Why to use DHCP

How DHCP Works

DHCP is useful for automatic configuration of client network interfaces. When configuring the client system, you can choose DHCP instead of specifying an IP address, netmask, gateway, or DNS servers. The client retrieves this information from the DHCP server. DHCP is also useful if you want to change the IP addresses of a large number of systems,. Instead of reconfiguring all the systems, you can just edit one configuration file on the server for the new set of IP addresses. If the DNS servers for an organization changes, the changes happen on the DHCP server, not on the DHCP clients. When you restart the network or reboot the clients, the changes go into effect.

Topic

  • Complete information about a DHCP server
  • How DHCP works?
  • How to use a Linux DHCP server?
  • Step to configure Linux DHCP server


Solution


Linux/Windows DHCP Entities

  • DHCP server: It automatically provides network information(IPaddress, subnet mask, gateway address) on lease. Once the duration is expired, that network information can be assigned to other machine. It also maintains the data storage which stores the available IP addresses.
  • DHCP client: Any node which request an IP address allocation to a network is considered as DHCP client.
  • DHCP Relay Agent: In case, we have only one DHCP server for multiple LAN’s then this Agent which presents in every network forwards the DHCP request to DHCP server. So, using DHCP Relay Agent we can configure multiple LAN’s with single DHCP server.

How DHCP works

1) DHCPDISCOVER: Host connecting to network (cable or wireless) sends DHCP discover message to all hosts in Layer 2 segment (destination address is FF:FF:FF:FF:FF:FF). Frame with this DISCOVER message hits the DHCP Server.

2) DHCPOFFER: After the DHCP Server receives discover message it suggests the IP addressing offering to the client host by unicast. This OFFER message contains:
  • proposed IP address for client (here 192.168.1.10)
  • subnet mask to identify the subnet space (here 255.255.255.0)
  • IP of default gateway for subnet (here 192.168.1.1)
  • IP of DNS server for name translations (here 8.8.8.8)

3) DHCPREQUEST: The requested host on receiving the offer message, it again broadcasts the DHCPREQUEST message on the network with the address of the server whose offer message is accepted by the host.

4) DHCPACK : If the address is assigned , it marks the IP address in the storage as unavailable to ensure consistency. Now, the server sends DHCPACK packet to the requested host which contains network information(IP address, subnet mask, gateway address). In case, if the address is assigned to other machine meanwhile, then the server sends the packet DHCPNAK to the requested host indicating that the IP address is assigned to some other machine.

5) DHCPRELEASE : And finally, If the host wants to move to other network or if it has finished its work, it sends the DHCPRELEASE packet to the server indicating that it wants to disconnect. Then the server marks the IP address as available in the storage so that it can be assigned to other machine. Execute the following command to release a dhcp IP address on RHEL or Centos system.
# dhclient -r -v eth0 && rm -rf /var/lib/dhcp/dhclient.* ; dhclient -v eth0


Sample DHCP Logs

Following are the details of all DHCP events and logs are normally found in /var/log/messages file and in the network packet capture with tcpdump or wireshark

DHCP DISCOVER Logs
Jan 14 11:53:51 dhcp-srv dhcpd: DHCPDISCOVER from 08:00:27:91:7c:fe via eth0
Jan 14 11:53:52 dhcp-srv dhcpd: DHCPOFFER on 192.168.5.201 to 08:00:27:91:7c:fe via eth0
Jan 14 11:53:52 dhcp-srv dhcpd: DHCPREQUEST for 192.168.5.201 (192.168.5.25) from 08:00:27:91:7c:fe via eth0
Jan 14 11:53:52 dhcp-srv dhcpd: DHCPACK on 192.168.5.201 to 08:00:27:91:7c:fe via eth0

Using the following tcpdump command we can view DHCP traffic in network layer

# tcpdump -i eth0 -nnnvvv -s 1500 ‘((port 67 or port 68))’
12:18:12.129036 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:00:27:91:7c:fe, length 300, xid 0x1b44eb75, Flags [none] (0x0000)
Client-Ethernet-Address 08:00:27:91:7c:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover <================
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
END Option 255, length 0
PAD Option 0, length 0, occurs 41

DHCP OFFER LOGS
Jan 14 11:53:51 dhcp-srv dhcpd: DHCPDISCOVER from 08:00:27:91:7c:fe via eth0
Jan 14 11:53:52 dhcp-srv dhcpd: DHCPOFFER on 192.168.5.201 to 08:00:27:91:7c:fe via eth0
Jan 14 11:53:52 dhcp-srv dhcpd: DHCPREQUEST for 192.168.5.201 (192.168.5.25) from 08:00:27:91:7c:fe via eth0
Jan 14 11:53:52 dhcp-srv dhcpd: DHCPACK on 192.168.5.201 to 08:00:27:91:7c:fe via eth0

# tcpdump -i eth0 -nnnvvv -s 1500 ‘((port 67 or port 68))’
12:18:12.129327 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 330)
192.168.5.25.67 > 192.168.5.201.68: [udp sum ok] BOOTP/DHCP, Reply, length 302, xid 0x1b44eb75, Flags [none] (0x0000)
Your-IP 192.168.5.201
Client-Ethernet-Address 08:00:27:91:7c:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer <================
Server-ID Option 54, length 4: 192.168.5.25
Lease-Time Option 51, length 4: 300
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 192.168.5.255
Domain-Name Option 15, length 8: “rh.local”
Domain-Name-Server Option 6, length 4: 192.168.5.25
T119 Option 119, length 10: 626,26629,27759,25441,27648
Default-Gateway Option 3, length 4: 192.168.5.1
END Option 255, length 0

DHCP REQUEST and DHCP ACK LOGS
# tcpdump -i eth0 -nnnvvv -s 1500 ‘((port 67 or port 68))’
12:18:12.131748 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:00:27:91:7c:fe, length 300, xid 0x1b44eb75, Flags [none] (0x0000)
Client-Ethernet-Address 08:00:27:91:7c:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request <================
Server-ID Option 54, length 4: 192.168.5.25
Requested-IP Option 50, length 4: 192.168.5.201
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
END Option 255, length 0
PAD Option 0, length 0, occurs 29
12:18:12.162132 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 330)
192.168.5.25.67 > 192.168.5.201.68: [udp sum ok] BOOTP/DHCP, Reply, length 302, xid 0x1b44eb75, Flags [none] (0x0000)
Your-IP 192.168.5.201
Client-Ethernet-Address 08:00:27:91:7c:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK <================
Server-ID Option 54, length 4: 192.168.5.25
Lease-Time Option 51, length 4: 300
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 192.168.5.255
Domain-Name Option 15, length 8: “rh.local”
Domain-Name-Server Option 6, length 4: 192.168.5.25
T119 Option 119, length 10: 626,26629,27759,25441,27648
Default-Gateway Option 3, length 4: 192.168.5.1
END Option 255, length 0

DHCP Release Logs
Jan 14 12:00:31 dhcp-srv dhcpd: DHCPRELEASE of 192.168.5.202 from 08:00:27:91:7c:fe via eth0 (found)
Jan 14 12:00:31 dhcp-srv dhcpd: Removed forward map from dhcp-192-168-5-202.rh.local to 192.168.5.202
Jan 14 12:00:31 dhcp-srv dhcpd: Removed reverse map on 202.5.168.192.in-addr.arpa.


You May Also Like

avatar

About the Author: TekFik

TekFik is a technical blogging site helps techies and engineers to solve their day to day issues and also allows everyone to share knowledge and feedback. Please feel free to contact us at tekfik.rd@gmail.com if there is anything.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *