Dynamic Host Configuration Protocol
DHCPv4,竟然是1997年发表的,然后没有再更新过了。
DHCP采用CS模式,主要是做两件事,配置主机相关的参数,给主机分配网络地址。
- 2.1 Configuration parameters repository
- 2.2 Dynamic allocation of network addresses
网络地址分配有三种机制:
- 自动分配:给主机分配永久IP
- 动态分配:给主机分配一个具有有效期的IP
- 手动分配:给主机分配网络管理员指定的IP
DHCP原是基于BOOTP的(继承了若干消息格式),但是有BOOTP不具有的动态分配以及主机参数配置。
DHCP支持额外的选项,其中client identifier可以让client自明身份。
DHCP设计的时候考虑了多个DHCP Server存在的情况。 下面的流程图中的DHCPDISCOVER, DHCPOFFER, DHCPREQUEST三条消息都是广播的。
Server Client Server
(not selected) (selected)
v v v
| | |
| Begins initialization |
| | |
| _____________/|\____________ |
|/DHCPDISCOVER | DHCPDISCOVER \|
| | |
Determines | Determines
configuration | configuration
| | |
|\ | ____________/ |
| \________ | /DHCPOFFER |
| DHCPOFFER\ |/ |
| \ | |
| Collects replies |
| \| |
| Selects configuration |
| | |
| _____________/|\____________ |
|/ DHCPREQUEST | DHCPREQUEST\ |
| | |
| | Commits configuration
| | |
| | _____________/|
| |/ DHCPACK |
| | |
| Initialization complete |
| | |
. . .
. . .
| | |
| Graceful shutdown |
| | |
| |\ ____________ |
| | DHCPRELEASE \|
| | |
| | Discards lease
| | |
v v v
Figure 3: Timeline diagram of messages exchanged between DHCP
client and servers when allocating a new network address
The Dynamic Host Configuration Protocol (DHCP) Client Fully Qualified Domain Name (FQDN) Option
让DHCP Client请求地址的时候顺便更新DNS的IP到FQDN的绑定。
参考:
- Why use FQDN as DNS-server option in DHCP?
- Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters
Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
DHCPv6可以用来
- 配置参数(是否关联到与IP分配流程是可选的)
- IP地址
- IP前缀
DHCPv6可以替代或者协同IPv6的stateless address autoconfiguration (SLAAC)。
statless意味着DHCP服务端对请求不需要保存任何状态。
“1.2. Relationship to DHCPv4"解释说DHCPv4和v6是两个独立的协议,DHCPv6并不向前兼容DHCPv4。
6. Operational Models
v6的操作模式明显比v4多多了。
6.1. Stateless DHCP
只包含Information-request以及Reply两条消息。
21. DHCP Options
此章列举DHCPv6支持的选项。也可以参考Dynamic Host Configuration Protocol for IPv6 (DHCPv6)。
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) Option
DNS保存的是从Fully Qualified Domain Name到IPv6地址的映射。这些信息是保存再两种资源记录类型中的:AAA以及PTR,前者保存FQDN,后者保存IP地址。
此RFC提供一种机制,让主机(DHCPv6客户端)在IP地址以外获取一些额外的信息。这个机制是通过FQDN附加项提供的。
还是为了更新DNS服务,而不是让客户端根据FDQN去获取IP地址。
Neighbor Discovery for IP version 6 (IPv6)
- Router Solicitation
- Router Advertisement
IPv6 Stateless Address Autoconfiguration
The IPv6 stateless autoconfiguration mechanism requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers.
Node-specific Client Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4)
在DHCPv4中使用DHCPv6定义的DHCP Unique Identifier (DUID)来替代v4中提供的原有机制。
The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4
废弃了RFC 2132中定义的Static Route option (option 33)。
Classful routes are routes whose subnet mask is implicit in the subnet number Classful routing is no longer in common use, so the DHCP Static Route option is no longer useful.
Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6
A stateless DHCP server provides only configuration information to nodes and does not perform any address assignment. Such a server is called “stateless” because it need not maintain any dynamic state for individual clients.
Secure Zero Touch Provisioning (SZTP)
即装即配,让主机自动发现并安装配置。
NETCONF Call Home and RESTCONF Call Home
The diagram below illustrates call home from a protocol-layering
perspective:
NETCONF/RESTCONF NETCONF/RESTCONF
Server Client
| |
| 1. TCP |
|----------------------------------->|
| |
| |
| 2. SSH/TLS |
|<-----------------------------------|
| |
| |
| 3. NETCONF/RESTCONF |
|<-----------------------------------|
| |
Note: Arrows point from the "client" to
the "server" at each protocol layer.
Figure 1: Call Home Sequence Diagram
Using the IANA-assigned ports, the server connects to port 4334 for NETCONF over SSH, port 4335 for NETCONF over TLS, and port 4336 for RESTCONF over TLS.
Using the NETCONF Protocol over Transport Layer Security (TLS) with Mutual X.509 Authentication
参考:
rfc822Name
To set the rfc822 email address in the subjectAltName extension, e.g. rfc822Name=myname@testorg.com.
Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)
略。
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
略。
Network Configuration Access Control Model
略。
其他参考
(暂时完了)