When we talk about networks, there are some resources that are used and make our lives a lot easier, but we don’t even realize them. One of them is the DHCP protocol. From the English Dynamic Host Configuration Protocol, it is a protocol used in computer networks that allows machines to obtain an IP address automatically.
This protocol began to gain ground in approximately October 1993, being the successor to BOOTP which, although simpler, has become too limited for current requirements.
The DHCP protocol is a client/server protocol that automatically provides an ip host (IP protocol) with its IP address and other related configuration information such as the subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF) standard based on the BOOTP protocol, a protocol with which DHCP shares many implementation details. DHCP allows hosts to obtain necessary TCP/IP configuration information from a DHCP server.
Windows Server 2016 includes DHCP Server, which is an optional network server role that you can deploy on your network to lease IP addresses and other information to DHCP clients. All Windows based Windows client operating systems include the DHCP client as part of TCP/IP and the DHCP client is enabled by default.
Why is he important?
Let’s say you are the administrator of a network. If it was a home network with 3 computers, it wouldn’t be too much trouble to assign an IP number and all the necessary parameters to each of them. Now, if there were 100, 200 or more, the story would certainly be different.
The DHCP protocol does just that, through which a server is able to automatically distribute different IP addresses to all computers as they make the request to connect to the network. This distribution of IPs is done at a pre-defined interval configured on the server. Whenever one of the machines is disconnected, the IP will be free for use on another.
You may have heard that you get a different IP address for each internet connection, right? This is a fact that is responsible for DHCP combined with different protocols.
How does he do it?
Briefly, using a client-server model, DHCP does the following:
● When a client connects to a network it sends a packet with a request for DHCP settings.
● The DHCP server manages a fixed range of available IPs along with the necessary information and parameters (default gateway, domain name, DNS, etc).
● When this server receives a request, it delivers one of these addresses and settings to the client.
It can operate in three ways: automatic, dynamic and manual.
Automatic , in which a number of IP addresses (within a range) are defined to be used on the network. In this case, whenever one of the computers on a network requests a connection to it, one of these IPs will be assigned to the machine in question.
In dynamics , the procedure is very similar to that performed by automatic, but the computer’s connection with a certain IP is limited by a pre-configured period of time that can vary as desired by the network administrator.
In manual mode , DHCP allocates an IP address according to the MAC (Medium Access Control) value of each network card so that each computer will only use this IP address. This feature is used when it is necessary for a machine to have a fixed IP address.
As DHCP supports multiple platforms, it brings efficient solution and provides great help for network administrators. Now you know what this network protocol is and what it does, we hope that all questions regarding the subject have been answered satisfactorily and until next time!
Why use DHCP?
Each device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be manually configured; IP addresses for computers removed from the network must be retrieved manually.
With DHCP, this entire process is automated and centrally managed. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because IP addresses are dynamic (leases) rather than static (permanently assigned), addresses that are no longer in use are automatically returned to the pool for relocation.
The network administrator establishes DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores configuration information in a database that includes:
TCP/IP configuration parameters valid for all clients on the network.
Valid IP addresses, kept in a pool for assignment to clients, as well as excluded addresses.
Reserved IP addresses associated with specific DHCP clients. This allows consistent assignment of a single IP address to a single DHCP client.
The lease duration, or the length of time the IP address can be used before a lease renewal is required.
A DHCP-enabled client, after accepting a lease offer, receives:
A valid IP address for the subnet it is connecting to.
Requested DHCP options, which are additional parameters that a DHCP server is configured to assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers and DNS Domain Name.
Benefits of DHCP
DHCP offers the following benefits.
Trusted IP Address Configuration . DHCP minimizes configuration errors caused by manually configuring an IP address, such as typographical errors or address conflicts caused by assigning an IP address to more than one computer at the same time.
Reduced network administration . DHCP includes the following features to reduce network administration:
Centralized and automated TCP/IP configuration.
The ability to configure TCP/IP settings from a central location.
The ability to assign a full range of additional TCP/IP configuration values through DHCP options.
Efficient handling of IP address changes for clients that must be updated frequently, such as those for handheld devices that move to different locations on a wireless network.
Forwarding initial DHCP messages using a DHCP relay agent, which eliminates the need for a DHCP server on each subnet.
Terms Used in DHCP
DHCP Server: It is a server where the DHCP service was installed and configured. On Microsoft Windows, after installing a DHCP server it needs to be authorized in Active Directory before it can effectively service client requests. The authorization procedure in Active Directory is a security measure to prevent DHCP servers from being introduced into the network without the network administrator’s knowledge. In addition to Windows Server, the DHCP service can also be installed on Linux distributions, such as the DHCP3 Server service, a package already present in most Linux server distributions. The DHCP server is not available for Windows 2000 Professional, Windows XP Professional or Windows Vista.
DHCP Client: Any network device capable of obtaining TCP/IP settings from a DHCP server. For example, a workstation with Microsoft Windows 10, a workstation with any Linux distribution, a printer with a DHCP-enabled network card, etc.
Scope: A scope is the complete consecutive range of possible IP addresses for a network (for example, the range 10.10.10.100 to 10.10.10.150, on the 10.10.10.0/255.255.255.0 network). In general, scopes define a single physical subnet within the network on which DHCP services will be offered. Scopes also provide the main method for the server to manage the distribution and assignment of IP addresses and other configuration parameters for clients on the network, such as the default gateway, DNS server, and so on.
Superscope: A superscope is an administrative grouping of scopes that can be used to support multiple logical IP subnets on the same physical subnet. Superscopes contain only a list of associated scopes or child scopes that can be activated together. Superscopes are not used to configure other details about scope usage. To configure most properties used in a superscope, you need to configure properties for each associated scope individually. For example, if all computers are to be assigned the same default gateway IP number, this number has to be configured in each scope individually. There is no way to make this configuration in the superscope and all the scopes (which make up the superscope) inherit these configurations.
Exclude range: An exclude range is a limited sequence of IP addresses within a scope, excluded from addresses that are provided by DHCP. Exclusion ranges ensure that any addresses in these ranges are not offered by the server to DHCP clients on your network. For example, within the range 10.10.10.100 to 10.10.10.150, on the network 10.10.10.0/255.255.255.0 of a given scope, you can create an exclusion range from 10.10.10.120 to 10.10.10.130. Exclusion range addresses will not be used by the DHCP server to configure DHCP clients.
Address Pool: After defining a DHCP scope and applying exclusion ranges, the remaining addresses form the pool of available addresses within the scope. Pooled addresses are eligible for dynamic assignment by the server to DHCP clients on your network. In our example, where we have the scope with the range 10.10.10.100 to 10.10.10.150, with an exclusion range from 10.10.10.120 to 10.10.10.130, our address pool is formed by the addresses from 10.10.10.100 to 10.10.10.119 , plus addresses 10.10.10.131 through 10.10.10.150.
Lease: A lease is a period of time specified by a DHCP server during which a client computer can use an IP address it has received from the DHCP server (it is said to be assigned by the DHCP server). A lease is active when it is being used by the client. Generally, the client needs to renew its address lease assignment with the server before it expires. A lease becomes inactive when it expires or is deleted on the server. The duration of a lease determines when it will expire and how often the client needs to renew it on the server.
Reservation: A reservation is used to create a permanent address lease by the DHCP server. Reservations ensure that a specified hardware device on the subnet can always use the same IP address. The reservation is created associated with the hardware address of the network card, known as the MAC address (or MAC address). In the DHCP server, a reservation is created, associating an IP address with a MAC address. When the computer (with the MAC address for which a reservation exists) starts up, it contacts the DHCP server. The DHCP server verifies that there is a reservation for that MAC address and configures the computer with the IP address associated with the MAC address. If there is a problem with the computer’s network card and the card has to be replaced, the MAC address will change and the previous reservation will have to be deleted and a new reservation will have to be created, using, now, the new MAC address.
Option types: Option types are other client configuration parameters that a DHCP server can assign to clients. For example, some commonly used options include IP addresses for default gateways (routers), Windows Internet Name System (WINS) servers, and Domain Name System (DNS) servers. These option types are generally enabled and configured for each scope. The DHCP Service Administration console also allows you to configure default option types that are used by all scopes added and configured on the server. Most options are predefined through RFC 2132, but you can use the DHCP console to define and add custom option types if needed.
IP assignment criteria
DHCP, depending on the implementation, can offer three types of IP address allocation:
Manual assignment – Where there is an association table between the MAC address of the client (which will be compared through the received broadcast packet) and the IP address (and remaining data) to be provided. This association is done manually by the network administrator; therefore, only clients whose MAC appears in this list will be able to receive configurations from that server;
Automatic assignment – Where the client obtains an address from a possible address space, specified by the administrator. There is generally no link between the various MACs enabled in this address space;
Dynamic Assignment – The only method that provides for dynamic reuse of addresses. The administrator makes available a space of possible addresses, and each client will have the TCP/IP software of its network interface configured to request an address by DHCP as soon as the machine is connected to the network. The allocation uses an address lease mechanism, characterized by a lifetime. Zeroed/expired this lifetime naturally, the next time the client connects, the address will probably be another one.
Some implementations of DHCP server software also allow dynamic updating of DNS servers so that each client also has a DNS. This mechanism uses the DNS update protocol specified in RFC 2136.
In small networks where only one IP subnet is being managed, DHCP clients communicate directly with DHCP servers. However, DHCP servers can also provide IP addresses for multiple subnets. In this case, a DHCP client that has not yet acquired an IP address cannot communicate directly with the DHCP server using IP routing, because it does not have an IP address, nor does it know the IP address of a router. In order to allow DHCP clients on subnets not directly served by DHCP servers to communicate with DHCP servers, DHCP relay agents can be installed on these subnets. The DHCP client broadcasts on the local link, the relay agent receives the broadcast and broadcasts it to one or more DHCP servers using unicast. The relay agent stores its own IP address in the GIADDR field of the DHCP packet. The DHCP server uses GIADDR to determine the subnet on which the relay agent received the broadcast, and assigns an IP address on the subnet. When the DHCP server replies to the client, it sends the reply to the GIADDR address, again using unicast. The relay agent then relays the response on the local network.
The DHCP protocol provides reliability in several ways: periodic renewal, rebinding, and failover. DHCP clients are assigned leases that last for some period of time. Customers begin trying to renew their leases once half of the lease interval has expired. They do this by sending a unicast DHCPREQUEST message to the DHCP server that granted the original contract. If that server is down or unreachable, it will stop responding to the DHCPREQUEST. However, the DHCPREQUEST will be repeated by the client from time to time, [specify], so when the DHCP server comes back or becomes reachable again, the DHCP client will be able to contact it, and renew its contract. If the DHCP server is unreachable for an extended period of time, [specify] the DHCP client will attempt to rebind, broadcasting its DHCPREQUEST instead of unicasting it. Because it is broadcast, the DHCPREQUEST message will reach all available DHCP servers. If some other DHCP server is able to renew the lease, it will do so at this point.
In order for rebinding to work, when the client successfully contacts a backup DHCP server, the server must have accurate client binding information. Keeping binding information accurate between two servers is a tricky problem, if both servers are able to update the same location database, there must be a mechanism to avoid conflicts between updates on independent servers. A standard for implementing fault-tolerant DHCP servers was developed at the Internet Engineering Task Force.
If reconnection fails, the lease will eventually expire. When the lease expires, the customer must stop using the IP address given to them in their contract. At that time, it will restart the DHCP process from the beginning, broadcasting a DHCPDISCOVER message. Since his lease has expired, he will accept any IP address that is offered to him. Once it has a new IP address, probably from a different DHCP server, it will once again be able to use the network. However, as your IP address has changed, ongoing connections will be broken.
The DHCP protocol base does not include any authentication mechanism. Hence, it is vulnerable to a variety of attacks. These attacks fall into three main categories:
Providing false information to clients by unauthorized DHCP servers.
Access to network resources by unauthorized clients.
Exhaustive attacks on network resources from malicious DHCP clients.
Because the client has no way of validating the identity of a DHCP server, unauthorized DHCP servers can be operating on networks, providing incorrect information to DHCP clients. This can serve both as a denial of service attack, preventing the client from gaining access to network connectivity. Because the DHCP server supplies the DHCP client with the server’s IP addresses, such as the IP address of one or more DNS servers, an attacker can convince a DHCP client to do lookups through its DNS to its own DNS server, and can therefore provide your own responses to DNS queries from the client. In turn, it allows the attacker to redirect network traffic through itself, allowing it to listen for connections between the client’s network servers and it comes into contact, or simply to replace the network servers with its own. Because the DHCP server has no secure mechanism to authenticate the client, clients can gain unauthorized access to IP addresses by presenting credentials, such as client identifiers, that belong to other DHCP clients. This also allows DHCP clients to deplete the DHCP server’s storage of IP addresses by presenting new credentials each time it asks for an address, the client can consume all available IP addresses on a particular network link, preventing other DHCP clients from obtaining services. DHCP provides some mechanisms to mitigate these problems.
The Relay Agent Information Protocol Extension Option (RFC 3046) allows network operators to connect tags to DHCP messages once these messages arrive on the network operator’s trusted network. This tag is then used as an authorization token to control client access to network resources. Because the client does not have access to the network upstream from the relay agent, the lack of authentication does not prevent the operator of the DHCP server from trusting the authorization token.
Another extension, Authentication for DHCP Messages (RFC 3118), provides a mechanism for authenticating DHCP messages. Unfortunately RFC 3118 did not see widespread adoption because of key management issues for a large number of DHCP clients.