Dynamic Host Configuration Protocol (DHCP)

Amazingly little is known about the DHCP service, although it is used in virtually all organizations. The service itself has simple beginnings but has evolved to become an important component in a network environment. Further study into the background and functionality of DHCP is warranted.

Detailing the Need for DHCP

The day-to-day operations of TCP/IP can be complex, as clients must be able to receive and update their network information on a regular basis to keep in step with changes to a network. Each object in a TCP/IP environment requires a unique address that defines its location and provides for a means of routing network packets from place to place. This address, or IP address, must be assigned to each client in a network to allow the clients to communicate using TCP/IP. In the past, many IP addresses were manually distributed as new clients were added to a network. This required a large amount of administrative overhead to maintain, and often resulted in problems in configuration caused by simple typographical errors and basic human error.

An automatic method for distributing IP addresses to clients was subsequently sought as the administrative advantages of such a system were obvious. The search for such a system led to the predecessors of DHCP: RARP and BOOTP.

DHCP Predecessors: RARP and BOOTP

The need for dynamic allocation of IP addresses to clients was first addressed by the Reverse Address Resolution Protocol (RARP). RARP simply allocated an IP address to a client after that client requested it through a network broadcast. This protocol was quickly discovered to be ineffective, however, because it did not route beyond a single network and could assign only IP addresses, and not subnet masks, gateways, or other important information for TCP/IP.

The successor to RARP was the Bootstrap Protocol (BOOTP), which improved the dynamic assignment of IP addresses by allowing for routing through different networks and used a concept called a magic cookie, a 64-byte portion of the BOOTP packet that contained configuration information such as subnet mask, DNS server designations, and so on. This protocol was a drastic improvement over RARP but was still limited in a few functional areasnamely, in the fact that the database was not dynamic and was stored in a static text file, which limited its usability.

The DHCP Server Service

The Dynamic Host Configuration Protocol (DHCP) was developed as an improvement to BOOTP. In fact, a DHCP packet is almost identical to a BOOTP packet, except for the modification of the magic cookie portion of a packet, which was expanded in size to accommodate additional options such as DNS server, WINS server, and so on.

The DHCP process in itself is straightforward. A client boots up, and a broadcast request is sent out to all nodes on a subnet for which a dynamic IP address is required. The server, which is listening to these broadcasts on UDP port 67, responds to the client request by issuing an IP address in a predefined range, as illustrated in Figure 10.1.

In addition to an IP address, all options that are defined on the server scope are issued to a client. This includes DNS servers, WINS servers, gateways, subnet masks, and many other possibilities. If these options are issued automatically, the chance for errors is lessened and the entire IP address assignment becomes automated, decreasing administrative overhead.

The DHCP Client Service

The server portion of DHCP is only half of the equation in a DHCP transaction. The request for an IP address comes from a specific interface known as the DHCP client. The client is installed with TCP/IP in Windows 2000 and higher clients and can be installed as an additional component in down-level clients.

The DHCP client, as previously mentioned, handles the communications with the DHCP Server service, in terms of handling IP requests and updates. Each iteration of the Windows client includes a different DHCP client, and there are slight variations in the functionality of each client; however, the overall functionto apply for and receive an IP address from a DHCP serverremains the same in each Windows client.

Automatic Private IP Addressing (APIPA)

The Client/Server service has been updated in Windows 2000 clients and higher, enabling it to automatically assign itself an IP address if no server is available; it does so through a process called Automatic Private IP Addressing (APIPA). APIPA clients automatically assign themselves an IP address in the 169.254.0.0/16 range in this situation, which allows them to have basic TCP/IP connectivity in small networks.

APIPA may be problematic in larger networks because it forces clients to assign themselves addresses in a range that is normally not part of a local company subnet. If a DHCP server is down, clients that are attempting to renew a lease with the server will fail and automatically assign themselves an APIPA address. When the server comes back online, they will not immediately re-register themselves and will effectively be cut off from the network. Subsequently, Microsoft supplies a Registry key that will disable APIPA in this situation. The key to be created is

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<AdapterName>\ _IPAutoconfigurationEnabled:REG_DWORD=0 

You can create this key by following these steps on the client:

Note

APIPA can also be effectively disabled in Windows XP clients through an alternate IP configuration, which allows for the designation of a static IP address if DHCP is unavailable. You can find more information on this concept later in this chapter.

DHCP Relay Agents

Because DHCP clients use network broadcasts to seek out DHCP servers, it is important that this traffic is routed properly on a network with multiple subnets. Effectively, this means that there must be some type of agent to detect DHCP broadcast packets and forward them to the appropriate DHCP server, if it is located on another network. For Cisco routers, for example, this takes the form of an ip-helper enTRy in the router configuration that designates the destination IP address for broadcast packets to be forwarded to. If this type of router configuration is not utilized, a Windows server running the Routing and Remote Access service must be configured as a DHCP relay agent, as illustrated in Figure 10.2.

Note

In most real-world implementations of DHCP, the routers between network segments are configured to forward client DHCP broadcast packets directly to the DHCP server. In large organizations, it is therefore important to include the network architecture team in any discussions on DHCP design.

DHCP and Dynamic DNS

Using the DNS Service in Windows Server 2003, clients can automatically register themselves in the DNS database through a mechanism called Dynamic DNS (DDNS). For more information on this concept, refer to Chapter 9.

DHCP in Windows Server 2003 integrates directly with DDNS to provide for automatic registration of clients into DNS. By default, all Windows 2000 or higher clients will perform this function by themselves, but DHCP can be configured to allow for the Server service to update the Dynamic DNS record for the client if that client is unable to perform the update itself. This option can be turned on and off at the server level, through the DHCP Manager MMC.

Installing DHCP and Creating New Scopes

DHCP installation has always been a straightforward process. In Windows Server 2003, installation has been even more streamlined through the use of the Configure Your Server Wizard. This wizard installs the DHCP Server service and automatically invokes the New Scope Wizard, which can be used to establish and configure DHCP scopes. To establish a Windows Server 2003 system as a DHCP server, follow these steps:

1.	Choose Start, All Programs, Administrative Tools, Configure Your Server Wizard.
2.	Click Next at the Welcome screen.
3.	Verify the preliminary steps and click Next to continue. A network test will be completed at this point.
4.	Select DHCP Server and click Next.
5.	Verify the options on the next screen, as illustrated in Figure 10.3, and click Next. Figure 10.3. Verifying options for DHCP install.
6.	At this point, the New Scope Wizard will be invoked and the process of configuring a scope will begin. Click Next to continue.
7.	Type a name for the scope and enter a description. The names should be descriptive, such as 10.1.1.0/24 Scope. Click Next to continue.
8.	Enter the range in which the scope will distribute IP addresses. In addition, type in a subnet mask for the subnet in question, as illustrated in Figure 10.4. Click Next to continue. Figure 10.4. Defining the address in the New Scope Wizard.
9.	Enter any exclusion ranges, if necessary. This range will identify any addresses that fall in the scope range that will not be utilized for the client leases. Click Next when finished.
10.	Enter a duration time for the lease. This information will indicate how often clients must renew their DHCP leases. Click Next to continue.
11.	At the next screen, you can add DHCP options to the scope. In this example, configure a gateway, a WINS server, and a DNS server as options for the scope, so choose Yes, I Want to Configure These Options Now and click Next.
12.	Enter the IP address of the default gateway to be used on this subnet and click Next.
13.	Enter the necessary information into the DNS server information fields and click Next when finished.
14.	Enter the WINS server information on the next screen and click Next when finished.
15.	Select whether the scope will be activated immediately or later. In this case, because the server has not been authorized, choose to activate later. After the change, click Next to continue.
16.	Click Finish to close the wizard.
17.	The Configure Your Server Wizard then indicates that the server has successfully become a DHCP server, as indicated in Figure 10.5. Click Finish to close the wizard. Figure 10.5. Completion of the Configure Your Server Wizard for DHCP.

Note

Because DHCP can potentially "steal" valid clients from a production network, it is recommended that all tests utilizing DHCP be conducted in a lab environment. In addition, testing in production will be difficult because the Authorization component of DHCP will also make it impossible to enable scopes on a Windows Server 2003 DHCP server, as described in the "DHCP Authorization" section later in this chapter.