Title: DHCP Managed Configuration of TCPIP Hosts
1DHCP Managed Configuration of TCP/IP Hosts
- Richard Perlman
- perl_at_lucent.com
2Outline
- DHCP purpose and goals
- Background and history of DHCP
- Case Study
- Operational details
- Using DHCP
3Purpose of DHCP
- From RFC2131 The Dynamic Host Configuration
Protocol (DHCP) provides a framework for passing
configuration information to hosts on a TCP/IP
network. DHCP consists of two components a
protocol for delivering host-specific
configuration parameters from a DHCP server to a
host and a mechanism for allocation of network
addresses to hosts.
4DHCP functional goals
- A host without a valid IP address locates and
communicates with a DHCP server - A DHCP server passes configuration parameters,
including an IP address, to the host - The DHCP server may dynamically allocate
addresses to hosts and reuse addresses
5DHCP functional goals
- Hosts can detect when they require a new IP
address - Unavailability of DHCP server has minimal effect
on operation of hosts
6What does DHCP do?
- Provides protocol stack, application and other
configuration parameters to hosts - Eliminates need for individual, manual
configuration for hosts - Includes administrative controls for network
administrators
7What does DHCP do?
- Backward compatible packet format for BOOTP
interoperation (RFC 1542) - Can coexist with hosts that have pre-assigned IP
addresses and hosts that do not participate in
DHCP
8Design Goals
- Eliminate manual configuration of hosts
- Prevent use of any IP address by more than one
host - Should not require a server on every subnet
- Allow for multiple servers
9Design Goals
- Provide a mechanism, not a policy
- Provide same configuration - including IP
address - to a host whenever possible
10What can you do with DHCP
- Plug-and-play
- Move desktop PCs between offices
- Renumber
- Other restructuring - change subnet masks
- Mobile IP - laptops
- Moving equipment - cartable
11What DHCP doesnt do
- Support multiple addresses per interface
- Inform running host that parameters have changed
- Propagate new addresses to DNS
- Support inter-server communication
- Provide authenticated message delivery
12What DHCP doesnt do
- Configure routers and other network equipment
- Design network addressing plan
- Determine other configuration parameters
- Locate other servers
13Outline
- DHCP purpose and goals
- Background and history of DHCP
- Case Study
- Operational details
- Using DHCP
14What is DHCP and where does it come from?
- Internet Engineering Task Force (IETF)
- Dynamic Host Configuration Working Group (DHC WG)
- BOOTP
15IETF standards
- Formal process for development, review and
acceptance of TCP/IP protocol suite standards - Initial specifications published as Internet
Drafts (I-Ds) - Accepted specifications published as Request for
Comments (RFCs)
16Protocol status
- DHCP has been accepted as a Draft Standard the
specifications are published in - RFC 2131 Dynamic Host Configuration Protocol
- RFC 2132 DHCP Options and BOOTP Vendor
Extensions - Several additional options are in development
17Implementation status
- DHCP is an open standard, with freely available
specifications - Can be (and has been) implemented entirely from
the specification - Commercial implementations are widely available
- Non-commerical implementations are also available
18DHCP Resources
- Compilation of DHCP-related WWW links and other
information - http//www.dhcp.org
- DHCP FAQ (maintained by John Wobus)
- dhcp-v4_at_bucknell.edu mailing list (admin requests
to listserv_at_bucknell.edu)
19DHCP Resources
- IETF information can be retrieved from
- http//www.ietf.cnri.reston.va.us
- I-Ds and RFCs can also be retrieved from
- http//www.rfc-editor.org
20Related work
- RARP/DRARP
- TFTP
- ICMP
- Router Discovery
- Mobile IP
- Wireless/cellular IP
21Outline
- DHCP purpose and goals
- Background and history of DHCP
- Case Study
- Operational details
- Using DHCP
22Generic Startup, Inc. GSI
- GSI is a mediumsized startup with about 200
employees - Internal TCP/IP network intranet
- Network Architect is responsible for network
design, planning and operation
23Intranet architecture
- Intranet uses Ethernet throughout
- 5 internal Ethernet segments
- 4 segments for desktops
- 1 segment for servers
- Connected through single router
24TCP/IP addressing
- Network architect has obtained Class C network
address 201.155.7.0 for GSI - Subnetted for segments
- /27 subnet mask
- 8 possible subnets, 32 hosts per subnet
25Intranet addressing
201.157.7.64
201.157.7.192
Router
201.157.7.128
201.157.7.96
201.157.7.32
26DHCP on the GSI intranet
- Network architect plans addressing scheme and
locations of servers - DHCP server attached to 201.157.7.192 subnet
- Desktop clients contact server at startup for IP
address and configuration parameters
27GSI uses DHCP to
- Configure new computers
- Reconfigure relocated computers
- Accommodate laptops
- Renumber network
28Planning for DHCP
- Preparation for DHCP requires careful planning
- IP addressing strategy
- Consider current needs
- Allow for growth
- Network architect configures rules for addressing
strategy into DHCP server
29Newly installed computer
- Newly installed computer locates DHCP server
- Server consults address scheme rules
- Picks an address
- Determines other configuration parameters
- Plug-and-play
30Newly installed computer
201.157.7.198
Router
DHCP server
201.157.7.96
New computer
31Relocated computer
- Computer retains address
- When restarted, computer checks with server to
confirm address - If address OK, computer retains old address
- If computer attached to different subnet, obtains
new address
32Relocated computer
201.157.7.98
201.157.7.64
201.157.7.198
Router
DHCP server
201.157.7.96
33Using DHCP with legacy equipment
- DHCP server not required to make every address on
a subnet available for allocation - DHCP server not required to answer every incoming
request - Network architect can configure server to reserve
(not allocate) addresses
34Growth new computers on a subnet
- So GSI grows and hires new employees
- Each gets a new computer new computers are
allocated addresses from DHCP pool - Suppose addresses in a subnet are all allocated?
35DHCP and new computers
- DHCP server will hand out all available addresses
- Limited number of addresses can be shared (if all
computers not on simultaneously) - Eventually, network architect will have to
allocate more addresses
36Reusing addresses
- Server can reuse abandoned addresses
- Address initially allocated for fixed time called
a lease - Client can extend lease
- If lease expires, server can reallocate
- Reallocation only when necessary (e.g., LRU) is a
good idea
37Growth multiple IP networks on a subnet
- /27 subnet accommodates only 30 computers
- Suppose application development group grows to
40? - Add second IP subnet to existing Ethernet segment
38Multiple IP networks on a subnet
201.157.7.64
201.157.7.192
Router
201.157.7.128
201.157.7.96 201.157.7.160
201.157.7.32
39Reconfiguring the server for multiple networks
- Server configuration file defines multiple
subnets and address pools on one physical segment - Server chooses address from pools for the segment
- Server checks DHCP client address against all
subnets on the segment
40Growth changing subnet masks
- In some cases, subnet growth can be managed with
a change to the subnet mask - 201.157.7.128/27 and 201.157.7.160/27 can be
combined into 201.157.7.128/26 - Network infrastructure must accommodate VLSMs
- Must change subnet masks on attached clients
41Passing new subnet masks to clients
- At next reboot, DHCP client will contact server
- Server returns new subnet mask with
acknowledgment - Client records and uses new mask
42Growth renumbering
- Eventually, GIS network architect obtains second
class C address 202.5.77.0 - Subnet numbers are reallocated among network
segments - Many computers now on wrong subnet
43Renumbered GSI network
201.157.7.64
201.157.7.128
Router
201.157.7.32
202.5.77.64
202.5.77.128
201.157.7.98
44Using DHCP for renumbering
- Set up plan for renumbering
- New network architecture
- Network addresses, server addresses
- Timing of cutovers
- Force DHCP clients to contact server for
notification about new address - Set short leases
- Require all clients be rebooted
45Using DHCP for renumbering
- Rebooting, although not elegant, probably most
reliable - Schedule subnet cutover for overnight or weekend,
force reboot through alternate protocol (e.g..,
email to all users)
46Outline
- DHCP purpose and goals
- Background and history of DHCP
- Case Study
- Operational details
- Using DHCP
47Server manages client configurations
- Provide a variety of mechanisms for controlled
configuration - Can override default parameters from Host
Requirements
48Address allocation
- Static (BOOTP) client must be pre-configured
into database - Automatic server can allocate new address to
client - Dynamic server can allocate and reuse addresses
49Leases
- Dynamic addresses are allocated for a period of
time known as the lease - Client is allowed to use the address until the
lease expires
50Leases
- Client MUST NOT use the address after the lease
expires, even if there are active connections
using the address - Server MUST NOT reuse the address before the
lease expires
51Motivation for leases
- An IP internet may not always be completely
operational there may not always be connectivity
between any two hosts, so - Cant use distributed (client-based) assignment
of addresses - Cant use address defense before server reuse
of addresses
52Motivation for leases
- Leases guarantee an agreement as to when an
address may be safely reused even if the server
cant contact the client
53Address reuse
- Server MAY choose to reuse an address by
reassigning it to a different client after the
lease has expired - Server can check using ICMP echo to see if the
address is still in use (but no response is not a
definitive answer!)
54Address reuse
- Allows address sharing
- From old computers replaced by new ones
- Among a pool of computers not always using TCP/IP
- For transient hosts like laptops
55Address allocation details
- Clients check on address validity at reboot time
(renumbering) - Clients can extend the lease on an address at
startup time
56Address allocation details
- Clients can extend the lease on an address as
expiration time approaches (without closing and
restarting existing connections) - Clients with addresses that have been configured
manually can use DHCP to obtain other
configuration parameters
57Four ways a client uses DHCP
- INIT - acquire an IP address and configuration
information - INIT-REBOOT - confirm validity of previously
acquired address and configuration - RENEWING - extend a lease from the original
server - REBINDING - extend a lease from any server
58Obtaining an initial address
- Client broadcasts DISCOVER to locate servers
- Server chooses address and replies
- Client selects a server and sends REQUEST for
address - Server commits allocation and returns ACK
59Rebooting client
- Client puts address in REQUEST and broadcasts
- Server checks validity and returns ACK with
parameters - If client address is invalid e.g., client is
attached to a new network server replies with
NAK and client restarts
60Extending a lease
- Client puts requested lease extension in REQUEST
and sends to server - Server commits extension and returns ACK with
parameters
61DHCP options
- Options carry additional configuration
information to client - DHCP message type
- Subnet mask, default routers, DNS server
- Many others
- Carried as fields in DHCP message
62Configuration with options
- Network architect configures server to select and
return options and values - Client can explicitly request specific options
63Relay agents
- Using hardware and IP broadcast still limits DHCP
message from client to single physical network - Relay agent, on same subnet as client, forwards
DHCP messages between clients and servers
64Relay agents
- Relay agent and server exchange messages using
unicast UDP - Servers can be located anywhere on intranet
- Servers can be centrally located for ease of
administration - Very simple in function, implementation
- Usually, but not necessarily, located in routers
65Outline
- DHCP purpose and goals
- Background and history of DHCP
- Case Study
- Operational details
- Using DHCP
66Using multiple servers
- Clients must be implemented for multiple servers
e.g., receiving multiple OFFER messages - Using multiple servers can provide increased
reliability through redundancy
67Using multiple servers
- All coordination must be managed by DHCP
administrator - Distributed database
- Off-line batch updates
- Manually
68Strategies for using multiple servers
- Split address pool for each subnet among servers
- Coordinate leases off-line
- Reallocate addresses when needed
69Lease times and strategies
- Choice of lease times made by DHCP administrator
- Long lease times decrease traffic and server
load, short lease times increase flexibility
70Lease times and strategies
- Should choose lease time allow for server
unavailability - Allows clients to use old addresses
- For example, long enough to span weekends
- Can assign different leases to desktop computers,
cartable systems and laptops
71Changing other configuration parameters
- Other configuration parameters such as print
servers may change - Reconfigure DHCP server with new parameters
- At next reconfirmation, clients will get new
addresses
72Moving a client to a new location
- User may get moved to a new location on a
different subnet - User may arrange to move computer system without
contacting network administrator - DHCP will allocate address for new location
73Moving a client to a new location
- What about old lease?
- New server can notify network administrator about
address allocation - Client can issue RELEASE before moving from old
location - Or, might be appropriate to leave old lease in
place
74Replacing a system
- User may get new computer on desktop
- Network administrator wants to allocate same IP
address to the new computer but, new computer
will have different hardware address - Use client id as system identifier and transfer
to new system
75Limitations to DHCP
Opportunities for enhancement
- Coordination among multiple servers
- DHCP interaction with DNS
- Security/authentication
- New options
- IPv6
76Coordination among multiple servers
- Becomes a distributed database problem
- Several strategies have been proposed
- Failover protocol now in development
77Dynamic DNS
- When client is allocated a new address, DNS
records need to be updated - A record Name to IP address
- PTR record IP address to name
- DHCP to be extended to allow coordination between
client and server - Which does updates?
- Error conditions?
78Security/Authentication
- Unauthorized either intentional or accidental
server can cause denial of service problems - Some sites may want to limit IP address
allocation to authorized client
79Security/Authentication
- Authentication based on shared secret key, an
authentication ticket and a message digest - Assures source of message is valid and message
hasnt been tampered with en route - Schiller/Huitema/Droms/Arbaugh proposal in process
80New options acceptance
- New options must have nonoverlapping option
codes - Codes handed out by Internet Assigned Numbers
Authority (IANA) - New mechanism will approve each new option as a
separate RFC (like TELNET)
81IPv6
- IP Version 6 (aka IPv6 or IPng) is a new internet
protocol to replace IP - Includes new features for host configuration
- Router advertisement
- Autoconfiguration
- Link-local addresses
82IPv6
- To accommodate sites that want centralized
management of addresses, DHCP for IPv6 (DHCPv6)
is being developed by the DHC WG.
83Summary
- DHCP works today as a tool for automatic
configuration of TCP/IP hosts - It is an open Internet standard and interoperable
client implementations are widely available
84Summary
- Provides automation for routine configuration
tasks, once network architect has configured
network and addressing plan - Ongoing work will extend DHCP with
authentication, DHCP-DNS interaction and
inter-server communication