initiate a Confirm/Reply message exchange. The client + includes any IAs assigned to the interface that may have moved to a + new link, along with the addresses associated with those IAs, in its + Confirm message. Any responding servers will indicate whether those + addresses are appropriate for the link to which the client is + attached with the status in the Reply message it returns to the + client. + + + + + + +Mrugalski, et al. Standards Track [Page 73] + +RFC 8415 DHCP for IPv6 November 2018 + + + If the client has any valid delegated prefixes obtained from the DHCP + server, the client MUST initiate a Rebind/Reply message exchange as + described in Section 18.2.5, with the exception that the + retransmission parameters should be set as for the Confirm message + (see Section 18.2.3). The client includes IA_NAs, IA_TAs, and + IA_PDs, along with the associated leases, in its Rebind message. + + If the client has only obtained network information using + Information-request/Reply message exchanges, the client MUST initiate + an Information-request/Reply message exchange as described in + Section 18.2.6. + + If not associated with one of the above-mentioned conditions, a + client SHOULD initiate a Renew/Reply exchange (as if the T1 time + expired) as described in Section 18.2.4 or an Information-request/ + Reply exchange as described in Section 18.2.6 if the client detects a + significant change regarding the prefixes available on the link (when + new prefixes are added or existing prefixes are deprecated), as this + may indicate a configuration change. However, a client MUST + rate-limit such attempts to avoid flooding a server with requests + when there are link issues (for example, only doing one of these at + most every 30 seconds). + +18.3. Server Behavior + + For this discussion, the server is assumed to have been configured in + an implementation-specific manner with configurations of interest to + clients. + + A server sends an Advertise message in response to each valid Solicit + message it receives to announce the availability of the server to the + client. + + In most cases, the server will send a Reply in response to Request, + Confirm, Renew, Rebind, Decline, Release, and Information-request + messages sent by a client. The server will also send a Reply in + response to a Solicit with a Rapid Commit option (see Section 21.14) + when the server is configured to respond with committed lease + assignments. + + These Advertise and Reply messages MUST always contain the Server + Identifier option (see Section 21.3) containing the server's DUID and + the Client Identifier option (see Section 21.2) from the client + message if one was present. + + In most response messages, the server includes options containing + configuration information for the client. The server must be aware + of the recommendations on packet sizes and the use of fragmentation + + + +Mrugalski, et al. Standards Track [Page 74] + +RFC 8415 DHCP for IPv6 November 2018 + + + as discussed in Section 5 of [RFC8200]. If the client included an + Option Request option (see Section 21.7) in its message, the server + includes options in the response message containing configuration + parameters for all of the options identified in the Option Request + option that the server has been configured to return to the client. + The server MAY return additional options to the client if it has been + configured to do so. + + Any message sent from a client may arrive at the server encapsulated + in one or more Relay-forward messages. The server MUST use the + received message to construct the proper Relay-reply message to allow + the response to the received message to be relayed through the same + relay agents (in reverse order) as the original client message; see + Section 19.3 for more details. The server may also need to record + this information with each client in case it is needed to send a + Reconfigure message at a later time, unless the server has been + configured with addresses that can be used to send Reconfigure + messages directly to the client (see Section 18.3.11). Note that + servers that support leasequery [RFC5007] also need to record this + information. + + By sending Reconfigure messages, the server MAY initiate a + configuration exchange to cause DHCP clients to obtain new addresses, + prefixes, and other configuration information. For example, an + administrator may use a server-initiated configuration exchange when + links in the DHCP domain are to be renumbered or when other + configuration options are updated, perhaps because servers are moved, + added, or removed. + + When a client receives a Reconfigure message from the server, the + client initiates sending a Renew, Rebind, or Information-request + message as indicated by msg-type in the Reconfigure Message option + (see Section 21.19). The server sends IAs and/or other configuration + information to the client in a Reply message. The server MAY include + options containing the IAs and new values for other configuration + parameters in the Reply message, even if those IAs and parameters + were not requested in the client's message. + +18.3.1. Receipt of Solicit Messages + + See Section 18.4 for details regarding the handling of Solicit + messages received via unicast. Unicast transmission of Solicit + messages is not allowed, regardless of whether the Server Unicast + option (see Section 21.12) is configured or not. + + The server determines the information about the client and its + location as described in Section 13 and checks its administrative + policy about responding to the client. If the server is not + + + +Mrugalski, et al. Standards Track [Page 75] + +RFC 8415 DHCP for IPv6 November 2018 + + + permitted to respond to the client, the server discards the Solicit + message. For example, if the administrative policy for the server is + that it may only respond to a client that is willing to accept a + Reconfigure message, if the client does not include a Reconfigure + Accept option (see Section 21.20) in the Solicit message, the server + discards the Solicit message. + + If (1) the server is permitted to respond to the client, (2) the + client has not included a Rapid Commit option (see Section 21.14) in + the Solicit message, or (3) the server has not been configured to + respond with committed assignments of leases and other resources, the + server sends an Advertise message to the client as described in + Section 18.3.9. + + If the client has included a Rapid Commit option in the Solicit + message and the server has been configured to respond with committed + assignments of leases and other resources, the server responds to the + Solicit with a Reply message. The server produces the Reply message + as though it had received a Request message as described in + Section 18.3.2. The server transmits the Reply message as described + in Section 18.3.10. The server MUST commit the assignment of any + addresses and delegated prefixes or other configuration information + before sending a Reply message to a client. In this case, the server + includes a Rapid Commit option in the Reply message to indicate that + the Reply is in response to a Solicit message. + + DISCUSSION: + + When using the Solicit/Reply message exchange, the server commits + the assignment of any leases before sending the Reply message. + The client can assume that it has been assigned the leases in the + Reply message and does not need to send a Request message for + those leases. + + Typically, servers that are configured to use the Solicit/Reply + message exchange will be deployed so that only one server will + respond to a Solicit message. If more than one server responds, + the client will only use the leases from one of the servers, while + the leases from the other servers will be committed to the client + but not used by the client. + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 76] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.3.2. Receipt of Request Messages + + See Section 18.4 for details regarding the handling of Request + messages received via unicast. + + When the server receives a valid Request message, the server creates + the bindings for that client according to the server's policy and + configuration information and records the IAs and other information + requested by the client. + + The server constructs a Reply message by setting the "msg-type" field + to REPLY and copying the transaction ID from the Request message into + the "transaction-id" field. + + The server MUST include in the Reply message a Server Identifier + option (see Section 21.3) containing the server's DUID and the Client + Identifier option (see Section 21.2) from the Request message. + + The server examines all IAs in the message from the client. + + For each IA_NA option (see Section 21.4) and IA_TA option (see + Section 21.5) in the Request message, the server checks if the + prefixes of included addresses are appropriate for the link to which + the client is connected. If any of the prefixes of the included + addresses are not appropriate for the link to which the client is + connected, the server MUST return the IA to the client with a Status + Code option (see Section 21.13) with the value NotOnLink. If the + server does not send the NotOnLink status code but it cannot assign + any IP addresses to an IA, the server MUST return the IA option in + the Reply message with no addresses in the IA and a Status Code + option containing status code NoAddrsAvail in the IA. + + For any IA_PD option (see Section 21.21) in the Request message to + which the server cannot assign any delegated prefixes, the server + MUST return the IA_PD option in the Reply message with no prefixes in + the IA_PD and with a Status Code option containing status code + NoPrefixAvail in the IA_PD. + + The server MAY assign different addresses and/or delegated prefixes + to an IA than those included within the IA of the client's Request + message. + + For all IAs to which the server can assign addresses or delegated + prefixes, the server includes the IAs with addresses (for IA_NAs and + IA_TAs), prefixes (for IA_PDs), and other configuration parameters + and records the IA as a new client binding. The server MUST NOT + include any addresses or delegated prefixes in the IA that the server + does not assign to the client. + + + +Mrugalski, et al. Standards Track [Page 77] + +RFC 8415 DHCP for IPv6 November 2018 + + + The T1/T2 times set in each applicable IA option for a Reply MUST be + the same values across all IAs. The server MUST determine the T1/T2 + times across all of the applicable client's bindings in the Reply. + This facilitates the client being able to renew all of the bindings + at the same time. + + The server SHOULD include a Reconfigure Accept option (see + Section 21.20) if the server policy enables the reconfigure mechanism + and the client supports it. Currently, sending this option in a + Reply is technically redundant, as the use of the reconfiguration + mechanism requires authentication; at present, the only defined + mechanism is RKAP (see Section 20.4), and the presence of the + reconfigure key signals support for the acceptance of Reconfigure + messages. However, there may be better security mechanisms defined + in the future that would cause RKAP to not be used anymore. + + The server includes other options containing configuration + information to be returned to the client as described in + Section 18.3. + + If the server finds that the client has included an IA in the Request + message for which the server already has a binding that associates + the IA with the client, the server sends a Reply message with + existing bindings, possibly with updated lifetimes. The server may + update the bindings according to its local policies, but the server + SHOULD generate the response again and not simply retransmit + previously sent information, even if the "transaction-id" field value + matches a previous transmission. The server MUST NOT cache its + responses. + + DISCUSSION: + + Cached replies are bad because lifetimes need to be updated + (either decrease the timers by the amount of time elapsed since + the original transmission or keep the lifetime values and update + the lease information in the server's database). Also, if the + message uses any security protection (such as the Replay Detection + Method (RDM), as described in Section 20.3), its value must be + updated. Additionally, any digests must be updated. Given all of + the above, caching replies is far more complex than simply sending + the same buffer as before, and it is easy to miss some of those + steps. + + + + + + + + + +Mrugalski, et al. Standards Track [Page 78] + +RFC 8415 DHCP for IPv6 November 2018 + + +18.3.3. Receipt of Confirm Messages + + See Section 18.4 for details regarding the handling of Confirm + messages received via unicast. Unicast transmission of Confirm + messages is not allowed, regardless of whether the Server Unicast + option (see Section 21.12) is configured or not. + + When the server receives a Confirm message, the server determines + whether the addresses in the Confirm message are appropriate for the + link to which the client is attached. If all of the addresses in the + Confirm message pass this test, the server returns a status of + Success. If any of the addresses do not pass this test, the server + returns a status of NotOnLink. If the server is unable to perform + this test (for example, the server does not have information about + prefixes on the link to which the client is connected) or there were + no addresses in any of the IAs sent by the client, the server + MUST NOT send a Reply to the client. + + The server ignores the T1 and T2 fields in the IA options and the + preferred-lifetime and valid-lifetime fields in the IA Address + options (see Section 21.6). + + The server constructs a Reply message by setting the "msg-type" field + to REPLY and copying the transaction ID from the Confirm message into + the "transaction-id" field. + + The server MUST include in the Reply message a Server Identifier + option (see Section 21.3) containing the server's DUID and the Client + Identifier option (see Section 21.2) from the Confirm message. The + server includes a Status Code option (see Section 21.13) indicating + the status of the Confirm message. + +18.3.4. Receipt of Renew Messages + + See Section 18.4 for details regarding the handling of Renew messages + received via unicast. + + For each IA in the Renew message from a client, the server locates + the client's binding and verifies that the information in the IA from + the client matches the information stored for that client. + + If the server finds the client entry for the IA, the server sends the + IA back to the client with new lifetimes and, if applicable, T1/T2 + times. If the server is unable to extend the lifetimes of an address + or delegated prefix in the IA, the server MAY choose not to include + the IA Address option (see Section 21.6) for that address or IA + Prefix option (see Section 21.22) for that delegated prefix. If the + server chooses to include the IA Address or IA Prefix option for such + + + +Mrugalski, et al. Standards Track [Page 79] + +RFC 8415 DHCP for IPv6 November 2018 + + + an address or delegated prefix, the server SHOULD set T1 and T2 + values to the valid lifetime for the IA option unless the server also + includes other addresses or delegated prefixes that the server is + able to extend for the IA. Setting T1 and T2 to values equal to the + valid lifetime informs the client that the leases associated with + said IA will not be extended, so there is no point in trying. Also, + it avoids generating unnecessary traffic as the remaining lifetime + approaches 0. + + The server may choose to change the list of addresses or delegated + prefixes and the lifetimes in IAs that are returned to the client. + + If the server finds that any of the addresses in the IA are not + appropriate for the link to which the client is attached, the server + returns the address to the client with lifetimes of 0. + + If the server finds that any of the delegated prefixes in the IA are + not appropriate for the link to which the client is attached, the + server returns the delegated prefix to the client with lifetimes + of 0. + + For each IA for which the server cannot find a client entry, the + server has the following choices, depending on the server's policy + and configuration information: + + - If the server is configured to create new bindings as a result of + processing Renew messages, the server SHOULD create a binding and + return the IA with assigned addresses or delegated prefixes with + lifetimes and, if applicable, T1/T2 times and other information + requested by the client. If the client included the IA Prefix + option within the IA_PD option (see Section 21.21) with a zero + value in the "IPv6-prefix" field and a non-zero value in the + "prefix-length" field, the server MAY use the "prefix-length" + value as a hint for the length of the prefixes to be assigned (see + [RFC8168] for further details on prefix-length hints). + + - If the server is configured to create new bindings as a result of + processing Renew messages but the server will not assign any + leases to an IA, the server returns the IA option containing a + Status Code option (see Section 21.13) with the NoAddrsAvail or + NoPrefixAvail status code and a status message for a user. + + - If the server does not support creation of new bindings for the + client sending a Renew message or if this behavior is disabled + according to the server's policy or configuration information, the + server returns the IA option containing a Status Code option with + the NoBinding status code and a status message for a user. + + + + +Mrugalski, et al. Standards Track [Page 80] + +RFC 8415 DHCP for IPv6 November 2018 + + + The server constructs a Reply message by setting the "msg-type" field + to REPLY and copying the transaction ID from the Renew message into + the "transaction-id" field. + + The server MUST include in the Reply message a Server Identifier + option (see Section 21.3) containing the server's DUID and the Client + Identifier option (see Section 21.2) from the Renew message. + + The server includes other options containing configuration + information to be returned to the client as described in + Section 18.3. + + The server MAY include options containing the IAs and values for + other configuration parameters, even if those parameters were not + requested in the Renew message. + + The T1/T2 values set in each applicable IA option for a Reply MUST be + the same across all IAs. The server MUST determine the T1/T2 values + across all of the applicable client's bindings in the Reply. This + facilitates the client being able to renew all of the bindings at the + same time. + +18.3.5. Receipt of Rebind Messages + + See Section 18.4 for details regarding the handling of Rebind + messages received via unicast. Unicast transmission of Rebind + messages is not allowed, regardless of whether the Server Unicast + option (see Section 21.12) is configured or not. + + When the server receives a Rebind message that contains an IA option + from a client, it locates the client's binding and verifies that the + information in the IA from the client matches the information stored + for that client. + + If the server finds the client entry for the IA and the server + determines that the addresses or delegated prefixes in the IA are + appropriate for the link to which the client's interface is attached + according to the server's explicit configuration information, the + server SHOULD send the IA back to the client with new lifetimes and, + if applicable, T1/T2 values. If the server is unable to extend the + lifetimes of an address in the IA, the server MAY choose not to + include the IA Address option (see Section 21.6) for this address. + If the server is unable to extend the lifetimes of a delegated prefix + in the IA, the server MAY choose not to include the IA Prefix option + (see Section 21.22) for this prefix. + + + + + + +Mrugalski, et al. Standards Track [Page 81] + +RFC 8415 DHCP for IPv6 November 2018 + + + If the server finds that the client entry for the IA and any of the + addresses or delegated prefixes are no longer appropriate for the + link to which the client's interface is attached according to the + server's explicit configuration information, the server returns those + addresses or delegated prefixes to the client with lifetimes of 0. + + If the server cannot find a client entry for the IA, the server + checks if the IA contains addresses (for IA_NAs and IA_TAs) or + delegated prefixes (for IA_PDs). The server checks if the addresses + and delegated prefixes are appropriate for the link to which the + client's interface is attached according to the server's explicit + configuration information. For any address that is not appropriate + for the link to which the client's interface is attached, the server + MAY include the IA Address option with lifetimes of 0. For any + delegated prefix that is not appropriate for the link to which the + client's interface is attached, the server MAY include the IA Prefix + option with lifetimes of 0. The Reply with lifetimes of 0 + constitutes an explicit notification to the client that the specific + addresses and delegated prefixes are no longer valid and MUST NOT be + used by the client. If the server chooses to not include any IAs + containing IA Address or IA Prefix options with lifetimes of 0 and + the server does not include any other IAs with leases and/or status + codes, the server does not send a Reply message. In this situation, + the server discards the Rebind message. + + Otherwise, for each IA for which the server cannot find a client + entry, the server has the following choices, depending on the + server's policy and configuration information: + + - If the server is configured to create new bindings as a result of + processing Rebind messages (also see the note below about the + Rapid Commit option (Section 21.14)), the server SHOULD create a + binding and return the IA with allocated leases with lifetimes + and, if applicable, T1/T2 values and other information requested + by the client. The server MUST NOT return any addresses or + delegated prefixes in the IA that the server does not assign to + the client. + + - If the server is configured to create new bindings as a result of + processing Rebind messages but the server will not assign any + leases to an IA, the server returns the IA option containing a + Status Code option (see Section 21.13) with the NoAddrsAvail or + NoPrefixAvail status code and a status message for a user. + + + + + + + + +Mrugalski, et al. Standards Track [Page 82] + +RFC 8415 DHCP for IPv6 November 2018 + + + - If the server does not support creation of new bindings for the + client sending a Rebind message or if this behavior is disabled + according to the server's policy or configuration information, the + server returns the IA option containing a Status Code option with + the NoBinding status code and a status message for a user. + + When the server creates new bindings for the IA, it is possible that + other servers also create bindings as a result of receiving the same + Rebind message; see the "DISCUSSION" text in Section 21.14. + Therefore, the server SHOULD only create new bindings during + processing of a Rebind message if the server is configured to respond + with a Reply message to a Solicit message containing the Rapid Commit + option. + + The server constructs a Reply message by setting the "msg-type" field + to REPLY and copying the transaction ID from the Rebind message into + the "transaction-id" field. + + The server MUST include in the Reply message a Server Identifier + option (see Section 21.3) containing the server's DUID and the Client + Identifier option (see Section 21.2) from the Rebind message. + + The server includes other options containing configuration + information to be returned to the client as described in + Section 18.3. + + The server MAY include options containing the IAs and values for + other configuration parameters, even if those IAs and parameters were + not requested in the Rebind message. + + The T1 or T2 values set in each applicable IA option for a Reply MUST + be the same values across all IAs. The server MUST determine the T1 + or T2 values across all of the applicable client's bindings in the + Reply. This facilitates the client being able to renew all of the + bindings at the same time. + +18.3.6. Receipt of Information-request Messages + + See Section 18.4 for details regarding the handling of + Information-request messages received via unicast. + + When the server receives an Information-request message, the client + is requesting configuration information that does not include the + assignment of any leases. The server determines all configuration + parameters appropriate to the client, based on the server + configuration policies known to the server. + + + + + +Mrugalski, et al. Standards Track [Page 83] + +RFC 8415 DHCP for IPv6 November 2018 + + + The server constructs a Reply message by setting the "msg-type" field + to REPLY and copying the transaction ID from the Information-request + message into the "transaction-id" field. + + The server MUST include a Server Identifier option (see Section 21.3) + containing the server's DUID in the Reply message. If the client + included a Client Identifier option (see Section 21.2) in the + Information-request message, the server copies that option to the + Reply message. + + The server includes options containing configuration information to + be returned to the client as described in Section 18.3. The server + MAY include additional options that were not requested by the client + in the Information-request message. + + If the Information-request message received from the client did not + include a Client Identifier option, the server SHOULD respond with a + Reply message containing any configuration parameters that are not + determined by the client's identity. If the server chooses not to + respond, the client may continue to retransmit the + Information-request message indefinitely. + +18.3.7. Receipt of Release Messages + + See Section 18.4 for details regarding the handling of Release + messages received via unicast. + + The server constructs a Reply message by setting the "msg-type" field + to REPLY and copying the transaction ID from the Release message into + the "transaction-id" field. + + Upon the receipt of a valid Release message, the server examines the + IAs and the leases in the IAs for validity. If the IAs in the + message are in a binding for the client and the leases in the IAs + have been assigned by the server to those IAs, the server deletes the + leases from the IAs and makes the leases available for assignment to + other clients. The server ignores leases not assigned to the IAs, + although it may choose to log an error. + + After all the leases have been processed, the server generates a + Reply message and includes a Status Code option (see Section 21.13) + with the value Success, a Server Identifier option (see Section 21.3) + with the server's DUID, and a Client Identifier option (see + Section 21.2) with the client's DUID. For each IA in the Release + message for which the server has no binding information, the server + adds an IA option using the IAID from the Release message and + includes a Status Code option with the value NoBinding in the IA + option. No other options are included in the IA option. + + + +Mrugalski, et al. Standards Track [Page 84] + +RFC 8415 DHCP for IPv6 November 2018 + + + A server may choose to retain a record of assigned leases and IAs + after the lifetimes on the leases have expired to allow the server to + reassign the previously assigned leases to a client. + +18.3.8. Receipt of Decline Messages + + See Section 18.4 for details regarding the handling of Decline + messages received via unicast. + + Upon the receipt of a valid Decline message, the server examines the + IAs and the addresses in the IAs for validity. If the IAs in the + message are in a binding for the client and the addresses in the IAs + have been assigned by the server to those IAs, the server deletes the + addresses from the IAs. The server ignores addresses not assigned to + the IAs (though it may choose to log an error if it finds such + addresses). + + The client has found any addresses in the Decline messages to be + already in use on its link. Therefore, the server SHOULD mark the + addresses declined by the client so that those addresses are not + assigned to other clients and MAY choose to make a notification that + addresses were declined. Local policy on the server determines when + the addresses identified in a Decline message may be made available + for assignment. + + After all the addresses have been processed, the server generates a + Reply message by setting the "msg-type" field to REPLY and copying + the transaction ID from the Decline message into the "transaction-id" + field. The client includes a Status Code option (see Section 21.13) + with the value Success, a Server Identifier option (see Section 21.3) + with the server's DUID, and a Client Identifier option (see + Section 21.2) with the client's DUID. For each IA in the Decline + message for which the server has no binding information, the server + adds an IA option using the IAID from the Decline message and + includes a Status Code option with the value NoBinding in the IA + option. No other options are included in the IA option. + +18.3.9. Creation of Advertise Messages + + The server sets the "msg-type" field to ADVERTISE and copies the + contents of the "transaction-id" field from the Solicit message + received from the client to the Advertise message. The server + includes its server identifier in a Server Identifier option (see + Section 21.3) and copies the Client Identifier option (see + Section 21.2) from the Solicit message into the Advertise message. + + + + + + +Mrugalski, et al. Standards Track [Page 85] + +RFC 8415 DHCP for IPv6 November 2018 + + + The server MAY add a Preference option (see Section 21.8) to carry + the preference value for the Advertise message. The server + implementation SHOULD allow the setting of a server preference value + by the administrator. The server preference value MUST default to 0 + unless otherwise configured by the server administrator. + + The server includes a Reconfigure Accept option (see Section 21.20) + if the server wants to indicate that it supports the Reconfigure + mechanism. This information may be used by the client during the + server selection process. + + The server includes the options the server will return to the client + in a subsequent Reply message. The information in these options may + be used by the client in the selection of a server if the client + receives more than one Advertise message. The server MUST include + options in the Advertise message containing configuration parameters + for all of the options identified in the Option Request option (see + Section 21.7) in the Solicit message that the server has been + configured to return to the client. If the Option Request option + includes a container option, the server MUST include all the options + that are eligible to be encapsulated in the container. The Option + Request option MAY be used to signal support for a feature even when + that option is encapsulated, as in the case of the Prefix Exclude + option [RFC6603]. In this case, special processing is required by + the server. The server MAY return additional options to the client + if it has been configured to do so. + + The server MUST include IA options in the Advertise message + containing any addresses and/or delegated prefixes that would be + assigned to IAs contained in the Solicit message from the client. If + the client has included addresses in the IA Address options (see + Section 21.6) in the Solicit message, the server MAY use those + addresses as hints about the addresses that the client would like to + receive. If the client has included IA Prefix options (see + Section 21.22), the server MAY use the prefix contained in the + "IPv6-prefix" field and/or the prefix length contained in the + "prefix-length" field as hints about the prefixes the client would + like to receive. If the server is not going to assign an address or + delegated prefix received as a hint in the Solicit message, the + server MUST NOT include this address or delegated prefix in the + Advertise message. + + If the server will not assign any addresses to an IA_NA or IA_TA in + subsequent Request messages from the client, the server MUST include + the IA option in the Advertise message with no addresses in that IA + and a Status Code option (see Section 21.13) encapsulated in the IA + option containing status code NoAddrsAvail. + + + + +Mrugalski, et al. Standards Track [Page 86] + +RFC 8415 DHCP for IPv6 November 2018 + + + If the server will not assign any prefixes to an IA_PD in subsequent + Request messages from the client, the server MUST include the IA_PD + option (see Section 21.21) in the Advertise message with no prefixes + in the IA_PD option and a Status Code option encapsulated in the + IA_PD containing status code NoPrefixAvail. + + Transmission of Advertise messages is described in the next section. + +18.3.10. Transmission of Advertise and Reply Messages + + If the original message was received directly by the server, the + server unicasts the Advertise or Reply message directly to the client + using the address in the source address field from the IP datagram in + which the original message was received. The Advertise or Reply + message MUST be unicast through the interface on which the original + message was received. + + If the original message was received in a Relay-forward message, the + server constructs a Relay-reply message with the Reply message in the + payload of a Relay Message option (see Section 21.10). If the + Relay-forward messages included an Interface-Id option (see + Section 21.18), the server copies that option to the Relay-reply + message. The server unicasts the Relay-reply message directly to the + relay agent using the address in the source address field from the IP + datagram in which the Relay-forward message was received. See + Section 19.3 for more details on the construction of Relay-reply + messages. + +18.3.11. Creation and Transmission of Reconfigure Messages + + The server sets the "msg-type" field to RECONFIGURE and sets the + "transaction-id" field to 0. The server includes a Server Identifier + option (see Section 21.3) containing its DUID and a Client Identifier + option (see Section 21.2) containing the client's DUID in the + Reconfigure message. + + Because of the risk of denial-of-service (DoS) attacks against DHCP + clients, the use of a security mechanism is mandated in Reconfigure + messages. The server MUST use DHCP authentication in the Reconfigure + message (see Section 20.4). + + The server MUST include a Reconfigure Message option (see + Section 21.19) to select whether the client responds with a Renew + message, a Rebind message, or an Information-request message. + + The server MUST NOT include any other options in the Reconfigure + message, except as specifically allowed in the definition of + individual options. + + + +Mrugalski, et al. Standards Track [Page 87] + +RFC 8415 DHCP for IPv6 November 2018 + + + A server sends each Reconfigure message to a single DHCP client, + using an IPv6 unicast address of sufficient scope belonging to the + DHCP client. If the server does not have an address to which it can + send the Reconfigure message directly to the client, the server uses + a Relay-reply message (as described in Section 19.3) to send the + Reconfigure message to a relay agent that will relay the message to + the client. The server may obtain the address of the client (and the + appropriate relay agent, if required) through the information the + server has about clients that have been in contact with the server + (see Section 18.3) or through some external agent. + + To reconfigure more than one client, the server unicasts a separate + message to each client. The server may initiate the reconfiguration + of multiple clients concurrently; for example, a server may send a + Reconfigure message to additional clients while previous + reconfiguration message exchanges are still in progress. + + The Reconfigure message causes the client to initiate a Renew/Reply, + Rebind/Reply, or Information-request/Reply message exchange with the + server. The server interprets the receipt of a Renew, Rebind, or + Information-request message (whichever was specified in the original + Reconfigure message) from the client as satisfying the Reconfigure + message request. + + When transmitting the Reconfigure message, the server sets the + retransmission time (RT) to REC_TIMEOUT. If the server does not + receive a Renew, Rebind, or Information-request message from the + client before the RT elapses, the server retransmits the Reconfigure + message, doubles the RT value, and waits again. The server continues + this process until REC_MAX_RC unsuccessful attempts have been made, + at which point the server SHOULD abort the reconfigure process for + that client. + + Default and initial values for REC_TIMEOUT and REC_MAX_RC are + documented in Section 7.6. + +18.4. Reception of Unicast Messages + + Unless otherwise stated in the subsections of Section 18.3 that + discuss the receipt of specific messages, the server is not supposed + to accept unicast traffic when it is not explicitly configured to do + so. For example, unicast transmission is not allowed for Solicit, + Confirm, and Rebind messages (see Sections 18.3.1, 18.3.3, and + 18.3.5, respectively), even if the Server Unicast option (see + Section 21.12) is configured. For Request, Renew, + Information-request, Release, and Decline messages, it is allowed + only if the Server Unicast option is configured. + + + + +Mrugalski, et al. Standards Track [Page 88] + +RFC 8415 DHCP for IPv6 November 2018 + + + When the server receives a message via unicast from a client to which + the server has not sent a Server Unicast option (or is not currently + configured to do so), the server discards that message and responds + with an Advertise (when responding to a Solicit message) or Reply + message (when responding to any other messages) containing a Status + Code option (see Section 21.13) with the value UseMulticast, a Server + Identifier option (see Section 21.3) containing the server's DUID, + the Client Identifier option (see Section 21.2) from the client + message (if any), and no other options. + +19. Relay Agent Behavior + + The relay agent SHOULD be configured to use a list of destination + addresses that includes unicast addresses. The list of destination + addresses MAY include the All_DHCP_Servers multicast address or other + addresses selected by the network administrator. If the relay agent + has not been explicitly configured, it MUST use the All_DHCP_Servers + multicast address as the default. + + If the relay agent relays messages to the All_DHCP_Servers multicast + address or other multicast addresses, it sets the Hop Limit field + to 8. + + If the relay agent receives a message other than Relay-forward and + Relay-reply and the relay agent does not recognize its message type, + it MUST forward the message as described in Section 19.1.1. + +19.1. Relaying a Client Message or a Relay-forward Message + + A relay agent relays both messages from clients and Relay-forward + messages from other relay agents. When a relay agent receives a + Relay-forward message, a recognized message type for which it is not + the intended target, or an unrecognized message type [RFC7283], it + constructs a new Relay-forward message. The relay agent copies the + source address from the header of the IP datagram in which the + message was received into the peer-address field of the Relay-forward + message. The relay agent copies the received DHCP message (excluding + any IP or UDP headers) into a Relay Message option (see + Section 21.10) in the new message. The relay agent adds to the + Relay-forward message any other options it is configured to include. + + [RFC6221] defines a Lightweight DHCPv6 Relay Agent (LDRA) that allows + relay agent information to be inserted by an access node that + performs a link-layer bridging (i.e., non-routing) function. + + + + + + + +Mrugalski, et al. Standards Track [Page 89] + +RFC 8415 DHCP for IPv6 November 2018 + + +19.1.1. Relaying a Message from a Client + + If the relay agent received the message to be relayed from a client, + the relay agent places a globally scoped unicast address (i.e., GUA + or ULA) from a prefix assigned to the link on which the client should + be assigned leases into the link-address field. If such an address + is not available, the relay agent may set the link-address field to a + link-local address from the interface on which the original message + was received. This is not recommended, as it may require that + additional information be provided in the server configuration. See + Section 3.2 of [RFC7969] for a detailed discussion. + + This address will be used by the server to determine the link from + which the client should be assigned leases and other configuration + information. + + The hop-count value in the Relay-forward message is set to 0. + + If the relay agent cannot use the address in the link-address field + to identify the interface through which the response to the client + will be relayed, the relay agent MUST include an Interface-Id option + (see Section 21.18) in the Relay-forward message. The server will + include the Interface-Id option in its Relay-reply message. The + relay agent sets the link-address field as described earlier in this + subsection, regardless of whether the relay agent includes an + Interface-Id option in the Relay-forward message. + +19.1.2. Relaying a Message from a Relay Agent + + If the message received by the relay agent is a Relay-forward message + and the hop-count value in the message is greater than or equal to + HOP_COUNT_LIMIT, the relay agent discards the received message. + + The relay agent copies the source address from the IP datagram in + which the message was received into the peer-address field in the + Relay-forward message and sets the hop-count field to the value of + the hop-count field in the received message incremented by 1. + + If the source address from the IP datagram header of the received + message is a globally scoped unicast address (i.e., GUA or ULA), the + relay agent sets the link-address field to 0; otherwise, the relay + agent sets the link-address field to a globally scoped unicast + address (i.e., GUA or ULA) assigned to the interface on which the + message was received or includes an Interface-Id option (see + Section 21.18) to identify the interface on which the message was + received. + + + + + +Mrugalski, et al. Standards Track [Page 90] + +RFC 8415 DHCP for IPv6 November 2018 + + +19.1.3. Relay Agent Behavior with Prefix Delegation + + A relay agent forwards messages containing prefix delegation options + in the same way as it would relay addresses (i.e., per + Sections 19.1.1 and 19.1.2). + + If a server communicates with a client through a relay agent about + delegated prefixes, the server may need a protocol or other + out-of-band communication to configure routing information for + delegated prefixes on any router through which the client may forward + traffic. + +19.2. Relaying a Relay-reply Message + + The relay agent processes any options included in the Relay-reply + message in addition to the Relay Message option (see Section 21.10). + + The relay agent extracts the message from the Relay Message option + and relays it to the address contained in the peer-address field of + the Relay-reply message. Relay agents MUST NOT modify the message. + + If the Relay-reply message includes an Interface-Id option (see + Section 21.18), the relay agent relays the message from the server to + the client on the link identified by the Interface-Id option. + Otherwise, if the link-address field is not set to 0, the relay agent + relays the message on the link identified by the link-address field. + + If the relay agent receives a Relay-reply message, it MUST process + the message as defined above, regardless of the type of message + encapsulated in the Relay Message option. + +19.3. Construction of Relay-reply Messages + + A server uses a Relay-reply message to (1) return a response to a + client if the original message from the client was relayed to the + server in a Relay-forward message or (2) send a Reconfigure message + to a client if the server does not have an address it can use to send + the message directly to the client. + + A response to the client MUST be relayed through the same relay + agents as the original client message. The server causes this to + happen by creating a Relay-reply message that includes a Relay + Message option (see Section 21.10) containing the message for the + next relay agent in the return path to the client. The contained + Relay-reply message contains another Relay Message option to be sent + to the next relay agent, and so on. The server must record the + + + + + +Mrugalski, et al. Standards Track [Page 91] + +RFC 8415 DHCP for IPv6 November 2018 + + + contents of the peer-address fields in the received message so it can + construct the appropriate Relay-reply message carrying the response + from the server. + + For example, if client C sent a message that was relayed by relay + agent A to relay agent B and then to the server, the server would + send the following Relay-reply message to relay agent B: + + msg-type: RELAY-REPL + hop-count: 1 + link-address: 0 + peer-address: A + Relay Message option containing the following: + msg-type: RELAY-REPL + hop-count: 0 + link-address: address from link to which C is attached + peer-address: C + Relay Message option: + + Figure 10: Relay-reply Example + + When sending a Reconfigure message to a client through a relay agent, + the server creates a Relay-reply message that includes a Relay + Message option containing the Reconfigure message for the next relay + agent in the return path to the client. The server sets the + peer-address field in the Relay-reply message header to the address + of the client and sets the link-address field as required by the + relay agent to relay the Reconfigure message to the client. The + server obtains the addresses of the client and the relay agent + through prior interaction with the client or through some external + mechanism. + +19.4. Interaction between Relay Agents and Servers + + Each time a packet is relayed by a relay agent towards a server, a + new encapsulation level is added around the packet. Each relay is + allowed to insert additional options on the encapsulation level it + added but MUST NOT change anything in the packet being encapsulated. + If there are multiple relays between a client and a server, multiple + encapsulations are used. Although it makes packet processing + slightly more complex, it provides the major advantage of having a + clear indication as to which relay inserted which option. The + response packet is expected to travel through the same relays, but in + reverse order. Each time a response packet is relayed back towards a + client, one encapsulation level is removed. + + + + + + +Mrugalski, et al. Standards Track [Page 92] + +RFC 8415 DHCP for IPv6 November 2018 + + + In certain cases, relays can add one or more options. These options + can be added for several reasons: + + - First, relays can provide additional information about the client. + That source of information is usually more trusted by a server + administrator, as it comes from the network infrastructure rather + than the client and cannot be easily spoofed. These options can + be used by the server to determine its allocation policy. + + - Second, a relay may need some information to send a response back + to the client. Relay agents are expected to be stateless (not + retain any state after a packet has been processed). A relay + agent may include the Interface-Id option (see Section 21.18), + which will be echoed back in the response. It can include other + options and ask the server to echo one or more of the options back + in the response. These options can then be used by the relay + agent to send the response back to the client, or for other needs. + The client will never see these options. See [RFC4994] for + details. + + - Third, sometimes a relay is the best device to provide values for + certain options. A relay can insert an option into the packet + being forwarded to the server and ask the server to pass that + option back to the client. The client will receive that option. + It should be noted that the server is the ultimate authority here, + and -- depending on its configuration -- it may or may not send + the option back to the client. See [RFC6422] for details. + + For various reasons, servers may need to retain the relay information + after the packet processing is completed. One is a bulk leasequery + mechanism that may ask for all addresses and/or prefixes that were + assigned via a specific relay. A second is for the reconfigure + mechanism. The server may choose to not send the Reconfigure message + directly to the client but rather to send it via relays. This + particular behavior is considered an implementation detail and is out + of scope for this document. + +20. Authentication of DHCP Messages + + This document introduces two security mechanisms for the + authentication of DHCP messages: (1) authentication (and encryption) + of messages sent between servers and relay agents using IPsec and + (2) protection against misconfiguration of a client caused by a + Reconfigure message sent by a malicious DHCP server. + + The delayed authentication protocol, defined in [RFC3315], has been + obsoleted by this document (see Section 25). + + + + +Mrugalski, et al. Standards Track [Page 93] + +RFC 8415 DHCP for IPv6 November 2018 + + +20.1. Security of Messages Sent between Servers and Relay Agents + + Relay agents and servers that exchange messages can use IPsec as + detailed in [RFC8213]. + +20.2. Summary of DHCP Authentication + + Authentication of DHCP messages is accomplished through the use of + the Authentication option (see Section 21.11). The authentication + information carried in the Authentication option can be used to + reliably identify the source of a DHCP message and to confirm that + the contents of the DHCP message have not been tampered with. + + The Authentication option provides a framework for multiple + authentication protocols. One such protocol, RKAP, is defined in + Section 20.4. Other protocols defined in the future will be + specified in separate documents. + + Any DHCP message MUST NOT include more than one Authentication + option. + + The protocol field in the Authentication option identifies the + specific protocol used to generate the authentication information + carried in the option. The algorithm field identifies a specific + algorithm within the authentication protocol; for example, the + algorithm field specifies the hash algorithm used to generate the + Message Authentication Code (MAC) in the Authentication option. The + RDM field specifies the type of replay detection used in the replay + detection field. + +20.3. Replay Detection + + The RDM field of the Authentication option (see Section 21.11) + determines the type of replay detection used in the replay detection + field. + + If the RDM field contains 0x00, the replay detection field MUST be + set to the value of a strictly monotonically increasing 64-bit + unsigned integer (modulo 2^64). Using this technique can reduce the + danger of replay attacks. This method MUST be supported by all + Authentication option protocols. One choice might be to use the + 64-bit NTP timestamp format [RFC5905]). + + A client that receives a message with the RDM field set to 0x00 MUST + compare its replay detection field with the previous value sent by + that same server (based on the Server Identifier option; see + Section 21.3) and only accept the message if the received value is + greater and record this as the new value. If this is the first time + + + +Mrugalski, et al. Standards Track [Page 94] + +RFC 8415 DHCP for IPv6 November 2018 + + + a client processes an Authentication option sent by a server, the + client MUST record the replay detection value and skip the replay + detection check. + + Servers that support the reconfigure mechanism MUST ensure that the + replay detection value is retained between restarts. Failing to do + so may cause clients to refuse Reconfigure messages sent by the + server, effectively rendering the reconfigure mechanism useless. + +20.4. Reconfiguration Key Authentication Protocol (RKAP) + + RKAP provides protection against misconfiguration of a client caused + by a Reconfigure message sent by a malicious DHCP server. In this + protocol, a DHCP server sends a reconfigure key to the client in the + initial exchange of DHCP messages. The client records the + reconfigure key for use in authenticating subsequent Reconfigure + messages from that server. The server then includes a Hashed Message + Authentication Code (HMAC) computed from the reconfigure key in + subsequent Reconfigure messages. + + Both the reconfigure key sent from the server to the client and the + HMAC in subsequent Reconfigure messages are carried as the + authentication information in an Authentication option (see + Section 21.11). The format of the authentication information is + defined in the following section. + + RKAP is used (initiated by the server) only if the client and server + have negotiated to use Reconfigure messages. + + + + + + + + + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 95] + +RFC 8415 DHCP for IPv6 November 2018 + + +20.4.1. Use of the Authentication Option in RKAP + + The following fields are set in an Authentication option (see + Section 21.11) for RKAP: + + protocol 3 + + algorithm 1 + + RDM 0 + + The format of the authentication information for RKAP is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Type | Value (128 bits) | + +-+-+-+-+-+-+-+-+ | + . . + . . + . +-+-+-+-+-+-+-+-+ + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 11: RKAP Authentication Information + + Type Type of data in the Value field carried in this + option: + + 1 Reconfigure key value (used in the Reply + message). + + 2 HMAC-MD5 digest of the message (used in + the Reconfigure message). + + A 1-octet field. + + Value Data as defined by the Type field. A 16-octet + field. + +20.4.2. Server Considerations for RKAP + + The server selects a reconfigure key for a client during the + Request/Reply, Solicit/Reply, or Information-request/Reply message + exchange. The server records the reconfigure key and transmits that + key to the client in an Authentication option (see Section 21.11) in + the Reply message. + + + + +Mrugalski, et al. Standards Track [Page 96] + +RFC 8415 DHCP for IPv6 November 2018 + + + The reconfigure key is 128 bits long and MUST be a cryptographically + strong random or pseudorandom number that cannot easily be predicted. + + To provide authentication for a Reconfigure message, the server + selects a replay detection value according to the RDM selected by the + server and computes an HMAC-MD5 of the Reconfigure message using the + reconfigure key for the client. The server computes the HMAC-MD5 + over the entire DHCP Reconfigure message, including the + Authentication option; the HMAC-MD5 field in the Authentication + option is set to 0 for the HMAC-MD5 computation. The server includes + the HMAC-MD5 in the authentication information field in an + Authentication option included in the Reconfigure message sent to the + client. + +20.4.3. Client Considerations for RKAP + + The client will receive a reconfigure key from the server in an + Authentication option (see Section 21.11) in the initial Reply + message from the server. The client records the reconfigure key for + use in authenticating subsequent Reconfigure messages. + + To authenticate a Reconfigure message, the client computes an + HMAC-MD5 over the Reconfigure message, with zeroes substituted for + the HMAC-MD5 field, using the reconfigure key received from the + server. If this computed HMAC-MD5 matches the value in the + Authentication option, the client accepts the Reconfigure message. + +21. DHCP Options + + Options are used to carry additional information and parameters in + DHCP messages. Every option shares a common base format, as + described in Section 21.1. All values in options are represented in + network byte order. + + This document describes the DHCP options defined as part of the base + DHCP specification. Other options may be defined in the future in + separate documents. See [RFC7227] for guidelines regarding the + definition of new options. See Section 24 for additional information + about the DHCPv6 "Option Codes" registry maintained by IANA. + + Unless otherwise noted, each option may appear only in the options + area of a DHCP message and may appear only once. If an option does + appear multiple times, each instance is considered separate and the + data areas of the options MUST NOT be concatenated or otherwise + combined. + + + + + + +Mrugalski, et al. Standards Track [Page 97] + +RFC 8415 DHCP for IPv6 November 2018 + + + Options that are allowed to appear only once are called "singleton + options". The only non-singleton options defined in this document + are the IA_NA (see Section 21.4), IA_TA (see Section 21.5), Vendor + Class (see Section 21.16), Vendor-specific Information (see + Section 21.17), and IA_PD (see Section 21.21) options. Also, IA + Address (see Section 21.6) and IA Prefix (see Section 21.22) may + appear in their respective IA options more than once. + +21.1. Format of DHCP Options + + The format of DHCP options is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | option-code | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | option-data | + | (option-len octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 12: Option Format + + option-code An unsigned integer identifying the specific + option type carried in this option. + A 2-octet field. + + option-len An unsigned integer giving the length of the + option-data field in this option in octets. + A 2-octet field. + + option-data The data for the option; the format of this + data depends on the definition of the option. + A variable-length field (the length, in + octets, is specified by option-len). + + DHCP options are scoped by using encapsulation. Some options apply + generally to the client, some are specific to an IA, and some are + specific to the addresses within an IA. These latter two cases are + discussed in Sections 21.4, 21.5, and 21.6. + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 98] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.2. Client Identifier Option + + The Client Identifier option is used to carry a DUID (see Section 11) + that identifies the client. The format of the Client Identifier + option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_CLIENTID | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . DUID . + . (variable length) . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 13: Client Identifier Option Format + + option-code OPTION_CLIENTID (1). + + option-len Length of DUID in octets. + + DUID The DUID for the client. + +21.3. Server Identifier Option + + The Server Identifier option is used to carry a DUID (see Section 11) + that identifies the server. The format of the Server Identifier + option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_SERVERID | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . DUID . + . (variable length) . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 14: Server Identifier Option Format + + + + + + + + +Mrugalski, et al. Standards Track [Page 99] + +RFC 8415 DHCP for IPv6 November 2018 + + + option-code OPTION_SERVERID (2). + + option-len Length of DUID in octets. + + DUID The DUID for the server. + +21.4. Identity Association for Non-temporary Addresses Option + + The Identity Association for Non-temporary Addresses (IA_NA) option + is used to carry an IA_NA, the parameters associated with the IA_NA, + and the non-temporary addresses associated with the IA_NA. + + Addresses appearing in an IA_NA option are not temporary addresses + (see Section 21.5). + + The format of the IA_NA option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_IA_NA | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | IAID (4 octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | T1 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | T2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + . IA_NA-options . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 15: Identity Association for Non-temporary Addresses + Option Format + + option-code OPTION_IA_NA (3). + + option-len 12 + length of IA_NA-options field. + + IAID The unique identifier for this IA_NA; the + IAID must be unique among the identifiers for + all of this client's IA_NAs. The number + space for IA_NA IAIDs is separate from the + number space for other IA option types (i.e., + IA_TA and IA_PD). A 4-octet field containing + an unsigned integer. + + + + +Mrugalski, et al. Standards Track [Page 100] + +RFC 8415 DHCP for IPv6 November 2018 + + + T1 The time interval after which the client + should contact the server from which the + addresses in the IA_NA were obtained to + extend the lifetimes of the addresses + assigned to the IA_NA; T1 is a time duration + relative to the current time expressed in + units of seconds. A 4-octet field containing + an unsigned integer. + + T2 The time interval after which the client + should contact any available server to extend + the lifetimes of the addresses assigned to + the IA_NA; T2 is a time duration relative to + the current time expressed in units of + seconds. A 4-octet field containing an + unsigned integer. + + IA_NA-options Options associated with this IA_NA. A + variable-length field (12 octets less than + the value in the option-len field). + + The IA_NA-options field encapsulates those options that are specific + to this IA_NA. For example, all of the IA Address options (see + Section 21.6) carrying the addresses associated with this IA_NA are + in the IA_NA-options field. + + Each IA_NA carries one "set" of non-temporary addresses; it is up to + the server policy to determine how many addresses are assigned, but + typically at most one address is assigned from each prefix assigned + to the link to which the client is attached. + + An IA_NA option may only appear in the options area of a DHCP + message. A DHCP message may contain multiple IA_NA options (though + each must have a unique IAID). + + The status of any operations involving this IA_NA is indicated in a + Status Code option (see Section 21.13) in the IA_NA-options field. + + Note that an IA_NA has no explicit "lifetime" or "lease length" of + its own. When the valid lifetimes of all of the addresses in an + IA_NA have expired, the IA_NA can be considered as having expired. + T1 and T2 are included to give servers explicit control over when a + client recontacts the server about a specific IA_NA. + + In a message sent by a client to a server, the T1 and T2 fields + SHOULD be set to 0. The server MUST ignore any values in these + fields in messages received from a client. + + + + +Mrugalski, et al. Standards Track [Page 101] + +RFC 8415 DHCP for IPv6 November 2018 + + + In a message sent by a server to a client, the client MUST use the + values in the T1 and T2 fields for the T1 and T2 times, unless values + in those fields are 0. The values in the T1 and T2 fields are the + number of seconds until T1 and T2 and are calculated since reception + of the message. + + As per Section 7.7, the value 0xffffffff is taken to mean "infinity" + and should be used carefully. + + The server selects the T1 and T2 values to allow the client to extend + the lifetimes of any addresses in the IA_NA before the lifetimes + expire, even if the server is unavailable for some short period of + time. Recommended values for T1 and T2 are 0.5 and 0.8 times the + shortest preferred lifetime of the addresses in the IA that the + server is willing to extend, respectively. If the "shortest" + preferred lifetime is 0xffffffff ("infinity"), the recommended T1 and + T2 values are also 0xffffffff. If the time at which the addresses in + an IA_NA are to be renewed is to be left to the discretion of the + client, the server sets the T1 and T2 values to 0. The client MUST + follow the rules defined in Section 14.2. + + If a client receives an IA_NA with T1 greater than T2 and both T1 and + T2 are greater than 0, the client discards the IA_NA option and + processes the remainder of the message as though the server had not + included the invalid IA_NA option. + +21.5. Identity Association for Temporary Addresses Option + + The Identity Association for Temporary Addresses (IA_TA) option is + used to carry an IA_TA, the parameters associated with the IA_TA, and + the addresses associated with the IA_TA. All of the addresses in + this option are used by the client as temporary addresses, as defined + in [RFC4941]. The format of the IA_TA option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_IA_TA | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | IAID (4 octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + . IA_TA-options . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 16: Identity Association for Temporary Addresses Option Format + + + + +Mrugalski, et al. Standards Track [Page 102] + +RFC 8415 DHCP for IPv6 November 2018 + + + option-code OPTION_IA_TA (4). + + option-len 4 + length of IA_TA-options field. + + IAID The unique identifier for this IA_TA; the + IAID must be unique among the identifiers for + all of this client's IA_TAs. The number + space for IA_TA IAIDs is separate from the + number space for other IA option types (i.e., + IA_NA and IA_PD). A 4-octet field containing + an unsigned integer. + + IA_TA-options Options associated with this IA_TA. A + variable-length field (4 octets less than the + value in the option-len field). + + The IA_TA-options field encapsulates those options that are specific + to this IA_TA. For example, all of the IA Address options (see + Section 21.6) carrying the addresses associated with this IA_TA are + in the IA_TA-options field. + + Each IA_TA carries one "set" of temporary addresses. It is up to the + server policy to determine how many addresses are assigned. + + An IA_TA option may only appear in the options area of a DHCP + message. A DHCP message may contain multiple IA_TA options (though + each must have a unique IAID). + + The status of any operations involving this IA_TA is indicated in a + Status Code option (see Section 21.13) in the IA_TA-options field. + + Note that an IA has no explicit "lifetime" or "lease length" of its + own. When the valid lifetimes of all of the addresses in an IA_TA + have expired, the IA can be considered as having expired. + + An IA_TA option does not include values for T1 and T2. A client MAY + request that the valid lifetime on temporary addresses be extended by + including the addresses in an IA_TA option sent in a Renew or Rebind + message to a server. For example, a client would request an + extension on the valid lifetime of a temporary address to allow an + application to continue to use an established TCP connection. + Extending only the valid, but not the preferred, lifetime means the + address will end up in a deprecated state eventually. Existing + connections could continue, but no new ones would be created using + that address. + + + + + + +Mrugalski, et al. Standards Track [Page 103] + +RFC 8415 DHCP for IPv6 November 2018 + + + The client obtains new temporary addresses by sending an IA_TA option + with a new IAID to a server. Requesting new temporary addresses from + the server is the equivalent of generating new temporary addresses as + described in [RFC4941]. The server will generate new temporary + addresses and return them to the client. The client should request + new temporary addresses before the lifetimes on the previously + assigned addresses expire. + + A server MUST return the same set of temporary addresses for the same + IA_TA (as identified by the IAID) as long as those addresses are + still valid. After the lifetimes of the addresses in an IA_TA have + expired, the IAID may be reused to identify a new IA_TA with new + temporary addresses. + +21.6. IA Address Option + + The IA Address option is used to specify an address associated with + an IA_NA or an IA_TA. The IA Address option must be encapsulated in + the IA_NA-options field of an IA_NA option (see Section 21.4) or the + IA_TA-options field of an IA_TA option (see Section 21.5). The + IAaddr-options field encapsulates those options that are specific to + this address. + + The format of the IA Address option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_IAADDR | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | IPv6-address | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | preferred-lifetime | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | valid-lifetime | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . IAaddr-options . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 17: IA Address Option Format + + + + + + +Mrugalski, et al. Standards Track [Page 104] + +RFC 8415 DHCP for IPv6 November 2018 + + + option-code OPTION_IAADDR (5). + + option-len 24 + length of IAaddr-options field. + + IPv6-address An IPv6 address. A client MUST NOT form an + implicit prefix with a length other than 128 + for this address. A 16-octet field. + + preferred-lifetime The preferred lifetime for the address in the + option, expressed in units of seconds. A + 4-octet field containing an unsigned integer. + + valid-lifetime The valid lifetime for the address in the + option, expressed in units of seconds. A + 4-octet field containing an unsigned integer. + + IAaddr-options Options associated with this address. A + variable-length field (24 octets less than + the value in the option-len field). + + In a message sent by a client to a server, the preferred-lifetime and + valid-lifetime fields SHOULD be set to 0. The server MUST ignore any + received values. + + The client SHOULD NOT send the IA Address option with an unspecified + address (::). + + In a message sent by a server to a client, the client MUST use the + values in the preferred-lifetime and valid-lifetime fields for the + preferred and valid lifetimes. The values in these fields are the + number of seconds remaining in each lifetime. + + The client MUST discard any addresses for which the preferred + lifetime is greater than the valid lifetime. + + As per Section 7.7, if the valid lifetime of an address is + 0xffffffff, it is taken to mean "infinity" and should be used + carefully. + + More than one IA Address option can appear in an IA_NA option or an + IA_TA option. + + The status of any operations involving this IA Address is indicated + in a Status Code option in the IAaddr-options field, as specified in + Section 21.13. + + + + + + +Mrugalski, et al. Standards Track [Page 105] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.7. Option Request Option + + The Option Request option is used to identify a list of options in a + message between a client and a server. The format of the Option + Request option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_ORO | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | requested-option-code-1 | requested-option-code-2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 18: Option Request Option Format + + option-code OPTION_ORO (6). + + option-len 2 * number of requested options. + + requested-option-code-n The option code for an option requested + by the client. Each option code is a + 2-octet field containing an unsigned + integer. + + A client MUST include an Option Request option in a Solicit, Request, + Renew, Rebind, or Information-request message to inform the server + about options the client wants the server to send to the client. For + certain message types, some option codes MUST be included in the + Option Request option; see Table 4 for details. + + The Option Request option MUST NOT include the following options: + + - Client Identifier (see Section 21.2) + + - Server Identifier (see Section 21.3) + + - IA_NA (see Section 21.4) + + - IA_TA (see Section 21.5) + + - IA_PD (see Section 21.21) + + - IA Address (see Section 21.6) + + - IA Prefix (see Section 21.22) + + + +Mrugalski, et al. Standards Track [Page 106] + +RFC 8415 DHCP for IPv6 November 2018 + + + - Option Request (this section) + + - Elapsed Time (see Section 21.9) + + - Preference (see Section 21.8) + + - Relay Message (see Section 21.10) + + - Authentication (see Section 21.11) + + - Server Unicast (see Section 21.12) + + - Status Code (see Section 21.13) + + - Rapid Commit (see Section 21.14) + + - User Class (see Section 21.15) + + - Vendor Class (see Section 21.16) + + - Interface-Id (see Section 21.18) + + - Reconfigure Message (see Section 21.19) + + - Reconfigure Accept (see Section 21.20) + + Other top-level options MUST appear in the Option Request option or + they will not be sent by the server. Only top-level options MAY + appear in the Option Request option. Options encapsulated in a + container option SHOULD NOT appear in an Option Request option; see + [RFC7598] for an example of container options. However, options MAY + be defined that specify exceptions to this restriction on including + encapsulated options in an Option Request option. For example, the + Option Request option MAY be used to signal support for a feature + even when that option is encapsulated, as in the case of the Prefix + Exclude option [RFC6603]. See Table 4. + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 107] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.8. Preference Option + + The Preference option is sent by a server to a client to control the + selection of a server by the client. + + The format of the Preference option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_PREFERENCE | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | pref-value | + +-+-+-+-+-+-+-+-+ + + Figure 19: Preference Option Format + + option-code OPTION_PREFERENCE (7). + + option-len 1. + + pref-value The preference value for the server in this + message. A 1-octet unsigned integer. + + A server MAY include a Preference option in an Advertise message to + control the selection of a server by the client. See Section 18.2.9 + for information regarding the use of the Preference option by the + client and the interpretation of the Preference option data value. + +21.9. Elapsed Time Option + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_ELAPSED_TIME | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | elapsed-time | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 20: Elapsed Time Option Format + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 108] + +RFC 8415 DHCP for IPv6 November 2018 + + + option-code OPTION_ELAPSED_TIME (8). + + option-len 2. + + elapsed-time The amount of time since the client began its + current DHCP transaction. This time is + expressed in hundredths of a second + (10^-2 seconds). A 2-octet field containing + an unsigned integer. + + A client MUST include an Elapsed Time option in messages to indicate + how long the client has been trying to complete a DHCP message + exchange. The elapsed time is measured from the time at which the + client sent the first message in the message exchange, and the + elapsed-time field is set to 0 in the first message in the message + exchange. Servers and relay agents use the data value in this option + as input to policy that controls how a server responds to a client + message. For example, the Elapsed Time option allows a secondary + DHCP server to respond to a request when a primary server has not + answered in a reasonable time. The elapsed-time value is a 16-bit + (2-octet) unsigned integer. The client uses the value 0xffff to + represent any elapsed-time values greater than the largest time value + that can be represented in the Elapsed Time option. + +21.10. Relay Message Option + + The Relay Message option carries a DHCP message in a Relay-forward or + Relay-reply message. + + The format of the Relay Message option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_RELAY_MSG | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + . DHCP-relay-message . + . . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 21: Relay Message Option Format + + + + + + + + +Mrugalski, et al. Standards Track [Page 109] + +RFC 8415 DHCP for IPv6 November 2018 + + + option-code OPTION_RELAY_MSG (9). + + option-len Length of DHCP-relay-message field. + + DHCP-relay-message In a Relay-forward message, the received + message, relayed verbatim to the next relay + agent or server; in a Relay-reply message, + the message to be copied and relayed to the + relay agent or client whose address is in the + peer-address field of the Relay-reply + message. The length, in octets, is specified + by option-len. + +21.11. Authentication Option + + The Authentication option carries authentication information to + authenticate the identity and contents of DHCP messages. The use of + the Authentication option is described in Section 20. The delayed + authentication protocol, defined in [RFC3315], has been obsoleted by + this document, due to lack of usage (see Section 25). The format of + the Authentication option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_AUTH | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | protocol | algorithm | RDM | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | | + | replay detection (64 bits) +-+-+-+-+-+-+-+-+ + | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + . authentication information . + . (variable length) . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 22: Authentication Option Format + + option-code OPTION_AUTH (11). + + option-len 11 + length of authentication + information field. + + protocol The authentication protocol used in + this Authentication option. A + 1-octet unsigned integer. + + + + +Mrugalski, et al. Standards Track [Page 110] + +RFC 8415 DHCP for IPv6 November 2018 + + + algorithm The algorithm used in the + authentication protocol. A 1-octet + unsigned integer. + + RDM The replay detection method used in + this Authentication option. A + 1-octet unsigned integer. + + replay detection The replay detection information for + the RDM. A 64-bit (8-octet) field. + + authentication information The authentication information, as + specified by the protocol and + algorithm used in this Authentication + option. A variable-length field + (11 octets less than the value in the + option-len field). + + IANA maintains a registry for the protocol, algorithm, and RDM values + at . + +21.12. Server Unicast Option + + The server sends this option to a client to indicate to the client + that it is allowed to unicast messages to the server. The format of + the Server Unicast option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_UNICAST | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | server-address | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 23: Server Unicast Option Format + + option-code OPTION_UNICAST (12). + + option-len 16. + + server-address The 128-bit address to which the client + should send messages delivered using unicast. + + + + + +Mrugalski, et al. Standards Track [Page 111] + +RFC 8415 DHCP for IPv6 November 2018 + + + The server specifies in the server-address field the address to which + the client is to send unicast messages. When a client receives this + option, where permissible and appropriate the client sends messages + directly to the server using the address specified in the + server-address field of the option. + + When the server sends a Server Unicast option to the client, some + messages from the client will not be relayed by relay agents and will + not include relay agent options from the relay agents. Therefore, a + server should only send a Server Unicast option to a client when + relay agents are not sending relay agent options. A DHCP server + rejects any messages sent inappropriately using unicast to ensure + that messages are relayed by relay agents when relay agent options + are in use. + + Details about when the client may send messages to the server using + unicast are provided in Section 18. + +21.13. Status Code Option + + This option returns a status indication related to the DHCP message + or option in which it appears. The format of the Status Code + option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_STATUS_CODE | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | status-code | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + . . + . status-message . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 24: Status Code Option Format + + option-code OPTION_STATUS_CODE (13). + + option-len 2 + length of status-message field. + + status-code The numeric code for the status encoded in + this option. A 2-octet field containing an + unsigned integer. + + + + + + +Mrugalski, et al. Standards Track [Page 112] + +RFC 8415 DHCP for IPv6 November 2018 + + + status-message A UTF-8 encoded [RFC3629] text string + suitable for display to an end user. + MUST NOT be null-terminated. A + variable-length field (2 octets less than the + value in the option-len field). + + A Status Code option may appear in the "options" field of a DHCP + message and/or in the "options" field of another option. If the + Status Code option does not appear in a message in which the option + could appear, the status of the message is assumed to be Success. + + The status-code values previously defined by [RFC3315] and + [RFC3633] are: + + +---------------+------+--------------------------------------------+ + | Name | Code | Description | + +---------------+------+--------------------------------------------+ + | Success | 0 | Success. | + | | | | + | UnspecFail | 1 | Failure, reason unspecified; this status | + | | | code is sent by either a client or a | + | | | server to indicate a failure not | + | | | explicitly specified in this document. | + | | | | + | NoAddrsAvail | 2 | The server has no addresses available to | + | | | assign to the IA(s). | + | | | | + | NoBinding | 3 | Client record (binding) unavailable. | + | | | | + | NotOnLink | 4 | The prefix for the address is not | + | | | appropriate for the link to which the | + | | | client is attached. | + | | | | + | UseMulticast | 5 | Sent by a server to a client to force the | + | | | client to send messages to the server | + | | | using the | + | | | All_DHCP_Relay_Agents_and_Servers | + | | | multicast address. | + | | | | + | NoPrefixAvail | 6 | The server has no prefixes available to | + | | | assign to the IA_PD(s). | + +---------------+------+--------------------------------------------+ + + Table 3: Status Code Definitions + + See the "Status Codes" registry at for the current list of status codes. + + + + +Mrugalski, et al. Standards Track [Page 113] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.14. Rapid Commit Option + + The Rapid Commit option is used to signal the use of the two-message + exchange for address assignment. The format of the Rapid Commit + option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_RAPID_COMMIT | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 25: Rapid Commit Option Format + + option-code OPTION_RAPID_COMMIT (14). + + option-len 0. + + A client MAY include this option in a Solicit message if the client + is prepared to perform the Solicit/Reply message exchange described + in Section 18.2.1. + + A server MUST include this option in a Reply message sent in response + to a Solicit message when completing the Solicit/Reply message + exchange. + + DISCUSSION: + + Each server that responds with a Reply to a Solicit that includes + a Rapid Commit option will commit the leases in the Reply message + to the client but will not receive any confirmation that the + client has received the Reply message. Therefore, if more than + one server responds to a Solicit that includes a Rapid Commit + option, all but one server will commit leases that are not + actually used by the client; this could result in incorrect + address information in DNS if the DHCP servers update DNS + [RFC4704], and responses to leasequery requests [RFC5007] may + include information on leases not in use by the client. + + The problem of unused leases can be minimized by designing the + DHCP service so that only one server responds to the Solicit or by + using relatively short lifetimes for newly assigned leases. + + + + + + + + + +Mrugalski, et al. Standards Track [Page 114] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.15. User Class Option + + The User Class option is used by a client to identify the type or + category of users or applications it represents. + + The format of the User Class option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_USER_CLASS | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . user-class-data . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 26: User Class Option Format + + option-code OPTION_USER_CLASS (15). + + option-len Length of user-class-data field. + + user-class-data The user classes carried by the client. The + length, in octets, is specified by + option-len. + + The information contained in the data area of this option is + contained in one or more opaque fields that represent the user class + or classes of which the client is a member. A server selects + configuration information for the client based on the classes + identified in this option. For example, the User Class option can be + used to configure all clients of people in the accounting department + with a different printer than clients of people in the marketing + department. The user class information carried in this option MUST + be configurable on the client. + + The data area of the User Class option MUST contain one or more + instances of user-class-data information. Each instance of + user-class-data is formatted as follows: + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ + | user-class-len | opaque-data | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ + + Figure 27: Format of user-class-data Field + + + + + +Mrugalski, et al. Standards Track [Page 115] + +RFC 8415 DHCP for IPv6 November 2018 + + + The user-class-len field is 2 octets long and specifies the length of + the opaque user-class-data in network byte order. + + A server interprets the classes identified in this option according + to its configuration to select the appropriate configuration + information for the client. A server may use only those user classes + that it is configured to interpret in selecting configuration + information for a client and ignore any other user classes. In + response to a message containing a User Class option, a server may + include a User Class option containing those classes that were + successfully interpreted by the server so that the client can be + informed of the classes interpreted by the server. + +21.16. Vendor Class Option + + This option is used by a client to identify the vendor that + manufactured the hardware on which the client is running. The + information contained in the data area of this option is contained in + one or more opaque fields that identify details of the hardware + configuration. The format of the Vendor Class option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_VENDOR_CLASS | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | enterprise-number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . vendor-class-data . + . . . . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 28: Vendor Class Option Format + + option-code OPTION_VENDOR_CLASS (16). + + option-len 4 + length of vendor-class-data field. + + enterprise-number The vendor's registered Enterprise Number as + maintained by IANA [IANA-PEN]. A 4-octet + field containing an unsigned integer. + + vendor-class-data The hardware configuration of the node on + which the client is running. A + variable-length field (4 octets less than the + value in the option-len field). + + + + +Mrugalski, et al. Standards Track [Page 116] + +RFC 8415 DHCP for IPv6 November 2018 + + + The vendor-class-data field is composed of a series of separate + items, each of which describes some characteristic of the client's + hardware configuration. Examples of vendor-class-data instances + might include the version of the operating system the client is + running or the amount of memory installed on the client. + + Each instance of vendor-class-data is formatted as follows: + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ + | vendor-class-len | opaque-data | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ + + Figure 29: Format of vendor-class-data Field + + The vendor-class-len field is 2 octets long and specifies the length + of the opaque vendor-class-data in network byte order. + + Servers and clients MUST NOT include more than one instance of + OPTION_VENDOR_CLASS with the same Enterprise Number. Each instance + of OPTION_VENDOR_CLASS can carry multiple vendor-class-data + instances. + +21.17. Vendor-specific Information Option + + This option is used by clients and servers to exchange vendor- + specific information. + + The format of the Vendor-specific Information option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_VENDOR_OPTS | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | enterprise-number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . vendor-option-data . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 30: Vendor-specific Information Option Format + + option-code OPTION_VENDOR_OPTS (17). + + option-len 4 + length of vendor-option-data field. + + + + + +Mrugalski, et al. Standards Track [Page 117] + +RFC 8415 DHCP for IPv6 November 2018 + + + enterprise-number The vendor's registered Enterprise Number as + maintained by IANA [IANA-PEN]. A 4-octet + field containing an unsigned integer. + + vendor-option-data Vendor options, interpreted by + vendor-specific code on the clients and + servers. A variable-length field (4 octets + less than the value in the option-len field). + + The definition of the information carried in this option is vendor + specific. The vendor is indicated in the enterprise-number field. + Use of vendor-specific information allows enhanced operation, + utilizing additional features in a vendor's DHCP implementation. A + DHCP client that does not receive requested vendor-specific + information will still configure the node's IPv6 stack to be + functional. + + The vendor-option-data field MUST be encoded as a sequence of + code/length/value fields of format identical to the DHCP options (see + Section 21.1). The sub-option codes are defined by the vendor + identified in the enterprise-number field and are not managed by + IANA. Each of the sub-options is formatted as follows: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | sub-opt-code | sub-option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . sub-option-data . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 31: Vendor-specific Options Format + + sub-opt-code The code for the sub-option. A 2-octet + field. + + sub-option-len An unsigned integer giving the length of the + sub-option-data field in this sub-option in + octets. A 2-octet field. + + sub-option-data The data area for the sub-option. The + length, in octets, is specified by + sub-option-len. + + + + + + +Mrugalski, et al. Standards Track [Page 118] + +RFC 8415 DHCP for IPv6 November 2018 + + + Multiple instances of the Vendor-specific Information option may + appear in a DHCP message. Each instance of the option is interpreted + according to the option codes defined by the vendor identified by the + Enterprise Number in that option. Servers and clients MUST NOT send + more than one instance of the Vendor-specific Information option with + the same Enterprise Number. Each instance of the Vendor-specific + Information option MAY contain multiple sub-options. + + A client that is interested in receiving a Vendor-specific + Information option: + + - MUST specify the Vendor-specific Information option in an Option + Request option. + + - MAY specify an associated Vendor Class option (see Section 21.16). + + - MAY specify the Vendor-specific Information option with + appropriate data. + + Servers only return the Vendor-specific Information options if + specified in Option Request options from clients and: + + - MAY use the Enterprise Numbers in the associated Vendor Class + options to restrict the set of Enterprise Numbers in the + Vendor-specific Information options returned. + + - MAY return all configured Vendor-specific Information options. + + - MAY use other information in the packet or in its configuration to + determine which set of Enterprise Numbers in the Vendor-specific + Information options to return. + +21.18. Interface-Id Option + + The relay agent MAY send the Interface-Id option to identify the + interface on which the client message was received. If a relay agent + receives a Relay-reply message with an Interface-Id option, the relay + agent relays the message to the client through the interface + identified by the option. + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 119] + +RFC 8415 DHCP for IPv6 November 2018 + + + The format of the Interface-Id option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_INTERFACE_ID | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . interface-id . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 32: Interface-Id Option Format + + option-code OPTION_INTERFACE_ID (18). + + option-len Length of interface-id field. + + interface-id An opaque value of arbitrary length generated + by the relay agent to identify one of the + relay agent's interfaces. The length, in + octets, is specified by option-len. + + The server MUST copy the Interface-Id option from the Relay-forward + message into the Relay-reply message the server sends to the relay + agent in response to the Relay-forward message. This option MUST NOT + appear in any message except a Relay-forward or Relay-reply message. + + Servers MAY use the interface-id field for parameter assignment + policies. The interface-id value SHOULD be considered an opaque + value, with policies based on exact match only; that is, the + interface-id field SHOULD NOT be internally parsed by the server. + The interface-id value for an interface SHOULD be stable and remain + unchanged -- for example, after the relay agent is restarted; if the + interface-id value changes, a server will not be able to use it + reliably in parameter assignment policies. + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 120] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.19. Reconfigure Message Option + + A server includes a Reconfigure Message option in a Reconfigure + message to indicate to the client whether the client responds with a + Renew message, a Rebind message, or an Information-request message. + The format of the Reconfigure Message option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_RECONF_MSG | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | msg-type | + +-+-+-+-+-+-+-+-+ + + Figure 33: Reconfigure Message Option Format + + option-code OPTION_RECONF_MSG (19). + + option-len 1. + + msg-type 5 for Renew message, 6 for Rebind message, + 11 for Information-request message. A + 1-octet unsigned integer. + + The Reconfigure Message option can only appear in a Reconfigure + message. + +21.20. Reconfigure Accept Option + + A client uses the Reconfigure Accept option to announce to the server + whether the client is willing to accept Reconfigure messages, and a + server uses this option to tell the client whether or not to accept + Reconfigure messages. In the absence of this option, the default + behavior is that the client is unwilling to accept Reconfigure + messages. The format of the Reconfigure Accept option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_RECONF_ACCEPT | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 34: Reconfigure Accept Option Format + + option-code OPTION_RECONF_ACCEPT (20). + + option-len 0. + + + +Mrugalski, et al. Standards Track [Page 121] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.21. Identity Association for Prefix Delegation Option + + The IA_PD option is used to carry a prefix delegation identity + association, the parameters associated with the IA_PD, and the + prefixes associated with it. The format of the IA_PD option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_IA_PD | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | IAID (4 octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | T1 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | T2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . + . IA_PD-options . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 35: Identity Association for Prefix Delegation Option Format + + option-code OPTION_IA_PD (25). + + option-len 12 + length of IA_PD-options field. + + IAID The unique identifier for this IA_PD; the + IAID must be unique among the identifiers for + all of this client's IA_PDs. The number + space for IA_PD IAIDs is separate from the + number space for other IA option types (i.e., + IA_NA and IA_TA). A 4-octet field containing + an unsigned integer. + + T1 The time interval after which the client + should contact the server from which the + prefixes in the IA_PD were obtained to extend + the lifetimes of the prefixes delegated to + the IA_PD; T1 is a time duration relative to + the message reception time expressed in units + of seconds. A 4-octet field containing an + unsigned integer. + + + + + + + +Mrugalski, et al. Standards Track [Page 122] + +RFC 8415 DHCP for IPv6 November 2018 + + + T2 The time interval after which the client + should contact any available server to extend + the lifetimes of the prefixes assigned to the + IA_PD; T2 is a time duration relative to the + message reception time expressed in units of + seconds. A 4-octet field containing an + unsigned integer. + + IA_PD-options Options associated with this IA_PD. A + variable-length field (12 octets less than + the value in the option-len field). + + The IA_PD-options field encapsulates those options that are specific + to this IA_PD. For example, all of the IA Prefix options (see + Section 21.22) carrying the prefixes associated with this IA_PD are + in the IA_PD-options field. + + An IA_PD option may only appear in the options area of a DHCP + message. A DHCP message may contain multiple IA_PD options (though + each must have a unique IAID). + + The status of any operations involving this IA_PD is indicated in a + Status Code option (see Section 21.13) in the IA_PD-options field. + + Note that an IA_PD has no explicit "lifetime" or "lease length" of + its own. When the valid lifetimes of all of the prefixes in an IA_PD + have expired, the IA_PD can be considered as having expired. T1 and + T2 fields are included to give the server explicit control over when + a client should contact the server about a specific IA_PD. + + In a message sent by a client to a server, the T1 and T2 fields + SHOULD be set to 0. The server MUST ignore any values in these + fields in messages received from a client. + + In a message sent by a server to a client, the client MUST use the + values in the T1 and T2 fields for the T1 and T2 timers, unless + values in those fields are 0. The values in the T1 and T2 fields are + the number of seconds until T1 and T2. + + The server selects the T1 and T2 times to allow the client to extend + the lifetimes of any prefixes in the IA_PD before the lifetimes + expire, even if the server is unavailable for some short period of + time. Recommended values for T1 and T2 are 0.5 and 0.8 times the + shortest preferred lifetime of the prefixes in the IA_PD that the + server is willing to extend, respectively. If the time at which the + prefixes in an IA_PD are to be renewed is to be left to the + discretion of the client, the server sets T1 and T2 to 0. The client + MUST follow the rules defined in Section 14.2. + + + +Mrugalski, et al. Standards Track [Page 123] + +RFC 8415 DHCP for IPv6 November 2018 + + + If a client receives an IA_PD with T1 greater than T2 and both T1 and + T2 are greater than 0, the client discards the IA_PD option and + processes the remainder of the message as though the server had not + included the IA_PD option. + +21.22. IA Prefix Option + + The IA Prefix option is used to specify a prefix associated with an + IA_PD. The IA Prefix option must be encapsulated in the + IA_PD-options field of an IA_PD option (see Section 21.21). + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_IAPREFIX | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | preferred-lifetime | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | valid-lifetime | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | prefix-length | | + +-+-+-+-+-+-+-+-+ IPv6-prefix | + | (16 octets) | + | | + | | + | | + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | . + +-+-+-+-+-+-+-+-+ . + . IAprefix-options . + . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 36: IA Prefix Option Format + + option-code OPTION_IAPREFIX (26). + + option-len 25 + length of IAprefix-options field. + + preferred-lifetime The preferred lifetime for the prefix in the + option, expressed in units of seconds. A + value of 0xffffffff represents "infinity" + (see Section 7.7). A 4-octet field + containing an unsigned integer. + + + + + + + +Mrugalski, et al. Standards Track [Page 124] + +RFC 8415 DHCP for IPv6 November 2018 + + + valid-lifetime The valid lifetime for the prefix in the + option, expressed in units of seconds. A + value of 0xffffffff represents "infinity". A + 4-octet field containing an unsigned integer. + + prefix-length Length for this prefix in bits. A 1-octet + unsigned integer. + + IPv6-prefix An IPv6 prefix. A 16-octet field. + + IAprefix-options Options associated with this prefix. A + variable-length field (25 octets less than + the value in the option-len field). + + In a message sent by a client to a server, the preferred-lifetime and + valid-lifetime fields SHOULD be set to 0. The server MUST ignore any + received values in these lifetime fields. + + The client SHOULD NOT send an IA Prefix option with 0 in the + "prefix-length" field (and an unspecified value (::) in the + "IPv6-prefix" field). A client MAY send a non-zero value in the + "prefix-length" field and the unspecified value (::) in the + "IPv6-prefix" field to indicate a preference for the size of the + prefix to be delegated. See [RFC8168] for further details on prefix- + length hints. + + The client MUST discard any prefixes for which the preferred lifetime + is greater than the valid lifetime. + + The values in the preferred-lifetime and valid-lifetime fields are + the number of seconds remaining in each lifetime. See + Section 18.2.10.1 for more details on how these values are used for + delegated prefixes. + + As per Section 7.7, the value of 0xffffffff for the preferred + lifetime or the valid lifetime is taken to mean "infinity" and should + be used carefully. + + An IA Prefix option may appear only in an IA_PD option. More than + one IA Prefix option can appear in a single IA_PD option. + + The status of any operations involving this IA Prefix option is + indicated in a Status Code option (see Section 21.13) in the + IAprefix-options field. + + + + + + + +Mrugalski, et al. Standards Track [Page 125] + +RFC 8415 DHCP for IPv6 November 2018 + + +21.23. Information Refresh Time Option + + This option is requested by clients and returned by servers to + specify an upper bound for how long a client should wait before + refreshing information retrieved from a DHCP server. It is only used + in Reply messages in response to Information-request messages. In + other messages, there will usually be other information that + indicates when the client should contact the server, e.g., T1/T2 + times and lifetimes. This option is useful when the configuration + parameters change or during a renumbering event, as clients running + in the stateless mode will be able to update their configuration. + + The format of the Information Refresh Time option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |OPTION_INFORMATION_REFRESH_TIME| option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | information-refresh-time | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 37: Information Refresh Time Option Format + + option-code OPTION_INFORMATION_REFRESH_TIME (32). + + option-len 4. + + information-refresh-time Time duration relative to the current + time, expressed in units of seconds. A + 4-octet field containing an unsigned + integer. + + A DHCP client MUST request this option in the Option Request option + (see Section 21.7) when sending Information-request messages. A + client MUST NOT request this option in the Option Request option in + any other messages. + + A server sending a Reply to an Information-request message SHOULD + include this option if it is requested in the Option Request option + of the Information-request. The option value MUST NOT be smaller + than IRT_MINIMUM. This option MUST only appear in the top-level + options area of Reply messages. + + If the Reply to an Information-request message does not contain this + option, the client MUST behave as if the option with the value + IRT_DEFAULT was provided. + + + + +Mrugalski, et al. Standards Track [Page 126] + +RFC 8415 DHCP for IPv6 November 2018 + + + A client MUST use the refresh time IRT_MINIMUM if it receives the + option with a value less than IRT_MINIMUM. + + As per Section 7.7, the value 0xffffffff is taken to mean "infinity" + and implies that the client should not refresh its configuration data + without some other trigger (such as detecting movement to a new + link). + + If a client contacts the server to obtain new data or refresh some + existing data before the refresh time expires, then it SHOULD also + refresh all data covered by this option. + + When the client detects that the refresh time has expired, it SHOULD + try to update its configuration data by sending an + Information-request as specified in Section 18.2.6, except that the + client MUST delay sending the first Information-request by a random + amount of time between 0 and INF_MAX_DELAY. + + A client MAY have a maximum value for the refresh time, where that + value is used whenever the client receives this option with a value + higher than the maximum. This also means that the maximum value is + used when the received value is "infinity". A maximum value might + make the client less vulnerable to attacks based on forged DHCP + messages. Without a maximum value, a client may be made to use wrong + information for a possibly infinite period of time. There may, + however, be reasons for having a very long refresh time, so it may be + useful for this maximum value to be configurable. + +21.24. SOL_MAX_RT Option + + A DHCP server sends the SOL_MAX_RT option to a client to override the + default value of SOL_MAX_RT. The value of SOL_MAX_RT in the option + replaces the default value defined in Section 7.6. One use for the + SOL_MAX_RT option is to set a higher value for SOL_MAX_RT; this + reduces the Solicit traffic from a client that has not received a + response to its Solicit messages. + + The format of the SOL_MAX_RT option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_SOL_MAX_RT | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | SOL_MAX_RT value | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 38: SOL_MAX_RT Option Format + + + +Mrugalski, et al. Standards Track [Page 127] + +RFC 8415 DHCP for IPv6 November 2018 + + + option-code OPTION_SOL_MAX_RT (82). + + option-len 4. + + SOL_MAX_RT value Overriding value for SOL_MAX_RT in seconds; + MUST be in this range: 60 <= "value" <= 86400 + (1 day). A 4-octet field containing an + unsigned integer. + + A DHCP client MUST include the SOL_MAX_RT option code in any Option + Request option (see Section 21.7) it sends in a Solicit message. + + The DHCP server MAY include the SOL_MAX_RT option in any response it + sends to a client that has included the SOL_MAX_RT option code in an + Option Request option. The SOL_MAX_RT option is sent as a top-level + option in the message to the client. + + A DHCP client MUST ignore any SOL_MAX_RT option values that are less + than 60 or more than 86400. + + If a DHCP client receives a message containing a SOL_MAX_RT option + that has a valid value for SOL_MAX_RT, the client MUST set its + internal SOL_MAX_RT parameter to the value contained in the + SOL_MAX_RT option. This value of SOL_MAX_RT is then used by the + retransmission mechanism defined in Sections 15 and 18.2.1. + + The purpose of this mechanism is to give network administrators a way + to avoid excessive DHCP traffic if all DHCP servers become + unavailable. Therefore, this value is expected to be retained for as + long as practically possible. + + An updated SOL_MAX_RT value applies only to the network interface on + which the client received the SOL_MAX_RT option. + +21.25. INF_MAX_RT Option + + A DHCP server sends the INF_MAX_RT option to a client to override the + default value of INF_MAX_RT. The value of INF_MAX_RT in the option + replaces the default value defined in Section 7.6. One use for the + INF_MAX_RT option is to set a higher value for INF_MAX_RT; this + reduces the Information-request traffic from a client that has not + received a response to its Information-request messages. + + + + + + + + + +Mrugalski, et al. Standards Track [Page 128] + +RFC 8415 DHCP for IPv6 November 2018 + + + The format of the INF_MAX_RT option is: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | OPTION_INF_MAX_RT | option-len | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | INF_MAX_RT value | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 39: INF_MAX_RT Option Format + + option-code OPTION_INF_MAX_RT (83). + + option-len 4. + + INF_MAX_RT value Overriding value for INF_MAX_RT in seconds; + MUST be in this range: 60 <= "value" <= 86400 + (1 day). A 4-octet field containing an + unsigned integer. + + A DHCP client MUST include the INF_MAX_RT option code in any Option + Request option (see Section 21.7) it sends in an Information-request + message. + + The DHCP server MAY include the INF_MAX_RT option in any response it + sends to a client that has included the INF_MAX_RT option code in an + Option Request option. The INF_MAX_RT option is a top-level option + in the message to the client. + + A DHCP client MUST ignore any INF_MAX_RT option values that are less + than 60 or more than 86400. + + If a DHCP client receives a message containing an INF_MAX_RT option + that has a valid value for INF_MAX_RT, the client MUST set its + internal INF_MAX_RT parameter to the value contained in the + INF_MAX_RT option. This value of INF_MAX_RT is then used by the + retransmission mechanism defined in Sections 15 and 18.2.6. + + An updated INF_MAX_RT value applies only to the network interface on + which the client received the INF_MAX_RT option. + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 129] + +RFC 8415 DHCP for IPv6 November 2018 + + +22. Security Considerations + + This section discusses security considerations that are not related + to privacy. See Section 23 for a discussion dedicated to privacy. + + The threat to DHCP is inherently an insider threat (assuming a + properly configured network where DHCP ports are blocked on the + perimeter gateways of the enterprise). Regardless of the gateway + configuration, however, the potential attacks by insiders and + outsiders are the same. + + DHCP lacks end-to-end encryption between clients and servers; thus, + hijacking, tampering, and eavesdropping attacks are all possible as a + result. Some network environments (discussed below) can be secured + through various means to minimize these attacks. + + One attack specific to a DHCP client is the establishment of a + malicious server with the intent of providing incorrect configuration + information to the client. The motivation for doing so may be to + mount a "man in the middle" attack that causes the client to + communicate with a malicious server instead of a valid server for + some service (such as DNS or NTP). The malicious server may also + mount a DoS attack through misconfiguration of the client; this + attack would cause all network communication from the client to fail. + + A malicious DHCP server might cause a client to set its SOL_MAX_RT + and INF_MAX_RT parameters to an unreasonably high value with the + SOL_MAX_RT (see Section 21.24) and INF_MAX_RT (see Section 21.25) + options; this may cause an undue delay in a client completing its + DHCP protocol transaction in the case where no other valid response + is received. Assuming that the client also receives a response from + a valid DHCP server, large values for SOL_MAX_RT and INF_MAX_RT will + not have any effect. + + A malicious server can also send a Server Unicast option (see + Section 21.12) to a client in an Advertise message, thus potentially + causing the client to bypass relays and communicate only with the + malicious server for subsequent Request and Renew messages. + + Another threat to DHCP clients originates from mistakenly or + accidentally configured DHCP servers that answer DHCP client requests + with unintentionally incorrect configuration parameters. + + A DHCP client may also be subject to attack through the receipt of a + Reconfigure message from a malicious server that causes the client to + obtain incorrect configuration information from that server. Note + that although a client sends its response (Renew, Rebind, or + Information-request message) through a relay agent and, therefore, + + + +Mrugalski, et al. Standards Track [Page 130] + +RFC 8415 DHCP for IPv6 November 2018 + + + that response will only be received by servers to which DHCP messages + are relayed, a malicious server could send a Reconfigure message to a + client, followed (after an appropriate delay) by a Reply message that + would be accepted by the client. Thus, a malicious server that is + not on the network path between the client and the server may still + be able to mount a Reconfigure attack on a client. The use of + transaction IDs that are cryptographically sound and cannot easily be + predicted will also reduce the probability that such an attack will + be successful. + + Because of the opportunity for attack through the Reconfigure + message, a DHCP client MUST discard any Reconfigure message that does + not include authentication or that does not pass the validation + process for the authentication protocol. + + RKAP, described in Section 20.4, provides protection against the use + of a Reconfigure message by a malicious DHCP server to mount a DoS or + man-in-the-middle attack on a client. This protocol can be + compromised by an attacker that can intercept the initial message in + which the DHCP server sends the key "in plain text" to the client. + + Many of these attacks by rogue servers can be mitigated by making use + of the mechanisms described in [RFC7610] and [RFC7513]. + + The threat specific to a DHCP server is an invalid client + masquerading as a valid client. The motivation for this may be for + theft of service, or to circumvent auditing for any number of + nefarious purposes. + + The threat common to both the client and the server is the "resource- + exhaustion" DoS attack. These attacks typically involve the + exhaustion of available assigned addresses or delegatable prefixes, + or the exhaustion of CPU or network bandwidth, and are present any + time there is a shared resource. Some forms of these exhaustion + attacks can be partially mitigated by appropriate server policy, + e.g., limiting the maximum number of leases any one client can get. + + The messages exchanged between relay agents and servers may be used + to mount a man-in-the-middle or DoS attack. Communication between a + server and a relay agent, and communication between relay agents, can + be authenticated and encrypted through the use of IPsec, as described + in [RFC8213]. + + + + + + + + + +Mrugalski, et al. Standards Track [Page 131] + +RFC 8415 DHCP for IPv6 November 2018 + + + However, the use of manually configured pre-shared keys for IPsec + between relay agents and servers does not defend against replayed + DHCP messages. Replayed messages can represent a DoS attack through + exhaustion of processing resources but not through misconfiguration + or exhaustion of other resources such as assignable addresses and + delegatable prefixes. + + Various network environments also offer levels of security if + deployed as described below. + + - In enterprise and factory networks, use of authentication per + [IEEE-802.1x] can prevent unknown or untrusted clients from + connecting to the network. However, this does not necessarily + assure that the connected client will be a good DHCP or network + actor. + + - For wired networks where clients typically are connected to a + switch port, snooping DHCP multicast (or unicast) traffic becomes + difficult, as the switches limit the traffic delivered to a port. + The client's DHCP multicast packets (with destination address + fe02::1:2) are only forwarded to the DHCP server's (or relay's) + switch port -- not all ports. Also, the server's (or relay's) + unicast replies are only delivered to the target client's port -- + not all ports. + + - In public networks (such as a Wi-Fi network in a coffee shop or + airport), it is possible for others within radio range to snoop + DHCP and other traffic. But in these environments, there is very + little if anything that can be learned from the DHCP traffic + itself (either from client to server or from server to client) if + the privacy considerations provided in Section 23 are followed. + Even for devices that do not follow the privacy considerations, + there is little that can be learned that would not be available + from subsequent communications anyway (such as the device's Media + Access Control (MAC) address). Also, because all clients will + typically receive similar configuration details, a bad actor that + initiates a DHCP request itself can learn much of such + information. As mentioned above, one threat is that the RKAP key + for a client can be learned (if the initial + Solicit/Advertise/Request/Reply exchange is monitored) and trigger + a premature reconfiguration, but this is relatively easily + prevented by disallowing direct client-to-client communication on + these networks or using [RFC7610] and [RFC7513]. + + + + + + + + +Mrugalski, et al. Standards Track [Page 132] + +RFC 8415 DHCP for IPv6 November 2018 + + +23. Privacy Considerations + + For an extended discussion about privacy considerations for the + client, see [RFC7824]: + + - In particular, its Section 3 discusses various identifiers that + could be misused to track the client. + + - Its Section 4 discusses existing mechanisms that may have an + impact on a client's privacy. + + - Finally, its Section 5 discusses potential attack vectors. + + For recommendations regarding how to address or mitigate those + issues, see [RFC7844]. + + This specification does not define any allocation strategies for + servers. Implementers are expected to develop their own algorithm + for the server to choose a resource out of the available pool. + Several possible allocation strategies are mentioned in Section 4.3 + of [RFC7824]. Please keep in mind that the list in [RFC7824] is not + exhaustive; there are certainly other possible strategies. Readers + are also encouraged to read [RFC7707] -- in particular, its + Section 4.1.2, which discusses the problems with certain allocation + strategies. + +24. IANA Considerations + + This document does not define any new DHCP name spaces or + definitions. + + The publication of this document does not change the assignment rules + for new values for message types, option codes, DUID types, or status + codes. + + The list of assigned values used in DHCPv6 is available at + . + + IANA has updated + to add a reference to this document for definitions previously + created by [RFC3315], [RFC3633], [RFC4242], and [RFC7083]. + + IANA has added two columns to the DHCPv6 "Option Codes" registry at + to indicate + which options are allowed to appear in a client's Option Request + option (see Section 21.7) and which options are singleton options + + + + + +Mrugalski, et al. Standards Track [Page 133] + +RFC 8415 DHCP for IPv6 November 2018 + + + (only allowed to appear once as a top-level or encapsulated option; + see Section 16 of [RFC7227]). Table 4 provides the data for the + options assigned by IANA at the time of writing this document. + + +---------+--------------------------+------------------+-----------+ + | Option | Option Name ("OPTION" | Client ORO (1) | Singleton | + | | prefix removed) | | Option | + +---------+--------------------------+------------------+-----------+ + | 1 | CLIENTID | No | Yes | + | 2 | SERVERID | No | Yes | + | 3 | IA_NA | No | No | + | 4 | IA_TA | No | No | + | 5 | IAADDR | No | No | + | 6 | ORO | No | Yes | + | 7 | PREFERENCE | No | Yes | + | 8 | ELAPSED_TIME | No | Yes | + | 9 | RELAY_MSG | No | Yes | + | 11 | AUTH | No | Yes | + | 12 | UNICAST | No | Yes | + | 13 | STATUS_CODE | No | Yes | + | 14 | RAPID_COMMIT | No | Yes | + | 15 | USER_CLASS | No | Yes | + | 16 | VENDOR_CLASS | No | No (2) | + | 17 | VENDOR_OPTS | Optional | No (2) | + | 18 | INTERFACE_ID | No | Yes | + | 19 | RECONF_MSG | No | Yes | + | 20 | RECONF_ACCEPT | No | Yes | + | 21 | SIP_SERVER_D | Yes | Yes | + | 22 | SIP_SERVER_A | Yes | Yes | + | 23 | DNS_SERVERS | Yes | Yes | + | 24 | DOMAIN_LIST | Yes | Yes | + | 25 | IA_PD | No | No | + | 26 | IAPREFIX | No | No | + | 27 | NIS_SERVERS | Yes | Yes | + | 28 | NISP_SERVERS | Yes | Yes | + | 29 | NIS_DOMAIN_NAME | Yes | Yes | + | 30 | NISP_DOMAIN_NAME | Yes | Yes | + | 31 | SNTP_SERVERS | Yes | Yes | + | 32 | INFORMATION_REFRESH_TIME | Required for | Yes | + | | | Information- | | + | | | request | | + | 33 | BCMCS_SERVER_D | Yes | Yes | + | 34 | BCMCS_SERVER_A | Yes | Yes | + | 36 | GEOCONF_CIVIC | Yes | Yes | + | 37 | REMOTE_ID | No | Yes | + | 38 | SUBSCRIBER_ID | No | Yes | + | 39 | CLIENT_FQDN | Yes | Yes | + | 40 | PANA_AGENT | Yes | Yes | + + + +Mrugalski, et al. Standards Track [Page 134] + +RFC 8415 DHCP for IPv6 November 2018 + + + | 41 | NEW_POSIX_TIMEZONE | Yes | Yes | + | 42 | NEW_TZDB_TIMEZONE | Yes | Yes | + | 43 | ERO | No | Yes | + | 44 | LQ_QUERY | No | Yes | + | 45 | CLIENT_DATA | No | Yes | + | 46 | CLT_TIME | No | Yes | + | 47 | LQ_RELAY_DATA | No | Yes | + | 48 | LQ_CLIENT_LINK | No | Yes | + | 49 | MIP6_HNIDF | Yes | Yes | + | 50 | MIP6_VDINF | Yes | Yes | + | 51 | V6_LOST | Yes | Yes | + | 52 | CAPWAP_AC_V6 | Yes | Yes | + | 53 | RELAY_ID | No | Yes | + | 54 | IPv6_Address-MoS | Yes | Yes | + | 55 | IPv6_FQDN-MoS | Yes | Yes | + | 56 | NTP_SERVER | Yes | Yes | + | 57 | V6_ACCESS_DOMAIN | Yes | Yes | + | 58 | SIP_UA_CS_LIST | Yes | Yes | + | 59 | OPT_BOOTFILE_URL | Yes | Yes | + | 60 | OPT_BOOTFILE_PARAM | Yes | Yes | + | 61 | CLIENT_ARCH_TYPE | No | Yes | + | 62 | NII | Yes | Yes | + | 63 | GEOLOCATION | Yes | Yes | + | 64 | AFTR_NAME | Yes | Yes | + | 65 | ERP_LOCAL_DOMAIN_NAME | Yes | Yes | + | 66 | RSOO | No | Yes | + | 67 | PD_EXCLUDE | Yes | Yes | + | 68 | VSS | No | Yes | + | 69 | MIP6_IDINF | Yes | Yes | + | 70 | MIP6_UDINF | Yes | Yes | + | 71 | MIP6_HNP | Yes | Yes | + | 72 | MIP6_HAA | Yes | Yes | + | 73 | MIP6_HAF | Yes | Yes | + | 74 | RDNSS_SELECTION | Yes | No | + | 75 | KRB_PRINCIPAL_NAME | Yes | Yes | + | 76 | KRB_REALM_NAME | Yes | Yes | + | 77 | KRB_DEFAULT_REALM_NAME | Yes | Yes | + | 78 | KRB_KDC | Yes | Yes | + | 79 | CLIENT_LINKLAYER_ADDR | No | Yes | + | 80 | LINK_ADDRESS | No | Yes | + | 81 | RADIUS | No | Yes | + | 82 | SOL_MAX_RT | Required for | Yes | + | | | Solicit | | + | 83 | INF_MAX_RT | Required for | Yes | + | | | Information- | | + | | | request | | + | 84 | ADDRSEL | Yes | Yes | + | 85 | ADDRSEL_TABLE | Yes | Yes | + + + +Mrugalski, et al. Standards Track [Page 135] + +RFC 8415 DHCP for IPv6 November 2018 + + + | 86 | V6_PCP_SERVER | Yes | No | + | 87 | DHCPV4_MSG | No | Yes | + | 88 | DHCP4_O_DHCP6_SERVER | Yes | Yes | + | 89 | S46_RULE | No | No (3) | + | 90 | S46_BR | No | No | + | 91 | S46_DMR | No | Yes | + | 92 | S46_V4V6BIND | No | Yes | + | 93 | S46_PORTPARAMS | No | Yes | + | 94 | S46_CONT_MAPE | Yes | No | + | 95 | S46_CONT_MAPT | Yes | Yes | + | 96 | S46_CONT_LW | Yes | Yes | + | 97 | 4RD | Yes | Yes | + | 98 | 4RD_MAP_RULE | Yes | Yes | + | 99 | 4RD_NON_MAP_RULE | Yes | Yes | + | 100 | LQ_BASE_TIME | No | Yes | + | 101 | LQ_START_TIME | No | Yes | + | 102 | LQ_END_TIME | No | Yes | + | 103 | DHCP Captive-Portal | Yes | Yes | + | 104 | MPL_PARAMETERS | Yes | No | + | 105 | ANI_ATT | No | Yes | + | 106 | ANI_NETWORK_NAME | No | Yes | + | 107 | ANI_AP_NAME | No | Yes | + | 108 | ANI_AP_BSSID | No | Yes | + | 109 | ANI_OPERATOR_ID | No | Yes | + | 110 | ANI_OPERATOR_REALM | No | Yes | + | 111 | S46_PRIORITY | Yes | Yes | + | 112 | MUD_URL_V6 | No | Yes | + | 113 | V6_PREFIX64 | Yes | No | + | 114 | F_BINDING_STATUS | No | Yes | + | 115 | F_CONNECT_FLAGS | No | Yes | + | 116 | F_DNS_REMOVAL_INFO | No | Yes | + | 117 | F_DNS_HOST_NAME | No | Yes | + | 118 | F_DNS_ZONE_NAME | No | Yes | + | 119 | F_DNS_FLAGS | No | Yes | + | 120 | F_EXPIRATION_TIME | No | Yes | + | 121 | F_MAX_UNACKED_BNDUPD | No | Yes | + | 122 | F_MCLT | No | Yes | + | 123 | F_PARTNER_LIFETIME | No | Yes | + | 124 | F_PARTNER_LIFETIME_SENT | No | Yes | + | 125 | F_PARTNER_DOWN_TIME | No | Yes | + | 126 | F_PARTNER_RAW_CLT_TIME | No | Yes | + | 127 | F_PROTOCOL_VERSION | No | Yes | + | 128 | F_KEEPALIVE_TIME | No | Yes | + | 129 | F_RECONFIGURE_DATA | No | Yes | + | 130 | F_RELATIONSHIP_NAME | No | Yes | + | 131 | F_SERVER_FLAGS | No | Yes | + | 132 | F_SERVER_STATE | No | Yes | + | 133 | F_START_TIME_OF_STATE | No | Yes | + + + +Mrugalski, et al. Standards Track [Page 136] + +RFC 8415 DHCP for IPv6 November 2018 + + + | 134 | F_STATE_EXPIRATION_TIME | No | Yes | + | 135 | RELAY_PORT | No | Yes | + | 143 | IPv6_Address-ANDSF | Yes | Yes | + +---------+--------------------------+------------------+-----------+ + + Table 4: Updated Options + + Notes for Table 4: + + (1) In the "Client ORO" column, a "Yes" for an option means that the + client includes this option code in the Option Request option + (see Section 21.7) if it desires that configuration information, + and a "No" means that the option MUST NOT be included (and + servers SHOULD silently ignore that option code if it appears in + a client's Option Request option). + + (2) For each Enterprise Number, there MUST only be a single + instance. + + (3) See [RFC7598] for details. + + IANA has corrected the range of possible status codes in the "Status + Codes" table at + by replacing 23-255 (as Unassigned) with 23-65535 (the codes are + 16-bit unsigned integers). + + IANA has updated the All_DHCP_Relay_Agents_and_Servers (ff02::1:2) + and All_DHCP_Servers (ff05::1:3) table entries in the "IPv6 Multicast + Address Space Registry" at to reference this document instead of + [RFC3315]. + + IANA has added an "Obsolete" annotation in the "DHCPv6 Delayed + Authentication" entry in the "Authentication Suboption (value 8) - + Protocol identifier values" registry at + and has + added an "Obsolete" annotation in the "Delayed Authentication" entry + in the "Protocol Name Space Values" registry at + . IANA has also + updated these pages to reference this document instead of [RFC3315]. + + IANA has added a reference to this document for the RDM value of 0 to + the "RDM Name Space Values" registry at + . + + + + + + + +Mrugalski, et al. Standards Track [Page 137] + +RFC 8415 DHCP for IPv6 November 2018 + + + IANA has updated the "Service Name and Transport Protocol Port Number + Registry" at as follows: + + 546/udp This document + 547/udp This document + 547/tcp [RFC5460] + 647/tcp [RFC8156] + +25. Obsoleted Mechanisms + + This specification is mostly a corrected and cleaned-up version of + the original specification -- [RFC3315] -- along with numerous + additions from later RFCs. However, there are a small number of + mechanisms that were not widely deployed, were underspecified, or had + other operational issues. Those mechanisms are now considered + deprecated. Legacy implementations MAY support them, but + implementations conformant to this document MUST NOT rely on them. + + The following mechanisms are now obsolete: + + Delayed authentication. This mechanism was underspecified and + presented a significant operational burden. As a result, after + 10 years its adoption was extremely limited at best. + + Lifetime hints sent by a client. Clients used to be allowed to send + lifetime values as hints. This mechanism was not widely + implemented, and there were known misimplementations that sent the + remaining lifetimes rather than total desired lifetimes. That in + turn was sometimes misunderstood by servers as a request for + ever-decreasing lease lifetimes, which caused issues when values + started approaching zero. Clients now SHOULD set lifetimes to 0 + in IA Address and IA Prefix options, and servers MUST ignore any + requested lifetime value. + + T1/T2 hints sent by a client. These had issues similar to those for + the lifetime hints. Clients now SHOULD set the T1/T2 values to 0 + in IA_NA and IA_PD options, and servers MUST ignore any T1/T2 + values supplied by a client. + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 138] + +RFC 8415 DHCP for IPv6 November 2018 + + +26. References + +26.1. Normative References + + [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, + DOI 10.17487/RFC0768, August 1980, + . + + [RFC1035] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, + November 1987, . + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing + Architecture", RFC 4291, DOI 10.17487/RFC4291, + February 2006, . + + [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, + "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, + DOI 10.17487/RFC4861, September 2007, + . + + [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless + Address Autoconfiguration", RFC 4862, + DOI 10.17487/RFC4862, September 2007, + . + + [RFC6221] Miles, D., Ed., Ooghe, S., Dec, W., Krishnan, S., and A. + Kavanagh, "Lightweight DHCPv6 Relay Agent", RFC 6221, + DOI 10.17487/RFC6221, May 2011, + . + + [RFC6355] Narten, T. and J. Johnson, "Definition of the UUID-Based + DHCPv6 Unique Identifier (DUID-UUID)", RFC 6355, + DOI 10.17487/RFC6355, August 2011, + . + + [RFC7227] Hankins, D., Mrugalski, T., Siodelski, M., Jiang, S., and + S. Krishnan, "Guidelines for Creating New DHCPv6 Options", + BCP 187, RFC 7227, DOI 10.17487/RFC7227, May 2014, + . + + + + + + +Mrugalski, et al. Standards Track [Page 139] + +RFC 8415 DHCP for IPv6 November 2018 + + + [RFC7283] Cui, Y., Sun, Q., and T. Lemon, "Handling Unknown DHCPv6 + Messages", RFC 7283, DOI 10.17487/RFC7283, July 2014, + . + + [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage + Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, + March 2017, . + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in + RFC 2119 Key Words", BCP 14, RFC 8174, + DOI 10.17487/RFC8174, May 2017, + . + + [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 + (IPv6) Specification", STD 86, RFC 8200, + DOI 10.17487/RFC8200, July 2017, + . + + [RFC8213] Volz, B. and Y. Pal, "Security of Messages Exchanged + between Servers and Relay Agents", RFC 8213, + DOI 10.17487/RFC8213, August 2017, + . + +26.2. Informative References + + [IANA-HARDWARE-TYPES] + IANA, "Hardware Types", + . + + [IANA-PEN] IANA, "Private Enterprise Numbers", + . + + [IANA-RESERVED-IID] + IANA, "Reserved IPv6 Interface Identifiers", + . + + [IEEE-802.1x] + IEEE, "IEEE Standard for Local and metropolitan area + networks--Port-Based Network Access Control", + IEEE 802.1X-2010, DOI 10.1109/IEEESTD.2010.5409813, + . + + [RFC826] Plummer, D., "An Ethernet Address Resolution Protocol: Or + Converting Network Protocol Addresses to 48.bit Ethernet + Address for Transmission on Ethernet Hardware", STD 37, + RFC 826, DOI 10.17487/RFC0826, November 1982, + . + + + +Mrugalski, et al. Standards Track [Page 140] + +RFC 8415 DHCP for IPv6 November 2018 + + + [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", + RFC 2131, DOI 10.17487/RFC2131, March 1997, + . + + [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor + Extensions", RFC 2132, DOI 10.17487/RFC2132, March 1997, + . + + [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet + Networks", RFC 2464, DOI 10.17487/RFC2464, December 1998, + . + + [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", + RFC 3162, DOI 10.17487/RFC3162, August 2001, + . + + [RFC3290] Bernet, Y., Blake, S., Grossman, D., and A. Smith, "An + Informal Management Model for Diffserv Routers", RFC 3290, + DOI 10.17487/RFC3290, May 2002, + . + + [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, + C., and M. Carney, "Dynamic Host Configuration Protocol + for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, + July 2003, . + + [RFC3629] Yergeau, F., "UTF-8, a transformation format of + ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, + November 2003, . + + [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic + Host Configuration Protocol (DHCP) version 6", RFC 3633, + DOI 10.17487/RFC3633, December 2003, + . + + [RFC3646] Droms, R., Ed., "DNS Configuration options for Dynamic + Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, + DOI 10.17487/RFC3646, December 2003, + . + + [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol + (DHCP) Service for IPv6", RFC 3736, DOI 10.17487/RFC3736, + April 2004, . + + [RFC3769] Miyakawa, S. and R. Droms, "Requirements for IPv6 Prefix + Delegation", RFC 3769, DOI 10.17487/RFC3769, June 2004, + . + + + + +Mrugalski, et al. Standards Track [Page 141] + +RFC 8415 DHCP for IPv6 November 2018 + + + [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast + Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005, + . + + [RFC4242] Venaas, S., Chown, T., and B. Volz, "Information Refresh + Time Option for Dynamic Host Configuration Protocol for + IPv6 (DHCPv6)", RFC 4242, DOI 10.17487/RFC4242, + November 2005, . + + [RFC4477] Chown, T., Venaas, S., and C. Strauf, "Dynamic Host + Configuration Protocol (DHCP): IPv4 and IPv6 Dual-Stack + Issues", RFC 4477, DOI 10.17487/RFC4477, May 2006, + . + + [RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for + IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) + Option", RFC 4704, DOI 10.17487/RFC4704, October 2006, + . + + [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy + Extensions for Stateless Address Autoconfiguration in + IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, + . + + [RFC4943] Roy, S., Durand, A., and J. Paugh, "IPv6 Neighbor + Discovery On-Link Assumption Considered Harmful", + RFC 4943, DOI 10.17487/RFC4943, September 2007, + . + + [RFC4994] Zeng, S., Volz, B., Kinnear, K., and J. Brzozowski, + "DHCPv6 Relay Agent Echo Request Option", RFC 4994, + DOI 10.17487/RFC4994, September 2007, + . + + [RFC5007] Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng, + "DHCPv6 Leasequery", RFC 5007, DOI 10.17487/RFC5007, + September 2007, . + + [RFC5453] Krishnan, S., "Reserved IPv6 Interface Identifiers", + RFC 5453, DOI 10.17487/RFC5453, February 2009, + . + + [RFC5460] Stapp, M., "DHCPv6 Bulk Leasequery", RFC 5460, + DOI 10.17487/RFC5460, February 2009, + . + + + + + + +Mrugalski, et al. Standards Track [Page 142] + +RFC 8415 DHCP for IPv6 November 2018 + + + [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, + "Network Time Protocol Version 4: Protocol and Algorithms + Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, + . + + [RFC5908] Gayraud, R. and B. Lourdelet, "Network Time Protocol (NTP) + Server Option for DHCPv6", RFC 5908, DOI 10.17487/RFC5908, + June 2010, . + + [RFC6422] Lemon, T. and Q. Wu, "Relay-Supplied DHCP Options", + RFC 6422, DOI 10.17487/RFC6422, December 2011, + . + + [RFC6603] Korhonen, J., Ed., Savolainen, T., Krishnan, S., and O. + Troan, "Prefix Exclude Option for DHCPv6-based Prefix + Delegation", RFC 6603, DOI 10.17487/RFC6603, May 2012, + . + + [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, + "Default Address Selection for Internet Protocol Version 6 + (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, + . + + [RFC6879] Jiang, S., Liu, B., and B. Carpenter, "IPv6 Enterprise + Network Renumbering Scenarios, Considerations, and + Methods", RFC 6879, DOI 10.17487/RFC6879, February 2013, + . + + [RFC6939] Halwasia, G., Bhandari, S., and W. Dec, "Client Link-Layer + Address Option in DHCPv6", RFC 6939, DOI 10.17487/RFC6939, + May 2013, . + + [RFC7083] Droms, R., "Modification to Default Values of SOL_MAX_RT + and INF_MAX_RT", RFC 7083, DOI 10.17487/RFC7083, + November 2013, . + + [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic + Requirements for IPv6 Customer Edge Routers", RFC 7084, + DOI 10.17487/RFC7084, November 2013, + . + + [RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6 + Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136, + February 2014, . + + + + + + + +Mrugalski, et al. Standards Track [Page 143] + +RFC 8415 DHCP for IPv6 November 2018 + + + [RFC7341] Sun, Q., Cui, Y., Siodelski, M., Krishnan, S., and I. + Farrer, "DHCPv4-over-DHCPv6 (DHCP 4o6) Transport", + RFC 7341, DOI 10.17487/RFC7341, August 2014, + . + + [RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J. + Weil, "IPv6 Home Networking Architecture Principles", + RFC 7368, DOI 10.17487/RFC7368, October 2014, + . + + [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address + Validation Improvement (SAVI) Solution for DHCP", + RFC 7513, DOI 10.17487/RFC7513, May 2015, + . + + [RFC7550] Troan, O., Volz, B., and M. Siodelski, "Issues and + Recommendations with Multiple Stateful DHCPv6 Options", + RFC 7550, DOI 10.17487/RFC7550, May 2015, + . + + [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, + W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for + Configuration of Softwire Address and Port-Mapped + Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, + . + + [RFC7610] Gont, F., Liu, W., and G. Van de Velde, "DHCPv6-Shield: + Protecting against Rogue DHCPv6 Servers", BCP 199, + RFC 7610, DOI 10.17487/RFC7610, August 2015, + . + + [RFC7707] Gont, F. and T. Chown, "Network Reconnaissance in IPv6 + Networks", RFC 7707, DOI 10.17487/RFC7707, March 2016, + . + + [RFC7721] Cooper, A., Gont, F., and D. Thaler, "Security and Privacy + Considerations for IPv6 Address Generation Mechanisms", + RFC 7721, DOI 10.17487/RFC7721, March 2016, + . + + [RFC7824] Krishnan, S., Mrugalski, T., and S. Jiang, "Privacy + Considerations for DHCPv6", RFC 7824, + DOI 10.17487/RFC7824, May 2016, + . + + + + + + + +Mrugalski, et al. Standards Track [Page 144] + +RFC 8415 DHCP for IPv6 November 2018 + + + [RFC7844] Huitema, C., Mrugalski, T., and S. Krishnan, "Anonymity + Profiles for DHCP Clients", RFC 7844, + DOI 10.17487/RFC7844, May 2016, + . + + [RFC7969] Lemon, T. and T. Mrugalski, "Customizing DHCP + Configuration on the Basis of Network Topology", RFC 7969, + DOI 10.17487/RFC7969, October 2016, + . + + [RFC8156] Mrugalski, T. and K. Kinnear, "DHCPv6 Failover Protocol", + RFC 8156, DOI 10.17487/RFC8156, June 2017, + . + + [RFC8168] Li, T., Liu, C., and Y. Cui, "DHCPv6 Prefix-Length Hint + Issues", RFC 8168, DOI 10.17487/RFC8168, May 2017, + . + + [TR-187] Broadband Forum, "TR-187 - IPv6 for PPP Broadband Access", + February 2013, . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 145] + +RFC 8415 DHCP for IPv6 November 2018 + + +Appendix A. Summary of Changes + + This appendix provides a summary of the significant changes made to + this updated DHCPv6 specification. + + 1. The Introduction (Section 1) was reorganized and updated. In + particular, the client/server message exchanges were moved into + a new (and expanded) section on their own (see Section 5). + + 2. New sections were added to discuss the relationship to previous + DHCPv6 documents and also to DHCPv4. + + 3. Sections 2 ("Requirements") and 3 ("Background") had very minor + edits. + + 4. Section 4 ("Terminology") had minor edits. + + 5. Section 4.2 ("DHCP Terminology") was expanded to incorporate + definitions from RFC 3633, add T1/T2 definitions, add + definitions useful in describing combined address assignment and + prefix delegation operations, and improve some existing + definitions. + + 6. Section 5 ("Client/Server Exchanges") was added from material + previously in Section 1 of RFC 3315 ("Introduction and + Overview") and was expanded. + + 7. Section 6 ("Operational Models") is new. It provides + information on the kinds of DHCP clients and how they operate. + + 8. Section 7 ("DHCP Constants") was primarily updated to add + constants from RFC 4242 and RFC 7083. Note that the default + HOP_COUNT_LIMIT value was reduced from 32 to 8. + + 9. Sections 8 ("Client/Server Message Formats"), 9 ("Relay Agent/ + Server Message Formats"), and 10 ("Representation and Use of + Domain Names") had only very minor changes. + + 10. Section 11 ("DHCP Unique Identifier (DUID)") now discourages, + rather than disallows, a server to parse the DUID; now includes + some information on the DUID-UUID (RFC 6355); and had other + minor edits. + + 11. Section 12 ("Identity Association") was expanded to better + explain the concept and to also include prefix delegation. + + + + + + +Mrugalski, et al. Standards Track [Page 146] + +RFC 8415 DHCP for IPv6 November 2018 + + + 12. Section 13 ("Assignment to an IA") incorporates material from + two sections (11 and 12) of RFC 3315 and also includes a section + on prefix delegation. + + 13. Section 14 ("Transmission of Messages by a Client") was expanded + to include rate limiting by clients and how clients should + handle T1 or T2 values of 0. + + 14. Section 15 ("Reliability of Client-Initiated Message Exchanges") + was expanded to clarify that the Elapsed Time option must be + updated in retransmitted messages and that a client is not + required to listen for DHCP traffic for the entire + retransmission period. + + 15. Section 16 ("Message Validation") had minor edits. + + 16. Section 17 ("Client Source Address and Interface Selection") was + expanded to include prefix delegation. + + 17. Section 18 ("DHCP Configuration Exchanges") consolidates what + used to be in the following sections in RFC 3315: "DHCP Server + Solicitation" (Section 17), "DHCP Client-Initiated Configuration + Exchange" (Section 18), and "DHCP Server-Initiated Configuration + Exchange" (Section 19). This material was reorganized and + enhanced, and it incorporates prefix delegation from RFC 3633 + and other changes from RFC 4242, RFC 7083, and RFC 7550. A few + changes of note: + + A. The Option Request option is no longer optional for some + messages (Solicit and Information-request), as RFC 7083 + requires clients to request SOL_MAX_RT or INF_MAX_RT + options. + + B. The Reconfigure message should no longer contain + IA_NA/IA_PD, ORO, or other options to indicate to the client + what was reconfigured. The client should request everything + it needs in the response to the Reconfigure. + + C. The lifetime and T1/T2 hints should not be sent by a client + (it should send values of 0 in these fields), and any + non-zero values should be ignored by the server. + + D. Clarified that a server may return different addresses in + the Reply than requested by a client in the Request message. + Also clarified that a server must not include addresses that + it will not assign. + + + + + +Mrugalski, et al. Standards Track [Page 147] + +RFC 8415 DHCP for IPv6 November 2018 + + + Also, Section 18.2.12 ("Refreshing Configuration Information") + was added to indicate use cases for when a client should try to + refresh network information. + + 18. Section 19 ("Relay Agent Behavior") incorporates RFC 7283 and + had minor edits. A new section, "Interaction between Relay + Agents and Servers" (Section 19.4), was added. + + 19. Section 20 ("Authentication of DHCP Messages") includes + significant changes: IPsec materials were mostly removed and + replaced with a reference to RFC 8213, and the delayed + authentication protocol has been obsoleted (see Section 25). + Note that RKAP is still considered current. + + 20. Section 21 ("DHCP Options") was expanded to incorporate + OPTION_IA_PD and OPTION_IAPREFIX from RFC 3633, the Information + Refresh Time option (OPTION_INFORMATION_REFRESH_TIME) from + RFC 4242, and the SOL_MAX_RT and INF_MAX_RT options from + RFC 7083. Some additional edits were made to clarify option + handling, such as which options should not be in an Option + Request option. + + 21. The security considerations (Section 22) were updated to expand + the discussion of security threats and include material from the + incorporated documents, primarily RFC 3633. + + 22. New privacy considerations were added (Section 23) to account + for privacy issues. + + 23. Section 24 ("IANA Considerations") was rewritten to reflect the + changes requested for this document, as other documents have + already made the message, option, DUID, and status code + assignments and this document does not add any new assignments. + + 24. Section 25 ("Obsoleted Mechanisms") is a new section that + documents the mechanisms obsoleted by this specification. + + 25. Appendices B ("Appearance of Options in Message Types") and C + ("Appearance of Options in the "options" Field of DHCP Options") + were updated to reflect the incorporated options from RFC 3633, + RFC 4242, and RFC 7083. + + 26. Where appropriate, informative references have been added to + provide further background and guidance throughout the document + (as can be noted by the vast increase in references). + + + + + + +Mrugalski, et al. Standards Track [Page 148] + +RFC 8415 DHCP for IPv6 November 2018 + + + 27. Changes were made to incorporate the following errata for + RFC 3315: Erratum IDs 294, 295, 1373, 1815, 2471, 2472, 2509, + 2928, 3577, 5450; RFC 3633: Erratum IDs 248, 2468, 2469, 2470, + 3736; and RFC 3736: Erratum ID 3796. Note that Erratum ID 1880 + for RFC 3633 no longer applies, as servers (delegating routers) + ignore received T1/T2 hints (see (C) in item 17 above). + + 28. General changes to other IPv6 specifications, such as removing + the use of site-local unicast addresses and adding unique local + addresses, were made to the document. + + 29. It should be noted that this document does not refer to all + DHCPv6 functionality and specifications. Readers of this + specification should visit and to + learn of the RFCs that define DHCPv6 messages, options, + status codes, and more. + +Appendix B. Appearance of Options in Message Types + + The following tables indicate with a "*" the options that are allowed + in each DHCP message type. + + These tables are informational. If they conflict with text earlier + in this document, that text should be considered authoritative. + + Client Server IA_NA/ Elap. Relay Server + ID ID IA_TA IA_PD ORO Pref Time Msg. Auth. Unicast + Solicit * * * * * + Advert. * * * * * + Request * * * * * * + Confirm * * * + Renew * * * * * * + Rebind * * * * * + Decline * * * * * + Release * * * * * + Reply * * * * * * + Reconf. * * * + Inform. * (see note) * * + R-forw. * + R-repl. * + + NOTE: The Server Identifier option (see Section 21.3) is only + included in Information-request messages that are sent in response to + a Reconfigure (see Section 18.2.6). + + + + + + +Mrugalski, et al. Standards Track [Page 149] + +RFC 8415 DHCP for IPv6 November 2018 + + + Info + Status Rap. User Vendor Vendor Inter. Recon. Recon. Refresh + Code Comm. Class Class Spec. ID Msg. Accept Time + Solicit * * * * * + Advert. * * * * * + Request * * * * + Confirm * * * + Renew * * * * + Rebind * * * * + Decline * * * + Release * * * + Reply * * * * * * * + Reconf. * + Inform. * * * * + R-forw. * * + R-repl. * * + + SOL_MAX_RT INF_MAX_RT + Solicit + Advert. * + Request + Confirm + Renew + Rebind + Decline + Release + Reply * * + Reconf. + Inform. + R-forw. + R-repl. + + + + + + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 150] + +RFC 8415 DHCP for IPv6 November 2018 + + +Appendix C. Appearance of Options in the "options" Field of DHCP + Options + + The following table indicates with a "*" where options defined in + this document can appear as top-level options or can be encapsulated + in other options defined in this document. Other RFCs may define + additional situations where options defined in this document are + encapsulated in other options. + + This table is informational. If it conflicts with text earlier in + this document, that text should be considered authoritative. + + Top- IA_NA/ RELAY- RELAY- + Level IA_TA IAADDR IA_PD IAPREFIX FORW REPL + Client ID * + Server ID * + IA_NA/IA_TA * + IAADDR * + IA_PD * + IAPREFIX * + ORO * + Preference * + Elapsed Time * + Relay Message * * + Authentic. * + Server Uni. * + Status Code * * * + Rapid Comm. * + User Class * + Vendor Class * + Vendor Info. * * * + Interf. ID * * + Reconf. MSG. * + Reconf. Accept * + Info Refresh Time * + SOL_MAX_RT * + INF_MAX_RT * + + Notes: Options asterisked in the "Top-Level" column appear in the + "options" field of client messages (see Section 8). Options + asterisked in the "RELAY-FORW" and "RELAY-REPL" columns appear in the + "options" field of the Relay-forward and Relay-reply messages (see + Section 9). + + + + + + + + +Mrugalski, et al. Standards Track [Page 151] + +RFC 8415 DHCP for IPv6 November 2018 + + +Acknowledgments + + This document is merely a refinement of earlier work by the authors + of the following documents and would not be possible without their + original work: + + - RFC 3315 (Ralph Droms, Jim Bound, Bernie Volz, Ted Lemon, Charles + Perkins, and Mike Carney) + + - RFC 3633 (Ole Troan and Ralph Droms) + + - RFC 3736 (Ralph Droms) + + - RFC 4242 (Stig Venaas, Tim Chown, and Bernie Volz) + + - RFC 7083 (Ralph Droms) + + - RFC 7283 (Yong Cui, Qi Sun, and Ted Lemon) + + - RFC 7550 (Ole Troan, Bernie Volz, and Marcin Siodelski) + + A number of additional people have contributed to identifying issues + with RFC 3315 and RFC 3633 and proposed resolutions to these issues + as reflected in this document (listed here in no particular order): + Ole Troan, Robert Marks, Leaf Yeh, Michelle Cotton, Pablo Armando, + John Brzozowski, Suresh Krishnan, Hideshi Enokihara, Alexandru + Petrescu, Yukiyo Akisada, Tatuya Jinmei, Fred Templin, and Christian + Huitema. + + We also thank the following, not otherwise acknowledged and in no + particular order, for their review comments: Jeremy Reed, Francis + Dupont, Lorenzo Colitti, Tianxiang Li, Ian Farrer, Yogendra Pal, Kim + Kinnear, Shawn Routhier, Michayla Newcombe, Alissa Cooper, Allison + Mankin, Adam Roach, Kyle Rose, Elwyn Davies, Eric Rescorla, Ben + Campbell, Warren Kumari, and Kathleen Moriarty. + + Also, special thanks to Ralph Droms for answering many questions + related to the original RFC 3315 and RFC 3633 work and for + shepherding this document through the IETF process. + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 152] + +RFC 8415 DHCP for IPv6 November 2018 + + +Authors' Addresses + + Tomek Mrugalski + Internet Systems Consortium, Inc. + 950 Charter Street + Redwood City, CA 94063 + United States of America + + Email: tomasz.mrugalski@gmail.com + + + Marcin Siodelski + Internet Systems Consortium, Inc. + 950 Charter Street + Redwood City, CA 94063 + United States of America + + Email: msiodelski@gmail.com + + + Bernie Volz + Cisco Systems, Inc. + 1414 Massachusetts Ave. + Boxborough, MA 01719 + United States of America + + Email: volz@cisco.com + + + Andrew Yourtchenko + Cisco Systems, Inc. + De kleetlaan 6a + Diegem BRABANT 1831 + Belgium + + Email: ayourtch@cisco.com + + + Michael C. Richardson + Sandelman Software Works + 470 Dawson Avenue + Ottawa, ON K1Z 5V7 + Canada + + Email: mcr+ietf@sandelman.ca + URI: http://www.sandelman.ca/ + + + + + +Mrugalski, et al. Standards Track [Page 153] + +RFC 8415 DHCP for IPv6 November 2018 + + + Sheng Jiang + Huawei Technologies Co., Ltd + Q14, Huawei Campus, No. 156 Beiqing Road + Hai-Dian District, Beijing 100095 + China + + Email: jiangsheng@huawei.com + + + Ted Lemon + Nibbhaya Consulting + P.O. Box 958 + Brattleboro, VT 05301-0958 + United States of America + + Email: mellon@fugue.com + + + Timothy Winters + University of New Hampshire, Interoperability Lab (UNH-IOL) + Durham, NH + United States of America + + Email: twinters@iol.unh.edu + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mrugalski, et al. Standards Track [Page 154] +