DHCPConcepts

DHCP stands for Dynamic Host Configuration Protocol, a protocol used to simplify the management of TCP/IP clients on a network. With DHCP, a client can automatically obtain IP addresses, subnet masks, and other TCP/IP configuration settings from a DHCP server. This is easier than the alternativemanually configuring a static IP address for every client on your network.

For a third method of configuring TCP/IP clients, see Automatic Private IP Addressing (APIPA) under TCP/IP later in this chapter.

How DHCP Works

When a DHCP client starts up, it contacts a DHCP server and asks to lease an IP address. The DHCP server responds by selecting an available IP address from a scope , a range of addresses that it manages . The server then leases the selected address to the client for a certain period of time (eight days by default), provides the client with the subnet mask associated with the address, and optionally provides the client with additional information such as a default gateway address, addresses of DNS servers, and addresses of WINS servers. Once the client has obtained a lease, the client has to renew the lease periodically with the server to maintain its current address. If the client shuts down properly, it releases its lease and the server may offer the same address to a different client unless the address has been specifically reserved for the original client.

To really understand DHCP, you need to know what's going on with DHCP at the packet level (you can view this information using a sniffer like Network Monitor, an optional network-monitoring component of WS2003). There are four types of DHCP packets:

DHCPDISCOVER

This packet is broadcast by the client when it starts up. It contains the MAC address (physical or hardware address) and computer name of the client and essentially says, "If there is a DHCP server out there, please offer me a lease." This is repeated every five minutes until successful.

DHCPOFFER

This packet is broadcast by a DHCP server in response to a DHCPDISCOVER packet. It contains the MAC address of the DHCP client that sent the DHCPDISCOVER packet, the IP address and subnet mask being offered to the client, the duration of the lease being offered , and the IP address of the DHCP server.

DHCPREQUEST

This packet is broadcast by the client in response to the first lease offer it receives. The DHCPREQUEST packet includes the IP address of the DHCP server offering the lease and basically says, "I'll take the lease you are offering me." Other available DHCP servers also hear this message but respond to it by withdrawing their offered leases (no message sent).

DHCPACK

This packet is broadcast by the server and tells the client, "The IP address is yours for so many days." At this point the client initializes its TCP/IP stack and can begin communicating over the network.

When 50% of the lease time has expired , the DHCP client sends a DHCPREQUEST packet directly to the DHCP server requesting a renewal. If the server is available, it responds with DHCPACK and the lease clock is reset.

If the server is not available, the client waits until 87.5% of the lease time has expired and then broadcasts a DHCPDISCOVER packet that basically says, "Is there any DHCP server out there that can renew my lease?" A different server can respond with DHCPOFFER if the scope of the server overlaps the scope of the client's original DHCP server.

If 100% of the lease time expires and the client hasn't heard from any DHCP servers, it releases its address and starts broadcasting DHCPDISCOVER packets to begin the lease process anew. In the meantime, it can't use TCP/IP to communicate on the network.

If a client is shut down properly, it releases its IP address. When it restarts, it tries to renew the same address it had before. If it can't contact a DHCP server, it continues to use the address until its current lease expires. If the lease expired while the client was offline, the lease process starts from the beginning.

DHCP Terminology

To understand how DHCP works on WS2003, you need to know the following terminology:

Scope

A set of IP addresses that a DHCP server issues to clients on a particular subnet. A scope is typically a contiguous block of addresses, possibly with certain addresses excluded, such as addresses that have already been manually assigned to servers. You can create three types of scopes:

Ordinary scope (or simply scope)

Specifies a range of IP addresses (with exclusions) that can be leased to DHCP clients on a connected subnet.

Multicast scope

Can issue a multicast address to a group of computers on the network. Multicasting is used for conferencing applications, such as Microsoft Windows Media Technologies, and can be used to "broadcast" information to a specific group of computers.

Superscopes

Consist of two or more scopes grouped together so they can be administered as a single entity. Any scope within a superscope can lease an address to any client on the subnet. Superscopes are useful when you planned for a certain number of DHCP clients on your network but later discovered you had more clients than you anticipated. You can create an additional scope for the extra clients and then combine this with the original scope to create a superscope without needing to delete your old scope and create a new one. Superscopes are also useful when you need to replace an existing range of IP addresses with a new range of addresses.

Scope options

Additional TCP/IP settings issued by the DHCP server to its clients. Scope options are specified by number, and the ones commonly used on Microsoft networks are as follows :

003 Router

IP address of default gateway

006 DNS Servers

IP address of a DNS server

015 DNS Domain Name

DNS name of the client's domain

044 WINS/NBNS Servers

IP address of a WINS server

046 WINS/NBT Node Type

Method used by client for NetBIOS over TCP/IP (NetBT) name resolution

047 NetBIOS Scope ID

Local NetBIOS scope ID of client

Scope options can also be configured at four different levels:

Server level

Options configured for this level are applied to all DHCP clients managed by the DHCP server. An example would be specifying the same WINS server (option 044) for all clients no matter which subnet they reside on. Server-level options are overridden by scope- or reserved client-level options.

Scope level

Options configured for this level are applied only to clients who lease their address from the particular scope. An example would be specifying a unique default gateway address (option 003) for each subnet/scope. Scope-level options are overridden by reserved client-level options.

Class level

Options configured for this level are applied only to clients belonging to a specified class. For example, you could assign the address of a DNS server to the class of client computers running WS2003 as their operating system.

Reserved client level

Options configured for this level are applied only to the client having the particular reservation.

Reservation

An IP address is reserved by a client whose network adapter has a particular MAC address. Instead of manually assigning static IP addresses to your network servers, you can create reservations for them so they can obtain their addresses from DHCP servers but always receive the same address from the servers.

Activation

Once a scope is created on a DHCP server, it must be activated (turned on) before the server can start leasing IP addresses from the scope to clients.

Authorization

Before a DHCP server running WS2003 can lease IP addresses to clients in an Active Directory environment, it must first be authorized by a member of the Enterprise Admins group. This gives administrators an extra level of control over their networks to prevent unauthorized DHCP servers from hijacking DHCP client machines.

Implementing DHCP

To implement DHCP using a DHCP server running WS2003, you can proceed as follows:

1. Manually specify a static IP address, subnet mask, and default gateway address on a member server.

2. Use Manage Your Server to add the DHCP Server role to your member server.

3. Authorize your DHCP server in Active Directory.

4. Create a scope on your DHCP server, excluding any IP addresses from the scope as necessary and configuring any scope options required by clients.

5. Create reservations for DHCP clients such as mail servers that must always lease the same IP address.

6. Activate the scope you created.

7. Configure client computers to obtain their IP addresses automatically from a DHCP server.

If you have configured your routers to forward DHCP traffic, you may need only one DHCP server for your entire network. Although DHCP traffic is mostly of the broadcast type, it's not very heavy unless you have a large number of DHCP clients and the lease period is very short. If your routers block DHCP traffic on UDP ports 67 and 68, you need either a DHCP server on each subnet or DHCP relay agents (described later in this section). For fault tolerance, it's a good idea to have two DHCP servers on your network, one with 80% of the available addresses and the other with 20%, something called the 80/20 rule.

DHCP servers can work together with DNS servers to combine and simplify the administration of both IP addresses and DNS names for clients on your network. See DNS later in this chapter for more information.

Dynamic Updates

Dynamic updates link DHCP and DNS servers together to simplify the task of configuring DNS on DHCP clients. When a client is configured to use dynamic updates, it can either update its DNS information on the DNS server directly or ask the DHCP server to do this on its behalf . By default, WS2003 DHCP servers are configured to perform dynamic updates only when (and how) DHCP clients request such updates. They are also configured to discard such DNS information when DHCP leases expire. Versions of Windows that support dynamic updates include WS2003, XP, and W2K.

If you have downlevel (NT) or legacy (Windows 95/98) systems configured as DHCP clients, you can also configure DHCP servers to dynamically update DNS information for these clients as well, though this is not the default behavior for DHCP servers.

DHCP Relay Agents

DHCP relay agents are machines that listen for lease requests from DHCP clients on their own subnet and forward these requests to a DHCP server located on a different subnet. Consider a DHCP client on subnet A requesting a lease from a DHCP server on subnet B via a DHCP relay agent configured on subnet A:

1. The client on subnet A broadcasts a DHCPDISCOVER packet on its subnet.

2. The relay agent on subnet A hears the client's DHCPDISCOVER broadcast, picks up the packet, readdresses it using directed (not broadcast) IP to the DHCP server on subnet B, and sends it off.

3. The packet from the relay agent is forwarded by the router from subnet A to subnet B (since routers forward directed traffic but typically block broadcast traffic).

4. The DHCP server on subnet B receives the DHCPDISCOVER packet from the relay agent. Instead of responding with a broadcast DHCPOFFER packet, it sends the DHCPOFFER packet directly to the relay agent on subnet A.

5. The relay agent on subnet A receives the DHCPOFFER packet from the server, readdresses it as a local subnet broadcast, and broadcasts the packet to subnet A.

6. The client on subnet A hears the DHCPOFFER packet broadcast by the relay agent but interprets it as if it were broadcast by a DHCP server on its subnet. (The relay agent thus acts as a proxy for the DHCP server.)

7. The client responds by broadcasting a DHCPREQUEST packet and the process continueswith the relay agent acting as a proxyuntil the client can lease an address.