DHCP Server & Client Presentation

21,345 views
20,994 views

Published on

How does the DHCP server and client works?

Published in: Technology
2 Comments
35 Likes
Statistics
Notes
No Downloads
Views
Total views
21,345
On SlideShare
0
From Embeds
0
Number of Embeds
89
Actions
Shares
0
Downloads
0
Comments
2
Likes
35
Embeds 0
No embeds

No notes for slide

DHCP Server & Client Presentation

  1. 1. Dynamic Host Configuration Protocol (DHCP) RFC 2131 Presentation By: Ranjeet Saini (Raini). Team Leader: Olivia Wang. Date: Wednesday, March 24, 2004.
  2. 2. Agenda <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Function. </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues. </li></ul>
  3. 3. Reference RFCs & Drafts <ul><li>RFC 2131(Dynamic Host Configuration Protocol) </li></ul><ul><li>RFC 951 BOOTP (BOOTSTRAP PROTOCOL). </li></ul><ul><li>RFC 1534 Interoperation Between DHCP and BOOTP. </li></ul><ul><li>RFC 3118 Authentication for DHCP Messages. </li></ul><ul><li>RFC 2132 - DHCP Options and BOOTP Vendor Extensions. </li></ul><ul><li>DHCP Failover Protocol Draft. </li></ul><ul><li>DHCP for IPv6 Draft. </li></ul><ul><li>RFC 903 Reverse Address Resolution Protocol. </li></ul>
  4. 4. Contents <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Working. </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues. </li></ul>
  5. 5. DHCP overview <ul><li>An extension of the BOOTP protocol. </li></ul><ul><li>A centralized database of IP addesses and other TCP/IP configuration which will be given to clients asking for it. </li></ul><ul><li>Configuration parameters such as Default Gateway, DNS servers and NetBios can be distributed by DHCP. </li></ul><ul><li>A client will lease the ip address for a specific period of time. </li></ul>
  6. 6. DHCP Motivations <ul><li>Automatic network configuration for clients </li></ul><ul><li>No administrator intervention </li></ul><ul><li>Effective allocation of limited addresses </li></ul><ul><li>Support for roaming systems </li></ul>
  7. 7. DHCP Versions <ul><li>DHCP v4 or DHCP for IPv4. </li></ul><ul><li>DCHP v6 or DHCP for IPv6. </li></ul>
  8. 8. DHCP History <ul><li>RARP (Reverse Address Resolution Protocol) is executed on Ethernet, and converts the Ethernet address to an IP address. RARP handshake is mainly used in the diskless workstations. RARP uses an Ethernet frame directly . </li></ul><ul><li>BOOTP can also provide the mechanism of automatic configuration. These protocols use simple interaction; the client requests and the server replies. </li></ul><ul><li>But the RARP and BOOTP protocol do not solve the requirement of dynamic allocation. </li></ul>
  9. 9. Contents <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Working. </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues. </li></ul>
  10. 10. Why BOOTP? Internet Router 192.168.1.1 Boot Server 192.168.1.2 DNS Server 192.168.1.3 File Server 192.168.1.4 <ul><li>What’s my IP address? </li></ul><ul><li>What’s my subnet mask? </li></ul><ul><li>Who’s my router? </li></ul><ul><li>Who’s my DNS server? </li></ul>ee:34:d6:75:03:e2 e3:23:d2:75:05:f1 e6:34:d6:34:05:44 e6:75:e2:64:66:38  Diskless Workstations 
  11. 11. BOOTP: Bootstrap Protocol <ul><li>RFC 951 </li></ul><ul><li>Designed for diskless workstations </li></ul><ul><li>Supplies Static Configuration: </li></ul><ul><ul><li>IP address </li></ul></ul><ul><ul><li>Subnet mask </li></ul></ul><ul><ul><li>Router IP address </li></ul></ul><ul><ul><li>DNS Server </li></ul></ul><ul><ul><li>Boot image </li></ul></ul>
  12. 12. BOOTP Operation Port 67/UDP Port 68/UDP BOOTP UDP IP SA/DA BOOTP Client (A) BOOTP Server (B) BOOTP request B | A 67 | 68 BOOTP request BOOTP reply B | A 67 | 68 BOOTP reply
  13. 13. BOOTP PDU Format Vender Specific Area (up to 64-Bytes) Boot file name (128-Bytes) Server name (64-Bytes) Client hardware address (16-Bytes) Gateway IP address (4-Bytes) Server IP address (4-Bytes) Your IP address (4-Bytes) Client IP address (4-Bytes) Unused (2-Bytes) Number of seconds (2-Bytes) Transaction ID (4-Bytes) Hop Count (8-Bit) Hardware Length (8-Bit) Hardware Type (8-Bit) Operation Code (8-Bit)
  14. 14. BOOTP Problem Internet Router 192.168.1.1 Boot Server 192.168.1.2 DNS Server 192.168.1.3 File Server 192.168.1.4 ee:34:d6:75:03:e2 e3:23:d2:75:05:f1 e6:34:d6:34:05:44 e6:75:e2:64:66:38 I don’t know, I’ve never seen you here before. New Roaming Client (Ether or Wireless) What’s my network configuration?
  15. 15. BOOTP Limitations <ul><li>Static configuration </li></ul><ul><li>Does not dynamically allocate IP addresses </li></ul><ul><li>Manual administrator intervention to add/remove clients </li></ul>
  16. 16. DHCP Evolution <ul><li>DHCP is an extension of Bootstrap Protocol </li></ul><ul><li>Uses same basic PDU format for backwards compatibility </li></ul><ul><li>Introduces pool of IP addresses for dynamic assignment </li></ul><ul><li>Concept of temporary leased addresses </li></ul>
  17. 17. Contents <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Working </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues </li></ul>
  18. 18. BOOTP/DHCP differences <ul><li>BOOTP </li></ul><ul><li>Designed prior to DHCP. </li></ul><ul><li>Intended to configure diskless workstations with limited boot capabilities. </li></ul><ul><li>Dynamic BOOTP has a default 30-day expiration on IP address leases. </li></ul><ul><li>Supports a limited number of client configuration parameters called vendor extensions . </li></ul><ul><li>Describes a two-phase bootstrap configuration process, as follows: </li></ul><ul><li> Clients contact BOOTP servers to perform address determination and boot file name selection. </li></ul><ul><li> Clients contact Trivial File Transfer Protocol (TFTP) servers to perform file transfer of their boot image. </li></ul><ul><li>BOOTP clients do not rebind or renew configuration with the BOOTP server except when the system restarts. </li></ul>
  19. 19. <ul><li>Designed after BOOTP. </li></ul><ul><li>Intended to configure frequently relocated networked computers that have local hard drives and full boot capabilities. </li></ul><ul><li>DHCP has a default eight-day expiration on IP address leases. </li></ul><ul><li>Supports a larger and extensible set of client configuration parameters called options . </li></ul><ul><li>Describes a single-phase boot configuration process whereby a DHCP client negotiates with a DHCP server to determine its IP address and obtain any other initial configuration details it needs for network operation. </li></ul><ul><li>DHCP clients do not require a system restart to rebind or renew configuration with the DHCP server. Instead, clients automatically enter a rebinding state at set timed intervals to renew their leased address allocation with the DHCP server. This process occurs in the background and is transparent to the user. </li></ul>DHCP
  20. 20. Contents <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Working </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues </li></ul>
  21. 21. DHCP Allocation models <ul><li>There are three models:- </li></ul><ul><li>Dynamic allocation : Server chooses and allocates an IP address with finite lease. </li></ul><ul><li>Automatic allocation : Server allocates an IP address with infinite lease. </li></ul><ul><li>3. Static allocation : Server allocates an IP address which has been chosen by the administrator. </li></ul>
  22. 22. DHCP PDU Format Hop Count (8-Bit) Options (up to 312 bytes) Boot file name (128-Bytes) Server name (64-Bytes) Client hardware address (16-Bytes) Gateway IP address (4-Bytes) Server IP address (4-Bytes) Your IP address (4-Bytes) Client IP address (4-Bytes) Flag (1 bit) | (15 unused bits) Number of seconds Transaction ID (4-Bytes) Hardware Length (8-Bit) Hardware Type (8-Bit) Operation Code (8-Bit)
  23. 23. DHCP PDU Format <ul><li>Broadcast bit is to inform server if client can receive Unicast IP PDUs before initializing IP software with real address; otherwise local network broadcast address must be used </li></ul><ul><li>DHCP PDU has 312 bytes for options versus 64 bytes in BOOTP PDU </li></ul><ul><li>DHCP messages carried in options portion of the PDU </li></ul>
  24. 24. Typical Options Tag(0) Tag Length(N) Value Tag (255) Padding N bytes End of options 66 TFTP Server 54 Server Identifier 55 Parameter Request List 4 DNS name server 53 DHCP Message 3 Time server 61 Client Identifier 69 SMTP Server 72 WWW Server 37 TCP Default TTL 13 Boot File size 1 Subnet Mask
  25. 25. Message Types <ul><li>Type identified by value field of option with tag 53: </li></ul><ul><ul><li>DHCPDISCOVER (1) </li></ul></ul><ul><ul><li>DHCPOFFER (2) </li></ul></ul><ul><ul><li>DHCPREQUEST (3) </li></ul></ul><ul><ul><li>DHCPDECLINE (4) </li></ul></ul><ul><ul><li>DHCPACK (5) </li></ul></ul><ul><ul><li>DHCPNACK (6) </li></ul></ul><ul><ul><li>DHCPRELEASE (7) </li></ul></ul><ul><ul><li>DHCPINFORM (8) </li></ul></ul>
  26. 26. DHCP Client State Diagram Selecting Requesting Bound Renewing Rebinding Initializing DHCPDISCOVER DHCPREQUEST DHCPACK DHCPOFFER Lease 87.5% Expired DHCPREQUEST DHCPACK DHCPACK DHCPNACK Lease Expired Lease 50% Expired DHCPREQUEST DHCPNACK Lease Expired DHCPRELEASE Lease Cancelled
  27. 27. Allocating New Address DHCP Server-1 (not selected) DHCP Server-2 (selected) DHCP Client Client attempts to discover available DHCP servers Servers reply with address offers Client selects which offer to accept Client notifies servers of choice Server acknowledges client use of address Client gives up use of address DHCPDISCOVER DHCPDISCOVER DHCPOFFER DHCPOFFER DHCPREQUEST DHCPREQUEST DHCPACK DHCPRELEASE
  28. 28. Address Renewing Scenario DHCP Server-1 (not selected) DHCP Server-2 (selected) DHCP Client Client makes request Server acknowledges request; lease begins Time passes; 50% of lease expires Client makes request to renew address No response from server, client times out and sends request again Server responds with negative acknowledgement, address can not be renewed Client begins discovery phase to find a new address to lease DHCPREQUEST DHCPACK DHCPREQUEST DHCPNACK DHCPDISCOVER DHCPDISCOVER DHCPREQUEST
  29. 29. Contents <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Working </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues </li></ul>
  30. 30. DHCP Security Considerations <ul><li>Hostile environments with open physical access to network </li></ul><ul><li>Rouge DHCP server on network </li></ul><ul><li>Denial of service by exhausting address pool(192.168.3.100 to 192.168.3.200). Can’t assign the address out of the scope. </li></ul><ul><li>Authentication introduced in RFC 3118 but not implemented </li></ul>
  31. 31. DHCP Future <ul><li>DHCP for IPv6 (Not yet implemented) RFC 3315. </li></ul><ul><li>Authentication of the source and contents of DHCP messages . RFC 3118. </li></ul><ul><li>DHCP Relay Agent Information Option RFC 3046. </li></ul><ul><li>DHCP Failover Protocol ( draft-ietf-dhc-failover-12.txt ) </li></ul>
  32. 32. Contents <ul><li>DHCP Overview </li></ul><ul><li>BOOTP </li></ul><ul><li>Difference between DHCP and BOOTP </li></ul><ul><li>DHCP Design & Working </li></ul><ul><li>DHCP Security & Future </li></ul><ul><li>Testing Issues </li></ul>
  33. 33. DHCP Client Test
  34. 34. DHCP Client Enable / Disable Issue <ul><li>DHCP Enable - Client can get IP and other configuration parameter from DHCP Server or Not. </li></ul><ul><li>DHCP Disable - Client can use static IP and other configuration parameter and can work with other network clients or not. </li></ul>
  35. 35. Multiple DHCP Servers <ul><li>Verify DHCP client can work with multiple DHCP servers or not. </li></ul><ul><li>Verify if one DHCP server is down client can get IP from other DHCP server or not. </li></ul>
  36. 36. DHCP Client Reacquisition <ul><li>Verify the DHCP client can RENEWING or REBINDING its IP, if the lease is going to expire. </li></ul><ul><li>Client should be able to enter in RENEWING state. </li></ul><ul><li>If RENEWING process is failed then it should be able to enter in REBINDING state. </li></ul>
  37. 37. DHCP Release <ul><li>If the DHCP function is disable in DHCP client, client must send DHCP release to DHCP If the DHCP function is disable in DHCP client, client must send DHCP release to DHCP server. So the DHCP server can reuse that IP. </li></ul>
  38. 38. DHCP Client Retransmission <ul><li>Verify the DHCP client must adopt a retransmission strategy, if DHCP server is not responding. </li></ul><ul><li>Retransmission algorithm: </li></ul><ul><li>Time of Retransmission = 4 * 2 n , n=(0,1,2,3,4,5..n). </li></ul>
  39. 39. DHCP Client DECLINE <ul><li>Verify the DHCP client can sent DECLINE message to DHCP server if offered IP is already used by another client </li></ul>
  40. 40. DHCP Server Test
  41. 41. DHCPDISCOVER <ul><li>The DHCP server must response to DHCPDISCOVER message from client with DHCPOFFER message. </li></ul><ul><li>DHCP server must response to BOOTP clients also. </li></ul><ul><li>The DHCPDISCOVER message from client would be broadcast packet and received by all listening DHCP servers. </li></ul>
  42. 42. DHCP Option field <ul><li>Verify the DHCP option field in packet must be included “DHCP message type” in all DHCP messages. </li></ul><ul><li>E.g. A DHCP message with “DHCP message type” option type 1 will be referred to as a “DHCPDISCOVER” message. </li></ul>
  43. 43. DHCPOFFER <ul><li>DHCP server must offer configuration parameters to its client on DHCPDISCOVER message. </li></ul><ul><li>The DHCPOFFER message packet from server must be UNICAST. </li></ul>
  44. 44. DHCPACK <ul><li>DHCP server must send DHCPACK packet with configuration parameters including committed network address. </li></ul><ul><li>DHCPACK packet must be UNICAST. </li></ul>
  45. 45. DHCPNAK <ul><li>Verify the DHCP server can send a DHCPNAK to its client, if the client lease has been expired or it has move to new subnet. </li></ul>
  46. 46. Thanks

×