DHCP


Dynamic Allocation: DHCP assign an ip address for the client for a specific period of time called the lease time . This ip address will be changed over time 

 

Manual Allocation: DHCP will assign an ip address to a specific client according to one of known methods, this ip address will be reserved for the client and never changed “Reserved IP Add”  

 

Static Entry: In this way, DHCP is not used. Administrator statically assigns an ip address to the client in a permanent way 

 

Main difference between the static entry & manual allocation is simple manual allocation depends on the DHCP for the assignment and inherit all its properties like the lease time, options etc. 

 

DHCP Ports:  

Source port: 68 

Destination port: 67 

 

DHCPV4 Conversations: 

New Lease: There is a client and wants to take an IP address from the DHCP server  

  • DHCP server could be directly connected to the client’s network OR in a different network 

  • If DHCP server is existed in different network, we need to use a DHCP relay “usually the gateway of client” to point the DHCP traffic to the external DHCP server 

  • DORA “Discover , Offer , Request , ACK”: Messages between client and server to complete the initial DHCP transaction 

 

 

 

Inform: After taking an IP address, client needs other data from the DHCP server which we call “options” like GW , NTP , DNS etc. This will happen through inform conversation  

Messages: 

  • DHCPINFORM “client to server” 

  • DHCPACK “server to client” 

 

Renewal: It’s a message from the client to server asking for renewal the lease time assigned by server to keep using the ip address as a client 

Messages:  

  • DHCPREQUEST “client to server” 

  • DHCPACK “server to client” 

 

Release: A request from the client to the server to release the IP address, to get a different IP address for example 

Messages:  

  • DHCP Release  

 

DHCPv4 Flags: 

ciaddr – Client ip address  

yiaddr – What ip add dhcp server assigned to the client  

siaddr – DHCP server ip address  

giaddr – Gateway “relay ip address”  

chaddr – Client’s MAC add 

 

DHCP Components: 

DHCP Network: A subnet with DHCP enabled on it, contains inside it the other objects like ranges, fixed addresses & hosts 

 

DHCP Range: A list of IP addresses that could be assigned by DHCP server to clients inside the network 

 

DHCP Range Exclusion: A list of ip addresses that are not set to be assigned by dhcp server inside the range 

 

DHCP Manual Allocation “Fixed Address , Manual Binding , Reservation”: Assigning the same ip address to the same client each time for allocation, the most common most for identifying the client is with its mac address 

This is used much in multiple cases: 

  • Devices that provide network services 

  • Devices that need to be tracked 

 

Policy: DHCP policy is the control mechanism for DHCP servers to determine which client receives what IP address.  

Note: This is not a NAC solution 

 

DHCP Lease Ordering: DHCP Policy –> Manual Allocation –> Dynamic Allocation 

 

DHCP Lease time: The limited time that the address will be assigned to a client to be able to reuse the address with another client 

  • When clients receive an IP address offered by the DHCP server, it has a lease time attached to that offer 

  • Some DHCP servers also support permanent lease, which allows the client to keep the address for an indefinite amount of time 

 

DHCP Timers: 

  • Lease time is sent to the client as part of DHCP option 51. DHCP client is responsible for renewing lease to continue using the address  

  • T1: By default it’s 1/2 of the lease time, it’s the point when the client sends a unicast message to the DHCP server as a request to renew the lease time. If the server didn’t response with an Ack message for renewal it will try to resend the request at specific intervals until T2  

  • T2: By default it’s 7/8 of the lease time, T2 timer is only used if client was not successful in renewing the lease with server using T1 timer. When T2 timer is up, client enters the rebinding state. It sends the DHCPREQUEST message which contains the IP address lease, in hope it receives a response 

  • Rebinding Period: After passing through the T1 and T2 timers the client will enter the rebinding period where the client wants to initiate a request to a new DHCP server 

 

 

DHCP Options: Sent between client and server to exchange information in the shape of options 

PRL (Parameter Request List): Option 55 which is used by the client to send to DHCP server to ask for specific options so it’s an option contains options request 

Example: Option 55 has a value of “3,6” means client wants to know DNS and Gateway 

 

 

DDNS (Dynamic DNS): 

  • A way for a device to send an update to the DNS server dynamically. Since there are multiple DNS changes for entries inside DNS 

  • DHCP clients & DHCP servers can both update DNS servers 

  • DDNS Update Process: 

    1. SOA: Client wants to send an update to the DNS server will take a look into its configured DNS on its network configuration, see SOA record for this name server it wants to update 

    2. A Record: Seeing the A record for the existing name server and trying to reach it 

    3. DDNS Update: Sending the update request to the DNS 

  • Option 81: This option enables the DHCP client to update the DNS instead of the DHCP server 

 

 

Redundancy: 

Fault-Tolerance:  

DHCP: This is supported by default for DHCP operation since client itself will try to discover each existed DHCP server to initiate a request to it. Also after T2 passes in lease time the client starts to bind another DHCP server 

DNS: Most clients will try the preferred name server (the one that is listed first, or the one that is fastest), and work its way down to other alternate name servers if the first choice is not available 

Load Balancing: Load balancing could be happened for both protocols through a load balancer 

 

Commands: 

  • Ipconfig /all – Shows you the configured DHCP server in Windows that you pulled an address from 

  • Dig @192.168.1.1 www.google.com. A – Gets the a record of www.google.com by this dns server 192.168.1.1 

  • Nslookup www.google.com. – Gets the a record using nslookup “built-in in windows” 

  • Ipconfig /flushdns – Clearing all the cache of client side in Windows  

 

IPAM (IP Address Management): 

  • It is a tool used to give very intensive information about the devices assigned ip addresses on our network, this enables administrators from knowing everything is happening on the network level 

  • It’s not a service or protocol, it’s just the correlating tool between DNS and DHCP 

  • DNS & DHCP protocols data are integrated into most IPAM solutions, any change in this data will be transferred automatically to the IPAM.  

  • Also IPAM uses some types of discovery techniques to discover devices are not discovered using DHCP or DNS automatically 

    • Network Scan: Using a tool like NMAP to discover all existed devices, could be useful in the internal LAN network, but for the remote devices it could be blocked 

    • Network Data: Asking devices for giving us information about themselves. The Simple Network Management Protocol (SNMP) was designed exactly for this purpose. it allows network operators to communicate with supported devices, either to look up information about the device itself, or ask the device to do something. 

Note: SNMP is not the only method to obtain data. IPAM systems can use other methods such as CLI (command line interface) or API (application programming interface) to collect information 

  • Metadata: Other data that is collected also not related to the IP address, but also collected by IPAM 

    • Metadata could be collected by protocols  

    • Could be entered manually by the administrators 

 

IPAM Searching: Techniques should at least contain the following searching techniques 

Global DB Search –> Partial matching ”Like All DNS A Records” –> Metadata search –> Pattern matching “Regular Expression” 

error: Content is protected !!