Networking Principles II: DHCP
DHCP stands for Dynamic Host Configuration Protocol. It handles the automatic assignment of IP addresses and other configuration settings for devices on your network.
Isn’t there a way to configure IP addresses manually? Yes, there is; if you’ve explored the Network and Sharing Center in your control panel, you’ve probably seen this. But DHCP automates it. This is especially good for people who have laptops, aren’t hooked up to the Internet all the time and often move from place to place with their portable devices. They can simply get a new IP address as needed without having to do it manually.
DHCP Basics
DHCP is designed to make the assignment of IP addresses and other network configuration information faster and easier. Rather than going around to every device on your network and setting up its network configuration manually, you can use your DHCP server to set up pools of addresses, called scopes, from which clients can request a temporary IP address.
DHCP is a protocol that uses Level 4 on the OSI model. It communicates using User Datagram Protocol (UDP) datagrams through UDP Port 68. (I know, this brings up images of exchanging Candy Grams with all your friends. Remember that?) DHCP works with most current and past Windows clients, and also Linux, Macintosh, and many network-capable printers.
Benefits of running DHCP
- Flexible configuration. DHCP makes it easy to implement changes in IP address configuration. Rather than manually configure each device’s network connection every time a new DNS server is added, you can go into the DHCP server and make the necessary changes.
- Scalable design. Can you imagine having to manually configure IP and routing information for 150 new devices on your network? DHCP makes it easier to add to your network as your organization grows.
- Centralized administration. You can make needed configuration changes in a single place. This saves time and effort over going around to every device on your network.
- Automatic host configuration. DHCP automates the assignment of IP addresses.
DHCP components
- DHCP leases
- DHCP scopes
- DHCP reservations
- DHCP options
- DHCP relay agents
DHCP Leases
DHCP leases define the lease duration, or the amount of time that a client can keep an IP address before releasing it. In Windows Server 2008, the default lease duration is 8 days for wired clients and 6 days for wireless clients. On the DHCP server, leases act as placeholders in its DHCP database. When the lease is issued, the IP address is removed from the list of available addresses to prevent the issuing of the same address to more than one computer.
To determine the duration of a lease, one must consider the client type, the connection time, and the available range of IP addresses.
Client type has to do with the type of devices on your network, such as desktop computers, mobile notebooks, and servers. If you have more than the usual number of laptops on your network, the length of lease duration should decrease.
You should estimate the connection time, or the average length of time your clients spend on the network. If this time is relatively low, such as 2 to 4 hours, your lease duration doesn’t have to be as long.
An important factor is the number of IP addresses you have available, as well as the number of clients who need DHCP’s range of addresses. If you have a lot of clients in relation to your number of available addresses, a shorter lease duration is advisable to avoid running out of IP addresses.
For most networks, the default settings should be sufficient. Shorter lease times would be necessary for networks with many clients that connect for less than a day. A college campus is a good example, since campuses usually offer free wireless access for their students, who are typically connected for a few hours a day.
DHCP Scope
A DHCP Scope is a range of IP addresses and related configuration information available by request from a DHCP client. These scopes usually represent a single subnet, or segment of a network. Each scope is a continuous range of IP addresses defined by a beginning IP address and an ending IP address. If you need to exclude IP addresses, you must create exclusions for those addresses. One reason for creating these addresses might be hardware with static IP addresses, like printers or routers.
DHCP Reservations
When would you reserve an IP address? Well, in some cases, a network device needs to have a static IP address. An example would be a server, a router, or a network printer. In the DHCP role console, you reserve these addresses using the list below.
Common DHCP Options
- 3: Router
- 6: DNS server
- 15: DNS domain name
- 42: NTP server
- 44: WINS server (NetBIOS name server)
- 45: NetBIOS datagram disribution server (NBDD)
- 46: WINS/NetBIOS node type
- 47: NetBIOS scope ID
- 51: Lease Time
- 53: DHCP message type
- 55: Special option type used to communicate a parameter request list to the DHCP server
- 58: Renewal time value (T1)
- 59: Rebind time value (T2)
DHCP Options
DHCP options are basic settings that a client needs for proper network communication. These options include an IP address, a subnet mask, a default gatewar, primary and secondary DNS servers, primary and secondary Windows Internet Name Service (WINS) if applicable, and DHCP lease expiration. You can define these options when creating the scope or change them later.
Server options are settings defined on each server that apply to all scopes on a specific DHCP server. Scope options are settings defined on each scope that apply only to the scope to which they are added. Router options are typically defined using scope options, which override server options. Server options are usually used for network resources whose IP addresses are the same for all scopes, such as DNS and WINS.
DHCP Relay Agent
DHCP requests are broadcast messages that cannot be routed, so they are limited to the subnet of the client requesting an IP address. You can choose one of two options to get around this. You can have a DHCP server on each subnet, which can be expensive and, therefore, difficult to justify to senior management. Or, you can use a DHCP relay agent to forward DHCP requests. This agent accepts the broadcast packets and converts them to unicast packets that can traverse a routed network and vice versa when the DHCP server replies to the client requesting an IP address. Most modern routers support the passing of DHCP requests.
Dynamic DNS
Dynamic Domain Name System (Dynamic DNS) is another feature of Windows Server 2008 DHCP. With this feature, DHCP servers and clients can work with DNS servers to create, modify, and delete DNS name records. For DHCP clients, the DNS name is updated at the same time they receive a new IP address.
By default, Windows Server 2008 supports dynamic updates for clients that can update their own records. These include Windows 2000 clients, Windows XP, Windows Vista, and Windows Server 2008 clients. Windows operating systems prior to Windows 2000 and clients that are members of a different Active Directory are not equipped to update their own records. They would require the DHCP server to do the work for them, in which case the server updates all DNS records for the clients. To support the legacy clients, you open the IPv4 properties dialog box, go to the DNS tab, and make certain “Dynamically update DNS A and PTR records only if requested by the DHCP clients” is selected.
Most installations of Windows Server 2008 will not require changes to support Dynamic DNS. Dynamic DNS does require you to configure a DNS server to allow dynamic updates.
DHCP Communication Processes
- First, the client broadcasts a DHCPDiscover message designed to locate a DHCP server and suggest values for the network address and lease duration.
- Second, one or more DHCP servers respond with a DHCPOffer, which offers configuration information for the client.
- The client then broadcasts a DHCPRequest message to, by default, the nearest DHCP server. This accepts the offered configuration information.
- The server then transmits either a DHCPAck or a DHCPNACK message. The DHCPAck confirms a DHCP client’s IP address; the DHCPNack declines the client’s request.
- A client might also transmit a DCHPDecline if it senses that an offered address is already in use. This declines an offered IP address. In this case, the client will have to start the process all over again.
- A DHCP client will send a DHCPRelease to relinquish its IP address and end its lease. This request is sent to the DHCP server that issued the lease.
- A client can also send a DHCPInform message requesting local configuration information only.
Initial Lease Request
- First, the client will seek a DHCP server by broadcasting a DHCPDiscover request. It will wait one second for a response. If it does not receive one, it will rebroadcast its request at intervals of 9, 13, and 16 seconds, with a variable between 0 milliseconds and 1 second. If it cannot reach a DHCP server, it will create an ad-hoc address called an Automatic Private IP Addressing (APIPA) while continuing to broadcast DHCPDiscover requests every 5 minutes. APIPA addresses are IP addresses starting with 169.254.
- If the client succeeds in finding the DHCP server responsible for its subnet, it answers with a DCHPOffer message, which offers an IP address. Often, more than one server will be able to respond. The server(s) will temporarily reserve the IP address in anticipation of acceptance.
- When the client receives the DHCP offer or offers, it will choose one and accept it by broadcasting a DHCPRequest. By default, the client will accept the offer of the DHCP server closest to it. Since it is a broadcast, all other servers will know that the client has accepted one of the offers.
- The DHCP server creates a lease for the address it offered, makes the appropriate changes to its database of available and leased IP addresses, and confirms the IP address assignment with a DHCPAck message.
Lease Renewals
When a DHCP client powers on or connects to the network, it will confirm that it can continue to use its currently assigned address. If so, the lease is renewed and the expiration date extended. If not, they will try to renew after 50 percent of the lease time has expired. This renewal time value is referred to as T1.
If the T1 attempt fails, the client will try again after 87.5% of the lease has expired. If unsuccessful, it will broadcast a DHCPDiscover request to receive an IP address from any DHCP server on its network. This binding time value is referred to as T2.
DHCP renewals use a two-message communication process. A DHCP client makes a request to renew its current address by sending a DCHPRequest for the renewal of the lease it currently holds. When the server receives the client’s request, it sends a DHCPAck to confirm that the DCHP lease and any DCHP options have been updated. This information includes a new expiration date for the lease.
If a client cannot reach a DHCP server before its lease expires, it will attempt to acquire a new IP address through the Initial Release process.
Changing Subnets
Often, you will have to deal with mobile devices that move between subnets and won’t be able to use a lease received on one subnet on the new subnet. Depending on how the computer is used, the process of obtaining a new lease may not always be automatic. In a well-designed network, wireless access points will use a mesh that the mobile devices detect as a single subnet throughout the organization. This is not always the case and is the cause of most complaints that a device’s connectivity is lost when it moves from one part of the building to the other. In most cases, the user can use the ipconfig /renew command to force the computer to obtain a new address.
Another way around this problem is to turn the device off and reboot it. This will cause the device to automatically renew its DHCP settings. When the device has moved to a different subnet, it will send out a DHCPRequest for a renewal of the lease it currently holds. This time, the DHCP server will detect that it cannot assign this configuration, so it sends a DHCPNack, a denial of the request. This will force the device to send out a DHCPDiscover broadcast, looking for a server that can fill the address. The DCHP server responsible for the device’s new subnet will reply with a DHCP offer. The device can then reply with a DHCPRequest, and the server will reply with a DHCPAck which confirms the new configuration assignment.
If the client does not detect a DHCP server, it will assign itself an APIPA address.
DHCP Database, Server Service, and Server Console
DHCP servers keep track of both used and available IP addresses by maintaining a database. This database is constantly updated as new requests for IP addresses are fulfilled and as clients release old addresses into the address pool. Unlike DNS, which distributes its database across multiple servers, DHCP maintains a single database on each DHCP server installation.
While there is no theoretical limit to the number of records DHCP server can store, the actual database size is based on the number of client requests it receives. The database grows as new records are created or deleted but does not shrink on its own. To recover space allocated previously, DHCP will automatically compact the database during idle periods.DCHP server service is installed with the DHCP Server role. This service runs the processes the DHCP server uses. If this service stops, clients will be unable to receive new IP addresses and configuration information. The DHCP Server role will display an error message that the service has stopped.
Once the DHCP Server Role is installed, the DHCP Server Console is available in both Server Manager and under Administrative Tools in the Start menu. This console allows you to manage DHCP on Windows Server 2008.
Authorizing DHCP
In Windows Server 2008, you will be prompted for credentials while installing if your server is a member of a domain. This helps prevent unauthorized or rogue DHCP servers from being deployed on your domain clients. Rogue servers that are improperly or mischievously configured can cause communication problems on your network due to improper configurations or IP address conflicts.
Fault Tolerance and DHCP
Many organizations can get by with one or two DHCP servers. However, you should make certain you have the resources for fault tolerance, so you should deploy enough to handle the load of your network and provide backup DHCP services in case of server failure.
Microsoft recommends using the 80/20 rule when splitting scopes between two servers for fault tolerance. That means 80 percent of a scope’s total IP range is hosted on your primary DHCP server and 20 percent is hosted on your secondary DHCP server. If one of the servers fail, you will have IP addresses for new DHCP requests and renewals. The 80/20 rule assumes you can restore the failed server within one or two days. Depending on your needs, you may also consider doing a 50/50 split, which would provide true fault tolerance if you can’t restore your failed server right away.
Other options you can use if you can’t restore the failed server within a day or two include expanding the scope ranges on your secondary server or temporarily installing on another network server. The second option would require that you modify your DHCP relay agents with the IP addresses of your temporary DHCP servers.
Due to the minimal resource requirements of DHCP, you can run virtual servers on Hyper-V. You can also use failover clustering to transfer services between two servers if one server fails.
Install the DHCP Server Role
- Log onto your server and start Server Manager if it doesn’t start automatically.
- Go to your Roles and click Add Role. When the Add Role wizard starts, click Next.
- Check the DHCP Server box and click “Next.”
- If desired, you can review the information about DHCP server. Click Next.
- Select the router you want to use. Click Next.
- Here you enter the Parent Domain and the preferred DNS Server IPv4 Address. Double-check this information if you don’t have it with you. Click next.
- You can choose whether to use WINS. If you don’t wish to, take the defaults and click Next.
- Here, you can add a DHCP scope if you wish, or do it later. Click Next.
- This window will allow you to configure DHCPv6 Stateless Mode. If you want to do that later, click Next.
- Review the information in the Confirm Installation Settings box to make certain it is accurate. Click Install to begin the installation process.
- When installation is complete, click Close.
Clicking around the DHCP Server Console.
This is just to show you how to see what’s on your DHCP server console.
Open Server Manager if it isn’t open already. Expand the Roles section and click DHCP Server.
In the DCHP server’s summary pane, you should find the Events summary, the System Services summary, and the Resources and Support summary. The Events shows any Event Viewer messages, warnings, and alerts related to DHCP. The System Services summary shows the status of the DHCP Server. The Resources and Support offers recommendations on how to improve DHCP Server.
In the left pane, click to expand DHCP Server. It should show the name of the computer; if you expand that, you should also see the IPv4 and IPv6 areas of your DHCP server.
How To Create A Scope
In the left pane of Server Manager, expand Roles, and expand the DHCP Server role. Click on the name of your DCHP server. This should open the DHCP Server administration console.
In the left pane, click IPv4. This displays “Add a Scope” in the middle pane of the console.
Click More Actions and then click New Scope. This starts the New Scope Wizard. Click “Next” in the Welcome to the New Scope Wizard dialog box.
In the Scope Name dialog box, enter a Name and a Description. The name and description should describe what the scope will be used for. Click Next.
Enter the beginning and ending IP address for your scope range. Make certain you allow enough IP addresses to meet your anticipated needs. Click Next.
In this part, you should enter any IP address exclusions you wish to add. Reasons for excluding addresses might include reserving addresses for routers, printers, or any other device that should have a static IP address.
Adjust the lease duration to suit your anticipated needs. The default in Windows is 8 days, which will usually cover most needs.
Here, you define the DHCP options. You can also adjust them in Server Manager later by going to your DHCP console, expanding IPv4, selecting your scope name, and selecting Scope Options. You can use these options to set an IP address for a specific device. Click next.
Click Finish. In the IPv4 console pane, the scope is displayed with a red arrow. This means the scope is not active yet.
Expand IPv4 if it isn’t expanded already. Click on your new scope and click “More Actions.” Click “Activate.” This should remove the red arrow from the scope name and makes the addresses in the scope available.
Testing Your New DHCP Scope
It’s usually a good idea to test your work before anybody else has reason to notice changes on your network. A virtual machine or an old computer salvaged from the last time an office upgraded its technology is good for testing changes to your network. Run a command prompt in Administrator mode and type in:
netsh int ip set addr “local area connection” DHCP
netsh int ip set dns “local area connection” DCHP
Type ipconfig /all to confirm that the IP address falls within the range of your scope and doesn’t include any IP addresses you may have excluded from the scope. If it does, use the ipconfig /release command, and then use ipconfig /renew. Type ipconfig /all again to make certain that the computer released its IP address back into the pool.
Configuring DHCP On Routers
It is possible to set up DHCP at the router level. The chart below shows what a typical command structure for configuring DHCP on a Cisco router might look like.
Issues with DHCP usually mean a problem with its configuration. The service dhcp command on a Cisco router is turned on by default but can be manually disabled using the no ip routing command. This is one thing to check if you need to troubleshoot DHCP issues on one particular subnet. Two more useful troubleshooting commands are debug ip dhcp server events and debug ip dhcp server packet. To make sure that DHCP broadcast messages can get through the router, use the ip helper-request command to have the router forward DHCP packets to the DHCP server.
Learn More About Networking
Networking Supplies
[simple-rss feed=”http://rest.ebay.com/epn/v1/find/item.rss?keyword=%28networking+cables%2Cnetworking+servers%2Crouters%29&categoryId1=58058&sortOrder=BestMatch&programid=1&campaignid=5337337555&toolid=10039&customid=USB&listingType1=All&lgeo=1&feedType=rss” limit=10]