DHCP Managed Configuration of TCPIP Hosts

1
DHCP Managed Configuration of TCP/IP Hosts

• Richard Perlman
• perl_at_lucent.com

2
Outline

• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP

3
Purpose of DHCP

• From RFC2131 The Dynamic Host Configuration
  Protocol (DHCP) provides a framework for passing
  configuration information to hosts on a TCP/IP
  network. DHCP consists of two components a
  protocol for delivering host-specific
  configuration parameters from a DHCP server to a
  host and a mechanism for allocation of network
  addresses to hosts.

4
DHCP functional goals

• A host without a valid IP address locates and
  communicates with a DHCP server
• A DHCP server passes configuration parameters,
  including an IP address, to the host
• The DHCP server may dynamically allocate
  addresses to hosts and reuse addresses

5
DHCP functional goals

• Hosts can detect when they require a new IP
  address
• Unavailability of DHCP server has minimal effect
  on operation of hosts

6
What does DHCP do?

• Provides protocol stack, application and other
  configuration parameters to hosts
• Eliminates need for individual, manual
  configuration for hosts
• Includes administrative controls for network
  administrators

7
What does DHCP do?

• Backward compatible packet format for BOOTP
  interoperation (RFC 1542)
• Can coexist with hosts that have pre-assigned IP
  addresses and hosts that do not participate in
  DHCP

8
Design Goals

• Eliminate manual configuration of hosts
• Prevent use of any IP address by more than one
  host
• Should not require a server on every subnet
• Allow for multiple servers

9
Design Goals

• Provide a mechanism, not a policy
• Provide same configuration - including IP
  address - to a host whenever possible

10
What can you do with DHCP

• Plug-and-play
• Move desktop PCs between offices
• Renumber
• Other restructuring - change subnet masks
• Mobile IP - laptops
• Moving equipment - cartable

11
What DHCP doesnt do

• Support multiple addresses per interface
• Inform running host that parameters have changed
• Propagate new addresses to DNS
• Support inter-server communication
• Provide authenticated message delivery

12
What DHCP doesnt do

• Configure routers and other network equipment
• Design network addressing plan
• Determine other configuration parameters
• Locate other servers

13
Outline

• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP

14
What is DHCP and where does it come from?

• Internet Engineering Task Force (IETF)
• Dynamic Host Configuration Working Group (DHC WG)
• BOOTP

15
IETF standards

• Formal process for development, review and
  acceptance of TCP/IP protocol suite standards
• Initial specifications published as Internet
  Drafts (I-Ds)
• Accepted specifications published as Request for
  Comments (RFCs)

16
Protocol status

• DHCP has been accepted as a Draft Standard the
  specifications are published in
• RFC 2131 Dynamic Host Configuration Protocol
• RFC 2132 DHCP Options and BOOTP Vendor
  Extensions
• Several additional options are in development

17
Implementation status

• DHCP is an open standard, with freely available
  specifications
• Can be (and has been) implemented entirely from
  the specification
• Commercial implementations are widely available
• Non-commerical implementations are also available

18
DHCP Resources

• Compilation of DHCP-related WWW links and other
  information
• http//www.dhcp.org
• DHCP FAQ (maintained by John Wobus)
• dhcp-v4_at_bucknell.edu mailing list (admin requests
  to listserv_at_bucknell.edu)

19
DHCP Resources

• IETF information can be retrieved from
• http//www.ietf.cnri.reston.va.us
• I-Ds and RFCs can also be retrieved from
• http//www.rfc-editor.org

20
Related work

• RARP/DRARP
• TFTP
• ICMP
• Router Discovery
• Mobile IP
• Wireless/cellular IP

21
Outline

• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP

22
Generic Startup, Inc. GSI

• GSI is a mediumsized startup with about 200
  employees
• Internal TCP/IP network intranet
• Network Architect is responsible for network
  design, planning and operation

23
Intranet architecture

• Intranet uses Ethernet throughout
• 5 internal Ethernet segments
• 4 segments for desktops
• 1 segment for servers
• Connected through single router

24
TCP/IP addressing

• Network architect has obtained Class C network
  address 201.155.7.0 for GSI
• Subnetted for segments
• /27 subnet mask
• 8 possible subnets, 32 hosts per subnet

25
Intranet addressing
201.157.7.64
201.157.7.192
Router
201.157.7.128
201.157.7.96
201.157.7.32
26
DHCP on the GSI intranet

• Network architect plans addressing scheme and
  locations of servers
• DHCP server attached to 201.157.7.192 subnet
• Desktop clients contact server at startup for IP
  address and configuration parameters

27
GSI uses DHCP to

• Configure new computers
• Reconfigure relocated computers
• Accommodate laptops
• Renumber network

28
Planning for DHCP

• Preparation for DHCP requires careful planning
• IP addressing strategy
• Consider current needs
• Allow for growth
• Network architect configures rules for addressing
  strategy into DHCP server

29
Newly installed computer

• Newly installed computer locates DHCP server
• Server consults address scheme rules
• Picks an address
• Determines other configuration parameters
• Plug-and-play

30
Newly installed computer
201.157.7.198
Router
DHCP server
201.157.7.96
New computer
31
Relocated computer

• Computer retains address
• When restarted, computer checks with server to
  confirm address
• If address OK, computer retains old address
• If computer attached to different subnet, obtains
  new address

32
Relocated computer
201.157.7.98
201.157.7.64
201.157.7.198
Router
DHCP server
201.157.7.96
33
Using DHCP with legacy equipment

• DHCP server not required to make every address on
  a subnet available for allocation
• DHCP server not required to answer every incoming
  request
• Network architect can configure server to reserve
  (not allocate) addresses

34
Growth new computers on a subnet

• So GSI grows and hires new employees
• Each gets a new computer new computers are
  allocated addresses from DHCP pool
• Suppose addresses in a subnet are all allocated?

35
DHCP and new computers

• DHCP server will hand out all available addresses
• Limited number of addresses can be shared (if all
  computers not on simultaneously)
• Eventually, network architect will have to
  allocate more addresses

36
Reusing addresses

• Server can reuse abandoned addresses
• Address initially allocated for fixed time called
  a lease
• Client can extend lease
• If lease expires, server can reallocate
• Reallocation only when necessary (e.g., LRU) is a
  good idea

37
Growth multiple IP networks on a subnet

• /27 subnet accommodates only 30 computers
• Suppose application development group grows to
  40?
• Add second IP subnet to existing Ethernet segment

38
Multiple IP networks on a subnet
201.157.7.64
201.157.7.192
Router
201.157.7.128
201.157.7.96 201.157.7.160
201.157.7.32
39
Reconfiguring the server for multiple networks

• Server configuration file defines multiple
  subnets and address pools on one physical segment
• Server chooses address from pools for the segment
• Server checks DHCP client address against all
  subnets on the segment

40
Growth changing subnet masks

• In some cases, subnet growth can be managed with
  a change to the subnet mask
• 201.157.7.128/27 and 201.157.7.160/27 can be
  combined into 201.157.7.128/26
• Network infrastructure must accommodate VLSMs
• Must change subnet masks on attached clients

41
Passing new subnet masks to clients

• At next reboot, DHCP client will contact server
• Server returns new subnet mask with
  acknowledgment
• Client records and uses new mask

42
Growth renumbering

• Eventually, GIS network architect obtains second
  class C address 202.5.77.0
• Subnet numbers are reallocated among network
  segments
• Many computers now on wrong subnet

43
Renumbered GSI network
201.157.7.64
201.157.7.128
Router
201.157.7.32
202.5.77.64
202.5.77.128
201.157.7.98
44
Using DHCP for renumbering

• Set up plan for renumbering
• New network architecture
• Network addresses, server addresses
• Timing of cutovers
• Force DHCP clients to contact server for
  notification about new address
• Set short leases
• Require all clients be rebooted

45
Using DHCP for renumbering

• Rebooting, although not elegant, probably most
  reliable
• Schedule subnet cutover for overnight or weekend,
  force reboot through alternate protocol (e.g..,
  email to all users)

46
Outline

• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP

47
Server manages client configurations

• Provide a variety of mechanisms for controlled
  configuration
• Can override default parameters from Host
  Requirements

48
Address allocation

• Static (BOOTP) client must be pre-configured
  into database
• Automatic server can allocate new address to
  client
• Dynamic server can allocate and reuse addresses

49
Leases

• Dynamic addresses are allocated for a period of
  time known as the lease
• Client is allowed to use the address until the
  lease expires

50
Leases

• Client MUST NOT use the address after the lease
  expires, even if there are active connections
  using the address
• Server MUST NOT reuse the address before the
  lease expires

51
Motivation for leases

• An IP internet may not always be completely
  operational there may not always be connectivity
  between any two hosts, so
• Cant use distributed (client-based) assignment
  of addresses
• Cant use address defense before server reuse
  of addresses

52
Motivation for leases

• Leases guarantee an agreement as to when an
  address may be safely reused even if the server
  cant contact the client

53
Address reuse

• Server MAY choose to reuse an address by
  reassigning it to a different client after the
  lease has expired
• Server can check using ICMP echo to see if the
  address is still in use (but no response is not a
  definitive answer!)

54
Address reuse

• Allows address sharing
• From old computers replaced by new ones
• Among a pool of computers not always using TCP/IP
• For transient hosts like laptops

55
Address allocation details

• Clients check on address validity at reboot time
  (renumbering)
• Clients can extend the lease on an address at
  startup time

56
Address allocation details

• Clients can extend the lease on an address as
  expiration time approaches (without closing and
  restarting existing connections)
• Clients with addresses that have been configured
  manually can use DHCP to obtain other
  configuration parameters

57
Four ways a client uses DHCP

• INIT - acquire an IP address and configuration
  information
• INIT-REBOOT - confirm validity of previously
  acquired address and configuration
• RENEWING - extend a lease from the original
  server
• REBINDING - extend a lease from any server

58
Obtaining an initial address

• Client broadcasts DISCOVER to locate servers
• Server chooses address and replies
• Client selects a server and sends REQUEST for
  address
• Server commits allocation and returns ACK

59
Rebooting client

• Client puts address in REQUEST and broadcasts
• Server checks validity and returns ACK with
  parameters
• If client address is invalid e.g., client is
  attached to a new network server replies with
  NAK and client restarts

60
Extending a lease

• Client puts requested lease extension in REQUEST
  and sends to server
• Server commits extension and returns ACK with
  parameters

61
DHCP options

• Options carry additional configuration
  information to client
• DHCP message type
• Subnet mask, default routers, DNS server
• Many others
• Carried as fields in DHCP message

62
Configuration with options

• Network architect configures server to select and
  return options and values
• Client can explicitly request specific options

63
Relay agents

• Using hardware and IP broadcast still limits DHCP
  message from client to single physical network
• Relay agent, on same subnet as client, forwards
  DHCP messages between clients and servers

64
Relay agents

• Relay agent and server exchange messages using
  unicast UDP
• Servers can be located anywhere on intranet
• Servers can be centrally located for ease of
  administration
• Very simple in function, implementation
• Usually, but not necessarily, located in routers

65
Outline

• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP

66
Using multiple servers

• Clients must be implemented for multiple servers
  e.g., receiving multiple OFFER messages
• Using multiple servers can provide increased
  reliability through redundancy

67
Using multiple servers

• All coordination must be managed by DHCP
  administrator
• Distributed database
• Off-line batch updates
• Manually

68
Strategies for using multiple servers

• Split address pool for each subnet among servers
• Coordinate leases off-line
• Reallocate addresses when needed

69
Lease times and strategies

• Choice of lease times made by DHCP administrator
• Long lease times decrease traffic and server
  load, short lease times increase flexibility

70
Lease times and strategies

• Should choose lease time allow for server
  unavailability
• Allows clients to use old addresses
• For example, long enough to span weekends
• Can assign different leases to desktop computers,
  cartable systems and laptops

71
Changing other configuration parameters

• Other configuration parameters such as print
  servers may change
• Reconfigure DHCP server with new parameters
• At next reconfirmation, clients will get new
  addresses

72
Moving a client to a new location

• User may get moved to a new location on a
  different subnet
• User may arrange to move computer system without
  contacting network administrator
• DHCP will allocate address for new location

73
Moving a client to a new location

• What about old lease?
• New server can notify network administrator about
  address allocation
• Client can issue RELEASE before moving from old
  location
• Or, might be appropriate to leave old lease in
  place

74
Replacing a system

• User may get new computer on desktop
• Network administrator wants to allocate same IP
  address to the new computer but, new computer
  will have different hardware address
• Use client id as system identifier and transfer
  to new system

75
Limitations to DHCP
Opportunities for enhancement

• Coordination among multiple servers
• DHCP interaction with DNS
• Security/authentication
• New options
• IPv6

76
Coordination among multiple servers

• Becomes a distributed database problem
• Several strategies have been proposed
• Failover protocol now in development

77
Dynamic DNS

• When client is allocated a new address, DNS
  records need to be updated
• A record Name to IP address
• PTR record IP address to name
• DHCP to be extended to allow coordination between
  client and server
• Which does updates?
• Error conditions?

78
Security/Authentication

• Unauthorized either intentional or accidental
  server can cause denial of service problems
• Some sites may want to limit IP address
  allocation to authorized client

79
Security/Authentication

• Authentication based on shared secret key, an
  authentication ticket and a message digest
• Assures source of message is valid and message
  hasnt been tampered with en route
• Schiller/Huitema/Droms/Arbaugh proposal in process

80
New options acceptance

• New options must have nonoverlapping option
  codes
• Codes handed out by Internet Assigned Numbers
  Authority (IANA)
• New mechanism will approve each new option as a
  separate RFC (like TELNET)

81
IPv6

• IP Version 6 (aka IPv6 or IPng) is a new internet
  protocol to replace IP
• Includes new features for host configuration
• Router advertisement
• Autoconfiguration
• Link-local addresses

82
IPv6

• To accommodate sites that want centralized
  management of addresses, DHCP for IPv6 (DHCPv6)
  is being developed by the DHC WG.

83
Summary

• DHCP works today as a tool for automatic
  configuration of TCP/IP hosts
• It is an open Internet standard and interoperable
  client implementations are widely available

84
Summary

• Provides automation for routine configuration
  tasks, once network architect has configured
  network and addressing plan
• Ongoing work will extend DHCP with
  authentication, DHCP-DNS interaction and
  inter-server communication

85
(No Transcript)