Dynamic Host Configuration Protocol: Difference between revisions
| Line 394: | Line 394: | ||
*Incoming packets from any address to 255.255.255.255 |
*Incoming packets from any address to 255.255.255.255 |
||
*Outgoing packets from dhcp-ip to dhcp-pool or 255.255.255.255 |
*Outgoing packets from dhcp-ip to dhcp-pool or 255.255.255.255 |
||
where dhcp-ip is any address configured on the DHCP server host and dhcp-pool is any |
where dhcp-ip is any address configured on the DHCP server host and dhcp-pool is any address assigned by the DHCP server |
||
===Example in ipfw firewall=== |
===Example in ipfw firewall=== |
||
Revision as of 19:01, 20 February 2006
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
| Link layer |
In the context of computer networking, Dynamic Host Configuration Protocol (DHCP, currently implemented as DHCPv6) is a client-server networking protocol. A DHCP server provides configuration parameters specific to the DHCP client host requesting, generally, information required by the client host to participate on an IP network. DHCP also provides a mechanism for allocation of IP addresses to client hosts.
DHCP emerged as a standard protocol in October 1993. RFC 2131 provides the latest (March 1997) DHCP definition. DHCP functionally became a successor to the older BOOTP protocol. Due to the backward-compatibility of DHCP, very few networks continue to use pure BOOTP.
The latest standard of the protocol, describing DHCPv6 (DHCP in a IPv6 environment), appeared in July 2003 as RFC 3315.
IP address allocation
Depending on implementation, the DHCP server has three methods of IP-address allocation:
- manual allocation, where the DHCP server performs the allocation based on a table with MAC address - IP address pairs manually filled by the server administrator. Only requesting clients with a MAC address listed in this table get the IP address according to the table.
- automatic allocation, where the DHCP server permanently assigns to a requesting client a free IP-address from a range given by the administrator.
- dynamic allocation, the only method which provides dynamic re-use of IP addresses. A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its TCP/IP software configured to request an IP address from the DHCP server when that client computer's network interface card starts up. The request-and-grant process uses a lease concept with a controllable time period. This eases the network installation procedure on the client computer side considerably.
This decision remains transparent to clients.
Some DHCP server implementations can update the DNS name associated with the client hosts to reflect the new IP address. They make use of the DNS update protocol established with RFC 2136.
Client Configuration Parameters
A DHCP server can provide optional configurations to the client. RFC 2132 defines DHCP options.
List of configurable options and their corresponding numbers:
RFC 1497 Vendor Extensions:
Data
Tag Name Length Meaning
--- ---- ------ -------
0 Pad Option 0 None
255 End Option 0 None
1 Subnet Mask 4 Subnet Mask Value
2 Time Offset 4 Time Offset in
Seconds from UTC
3 Router N×4 Router addresses
4 Time Server N×4 Timeserver addresses
5 Name Server N×4 IEN-116 Server addresses
6 Domain Server N×4 DNS Server addresses
7 Log Server N×4 Logging Server addresses
8 Quotes Server N×4 Quotes Server addresses
9 LPR Server N×4 Printer Server addresses
10 Impress Server N×4 Impress Server addresses
11 RLP Server N×4 N RLP Server addresses
12 Hostname N Hostname string
13 Boot File Size 2 Size of boot file in 512-octet
blocks
14 Merit Dump File N Client to dump and name
the file to dump it to
15 Domain Name N The DNS domain name of the
client
16 Swap Server 4 Swap Server address
17 Root Path N Path name for root disk
18 Extensions File N Path name for more BOOTP info
IP Layer Parameters per Host:
19 Forward On/Off 1 Enable/Disable IP Forwarding 20 SrcRte On/Off 1 Enable/Disable Non-Local Source Routing 21 Policy Filter N×8 Non-Local Source Routing Policy Filters 22 Max DG Assembly 2 Max Datagram Reassembly Size 23 Default IP TTL 1 Default IP Time to Live 24 MTU Timeout 4 Path MTU Aging Timeout 25 MTU Plateau N×2 Path MTU Plateau Table
IP Layer Parameters per Interface:
26 MTU Interface 2 Interface MTU Size 27 MTU Subnet 1 All Subnets are Local 28 Broadcast Address 4 Broadcast Address 29 Mask Discovery 1 Perform Mask Discovery 30 Mask Supplier 1 Provide Mask to Others 31 Router Discovery 1 Perform Router Discovery 32 Router Request 4 Router Solicitation Address 33 Static Route N×8 Static Routing Table
Link Layer Parameters per Interface:
34 Trailers 1 Trailer Encapsulation 35 ARP Timeout 4 ARP Cache Timeout 36 Ethernet 1 Ethernet Encapsulation
TCP Parameters:
37 Default TCP TTL 1 Default TCP Time to Live 38 Keepalive Time 4 TCP Keepalive Interval 39 Keepalive Data 1 TCP Keepalive Garbage
Application and Service Parameters:
40 NIS Domain N NIS Domain Name 41 NIS Servers N×4 NIS Server Addresses 42 NTP Servers N×4 NTP Server Addresses 43 Vendor Specific N Vendor Specific Information 44 NETBIOS Name Srv N×4 NETBIOS Name Servers 45 NETBIOS Dist Srv N×4 NETBIOS Datagram Distribution 46 NETBIOS Node Type 1 NETBIOS Node Type 47 NETBIOS Scope N NETBIOS Scope 48 X Window Font N×4 X Window Font Server 49 X Window Manager N×4 X Window Display Manager 64 NIS-Domain-Name N NIS+ v3 Client Domain Name 65 NIS-Server-Addr N×4 NIS+ v3 Server Addresses 68 Home-Agent-Addrs N×4 Mobile IP Home Agent Addresses 69 SMTP-Server N×4 Simple Mail Server Addresses 70 POP3-Server N×4 Post Office Server Addresses 71 NNTP-Server N×4 Network News Server Addresses 72 WWW-Server N×4 WWW Server Addresses 73 Finger-Server N×4 Finger Server Addresses 74 IRC-Server N×4 Chat Server Addresses 75 StreetTalk-Server N×4 StreetTalk Server Addresses 76 STDA-Server N×4 ST Directory Assist. Addresses
DHCP Extensions:
50 Address Request 4 Requested IP Address 51 Address Time 4 IP Address Lease Time 52 Option Overload 1 Overload "sname" or "file" 53 DHCP Msg Type 1 DHCP Message Type 54 DHCP Server Id 4 DHCP Server Identification 55 Parameter List N Parameter Request List 56 DHCP Message N DHCP Error Message 57 DHCP Max Msg Size 2 DHCP Maximum Message Size 58 Renewal Time 4 DHCP Renewal (T1) Time 59 Rebinding Time 4 DHCP Rebinding (T2) Time 60 Class Id N Vendor Class Identifier 61 Client Id N Client Identifier 66 Server-Name N TFTP Server Name 67 Bootfile-Name N Boot File Name
Newer extensions:
62 Netware/IP Domain N Netware/IP Domain Name
63 Netware/IP Option N Netware/IP sub Options
77 User-Class N User Class Information
78 Directory Agent N directory agent information
79 Service Scope N service location agent scope
80 Rapid Commit 0 Rapid Commit
81 Client FQDN N Fully Qualified Domain Name
82 Relay Agent Information N Relay Agent Information
83 iSNS N Internet Storage Name Service
84 REMOVED/Unassigned
85 NDS Servers N Novell Directory Services
86 NDS Tree Name N Novell Directory Services
87 NDS Context N Novell Directory Services
88 BCMCS Controller Domain Name list
89 BCMCS Controller IPv4 address option
90 Authentication N Authentication
91 REMOVED/Unassigned
92 REMOVED/Unassigned
93 Client System N Client System Architecture
94 Client NDI N Client Network Device Interface
95 LDAP N Lightweight Directory Access Protocol
96 REMOVED/Unassigned
97 UUID/GUID N UUID/GUID-based Client Identifier
98 User-Auth N Open Group's User Authentication
99 Unassigned
100 REMOVED/Unassigned
101 REMOVED/Unassigned
102-107 REMOVED/Unassigned
108 REMOVED/Unassigned
109 Unassigned
110 REMOVED/Unassigned
111 Unassigned
112 Netinfo Address N NetInfo Parent Server Address
113 Netinfo Tag N NetInfo Parent Server Tag
114 URL N URL
115 REMOVED/Unassigned
116 Auto-Config N DHCP Auto-Configuration
117 Name Service Search N Name Service Search
118 Subnet Selection Option 4 Subnet Selection Option
119 Domain Search N DNS domain serach list
120 SIP Servers DHCP Option N SIP Servers DHCP Option
121 Classless Static Route N Classless Static Route Option
Option
122 CCC N CableLabs Client Configuration
123 GeoConf Option 16 GeoConf Option
124 V-I Vendor Class Vendor-Identifying Vendor Class
125 V-I Vendor-Specific Vendor-Identifying Vendor-Specific
Information Information
126 Removed/Unassigned
127 Removed/Unassigned
128 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
128 Etherboot signature. 6 bytes: E4:45:74:68:00:00
128 DOCSIS "full security" server IP address
128 TFTP Server IP address (for IP Phone software load)
129 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
129 Kernel options. Variable length string
129 Call Server IP address
130 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
130 Ethernet interface. Variable length string.
130 Discrimination string (to identify vendor)
131 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
131 Remote statistics server IP address
132 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
132 802.1P VLAN ID
133 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
133 802.1Q L2 Priority
134 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
134 Diffserv Code Point
135 PXE - undefined (vendor specific) (Tentatively Assigned - 23 June 2005)
135 HTTP Proxy for phone-specific applications
136-149 Unassigned
150 TFTP server address (Tentatively Assigned - 23 June 2005)
150 Etherboot
150 GRUB configuration path name
151-174 Unassigned
175 Etherboot (Tentatively Assigned - 23 June 2005)
176 IP Telephone (Tentatively Assigned - 23 June 2005)
177 Etherboot (Tentatively Assigned - 23 June 2005)
177 PacketCable and CableHome (replaced by 122)
178-207 Unassigned
208 pxelinux.magic (string) = F1:00:74:7E (241.0.116.126) (Tentatively
Assigned - 23 June 2005)
209 pxelinux.configfile (text) (Tentatively Assigned - 23 June 2005)
210 pxelinux.pathprefix (text) (Tentatively Assigned - 23 June 2005)
211 pxelinux.reboottime (unsigned integer 32 bits) (Tentatively Assigned
- 23 June 2005)
212-219 Unassigned
220 Subnet Allocation Option (Tentatively Assigned - 23 June 2005)
221 Virtual Subnet Selection Option (Tentatively Assigned - 23 June 2005)
222-223 Unassigned
224-254 Private Use
Implementations
Microsoft introduced DHCP on their NT server with Windows NT version 3.5 in late 1994. Despite being called "a new feature from Microsoft", DHCP did not originate from Microsoft.
The Internet Software Consortium published DHCP software distributions for Unix variants with version 1.0.0 of the ISC DHCP Server released on December 6 1997 and a more RFC-compliant version 2.0 on June 22 1999. One can download this software from http://www.isc.org/sw/dhcp/
WIDE Project released their DHCP implementation in 1995 and a more stable version 1.4.0 in August 1997. It can be freely downloaded from ftp://sh.wide.ad.jp/WIDE/free-ware/dhcp/
KAME Project released a DHCPv6 implementation which is now separately maintained. Its new home page is http://wide-dhcpv6.sourceforge.net/
Novell has included a DHCP server in their NetWare operating system since version 5, released in 1998. It integrates with Novell's directory service - Novell eDirectory.
Weird Solutions has produced a variety of multi-platform DHCP implementations since 1997, targeted at both the Internet service provider and consumer markets.
Other major implementations include:
- Cisco, with a DHCP server made available in Cisco IOS 12.0 in February 1999
- Sun, who added DHCP support in the July 2001 release of Solaris 8.
Cisco Systems offers DHCP servers in routers and switches with their IOS software. Moreover, they offer Cisco Network Registrar (CNR) - a highly scalable and flexible DNS, DHCP and TFTP server.
Usage
Most cable internet providers in the United States of America use DHCP to allocate IP addresses. DSL providers in the US rarely use DHCP, preferring PPPoE instead.
In the U.K. many broad-band ISP networks use DHCP, but XDSL providers make extensive use of "infinite lease", which amounts to assigning semi-static IPs.
In addition, many routers and other gateway devices provide DHCP support for networks of up to 255 computers, for assigning private IP addresses.
Office networks also use DHCP, in particular when workers make extensive use of laptops that only occasionally link directly to the in-house network.
Network routers often employ a DHCP relay agent, which relays DHCP Discover broadcasts from a LAN without a DHCP server to a network which has one.
Protocol anatomy
DHCP uses the same two IANA assigned ports as BOOTP: 67/udp for the server side, and 68/udp for the client side.
DHCP Discover
The client broadcasts on the local physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. This client implementation creates a UDP packet with the broadcast destination of 255.255.255.255 and also requests its last-known IP address of 192.168.1.100 (although the server may ignore this optional parameter).
DHCP Offer
The server determines the configuration based on the client's hardware address as specified in the CHADDR field. Here the server, 192.168.1.1, specifies the IP address in the YIADDR field.
DHCP Request
The client selects a configuration out of the DHCP Offer packets it has received and broadcasts it on the local subnet. Again, this client requests the 192.168.1.100 address that the server specified.
DHCP Acknowledge
The server acknowledges the request and sends the acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options.
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DHCP Inform
The client sends a request to the DHCP server: either to request more information than the server sent with the original DHCPACK; or to repeat data for a particular application - for example, browsers use DHCP Inform to obtain web proxy settings via WPAD. Such queries do not cause the DHCP server to refresh the IP expiry time in its database.
DHCP Release
The client sends a request to the DHCP server to release the DHCP and the client unconfigures its IP address. As clients usually do not know when users may unplug them from the network, the protocol does not define the sending of DHCP Release as mandatory.
DHCP and firewalls
DHCP usually has to be explicitly allowed by firewalls. Specification of the DHCP client-server protocol describes several cases when packets must have the source address of 0x00000000 or the destination address of 0xffffffff. Such packets are often stopped by anti-spoofing policy rules and tight inclusive firewalls. Multihomed DHCP servers, as well as DHCP servers with multiple IP addresses assigned to a single interface require special consideration and further complicate configuration.
To allow DHCP you'll need to allow several types of packets through the server-side firewall. All packets are UDP datagrams, all client-sent packets sent have source port 68 and destination port 67, all server-sent packets have source port 67 and destination port 68. For example, these are the types of packets to be allowed on a server-side firewall:
- Incoming packets from 0.0.0.0 or dhcp-pool to dhcp-ip
- Incoming packets from any address to 255.255.255.255
- Outgoing packets from dhcp-ip to dhcp-pool or 255.255.255.255
where dhcp-ip is any address configured on the DHCP server host and dhcp-pool is any address assigned by the DHCP server
Example in ipfw firewall
To give an idea of how a configuration would look in production, here are the rules needed for server-side ipfw firewall to allow DHCP traffic through. Dhcpd is working on interface rl0 and assigns addresses from 192.168.0.0/24
pass udp from 0.0.0.0,192.168.0.0/24 68 to me 67 in recv rl0 pass udp from any 68 to 255.255.255.255 67 in recv rl0 pass udp from me 67 to 192.168.0.0/24,255.255.255.255 68 out xmit rl0
See also
External links
- RFC 2131 - Dynamic Host Configuration Protocol
- RFC 2132 - DHCP Options and BOOTP Vendor Extensions
- DHCP RFC - Dynamic Host Configuration Protocol RFC's (IETF)
- DHCP Server Security - This article looks at the different types of threats faced by DHCP servers and countermeasures for mitigating these threats.
- RFC 4242 - Information Refresh Time Option for Dynamic Host Configuration Protocol for IPv6
- DHCP Sequence Diagram - This sequence diagram covers several scenarios of DHCP operation.