View
221
Download
0
Category
Preview:
Citation preview
8/8/2019 DHCP Basics 2002
1/84
CEENET #8 8.2002 1
DHCP Managed Configuration ofTCP/IP Hosts
Richard Perlman
perl@lucent.com
8/8/2019 DHCP Basics 2002
2/84
CEENET #8 8.2002 2
Outline
DHCP purpose and goals
Background and history of DHCP Case Study
Operational details
Using DHCP
8/8/2019 DHCP Basics 2002
3/84
CEENET #8 8.2002 3
Purpose of DHCPFrom RFC2131: The Dynamic Host Configuration
Protocol (DHCP) provides a framework for
passing configuration information to hosts on aTCP/IP network. DHCP consists of two
components: a protocol for delivering host-
specific configuration parameters from a DHCP
server to a host and a mechanism for allocation of
network addresses to hosts.
8/8/2019 DHCP Basics 2002
4/84
CEENET #8 8.2002 4
DHCP functional goals A host without a valid IP address locates and
communicates with a DHCP server
A DHCP server passes configuration
parameters, including an IP address, to the host
The DHCP server may dynamically allocate
addresses to hosts and reuse addresses
8/8/2019 DHCP Basics 2002
5/84
CEENET #8 8.2002 5
DHCP functional goals
Hosts can detect when they require a new IP
address
Unavailability of DHCP server has minimal
effect on operation of hosts
8/8/2019 DHCP Basics 2002
6/84
CEENET #8 8.2002 6
What does DHCP do?
Provides protocol stack, application and
other configuration parameters to hosts
Eliminates need for individual, manual
configuration for hosts
Includes administrative controls for network
administrators
8/8/2019 DHCP Basics 2002
7/84
CEENET #8 8.2002 7
What does DHCP do?
Backward compatible packet format for
BOOTP interoperation (RFC 1542)
Can coexist with hosts that have pre-
assigned IP addresses and hosts that do not
participate in DHCP
8/8/2019 DHCP Basics 2002
8/84
CEENET #8 8.2002 8
Design Goals
Eliminate manual configuration of hosts
Prevent use of any IP address by more thanone host
Should not require a server on every subnet
Allow for multiple servers
8/8/2019 DHCP Basics 2002
9/84
CEENET #8 8.2002 9
Design Goals
Provide a mechanism, not a policy
Provide same configuration - including IPaddress - to a host whenever possible
8/8/2019 DHCP Basics 2002
10/84
CEENET #8 8.2002 10
What can you do with DHCP
Plug-and-play
Move desktop PCs between offices Renumber
Other restructuring - change subnet masks
Mobile IP - laptops Moving equipment - cartable
8/8/2019 DHCP Basics 2002
11/84
CEENET #8 8.2002 11
What DHCP doesntdo Support multiple addresses per interface
Inform running host that parameters have
changed
Propagate new addresses to DNS
Support inter-server communication
Provide authenticated message delivery
8/8/2019 DHCP Basics 2002
12/84
CEENET #8 8.2002 12
What DHCP doesntdo
Configure routers and other network
equipment
Design network addressing plan
Determine other configuration parameters
Locate other servers
8/8/2019 DHCP Basics 2002
13/84
CEENET #8 8.2002 13
Outline
DHCP purpose and goals
Background and history of DHCP Case Study
Operational details
Using DHCP
8/8/2019 DHCP Basics 2002
14/84
CEENET #8 8.2002 14
What is DHCP and where does itcome from?
Internet Engineering Task Force (IETF)
Dynamic Host ConfigurationW
orkingGroup (DHC WG)
BOOTP
8/8/2019 DHCP Basics 2002
15/84
CEENET #8 8.2002 15
IETF standards
Formal process for development, review and
acceptance of TCP/IP protocol suite
standards
Initial specifications published as Internet
Drafts (I-Ds)
Accepted specifications published as
Request for Comments (RFCs)
8/8/2019 DHCP Basics 2002
16/84
CEENET #8 8.2002 16
Protocol status DHCP has been accepted as a Draft
Standard; the specifications are published
in: RFC 2131: Dynamic Host Configuration
Protocol
RFC 2132: DHCP Options and BOOTP Vendor
Extensions
Several additional options are in
development
8/8/2019 DHCP Basics 2002
17/84
CEENET #8 8.2002 17
Implementation status
DHCP is an open standard, with freely
available specifications
Can be (and has been) implemented entirely
from the specification
Commercial implementations are widely
available
Non-commerical implementations are also
available
8/8/2019 DHCP Basics 2002
18/84
CEENET #8 8.2002 18
DHCP Resources Compilation of DHCP-related WWW links and
other information:http://www.dhcp.org
DHCP FAQ (maintained by John Wobus)
dhcp-v4@bucknell.edu mailing list
(admin requests tolistserv@bucknell.edu)
8/8/2019 DHCP Basics 2002
19/84
CEENET #8 8.2002 19
DHCP Resources
IETF information can be retrieved from:
http://www.ietf.cnri.reston.va.us
I-Ds and RFCs can also be retrieved from:
http://www.rfc-editor.org
8/8/2019 DHCP Basics 2002
20/84
CEENET #8 8.2002 20
Related work
RARP/DRARP
TFTP ICMP
Router Discovery
Mobile IP Wireless/cellular IP
8/8/2019 DHCP Basics 2002
21/84
CEENET #8 8.2002 21
Outline
DHCP purpose and goals
Background and history of DHCP Case Study
Operational details
Using DHCP
8/8/2019 DHCP Basics 2002
22/84
CEENET #8 8.2002 22
Generic Startup, Inc. GSI
GSI is a mediumsized startup with about
200 employees
Internal TCP/IP network intranet
Network Architect is responsible for
network design, planning and operation
8/8/2019 DHCP Basics 2002
23/84
CEENET #8 8.2002 23
Intranet architecture
Intranet uses Ethernet throughout
5 internal Ethernet segments 4 segments for desktops
1 segment for servers
Connected through single router
8/8/2019 DHCP Basics 2002
24/84
CEENET #8 8.2002 24
TCP/IP addressing
Network architect has obtained Class C
network address 201.155.7.0 for GSI
Subnetted for segments
/27 subnet mask
8 possible subnets, 32 hosts per subnet
8/8/2019 DHCP Basics 2002
25/84
CEENET #8 8.2002 25
201.157.7.32
Intranet addressing
201.157.7.64
201.157.7.128
201.157.7.96
201.157.7.192Router
8/8/2019 DHCP Basics 2002
26/84
CEENET #8 8.2002 26
DHCP on the GSI intranet
Network architect plans addressing scheme
and locations of servers
DHCP server attached to 201.157.7.192
subnet
Desktop clients contact server at startup for
IP address and configuration parameters
8/8/2019 DHCP Basics 2002
27/84
CEENET #8 8.2002 27
GSI uses DHCP to
Configure new computers
Reconfigure relocated computers Accommodate laptops
Renumber network
8/8/2019 DHCP Basics 2002
28/84
CEENET #8 8.2002 28
Planning for DHCP
Preparation for DHCP requires careful
planning
IP addressing strategy
Consider current needs
Allow for growth
Network architect configures rules for
addressing strategy into DHCP server
8/8/2019 DHCP Basics 2002
29/84
CEENET #8 8.2002 29
Newly installed computer
Newly installed computer locates DHCP
server
Server consults address scheme rules
Picks an address
Determines other configuration parameters
Plug-and-play
8/8/2019 DHCP Basics 2002
30/84
CEENET #8 8.2002 30
Newly installed computer
201.157.7.96
201.157.7.198Router
New computer
DHCP
server
8/8/2019 DHCP Basics 2002
31/84
CEENET #8 8.2002 31
Relocated computer Computer retains address
W
hen restarted, computer checks withserver to confirm address
If address OK, computer retains old address
If computer attached to different subnet,
obtains new address
8/8/2019 DHCP Basics 2002
32/84
CEENET #8 8.2002 32
Relocated computer
201.157.7.64
201.157.7.96
201.157.7.198Router
201.157.7.98
DHCP
server
8/8/2019 DHCP Basics 2002
33/84
CEENET #8 8.2002 33
Using DHCP with legacy equipment DHCP servernotrequired to make every
address on a subnet available for allocation
DHCP servernotrequired to answer every
incoming request
Network architect can configure server to
reserve (not allocate) addresses
8/8/2019 DHCP Basics 2002
34/84
CEENET #8 8.2002 34
Growth new computers on a subnet So GSI grows and hires new employees
Each gets a new computer; new computersare allocated addresses from DHCP pool
Suppose addresses in a subnet are all
allocated?
8/8/2019 DHCP Basics 2002
35/84
CEENET #8 8.2002 35
DHCP and new computers DHCP server will hand out all available
addresses
Limited number of addresses can be shared
(if all computers not on simultaneously)
Eventually, network architect will have to
allocate more addresses
8/8/2019 DHCP Basics 2002
36/84
CEENET #8 8.2002 36
Reusing addresses Server can reuse abandoned addresses
Address initially allocated for fixed time called
a lease
Client can extend lease
If lease expires, server can reallocate
Reallocation only when necessary (e.g.,
LRU) is a good idea
8/8/2019 DHCP Basics 2002
37/84
CEENET #8 8.2002 37
Growth multiple IP networks on asubnet
/27 subnet accommodates only 30
computers
Suppose application development group
grows to 40?
Add second IP subnet to existing Ethernet
segment
8/8/2019 DHCP Basics 2002
38/84
CEENET #8 8.2002 38
Multiple IP networks on a subnet
201.157.7.32
201.157.7.64
201.157.7.128
201.157.7.96
201.157.7.160
201.157.7.192Router
8/8/2019 DHCP Basics 2002
39/84
CEENET #8 8.2002 39
Reconfiguring the server for multiplenetworks
Server configuration file defines multiple
subnets and address pools on one physical
segment
Server chooses address from pools for the
segment
Server checks DHCP client address against
all subnets on the segment
8/8/2019 DHCP Basics 2002
40/84
CEENET #8 8.2002 40
Growth changing subnet masks In some cases, subnet growth can be managed
with a change to the subnet mask
201.157.7.128/27 and 201.157.7.160/27 can becombined into 201.157.7.128/26
Network infrastructure must accommodateVLSMs
Must change subnet masks on attached clients
8/8/2019 DHCP Basics 2002
41/84
CEENET #8 8.2002 41
Passing new subnet masks to clients At next reboot, DHCP client will contact
server
Server returns new subnet mask with
acknowledgment
Client records and uses new mask
8/8/2019 DHCP Basics 2002
42/84
CEENET #8 8.2002 42
Growth renumbering Eventually, GIS network architect obtains
second class C address: 202.5.77.0
Subnet numbers are reallocated among
network segments
Many computers now on wrong subnet
8/8/2019 DHCP Basics 2002
43/84
CEENET #8 8.2002 43
Renumbered GSI network
202.5.77.128
201.157.7.64
201.157.7.32
202.5.77.64
201.157.7.128Router
201.157.7.98
8/8/2019 DHCP Basics 2002
44/84
CEENET #8 8.2002 44
Using DHCP for renumbering Set up plan for renumbering
New network architecture
Network addresses, server addresses
Timing of cutovers
Force DHCP clients to contact server for
notification about new address
Set short leases
Require all clients be rebooted
8/8/2019 DHCP Basics 2002
45/84
CEENET #8 8.200245
Using DHCP for renumbering Rebooting, although not elegant, probably
most reliable
Schedule subnet cutover for overnight or
weekend, force reboot through alternate
protocol (e.g.., email to all users)
8/8/2019 DHCP Basics 2002
46/84
CEENET #8 8.200246
Outline DHCP purpose and goals
Background and history of DHCP
Case Study
Operational details
Using DHCP
8/8/2019 DHCP Basics 2002
47/84
CEENET #8 8.2002 47
Server manages client configurations
Provide a variety of mechanisms for
controlled configuration
Can override default parameters from Host
Requirements
8/8/2019 DHCP Basics 2002
48/84
CEENET #8 8.2002 48
Address allocation Static (BOOTP): client must be pre-
configured into database
Automatic: server can allocate new address
to client
Dynamic: server can allocate and reuse
addresses
8/8/2019 DHCP Basics 2002
49/84
CEENET #8 8.2002 49
Leases Dynamic addresses are allocated for a period
of time known as the lease
Client is allowed to use the address until the
lease expires
8/8/2019 DHCP Basics 2002
50/84
CEENET #8 8.2002 50
Leases Client MUST NOT use the address after the
lease expires, even if there are active
connections using the address
Server MUST NOT reuse the address before
the lease expires
8/8/2019 DHCP Basics 2002
51/84
CEENET #8 8.2002 51
Motivation for leases An IP internet may not always be
completely operational; there may not
always be connectivity between any two
hosts, so:
Cant use distributed (client-based) assignment
of addresses Cant use address defense before server reuse
of addresses
8/8/2019 DHCP Basics 2002
52/84
CEENET #8 8.2002 52
Motivation for leases Leases guarantee an agreement as to when
an address may be safely reused even if the
server cant contact the client
8/8/2019 DHCP Basics 2002
53/84
CEENET #8 8.2002 53
Address reuse Server MAY choose to reuse an address by
reassigning it to a different client after the
lease has expired
Server can check using ICMP echo to see if
the address is still in use (but no response is
not a definitive answer!)
8/8/2019 DHCP Basics 2002
54/84
CEENET #8 8.2002 54
Address reuse Allows address sharing
From old computers replaced by new ones
Among a pool of computers not always using
TCP/IP
For transient hosts like laptops
8/8/2019 DHCP Basics 2002
55/84
CEENET #8 8.2002 55
Address allocation details Clients check on address validity at reboot
time (renumbering)
Clients can extend the lease on an address at
startup time
8/8/2019 DHCP Basics 2002
56/84
CEENET #8 8.2002 56
Address allocation details Clients can extend the lease on an address as
expiration time approaches (without closing
and restarting existing connections)
Clients with addresses that have been
configured manually can use DHCP to
obtain other configuration parameters
8/8/2019 DHCP Basics 2002
57/84
CEENET #8 8.2002 57
Four ways a client uses DHCP INIT - acquire an IP address and
configuration information
INIT-REBOOT - confirm validity ofpreviously acquired address andconfiguration
RENEWING - extend a lease from theoriginal server
REBINDING - extend a lease from anyserver
8/8/2019 DHCP Basics 2002
58/84
CEENET #8 8.2002 58
Obtaining an initial address Client broadcasts DISCOVER to locate
servers
Server chooses address and replies
Client selects a server and sends REQUEST
for address
Server commits allocation and returns ACK
8/8/2019 DHCP Basics 2002
59/84
CEENET #8 8.2002 59
Rebooting client Client puts address in REQUEST and
broadcasts
Server checks validity and returns ACKwith
parameters
If client address is invalid e.g., client is
attached to a new network server replieswith NAKand client restarts
8/8/2019 DHCP Basics 2002
60/84
CEENET #8 8.2002 60
Extending a lease Client puts requested lease extension in
REQUEST and sends to server
Server commits extension and returns ACK
with parameters
8/8/2019 DHCP Basics 2002
61/84
CEENET #8 8.2002 61
DHCP options Options carry additional configuration
information to client
DHCP message type
Subnet mask, default routers, DNS server
Many others
Carried as fields in DHCP message
8/8/2019 DHCP Basics 2002
62/84
CEENET #8 8.2002 62
Configuration with options Network architect configures server to select
and return options and values
Client can explicitly request specific options
8/8/2019 DHCP Basics 2002
63/84
CEENET #8 8.2002 63
Relay agents Using hardware and IP broadcast still limits
DHCP message from client to single
physical network
Relay agent, on same subnet as client,
forwards DHCP messages between clients
and servers
8/8/2019 DHCP Basics 2002
64/84
CEENET #8 8.2002 64
Relay agents Relay agent and server exchange messages
using unicast UDP
Servers can be located anywhere on intranet Servers can be centrally located for ease of
administration
Very simple in function, implementation
Usually, but not necessarily, located in routers
8/8/2019 DHCP Basics 2002
65/84
CEENET #8 8.2002 65
Outline DHCP purpose and goals
Background and history of DHCP
Case Study
Operational details
Using DHCP
8/8/2019 DHCP Basics 2002
66/84
CEENET #8 8.2002 66
Using multiple servers Clients must be implemented for multiple
servers; e.g., receiving multiple OFFER
messages
Using multiple servers can provide
increased reliability through redundancy
8/8/2019 DHCP Basics 2002
67/84
CEENET #8 8.2002 67
Using multiple servers All coordination must be managed by DHCP
administrator
Distributed database
Off-line batch updates
Manually
8/8/2019 DHCP Basics 2002
68/84
CEENET #8 8.2002 68
Strategies for using multiple servers Split address pool for each subnet among
servers
Coordinate leases off-line
Reallocate addresses when needed
8/8/2019 DHCP Basics 2002
69/84
CEENET #8 8.2002 69
Lease times and strategies Choice of lease times made by DHCP
administrator
Long lease times decrease traffic and server
load, short lease times increase flexibility
8/8/2019 DHCP Basics 2002
70/84
CEENET #8 8.2002 70
Lease times and strategies Should choose lease time allow for server
unavailability
Allows clients to use old addresses
For example, long enough to span weekends
Can assign different leases to desktop
computers, cartable systems and laptops
8/8/2019 DHCP Basics 2002
71/84
CEENET #8 8.2002 71
Changing other configuration parameters
Other configuration parameters such as print
servers may change
Reconfigure DHCP server with new
parameters
At next reconfirmation, clients will get new
addresses
8/8/2019 DHCP Basics 2002
72/84
CEENET #8 8.2002 72
Moving a client to a new location User may get moved to a new location on a
different subnet
User may arrange to move computer system
without contacting network administrator
DHCP will allocate address for new location
8/8/2019 DHCP Basics 2002
73/84
CEENET #8 8.2002 73
Moving a client to a new location What about old lease?
New server can notify network administrator
about address allocation
Client can issue RELEASE before moving from
old location
Or, might be appropriate to leave old leasein place
8/8/2019 DHCP Basics 2002
74/84
CEENET #8 8.2002 74
Replacing a system User may get new computer on desktop
Network administrator wants to allocate
same IP address to the new computer but,
new computer will have different hardware
address
Use client id as system identifier andtransfer to new system
8/8/2019 DHCP Basics 2002
75/84
CEENET #8 8.2002 75
Limitations to DHCP Coordination among multiple servers
DHCP interaction with DNS
Security/authentication
New options
IPv6
Opportunities for enhancement
8/8/2019 DHCP Basics 2002
76/84
CEENET #8 8.2002 76
Coordination among multipleservers
Becomes a distributed database problem
Several strategies have been proposed
Failover protocol now in development
8/8/2019 DHCP Basics 2002
77/84
CEENET #8 8.2002 77
Dynamic DNS When client is allocated a new address, DNS
records need to be updated
A record: Name to IP address
PTR record: IP address to name
DHCP to be extended to allow coordination
between client and serverWhich does updates?
Error conditions?
8/8/2019 DHCP Basics 2002
78/84
CEENET #8 8.2002 78
Security/Authentication Unauthorized either intentional or
accidental server can cause denial of
service problems
Some sites may want to limit IP address
allocation to authorized client
8/8/2019 DHCP Basics 2002
79/84
CEENET #8 8.2002 79
Security/Authentication Authentication based on shared secret key,
an authentication ticket and a message digest
Assures source of message is valid and
message hasnt been tampered with en route
Schiller/Huitema/Droms/Arbaugh proposal
in process
8/8/2019 DHCP Basics 2002
80/84
CEENET #8 8.2002 80
New options acceptance New options must have nonoverlapping
option codes
Codes handed out byInternet Assigned
Numbers Authority (IANA)
New mechanism will approve each new
option as a separate RFC (like TELNET)
8/8/2019 DHCP Basics 2002
81/84
CEENET #8 8.2002 81
IPv6 IP Version 6(aka IPv6 or IPng) is a new
internet protocol to replace IP
Includes new features for host configuration:
Router advertisement
Autoconfiguration
Link-local addresses
8/8/2019 DHCP Basics 2002
82/84
CEENET #8 8.2002 82
IPv6 To accommodate sites that want centralized
management of addresses,DHCP for IPv6
(DHCPv6) is being developed by the DHCWG.
8/8/2019 DHCP Basics 2002
83/84
CEENET #8 8.2002 83
Summary DHCP works today as a tool for automatic
configuration of TCP/IP hosts
It is an open Internet standard and
interoperable client implementations are
widely available
8/8/2019 DHCP Basics 2002
84/84
Summary Provides automation for routine
configuration tasks, once network architect
has configured network and addressing plan
Ongoing work will extend DHCP with
authentication, DHCP-DNS interaction and
inter-server communication
Recommended