Escolar Documentos
Profissional Documentos
Cultura Documentos
Take for example the TCP/IP protocol stack: first of all, the IP protocol needs
to know the IP address of the computer. Moreover, it needs to know the
network subnet-mask, IP addresses of the default router, the printer, the DNS
and perhaps some other servers etc.
Those parameters can be configured manually and locally for each and every
computer. Using a mechanism like that introduces some problems:
All those reasons lead to the need in an automated mechanism for TCP/IP
protocols' configuration and DHCP is the currently most advanced
mechanism for doing so.
DHCP Goals
Compatibility
The DHCP protocol must be compatible with existing interface and protocols;
For example it should be compatible with all the types of clients, each one
can have a different configuration of communication parameters.
BRBRAITT : Nov-2006 2
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Local control
The DHCP server has to give a specific client the same communication
parameters in as many sequential requests as possible, so if a client was
disconnected from the web and requests its address/communication
parameters again, it would receive the same communication parameters as
before. (if nothing has changed since the disconnection).
The same is for the DHCP server, which should have the capability to give
the same client the same communication parameters even if it was
disconnected from the web.
Unique clients
A main goal of the DHCP protocol is to give each client its unique address. A
situation in which two or more clients are allocated with the same web
address must not occur in any circumstances, to prevent a situation of client
send a message to the wrong client.
Automatic Configuration
Saving hardware
There should not be a DHCP server for each and every link interface. There
should be a wide use of relay-agents to transmit a DHCP messages. If less
DHCP servers are used, it's more financialy agreeable because we'll use the
relay-agents which are simpler. The hardware saving will lead to more
economically worthwhile network and will save money as mentioned in
"protocol introduction".
Historical background
At first, most TCP/IP networks were relatively small and static. Manual IP
address management techniques were sufficient for them. Each station kept
its own IP address somewhere in its secondary storage. Once the address had
BRBRAITT : Nov-2006 3
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
DHCP comes with a predefined set of DHCP options, which it inherits from
the BOOTP vendor extensions mechanism, and it is open for further
extension, inheriting the openness from BOOTP.
BRBRAITT : Nov-2006 4
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Another difference is that the DHCP can configure a client with all the IP
parameters that the client needs in order to establish communication. One
BOOTP transfer only some of these parameters.
Moreover, the BOOTP protocol had a field named 'vendor extentions', to
specify the requested parameters and other options, which were replaced with
the field 'options' in the DHCP protocol.
Protocol Introduction
General
IP Address Allocation
The client sends a message to request configuration parameters and the server
responds with a message carrying the desired parameters back to the client.
BRBRAITT : Nov-2006 5
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
BOOTP Compatibility
DHCP does not require a server on each subnet. To allow for scale and
economy, DHCP can work across routers or through the intervention of
BOOTP relay agents. A relay agent listens to DHCP messages and forwards
them on (and onto other network segments). This eliminates the necessity of
having a DHCP server on each physical network.
BRBRAITT : Nov-2006 6
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
The client holds two times in its memory ? time1, and time2.
The first time is the time in which the client starts to ask its server for
renewing the lease of its address ? RENEWING state in the states diagram of
the protocol.
The second time is the time in which the client starts to ask other servers for
address ? REBINDING state in the states diagram of the DHCP protocol.
When the first time arrives, the client sends the DHCPREQUEST message to
the server with unique ID to this request. If the renew is approved, the server
will send an answer in DHCPACK message with this ID. Then the client
returns to normal functioning. The new time1 will be the sum of the time in
the server's answer and the time which has passed from the start of the
request to the answer.
If no answer has arrived until time2 has passed, the client will enter the
REBINDING state in the states diagram of the DHCP protocol, and will send
a multicast message to all the servers available to acquire new address.
These times can be changed by servers in the 'option' field, and have default
values. The default of time1 is half of the lease time of the current address,
and the default of time2 is 0.875x(lease time).
In both cases ? time1 and time2, if the client has not got an answer from the
DHCP servers, it should wait half of the time which is left before sending
DHCPREQUEST again. The shortest waiting time is one minute.
If the client has got its previous address, it continues to work normally. If the
client didn't get its previous address but got a new one, he should continue
working, but not with the current web parameters, and must inform the users
BRBRAITT : Nov-2006 7
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
about this. If the client didn't manage to get an address at all, it should stop its
work and go back to INIT state in the states diagram of the DHCP protocol.
The DHCP server is designed to supply DHCP clients with the configuration
parameters defined in the Host Requirements RFCs (1122 and 1123). Most of
those parameters are related to the TCP/IP protocol stack but DHCP allows
the configuration of non-related parameters too.
key = value
The client addresses the server with a request message to retrieve its
configuration parameters. The server answer with a response message
carrying the configuration parameters in the (later discussed) options field.
Not all clients require initialization of all possible parameters. Two techniques
are used to reduce the number of parameters delivered from the server to the
client:
Message Format
Here is the DHCP message format. The numbers in parentheses indicate the
size of each Field in Bytes.
BRBRAITT : Nov-2006 8
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
BRBRAITT : Nov-2006 9
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Apart from the small amount of the Fields imported from the BOOTP frame
format there came a need for a lot more Fields, some of them changing from
one message to another, others from one subnet to another etc.
That need came first after defining the BOOTP protocol which led to the
BOOTP extension mechanism, where the last Field in the frame format, the
'vendor extensions' filed was of variable length and could contain the extra
information. DHCP improved this mechanism, changing the Field name to
'options' and adding more options.
One way to categorize those options would be to split them into two groups:
• Configuration parameters.
• Message control information.
All options begin with a tag octet, which uniquely identifies the option. The
next octet is the option length specifier, its value does not include the two
Bytes specifying the tag and length. The length octet is followed by length
Bytes of data.
All these options/vendor extensions are defined in RFC 2132, where they are
split to the following groups:
Specifies the type of the DHCP message in order to be more specific than
the originally BOOTP Field 'op'. Different message types are used at
different stages of the client/server interaction.
Appears in every DHCP message (therefore the 'options' Field is never
empty):
BRBRAITT : Nov-2006 10
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Specifies the time interval from address assignment until the client
attempts to contact the server that originally issued the client's network
address before the lease expire.
Every message in DHCP protocol of IPv6 has a constant length header and
variable length data. This data is located in the "options" Field, and composed
from Bytes, in network byte format (least significant byte first.)
This is the format of a message which sent from client directly to the server:
BRBRAITT : Nov-2006 11
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
BRBRAITT : Nov-2006 12
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Client/Server Model
The client and the server negotiate in a series of messages in order for the
client to get the parameters it needs.
The following diagram shows the messages exchanged between the DHCP
client and servers when allocating a new network address. Next is a detailed
explanation of all the various messages and a description of the
communication steps.
This process can involve more than one server but only one server is selected
by the client. In the figure, the selected server is marked 'selected' and the
other, 'not selected' server stands for all the possible not selected servers.
BRBRAITT : Nov-2006 13
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Message Types
Message Use
BRBRAITT : Nov-2006 14
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Message Use
BRBRAITT : Nov-2006 15
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
BRBRAITT : Nov-2006 16
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
Security in DHCP
In order to achieve higher safety, the following two rules must be obeyed:
BRBRAITT : Nov-2006 17
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
1. The protocol cannot be changed. (i.e. its stucrute, msg types etc. must
remain intact.)
2. Interact with the DHCP server as little as possible ? minimize the
number of stages of the communication with the DHCP server.
Security in IPv6
In addition to the method of adding "options", like in IPv4, there is also use
of the IPsec mechanisms for communication between relay-agents or relay-
BRBRAITT : Nov-2006 18
“DATA NETWORKS” FOR JTOs PH-II – Dynamic Host Configuration Protocol
In addition to this tool, one can use also the general security tools of IPv6 for
DHCP security. There are many sources to these tools in the web, and a
partial list can be found in This Link.
BRBRAITT : Nov-2006 19