Windows 2000 DHCP
Dynamic host configuration protocol is used to automatically assign TCP/IP addresses to clients along with the correct subnet mask, default gateway, and DNS server. Two ways for a computer to get its IP address:
• Using DHCP from a DHCP server.
• Manual configuration.
DHCP Scopes
• Scope - A range of IP addresses that the DHCP server can assign to clients that are on one subnet.
• Superscope - A range of IP addresses that span several subnets. The DHCP server can assign these addresses to clients that are on several subnets.
• Multicast scope - A range of class D addresses from 224.0.0.0 to 239.255.255.255 that can be assigned to computers when they ask for them. A multicast group is assigned to one IP address. Multicasting can be used to send messages to a group of computers at the same time with only one copy of the message. The Multicast Address Dynamic Client Allocation Protocol (MADCAP) is used to request a multicast address from a DHCP server.
One way to create a superscope is to set up a range of addresses that span more than one subnet. Another way is to create several scopes and merge them using the "New Superscope" wizard by selecting "Action" and "New Superscope"
There are global and scope options. Global options apply to all client computers. Scope options apply to specific subnets or range of IP addresses. DHCP RFCs are 1533, 1534, 1541, and 1542.
Beyond the address assignments DCHP can assign other options which can be applied globally or to various scopes. Some options and address configuration includes:
• IP address
• Netmask
• Default Gateway address
• Primary and secondary DNS server addresse(s)
• NetBIOS Name server (NBNS) address(es).
• Lease period in hours
• IP address of DHCP server.
• WINS server address
• WINS node type
• Vendor equipment options
• Class of user options - The client will provide a class ID.
Windows 2000 Client Option Levels
When options are in conflict, more specific options override less specific options.
• Client level - Includes one client.
• Class level - Includes clients in one class.
• Scope level - Includes one scope.
• Server level - Includes all DHCP server scopes and clients of the server.
Windows 2000 Multicast Scope
The DHCP console allows multicast scopes to be set up similar to normal scopes. This scope assignes a secondary IP address to a client for receiving multicasts in a multicast group. The address range for this scope is 224.0.0.0 through 239.255.255.255. Multicast Address Dynamic client Access Protocol (MADCAP) is used to assign dynamic multicast addresses to clients in multicast groups. DHCP can assign MADCAP options but MADCAP servers cannot assign DHCP options.
DHCP Lease Process
DHCP leases are used to reduce DHCP network traffic by giving clients specific addresses for set periods of time. The DHCP process stages can be remembered using the ROSA acronym:
1. Request - A broadcast is sent by the client with the client MAC address. This is a DHCP discover message with source IP address of 0.0.0.0 and destination address of 255.255.255.255. The client tries to get its last address. If it is not available, the DHCP server will send a NACK signal. The client state is initialization during the request stage.
2. Offer - A DHCP offer message is sent from the DHCP server with some or all the optional information as listed above. Information sent includes the IP address of the DHCP server that sent the accepted offer. All offered IP addresses are marked unavailable by the DHCP server when the DHCP server offers them until they are rejected. The client is in the selecting state during this offer stage.
3. Selection (or acceptance) - The first offer received by the client is accepted. The client broadcasts its selected choice using a DHCP request message which includes the IP address of the DNS server that sent the accepted offer. The client is in the requesting state during this selection stage.
4. Acknowledgement - The server acknowledges with a DHCP acknowledge indicating the client can use the address or it will send a DHCP Nak instructing the client that the address became unavailable. Other DHCP servers retract their offers and mark the offered address as available and the accepted address as unavailable. Any offered IP addresses not selected are freed to be used again. The client state is the binding state during this acknowledgement stage.
When the client sends the lease request, it then waits one second for an offer. If a response is not received, the request is repeated at 9, 13, and 16 second intervals with additional 0 to 1000 milliseconds of randomness. The attempt is repeated every 5 minutes thereafter. The client uses port 67 and the server uses port 68.
Client systems that are Windows 98 or later attempt to tell if another client is already using the address received from the DHCP server by pinging the address. The DHCP server can be configured to pretest addresses by pinging them, but this will increase overhead and slow server response time.
DHCP Lease Renewal
After 50% of the lease time has passed, the client will attempt to renew the lease with the original DHCP server that it obtained the lease from using a DHCPREQUEST message. Any time the client boots and the lease is 50% or more passed, the client will attempt to renew the lease. At 87.5% (7/8ths) of the lease completion, the client will attempt to contact any DHCP server for a new lease. If the lease expires, the client will send a request as in the initial boot when the client had no IP address. If this fails, the client TCP/IP stack will cease functioning.
Additional messages include a DHCP decline message which is sent by the client if it decides the information from the server is not appropriate. A DHCP release message is used by the client to indicate to the server that the IP address is now released and available for use by other clients. The client is in the renewing state when the lease is half expired.
DHCP Scope and Subnets
One DHCP scope is required for each subnet.
DHCP Relay Agents
May be placed in two places:
• Routers
• Subnets that don't have a DHCP server to forward DHCP requests.
Client Reservation
Client Reservation is used to be sure a computer gets the same IP address all the time. Therefore since DHCP IP address assignments use MAC addresses to control assignments, the following are required for client reservation:
• MAC (hardware) address
• IP address
Exclusion Range
Exclusion range is used to reserve a bank of IP addresses so computers with static IP addresses, such as servers may use the assigned addresses in this range. These addresses are not assigned by the DHCP server.
DHCP and WINS
To use WINS the DHCP server must specify:
• WINS server IP address.
• NetBIOS resolution mode (B, P, N, or H - node).
DHCP backup interval
Configured in the registry at:
\hkey\local_machine\system\currentcontrolset\services\dhcp\server\parameters
DHCP files are stored in "SystemRoot\System32\Dhcp".
DHCP Server Installation and Configuration
Installation:
1. TCP/IP services must be installed on the computer first.
2. Select "Start", "Settings", and "Control Panel", then double click the "Add/Remove Programs" applet.
3. Click "Add/Remove Windows Components", highlight "Networking Services", and click "Details".
4. Select the "Dynamic Host Configuration Protocol" checkbox and click OK.
5. Continue and complete the installation.
6. If Active Directory is used on the domain, any Windows 2000 DHCP servers must be authorized in Active Directory. Servers from other operating systems do not need to be authorized. How to authorize:
1. Run the administrative tool, "DHCP" and highlight the DHCP server.
2. Select "Action" and "Authorize".
3. Wait, and after several minutes select "Action" and "Refresh".
DHCP Administrative Tool
Menu selections:
• Action
o Authorize - Used to get a DHCP server authorized in Active Directory.
o New Multicast Scope - Usec to create multicast scopes.
o New Reservation - Used to configure DHCP address reservation for address that are assigned by the DHCP server to specific network cards. You'll need the card MAC address to use this function.
o New Scope - Used to add a scope (range of addresses for assignment) to the DNS server.
o New Superscope - Start the New Superscope wizard.
o Properties
o Refresh
Other Options can be set using "Server Options" or "Scope Options" in the DHCP Administrative Tool. Server option settings apply to all scopes on the DHCP server unless they conflict with scope options. Scope options override server options settings since they are on a sublevel to the entire server. The Scope Options dialog box tabs include:
• General
• Advanced
The DHCP server should be configured to know the address of the WINS/NBNS server for clients that will use WINS. Also the NODE type for WINS should be set. This specifies method used to resolve IP addresses from computer names. These are:
• b-node - Broadcast node.
• p-node - Point-to-point node queries an NBNS name server to resolve addresses.
• m-node - First uses broadcasts, then falls back to querying an NBNS name server.
• h-node - The system first attempts to query an NBNS name server, then falls back to broadcasts if the name server fails. As a last resort, it will look for the lmhosts file locally.
The DHCP server tool can be used to view information about the DHCP server including:
• The allocated scopes and IP addresses and the amount being used.
• Specific address lease information including when the lease for that address expires.
• The names of hosts which have specific IP addresses assigned to them.
The "System Monitor" administrative tool can also be used to monitor the performance of the DHCP server.
Starting DHCP
DHCP is available for NT 3.5 and later Servers. Only one scope (range of IP addresses) can be configured for one DHCP server.
1. Install DHCP. DHCP service is installed from the control panel network applet services tab. Select add, and "Microsoft DHCP Server". Restart the computer
2. Configure DHCP - The DHCP Manager is used to configure DHCP which can be run from any networked NT computer. The DHCP manager is accessed using Administrative Tools. The following items are set for each scope (local subnet):
o Start Address
o End Address
o Subnet Mask
o Exclusion Range start and end addresses.
o Lease duration in days, hours, minutes or unlimited.
o Name - The scope name
o Comment
Global options include (These options may be set within each scope as necessary):
o Domain name
o DNS server
o WINS server (WINS/NBNS)
o WINS/NBT node type
o Router (Default gateway)
3. DHCP can be started by entering "NET START DHCPSERVER" on the command line on Windows 2000 server systems.
Option levels:
• Global - Options for all scopes and clients served by the DHCP server. Overridden if specified otherwise in scope or client options.
• Scope - Options for specific subnets or ranges of addresses.
• Client - Options for specific clients.
The specific client options have greater priority than scope options and scope options have priority over global options. Options may be set to allow various global options to be set as defaults for undeclared options in the scope or client options (Each subnet may have its own WINS server). Global and scope options may be reached from the DHCP options menu. Some of these options are:
• 002 Time Offset
• 003 Router - For setting default gateway
• 004 Time Server
• 005 Name Servers
• 006 DNS Servers
• 007 Log Servers
• 044 WINS/NBNS Servers - Used if the client is not manually configured for the WINS server.
• 046 WINS/NBT Type - NetBIOS name configuration designation of B,P, M, or H node.
• 047 NetBIOS Scope ID - Set so NBT hosts communicate only with other similarly configured hosts.
• cookie Servers
• LPR Servers
• Impress Servers
There can be several DCHP servers on a network. More than one may be configured to back up the other in case of failure.
Because of how leases are assigned and accepted, operation with multiple DHCP servers is not a problem as long as the DCHP servers are configured correctly. The DCHP servers must be configured so the scope of available IP addresses are not the same on any redundant DHCP server. DHCP servers do not communicate with each other.
DHCP Database Options
• Backup - Includes scopes and all options. The database is automatically backed up to:
\WINNTROOT\System32\Dhcp\Backup\Jet
The backup interval is stored in the registry at:
HKey_Local_Machine\System\CurrentControlSet\Services\DhcpServer\Parameters\BackupInterval
A duplicate registry key is in the \WINNTROOT\System32\Dhcp\Backup\dhcpcfg file
• Restore - The backup is loaded if the DHCP database is determined to be corrupt by the system at initialization. A backup can be forced by copying the backup directory contents into the DHCP directory.
• Compact - The database is normally compacted, but for NT3.51 or earlier, the JETPACK.EXE utility can be used to compact the database to improve performance. If the size is 30MB, it should be compacted. This utility is run from the \WINNTROOT\System32\Dhcp directory. The DHCP service should be stopped before running this utility.
Database files:
• DCHP.MDB - The main database
• DHCP.TMP - Temporary DHCP storage.
• JET*.LOG - Transaction logs used to recover data.
• SYSTEM.MDB - USed to track the structure of the DHCP database.
DHCP terms
• Default gateway - The gateway that clients on the subnet can or must use to access other subnets or networks.
• Domain name - The DNS name (Internet name) of your internet domain.
• Lease - The time the client may use the assigned DHCP address. Normally this is a period of time in which if the client does not use the address, it is made available to the address pool for another client to use.
• Scope - A range of IP addresses in a subnet.
• Global options - IP configuration settings that apply to the entire network (all scopes the DCHP server manages).
• Scope options - IP configuration settings for a particular subnet including the IP address of the router (default gateway) and the available IP range to be used by the DHCP server for this particular subnet.
DHCP Client Configuration
If changing from static IP mapping to DHCP mapping, a reboot is not required. If changing from DHCP mapping to static IP mapping a reboot is required for the IP address to be effective.
Tools
IPConfig options:
• /all - Shows much configuration information from local hostname, IP address, subnet mask to DHCP server and WINS server address and lease dates. It will display an IP address of 0.0.0.0 and DHVP address of 255.255.255.255 if the DHCP attempt was unsuccessful.
• /renew
• /release
IPConfig is used with Windows NT and 2000 systems. Winipcfg is used with windows 9x systems.
Windows 2000 DHCP Installation and Configuration Issues
The first Windows 2000 DCHP server must be a domain controller. DHCP services must be on a member server or domain controller. Rogue (additional non domain controller) DHCP servers must be authorized in Active Directory. The DHCP Inform message is used to detect rogue DHCP servers.
When upgrading a DHCP server from Windows NT to Windows 2000, it is converted to the Windows 2000 format. This stops the DHCP service until done and may use much disk room. The DHCP database cannot be converted back to the NT format.
When DHCP is installed, the DHCP MMC snap-in is installed. This can be accessed from administrative tools. and is called "DHCP command".
Windows 2000 clustering services allow redundant DHCP servers to provide DHCP fault tolerance with one acting as primary and the other acting as a backup.
Windows 2000 DHCP can update DNS A and PRT records dynamically. This can be done is Windows 2000 from the DHCP Manager in administrative tools, by right clicking on the DHCP server or scope and selecting "Properties". There are three tabs:
• General
• DNS - Can check a checkbot to "Automatically update DHCP client information in DNS". One of "Update DNS only if DHCP client requests" or "Always update DNS". Other checkbox options are "Discard forward (name to address) lookups when lease expires", and "Enable updates for DNS clients that do not support dynamic update".
• Advanced
Helpful DHCP System Monitor Counters
• Declines per second - Indocates a conflict of Ip addresses if this is high.
• Packets received per second - Indicates how busy the server is with the network.
• Requests per second - If this number is high, the lease time may be too short.
APIPA
Windows 98 and later systems support Automatic Private IP Addressing (APIPA) for small networks addressed with the network address 169.254.0.0. If more than 25 clients, DHCP should be used. If a APIPA server detects a DHCP server, it will discontinue services.
BOOTP
BOOTP or the bootstrap protocol can be used to boot diskless clients. An image file is sent from the boot server. The image file contains the image of the operating system the client will run. DHCP servers can be configured to support BOOTP or the BOOTP server may be a separate server. CommonBOOTP options include:
• Subnet mask (1)
• Router (3)
• Name Server (5)
• Computer Name (12)
• Domain name (15)
• WINS server (44)
• NetBIOS node type (46)
• Additional options (55)
• SMTP server (69)
• POP server (70)
• Boot image server, type and path
No comments:
Post a Comment