200 likes | 367 Vues
บทที่ 14. Dynamic Host Configuration Protocol (DHCP). Dynamic Host Configuration Protocol. DHCP Messages. DHCP Message Exchanges. Summary. Dynamic Host Configuration Protocol.
E N D
บทที่14 Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol DHCP Messages DHCP Message Exchanges Summary
Dynamic Host Configuration Protocol DHCP is a simple client/server protocol that simplifies the management of host computer IP addresses and other configuration settings. This chapter describes the details of DHCP messages and common DHCP message exchanges.
DHCP Messages DHCP clients and DHCP servers communicate by exchanging DHCP messages. There are eight types of DHCP messages, all of which are sent as User Datagram Protocol (UDP) messages. DHCP clients in the process of obtaining an IP address configuration use broadcast DHCP messages, sent to the limited broadcast IP address 255.255.255.255. DHCP clients with an IP address and a valid lease use unicast DHCP messages. DHCP clients listen on UDP port 68. DHCP servers and DHCP relay agents listen on UDP port 67.
■ DHCPDISCOVER Sent by a DHCP client to locate a DHCP server. ■ DHCPOFFER Sent by a DHCP server to a DHCP client in response to the DHCPDISCOVER message, containing an offered IP address and other configuration settings. ■ DHCPREQUEST Sent by the DHCP client to DHCP servers to request an offered IP address and other configuration settings from a specified DHCP server while implicitly declining offers from other servers, or to confirm the validity of previously allocated addresses (for example, after a restart or to extend an existing DHCP lease). ■ DHCPACK Sent by a DHCP server to a DHCP client in response to a DHCPREQUEST message to confirm an IP address and provide the client with those configuration parameters that the client has requested and the server has been configured to provide. DHCP Messages The eight DHCP message types are the following
■ DHCPNAK Sent by a DHCP server to a DHCP client denying the client’s DHCPREQUEST. This might occur if the requested address is incorrect because the client has moved to a new subnet or because the DHCP client’s lease has expired and cannot be renewed. ■ DHCPDECLINE Sent by a DHCP client to a DHCP server, informing the server that the offered IP address is unusable because it is in use by another computer. ■ DHCPRELEASE Sent by a DHCP client to a DHCP server, relinquishing an IP address and canceling the remaining lease. ■ DHCPINFORM Sent from a DHCP client to a DHCP server, requesting additional configuration settings; the client already has a configured IP address. This message type is also used for rogue DHCP server detection in Windows Server 2008. DHCP Messages
DHCP Messages DHCP Message Format
DHCP Messages DHCP Message Format ■ Message Op Code (Op) ■ Hardware Address Type (Htype) ■ Hardware Address Length (Hlen) ■ Hops ■ Transaction ID (Xid) ■ Seconds (Secs) ■ Flags ■ Client IP Address (Ciaddr) ■ Your IP Address (Yiaddr) ■ Server IP Address (Siaddr) ■ Gateway IP Address (Giaddr) ■ Client Hardware Address (Chaddr) ■ Server Host Name (Sname) ■ Boot File Name (File) ■ Options
DHCP Messages DHCP Options ■ Option Type A 1-byte field that indicates the type of DHCP option. For a complete list ■ Option Length A 1-byte field that indicates the number of bytes in the DHCP option past the Option Length field. ■ Option Data A variable-length field that contains the data for the DHCP option.
DHCP Message Exchanges This section describes the typical DHCP message exchanges for obtaining and renewing a DHCP-leased IP address configuration and for detecting unauthorized DHCP servers.
DHCP Message Exchanges Obtaining an Initial Lease shows the exchange of DHCP messages when a DHCP client and DHCP server are on the same subnet and a DHCP client acquires an initial lease.
DHCP Message Exchanges Obtaining an Initial Lease When the DHCP client and DHCP server are separated by a DHCP relay agent, the DHCP relay agent receives the broadcast DHCPDISCOVER and DHCPREQUEST messages, increments the Hops field, records the IP address assigned to the interface on the DHCP relay agent that received the messages in the Gateway IP Address field, and then forwards them as unicasttraffic to its configured DHCP servers. The DHCP servers respond with DHCPOFFER and DHCPACK messages to the unicast addresses of the DHCP relay agent. The DHCP relay agent then either unicasts (if they support the Broadcast flag and the corresponding request message has the Broadcast flag set to 0) or broadcasts these messages to the DHCP client.
DHCP Message Exchanges Renewing a Lease Because a typical IP address configuration lease has a finite lifetime, the client must renew the lease. A lease renewal when the DHCP client remains on the subnet involves just two DHCP messages DHCPREQUEST and DHCPACK. If the lease renewal is made while the DHCP client is continuously on the subnet, the DHCP client and the DHCP server communicate using unicast DHCPREQUEST and DHCPACK messages. If the lease renewal is made when the DHCP client restarts on the same subnet and that IP address is available for renewal, the DHCP client and the DHCP server communicate using broadcast DHCPREQUEST and DHCPACK messages.
DHCP Message Exchanges Changing Subnets DHCP message exchange when a DHCP client moves to a different subnet
DHCP Message Exchanges Changing Subnets If the DHCP client requests a lease through a DHCPREQUEST message that the DHCP server cannot fulfill, the DHCP server sends a DHCPNAK message to the client. This message informs the client that the requested IP address lease will not be renewed. The client then acquires a new lease using the startup DHCP message exchange previously described. A good example is when a DHCP client shuts down without releasing its address and starts up on a different subnet or when an IEEE 802.11 wireless client roams to a wireless access point that is connected to a different subnet.
DHCP Message Exchanges Detecting Unauthorized DHCP Servers If the DHCP server is a standalone server, it relies on an exchange of DHCPINFORM and DHCPACK messages for rogue server detection
DHCP Message Exchanges Detecting Unauthorized DHCP Servers Rogue server detection begins with the initializing DHCP server sending DHCPINFORM messages to determine whether there are other authorized DHCP servers on any attached subnet. Authorized servers respond with a DHCPACK message that contains the name of the domain in which they have been authorized. If authorized DHCP servers are found, the standalone DHCP server sends Lightweight Directory Access Protocol (LDAP) queries to an Active Directory domain controller to verify whether or not the found servers are authorized. If any of the found servers are authorized, the DHCP Server service shuts down.
DHCP Message Exchanges Updating DNS Entries When a DHCP lease is allocated to an IP host, the host name and IP address mapping should be added to DNS. Traditionally, this was a manual task that involved creating the DNS forward and reverse lookup entries. Windows Server 2008 and Windows Vista support DNS dynamic update. This protocol allows computers running Windows Server 2008 or Windows Vista to automatically update DNS entries for forward and reverse lookups on the DNS server.
Summary DHCP has a common message format for all DHCP messages consisting of a fixed DHCP header and a variable portion that contains DHCP options. A DHCP relay agent modifies and forwards DHCP messages between DHCP clients and DHCP servers when they are not located on the same subnet. Common DHCP message exchanges allow a DHCP client to initially obtain a leased IP address configuration, renew it, and automatically obtain a new IP address configuration if it cannot renew the address previously leased. The Windows Server 2008 DHCP Server service on a standalone computer supports an additional message exchange to detect if it is in an Active Directory environment.
จัดทำโดย นาย ศิริชัย แก่นไชย รหัสประจำตัว 115130462024-8 51346CPE