Chapter 32 dhcpv6 option37, 38, 1 introduction to dhcpv6 option37, 38, 2 dhcpv6 option37, 38 configuration task list – PLANET XGS3-24042 User Manual

32-8

Chapter 32 DHCPv6 option37, 38

32.1 Introduction to DHCPv6 option37, 38

DHCPv6 (Dynamic Host Configuration Protocol for IPv6) is designed for IPv6 address scheme and is used for

assigning IPv6 prefixes, IPv6 addresses and other configuration parameters to hosts.

When DHCPv6 client wants to request address and configure parameter of DHCPv6 server from different link,

it needs to communicate with server through DHCPv6 relay agent. DHCPv6 message received by relay agent

node is reencapsulated to be relay-forward packets and they are forwarded to the server which sends the

relay-reply packets to DHCPv6 relay agent node in different link, after that, relay agent node restores DHCPv6

message to DHCPv6 client to finish communication between client and server.

There are some problems when using DHCPv6 relay agent, for example: How to assign IP address in the

fixed range to the specifiec users? How to avoid illegal DHCPv6 client to forge IP address exhaust attack

triggered by MAC address fields of DHCPv6 packets? How to avoid illegal DHCPv6 client to trigger deny

service attack through using MAC address of other legal clients? Therefore, IETF set rfc4649 and rfc4580, i.e.

DHCPv6 option 37 and option 38 to solve these problems.

DHCPv6 option 37 and option 38 is similar to DHCP option 82. When DHCPv6 client sends request packets

to DHCPv6 server though DHCPv6 relay agent, if DHCPv6 relay agent supports option 37 and option 38, they

will be added to request packets. For the respond packets of server, option 37 and option 38 are meaningless

and are peeled from the respond packets. Therefore, the application of option 37 and option 38 is transparent

for client.

DHCPv6 server can authenticate identity of DHCPv6 client and DHCPv6 relay device by option 37 and option

38, assign and manage client address neatly through configuring the assign policy, prevent DHCPv6 attack

availably according to the inclusive client information, such as forging MAC address fields of DHCPv6 packets

to trigger IP address exhaust attack. Since server can identify multiple request packets from the same access

port, it can assign the address number through policy limit to avoid address exhaust. However, rfc4649 and

rfc4580 do not set how to use opton 37 and option 38 for DHCPv6 server, users can use it neatly according to

their own demand.

32.2 DHCPv6 option37, 38 Configuration Task List

1.

DHCPv6 snooping option basic functions configuration

2.

DHCPv6 relay option basic functions configuration

3.

DHCPv6 server option basic functions configuration

1. DHCPv6 snooping option basic functions configuration

Command

Explanation

Global mode