Timothy
Parker Consulting Incorporated
|
|
|
|
DHCP, Part 2 In the first part of this article we looked at the
development of DHCP (Dynamic Host Configuration Protocol), the way it handles
leases of IP addresses, and some of the issues of using DHCP on a Windows NT
server. Now let’s set up a DHCP server. We usually think of Windows NT and
Windows 2000 as the server for a DHCP network, but there are other platforms
that can act as DHCP servers, too. The
most commonly used alternatives are UNIX and Linux. Both have DHCP clients and sometimes a server included as
basic components of a distribution, but server software is not always available
or included with all distributions. In
some cases, you will need to purchase a third-party server package for DHCP.
This certainly makes Windows a more attractive platform acting as a
server, although there are some performance advantages to UNIX and Linux systems
due to their more streamlined kernels. If you are
running the Server version of Windows NT or Windows 2000, you need to install
the DHCP Server software using the usual methods.
We’ll assume you know how to use Control Panel->Network (Windows NT
4) or Add/Remove Windows Components-> Networking Services (Windows 2000) to
add a service. Choose Dynamic Host
Configuration Protocol from the list of available services and the CD-ROM will
be used to load the service. Microsoft recommends a reboot after loading the
DHCP server, and while this is not always necessary it does prevent future
conflicts. The configuration tools provided with the DHCP server
package allow you to authorize a server, set up the lease IP addresses, and
adjust the lease timers easily. Under Windows 2000 you must specifically
authorize the DHCP server in most installations (if a red down-arrow appears
next to the server, it is unauthorized; a green up-arrow means it is
authorized). Integrating DHCP clients When you have a DHCP server set up, either on a Windows NT
or Windows 2000 machine or on any other operating system that can act as a
server, you can set up clients to query the server anytime they connect to the
network. Windows platforms are easy
to set up for DHCP client access. Under
Control Panel -> Network you need to configure a TCP/IP stack (after setting
the network interface card, of course) to dynamically accept an IP address.
The IP Address tab of the TCP/IP Properties page lets you do this.
Simply choose the “Obtain an IP Address automatically” option and
Windows will use DHCP to broadcast over the network to find a DHCP server. For other operating systems, the process is a little different. Linux has DHCP clients built into all current releases of the kernel, but you still need to specify the DHCP server IP address unless a discover protocol is to be used. The documentation for the operating system will usually show the procedure, which differs considerably from platform to platform. DHCP and Windows 2000 Windows 2000 adds several enhancements to the DHCP package
included with Windows NT 4.0. Probably the most important addition to the DHCP
system is automatic client configuration, which allows a Windows 2000 machine to
configure its own IP addresses (and subnet) automatically when no DHCP server
has been located. A Windows 2000
DHCP client waits until after the first attempt to contact a DHCP server, and if
it can’t obtain a response, uses APIPA to set up a private IP address. APIPA is designed to configure IP addresses based on the
Internet Assigned Numbers Authority private network reserved range of
169.254.0.1 through 169.254.255.254. The APIPA routine will sense conflicts with
existing machines and reconfigure itself, up to ten times.
When Windows 2000 uses APIPA to configure an IP address, it will
automatically try to reconnect to a DHCP server every five minutes, and if one
is found it receives a valid lease. Another neat feature of Windows 2000 is rogue DHCP server
detection. A rogue DHCP server is a machine configured to allocate unauthorized
or conflicting IP address leases (which can be used by hackers for several
purposes). Any unauthorized DHCP server is considered a “rogue” server.
Windows 2000 prevents the use of rogue servers by requiring an
authentication step before a DHCP server can become active on a network. Active
Directory takes care of most of this process. DHCP classes are provided in Windows 2000, allowing
administrators to set up different configuration parameters for different
classes of machines. Most
administrators will use classes to allocate IP addresses based on machine types
(laptop, desktop, etc) although several other parameters can be used to
establish client identities. The changes allowed for each group tend to reflect
the lease timings, DNS settings, and use of WINS. Finally, media sense has been properly enabled in Windows
2000 (actually, media sense has been part of NDIS 5 for a while). With media
sense, a Windows 2000 machine can recognize the protocol stack of any incoming
network card connect and disconnect messages. These are used to allow changes in
the protocol based on network packets, something that wasn’t possible with
Windows NT 4. The administration tools provided in Windows 2000 have been
improved a little over Windows NT 4. An important improvement is the support for
SNMP and MIBs, providing a graphical interface of statistical data from clients
on the network. A Windows 2000 DHCP server can generate some administrator
alerts automatically. For example,
administrators can set an alert threshold for notification of a dwindling number
of available IP addresses, as well as when the IP pool has been exhausted. For those interested in clustering Windows 2000 Advanced
Server, DHCP can be used for virtual servers.
A static virtual IP address is set up for the cluster and failover of a
cluster component allows the DHCP server IP address to be passed to a working
machine. When adding a second or higher DHCP server to an existing
Windows 2000 DHCP domain, you need to ensure the new DHCP server is in the
Active Directory (otherwise the server will be treated as a rogue unit). To
authorize a new DHCP server, from the primary DHCP server (or root DHCP server),
start Administrative Tools and select DHCP, right-click the DHCP icon at the
root of the tree, and click Authorize. Enter the IP address (or name) of the
server to be added, and click OK. The
new server will then be treated as an authorized unit on the network. DHCP and network traffic One of the prevalent myths in the network world is that
DHCP contributes a lot of load to a network. This is not true. It is true that
when a client becomes active, it broadcasts a request for a DHCP server to
reply, and DHCP servers will send a response back to the client, but these are
small packets and are hardly ever resent unless either end has not received
acknowledgements. Even on a vary
busy network, it is rare to get resends of client DHCP requests and server
responses. After the initial setup datagrams have been transferred,
client and server don’t communicate about DHCP issues until the timers for
rebinding expire. At this point, a couple of small datagrams are exchanged, and
the lease is usually reinstated and no communications are performed until that
lease timer expires. If the client
has to be rebooted or is moved from one network drop to another, the initial
DHCP packets are exchanged again, but as mentioned, these are small. To show the effect of DHCP traffic on a network, a simple
experiment was performed in our labs. We
set up two Windows NT 4.0 servers as DHCP servers, and connected forty Windows
98 PCs to the network, all of which used DHCP to establish IP addresses. When
the PCs were all powered on at the same time, network traffic was monitored
using packet filtering software to detect the DHCP packets specifically.
On average on our 10Mbps Ethernet network, DHCP traffic spiked at less
than one percent of the total network bandwidth, and that only when all 40
clients requested IP addresses within a second of each other (causing several
collisions and resends). When the
client machines were powered up in sequence, network traffic due to DHCP was
negligible. Ongoing traffic from DHCP was also lower than measurement
threshold even when the leases started to expire. On much larger networks, some DHCP traffic may arise, but the
percentage of DHCP traffic will still be very small. Another common myth about DHCP has to do with IP addresses and MACs (Media Access Control addresses). The prevalent opinion is that DHCP allows IP addresses to be concealed, hence resulting in machines that cannot be traced through traffic. This is not accurate as IP address leases can always be viewed through DHCP administration software. The software reports not only the assigned IP address, but the computer name and the MAC of the NIC. Articles in the popular press and some hacker newsletters have proposed using DHCP-based networks to launch either hack attacks or access to some Web sites on the assumption the sending machine cannot be traced. As long as the MAC or machine name is within the network, the sending machine can be traced. |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|