S_RFC3315_21.4.3_KeyUtilization.seq - Key utilization check
Server
S_RFC3315_21.4.3_KeyUtilization.seq [-tooloption ...]
-pkt S_RFC3315_21.4.3_KeyUtilization.def
-tooloption: v6eval tool option. See also DHCPv6.def
TN(Client1)
|
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
|
NUT(Server1)
Each DHCP client has a set of keys. Each key is identified by <DHCP
realm, client DUID, key id>. Each key also has a lifetime. The key
may not be used past the end of its lifetime. The client's keys are
initially distributed to the client through some out-of-band
mechanism. The lifetime for each key is distributed with the key.
Mechanisms for key distribution and lifetime specification are beyond
the scope of this document.
- Configuration
Enable Delayed Authenticaion Protocol Service
Authenticaion parameter
- DHCP realm: DHCPv6.TEST.EXAMPLE.COM
- Client DUID: 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2
- Key id: 1
- Shared secret key: TAHITEST_VALID12
| Device Name |
Device Type |
I/F |
Assigned Prefix |
Link Local Addr |
MAC Addr |
| Server1 |
NUT |
Link0 |
3ffe:501:ffff:100::/64 |
NUT's Linklocal address |
NUT's MAC address |
| Client1 |
TN |
Link0 |
3ffe:501:ffff:100::/64 |
fe80::200:ff:fe00:a2a2 |
00:00:00:00:a2:a2 |
NUT TN
| |
| | initialize NUT (as a DHCPv6 Server)
| |
| <---- | Solicit w/ Authtication Option
| ----> | Advertise w/ Authtication Option
| <---- | Request w/ Authtication Option using Key id = 2
| --->X | Reply w/ Authtication Option (*1)
| |
| <---- | Solicit w/ Authtication Option
| ----> | Advertise w/ Authtication Option
| <---- | Request w/ Authtication Option using Key id = 1
| ----> | Reply w/ Authtication Option (*2)
| |
(*1) PASS: If NUT received message that includes unrecognized Key id, NUT discards it.
(*2) PASS: If NUT received message that includes recognized Key id, NUT reply it.
N/A
see also RFC3315
21.4.3. Key Utilization
21.4.5 Server Considerations for Delayed Authentication protocol
22.11 Authentication Option
perldoc V6evalTool