DHCP Server

Introduction to Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a DHCP server/network server to dynamically allocate IP address, subnet mask, default gateways, and other network configuration parameters to requesting devices. It automates the mundane IP configuration task of the network admin by efficiently automating the IP allocations, and minimizing IP waste and IP conflicts. The DHCP server can dynamically allocate IP addresses to network devices from its pool of addresses, and reclaim them. In this document, we discuss:

Additional information

To get you started, here is a list of terms that you need to know to understand DHCP better.

DHCP Server: A network server that is configured to run DHCP service. DHCP servers are responsible for automatically assigning IPs to network devices. The server data store contains a pool of IP addresses that can be allocated to requesting clients.

DHCP Client: A network device, such as laptop and printers, that supports DHCP client services. The DHCP clients are capable of requesting the DHCP servers for dynamic IP addresses, and network parameters in order to communicate over the internet.

DHCP Scope: The DHCP scope specifies the range of IP addresses a DHCP server can provide to its clients. DHCP scope has to be configured to determine the pool of IP addresses the DHCP server can lease or renew.

IP Pool: A set of sequential IP addresses that a DHCP server can assign to its requesting clients.

For example: If DHCP server A has an IP pool of 192.168.20.1 - 192.168.20.25, then it can assign any IP addresses within this range to the requesting network devices.

Static IP: Static IPs are IP addresses that are manually assigned to network devices.

These are fixed address allocation and are not subject to change at any point during networking.

For example: 172.217.6.164 is the static IP address of Google. You can always access Google using its static IP.

Dynamic IP: Dynamic IPs are IP addresses that are automatically assigned to the network device by an address provider, such as DHCP servers. These allocations are subject to change. A device that supports dynamic IP allocation isn't required to have the same IP address every time it connects to the internet.

For example: The IP address assigned to your device while connecting to a free Wi-Fi can change every time you make a fresh connection.

Default gateway: Default gateways are devices, like routers, that enable communication between networks.

Main functions of DHCP

While its possible for the network admin to manually configure IP addresses and other networking parameters for every device in the network, it becomes increasingly tedious and difficult as the network scales. With policies like bring your own device (BYOD) implemented to enhance productivity, it is a burden for IT network admins to assign IP addresses and keep track of them manually. DHCP was introduced to streamline the process. DHCP automates this mundane IP configuration task by automatically assigning IP addresses and other related parameters to the network devices.

When a network device requests a IP address to communicate in the network, the DHCP server offers the client a IP address from its pool of IP addresses. When the device accepts this IP addresses, the DHCP server updates its data store with the IP address and the allocated client.

 

Main functions of DHCP

DHCP lease, renew, expiry

Since DHCP enables dynamic IP address allocation, the address allocated to a DHCP client device is not fixed. The DHCP server does not permanently allocate an IP address to a device, but provides it for a particular time period.

DHCP Lease

When a client requests the DHCP server for an IP address, the DHCP server provides the IP address and network configuration parameters such as the subnet mask and the default gateways for a particular time period – called a lease. The period for which the client is allocated the IP address is called the lease period. The client can use all the allocated network parameters within this period, and is uniquely identified in the network using the allocated IP address.

Lease Renewal

During or at the end of the lease period, if the client wishes to continue using the same network parameters, including the IP address, a lease renewal through the DHCP server can be requested. The DHCP server, on receiving this message, renews the lease period of the client, and the client can continue using the IP address for an extended period.

Lease expiry

At the end of the lease period, if a client has not requested a renewal, or if the server has not received a renewal request, the lease of the allocated IP expires. This causes the DHCP to reclaim the IP and related network configurations, and add it back to its pool of IP addresses.

Efficient use of IP address space with DHCP

As noted earlier, every DHCP server has a pool of IP addresses. Any IP address within this pool can be dynamically assigned to the requesting clients, and reclaimed back to the pool.

Why does DHCP lease IP addresses instead of permanently allocating it? Permanently allocating IP addresses, or allocating IP address for long periods of time, may cause an address shortage. A DHCP server has only a limited set of IP address in its IP pool. If we allocate an IP address for a long period of time to a specific device, then when the number of device wanting to connect to the network exceeds the number of available IP addresses, there is a service outage as the DHCP server can not provide service to the new clients.

For example:

Say you have a DHCP server is which has 3 IPs (196.128.12.1, 196.128.12.2, 196.128.12.3) in its IP Pool. The DHCP server is used to dynamically assign IP addresses to devices entering the local network.

Devices A, B, and C, enter the network at the same time. The DHCP server assigns A - 196.128.12.1, B - 196.128.12.2, and for C -196.128.12.3.

All the IPs the DHCP server’s IP pool has been assigned now.

Each device stays in the network for two hours and then disconnects.

Scenario 1: No lease period. (IPs are assigned permanently with static allocation.)
When another device, D, enters the network after two hours, it can not connect to the network as there are no IP addresses available within the IP pool of the DHCP server. All the IPs have been allocated to devices A, B, and C permanently.

Scenario 2: Lease period of two days. (IPs are assigned dynamically.)
When another device, D, enters the network after two hours, it cannot connect to the network, as there is still no IP address available. This is because, although after two hours device A, B, and C, have disconnected from the network, the IP address assigned to them have a lease period of two days. E.e., the IP addresses remained allocated for the next two days. Thus, device D can not acquire an IP address to connect to the network.

Issue: In both of these scenarios (with and without a lease period), with a pool of 3 IP addresses, the device D could not connect to the network.

Solution: The solution is to implement DHCP with a lease period of two hours as the requirement.

At the end of the two-hour allocation period, the lease expires for the devices A, B, and C. Devices choosing to stay in the network can renew the lease, whereas the lease expires for other devices.

Thus, when device D enters the network, the lease for device A would have expired and the IP 196.128.12.1 would have been reclaimed back to the IP pool. This IP can then be assigned to device D.

The 4 steps of DHCP: The DORA Process

The process of the DHCP server assigning IP address and other network configuration parameters to the network device happens in four steps:

  1. Discover DHCP server.
  2. Offer IP lease.
  3. Request IP lease.
  4. Acknowledge request.
Main functions of DHCP

Step 1: DHCP client discovers DHCP server.

For a device to communicate within a network, it requires an IP address. A DHCP client device acquires the IP address and the network parameters by broadcasting a UDP packet called DHCPDISCOVER within the network.

Upon receiving the DHCPDISCOVER broadcast, all the non-authoritative servers discard or ignore the message. DHCP servers within the networks receive and process the broadcast packet.

The DHCP Discover message contains details like:

UDP Source Port 68
UDP Destination Port 67
Source IP 0.0.0.0
Destination IP 255.255.255.255
DHCPDISCOVER Packet contents

Here, the source IP of the broadcast packet is 0.0.0, as the client device has not been assigned the IP address yet. With the destination IP as 255.255.255.255, the broadcast packet is sent to all the network devices, through a process called limited broadcast. Destination IP can be set to a particular subnet ID to enable a directed broadcast.

Step 2: DHCP Server offers IP and network configuration parameters to client.

When a valid DHCP server receives the DHCPDISCOVER broadcast message, it reserves an IP in its IP pool, and offers that IP on lease to the requesting client. It conveys its IP lease offer, the subnet mask, and default gateways to the requesting client through a DHCPOFFER message.

UDP Source Port 68
UDP Destination Port 67
Source IP 192.168.31.9
Destination IP 255.255.255.255
DHCPDISCOVER Packet contents

Here 192.168.31.9 is the DHCP server that offers an IP address from its pool. Traditionally, this offer message is sent to the client by specifying the clients hardware or MAC address.

Step 3: Client acknowledges the required DHCP’s offer and requests the IP lease.

Upon receiving a DHCPOFFER message, the client requests the assignment of the IP address offered through the DHCPOFFER message by sending a DHCPREQUEST message to the server. This message signals the DHCP server to allocate the offered IP address on lease to the client.

On receiving more than one DHCPOFFER messages from the servers in the network, the client sends a DHCPREQ (DHCP Request) message only to the DHCP server whose message was received first by the client. Other offers are discarded or ignored.

UDP Source Port 68
UDP Destination Port 67
Source IP 0.0.0.0
Destination IP 255.255.255.255
DHCPREQ Packet contents

Step 4: DHCP Server acknowledges clients IP lease request.

Upon receiving the DHCPREQUEST message, the DHCP server assigns the IP address to the client, and logs it in its data store. The server confirms the allocated IP address, subnet mask, and default gateway details by sending an DHCPACK (DHCP acknowledgement) message.

The client can now start using the allocate IP and network parameters.

UDP Source Port 68
UDP Destination Port 67
Source IP 192.168.31.9
Destination IP 255.255.255.255
DHCPACK Packet contents

The DHCP client configures itself with the received network parameters.

DHCP relay agent

Devices can send broadcast messages only within the network they are a part of. They can not broadcast messages across networks or subnets. When there is no valid DHCP server within a network, a device in that network can not acquire an IP address as it can’t broadcast DHCPDISCOVER messages to the servers outside its network.

This is problem is solved by using a DHCP relay agent.

Say there are two networks, network A and network B, connected by a router. There is a valid DHCP server in network A. Every device within network A can acquire an IP lease through this server. Imagine there is no DHCP server in network B. Since devices cannot broadcast between networks, devices in network B can not acquire an IP lease.

The two ways to address this issue are to:

  • Use a separate DHCP server in network B.
  • Use a DHCP relay agent.
DHCP relay agent

We use a DHCP relay agent by configuring the DHCP relay service into one of the devices in the network B. This device then receives the DHCPDISCOVER broadcast messages from clients in network B, and forwards it to the DHCP server in network A. Network A’s DHCP server sends the DHCPOFFER to the relay agent in network B, that broadcasts the message within its network. Similarly, the DHCPREQ and DHCPACK messages are exchanged between the DHCP client in network B and the DHCP server in network A by relaying it through the DHCP agent which can act as the man-in-the-middle.

Why is a relay agent, and not a DHCP server used for subnets?

Using a separate DHCP server in network B introduces two difficulties when compared to using a relay agent:

  • Cost – The cost of implementing a separate DHCP server is higher than configuring a relay agent.
  • Management overhead – Managing separate DHCP servers in different networks increases the network management overhead for the network admin.

Configuring a separate relay agent makes the process much easier. The relay agent can be a device within the network, or the network router itself can be configured to provide DHCP relay service.

DHCP attacks and security

The base DHCP has no standard authenticating or validating mechanisms. This can open up the network to:

  • Unauthenticated or rogue DHCP servers providing false DHCP offers to valid or authentic DHCP clients.
  • Authentic or valid DHCP servers may end up providing DHCP offers to unauthentic or rogue DHCP clients trying to access the network.
  • Resource exhaustion attacks from malicious DHCP clients can cause service outages to valid DHCP clients in the network.

One of the common DHCP attack is DHCP spoofing.

DHCP spoofing

A attacker or malicious agent can pose as a valid DHCP server by using the man-in-the-middle technique. This attacker can be a rogue or wireless router with a built-in DHCP server. When an valid DHCP client sends an DHCPDISCOVER, the attacker in the network sends an DHCPOFFER. When the client requests and starts using the IP address provided by the attacker’s server, the default gateway given by the attacker enables the attacker to gain visibility of all the traffic between the client and the network through the default gateway. Thus, the attacker can eavesdrop on a client’s traffic.

To avoid this attack, network admins configure DHCP snooping in the network.

DHCP snooping

DHCP snooping enables a switch to process a DHCPOFFER message only if it had been sent through a trusted port.

The process of DHCP snooping involves marking all the ports as untrusted initially. The network admin then marks only the valid DHCP ports in the network as valid. When sending out a DHCPDISCOVER broadcast, the client drops all the DHCPOFFERS received from untrusted ports, and sends a DHCPREQUEST only to the offer that has been sent through the valid ports. Thus, packets that might have been sent by attackers are discarded.

DHCP snooping

DHCP snooping strengthens the DHCP infrastructure in a network.

Configuring DHCP servers and clients

Network admins can configure DHCP servers and clients manually, and view the IP lease and configuration of the DHCP clients using native commands. A few of these are listed in the table below.

Command
DHCP Configuration
ipconfig /all
Displays internet protocol details such as IP address of the device, subnet mask, and default gateway
ipconfig /release
It releases the current IP configuration assigned to the device (lease termination).
ipconfig /renew
Renews or extends the lease period of the IP configurations assigned to the device.
ip dhcp snooping
Marks all the ports in the network as untrusted.
ip dhcp snooping vlan number [number]
Specifying the VLAN number in the [number] field enables DHCP snooping on the particular VLAN.
interface [interface id]
IP dhcp snooping trust
Marks the specified interface as trusted, authenticating all the DHCPOFFER messages received through this interface as valid messages.
show ip dhcp snooping
Displays general information about DHCP snooping.
Show running-config dhcp
Displays DHCP snooping configurations that are currently running.

Although native commands enable DHCP configurations in the device, configuring DHCP servers and clients using these commands is time-consuming and tedious as a network scales. To administer DHCP servers in large organizations, network resource management software, such as ManageEngine OpUtils is recommended.

Why is DHCP used?

DHCP servers are the building blocks of the network infrastructure. Due to their ease of operation and use, DHCP servers are employed in operations small and large, from home networks through enterprise-level networks.

The advantages of using DHCP servers are:

Optimal use of IP address space: Manually assigning IP addresses to devices in a network may lead to IP waste as IP addresses remain allocated even after the device disconnects from the network.

IP Reservation: DHCP enables specific IP addresses to be reserved for specific devices.These address are not allocated to other devices even when the assigned devices have been disconnected from the network.

Dynamic allocation: DHCP server automates the mundane task of manual IP address allocation. IP addresses are dynamically allocated and reclaimed to the IP pool.

Reduces IP conflicts: Manual allocation may cause more than one device to be assigned the same IP address, leading to IP conflicts. DHCP IP leasing eliminates this issue.

Easier management: The DHCP data store maintains user logs, such as the user to whom IP address is allocated, its lease period, and other network parameters.

Scalability: DHCP routers supports network scalability.

Managing DHCP servers with OpUtils

Complex network infrastructures using DHCP can be easily managed with OpUtils, a comprehensive network IP and switch port manager. OpUtils integrates with popular DHCP servers offering:

  • DHCP Scope Monitor: OpUtils’ DHCP Scope Monitor tool provides details into the DHCP server such as the associated DNS Name, Scopes Count Time, and more.
  • Rogue Detection: As noted earlier, DHCP server can allow rogues to gain unauthorized access into the network. OpUtils’s Rogue Detection feature scans the entire network, and detects rogue activities and efforts to breach the network. The network admin can mark these devices as trusted, guest, or rogue. Devices marked as rogue are blocked from gaining unauthorized devices from the network.
  • Code free: With the OpUtils code-free UI, network admins can easily manage DHCP servers and IPs without using syntax or native IP commands.
  • IP Details: OpUtils’ IP Address Manager provides comprehensive insights into the IP addresses in the network. Network admins can use this to view details such as the MAC address to which the IP is allocated, the DNS lookup status, the device type, and more.
  • Historical IP logs: OpUtils provides an historical IP log of all the users to whom the IP had been assigned, and the current user of the IP.
  • Port scanning: OpUtils enables the user to scan open ports in the network. Network admins can block ports allowing malicious traffic, thereby securing the network from unauthorized access.
  • Advanced IP Address Tracker - ManageEngine Oputils
  • IP Address Tracker Tools - ManageEngine Oputils
  • IP Address Tracking Software - ManageEngine Oputils
PrevNext

OpUtils provides enhanced IP and switch port management including real-time network scanning, monitoring, and managing with faster and easier network troubleshooting.

New to OpUtils? Schedule a free demo with a product expert or take a feature tour to see how OpUtils can help manage your network resources. You can also download a 30-day free trial to deploy and try OpUtils hands-on in your network. Have a price quote in mind? Let us know.