DHCP

 

Operation

The clients attempts to renew the lease when the lease interval is 50% expired, and then try again when 87% is expired.

The port 67 is the destination port and 68 is the source port when sending data from client to server, the address is like: UDP 0.0.0.0:68 -> 255.255.255.255:67.

Recall four stages of DHCP assignment process:

1. DHCPDISCOVER

2. DHCPOFFER

3. DHCPREQUEST

4. DHCPACK

Two stages of Address Renewal

when the lease is 50% expired, client send a unicast packet to the DHCP server, requesting a rental lease.

1. DHCPREQUEST :  If the server does not respond, the client will try 3 more times, occurring at 4, 8 and 16 seconds after the first renewal request.

2.Three possibility:

a) DHCPACK : If the server responds and can honour the renew request, the server responds with a unicast to the client granting and acknowledging the renewal request.

b) DHCPNAK : if the server responds but can not honour the renewal, this can occur if the requested address has been deleted or deactivated from the scope or the address has been excluded. The server sends a DHCPNAK to the client, and the client unbinds the address and start the DHCP assignment process again.

c) The server doesn’t respond: if the server is offline, moved to another subnet, or can’t communicate, the following two steps occur:

① The client keeps its current address until 87.5% of the lease interval has expired. At that time, the client sends a broadcast DHCPREQUEST to request the renewal ( note!! not request new IP immediately) from any available server.

② There are two possible results from the DHCPREQUEST:

a. DHCP server responds, if server can  provide the requested address, DHCPACK is replied and address is renewed; if server can not supply with the current address, the client immediate unbind the address and starts the DHCP request with a DHCP discover broadcast packet.

b. No DHCP server responds, the client waits until the lease period is over, unbinds the IP address, and starts the sequence over with a DHCPDISCOVER broadcast packet. If no server responds, a windows client will binds an APIPA address to the interface and sends a DHCPDISCOVER every 5 minutes. If an alternate IP address configuration has been configured on the interface as a backup, it is used instead of APIPA address, and no further attempts are made to get a DHCP-assigned address until the interface is reset or computer restarts.

The process can be demonstrated in following picture:

 

dhcp_process
DHCP request process

 

dhcp_renew
DHCP-renew
DHCP server authorisation

Install DHCP on a stand-alone server in a domain network isn’t recommended. If you use stand-alone setup in a network that already has an authorised server, the stand-alone server can’t lease addresses.

To authorise a DHCP server, right-clicking the server name in the DHCP console and click Authorise. The authorisation requires Enterprise. administrator credentials.

Or you can use cmdlet to authorise: add-dhcpserverInDC 

DHCP scopes

A scope is a pool of IP address and other IP configuration parameters that DHCP server uses to lease addresses to DHCP clients.

  • scope name: description name
  • Start and end IP address: they define the address pool
  • Prefix length or subnet mask
  • lease duration: Specify how long a DHCP client can keep an address. Range from 1 minute to 999 days, 23 hours and 59 minutes. Default lease duration is 8 days. It can also be unlimited, but not recommended.

Create a scope with cmdlet:

add-dhcpServerV4Scope -Name "newscope" -StartRange 10.0.0.100 -EndRange 10.0.0.255 subnetmask 255.255.0.0
Exclusion ranges
Address can be excluded in two ways:
1. De facto exclusion: You can set the start and end IP addresses in the scope so that several addresses in the subnet fall outside the scope’s range. E.g. you have subnet 192.168.0.0/24, you set the start IP address to 192.168.0.11 and the end IP address to 192.168.0.254. So the address from 192.168.0.1-192.168.0.10 has been excluded.
2. Create a exclusion range: Static address assignments have been made. You can create this when you install the DHCP role or create one in the DHCP MMC.
Reservations
A reservation is an IP address associated with the MAC address of the DHCP client to ensure that the clients always request the same IP address.
DHCP options
Levels to assign the options:
Note that the later one override the previous level.
  • Server options
  • scope options
  • Policy options: Based on the client properties , such as the device type, MAC address, or OS. Options specified at the policy level can be overridden only by reservation options
  • Reservation options: Options set on a reservation take precedence over any conflicting options set at any other level.
Configure Superscopes and Multicast scopes
A Superscope is a special type of scope consisting of one or more member scopes that allows a DHCP server to service multiple IPv4 subnets on a single physical network. ( superscope aren’t supported in IPv6).
Super scope is useful if the number of computers on a physical network exceeds the original subnet’s size or when a second subnet has been added to a physical network for testing purpose.
Configure superscope:
1. create two or more scopes as ” member scope”.
2. Create the superscope and add the member scopes.
Superscopes don’t have any DHCP options of their own, you can’t create a IP address pool for superscope, all address pools and options are configured in member scopes.
If you deactivate a superscope, you deactivate all member scopes as well.
Powershell:
create a superscope:
add-dhcpServerv4SuperScope -SuperscopeName "NewSuperScope" -ScopeID 10.1.0.0,10.2.0.0
The IP addresses that follow the -ScopeID option are the subnet address of the two scopes you want to add to the superscope.
Note that the superscope may cause connectivity issue if not configured properly. If the client computer get an IP address which is in different subnet from it’s directly connected router or server, the client computer can’t communicate with other devices.
Multicast Scope

Multicast address can not be assigned as a host’s IP address; instead, a network service or application informs the IP protocol that it want to join a multicast group. By doing so, the network software listens for the specified multicast address in the destination field of packets and processes them.

Most multicast application use a reserved multicast address, so there is no need for dynamic multicast address allocation.

https://en.wikipedia.org/wiki/Multicast_address

However, if you are using an application that doesn’t use a reserved multicast adress, you need to use DHCP to assign multicast address temporarily on your network.

Multicast scope allows assigning multicast address dynamically to multicast servers and clients with the Multicast Address Dynamic Client Allocation Protocol(MADCAP). Typically, a multicast server(MCS) is allocated a multicast address, and multicast clients register or joint the multicast group, which allows them to receive multicast traffic from the MCS. Note that all devices using TCP/IP must be assigned a unicast IP adress before they can be assigned and begin using multicast addresses.

Two common ranges of multicast addresses:

  • Administrative scopes: An administrative scope is composed of multicast addresses intended to be used in a private network. This addresses is similar to the private unicast IP address range, the range most recommended for this purpose is 239.192.0.0/14.
    The range you specify when configuring the multicast scope must contain at least 256 addresses.
  • Global scopes: In a global scope, the multicast application is used across the public Internet and has the recommended range of 233.0.0.0/24. There is no minimum number of addresses in a global scope.

Configuration:

You can configure multicast scopes in DHCP console or Powershell cmdlets.

  • You don’t configure options for a multicast scope,
  • you can configure exclusions,
  • you must specify a lease time(default is 30 days).
  • Multicast scope doe not have subnet mask because multicast address is secondary addresses, but consists of start and end IP addresses.
  • TTL need to be configured.

DHCPv6

IPv6 autoconfiguration occurs by two methods: stateless and stateful.

  • Stateless autoconfiguration: with stateless autoconfiguration, the node listens for router advertisement messages from a local router. If the autonomous flag in the router advertisement message is set, the node uses the prefix information contained in the message. In this case, the node uses the advertised prefix and its 64-bit interface ID to generate the IPv6 address. If the autonomous flag isn’t set, the prefix information is ignored, and the node can attempt to use DHCPv6 for address configuration or an automatically generated link-local address.
  • Stateful autoconfiguration: With stateful autoconfiguration, the node uses an autoconfiguration protocol, such as DHCPv6, to get its IPv6 address and other configuration information. A node attempts to use DHCPv6 to get IPv6 address configuration information if there are no routers on the network providing router advertisements or if the Autonomous flag in router advertisements isn’t set.

 

References

DHCP lease process:   https://technet.microsoft.com/en-us/library/cc958935.aspx