DHCP Dynamic Host Configuration Protocol CIS 856 TCPIP

DHCP Dynamic Host Configuration Protocol CIS 856: TCP/IP and Upper Layer Protocols Presented by Kyle Getz October 20, 2005

Motivation for DHCP n Configuration parameters for network hosts n n n IP address Router Subnet Mask Many more… Before DHCP n n n Manual assignment RARP BOOTP

DHCP Features n n n Protocol for providing configuration parameters to hosts over network Dynamic allocation of IP addresses Minimal human intervention

Sample Network DHCP Server DHCP Clients UDP Port 68 UDP Port 67 Router Internet

Preliminaries n n (DHCP) Message = DHCP-PDU (A-PDU) Client = DHCP Client Server = DHCP Server Well-known port numbers n n DHCP Server: UDP port 67 DHCP Client: UDP port 68 No ephemeral ports Broadcast and unicast used for PDU’s in both directions n n “Broadcast”: link and IP addresses are broadcast “Unicast”: link and IP addresses are unicast

Initial Message Flow Server A Client DHCPDISCOVER DHCPOFFER Server B DHCPDISCOVER DHCPOFFER Client attempts to discover available DHCP servers Servers reply with offers Client collects offers and decides which offer to accept DHCPREQUEST Configuration complete DHCPREQUEST DHCPACK Graceful shutdown DHCPRELEASE Client broadcasts request for one of the received offers Server acknowledges client’s use of IP address Client explicitly releases use of IP address

DHCP Message Types DHCP Message Use DHCPDISCOVER Client broadcast to locate available servers DHCPOFFER Server to client response offering configuration parameters DHCPREQUEST Client broadcast requesting offered parameters DHCPDECLINE Client to server notification that IP address is in use DHCPACK Server to client response confirming a request DHCPNAK Server to client response denying a request DHCPRELEASE Client to server request to relinquish IP address DHCPINFORM Client to server request for configuration parameters

Lease Renewal Times (Client) n n n T 1 < T 2 < Lease time T 1 default value = 1/2 of lease time T 2 default value = 7/8 of lease time Communicated via DHCPOFFER, DHCPACK Client actions when times elapse n n n T 1: client must renew address with the DHCP server T 2: client must renew address with any DHCP server Lease time: client must stop using IP address

Renewal Message Flow Server A Client Server B T 1 elapses DHCPREQUEST Configuration complete DHCPACK Client unicasts request to continue using IP address Server acknowledges request and updates lease T 1 elapses DHCPREQUEST Client unicasts request to continue using IP address DHCPREQUEST Client broadcasts request to continue using IP address T 2 elapses DHCPREQUEST DHCPACK Configuration complete Server acknowledges request and updates lease

Client FSM (Simplified) DHCPNAK/ Stop using IP address INIT DHCPNAK, Lease expires/ Stop using IP address DHCPNAK/ Discard offer RENEWING T 2/Broadcast DHCPREQUEST REBINDING DHCPACK/Set T 1, T 2 DHCPACK (in use)/ DHCPDECLINE DHCPACK/Set T 1, T 2 REQUESTING -/DHCPDISCOVER Select offer/DHCPREQUEST SELECTING DHCPOFFER/ Process offer T 1/ Unicast DHCPREQUEST DHCPACK/Set T 1, T 2 BOUND

Retransmissions n n Client responsible for all retransmissions Retransmission strategy n n n Exponential backoff Randomized Recommendations n n n Base delay doubled for each retransmission Random number picked from [-1, +1] Maximum base delay: 64 seconds

Server Storage n Permanent storage n n Pool of available IP addresses Local configuration parameters Mapping between clients and leases Flexibility concerning storage update n n When DHCPOFFER sent When DHCPACK sent

Server Logic (Simplified) Event Action Taken DHCPDISCOVER If current lease for client exists, send DHCPOFFER Else, if IP address available, send DHCPOFFER Else, do nothing DHCPREQUEST If IP address available, send DHCPACK Else, send DHCPNAK DHCPDECLINE Mark IP address unavailable, notify network administrator DHCPRELEASE Mark IP address available, delete lease DHCPINFORM Send DHCPACK with configuration parameters Lease expiration Mark IP address available, delete lease

DHCP PDU Format 32 Bits Operation Code Hardware Type Hardware Length Hop Count Transaction ID Seconds Elapsed B Client IP address Your IP address Server IP address Relay agent IP address Client hardware address (16 bytes) Server host name (64 bytes) Boot file name (128 bytes) Magic Cookie Options (up to 312 bytes) Must Be Zero (MBZ)

DHCP Options Magic Cookie: 99 130 83 99 4 bytes Option format: Code Length 1 byte Data Length bytes Subnet Mask: 1 4 One-byte options: 0 255 Padding End of options 255 255 0

Another Sample Network DHCP Clients Internet Relay Agent within Router DHCP Server

Relay Agents n n n Remove restriction of having DHCP server on every network Listen for DHCP messages and transmit them to appropriate machine Client to server relay n n Broadcast from client ® Unicast to server(s) Server to client relay n n Broadcast from server ® Broadcast to client Unicast from server ® Unicast to client

Demonstration

Advanced Topics n n Lease times Dynamic DNS Reliability Security

Lease Times Anywhere from 15 minutes – 1 year Common lease times & rationales n n n 15 minutes: Maximum number of addresses free 3 days: Microsoft default 4 months: Students can keep lease over summer Tradeoff

Dynamic DNS n n n If IP address changes due to DHCP, DNS entry is wrong Client or server can update DNS Option 81: Client FQDN 81 Length 1 byte Flags rcode 1 rcode 2 “Length” bytes Name…

Reliability n n n Two synchronized DHCP servers on the same network: Primary, Secondary Permanent storage constantly communicated Failure: Secondary server takes over DHCP Clients Primary Server Secondary Server

Security n n n Potentially unauthorized clients Malicious client could exhaust address pool Malicious server (Rogue server) n n Supply incorrect configuration parameters Supply malicious configuration parameters