[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dhcwg] Ports clarification on DHCPv6

To: Andre Kostur <akostur at incognito.com>, <dhcwg at ietf.org>
Subject: Re: [dhcwg] Ports clarification on DHCPv6
From: Ralph Droms <rdroms at cisco.com>
Date: Thu, 07 Dec 2006 14:07:21 -0500
Authentication-results: rtp-dkim-2; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc:
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2982; t=1165518404; x=1166382404; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20<rdroms@cisco.com> |Subject:=20Re=3A=20[dhcwg]=20Ports=20clarification=20on=20DHCPv6 |Sender:=20 |To:=20Andre=20Kostur=20<akostur@incognito.com>,=20<dhcwg@ietf.org>; bh=5Joot0BP/Z+QEQZtHNoddWYVyMl6TF/8Sj9+upoMHMY=; b=U9F0akvPIrlraMePaNTScYkic3kGaItZlOOqnx8WzD+8QEMbVXN6PEPckB/2CDO/qyZhrLpf P5l49BwkorEdoImwKBFlpWNroTzt9Wji/RM2OD9RW+iDBr+xd31ZjsOc;
In-reply-to: <403B5316AD7A254C9024875BAE481D4E3DB26C@zeus.incognito.com>
List-help: <mailto:dhcwg-request@ietf.org?subject=help>
List-id: dhcwg.ietf.org
List-post: <mailto:dhcwg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
Thread-index: AccaLKsTLXQrqTUVSgmDlFGlAslMiQABkC41
Thread-topic: [dhcwg] Ports clarification on DHCPv6
User-agent: Microsoft-Entourage/11.2.5.060620

Andre - I just reread RFC 3315, sec 21.1:

21.1. Security of Messages Sent Between Servers and Relay Agents

   Relay agents and servers that exchange messages securely use the
   IPsec mechanisms for IPv6 [7].  If a client message is relayed
   through multiple relay agents, each of the relay agents must have
   established independent, pairwise trust relationships.  That is, if
   messages from client C will be relayed by relay agent A to relay
   agent B and then to the server, relay agents A and B must be
   configured to use IPSec for the messages they exchange, and relay
   agent B and the server must be configured to use IPSec for the
   messages they exchange.

   Relay agents and servers that support secure relay agent to server or
   relay agent to relay agent communication use IPsec under the
   following conditions:

      Selectors        Relay agents are manually configured with the
                       addresses of the relay agent or server to which
                       DHCP messages are to be forwarded.  Each relay
                       agent and server that will be using IPsec for
                       securing DHCP messages must also be configured
                       with a list of the relay agents to which messages
                       will be returned.  The selectors for the relay
                       agents and servers will be the pairs of addresses
                       defining relay agents and servers that exchange
                       DHCP messages on the DHCPv6 UDP ports 546 and
                       547.

I interpret the reference to port 546 as a typo (which probably arose from
faulty memory on the part of yr. obdt. doc. ed.).

- Ralph

On 12/7/06 1:22 PM, "Andre Kostur" <akostur at incognito.com> wrote:

> Some clarification of port number usage, please:
> 
>  
> 
> Section 5.2 seems to make it simple.  Clients use 546, Servers and
> Relays use 547.  However, section 21.1 (when talking about Selectors for
> IPSec tunnels between Relays and Servers) talks about both port 546 and
> 547.  If relays are to only use 547, why mention 546 in 21.1?
> 
>  
> 
> So the question is, what's the correct port usage for Relays?  Is it
> supposed to listen on only port 547 for all of its DHCPv6 traffic?  Or
> is it supposed to listen on port 547 for Client -> Relay traffic, and
> port 546 for Server/Relay -> Relay traffic (as the Relay is effectively
> playing DHCPv6 client to the server/relay)?
> 
>  
> 
> Also note, 3315 doesn't specify source port numbers.  Is it supposed to
> be defined that servers & relays send from 547 (potentially Relays from
> 546 and 547, depending on whether it's sending to a Server/Relay or a
> Client), and clients send from 546, or are ephermal source port numbers
> "OK"?
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg at ietf.org
> https://www1.ietf.org/mailman/listinfo/dhcwg

_______________________________________________
dhcwg mailing list
dhcwg at ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

References:
- [dhcwg] Ports clarification on DHCPv6
  - From: Andre Kostur

Prev by Date: Re: [dhcwg] Ports clarification on DHCPv6
Next by Date: RE: [dhcwg] Ports clarification on DHCPv6
Previous by thread: Re: [dhcwg] Ports clarification on DHCPv6
Next by thread: [dhcwg] IETF-67 dhc WG meeting minutes
Index(es):
- Date
- Thread