Anda di halaman 1dari 8

How DHCP Works

Now that we know why using DHCP is desirable, if not essential, let's take a look at how it actually works. When you install the Microsoft DHCP Server, a DHCP Server database is created. This database contains two types of information. First, it contains static configuration data supplied by the administrator using DHCP Manager. These static data include the range of IP addresses available to the DHCP Server for assignment to DHCP clients, and various DHCP options set by the administrator. The DHCP Server database also maintains dynamic configuration data that is modified continuously by the interactions between the DHCP Server and its clients, e.g. those IP addresses that are currently in use and to which clients they are assigned.

NOTE
Although this chapter focuses on the Microsoft DHCP implementations for both server and client, the Microsoft DHCP Server also supports third-party DHCP clients and third-party DHCP servers also support Microsoft DHCP clients. Basic DHCP functionality is provided by any combination of DHCP server and client. The availability of extended DHCP functions is determined by which DHCP options are supported by both the DHCP server and the DHCP client being used. Windows NT, Windows 95, and LAN Manager 2.2c provide native Microsoft DHCP support. To use Microsoft DHCP on Windows 3.11 for Workgroups clients, install the 32-bit TCP/IP VxD from the file TCPIP32B.EXE, which is available free from Microsoft. To use Microsoft DHCP on MS-DOS clients, install the Microsoft Network Client v 3.0 with the real-mode TCP/IP driver.

When a DHCP client boots, the DHCP Server supplies it with the IP configuration information needed by that client to participate in the TCP/IP network. This configuration information includes:

IP Address
Each client network adapter that is bound to the TCP/IP protocol requires a unique IP address. The DHCP Server supplies this IP address from its available pool. If a client has more than one network adapter bound to TCP/IP, the DHCP Server supplies one IP address for each such adapter.

Subnet Mask
If IP packets are to be routed correctly to their destinations, the client must know to which subnet it is assigned, which is determined by the subnet mask. The DHCP server assigns a subnet mask to the client based on which subnet (or logical network) that client is a member of.

Default Gateway
Local IP packets - those whose destination IP address is on the same subnet as is the source IP address - are delivered directly. Packets destined for a remote network must be delivered to a local router that connects the local network to remote networks. This router is called the default gateway.

Other IP Configuration Parameters

Other optional IP configuration data, e.g. domain name, may be assigned to DHCP clients. If such parameters have been assigned by the administrator, the DHCP Server also delivers them to the DHCP client at boot time. The TCP/IP configuration parameters that are eventually assigned to the DHCP client are negotiated by messages exchanged between the DHCP Server and the DHCP client in the following sequence: 1. When the DCHP client boots, it broadcasts a Dhcpdiscover packet to discover the address of an available DHCP server. In an Ethernet environment, the Dhcpdiscover frame may be either 342 bytes or 590 bytes. New versions of Windows broadcast the smaller frame. Windows NT 3.5, the TCPIP32B.EXE Windows 3.11 for Workgroups protocol stack, and earlier versions use the larger frame. The contents of these frames are as follows: o The first 14 bytes of the frame comprise the Ethernet header. Because the DCHP client does not yet know the MAC address of a DHCP server, it initiates an Ethernet Type 0800 (IP) frame, with the destination address set to the Ethernet broadcast address of 255.255.255.255. o The next 20 bytes comprise the IP header. The source IP address is set to 0.0.0.0 because the DHCP client does not yet have an IP address. The destination IP address is set to the IP broadcast address of 255.255.255.255 because the DHCP client has not yet resolved the IP address of a DHCP server. o The next 8 bytes are the UDP header. The source port is 68 (BOOTP) and the destination port is 67 (UDP). DHCP is an extension of the BOOTP protocol, and uses the same ports for messaging. o The remainder of the frame contains Dhcpdiscover packet components, most of which are set to zero or blank because the DHCP client has not yet obtained any configuration parameters. One important non-blank field is the Client Identifier, which contains the client's MAC address. The client includes this value in the packet to identify itself to a DHCP server. If the DHCP server maintains a reserved address for this client, it can use this information to provide the proper specific address that has been reserved. o If the DHCP client receives no response to the first Dhcpdiscover packet, it again broadcasts a Dhcpdiscover packet. The DHCP client repeats this process four times, at intervals of approximately 2, 4, 8, and 16 seconds. If the DHCP client receives no response to any of these broadcasts, it waits 5 minutes and begins the process again. In Windows 95, the DHCP client displays a message box to inform you that no DHCP server was found, and asks if you want to see DHCP error messages in future. If you elect to suppress such messages, that choice is permanent, which makes troubleshooting more difficult later on. 2. When any DHCP Server receives a Dhcpdiscover packet and is able to fulfill the client request, it returns a Dhcpoffer packet that contains an IP address chosen by the DHCP Server from the available IP addresses assigned to its pool, or a reserved lease. In an Ethernet environment, the Dhcpoffer frame is 342 bytes. The contents of these frames are as follows: o The first 14 bytes of the frame comprise the Ethernet header. The DCHP server responds to the client with an Ethernet Type 0800 (IP)

frame, with the destination address set to the Ethernet broadcast address of 255.255.255.255. The next 20 bytes comprise the IP header. The source IP address is set to that of the DHCP server. The destination IP address is set to the IP broadcast address of 255.255.255.255. The next 8 bytes are the UDP header. Again, DHCP uses the BOOTP ports, but this time the source port is 67 and the destination port is 68. The remaining 300 bytes of the frame contains Dhcpoffer packet components, including the IP address of the DHCP server, the "Your IP address" field (the IP address being proposed to the client), and proposed lease duration and lease renewal periods. The Dhcpoffer packet also normally includes other TCP/IP configuration parameters, e.g. subnet mask and default gateway.

More than one DHCP server may respond to the Dhcpdiscover packet. If that occurs, each DHCP Server returns a Dhcpoffer packet, and the DHCP client responds to the first Dhcpoffer packet it receives, whether the responding DHCP Server is located on the client subnet or another subnet. 3. The DHCP client responds to the Dhcpoffer packet by sending a Dhcprequest packet. This packet contains the IP address offered by the DHCP Server, and notifies the DHCP server that the client wants to use the IP configuration information provided in the Dhcpoffer packet. The Dhcprequest packet is either 342 or 590 bytes long, according to the size of the original Dhcpdiscover frame. The contents of these frames are as follows: o The first 14 bytes of the frame comprise the Ethernet header. The DCHP client responds with an Ethernet Type 0800 (IP) frame whose destination address set to the Ethernet broadcast address of 255.255.255.255. Although the DHCP client now knows the address of the DHCP server, it uses a broadcast to notify other DHCP servers that it has accepted an offer from a DHCP server. o The next 20 bytes comprise the IP header. The source IP address is set to 0.0.0.0. This is because, although the client has been offered a proposed IP address from the DHCP server, it has not yet finished initializing TCP/IP. The destination IP address is set to the IP broadcast address of 255.255.255.255, again to notify all DHCP servers that the client has accepted an offer. o The next 8 bytes are the UDP header. Again, DHCP uses the BOOTP ports, but this time the source port is again toggled to the client-side 68 and the destination port to 67. o The remainder of the frame contains Dhcprequest packet components. Most of these values are zero or blank, but two important non-blank fields are "Requested address" (the IP address the client is requesting), and "Server Identifier" (the IP address of the server with which the client is negotiating). The client adds these fields to the frame to notify other DHCP servers that the client has accepted an offer from a specific DHCP server and that other DHCP servers return the addresses they proposed to their available pools.

If the DHCP client determines that one or more of the TCP/IP parameters provided by the Dhcpoffer packet is invalid, the DHCP client instead returns a Dhcpdecline packet to notify the DHCP server of the problem. 4. When the DHCP server receives a Dhcprequest packet, it returns a Dhcpack packet to acknowledge the request and to notify the responding DHCP client that the negotiated TCP/IP parameters are reserved for that client. The Dhcpack packet is 342 bytes long, and contains the following: o The first 14 bytes of the frame comprise the Ethernet header. The DCHP server responds with an Ethernet Type 0800 (IP) frame whose destination address set to the Ethernet broadcast address of 255.255.255.255. o The next 20 bytes comprise the IP header. The source IP address is that of the DCHP server, and the destination address is set to 0.0.0.0. o The next 8 bytes are the UDP header. Again, DHCP uses the BOOTP ports, but this time the source port is again toggled to the server-side 67 and the destination port to 68. o The remaining 300 bytes of the frame contain Dhcpack packet components, including Your IP address (which is set to the IP address of the client), which remains set, as do the lease duration, renewal, and binding times set earlier. This frame may also contain various DHCP option information, e.g. Router address, DNS Server address, etc. This option portion is variable, depending on what options are supported and requested by the client, and what options are supported by the server. When the client receives the Dhcpack packet, it begins participating in the TCP/IP network using the agreed-upon TCP/IP configuration. If the IP address initially proposed is now in use by another client or has otherwise become invalid, the DHCP Server instead returns a Dhcpnack packet to notify the client of that fact. When a client receives a Dhcpnack packet, it restarts the DHCP negotiation process by broadcasting a Dhcpdiscover packet. Microsoft TCP clients must also ARP to make sure the address is unique. A DHCP client that has no further need to participate on the TCP/IP network can also issue a Dhcprelease packet to notify the DHCP server of that fact. When the DCHP Server receives a Dhcprelease packet from a client, it cancels the lease on the IP address allocated to that client. This can be forced by using ipconfig or winipcfg.

NOTE
When a DHCP client has been configured to use a static IP address, or when the client is rebooted after already having been assigned an IP address by the DHCP Server, the DHCP client issues a Dhcprequest packet instead of a Dhcpdiscover packet. The Dhcprequest packet includes the IP address formerly assigned to that client, and notifies the DHCP Server that the client would like, if possible, to be assigned the same IP address that it had been using. The DHCP Server honors this request - unless the IP address in question has already been assigned to a different client in the interim - by returning a

Dhcpack packet. If the requested IP address is not available, the DHCP Server instead returns a Dhcpnack packet to inform the client that it must restart the DCHP negotiation by broadcasting a Dhcpdiscover packet.

Understanding DHCP Scopes


A DCHP scope is a collection of IP configuration information that defines the IP parameters that will be used by all DCHP clients on a particular subnet. Each subnet may have exactly one DHCP scope, which comprises a single contiguous range of IP addresses. Each DHCP scope is defined by the administrator using the DHCP Manager application. A DHCP scope defines the following information:

Name

Identifies the subnet served by this DHCP scope. May be as large as 128 characters, and may use any combination of letters, numbers, and hyphens. Further describes the DHCP scope, if necessary. Defines the contiguous range of IP addresses assigned to the IP address pool by specifying the beginning and ending IP addresses in that range. These are the IP addresses available to the DHCP Server for assignment to DHCP clients.

Comment

IP Address Inclusion Range.

IP Address Exclusion Range.


Specifies one or more IP addresses (or contiguous groups of IP addresses) within the IP Address Inclusion Range that are not available to the DHCP Server for assignment to DHCP clients. Excluding IP addresses allows you to reserve a range of IP addresses that can be manually assigned to DHCP Servers, routers, and other devices that require a static IP address.

Subnet Mask.

Defines the subnet mask that identifies the logical network to which the IP address belongs. Defines the period for which the DHCP Server "lends" or leases the IP address to a DHCP client. The lease duration may be unlimited, or may be specified in days, hours, and minutes.

Lease Duration.

In addition to the DCHP scope characteristics described above, you can use DHCP Manager to modify the following optional DHCP scope items:

Deactivate.
Immediately releases the reserved IP address when a computer is physically removed from the network, and returns that IP address to the pool available for reassignment. This option is particularly useful if you have notebook users who frequently connect to and then disconnect from your TCP/IP network. It is moot if your network comprises only hard-wired desktop systems.

Renewal.

Determines the renewal period for leased IP addresses. By default, the renewal process occurs when half of the lease duration has expired.

Reserve.
Allows you to reserve one or more IP addresses and assign them to devices like DHCP Servers and routers that require a static IP address. You needn't use this option. You can simply exclude an IP address range and assign IP addresses from that range to servers and routers as needed. However, using this option maps the assignments of static IP addresses to devices, and allows you to view those assignments in DHCP Manager.

NOTE
With the release of Windows NT Server 4.0 Service Pack 2 (SP2), Microsoft added support for a new DHCP feature called superscopes. By using superscopes, you can: Support DHCP clients in a multi-netted environment, i.e. a local network that comprises multiple subnets (or logical networks) on a single physical network. Prior to SP2, Windows NT Server 4.0 did not allow addresses from multiple scopes to be assigned to a single physical network, and the only workaround was to install a separate network adapter to support each IP subnet. The DHCP Server supplied with SP2 allows you to create multiple scopes and then group them together into a superscope. Support DHCP clients on a remote multi-netted network via a bootp relay agent.

Understanding DHCP Options


In addition to the standard DHCP scope configuration parameters described in the preceding section, you can use DHCP Manager to configure the DHCP options defined by RFC1533 and RFC1541. DHCP options are used to configure advanced TCP/IP settings like WINS and DNS integration. You can specify DHCP options individually for each DHCP scope, or globally for all DCHP scopes. DHCP option values defined globally are used for all DHCP scopes except under the following circumstances. First, if a global DHCP option is also defined for an individual DHCP scope, the value set for the individual DHCP scope overrides the global setting, and is used for that DHCP scope. Second, DHCP options set for an individual DHCP client override both global and scope DHCP option settings, and are used for that DHCP client. The Microsoft DHCP Server supports most of the DHCP options defined by RFC1533 and RFC1541. Microsoft DHCP clients, however, understand only a small subset of these DHCP options. Defining DHCP option values in Microsoft DHCP Server that are not supported by Microsoft DHCP clients is useful only to support non-Microsoft DHCP clients that support those options. The client-side and server-side DHCP options supported by Windows NT are detailed in Appendix C, Microsoft DHCP Option Support.

A Microsoft DHCP packet can contain up to 312 bytes of DHCP option data, which is more than sufficient for most DHCP configurations. However, this 312 byte limit is fixed. Some third-party DHCP servers and clients allow you to use option overlays, which store additional DHCP option data in unused space in the DHCP packet. Neither the Microsoft DHCP Server nor Microsoft DHCP clients support the use of option overlays. If you attempt to specify a complex DHCP option configuration - one that requires more than 312 bytes of storage - option data beyond the 312 byte limit is truncated and ignored. Therefore, if your Microsoft clients obtain their TCP/IP configuration parameters from a non-Microsoft DHCP server, make sure that all DHCP options supplied by that server fit within the allowable length. If that is not possible, make sure that the DHCP options required by the Microsoft clients appear within the first 312 bytes of option data.

Understanding DHCP Databases


The Windows NT Server 4.0 DHCP Server service uses the same database engine as Microsoft Exchange Server 4. Installing DHCP Server automatically creates the following database files in %SystemRoot%\system32\Dhcp.

dhcp.mdb Dhcp.tmp

The main DHCP Server database file. The swap file used when indexing the main DHCP database file. According to Microsoft, this file may remain as an orphan after a crash. However, I found that this file existed in the DHCP directory on a server that had had DHCP Server freshly installed, and had not crashed.

j50.chk
A checkpoint file, used to maintain and verify database coherency.

j50.log

Contains a log of DHCP transactions. May be used after a DHCP Server crash to roll back the DHCP database to a coherent state. Another file whose contents are used to recover the DHCP database after a crash. On my server, the actual name of this file is j50000A2.log. Transaction logging data.

j50?????.log res?.log

The DHCP database is modified dynamically. Each time a DHCP client boots and is assigned TCP/IP configuration parameters by the DHCP Server, these changes are recorded to the DHCP database. Similarly, as DHCP client leases expire, these changes are also recorded.

WARNING
The DHCP database remains open at all times while the DHCP Server is operating. Do not attempt to delete or modify any of these database files.

Because the DHCP database files are always open, it is impossible to back them up using traditional means. To ensure that critical DHCP data is not lost, Windows NT Server automatically backs up the DHCP database to the %SystemRoot %\system32\Dhcp\backup folder. Once written, these files are then closed, and so can be backed up normally.

NOTE
By default, Windows NT Server backs up the DHCP database every 60 minutes, which is usually more than sufficient protection. However, if your network is very large (or very small), you may want to change the default backup frequency. You can do so by modifying the Registry value entry BackupInterval in HKLM\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters The default value for BackupInterval is 0x3C (or 60 minutes). If you have many DHCP clients, particularly ones that connect to and disconnect from the network frequently, setting the BackupInterval to a smaller value - perhaps 0x14, or 20 minutes - makes sense. Similarly, if your DHCP environment is small and relatively static, setting BackupInterval to a larger value - perhaps 0xF0, or 240 minutes - risks little (but also gains little).

If your primary backup program can be run from a batch file, you can use it to backup the main DHCP database. To do so, create a batch file that shuts down the DHCP Server (closing the database), runs the backup program, and then restarts the DHCP Server. Controlling the DHCP Server from the command line is described at the end of the following section on installing DHCP Server.