NAME

  S_RFC3315_21.5.2_SolReply.seq - Solicit/Reply with Reconfigure Authentication Protocol

TARGET

  Server

SYNOPSIS

 S_RFC3315_21.5.2_SolReply.seq [-tooloption ...]
 -pkt S_RFC3315_21.5.2_SolReply.def  -tooloption: v6eval tool option
 See Also  DHCPv6.def 
 

INITIALIZATION

• Network Topology

          TN(Client1)  
             |
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
                         |
                       NUT(Server1)
  

• Verification Points

   The server selects a Reconfigure Key for a client during the
   Request/Reply, Solicit/Reply or Information-request/Reply message
   exchange.  The server records the Reconfigure Key and transmits that
   key to the client in an Authentication option in the Reply message.
   

   To provide authentication for a Reconfigure message, the server
   selects a replay detection value according to the RDM selected by the
   server, and computes an HMAC-MD5 of the Reconfigure message using the
   Reconfigure Key for the client. 
   

   The server computes the HMAC-MD5 over the entire DHCP Reconfigure message,
   including the Authentication option; the HMAC-MD5 field in the Authentication
   option is set to zero for the HMAC-MD5 computation.  The server
   includes the HMAC-MD5 in the authentication information field in an
   Authentication option included in the Reconfigure message sent to the
   client.
          

• Configuration

Enable Reconfigure Authenticaion Protocol Service

Device Name	Device Type	I/F	Assigned Prefix	Link Local Addr	MAC Addr	Op1	Op2
Server1	NUT	Link0	3ffe:501:ffff:100::/64	NUT's Linklocal address	NUT's MAC address	N/A	N/A
Client1	TN	Link0	3ffe:501:ffff:100::/64	fe80::200:ff:fe00:a2a2	00:00:00:00:a2:a2	N/A	Yes

   Op1: Server ID Option
   Op2: Client ID Option

TEST PROCEDURE

       NUT     TN
        |       | 
        |       | Initialize NUT (as a DHCPv6 Server)
        |       | 
        | <---- | Solicit with Rapid Commit and Authentication Accept Option
        | ----> | Reply with Authentication Option (*1)
        |       | 
        |       | Host address prefix is changed from 3ffe:501:ffff:100:: to 3ffe:501:ffff:200:: 
        |       | Reload server configuration 
        |       | 
        | ----> | Reconfigure with comptuted Authentication (w/Authentication Option) (*2)
        |       | w/Option Request Option(IA_NA) w/IA_NA w/Reconfigure Message Option(msg-type=5) 
        |       | 
        | <---- | Renew w/Option Request Option(IA_NA) w/IA_NA
        |       | 
        | ----> | Reply w/IA_NA w/IA_Address (*3)
        |       | 

JUDGEMENT

 (*1) PASS: TN receive Reply message with Authenticaion option including key-ID.
 (*2) PASS: TN receive Reconfigure message with Authentication option.
 (*3) PASS: TN receive Reply message including updated IA_NA option.

TERMINATION

  N/A

REFERENCE

   see also RFC3315
   19.1.1. Creation and Transmission of Reconfigure Messages
   21.5. Reconfigure Key Authentication Protocol
   21.5.1. Use of the Authentication Option in the Reconfigure Key
        Authentication Protocol 
 

SEE ALSO

  perldoc V6evalTool