Networking Principles II: DHCP

1. First, the client will seek a DHCP server by broadcasting a DHCPDiscover request. It will wait one second for a response. If it does not receive one, it will rebroadcast its request at intervals of 9, 13, and 16 seconds, with a variable between 0 milliseconds and 1 second. If it cannot reach a DHCP server, it will create an ad-hoc address called an Automatic Private IP Addressing (APIPA) while continuing to broadcast DHCPDiscover requests every 5 minutes. APIPA addresses are IP addresses starting with 169.254.
2. If the client succeeds in finding the DHCP server responsible for its subnet, it answers with a DCHPOffer message, which offers an IP address. Often, more than one server will be able to respond. The server(s) will temporarily reserve the IP address in anticipation of acceptance.
3. When the client receives the DHCP offer or offers, it will choose one and accept it by broadcasting a DHCPRequest. By default, the client will accept the offer of the DHCP server closest to it. Since it is a broadcast, all other servers will know that the client has accepted one of the offers.
4. The DHCP server creates a lease for the address it offered, makes the appropriate changes to its database of available and leased IP addresses, and confirms the IP address assignment with a DHCPAck message.

When a DHCP client powers on or connects to the network, it will confirm that it can continue to use its currently assigned address. If so, the lease is renewed and the expiration date extended. If not, they will try to renew after 50 percent of the lease time has expired. This renewal time value is referred to as T1.
If the T1 attempt fails, the client will try again after 87.5% of the lease has expired. If unsuccessful, it will broadcast a DHCPDiscover request to receive an IP address from any DHCP server on its network. This binding time value is referred to as T2.

DHCP renewals use a two-message communication process. A DHCP client makes a request to renew its current address by sending a DCHPRequest for the renewal of the lease it currently holds. When the server receives the client’s request, it sends a DHCPAck to confirm that the DCHP lease and any DCHP options have been updated. This information includes a new expiration date for the lease.

If a client cannot reach a DHCP server before its lease expires, it will attempt to acquire a new IP address through the Initial Release process.

Often, you will have to deal with mobile devices that move between subnets and won’t be able to use a lease received on one subnet on the new subnet. Depending on how the computer is used, the process of obtaining a new lease may not always be automatic. In a well-designed network, wireless access points will use a mesh that the mobile devices detect as a single subnet throughout the organization. This is not always the case and is the cause of most complaints that a device’s connectivity is lost when it moves from one part of the building to the other. In most cases, the user can use the ipconfig /renew command to force the computer to obtain a new address.

Another way around this problem is to turn the device off and reboot it. This will cause the device to automatically renew its DHCP settings. When the device has moved to a different subnet, it will send out a DHCPRequest for a renewal of the lease it currently holds. This time, the DHCP server will detect that it cannot assign this configuration, so it sends a DHCPNack, a denial of the request. This will force the device to send out a DHCPDiscover broadcast, looking for a server that can fill the address. The DCHP server responsible for the device’s new subnet will reply with a DHCP offer. The device can then reply with a DHCPRequest, and the server will reply with a DHCPAck which confirms the new configuration assignment.

If the client does not detect a DHCP server, it will assign itself an APIPA address.

DHCP servers keep track of both used and available IP addresses by maintaining a database. This database is constantly updated as new requests for IP addresses are fulfilled and as clients release old addresses into the address pool. Unlike DNS, which distributes its database across multiple servers, DHCP maintains a single database on each DHCP server installation.

While there is no theoretical limit to the number of records DHCP server can store, the actual database size is based on the number of client requests it receives. The database grows as new records are created or deleted but does not shrink on its own. To recover space allocated previously, DHCP will automatically compact the database during idle periods.DCHP server service is installed with the DHCP Server role. This service runs the processes the DHCP server uses. If this service stops, clients will be unable to receive new IP addresses and configuration information. The DHCP Server role will display an error message that the service has stopped.

Once the DHCP Server Role is installed, the DHCP Server Console is available in both Server Manager and under Administrative Tools in the Start menu. This console allows you to manage DHCP on Windows Server 2008.

In Windows Server 2008, you will be prompted for credentials while installing if your server is a member of a domain. This helps prevent unauthorized or rogue DHCP servers from being deployed on your domain clients. Rogue servers that are improperly or mischievously configured can cause communication problems on your network due to improper configurations or IP address conflicts.

Many organizations can get by with one or two DHCP servers. However, you should make certain you have the resources for fault tolerance, so you should deploy enough to handle the load of your network and provide backup DHCP services in case of server failure.

Microsoft recommends using the 80/20 rule when splitting scopes between two servers for fault tolerance. That means 80 percent of a scope’s total IP range is hosted on your primary DHCP server and 20 percent is hosted on your secondary DHCP server. If one of the servers fail, you will have IP addresses for new DHCP requests and renewals. The 80/20 rule assumes you can restore the failed server within one or two days. Depending on your needs, you may also consider doing a 50/50 split, which would provide true fault tolerance if you can’t restore your failed server right away.

Other options you can use if you can’t restore the failed server within a day or two include expanding the scope ranges on your secondary server or temporarily installing on another network server. The second option would require that you modify your DHCP relay agents with the IP addresses of your temporary DHCP servers.

Due to the minimal resource requirements of DHCP, you can run virtual servers on Hyper-V. You can also use failover clustering to transfer services between two servers if one server fails.

1. Log onto your server and start Server Manager if it doesn’t start automatically.
2. Go to your Roles and click Add Role. When the Add Role wizard starts, click Next.
3. Check the DHCP Server box and click “Next.”
4. If desired, you can review the information about DHCP server. Click Next.
5. Select the router you want to use. Click Next.
6.  Here you enter the Parent Domain and the preferred DNS Server IPv4 Address. Double-check this information if you don’t have it with you. Click next.
7. You can choose whether to use WINS. If you don’t wish to, take the defaults and click Next.
8. Here, you can add a DHCP scope if you wish, or do it later. Click Next.
9. This window will allow you to configure DHCPv6 Stateless Mode. If you want to do that later, click Next.
10. Review the information in the Confirm Installation Settings box to make certain it is accurate. Click Install to begin the installation process.
11. When installation is complete, click Close.

This is just to show you how to see what’s on your DHCP server console.

Open Server Manager if it isn’t open already. Expand the Roles section and click DHCP Server.

In the DCHP server’s summary pane, you should find the Events summary, the System Services summary, and the Resources and Support summary. The Events shows any Event Viewer messages, warnings, and alerts related to DHCP. The System Services summary shows the status of the DHCP Server. The Resources and Support offers recommendations on how to improve DHCP Server.

In the left pane, click to expand DHCP Server. It should show the name of the computer; if you expand that, you should also see the IPv4 and IPv6 areas of your DHCP server.

In the left pane of Server Manager, expand Roles, and expand the DHCP Server role. Click on the name of your DCHP server. This should open the DHCP Server administration console.

In the left pane, click IPv4. This displays “Add a Scope” in the middle pane of the console.

Click More Actions and then click New Scope. This starts the New Scope Wizard. Click “Next” in the Welcome to the New Scope Wizard dialog box.

In the Scope Name dialog box, enter a Name and a Description. The name and description should describe what the scope will be used for. Click Next.

Enter the beginning and ending IP address for your scope range. Make certain you allow enough IP addresses to meet your anticipated needs. Click Next.

In this part, you should enter any IP address exclusions you wish to add. Reasons for excluding addresses might include reserving addresses for routers, printers, or any other device that should have a static IP address.

Adjust the lease duration to suit your anticipated needs. The default in Windows is 8 days, which will usually cover most needs.
Here, you define the DHCP options. You can also adjust them in Server Manager later by going to your DHCP console, expanding IPv4, selecting your scope name, and selecting Scope Options. You can use these options to set an IP address for a specific device. Click next.

Click Finish. In the IPv4 console pane, the scope is displayed with a red arrow. This means the scope is not active yet.

Expand IPv4 if it isn’t expanded already. Click on your new scope and click “More Actions.” Click “Activate.” This should remove the red arrow from the scope name and makes the addresses in the scope available.

Testing Your New DHCP Scope

It’s usually a good idea to test your work before anybody else has reason to notice changes on your network. A virtual machine or an old computer salvaged from the last time an office upgraded its technology is good for testing changes to your network. Run a command prompt in Administrator mode and type in:

netsh int ip set addr “local area connection” DHCP

netsh int ip set dns “local area connection” DCHP

Type ipconfig /all to confirm that the IP address falls within the range of your scope and doesn’t include any IP addresses you may have excluded from the scope. If it does, use the ipconfig /release command, and then use ipconfig /renew. Type ipconfig /all again to make certain that the computer released its IP address back into the pool.

Configuring DHCP On Routers

It is possible to set up DHCP at the router level. The chart below shows what a typical command structure for configuring DHCP on a Cisco router might look like.

Issues with DHCP usually mean a problem with its configuration. The service dhcp command on a Cisco router is turned on by default but can be manually disabled using the no ip routing command. This is one thing to check if you need to troubleshoot DHCP issues on one particular subnet. Two more useful troubleshooting commands are debug ip dhcp server events and debug ip dhcp server packet. To make sure that DHCP broadcast messages can get through the router, use the ip helper-request command to have the router forward DHCP packets to the DHCP server.