DHCP, Part 1
This series kicks off with the first of a two part look at DHCP, one of the least well understood services available for Windows NT. The Dynamic Host Configuration Protocol (DHCP) was designed to allow any computer to be configured properly as a network machine by simply plugging the computer into a network and powering it up. When the computer boots, it searches the network for a DHCP server and negotiates an IP address for itself, then downloads other network information such as gateway and DNS IP addresses. If the computer is moved to another network that has a DHCP server on it, the same process is conducted. The goal is to remove the task of configuring the network parameters manually, and allow them to be loaded automatically whenever the computer boots. At least, that’s what is supposed to happen.
DHCP grew out of the Boot Protocol (BOOTP) which allows a booting computer to broadcast a message that asks for an IP address and the name of a file to load to complete the boot process (bootstrapping). BOOTP has been around for many years and is a very simple protocol, essentially relying on the booting machine to broadcast a “I’m here! Tell me what to do!” message and hoping a server catches the message and replies with the boot program and an IP address. This is called a request-response protocol.
When a BOOTP server receives the booting machine’s request, the server examines its configuration files to determine what type of boot process the machine should go through, and which files are to be loaded. This information, along with the IP address that has been assigned to the booting machine, is sent back to the machine (even though the machine doesn’t yet know its own IP address). After receiving the message, the machine can continue to load the bootstrapping program from the server or some other device, and configure itself properly with the IP address supplied by the BOOTP server.
BOOTP is a simple protocol in that it doesn’t handle much more than an IP address and a bootstrap filename. The IP addresses handled by BOOTP are usually static: the booting machine will get the same IP address every time, although the booting machine doesn’t remember it. Second, when a number of machines on a network try to boot at the same time, the network becomes flooded with BOOTP messages, sometimes leading to network gridlock. BOOTP can work across subnets, but requires a relay device that knows where the BOOTP server is.
DHCP is an extension of BOOTP. When a machine using DHCP boots, it first uses BOOTP to send the initial request message to any listening server. The booting machine gets back its IP address and bootstrap filename from the DHCP server as a BOOTP response message. Where BOOTP and DHCP differ is in a couple of areas. First, DHCP doesn’t use static IP addresses for a booting machine. The machine’s IP address can change with each boot operation. Second, DHCP sends additional network configuration information as part of the request-response exchange such as gateway and DNS IP addresses.
DHCP uses a request-response mechanism similar to BOOTP but with a bit of a difference. A booting machine broadcasts a Discover message, essentially asking DHCP servers to respond (the booting machine doesn’t have to know an IP address for a DHCP server, it just sends a network-wide broadcast asking for a reply). Any DHCP servers that receive the Discover message send back an Offer message, essentially offering to provide boot and configuration information to the booting machine. On many networks there can be several DHCP servers that all reply to the Discover message with their own Offer messages. The booting machine selects one of the incoming Offer messages and then sends a Request message back to that server. The server sends an Ack acknowledgement message, and the two can then go about transferring the information needed. Once the arrangement between the booting machine (the client) and the DHCP server is to be terminated, the client sends a Release message to the DHCP server that tells the server the allocated IP address is no longer needed.
The design principles behind DHCP were ambitious at the time, especially considering how limited and limiting BOOTP was. The designers wanted to accomplish several important effects with DHCP, including:
|ability to use multiple servers for redundancy||a single server to handle many subnets||manual network configuration for clients as much as possible||static and dynamic IP address allocations||client information on a server with full data integrity||all IP addresses are unique|
One of the tasks a DHCP server must be capable of handling is remembering which IP addresses have been assigned and which are available. When an IP address is assigned to a client, the client keeps that IP address until such time as it disconnects from the network (usually after powering down). The process of associating an IP address with a particular, active client is called binding. The term is more usually seen, especially with Windows NT, as a “lease”, based on the presumption that the server leases an IP address to the client as long as it is active or until the lease time expires (which may be less than the client’s up-time).
To keep track of leases, DHCP servers employ two timers. The first is called a renewing time (abbreviated as T1) which is used to determine when a lease should be checked for possible extension. Another time, called the rebinding timer (abbreviated to T2) determines when the binding of the IP address to the client must be renewed. The T1 timer is always shorter than the T2 timer, and usually T1 is set to half of T2. When the T1 timer expires, the client attempts to get a renewal of the lease and continues trying until it is successful or the T2 timer expires. When T2 expires, the client must get a new lease (rebind the address) or the IP address lease expires and the client has no allocated IP address.
Windows NT Server provides a DHCP server application and a management tool called DHCP Manager (the file is dhcpadmnh.exe). Only Windows NT Server can act as a DHCP server; the Workstation version of Windows NT can act as a client only unless you install a third-party DHCP server package. Windows 95 and Windows 98 machines can act as clients for a DHCP server.
By default, the DHCP server is not loaded with Windows NT Server’s default installation routine. It must be manually added through the Network applet. The steps to follow are:
Because DHCP Server is a service, it will be automatically started when the Windows NT system boots. You can alter this behavior by using the Services applet in the Control Panel. Disabling or forcing a manual start for the DHCP Server service may cause problems if clients are trying to boot from the server, so unless you have alternate DHCP servers or are not using DHCP clients, leave the service active all the time.
You should load Service Pack 2 or higher if you plan to use Windows NT DHCP Server Service. Service Pack 2 added several features to the DHCP Server system that should be on each installation.
Ideally, when you set up a DHCP server you will have allocated a chunk of IP addresses that are to be used by DHCP. Such advanced planning, while a wonderful idea, is seldom possible, so you may end up with several chunks of IP addresses that can be used by DHCP. The actual addresses used by DHCP don’t matter: there is no advantage to any one range over another. Many administrators find it convenient to allocate a contiguous block of addresses, then making sure no other devices use any address in that range.
How many IP addresses should be made available to DHCP? The answer tends to vary according to usage. If the primary use for DHCP is to allow users to bring laptops into the office and connect with a dynamic IP address then it is not necessary to provide for an IP address for each user as it is unlikely they will all be connected at once. A good estimate for most occasional connection users is to allocate a tenth of the potential IP addresses. For example, if you have fifty people who occasionally will bring their machines into the office, allocating five IP addresses to DHCP will often suffice. Of course, you will have to tune this number as you see user behaviors. For larger networks where DHCP is used for all clients connected to the network, you may need to rely on a one-to-one mapping of clients to available IP addresses. If a client attempts to connect to a DHCP server and there are no available IP addresses, the connection will be refused.
Windows NT DHCP server allows both static and dynamic IP address allocation. The Windows NT implementation of DHCP adds a new term to the DHCP lingo. The “scope” of the server is the range of IP addresses that are available for that server to assign. The scope is always a contiguous range inside a single subnet. The scope selection window does allow you to exclude parts of a larger included range. For example, you could allocate 220.127.116.11 through 18.104.22.168 as the available scope (100 clients in the range .100 to .199) but exclude a part of this range such as 22.214.171.124 to 126.96.36.1999, dropping the available IP addresses to 90. There can be several excluded ranges inside a single large range. Each scope in the available range of IP addresses is assigned a name. Several ranges can be assigned as available for a single DHCP server, too.
For those running Service Pack 2 or higher, another term has been added. A superscope is a collection of scopes, all assembled into a single named entity allowing the entire superscope to be handled as a single unit for grouping and administration purposes. For example, you could have the scope 188.8.131.52 through 184.108.40.206 and the scope 220.127.116.11 through 18.104.22.168 (both ranges of which may have multiple exclusions within them) named as scope1 and scope2 individually, assembled into a larger superscope called bigscope.
The advantages of scopes and superscopes is that a range of different configuration parameters can be assigned to either, so that when a client receives an IP address it also gets the other network configuration information assigned to the scope or superscope. For example, in the two scopes mentioned in the previous paragraphs, different gateway IP addresses and DNS server IP addresses may be used for each individual scope. By combining scopes and superscopes properly, an administrator can provide much better network load balancing for clients.
To handle static IP allocations, Windows NT uses the term reservations. A client which always is to receive the identical IP address when it requests an address from the server has a reservation for the address, and the address will not be allocated to any other client.
You can create and manage scopes and superscopes through the DHCP Manager window. To create a scope, use the Scope->Create menu item which displays the Create Scope window. The top portion of the Create Scope window is where you enter the range of IP addresses that will define the scope. Provide the beginning and ending IP addresses and all IP addresses between the two values inclusively will be in the scope. The subnet addresses must be the same for the scope to be properly defined.
If you want to exclude one or more ranges from the scope, enter the starting and ending IP addresses into the Exclusion Range box and click the Add button. The excluded range will appear in the window to the right. Any number of exclusion ranges can be added, as long as they are in the scope. You can add a single IP address to be excluded in the same way. Exclusion ranges and added and removed to the list displayed in the right-hand window by using the Add and remove buttons, as you would expect.
The bottom portion of the Create Scope window allows you to name the scope and add a comment. The name can then be used to manipulate the group within the DHCP Manager instead of having to work with the bare IP addresses. After defining all the scopes you need within the Create Scope window, you can return to the DHCP Manager.
Before the scope you have created becomes available for use, it must be activated. This is done by highlighting the scope in the DHCP Manager window, then using the Scope->Activate menu item. When a scope is activated, a lightbulb next to the scope name lights up yellow. When a scope is inactive, the lightbulb is a dull white-gray color.
Managing static IP address assignments (reservations) by using the Scope-Add Reservation menu item in the DHCP Manager window. This window lets you enter an IP address or a MAC address, as well as a host name. You can also provide a comment if you wish. You can add as many reservations to the DHCP Manager as you wish.
A frequent question by DHCP administrators is whether the create multiple smaller scopes jumping around excluded addresses, or to create a larger scope with the exclusions listed. Suppose for example you have the IP addresses 22.214.171.124 through 126.96.36.199 available for DHCP with the exclusion of two ranges, 188.8.131.52 to 184.108.40.206 and 220.127.116.11 through 18.104.22.168. You could create three separate scopes in the DHCP Manager window, all bracketing the two exclusion zones, or you could create a larger single scope with two exclusion ranges marked. In theory both approaches will work the same, but in practice it is often easier to define a single larger scope. There is less overhead involved by the DHCP Manager in handling the single larger scope than the three smaller scopes, although the effect is very small in a simple example like this. Also, there is less management activity required to work with the single larger scope than three smaller scopes. This is especially true if you end up with many small windows of available IP addresses, each only a few addresses long, with lots of exclusions between them.
To examine all the IP addresses that are currently used by clients, use the Scope-Active Leases menu item to display the Active Leases window. This will show a list of the client IP address. The machine name, and the type of lease that has been assigned. The small box at the bottom left of the window lets you sort the display either by IP address or by host name. You can also restrict the display to reservations (static IP addresses that are in use) by selecting the checkbox in the lower right corner.
The Windows NT DHCP Manager window lets you specify some options and parameters for each client on the system. These are assigned to scopes using the Options menu item. The DHCP Options: Global window shows a list of all the parameters that can be selected in the left hand window, and the list of the selected options in the right hand window. To examine a particular option, highlight it in the list and select the Value button. Global options apply to all scopes and superscopes that are defined in the DHCP Manager.
In general, it is unlikely you will have to alter any of the options available for a typical network. However, there are times when you will need to tweak the behavior of the system, and the Global options list allows you to do this.