The Basic Network Address Management Profile utilizes DHCP to provide services to assign and manage IP parameters for machines remotely. The DHCP server is manually configured to establish the rules for assigning IP addresses to machines. The rules may be explicit machine by machine assignments and may be assignment of a block of IP addresses to be assigned dynamically as machines are attached and removed from the network. The DHCP client can obtain its IP address and a variety of related parameters such as NTP server address from the DHCP server during startup. The DHCP server may dynamically update the DNS server with new relationships between IP addresses and DNS hostnames.
The DNS Client can obtain the IP number for another host by giving the DNS hostname to a DNS Server and receive the IP number in response. This transaction may be used in other profiles or in implementations that do not conform to the Basic Network Address Management Profile.
The Basic Network Address Management Profile applies to the actors DHCP Server, DHCP Client, DNS Server, and DNS Client. The mandatory and optional transactions are described in the table and sections below.
Table F.1-1. Basic Network Address Management Profile
Actor |
Transaction |
Optionality |
Section |
---|---|---|---|
DHCP Server |
Configure DHCP Server |
M |
F.1.2 |
Find and Use DHCP Server |
M |
F.1.3 |
|
Maintain Lease |
M |
F.1.4 |
|
Resolve Hostname |
M |
F.1.1 |
|
DDNS Coordination |
O |
F.1.5 |
|
DHCP Client |
Find and Use DHCP Server |
M |
F.1.3 |
Maintain Lease |
M |
F.1.4 |
|
DNS Server |
DDNS Coordination |
O |
F.1.5 |
Resolve Hostname |
M |
F.1.1 |
|
DNS Client |
Resolve Hostname |
M |
F.1.1 |
The DNS Client can obtain the IP number for a host by giving the DNS hostname to a DNS Server and receive the IP number in response.
DNS Client
Needs IP address, has the DNS Hostname
DNS Server
Provides current IP address when given the DNS Hostname
The standards and their relationships for the family of DNS protocols are shown in Figure F.1-2. The details of transactions, transaction diagrams, etc. are contained within the referenced RFC's.
The issue of security is under active development by the Internet Engineering Task Force and its various working groups. The security related RFCs and drafts are identified in Figure F.1-2. Some of these are completed. Others are still in the draft stage. The Basic Network Address Management Profile does not include specific requirements for support of DNS security extensions by the DNS Client.
The Basic Network Address Management profile should not be used outside a secured environment. At a minimum there should be:
Firewall or router protections to ensure that only approved external hosts are used for DNS services.
Agreements for VPN and other access should require that DNS clients use only approved DNS servers over the VPN.
Other network security procedures such as automated intrusion detection may be appropriate in some environments. Security features beyond this minimum should be established by the local security policy and are beyond the scope of DICOM.
The purpose of the selected security is to limit the scope of the threat to insider attacks. The DNS system discloses only hostnames and IP addresses, so there is little concern about eavesdropping. The protections are to limit the exposure to denial of service attacks by counterfeit servers or clients.
Client caches may cause confusion during updates. Many DNS clients check for DNS updates very infrequently and might not reflect DNS changes for hours or days. Manual steps may be needed to trigger immediate updates. Details for controls of cache and update vary for different DNS clients and DNS servers, but DNS caching and update propagation delays are significant factors and implementations have mechanisms to manage these issues.
DNS Server failure management should be considered. Redundant servers and fallback host files are examples of possible error management tools.
The DNS server may provide additional optional information in support of configuration management. See Section H.2 for the specification of this information and additional RFC's to be supported.
The DHCP server shall be configurable by site administration so that
DHCP clients can be added and removed.
DHCP clients configurations can be modified to set values for attributes used in later transactions.
pre-allocation of fixed IP addresses for DHCP clients is supported
This standard does not specify how this configuration is to be performed.
Most DHCP servers support the pre-allocation of fixed IP addresses to simplify the transition process for legacy systems. This permits a particular device to switch to DHCP while retaining the previously assigned IP address. This enables the use of a central site management of IP addresses without breaking compatibility with older systems that require fixed IP addresses.
DHCP Server
Maintains internal configuration files.
Site Administrator
Updates configuration information to add, modify, and remove descriptions of clients and servers.
Service Staff
Provides initial configuration requirements for many devices when installing a new network, and for individual devices when installing or modifying a single device.
This is the support for the normal startup process. The DHCP client system boots up, and very early in the booting process it finds DHCP servers, selects one of the DHCP servers to be its server, queries that server to obtain a variety of information, and continues DHCP client self-configuration using the results of that query. DHCP servers may optionally provide a variety of information, such as server locations, normal routes. This transaction identifies what information shall be provided by a compliant DHCP server, and identifies what information shall be requested by a compliant DHCP client. A compliant DHCP server in not required to provide this optional information.
DHCP Server
Responds to DHCP acquisition queries. Multiple actors may exist. The DHCP client will select one.
DHCP client
Queries for DHCP Servers. Selects one responding server.
RFC-2131 DHCP Protocol
RFC-2132 DHCP Options
RFC-2563 Auto Configuration control
The DHCP client shall comply with RFC-2131 (DHCP Protocol), RFC-2132 (DHCP Options), RFC-2563 (Auto Configuration Control), and their referenced RFCs.
The DHCP client shall query for available DHCP servers. It shall select the DHCP server to use.
The DHCP client shall query for an IP assignment. The DHCP Server shall determine the IP parameters in accordance with the current DHCP configuration, establish a lease for these parameters, and respond with this information. (See below for lease maintenance and expiration.) The DHCP client shall apply these parameters to the TCP/IP stack. The DHCP client shall establish internal lease maintenance activities.
The DHCP client shall query for the optional information listed in Table F.1-2 when required by additional profiles used by the client system. If the DHCP server does not provide this information, the default values shall be used by the DHCP client.
Table F.1-2. DHCP Parameters
DHCP Option |
Description |
Default |
---|---|---|
NTP |
List of NTP servers |
Empty list |
DNS |
List of DNS servers |
Empty list |
Router |
Default router |
Empty list |
Static routes |
Nil |
|
Hostname |
Requested machine name |
|
Domain name |
Nil |
|
Subnet mask |
Derived from network value |
|
Broadcast address |
Derived from network value |
|
Default router |
Nil |
|
Time offset |
Site configurable |
|
MTU |
Hardware dependent |
|
Auto-IP permission |
From NVRAM |
The DHCP client shall make this information available for other actors within the DHCP client machine.
The DHCP client normally maintains the IP lease in compliance with the RFCs. Sometimes the server will not renew the lease. Non-renewal is usually part of network service operations. The loss of the IP lease requires connections using that IP address to cease.
DHCP client
Deals with lease renewal and expiration.
DHCP Server
Renewing or deliberately letting leases expire (sometimes done as part of network service operations).
The DHCP client shall maintain a lease on the IP address in accordance with the DHCP protocol as specified in RFC-2131 and RFC-2132. There is a possibility that the DHCP Server may fail, or may choose not to renew the lease.
In the event that the DHCP lease expires without being renewed, any still active DICOM connections may be aborted (AP-Abort).
There is usually a period (typically between several minutes and several days) between the request for lease extension and actual expiration of the lease. The application might take advantage of this to perform a graceful association release rather than the abrupt shutdown of an AP-Abort.
DHCP servers may coordinate their IP and hostname assignments with a DNS server. This permits dynamic assignment of IP addresses without interfering with access to DHCP Clients by other systems. The other systems utilize the agreed hostname (which DHCP can manage and provide to the client) and obtain the current IP address by means of DNS lookup.
A DHCP Server is in compliance with this optional part of the Basic Network Address Management Profile profile if it maintains and updates the relevant DNS server so as to maintain the proper hostname/IP relationships in the DNS database.
DHCP Server
Responded to DHCP acquisition queries and assigned IP address to client.
DNS Server
Maintains the DNS services for the network.
After the DHCP server has assigned an IP address to a DHCP client, the DHCP server uses DDNS to inform the DNS server that the hostname assigned to the DHCP client has been given the assigned IP address. The DNS Server updates the DNS database so that subsequent DNS queries for this hostname are given the assigned IP address. When the lease for the IP address expires without renewal, the DHCP server informs the DNS server that the IP address and hostname are no longer valid. The DNS server removes them from the DNS database.
The Basic Network Address Management Profile Profile has two areas of security concerns:
Protection against denial of service attacks against the DHCP client/server traffic.
Protection against denial of service attacks against the DHCP server to DDNS server update process.
The Basic Network Address Management Profile Profile should not be used outside a secured environment. At a minimum there should be:
Firewall and or router protections to ensure that only approved hosts are used for DHCP and DNS services.
Agreements for VPN and other access should require that DNS clients on the hospital network use only approved DHCP or DNS servers over the VPN.
Other network security procedures such as automated intrusion detection may be appropriate in some environments. Security features beyond this minimum should be established by the local security policy and are beyond the scope of DICOM.
The purpose of the selected security is to limit the scope of the threat to insider attacks. The DHCP and DNS systems disclose only hostnames and IP addresses, so there is little concern about eavesdropping. The protections are to limit the exposure to denial of service attacks by counterfeit servers or clients. The specific DNS security extensions are described in Section F.1.1.4. This profile does not utilize the DHCP security extensions because they provide very limited added security and the attacks are insider denial of service attacks. Intrusion detection and other network level protection mechanisms are the most effective next level of protections for the DHCP process.
The DNS update is optional in this profile to accommodate the possibility that the DHCP server and DNS server cannot reach a mutually acceptable security process. Support of this option may require support of the DNS security protocols that are in the process of development. See Section F.1.1.4 for a discussion of the DNS security profile standards and drafts.
The DHCP configuration file can be a very useful form of documentation for the local network hardware configuration. It can be prepared in advance for new installations and updated as clients are added. Including information for all machines, including those that do not utilize DHCP, avoids accidental IP address conflicts and similar errors.
Most DHCP servers have a configuration capability that permits control of the IP address and other information provided to the client. These controls can pre-allocate a specific IP address, etc. to a machine based on the requested machine name or MAC address. These pre-allocated IP addresses then ensure that these specific machines are always assigned the same IP address. Legacy systems that do not utilize DNS can continue to use fixed tables with IP addresses when the DHCP server has pre-allocated the IP addresses for those services.
The Conformance Statement for an LDAP Client shall describe its use of LDAP to configure the local AE titles. Any conformance to the Update LDAP Server option shall be specified, together with the values for all component object attributes in the update sent to the LDAP Server. Any use of LDAP to configure the remote device addresses and capabilities shall be described. The LDAP queries used to obtain remote device component object attributes shall be specified.
In particular, use of LDAP to obtain the AE Title, TCP port, and IP address for specific system actors (e.g., an Image Archive, or a Performed Procedure Step Manager) should be detailed, as well as how the LDAP information for remote devices is selected for operational use.