Upload
manujaat
View
405
Download
2
Embed Size (px)
Citation preview
104/09/23 Lucent Technologies - Proprietary
DHCP – Managed Configuration of TCP/IP Hosts
204/09/23 Lucent Technologies - Proprietary
Outline• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP
304/09/23 Lucent Technologies - Proprietary
Purpose of DHCPFrom RFC2131: The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts.
404/09/23 Lucent Technologies - Proprietary
DHCP functional goals• A host without a valid IP address locates and
communicates with a DHCP server
• A DHCP server passes configuration parameters, including an IP address, to the host
• The DHCP server may dynamically allocate addresses to hosts and reuse addresses
504/09/23 Lucent Technologies - Proprietary
DHCP functional goals• Hosts can detect when they require a new IP
address
• Unavailability of DHCP server has minimal effect on operation of hosts
604/09/23 Lucent Technologies - Proprietary
What does DHCP do?• Provides protocol stack, application and
other configuration parameters to hosts
• Eliminates need for individual, manual configuration for hosts
• Includes administrative controls for network administrators
704/09/23 Lucent Technologies - Proprietary
What does DHCP do?• Backward compatible packet format for
BOOTP interoperation (RFC 1542)
• Can coexist with hosts that have pre-assigned IP addresses and hosts that do not participate in DHCP
804/09/23 Lucent Technologies - Proprietary
Design Goals• Eliminate manual configuration of hosts
• Prevent use of any IP address by more than one host
• Should not require a server on every subnet
• Allow for multiple servers
904/09/23 Lucent Technologies - Proprietary
Design Goals• Provide a mechanism, not a policy
• Provide same configuration - including IP address - to a host whenever possible
1004/09/23 Lucent Technologies - Proprietary
What can you do with DHCP• Plug-and-play
• Move desktop PCs between offices
• Renumber
• Other restructuring - change subnet masks
• Mobile IP - laptops
• Moving equipment - cartable
1104/09/23 Lucent Technologies - Proprietary
What DHCP doesn’t do• Support multiple addresses per interface
• Inform running host that parameters have changed
• Propagate new addresses to DNS
• Support inter-server communication
• Provide authenticated message delivery
1204/09/23 Lucent Technologies - Proprietary
What DHCP doesn’t do• Configure routers and other network
equipment
• Design network addressing plan
• Determine other configuration parameters
• Locate other servers
1304/09/23 Lucent Technologies - Proprietary
Outline• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP
1404/09/23 Lucent Technologies - Proprietary
What is DHCP and where does it come from?
• Internet Engineering Task Force (IETF)
• Dynamic Host Configuration Working Group (DHC WG)
• BOOTP
1504/09/23 Lucent Technologies - Proprietary
IETF standards• Formal process for development, review and
acceptance of TCP/IP protocol suite standards
• Initial specifications published as Internet Drafts (I-Ds)
• Accepted specifications published as Request for Comments (RFCs)
1604/09/23 Lucent Technologies - Proprietary
Protocol status• DHCP has been accepted as a Draft Standard;
the specifications are published in:– RFC 2131: Dynamic Host Configuration Protocol
– RFC 2132: DHCP Options and BOOTP Vendor Extensions
• Several additional options are in development
1704/09/23 Lucent Technologies - Proprietary
Implementation status• DHCP is an open standard, with freely available
specifications
• Can be (and has been) implemented entirely from the specification
• Commercial implementations are widely available• Non-commerical implementations are also
available
1804/09/23 Lucent Technologies - Proprietary
DHCP Resources• Compilation of DHCP-related WWW links and
other information: http://www.dhcp.org
• DHCP FAQ (maintained by John Wobus)• [email protected] mailing list
(admin requests to [email protected])
1904/09/23 Lucent Technologies - Proprietary
DHCP Resources• IETF information can be retrieved from:
http://www.ietf.cnri.reston.va.us
• I-Ds and RFCs can also be retrieved from:http://www.rfc-editor.org
2004/09/23 Lucent Technologies - Proprietary
Related work• RARP/DRARP
• TFTP
• ICMP
• Router Discovery
• Mobile IP
• Wireless/cellular IP
2104/09/23 Lucent Technologies - Proprietary
Outline• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP
2204/09/23 Lucent Technologies - Proprietary
Generic Startup, Inc. – GSI• GSI is a medium–sized startup with about
200 employees
• Internal TCP/IP network – “intranet”
• Network Architect is responsible for network design, planning and operation
2304/09/23 Lucent Technologies - Proprietary
Intranet architecture• Intranet uses Ethernet throughout
• 5 internal Ethernet segments– 4 segments for desktops– 1 segment for servers
• Connected through single router
2404/09/23 Lucent Technologies - Proprietary
TCP/IP addressing• Network architect has obtained Class C
network address 201.155.7.0 for GSI
• Subnetted for segments– /27 subnet mask– 8 possible subnets, 32 hosts per subnet
2504/09/23 Lucent Technologies - Proprietary
201.157.7.32
Intranet addressing
201.157.7.64
201.157.7.128
201.157.7.96
201.157.7.192Router
2604/09/23 Lucent Technologies - Proprietary
DHCP on the GSI intranet• Network architect plans addressing scheme
and locations of servers
• DHCP server attached to 201.157.7.192 subnet
• Desktop clients contact server at startup for IP address and configuration parameters
2704/09/23 Lucent Technologies - Proprietary
GSI uses DHCP to…• Configure new computers
• Reconfigure relocated computers
• Accommodate laptops
• Renumber network
2804/09/23 Lucent Technologies - Proprietary
Planning for DHCP• Preparation for DHCP requires careful
planning
• IP addressing strategy– Consider current needs– Allow for growth
• Network architect configures rules for addressing strategy into DHCP server
2904/09/23 Lucent Technologies - Proprietary
Newly installed computer• Newly installed computer locates DHCP
server
• Server consults address scheme rules – Picks an address– Determines other configuration parameters
• “Plug-and-play”
3004/09/23 Lucent Technologies - Proprietary
Newly installed computer
201.157.7.96
201.157.7.198Router
New computer
DHCP server
3104/09/23 Lucent Technologies - Proprietary
Relocated computer• Computer retains address
• When restarted, computer checks with server to confirm address
• If address OK, computer retains old address
• If computer attached to different subnet, obtains new address
3204/09/23 Lucent Technologies - Proprietary
Relocated computer
201.157.7.64
201.157.7.96
201.157.7.198Router
201.157.7.98
DHCP server
3304/09/23 Lucent Technologies - Proprietary
Using DHCP with legacy equipment
• DHCP server not required to make every address on a subnet available for allocation
• DHCP server not required to answer every incoming request
• Network architect can configure server to reserve (not allocate) addresses
3404/09/23 Lucent Technologies - Proprietary
Growth – new computers on a subnet
• So … GSI grows and hires new employees
• Each gets a new computer; new computers are allocated addresses from DHCP pool
• Suppose addresses in a subnet are all allocated?
3504/09/23 Lucent Technologies - Proprietary
DHCP and new computers• DHCP server will hand out all available
addresses
• Limited number of addresses can be shared (if all computers not on simultaneously)
• Eventually, network architect will have to allocate more addresses
3604/09/23 Lucent Technologies - Proprietary
Reusing addresses• Server can reuse abandoned addresses
– Address initially allocated for fixed time called a lease
– Client can extend lease
• If lease expires, server can reallocate
• Reallocation only when necessary (e.g., LRU) is a good idea…
3704/09/23 Lucent Technologies - Proprietary
Growth – multiple IP networks on a subnet
• /27 subnet accommodates only 30 computers
• Suppose application development group grows to 40?
• Add second IP subnet to existing Ethernet segment
3804/09/23 Lucent Technologies - Proprietary
Multiple IP networks on a subnet
201.157.7.32
201.157.7.64
201.157.7.128
201.157.7.96201.157.7.160
201.157.7.192Router
3904/09/23 Lucent Technologies - Proprietary
Reconfiguring the server for multiple networks
• Server configuration file defines multiple subnets and address pools on one physical segment
• Server chooses address from pools for the segment
• Server checks DHCP client address against all subnets on the segment
4004/09/23 Lucent Technologies - Proprietary
Growth – changing subnet masks• In some cases, subnet growth can be managed
with a change to the subnet mask– 201.157.7.128/27 and 201.157.7.160/27 can be
combined into 201.157.7.128/26– Network infrastructure must accommodate
VLSMs
• Must change subnet masks on attached clients
4104/09/23 Lucent Technologies - Proprietary
Passing new subnet masks to clients
• At next reboot, DHCP client will contact server
• Server returns new subnet mask with acknowledgment
• Client records and uses new mask
4204/09/23 Lucent Technologies - Proprietary
Growth – renumbering• Eventually, GIS network architect obtains
second class C address: 202.5.77.0
• Subnet numbers are reallocated among network segments
• Many computers now on “wrong” subnet
4304/09/23 Lucent Technologies - Proprietary
Renumbered GSI network
202.5.77.128
201.157.7.64
201.157.7.32
202.5.77.64
201.157.7.128Router
201.157.7.98
4404/09/23 Lucent Technologies - Proprietary
Using DHCP for renumbering• Set up plan for renumbering
– New network architecture– Network addresses, server addresses– Timing of cutovers
• Force DHCP clients to contact server for notification about new address– Set short leases– Require all clients be rebooted
4504/09/23 Lucent Technologies - Proprietary
Using DHCP for renumbering• Rebooting, although not elegant, probably
most reliable
• Schedule subnet cutover for overnight or weekend, force reboot through “alternate protocol” (e.g.., e–mail to all users)
4604/09/23 Lucent Technologies - Proprietary
Outline• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP
4704/09/23 Lucent Technologies - Proprietary
Server manages client configurations
• Provide a variety of mechanisms for controlled configuration
• Can override default parameters from Host Requirements
4804/09/23 Lucent Technologies - Proprietary
Address allocation• Static (BOOTP): client must be pre-
configured into database
• Automatic: server can allocate new address to client
• Dynamic: server can allocate and reuse addresses
4904/09/23 Lucent Technologies - Proprietary
Leases• Dynamic addresses are allocated for a
period of time known as the lease
• Client is allowed to use the address until the lease expires
5004/09/23 Lucent Technologies - Proprietary
Leases• Client MUST NOT use the address after the
lease expires, even if there are active connections using the address
• Server MUST NOT reuse the address before the lease expires
5104/09/23 Lucent Technologies - Proprietary
Motivation for leases• An IP internet may not always be completely
operational; there may not always be connectivity between any two hosts, so:– Can’t use distributed (client-based) assignment of
addresses– Can’t use “address defense” before server reuse of
addresses
5204/09/23 Lucent Technologies - Proprietary
Motivation for leases• Leases guarantee an agreement as to when
an address may be safely reused even if the server can’t contact the client
5304/09/23 Lucent Technologies - Proprietary
Address reuse• Server MAY choose to reuse an address by
reassigning it to a different client after the lease has expired
• Server can check using ICMP echo to see if the address is still in use (but no response is not a definitive answer!)
5404/09/23 Lucent Technologies - Proprietary
Address reuse• Allows address sharing
– From old computers replaced by new ones– Among a pool of computers not always using
TCP/IP– For transient hosts like laptops
5504/09/23 Lucent Technologies - Proprietary
Address allocation details• Clients check on address validity at reboot
time (renumbering)
• Clients can extend the lease on an address at startup time
5604/09/23 Lucent Technologies - Proprietary
Address allocation details• Clients can extend the lease on an address as
expiration time approaches (without closing and restarting existing connections)
• Clients with addresses that have been configured manually can use DHCP to obtain other configuration parameters
5704/09/23 Lucent Technologies - Proprietary
Four ways a client uses DHCP• INIT - acquire an IP address and
configuration information• INIT-REBOOT - confirm validity of
previously acquired address and configuration• RENEWING - extend a lease from the
original server• REBINDING - extend a lease from any
server
5804/09/23 Lucent Technologies - Proprietary
Obtaining an initial address• Client broadcasts DISCOVER to locate
servers
• Server chooses address and replies
• Client selects a server and sends REQUEST for address
• Server commits allocation and returns ACK
5904/09/23 Lucent Technologies - Proprietary
Rebooting client• Client puts address in REQUEST and
broadcasts
• Server checks validity and returns ACK with parameters
• If client address is invalid – e.g., client is attached to a new network – server replies with NAK and client restarts
6004/09/23 Lucent Technologies - Proprietary
Extending a lease• Client puts requested lease extension in
REQUEST and sends to server
• Server commits extension and returns ACK with parameters
6104/09/23 Lucent Technologies - Proprietary
DHCP options• Options carry additional configuration
information to client– DHCP message type– Subnet mask, default routers, DNS server– Many others …
• Carried as fields in DHCP message
6204/09/23 Lucent Technologies - Proprietary
Configuration with options• Network architect configures server to select
and return options and values
• Client can explicitly request specific options
6304/09/23 Lucent Technologies - Proprietary
Relay agents• Using hardware and IP broadcast still limits
DHCP message from client to single physical network
• Relay agent, on same subnet as client, forwards DHCP messages between clients and servers
6404/09/23 Lucent Technologies - Proprietary
Relay agents• Relay agent and server exchange messages
using unicast UDP– Servers can be located anywhere on intranet– Servers can be centrally located for ease of
administration
• Very simple in function, implementation• Usually, but not necessarily, located in routers
6504/09/23 Lucent Technologies - Proprietary
Outline• DHCP purpose and goals
• Background and history of DHCP
• Case Study
• Operational details
• Using DHCP
6604/09/23 Lucent Technologies - Proprietary
Using multiple servers• Clients must be implemented for multiple
servers; e.g., receiving multiple OFFER messages
• Using multiple servers can provide increased reliability through redundancy
6704/09/23 Lucent Technologies - Proprietary
Using multiple servers• All coordination must be managed by
DHCP administrator– Distributed database– Off-line batch updates– Manually
6804/09/23 Lucent Technologies - Proprietary
Strategies for using multiple servers
• Split address pool for each subnet among servers
• Coordinate leases off-line
• Reallocate addresses when needed
6904/09/23 Lucent Technologies - Proprietary
Lease times and strategies• Choice of lease times made by DHCP
administrator
• Long lease times decrease traffic and server load, short lease times increase flexibility
7004/09/23 Lucent Technologies - Proprietary
Lease times and strategies• Should choose lease time allow for server
unavailability– Allows clients to use old addresses– For example, long enough to span weekends
• Can assign different leases to desktop computers, cartable systems and laptops
7104/09/23 Lucent Technologies - Proprietary
Changing other configuration parameters
• Other configuration parameters such as print servers may change
• Reconfigure DHCP server with new parameters
• At next reconfirmation, clients will get new addresses
7204/09/23 Lucent Technologies - Proprietary
Moving a client to a new location• User may get moved to a new location on a
different subnet
• User may arrange to move computer system without contacting network administrator
• DHCP will allocate address for new location
7304/09/23 Lucent Technologies - Proprietary
Moving a client to a new location• What about old lease?
– New server can notify network administrator about address allocation
– Client can issue RELEASE before moving from old location
• Or, might be appropriate to leave old lease in place…
7404/09/23 Lucent Technologies - Proprietary
Replacing a system• User may get new computer on desktop
• Network administrator wants to allocate same IP address to the new computer – but, new computer will have different hardware address
• Use client id as system identifier and transfer to new system
7504/09/23 Lucent Technologies - Proprietary
Limitations to DHCP
• Coordination among multiple servers
• DHCP interaction with DNS
• Security/authentication
• New options
• IPv6
Opportunities for enhancement
7604/09/23 Lucent Technologies - Proprietary
Coordination among multiple servers
• Becomes a distributed database problem
• Several strategies have been proposed
• “Failover protocol” now in development
7704/09/23 Lucent Technologies - Proprietary
Dynamic DNS• When client is allocated a new address, DNS
records need to be updated– A record: Name to IP address– PTR record: IP address to name
• DHCP to be extended to allow coordination between client and server– Which does updates?– Error conditions?
7804/09/23 Lucent Technologies - Proprietary
Security/Authentication• Unauthorized – either intentional or
accidental – server can cause denial of service problems
• Some sites may want to limit IP address allocation to authorized client
7904/09/23 Lucent Technologies - Proprietary
Security/Authentication• Authentication based on shared secret key,
an authentication ticket and a message digest
• Assures source of message is valid and message hasn’t been tampered with en route
• Schiller/Huitema/Droms/Arbaugh proposal in process
8004/09/23 Lucent Technologies - Proprietary
New options acceptance• New options must have non–overlapping
option codes
• Codes handed out by Internet Assigned Numbers Authority (IANA)
• New mechanism will approve each new option as a separate RFC (like TELNET)
8104/09/23 Lucent Technologies - Proprietary
IPv6• IP Version 6 (aka IPv6 or IPng) is a new
internet protocol to replace IP
• Includes new features for host configuration:– Router advertisement– Autoconfiguration– Link-local addresses
8204/09/23 Lucent Technologies - Proprietary
IPv6• To accommodate sites that want centralized
management of addresses, DHCP for IPv6 (DHCPv6) is being developed by the DHC WG.
8304/09/23 Lucent Technologies - Proprietary
Summary• DHCP works today as a tool for automatic
configuration of TCP/IP hosts
• It is an open Internet standard and interoperable client implementations are widely available
8404/09/23 Lucent Technologies - Proprietary
Summary• Provides automation for routine
configuration tasks, once network architect has configured network and addressing plan
• Ongoing work will extend DHCP with authentication, DHCP-DNS interaction and inter-server communication
8504/09/23 Lucent Technologies - Proprietary