Embed Size (px)
Citation preview
BZUPAGES.COM
BOOTP and DHCPBOOTP and DHCP
The Bootstrap Protocol (BOOTP) is a The Bootstrap Protocol (BOOTP) is a client/server protocol that configures a client/server protocol that configures a diskless computer or a computer that is diskless computer or a computer that is booted for the first time. BOOTP provides the booted for the first time. BOOTP provides the IP address, net mask, the address of a default IP address, net mask, the address of a default router, and the address of a name server.router, and the address of a name server.
BZUPAGES.COM
Client and server on the same network
BZUPAGES.COM
Client and server on two different networks
BZUPAGES.COM
BOOTP packet format
BZUPAGES.COM
IntroductionEvery computer on a TCP/IP network must have a unique IP address. The IP address identifies both the host computer and the subnet to which it is attached. When you move a computer to a different subnet, the IP address must be changed. DHCP allows you to dynamically assign an IP address to a client from a DHCP server IP address database:
BZUPAGES.COM
DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options.
Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network.
DHCP captures the behavior of BOOTP relay agents and DHCP participants can interoperate with BOOTP participants.
BZUPAGES.COM
DHCP was created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (IETF).
It was first defined in RFC 1531 October 1993 written by Ralph Droms at Bucknell University. Then, RFC 1541 in same month, same year.
In March 1997, he made some changes in RFC 2131.
History of DHCP
BZUPAGES.COM
DHCP is an extension of Bootstrap protocol (BOOTP)
BOOTP allows a diskless client machine to discover its own IP address, the address of a server host, and the name of a file to be loaded into memory and executed.
BOOTP
BZUPAGES.COM
Similarities of DHCP and BOOTP:
- - Client/server model
- Nearly identical message structure
(BOOTP/DHCP relay agent usually treat their messages as the same
message type without differentiating them)
- UDP port numbers(67/68)
(Both BOOTP and DHCP servers use UDP port 67 to listen for and
receive client request messages. And both their clients use 68 for
accepting message replies from either a BOOTP or DHCP server)
- IP address distribution as an integral part of configuration service
BOOTP (cont.)
BZUPAGES.COM
Two major differences: 1. BOOTP database was static and maintained manually (DHCP database is dynamic. The size of the database is
dependent upon the number of DHCP clients on the network.
The DHCP database grows and shrinks over time.)
2. BOOTP server cannot do dynamic allocation and
distribution of IP addresses to the hosts. (It provides fixed allocation of a single IP address for each
client, permanently reserving this address in its database.
However, DHCP provides dynamic, leased allocation of
available IP addresses, reserving each DHCP client address
temporarily in the database.)
BOOTP (cont.)
BZUPAGES.COM
Enable individual hosts on an IP network to extract their configuration from a DHCP server or servers.
Purpose of DHCP
IP address allocation to the hosts.
Overall, reduce the administrator’s work for a large IP network.
BZUPAGES.COM
Automatic allocation:
Dynamic allocation:
Manual allocation:
Three mechanisms to allocate IP address to hosts
- assigns a permanent IP address to a client
- assigns an IP address to a client for a limit time or
until the client explicitly relinquishes the address
- network administrator assigns a client’s IP address,
DHCP is just to convey the assigned address to the client
BZUPAGES.COM
DHCP should be a mechanism rather than a policy Clients should require no manual configuration Networks should require no manual configuration for individual
clients DHCP should not require a server on each subnet (most routers
can forward DHCP configuration requests) A DHCP client must be prepared to receive multiple responses to
a request for configuration parameters DHCP must coexist with statically configured, non-participating
hosts and with existing network protocol implementations DHCP must interoperate with the BOOTP relay agent DHCP must provide service to existing BOOTP clients.
General Design goal of DHCP
BZUPAGES.COM
Guarantee that any specific network address will not be in use by more than one DHCP client at a time
Retain DHCP client configuration across DHCP client reboot Retain DHCP client configuration across server reboots and
whenever possible, a DHCP client should be assigned the same configuration parameters despite restarts of the DHCP mechanism
Allow automated assignment of configuration parameters to new clients to avoid hand configuration for new clients
Support fixed or permanent allocation of configuration parameters to specific clients
Design goal for network layer
BZUPAGES.COM
Client’s operations
DHCPDISCOVER: broadcast to locate available servers
DHCPREQUEST either:
(a) requesting offered parameters from one server and implicitly declining offers from all others
(b) confirming correctness of previously allocated address after extending the lease on a particular network address
DHCPDECLINE: indicating network address is already in use
DHCPRELEASE: relinquishing network address and canceling remaining lease
DHCPINFORM: asking only for local configuration parameters; client already has externally configured network
address
BZUPAGES.COM
Server’s operations
DHCPOFFER: response to DHCPDISCOVER with offer of configuration parameters
DHCPACK: Contains configuration parameters and committed network address
DHCPNAK: indicating refusing request for configuration parameters (e.g., requested network address already allocated).
BZUPAGES.COM
Two kinds of event flow
1. Event flow for allocating a new network address
2. Event flow for reusing a previous allocated network address
BZUPAGES.COM
A much more Clear View
DHCP client
DHCP server
1. DHCPDISCOVER
2. DHCPOFFER
3. DHCPREQUEST
4. DHCPACK
5. DHCPRELEASE
BZUPAGES.COM
A much more Clear View
DHCP client
DHCP server
1. DHCPREQUEST
2. DHCPACK
3. DHCPRELEASE
BZUPAGES.COM
Reacquisition and expiration
The client maintains two times, T1 and T2, that specify the times at which the client tries to extend its lease on its network address.
T1 is the time at which the client enters the RENEWING state and attempts to contact the server
T2 is the time at which the client enters the REBINDING state and attempts to contact any server.
T1 MUST be earlier than T2, which MUST be earlier than the time at which the client's lease will expire.
BZUPAGES.COM
Performance issues
A DHCP server should be able to start up very quickly. (Don’t need do a lot of things such as committing entries in the transaction log to its database and load a lot information into memory)
A DHCP server should be persistence. (Means it should be able to keep state and also recover from a disaster)
DHCP server should be able to quickly receive, process, and answer requests.
BZUPAGES.COM
Problems, Security issues Malicious DHCP server (May lead misconfiguration across entire network)
Malicious DHCP client (denial-of-service attack on DHCP servers by requesting many leases from the server, thereby depleting the number of leases that are available to other DHCP clients)
DHCP is built directly on UDP and IP which are as yet inherently insecure.
DHCP is generally intended to make maintenance of remote and/or diskless hosts easier. Configuring such hosts with passwords or keys may be difficult and inconvenient.
Therefore, DHCP in its current form is quite insecure.
BZUPAGES.COM
Extension: DHCPv6 The Dynamic Host Configuration Protocol for IPv6 enables DHCP servers to pass configuration parameters such as IPv6 network addresses to IPv6 nodes.
It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility.
IPv6 defines 2 classifications of address auto-configuration: Stateless
nodes configure addresses themselves with information from routers no managed addresses
Stateful nodes use DHCPv6 to obtain addresses. Duplicate address detection (DAD) used to avoid duplicated addresses
