Amazingly
little is known about the DHCP service, although it is used in
virtually all organizations and networks. The service itself has simple
beginnings but has evolved to become an important component in a network
environment. If you have ever connected a computer to a network, such
as a Wi-Fi hot spot at the local café, the computer was given a network
address from a DHCP service running on that network.
Detailing the Need for DHCP
Aside from just assigning a
network device a unique IP address on the network, there needs to be a
network architecture that manages how network devices communicate, and,
particularly, which devices can communicate and when. This network
communication management is provided by the TCP/IP networking protocol.
TCP/IP is too complex and not
necessary to define in this article but one thing that is certain is
that each device connected to a TCP/IP network requires a unique
address. This unique address defines the node’s network affiliation and
provides for a means of sending and receiving network information
between itself and the destination network device(s). This address, or
IP address, must be assigned to each device on the network to allow for
communication using TCP/IP. In the past, many IP addresses were manually
distributed as new clients were added to a network. This required a
large amount of administrative overhead to maintain, and often resulted
in problems in configuration caused by simple typographical errors and
basic human error. Also, manually adding IP addresses to devices,
without a well-managed and up-to-date address table or database,
resulted in multiple machines on the network using the same address.
When multiple devices were configured with the same IP address on a
single network, the result usually included failed networking on both
devices. As an example of this, if two people in the same household
picked up different phones to dial simultaneously, they would both hear
the dial tone but when they dialed the number, most likely an incorrect
number would be dialed that did not match either of the desired numbers.
Aside from building in checks
to deal with duplicate IP addressed devices on a single TCP/IP network,
administrators quickly realized that automating address distribution
was the way to go. The search for such a system led to the predecessors
of DHCP: RARP and BOOTP.
Outlining DHCP Predecessors: RARP and BOOTP
The need for dynamic
allocation of IP addresses to clients was first addressed by the Reverse
Address Resolution Protocol (RARP). RARP simply allocated an IP address
to a client after that client requested it through a network broadcast.
This protocol was quickly discovered to be ineffective for
communicating between different networks.
The successor to RARP
was the Bootstrap Protocol (BOOTP), which improved the dynamic
assignment of IP addresses by allowing for routing through different
networks and used a concept called a magic cookie, a 64-byte portion of
the BOOTP packet that contained configuration information such as subnet
mask, DNS server designations, and so on. This protocol was a drastic
improvement over RARP but was still limited in a few functional
areas—namely, the fact that the database was not dynamic and was stored
in a static text file, which limited its usability. BOOTP is still used
today to deliver IP addresses to systems that need to connect to a
network to locate the necessary files to load an application or
operating system, such as is the case in a diskless computer.
Exploring the DHCP Server Service
DHCP was developed as an
improvement to BOOTP. In fact, a DHCP packet is almost identical to a
BOOTP packet, except for the modification of the magic cookie portion of
a packet, which was expanded in size to accommodate additional options
such as DNS server, WINS server, and so on.
The
DHCP process is straightforward. A client boots up, and a broadcast
request is sent out to all nodes on the network to which the client is
connected. If a DHCP service is active and listening for these
broadcasts, it will respond to the client request by issuing an
available IP address from a predefined range or pool, as illustrated in Figure 1.
In addition to an IP address,
all options that are defined on the server scope are issued to a client.
This includes DNS servers, WINS servers, gateways, subnet masks, and
many other settings. If these options are issued automatically, the
chance for errors is lessened and the entire IP address assignment
becomes automated, decreasing administrative overhead.
Examining the DHCP Client Service
The server portion of DHCP
is only half of the equation in a DHCP transaction. The request for an
IP address comes from a specific interface known as the DHCP client. The
DHCP Client service is included in all versions of TCP/IP deployed with
Microsoft Windows, but on some of the older clients, TCP/IP would need
to be installed separately.
The DHCP client,
as previously mentioned, interacts with the DHCP Server service, in
terms of requesting, accepting, and releasing IP addresses. Each version
of the Windows TCP/IP protocol included with each operating system
includes a different DHCP client, and there are slight variations in the
functionality of each of them. However, the overall function—to apply
for and receive an IP address from a DHCP server—remains the same in
each.
Understanding Automatic Private IP Addressing (APIPA)
The TCP/IP DHCP
Client/Server service was updated with the release of Windows 2000 to
enable Windows clients to automatically assign themselves an IP address
if no BOOTP or DHCP server was available; it does so through a process
called Automatic Private IP Addressing (APIPA). APIPA clients
automatically assign themselves an IP address in the 169.254.0.0/16
range in this situation, which allows them to have basic TCP/IP
connectivity in small networks. So, in essence, a small workgroup
network can be built with Windows 2000, XP, Vista, or Windows 7
workstations, and without too much work, these systems would be able to
communicate with each other using addresses self-assigned by the APIPA
service.
APIPA might be problematic in
larger networks because it forces clients to assign themselves
addresses in a range that is normally not part of a local company
subnet. If a DHCP server is down, clients that are attempting to renew a
lease or obtain a new IP address from a DHCP server will fail and
automatically assign themselves an APIPA address. When the server comes
back online, these clients will not immediately get a legitimate IP
address from the DHCP server because they are no longer broadcasting for
an IP address, and will essentially remain cut off from the network. In
a case like this, the client workstation will need to initiate a new
DHCP address request by rebooting the system or forcing a manual address
request using a command such as Ipconfig /renew
from a command prompt. This can be quite troublesome for corporate
network administrators and help desk support staff if the DHCP services
on their network are slow to respond or fail often. In certain
situations, network administrators might want to disable the APIPA
functionality, and Microsoft supplies a Registry key that will perform
this function for Windows 2000 and later systems. A Registry key can be
manually created on the systems in the following location:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<AdapterName>\
IPAutoconfigurationEnabled:REG_DWORD=0
You can create this key by following these steps on the client:
1. | Open Registry Editor (choose Start, Run, and then enter regedit).
|
2. | Navigate
to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\_Interfaces\<AdapterName>
(where AdapterName is the hexadecimal representation of the network
adapter in question).
|
3. | Right-click on the <AdapterName> key and choose New, DWORD Value.
|
4. | Enter IPAutoconfigurationEnabled to rename the DWORD value.
|
5. | Double-click the new value and ensure that 0 is entered as the value data.
|
6. | Click OK and close the Registry Editor.
|
To validate that
APIPA is disabled, an administrator should run IPCONFIG /ALL from the
command prompt and then check that the Autoconfiguration Enabled option
is set to No.
Note
APIPA
can also be effectively disabled in Windows XP clients through an
alternate IP configuration, which allows for the designation of a static
IP address if DHCP is unavailable.
Detailing DHCP Relay Agents
Because DHCP clients
use network broadcasts to seek out DHCP servers, it is important that
there is a DHCP server on each network. To send and receive network
traffic between separate networks, a device known as a network router is
used. By default, network routers do not forward any broadcast network
traffic between networks. On complex networks that include network
routers, if network clients on each network require the automatic IP
address assignment functionality of a DHCP service, there will either
need to be a DHCP server on each network or a service known as a DHCP
Relay Agent must be deployed. DHCP Relay Agents can be servers, a
service hosted by a network router, or, in some cases, a network switch.
DHCP agents will listen for DHCP broadcast requests and forward them to
previously designated DHCP servers on another network. As an example of
this, Cisco routers provide a service called ip-helper, which is
defined with the DHCP server to forward broadcast requests to. If this
type of router configuration is not utilized, a Windows server running
the Routing and Remote Access Service must be configured as a DHCP Relay
Agent, as illustrated in Figure 2.
Note
In
most real-world implementations of DHCP, the routers between network
segments are configured to forward client DHCP broadcast packets
directly to the DHCP server. Therefore, in large organizations, it is
important to include the network architecture team in any discussions on
DHCP design.
Examining DHCP and Dynamic DNS
Using the DNS service in
Windows Server 2008 R2, clients can automatically register themselves in
the DNS database through a mechanism called Dynamic DNS (DDNS).
DHCP in Windows Server 2008 R2
integrates directly with DDNS to provide for automatic registration of
clients into DNS. By default, all Windows 2000 or higher clients will
perform this function by themselves, but DHCP servers can perform
Dynamic DNS registration for DHCP clients that are not able to register
themselves. Also, DHCP servers can be configured to always register the
Dynamic DNS entry on behalf of the client. In many cases, this is ideal
because the DHCP service will own the record and can remove it from the
DNS zone when the lease expires. These settings can be configured at the
DHCP server level and within each DHCP scope properties, through the
DHCP administrative console. A DHCP scope is a set of included and
excluded IP addresses and networking options that define the
configuration that DHCP clients will be sent. How to plan and configure
DHCP scopes is detailed in the next section.
Installing DHCP and Creating New Scopes
DHCP installation historically
has been two parts: Install the service and then later configure the
service. In Windows Server 2008 R2, DHCP Server role installation has
been streamlined through the use of the Add Roles Wizard. This wizard
installs the DHCP Server service and automatically invokes the New Scope
Wizard, which can be used to establish and configure DHCP scopes. To
install and configure a Windows Server 2008 R2 system as a DHCP server,
follow these steps:
1. | Click
Start, click All Programs, click Administrative Tools, and select
Server Manager. If prompted for User Account Control verification, click
Continue to confirm the action.
|
2. | In
Server Manager, click the Roles node in the left pane to display the
Roles Summary information in the right pane. Then click the Add Roles
link in the right pane to initiate the Add Roles Wizard.
|
3. | After reading the Before You Begin information, click Next to continue.
|
4. | On the Select Server Roles page, select the check box next to DHCP Server, and then click Next to continue.
|
5. | On
the Introduction to DHCP Server page, helpful information is displayed
to learn more about the DHCP server. Click on any of the informative
links as desired and after reading the information, click Next to
continue the installation.
|
6. | On
the Select Network Connection Bindings page, check the box next to the
desired network connections that will host the DHCP Server service, as
illustrated in Figure 3, and click Next to continue.
|
7. | At
this point, the Add Roles Wizard displays the Specify IPv4 DNS Server
Settings page. Enter the name of the parent domain that clients will use
for name resolution. Enter the name of the preferred DNS server IPv4 IP
address and the alternate DNS server IPv4 IP address. Click the
Validate button to check the IP addresses of the preferred and alternate
DNS servers. Once the DNS server IP addresses are validated, click Next
to continue.
|
8. | On
the Specify IPv4 WINS Server Settings page, click the option button to
indicate whether WINS is required on the network. If required, specify
the IP addresses for the primary and, if needed, alternate server. Click
Next to continue.
|
9. | On
the Add or Edit DHCP Scopes page, click Add and then type a descriptive
name for the scope such as Headquarters Network DHCP Scope. Type in the
starting IP address and ending IP address. Select whether the subnet is
a wired or wireless network, which will set the DHCP address lease
duration to either eight days or eight hours. In addition, type in a
subnet mask for the subnet in question, and a default gateway if the
DHCP client needs to communicate with separate networks, as illustrated in Figure 4.
Also if the DHCP server will be used immediately, check the Activate
this Scope check box and click OK to complete the creation of the scope.
If no additional scopes will be created, click Next to continue.
|
10. | If
DHCPv6 is required, select Enable DHCPv6 Stateless Mode for This Server
to configure the server for DHCPv6 stateless operation; otherwise,
select Disable DHCPv6 Stateless Mode for This Server. If Disable is
selected, DHCPv6 can manually be configured later from the DHCP server
MMC snap-in. Click Next to continue.
|
11. | If
you enabled DHCPv6 Stateless mode in the preceding step, you must
configure the IPV6 DNS Server settings. On the Specify IPv6 DNS Server
Settings page, enter the parent domain and the necessary IPv6 addresses
into the Preferred DNS and Alternate DNS server information fields and
click Next when finished.
|
12. | On
the Authorize DHCP Server page, select whether to use the current or
alternate credentials used to authorize the DHCP server in the domain.
DHCP servers must be authorized by Active Directory before they can be
used to manage and distribute IP addresses. If the account used to
install the DHCP Server service has the necessary group membership,
select the Use Current Credentials option button and click Next to
continue. If you are not sure, click the Skip Authorization of this DHCP
Server in AD DS option and click Next to continue. Ask the Active
Directory domain administrator to authorize the DHCP server later.
|
13. | On
the Confirm Installation Selections page, review the information for
accuracy and click Install to continue the DHCP server installation and
configuration process.
|
14. | The Add Roles Wizard then indicates that the server has successfully become a DHCP server, as indicated in Figure 5. Click Close to close the wizard.
|
Administrators
will now be able to see the newly created DHCP server reflected in
Server Manager. It will be located beneath the Roles node in the Server
Manager tree in the left pane. The Roles Summary section will also
reflect the newly created DHCP server in the right pane.
