Hi all,
In a scenario where hosts have obtained IPv6 addresses through some other
mechanism, such as stateless address auto-configuration or manual
configuration while other configuration parameters (e.g., recursive DNS
servers)are learnt via stateless DHCPv6 [RFC 3736], would it be better for
these hosts to obtain the DHCPv6 server addresses via a new RA option in
advance? Thus these hosts could directly send unicast DHCP
Information-request messages to the stateless DHCP server without the need
of DHCP relay agent between the client and server. As a result, delays due
to the relaying of messages by relay agents, as well as overhead and
duplicate responses by servers due to the delivery of client messages to
multiple servers can be avoided.
Meanwhile, I noticed there is a statement about unicast DHCP request in the
DHCPv6 specification [RFC 3315] as follows:
"When the server receives a Request message via unicast from a client
to which the server has not sent a unicast option, the server
discards the Request message and responds with a Reply message
containing a Status Code option with the value UseMulticast, a Server
Identifier option containing the server's DUID, the Client Identifier
option from the client message, and no other options."
Unless the unicast option is not available for all clients, I believe it
would conflict with the basic principle of stateless DHCP that DHCP server
needs not to maintain per host state.
There is another statement about the unicast DHCP request in RFC 3315 as
follows:
" ...Use of unicast may avoid delays due to the relaying of messages
by
relay agents, as well as avoid overhead and duplicate responses by
servers due to the delivery of client messages to multiple
servers. Requiring the client to relay all DHCP messages through
a relay agent enables the inclusion of relay agent options in all
messages sent by the client. The server should enable the use of
unicast only when relay agent options will not be used. "
Judging from the above statement, especially the last sentence, it seems
that the relay agent is preferred. Then what's the reason for that
preference? To prevent flood attack on the DHCP server? If the answer is
yes, then as for stateless DHCP, it seems that such attacks are not much
serious since the stateless DHCP server doesn't need to maintain any dynamic
state for individual clients. At least, not worse than flood attacks on DNS
servers.
Comments?
Xiaohu
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
