DHCP clients lease the IP configuration information from the DHCP server for an administratively defined period. When the lease duration is expired, the client must request for another address, and it is normally reassigned with the same IP address.
DHCP servers are normally setup to assign IP addresses from predefined pool. DHCP servers can also provide other information, eg: default gateway address, DNS server addresses, WINS (NetBIOS) server addresses, and domain names.
Note: WINS is typically used to resolve a NetBIOS name to an IP address.
DHCP is a superset of BOOTP; it uses the same protocol structure as BOOTP with many enhancements. The 2 major enhancements are support for address pools and lease time.
The DHCP Operation
Below shows the typical operation of DHCP:
1) HostA (a DHCP client) requests an IP address upon system startup or a network cable is connected. It tries to locate a DHCP server by sending a DHCPDiscovery broadcast. DHCPDiscovery messages are sent as FFFF.FFFF.FFFF L2 broadcast and 255.255.255.255 L3 broadcast.
2) Upon received the DHCPDiscovery broadcast, the DHCP server determines whether it can service the request with its own database. If yes, the DHCP server offers the client IP configuration in the form of a DHCPOffer unicast; if no, the server may relay and forward the request to other configured DHCP server(s). The DHCPOffer is a proposed configuration that may include IP address, DNS server addresses, and lease time.
3) The DHCP client sends a DHCPRequest broadcast to request the IP parameters specified in the DHCPOffer. Broadcast instead of unicast is used, as the DHCPDiscovery broadcast might have reach multiple DHCP servers and multiple offers have been made. The DHCPRequest broadcast informs all DHCP servers which offer was accepted (usually the first offer received) and the client declining other offers.
4) Upon received the DHCPRequest, the DHCP server makes the configuration official by sending a DHCPACK unicast. The DHCP client begins to use the assigned address upon it received the DHCPACK. It is possible but very unlikely that the DHCP server does not send the DHCPACK due to the information might have been leased to another client. The server can also respond with a DHCPNACK message, which informs the client that the offer is no longer valid and the client should request addressing information again.
Note: DHCPOffer and DHCPACK messages are broadcasts instead of unicasts when the Broadcast bit in the DHCPDiscovery message is set.
It is unable to predict which DHCP server will respond to the DHCPDiscovery broadcast message of a DHCP client when multiple DHCP servers are active on the same network. A DHCPOffer for an IP address from the DHCP server is not guarantee that it will be allocated to the client; but the DHCP server usually reserves the IP address until the DHCP client has formally accept the offer and use the IP address.
By default, a Cisco IOS DHCP server always perform server-based conflict detection by issuing 2 ICMP Echo Requests (ping) to verify that an address is not in use before it is being offered to a DHCP client. The purpose is to avoid potential IP address conflict due to statically configured address. The timeout of those pings is 500 milliseconds. If the ping times out, the address will be assigned; if an ICMP Echo Reply returns, the address should not be assigned! The ip dhcp ping packets {0 – 10} and the ip dhcp ping timeout {timeout-value} global configuration commands modify the default values. This conflict detection mechanism using ICMP Echo Request / Reply can be disabled by specifying 0 as the value for ping packets.
Gratuitous ARP is an ARP request that is sent out from a host to resolve its own IP address. A host always sends out multiple Gratuitous ARP requests upon boot up or link up to detect duplicate address before using an IP address in order to avoid IP conflict. Normally there should be no Gratuitous ARP reply, as there should not be another host that is also configured with the same IP address as the Gratuitous ARP sender. Gratuitous ARP is normally being used in client-based IP conflict detection. A client will send DHCPDecline when it detects there will be an IP address conflict when using an offered IP address.
A Gratuitous ARP Request (and Reply) comprises of source MAC address of the sender, destination MAC address FFFF.FFFF.FFFF, and source and destination IP addresses of the sender.
Note: The destination IP address of a normal ARP request is the IP address to be resolved.
An existing host in a network would detect an IP address conflict when it receives a Gratuitous ARP request that comprises of a source IP address that matches its IP address.
Another usage of Gratuitous ARP is ARP Table Update. When a clustering or high-availability solution moves an IP address from an NIC to another NIC (resides on the same or different host), it will broadcast Gratuitous ARP replies destined to the network layer broadcast address (eg: 192.168.0.255) to inform other hosts to update their ARP tables with the new MAC address.
Note: Gratuitous ARP reply is also being sent upon issuing the clear arp privileged command.
Most DHCP deployments use the dynamic method to assign IP addresses to hosts for a limited period of time (lease period) or until the hosts voluntarily and explicitly release the IP addresses. This mechanism supports automatic address reuse when the host to which the IP address has been assigned no longer requires the IP address.
DHCP supports 2 other address allocation mechanisms as below:
- Automatic – DHCP chooses an IP address from an address pool, and the IP address assignment for a host is permanent. This method requires the setup of database agents.
- Manual – The network admin assigns and maps an IP address to a specific MAC address. The primary responsibility of DHCP is simply delivering the appropriate IP addresses to the corresponding hosts. Manual bindings cannot be configured within the same pool that is configured for automatic bindings.
An address binding is the mapping between the IP address and MAC address of a client. The IP address of the client can be configured by the network admin (manual binding) or automatic assigned via a DHCP pool. Cisco IOS devices store the address pools in NVRAM, and therefore retained upon router reboots. There is no limit on the number of address pools.
Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called the database agent, which is any host that stores the DHCP binding database. The bindings are saved as static mapping text entries for easy maintenance. The typical database agents are TFTP server, FTP server, and RCP server. Multiple DHCP database agents and the interval between database updates and transfers for each agent can be configured.
Cisco strongly recommended using database agents; however, Chris Bryant (CCIE#12933) has encountered unpredictable results when setting up database agents in lab environments!
The ip dhcp database {url} [timeout seconds | write-delay seconds] DHCP subcommand configures a Cisco IOS DHCP server to save automatic bindings on a database agent. The write-delay keyword specifies the period of time to wait before writing database changes.
When we choose not to use database agents, it is recommended to disable DHCP conflict logging which records the address conflicts on the DHCP server using the no ip dhcp conflict logging global configuration command. Because if conflict logging is enabled but no database agent is configured, automatic bindings are lost upon router reboots. Possible false conflicts can occur and cause the address to be removed from the address pool until the network admin intervenes.
Manual bindings which are simply address pools are also stored in NVRAM and retained upon router reboots; and there is no limit on the number of manual bindings.
Sample Cisco IOS DHCP manual binding configuration:
Router(config)#ip dhcp pool manual-binding01 Router(dhcp-config)#host ? A.B.C.D IP address in dotted-decimal notation Router(dhcp-config)#host 192.168.1.101 ? /nn or A.B.C.D Network mask or prefix lengthRouter(dhcp-config)#host 192.168.1.101 Router(dhcp-config)#hardware-address ? WORD Dotted-hexadecimal string (aabb.ccdd.eeff ...) Router(dhcp-config)#hardware-address 1122.3344.5566 Router(dhcp-config)#hardware-address 1122.3344.5566 ? <0-255> ARP hardware type from "Assigned Numbers" RFC ethernet 10Mb Ethernet ieee802 IEEE 802 networks Router(dhcp-config)#hardware-address 1122.3344.5566 ethernet Router(dhcp-config)#client-name IT-Manager Router(dhcp-config)#end Router# Router#sh run --- output omitted --- ! ip dhcp pool manual-binding01 host 192.168.1.1 255.255.255.0 hardware-address 1122.3344.5566 client-name IT-Manager ! --- output omitted ---
Attribute Inheritance. The DHCP database is organized as a tree. The root of the tree is the network address pools, branches are subnetwork address pools, and leaves are manual bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters, eg: domain name, should be configured at the highest level (network or subnetwork) of the tree. Inherited parameters can be overridden – if a parameter is defined in both the network and subnetwork, the definition of the subnetwork is used. Address leases are not inherited. If a lease is not specified for an IP address, the DHCP server assigns a one-day lease for the IP address by default.
Configuration parameters and other control information are carried in tagged data items that are stored in the Options fields of the DHCP messages. Options provide a method for appending additional information and therefore are often being utilized by DHCP vendors to provide additional information that is not designed into the DHCP protocol to their DHCP clients.
The Cisco IOS DHCP server accepts address assignment requests and renewals and assigns the IP addresses from predefined address groups contained within the DHCP address pools. These address pools can also be configured to provide additional info to the requesting clients, eg: the IP address of the default gateway router, the DNS server, and other useful parameters. The Cisco IOS DHCP server is able to accept broadcasts from locally-attached LAN segments and DHCP requests that have been forwarded by other DHCP relay agents on the network.
The Cisco IOS DHCP server is able to allocate dynamic IP addresses based on the DHCP Option 82 – DHCP Relay Agent Information Option sent by the DHCP relay agents. Automatic DHCP address allocation is typically based on an IP address, whether it be the gateway address (in the giaddr field of the DHCP packet) or the incoming interface IP address. Sometimes it is necessary to use additional information to determine the IP address allocation. By using DHCP Option 82, the Cisco IOS relay agent is able to include additional information about itself when forwarding the client-originated DHCP packets to a DHCP server. The Cisco IOS DHCP server can then utilizes the additional information in DHCP Option 82 to allocate IP addresses to DHCP clients appropriately.
Sample Cisco IOS DHCP configuration:
Router(config)#ip dhcp pool GndFloor_DHCPPool Router(dhcp-config)#network 172.16.1.0 255.255.255.0 Router(dhcp-config)#domain-name cisco.com Router(dhcp-config)#default-router 172.16.1.1 Router(dhcp-config)#dns-server 172.16.1.11 172.16.1.12 Router(dhcp-config)#netbios-name-server 172.16.1.11 172.16.1.12 Router(dhcp-config)#lease 8 Router(dhcp-config)#exit Router(config)#ip dhcp excluded-address 172.16.1.1 172.16.1.50 Router(config)#ip dhcp excluded-address 172.16.1.201 172.16.1.254 Router(config)#end Router#Note: The DHCP pool configuration mode is identified by the Router(dhcp-config)# prompt; the prompt is not Router(config-dhcp)# as we might expect.
The [no] service dhcp global configuration command enables or disables the Cisco IOS DHCP server and relay agent processes respectively. Both services are enabled by default.
The ip dhcp pool {pool-name} global configuration command defines a pool of addresses to be leased to hosts.
The network {network-number} {network-mask | prefix-length} DHCP subcommand is used to define the range of addresses to be leased to hosts. The ip dhcp excluded-address {start-ip-addr} [end-ip-addr] global configuration command reserves IP addresses that are statically assigned to devices and hence exclude them from the DHCP pool to reduce conflicts.
Cisco IOS DHCP server configuration supports up to 8 default gateways, 8 DNS servers, and 8 Microsoft NetBIOS WINS (Windows Internet Name Service) servers.
The lease {days [hours] [mins] | infinite} DHCP subcommand defines the duration of the DHCP lease time. The default lease time is 1 day. The DHCP lease can also be made indefinite. The lease time specifies a time period that the client is allowed to use the IP address.
The show ip dhcp pool [pool-name] EXEC command displays information of the DHCP address pools.
The show ip dhcp binding [ip-addr] EXEC command displays address bindings (MAC to IP address), the lease expiration, and the lease type (how the IP address was assigned). Lease bindings are automatically created and released.
The show ip dhcp conflict EXEC command displays address conflicts with the corresponding detection method and detection time.
In the past, each Cisco IOS DHCP server must be configured with all the parameters and options. The Cisco IOS has been revised and enhanced to allow remote Cisco IOS DHCP servers to import option parameters from a centralized server. Network administrators can now configure one or more centralized DHCP servers to update specific DHCP options within the DHCP pools. The remote DHCP servers can then request or import these option parameters from the centralized DHCP servers.
No comments:
Post a Comment