SECURE DHCP SERVER

SECURE DHCP SERVER

A preferred embodiment of the present invention includes a method and apparatus for allocating and using IP addresses in a network of client systems. More specifically, the present invention includes a DHCP server that leases IP addresses to the client systems. The DHCP server works in combination w...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: LIM, SWEE, B, RADIA, SANJAY, WONG, THOMAS, K, TSIRIGOTIS, PANAGIOTIS, GOEDMAN, ROBERT, J
Format: Patent
Sprache:eng ; fre
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A preferred embodiment of the present invention includes a method and apparatus for allocating and using IP addresses in a network of client systems. More specifically, the present invention includes a DHCP server that leases IP addresses to the client systems. The DHCP server works in combination with a secure DHCP relay agent and a secure IP relay agent. Broadcast DHCPREQUEST messages are forwarded to the DHCP server by the secure DHCP relay agent. Before forwarding, the secure DHCP relay agent embeds a trusted identifier in each DHCPREQUEST message. The trusted identifier is an unforgeable object specifically associated with the client system sending the DHCPREQUEST message. When the DHCP server receives the DHCPREQUEST message, the DHCP server extracts the trusted identifier. The trusted identifier is then used by the DHCP server to prevent client systems from accessing the IP address leases of other client systems. The DHCP server also counts the number of IP addresses leases assigned to each trusted identifier. In this way, each client system is prevented from leasing more than a predetermined number of IP addresses. Unicast DHCPREQUEST messages received by the DHCP server include a source address that corresponds to the client system sending the unicast DHCPREQUEST message. The validity of the source address is ensured by the secure IP relay agent. The DHCP server uses the source address to prevent client systems from accessing the IP address leases of other client systems. La présente invention concerne un procédé et un appareil permettant d'allouer des ressources et d'utiliser des adresses IP (protocole Internet) dans un réseau de systèmes-clients. La présente invention concerne, plus particulièrement, un serveur DHCP (protocole de configuration dynamique de l'hôte) qui loue des adresses IP à des systèmes-clients. Le serveur DHCP travaille en association avec un agent de relais de sécurité du serveur DHCP et un agent relais de sécurité IP. Des messages de diffusion DHCPREQUEST sont transmis au serveur DHCP par l'agent de relais de sécurité dudit serveur DHCP. Avant la retransmission, ledit agent de relais de sécurité du serveur DHCP incorpore un identificateur de confiance dans chaque message DHCPREQUEST. L'identificateur de confiance est un objet infalsifiable associé au système-client qui envoie le message DHCPREQUEST. Lorsque le serveur DHCP reçoit un message DHCPREQUEST, ledit serveur DHCP extrait l'identificateur de confiance. L'identificateu