RFC 3456:Dynamic Host Configuration Protocol (DHCP...
RFC-Ref

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W

DHCP

Click on the red underlined text to get to the source

1. Introduction
... security gateway. In IPv4, Dynamic Host Configuration Protocol (DHCP) [3] provides for such remote host ...
... This document uses the following terms: DHCP client A DHCP client or "client ...
... DHCP client A DHCP client or "client" is an Internet host ...
... client" is an Internet host using DHCP to obtain configuration parameters such as a network ...
... address. DHCP server A DHCP server or "server" is an Internet ...
... DHCP server A DHCP server or "server" is an Internet host that returns ...
... host that returns configuration parameters to DHCP clients. ...


2. IPsec tunnel mode configuration requirements
... DHCP configuration evaluation ...
... Leveraging DHCP for configuration of IPsec tunnel mode meets the basic requirements ...
... Reconfiguration DHCP supports the concept of configuration leases, and there is a proposal for handling forced reconfiguration [14]. ...
... addressing state is kept on the DHCP server, not within the IKE implementation. As a result, the loss of a tunnel ...


3. Scenario overview
... host | |--------|gateway/| | ! presence ! || |<================>| DHCP |----| !~~~~~~~~~~! |+-------+ |--------| Relay | | +------------------+ ^ +--------+ | +--------+ ...
... b. The remote host establishes a DHCP SA with the IPsec tunnel mode ...
... IPsec tunnel mode server in a quick mode exchange. The DHCP SA is an IPsec tunnel mode SA ...
... security gateway and the remote host. The DHCP SA MUST only be used for DHCP ...
... DHCP SA MUST only be used for DHCP traffic. The details of how this SA is set up are ...
... described in Section 4.1. c. DHCP messages are sent back and forth between the remote host and the DHCPv4 server ...
... traffic is protected between the remote host and the security gateway using the DHCP SA established in step b. After the DHCP ...
... DHCP SA established in step b. After the DHCP conversation completes, the remote host's intranet ...
... d. The remote host MAY request deletion of the DHCP SA since future DHCP messages ...
... DHCP SA since future DHCP messages will be carried over a new IPsec tunnel. ...


4. Detailed description
... This section provides details relating to the messages exchanged during the setup and teardown of the DHCP SAs. ...
... Optional parameters field. Table 1: Description of fields in the DHCP message The htype value is set to the value 31, signifying a virtual IPsec tunnel mode ...
... The htype value is set to the value 31, signifying a virtual IPsec tunnel mode interface, in order to enable the DHCP server to differentiate VPN from non-VPN ...
... DHCPv4 exchange. In addition, the chaddr SHOULD be persistent between reboots so that the DHCP server will be able to re-assign the same address if desired. ...
... security gateway. A phase 2 (quick mode) DHCP SA tunnel mode SA is then established. The key ...
... tunnel mode SA is then established. The key lifetime for the DHCP SA SHOULD be on the order of minutes since it will only be temporary. The remote host ...
... UDP/port 67. The DHCP SA is established as a tunnel mode SA with filters ...
... client that has previously obtained a configuration lease, and is attempting to renew it. In the latter case, the DHCP SA will initially be used to send a DHCPREQUEST rather ...
... DHCP Relay behavior ...
... addresses on the client's behalf. While acting as a DHCP Relay, the security gateway MAY implement DHCP Relay load balancing ...
... client's behalf. While acting as a DHCP Relay, the security gateway MAY implement DHCP Relay load balancing as described in [19]. ...
... 19]. Since DHCP Relays are stateless, the security gateway SHOULD insert ...
... stateless, the security gateway SHOULD insert appropriate information in the DHCP message prior to forwarding to one or more DHCP servers. This enables the security gateway ...
... appropriate information in the DHCP message prior to forwarding to one or more DHCP servers. This enables the security gateway to route ...
... interface address in the giaddr field. Alternatively, the security gateway can utilize the DHCP Relay Agent Information Option [17]. In this case, the virtual port number ...
... DHCPACK and plumb a corresponding route as part of DHCP Relay processing. Where allocating a separate subnet ...
... subnet for each tunnel is not feasible, and the DHCP server does not support the Relay Agent Information Option, stateless Relay Agent behavior ...
... and tunnel in order to route the DHCP server response to the appropriate tunnel endpoint. Note that this is particularly ...
... DHCPREQUEST message, which is tunneled to security gateway using the DHCP SA. ...
... DHCPACK or DHCPNAK message, which is forwarded down the DHCP SA by the security gateway. The ...
... security gateway. The remote host may now delete the DHCP tunnel mode SA. All future DHCP messages ...
... DHCP tunnel mode SA. All future DHCP messages sent by the client, including DHCPREQUEST ...
... messages will use the newly established VPN SA. Similarly, all DHCP messages subsequently sent by the DHCPv4 server will be forwarded by the security gateway ...
... DHCPv4 server will be forwarded by the security gateway (acting as a DHCP Relay) using the IPsec tunnel mode SA, including DHCPOFFER ...
... client- identifier option; the DHCP Relay Agent Information option [17]; the vendor ...


5. Security Considerations
... This protocol is secured using IPsec, and as a result the DHCP packets flowing between the remote host and the security gateway are ...
... However, since the security gateway acts as a DHCP Relay, no protection is afforded the DHCP packets in the portion of the path ...
... security gateway acts as a DHCP Relay, no protection is afforded the DHCP packets in the portion of the path between the security gateway and the DHCP server ...
... DHCP packets in the portion of the path between the security gateway and the DHCP server, unless DHCP authentication is used. ...
... between the security gateway and the DHCP server, unless DHCP authentication is used. Note that authenticated ...
... Note that authenticated DHCP cannot be used as an access control mechanism. This is because a remote host can always set its own IP address ...
... remote host can always set its own IP address and thus evade any security measures based on DHCP authentication. As a result, the assigned address ...
... As described in [17], a number of issues arise when forwarding DHCP client requests from untrusted sources. These include DHCP exhaustion attacks ...
... As described in [17], a number of issues arise when forwarding DHCP client requests from untrusted sources. These include DHCP exhaustion attacks, and spoofing ...
... client MAC address. These issues can be partially addressed through use of the DHCP Relay Information Option [17]. ...


6. IANA Considerations
... This document requires that an htype value be allocated for use with IPsec tunnel mode, as described in section 4.1. Note that DHCP relies on the arp-parameters registry for definition of both the hrd parameter ...
... hrd parameter in ARP and the htype parameter in BOOTP/DHCP. As a result, an assignment in the arp-parameters registry is required, even though ...
... registry is required, even though IPsec-DHCP will never use that parameter for ARP purposes, since conceptually BOOTP ...
... ARP purposes, since conceptually BOOTP/DHCP and ARP share the arp-parameters registry. ...


8. References
... Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132draft ...
... Droms, R. and W. Arbaugh, "Authentication for DHCP Messages", RFC 3118prop, June 2001. ...
... Droms, R., Kinnear, K., Stapp, M., Volz, B., Gonczi, S., Rabil, G., Dooley, M. and A. Kapur, "DHCP Failover Protocol", Work in Progress. ...
... T'Joens, Y., Hublet, C. and P. De Schrijver, "DHCP reconfigure extension", RFC 3203, December 2001. ...
... Waters, G., "The IPv4 Subnet Selection Option for DHCP", RFC 3011prop, November 2000. ...
... Stump, G., Droms, R., Gu, Y., Vyaghrapuri, R., Demirtjis, A., Beser, B. and J. Privat, "The User Class Option for DHCP", RFC 3004prop, November 2000. ...
... Patrick, M., "DHCP Relay Agent Information Option", RFC 3046prop, January 2001. ...
... Droms, R., and Lemon, T., The DHCP Handbook, Macmillan, Indianapolis, Indiana, 1999. ...
... Lemon, T., Cheshire, S. and B. Volz, "The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP)", RFC 3442prop, December 2002. ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org