3. Understanding the DHCP Lease
You'll almost always find
at least one DHCP server used within an enterprise. It automates the
process of assigning TCP/IP configuration, and once it's configured, it
takes very little management to keep it running. A single DHCP server
can handle as many 10,000 clients, though when you have that many
clients, you'd usually add another DHCP server for redundancy and fault
tolerance.
When a DHCP client turns
on, four packets are exchanged over the network between the DHCP client
and the DHCP server. This is often referred to as the DORA process
because of the names of the IP packets: D for Discover, O for Offer, R
for Request, and A for Acknowledge.
Consider Figure 2.
In the figure, a single DHCP server is being used to serve three
subnets. When the client in subnet C turns on, it will start the DHCP
process by broadcasting the Discover packet, and the DHCP server in
subnet A will respond.
Discover When the DHCP client turns on, it will broadcast a DHCPDiscover packet. It's asking, "Are there any DHCP servers out there?"
Offer
When a DHCP server receives a DHCPDiscover packet, it will respond by
broadcasting a DHCPOffer. This offer includes a DHCP lease, which
includes the TCP/IP configuration for the client. If multiple DHCP
servers are on the network, each one can respond with an offer.
Request
The client sends a DHCPRequest in response to the first DHCPOffer it
receives. In essence, it says, "Thank you; I'll take that lease." A DHCP
lease is typically configured to last eight days on a network. If a
second DHCP server sent an offer but did not receive a request, the
offer will expire and the IP address will still be available to be
issued.
Acknowledge
When the DHCP server receives the request, it allocates the lease to
ensure the IP address is not issued to any other clients and responds
with the DHCPACK (Acknowledge) packet.
After 50 percent of the
lease length has expired, the client requests a renewal of the lease
from the DHCP server. For example, if the lease length is set to eight
days, the client will try to renew the lease after four days. If the
DHCP server doesn't respond, the client will continue to request a
renewal until 87.5 percent of the lease length has expired (after seven
days for an eight-day lease). After 87.5 percent, the client will repeat
the DORA process every 5 minutes looking for any DHCP server. At 100
percent, the client will assign itself an IP address in the range of
169.254.y.z /16.
3.1. Understanding DHCP Scopes
DHCP servers are
typically configured with multiple DHCP scopes. Each DHCP scope
typically refers to a subnet, though it is possible to have more than
one scope for a subnet. In addition, the DHCP server can configure
different TCP/IP options for individual scopes.
|
When preparing for the
70-685 exam, you won't be expected to configure the DHCP server, but you
should understand how the scopes relate to the network. This is
especially important when troubleshooting name resolution issues related
to DNS. You should understand how the address for DNS is obtained when
DHCP is used and how DHCP clients may use the default gateway to reach
the DNS server.
|
|
As an example, consider Figure 3.
This shows three subnets served by a single DHCP server. One router
routes packets between the subnets and to the Internet via the firewall.
This router has three network adapters, and each adapter is configured
with an IP address (identified as the default gateway) for the subnet.
In addition, the network has a
single DNS server located in subnet A. The options in the DHCP server
can be set up to configure clients in all three subnets using three
different scopes.
Figure 4 shows the DHCP console configured for the network shown in Figure 7.3.
In the figure, the options for the Subnet A scope are shown. The 003
Router option is for the default gateway. The DNS server has an IP
address of 192.168.1.10, and the domain name is Wiley.com.
You may notice that the icon
for the option for the 003 Router is a little different from the 006 DNS
Servers and 015 DNS Domain Name options. The Router option is
configured at the scope level and applies only to clients connecting
from Subnet A. However, the 006 DNS Servers and 015 DNS Domain Name
options are server-level options and apply to all clients served by this
DHCP server. Server-level options are configured once for the server
and apply to all scopes.
It's also possible to
issue the addresses for multiple DNS servers to clients. The first DNS
server would be used as the preferred DNS server, and others would be
designated as alternate DNS servers. Alternate DNS Servers are queried
only if the preferred DNS server does not respond.
3.2. DCHP and RFC 1542
If you know a little about
networking, you may have been thinking, "Wait a minute! Broadcasts
can't go through the router," as you read through the DHCP DORA process.
You're absolutely correct. However, DHCP broadcasts are special
broadcasts, and the router is configured to allow them on most internal
networks. Either that or a DHCP server, or a DHCP relay agent, must be
placed on every subnet. It's much more common to configure the router to
pass the DHCP broadcasts.
RFC 1542 (Request For
Comments 1542) is a TCP/IP standards document that specifies that DHCP
broadcasts are to use UDP ports 67 and 68. Furthermore, routers that are
RFC 1542 compliant can be configured to allow these DCHP broadcasts
through UDP ports 67 and 68.
If you look back at Figure 7.2
and Figure7.3, the router would be configured to allow DHCP broadcasts
through UDP ports 67 and 68 on the network interfaces connected to
Subnet A, Subnet B, and Subnet C. It would not allow these broadcasts
from the network interface connected to the Internet via the firewall.
3.3. APIPA
What if the DHCP server doesn't answer, or what if the DHCP lease expires? Well, TCP/IP has an app for that.
Automatic Private IP Addressing (APIPA)
is used to configure clients with addresses in a special range when the
DHCP server doesn't respond. The range of addresses is 169.254.0.1
through 169.245.255.254, with a subnet mask of 255.255.0.0.
|
If you receive an APIPA
address, you know that the DHCP client was unable to locate a DHCP
server. You don't necessarily know why. The DHCP server may be down, the
router may be down or misconfigured, or there may be some other network
problem. However, you know that the DHCP server couldn't be reached or
didn't respond.
|
|
As mentioned previously, you can use the IPConfig /all command at the command prompt to view the current TCP/IP configuration. Figure 5 shows what this looks like when the DHCP server can't be reached and an APIPA address is assigned.
Several line items shown in the figure are worth mentioning here:
DHCP Enabled
The Yes setting indicates that it is configured as a DHCP client.
Autoconfiguration Enabled
The Yes setting indicates that APIPA is enabled. This is enabled by default but can be disabled with a Registry modification.
IPv4 Address
An address in the
169.254.0.0/24 range indicates an APIPA address. Because it is
configured as a DCHP client and an address of 169.254.0.16 is assigned,
it clearly indicates the DHCP server couldn't be reached or didn't
respond.
DHCP Server
A DHCP address of 169.254.0.1
also indicates that this is an APIPA-assigned address. If a DHCP server
was reached, this would show the IP address of the DHCP server, and a
DHCP server would never be assigned an address in the APIPA range.
|
The TCP/IP configuration of
a client with an APIPA address will never include an address of a DNS
server or a default gateway. A client that has been assigned an APIPA
address can communicate with other clients that have APIPA addresses in
the same subnet but will not be able to communicate with any clients in
other subnets. |
