With networks getting larger in size and
more complicated in structure, lack of available IP addresses becomes the
common situation the network administrators have to face, and network
configuration becomes a tough task for the network administrators. With the
emerging of wireless networks and the using of laptops, the position change of
hosts and frequent change of IP addresses also require new technology. Dynamic
host configuration protocol (DHCP) is developed in this background.
DHCP adopts a client/server model, where
DHCP clients send requests to DHCP servers for configuration parameters; and
the DHCP servers return the corresponding configuration information such as IP
addresses to configure IP addresses dynamically.
A typical DHCP application includes one
DHCP server and multiple clients (such as PCs and laptops), as shown in Figure 1-1.
Figure 1-1 Typical DHCP application
Currently, DHCP provides the following
three IP address assignment policies to meet the requirements of different
clients:
l
Manual assignment. The administrator statically
binds IP addresses to few clients with special uses (such as WWW server). Then
the DHCP server assigns these fixed IP addresses to the clients.
l
Automatic assignment. The DHCP server assigns IP
addresses to DHCP clients. The IP addresses will be occupied by the DHCP
clients permanently.
l
Dynamic assignment. The DHCP server assigns IP
addresses to DHCP clients for predetermined period of time. In this case, a
DHCP client must apply for an IP address again at the expiration of the period.
This policy applies to most clients.
A DHCP client undergoes the following four
phases to dynamically obtain an IP address from a DHCP server:
1)
Discover: In this phase, the DHCP client tries
to find a DHCP server by broadcasting a DHCP-DISCOVER packet.
2)
Offer: In this phase, the DHCP server offers an
IP address. After the DHCP server receives the DHCP-DISCOVER packet, it chooses
an unassigned IP address according to the priority order of IP address
assignment and then sends the IP address and other configuration information together
in a DHCP-OFFER packet to the DHCP client. The sending mode is decided by the
flag filed in the DHCP-DISCOVER packet, refer to section 1.3 "DHCP Packet Format” for detail.
3)
Select: In this phase, the DHCP client selects
an IP address. If more than one DHCP server sends DHCP-OFFER packets to the
DHCP client, the DHCP client only accepts the DHCP-OFFER packet that first
arrives, and then broadcasts a DHCP-REQUEST packet containing the assigned IP
address carried in the DHCP-OFFER packet.
4)
Acknowledge: In this phase, the DHCP servers
acknowledge the IP address. Upon receiving the DHCP-REQUEST packet, only the selected
DHCP server returns a DHCP-ACK packet to the DHCP client to confirm the
assignment of the IP address to the client, or returns a DHCP-NAK packet to
refuse the assignment of the IP address to the client. When the client receives
the DHCP-ACK packet, it broadcasts an ARP packet with the assigned IP address
as the destination address to detect the assigned IP address, and uses the IP
address only if it does not receive any response within a specified period.
The IP addresses
offered by other DHCP servers but not used by the DHCP client are still
available to other clients.
After a DHCP server dynamically assigns an
IP address to a DHCP client, the IP address keeps valid only within a specified
lease time and will be reclaimed by the DHCP server when the lease expires. If
the DHCP client wants to use the IP address for a longer time, it must update
the IP lease.
By default, a DHCP client updates its IP
address lease automatically by unicasting a DHCP-REQUEST packet to the DHCP
server when half of the lease time elapses. The DHCP server responds with a
DHCP-ACK packet to notify the DHCP client of a new IP lease if the server can
assign the same IP address to the client. Otherwise, the DHCP server responds
with a DHCP-NAK packet to notify the DHCP client that the IP address will be
reclaimed when the lease time expires.
If the DHCP client fails to update its IP address lease when half of
the lease time elapses, it will update its IP address lease by broadcasting a
DHCP-REQUEST packet to the DHCP servers again when seven-eighths of the lease
time elapses. The DHCP server performs the same operations as those described above.
DHCP has eight types of packets. They have
the same format, but the values of some fields in the packets are different.
The DHCP packet format is based on that of the BOOTP packets. The following figure
describes the packet format (the number in the brackets indicates the field
length, in bytes):
Figure 1-2 DHCP packet format
The fields are described as follows:
l
op: Operation types of DHCP packets, 1 for
request packets and 2 for response packets.
l
htype, hlen: Hardware address type and length of
the DHCP client.
l
hops: Number of DHCP relays which a DHCP packet
passes. For each DHCP relay that the DHCP request packet passes, the field
value increases by 1.
l
xid: Random number that the client selects when
it initiates a request. The number is used to identify an address-requesting
process.
l
secs: Elapsed time after the DHCP client
initiates a DHCP request.
l
flags: The first bit is the broadcast response
flag bit. It is used to identify that the DHCP response packet is sent in the
unicast or broadcast mode. Other bits are reserved.
l
ciaddr: IP address of a DHCP client.
l
yiaddr: IP address that the DHCP server assigns
to a client.
l
siaddr: IP address of the DHCP server.
l
giaddr: IP address of the first DHCP relay that
the request packet sent by the DHCP client passes.
l
chaddr: Hardware address of the DHCP client.
l
sname: Name of the DHCP server.
l
file: Path and name of the boot configuration
file that the DHCP server specifies for the DHCP client.
l
option: Optional variable-length fields,
including packet type, valid lease time, IP address of a DNS server, and IP
address of the WINS server.
After the DHCP is enabled on a device, the
device processes the DHCP packet received from a DHCP client in one of the
following three modes depending on your configuration:
l
Global address pool: In response to the DHCP
packets received from DHCP clients, the DHCP server picks IP addresses from its
global address pools and assigns them to the DHCP clients.
l
Interface address pool: In response to the DHCP
packets received from DHCP clients, the DHCP server picks IP addresses from the
interface address pools and assigns them to the DHCP clients. If there is no
available IP address in the interface address pools, the DHCP server picks IP
addresses from its global address pool that contains the interface address pool
segment and assigns them to the DHCP clients.
l
Relay: DHCP packets received from DHCP clients
are forwarded to an external DHCP server, which assigns IP addresses to the
DHCP clients.
You can specify the mode to process DHCP
packets. For the configuration of the first two modes, see Chapter 2 DHCP Server Configuration. For the configuration of the trunk mode, see Chapter 3 DHCP Relay Configuration.
One interface
only corresponds to one mode. In this case, the new configuration overwrites the
previous one.
Protocol specifications related to DHCP
include:
l
RFC2131: Dynamic Host Configuration Protocol
l
RFC2132: DHCP Options and BOOTP Vendor
Extensions
l
RFC1542: Clarifications and Extensions for the
Bootstrap Protocol
Generally, DHCP servers are used in the
following networks to assign IP addresses:
l
Large-sized networks, where manual configuration
method bears heavy load and is difficult to manage the whole network in
centralized way.
l
Networks where the number of available IP
addresses is less than that of the hosts. In this type of networks, IP
addresses are not enough for all the hosts to obtain a fixed IP address, and
the number of on-line users is limited (such is the case in an ISP network). In
these networks, a great number of hosts must dynamically obtain IP addresses
through DHCP.
l
Networks where only a few hosts need fixed IP
addresses and most hosts do not need fixed IP addresses.
In an IRF (intelligent resilient framework)
system, DHCP servers operate in a centralized way to fit the IRF environment.
l
DHCP servers run (as tasks) on all the units
(including the master unit and the slave units) in a Fabric system. But only
the one running on the master unit receives/sends packets and carries out all
functions of a DHCP server. Those running on the slave units only operate as
the backup tasks of the one running on the master unit.
l
When a slave unit receives a DHCP-REQUEST
packet, it redirects the packet to the DHCP server on the master unit, which
returns a DHCP-ACK/DHCP-NAK packet to the DHCP client and at the same time
backs up the related information to the slave units. In this way, when the
current master unit fails, one of the slaves can change to the master and
operates as the DHCP server immediately.
l
DHCP is an UDP-based protocol operating at the
application layer. When a DHCP server in a fabric system runs on a Layer 2
network device, DHCP packets are directly forwarded by hardware instead of
being delivered to the DHCP server, or being redirected to the master unit by
UDP HELPER. This idles the DHCP server. DHCP packets can be redirected to the
DHCP server on the master unit by UDP HELPER only when the Layer 2 device is
upgraded to a Layer 3 device.
Caution:
l
When you merge two or more IRF systems into one
IRF system, a new master unit is elected, and the new IRF system adopts new
configurations accordingly. This may result in the existing system
configurations (including the address pools configured for the DHCP servers)
being lost. As the new IRF system cannot inherit the original DHCP server
configurations, you need to perform DHCP server configurations for it.
l
When an IRF system is split into multiple new
IRF systems, some of the new IRF systems may be degraded to Layer 2 devices.
For a new IRF system degraded to Layer 2 device, although the original DHCP
server still exists in the new system, it runs idle for being unable to receive
any packets. When the IRF system restores to a Layer 3 device due to being
merged into a new IRF system, it adopts the configurations on the new IRF
system. And you need to perform DHCP server configurations if the new IRF
system does not have DHCP server-related configurations.
l
In an IRF system, the UDP HELPER function must
be enabled on the DHCP servers that are in fabric state.
A DHCP address pool holds the IP addresses
to be assigned to DHCP clients. When a DHCP server receives a DHCP request from
a DHCP client, it selects an address pool depending on the configuration, picks
an IP address from the pool and sends the IP address and other related
parameters (such as the IP address of the DNS server, and the lease time of the
IP address) to the DHCP client.
I. Types of address pool
The address pools of a DHCP server fall
into two types: global address pool and interface address pool.
l
A global address pool is created by executing
the dhcp server ip-pool command in system view. It is valid on the
current device.
l
If an interface is configured with a valid
unicast IP address, you can create an interface-based address pool for the
interface by executing the dhcp select interface command in
interface view. The IP addresses an interface address pool holds belong to the
network segment the interface resides in and are available to the interface
only.
II. The structure of an address
pool
The address pools of a DHCP server are
hierarchically organized in a tree-like structure. The root holds the IP
address of the natural network segment, the branches hold the subnet IP
addresses, and the leaves holds the IP addresses that are manually bound to
specific clients. The address pools that are of the same level are sorted by
their configuration precedence order. Such a structure enables configurations to
be inherited. That is, the configurations of the natural network segment can be
inherited by its subnets, whose configurations in turn can be inherited by
their client address. So, for the parameters that are common to the whole
network segment or some subnets (such as domain name), you just need to
configure them on the network segment or the corresponding subnets. The
following is the details of configuration inheritance.
1)
A newly created child address pool inherits the
configurations of its parent address pool.
2)
For an existing parent-child address pool pair,
when you performs a new configuration on the parent address pool:
l
The child address pool inherits the new
configuration if there is no corresponding configuration on the child address
pool.
l
The child address pool does not inherit the new
configuration if there is already a corresponding configuration on the child
address pool.
Interfaces of the DHCP server can work in
the global address pool mode or in the interface address pool mode. If the DHCP
server works in the interface address pool mode, it picks IP addresses from the
interface address pools and assigns them to the DHCP clients. If there is no
available IP address in the interface address pools, the DHCP server picks IP
addresses from its global address pool that contains the interface address pool
segment and assigns them to the DHCP clients.
A DHCP server assigns IP addresses in
interface address pools or global address pools to DHCP clients in the
following sequence:
l
IP addresses that are statically bound to the
MAC addresses of DHCP clients or client IDs
l
IP addresses that are ever used by DHCP clients.
That is, those in the assigned leases recorded by the DHCP server. If there is
no record in the leases and the DHCP-DISCOVER packets sent by DHCP clients
contain option 50 fields, the DHCP server assigns the IP address requested by
option 50.
l
The first IP address found among the available
IP addresses in the DHCP address pool.
l
If no IP address is available, the DHCP server
queries lease-expired and conflicted IP addresses. If the DHCP server finds
such IP addresses, it assigns them; otherwise the DHCP server does not assign an
IP address.
Table 2-1 Configure global address pool-based DHCP server
You need to enable DHCP before performing
other DHCP-related configurations, which takes effect only after DHCP is
enabled.
Table 2-2 Enable DHCP
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Enable DHCP
|
dhcp
enable
|
Required
By
default, DHCP is enabled
|
To improve security
and avoid malicious attack to the unused SOCKETs, S5600 Ethernet switches
provide the following functions:
l
UDP 67 and UDP 68 ports used by DHCP are enabled
only when DHCP is enabled.
l
UDP 67 and UDP 68 ports are disabled when DHCP
is disabled.
The corresponding
implementation is as follows:
l
After DHCP is enabled by executing the dhcp
enable command, if the DHCP server and DHCP relay functions are not
configured, UDP 67 and UDP 68 ports are kept disabled; if the DHCP server / DHCP
relay function is configured, UDP 67 and UDP 68 ports are enabled.
l
After DHCP is disabled by executing the undo
dhcp enable command, even if the DHCP server and DHCP relay functions
are configured, UDP 67 and UDP 68 ports will be disabled.
You can configure
the global address pool mode on the specified or all interfaces of a DHCP
server. After that, when the DHCP server receives DHCP packets from DHCP
clients through these interfaces, it assigns IP addresses in the global address
pool to the DHCP clients.
Table 2-3 Configure the global address pool mode on interface(s)
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the specified interface(s) or
all the interfaces to operate in global address pool mode
|
Configure the current interface
|
interface interface-type
interface-number
|
Optional
By default, the interface operates in
global address pool mode.
|
|
dhcp select global
|
|
quit
|
|
Configure multiple interfaces simultaneously
in system view
|
dhcp select global { interface interface-type
interface-number [ to interface-type interface-number ] | all
}
|
2.2.4 Configuring
How to Assign IP Addresses in a Global Address Pool
You can specify to bind an IP address in a
global address pool statically to a DHCP client or assign IP addresses in the
pool dynamically to DHCP clients as needed. In a global address pool, you can only
bind one IP address statically to a DHCP client and assign other IP addresses
in the pool dynamically to DHCP clients.
For dynamic IP address assigning, you need
to specify the range of the IP addresses to be dynamically assigned. But for
static IP address binding, you can regard that the IP address statically bound
to a DHCP client comes from a special DHCP address pool that contains only one
IP address.
I. Configuring to assign IP
addresses by static binding
Some DHCP clients, such as WWW servers,
need fixed IP addresses. This can be achieved by binding IP addresses to the
MAC addresses of these DHCP clients. When such a DHCP client applies for an IP
address, the DHCP server searches for the IP address corresponding to the MAC
address of the DHCP client and assigns the IP address to the DHCP client.
When some DHCP clients send DHCP-DISCOVER
packets to the DHCP server to apply for IP addresses, they construct client IDs
and add them in the DHCP-DISCOVER packets. The DHCP server finds the
corresponding IP addresses based on the client IDs and assigns them to the DHCP
clients.
Currently, only one IP address in a global
DHCP address pool can be statically bound to a MAC address or a client ID.
Table 2-4 Configure to assign IP addresses by static binding
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a DHCP address pool and enter DHCP
address pool view
|
dhcp server ip-pool pool-name
|
Required
By default, no global DHCP address pool
is created.
|
|
Configure an IP address to be statically
bound
|
static-bind ip-address ip-address [ mask mask ]
|
Required
By default, no IP address is statically
bound.
|
|
Bind an IP address to the MAC address of
a DHCP client or a client ID statically
|
Configure the MAC address to which the IP
address is to be statically bound
|
static-bind mac-address mac-address
|
One of these two options is required.
By default, no MAC address or client ID
to which an IP address is to be statically bound is configured.
|
|
Configure the client ID to which the IP
address is to be statically bound
|
static-bind client-identifier client-identifier
|
l
The static-bind ip-address command and
the static-bind mac-address command or the static-bind
client-identifier command must be coupled.
l
In the same global DHCP address pool, if you
configure the static-bind client-identifier command after configuring
the static-bind mac-address command, the new configuration overwrites
the previous one, and vice versa.
l
In the same global DHCP address pool, if the static-bind
ip-address command, the static-bind mac-address command, or the static-bind
client-identifier is executed repeatedly, the new configuration overwrites
the previous one.
l
The IP address to be statically bound cannot be
an interface IP address of the DHCP server; otherwise static binding does not
take effect.
l
A client can permanently use the
statically-bound IP address that it has obtained. The IP address is not limited
by the lease time of the IP addresses in the address pool.
To improve security
and avoid malicious attack to the unused SOCKETs, S5600 Ethernet switches
provide the following functions:
l
UDP 67 and UDP 68 ports used by DHCP are enabled
only when DHCP is enabled.
l
UDP 67 and UDP 68 ports are disabled when DHCP
is disabled.
The corresponding
implementation is as follows:
l
After a DHCP address pool is created by
executing the dhcp server ip-pool command, the UDP 67 and UDP 68 ports
used by DHCP are enabled.
l
After a DHCP address pool is deleted by
executing the undo dhcp server ip-pool command and all other DHCP
functions are disabled, UDP 67 and UDP 68 ports used by DHCP are disabled
accordingly.
II. Configuring to assign IP
addresses dynamically
IP addresses dynamically assigned to DHCP
clients (including those that are permanently leased and those that are
temporarily leased) belong to addresses segments that are previously specified.
Currently, an address pool can contain only one address segment, whose ranges
are determined by the subnet mask.
To avoid IP address conflicts, the IP
addresses to be dynamically assigned to DHCP clients are those that are not
occupied by specific network devices (such as gateways and FTP servers).
The lease time can differ with address
pools. But that of the IP addresses of the same address pool are the same.
Lease time is not inherited, that is to say, the lease time of a child address
pool is not affected by the configuration of the parent address pool.
Table 2-5 Configure to assign IP addresses dynamically
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a DHCP address pool and enter DHCP
address pool view
|
dhcp server ip-pool pool-name
|
Required
By default, no global DHCP address pool
is created
|
|
Set the IP address segment whose IP
address are to be assigned dynamically
|
network ip-address [ mask mask
]
|
Required
By default, no IP address segment is set.
That is, no IP address is available for being assigned
|
|
Configure the lease time
|
expired { day
day [ hour hour [ minute minute ] ] | unlimited
}
|
Optional
The default lease time is one day
|
|
Return to system view
|
quit
|
—
|
|
Specify the IP addresses that are not
dynamically assigned
|
dhcp server forbidden-ip low-ip-address [ high-ip-address
]
|
Optional
By default, all IP addresses in a DHCP
address pool are available for being dynamically assigned
|
l
In the same DHCP global address pool, the network
command can be executed repeatedly. In this case, the new configuration overwrites
the previous one.
l
The dhcp server forbidden-ip command can
be executed repeatedly. That is, you can configure multiple IP addresses that
are not dynamically assigned to DHCP clients.
l If an IP address that is not to be automatically assigned has been
configured as a statically-bound IP address, the DHCP server still assigns this
IP address to the client whose MAC address has been bound.
If a host accesses the Internet through
domain names, DNS (domain name system) is needed to translate the domain names
into the corresponding IP addresses. To enable DHCP clients to access the
Internet through domain names, a DHCP server is required to provide DNS server
addresses while assigning IP addresses to DHCP clients. Currently, you can
configure up to eight DNS server addresses for a DHCP address pool.
On a DHCP server, you can configure domain
names to be used by DHCP clients for address pools. After you do this, the DHCP
server provides the domain names together with the assigned IP addresses to the
DHCP clients.
Table 2-6 Configure DNS services for the DHCP server
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a DHCP address pool and enter DHCP
address pool view
|
dhcp server ip-pool pool-name
|
Required
By default, no global DHCP address pool
is created.
|
|
Configure a domain name for DHCP clients
|
domain-name domain-name
|
Required
By default, no domain name is configured
for DHCP clients.
|
|
Configure DNS server addresses for DHCP
clients
|
dns-list ip-address&<1-8>
|
Required
By default, no DNS server address is
configured.
|
For Microsoft Windows-based DHCP clients
that communicate through NetBIOS protocol, the host name-to-IP address
translation is carried out by Windows internet naming service (WINS) servers.
So you need to perform WINS-related configuration for most Windows-based hosts.
Currently, you can configure up to eight WINS addresses for a DHCP address
pool.
Host name-to-IP address mappings are needed
for DHCP clients communicating through NetBIOS protocol. According to the way
to establish the mapping, NetBIOS nodes fall into the following four
categories:
l
B-node. Nodes of this type establish their
mappings through broadcasting (The character b stands for the word broadcast).
The source node obtains the IP address of the destination node by sending the
broadcast packet containing the host name of the destination node. After
receiving the broadcast packet, the destination node returns its IP address to
the source node.
l
P-node. Nodes of this type establish their
mappings by sending unicast packets to WINS servers. (The character p stands
for peer-to-peer). The source node sends the unicast packet to the WINS server.
After receiving the unicast packet, the WINS server returns the IP address
corresponding to the destination node name to the source node.
l
M-node. Nodes of this type are p-nodes mixed
with broadcasting features (The character m stands for the word mixed), that is
to say, this type of nodes obtain mappings by sending broadcast packets first.
If they fail to obtain mappings, they send unicast packets to the WINS server
to obtain mappings.
l
H-node. Nodes of this type are b-nodes mixed
with peer-to-peer features. (The character h stands for the word hybrid), that
is to say, this type of nodes obtain mappings by sending unicast packets to
WINS servers first. If they fail to obtain mappings, they send broadcast
packets to obtain mappings.
Table 2-7 Configure DHCP server to assign WINS
server addresses
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Create a DHCP address pool and enter DHCP
address pool view
|
dhcp server ip-pool pool-name
|
Required
By default, no global DHCP address pool
is created.
|
|
|
