لطفا منتظر باشید ...
Publisher| DHCPConcepts |
Host Configuration Protocol, a protocol used to simplify the
management of TCP/IP clients on a network. With DHCP, a client can
automatically obtain IP addresses, subnet masks, and other TCP/IP
configuration settings from a DHCP server. This is easier than the
alternativemanually configuring a static IP address for every
client on your network.
|
How DHCP Works
When a DHCP client starts up, it contacts a DHCP server and asks to
lease an IP address. The DHCP server responds by selecting an
available IP address from a scope , a range of
addresses that it manages. The server then leases the selected
address to the client for a certain period of time (eight days by
default), provides the client with the subnet mask associated with
the address, and optionally provides the client with additional
information such as a default gateway address, addresses of DNS
servers, and addresses of WINS servers. Once the client has obtained
a lease, the client has to renew the lease periodically with the
server to maintain its current address. If the client shuts down
properly, it releases its lease and the server may offer the same
address to a different client unless the address has been
specifically reserved for the original client.To really understand DHCP, you need to know what's
going on with DHCP at the packet level (you can view this information
using a sniffer like Network Monitor, an optional network-monitoring
component of WS2003). There are four types of DHCP packets:
- DHCPDISCOVER
This packet is broadcast by the client when it starts up. It contains
the MAC address (physical or hardware address) and computer name of
the client and essentially says, "If there is a DHCP
server out there, please offer me a lease." This is
repeated every five minutes until successful.- DHCPOFFER
This packet is broadcast by a DHCP server in response to a
DHCPDISCOVER packet. It contains the MAC address of the DHCP client
that sent the DHCPDISCOVER packet, the IP address and subnet mask
being offered to the client, the duration of the lease being offered,
and the IP address of the DHCP server.- DHCPREQUEST
This packet is broadcast by the client in response to the first lease
offer it receives. The DHCPREQUEST packet includes the IP address of
the DHCP server offering the lease and basically says,
"I'll take the lease you are
offering me." Other available DHCP servers also hear
this message but respond to it by withdrawing their offered leases
(no message sent).- DHCPACK
This packet is broadcast by the server and tells the client,
"The IP address is yours for so many
days." At this point the client initializes its
TCP/IP stack and can begin communicating over the network.
When 50% of the lease time has expired, the DHCP client sends a
DHCPREQUEST packet directly to the DHCP server requesting a renewal.
If the server is available, it responds with DHCPACK and the lease
clock is reset.If the server is not available, the client waits until 87.5% of the
lease time has expired and then broadcasts a DHCPDISCOVER packet that
basically says, "Is there any DHCP server out there
that can renew my lease?" A different server can
respond with DHCPOFFER if the scope of the server overlaps the scope
of the client's original DHCP server.If 100% of the lease time expires and the client
hasn't heard from any DHCP servers, it releases its
address and starts broadcasting DHCPDISCOVER packets to begin the
lease process anew. In the meantime, it can't use
TCP/IP to communicate on the network.If a client is shut down properly, it releases its IP address. When
it restarts, it tries to renew the same address it had before. If it
can't contact a DHCP server, it continues to use the
address until its current lease expires. If the lease expired while
the client was offline, the lease process starts from the beginning.
DHCP Terminology
To understand how DHCP works on WS2003, you need to know the
following terminology:
- Scope
A set of IP addresses that a DHCP server
issues
to clients on a particular subnet. A scope is typically a contiguous
block of addresses, possibly with certain addresses excluded, such as
addresses that have already been manually assigned to servers. You
can create three types of scopes:- Ordinary scope (or simply scope)
Specifies a range of IP addresses (with exclusions) that can be
leased to DHCP clients on a connected subnet.- Multicast scope
Can issue a multicast address to a group of computers on the network.
Multicasting is used for conferencing applications, such as Microsoft
Windows Media Technologies, and can be used to
"broadcast" information to a
specific group of computers.- Superscopes
Consist of two or more scopes grouped together so they can be
administered as a single entity. Any scope within a superscope can
lease an address to any client on the subnet. Superscopes are useful
when you planned for a certain number of DHCP clients on your network
but later discovered you had more clients than you anticipated. You
can create an additional scope for the extra clients and then combine
this with the original scope to create a superscope without needing
to delete your old scope and create a new one. Superscopes are also
useful when you need to replace an existing range of IP addresses
with a new range of addresses.
- Scope options
Additional TCP/IP settings issued by the DHCP server to its clients.
Scope options are specified by number, and the ones commonly used on
Microsoft networks are as follows:- 003 Router
IP address of default gateway- 006 DNS Servers
IP address of a DNS server- 015 DNS Domain Name
DNS name of the client's domain- 044 WINS/NBNS Servers
IP address of a WINS server- 046 WINS/NBT Node Type
Method used by client for NetBIOS over TCP/IP (NetBT) name resolution- 047 NetBIOS Scope ID
Local NetBIOS scope ID of clientScope options can also be configured at four different levels:- Server level
Options configured for this level are applied to all DHCP clients
managed by the DHCP server. An example would be specifying the same
WINS server (option 044) for all clients no matter which subnet they
reside on. Server-level options are overridden by scope- or reserved
client-level options.- Scope level
Options configured for this level are applied only to clients who
lease their address from the particular scope. An example would be
specifying a unique default gateway address (option 003) for each
subnet/scope. Scope-level options are overridden by reserved
client-level options.- Class level
Options configured for this level are applied only to clients
belonging to a specified class. For example, you could assign the
address of a DNS server to the class of client computers running
WS2003 as their operating system.- Reserved client level
Options configured for this level are applied only to the client
having the particular reservation.
- Reservation
An IP address is reserved
by a
client whose network adapter has a particular MAC address. Instead of
manually assigning static IP addresses to your network servers, you
can create reservations for them so they can obtain their addresses
from DHCP servers but always receive the same address from the
servers.- Activation
Once a scope is created
on
a DHCP server, it must be activated (turned on) before the server can
start leasing IP addresses from the scope to clients.- Authorization
Before a DHCP server
running
WS2003 can lease IP addresses to clients in an Active Directory
environment, it must first be authorized by a member of the
Enterprise Admins group. This gives administrators an extra level of
control over their networks to prevent unauthorized DHCP servers from
hijacking DHCP client machines.
Implementing DHCP
To implement DHCP using a
DHCP
server running WS2003, you can proceed as follows:
- Manually specify a static IP address, subnet mask, and default
gateway address on a member server. - Use Manage Your Server to add the DHCP Server role to your member
server. - Authorize your DHCP server in Active Directory.
- Create a scope on your DHCP server, excluding any IP addresses from
the scope as necessary and configuring any scope options required by
clients. - Create reservations for DHCP clients such as mail servers that must
always lease the same IP address. - Activate the scope you created.
- Configure client computers to obtain their IP addresses automatically
from a DHCP server.
If you have configured your routers to forward DHCP traffic, you may
need only one DHCP server for your entire network. Although DHCP
traffic is mostly of the broadcast type, it's not
very heavy unless you have a large number of DHCP clients and the
lease period is very short. If your routers block DHCP traffic on UDP
ports 67 and 68, you need either a DHCP server on each subnet or DHCP
relay agents (described later in this section). For fault tolerance,
it's a good idea to have two DHCP servers on your
network, one with 80% of the available addresses and the other with
20%, something called the 80/20 rule.
|
Dynamic Updates
Dynamic updates link DHCP
and DNS servers together to simplify
the task of configuring DNS on DHCP clients. When a client is
configured to use dynamic updates, it can either update its DNS
information on the DNS server directly or ask the DHCP server to do
this on its behalf. By default, WS2003 DHCP servers are configured to
perform dynamic updates only when (and how) DHCP clients request such
updates. They are also configured to discard such DNS information
when DHCP leases expire. Versions of Windows that support dynamic
updates include WS2003, XP, and W2K.If you have downlevel (NT) or legacy (Windows 95/98) systems
configured as DHCP clients, you can also configure DHCP servers to
dynamically update DNS information for these clients as well, though
this is not the default behavior for DHCP servers.
DHCP Relay Agents
DHCP relay agents are machines that listen for lease requests from DHCP
clients on their own subnet and forward these requests to a DHCP
server located on a different subnet. Consider a DHCP client on
subnet A requesting a lease from a DHCP server on subnet B via a DHCP
relay agent configured on subnet A:
- The client on subnet A broadcasts a DHCPDISCOVER packet on its subnet.
- The relay agent on subnet A hears the client's
DHCPDISCOVER broadcast, picks up the packet, readdresses it using
directed (not broadcast) IP to the DHCP server on subnet B, and sends
it off. - The packet from the relay agent is forwarded by the router from
subnet A to subnet B (since routers forward directed traffic but
typically block broadcast traffic). - The DHCP server on subnet B receives the DHCPDISCOVER packet from the
relay agent. Instead of responding with a broadcast DHCPOFFER packet,
it sends the DHCPOFFER packet directly to the relay agent on subnet
A. - The relay agent on subnet A receives the DHCPOFFER packet from the
server, readdresses it as a local subnet broadcast, and broadcasts
the packet to subnet A. - The client on subnet A hears the DHCPOFFER packet broadcast by the
relay agent but interprets it as if it were broadcast by a DHCP
server on its subnet. (The relay agent thus acts as a proxy for the
DHCP server.) - The client responds by broadcasting a DHCPREQUEST packet and the
process continueswith the relay agent acting as a
proxyuntil the client can lease an address.
