Brief Introduction to DHCP server solution design

DHCP servers are used in more and more enterprises. DHCP is short for the Dynamic Host Allocation Protocol. As the number of enterprise hosts increases, more and more enterprises are adopting DHCP to dynamically allocate IP addresses. The advantage of using DHCP servers to manage enterprise network IP addresses is obvious. If you can effectively avoid IP address conflicts, you can save the trouble of manually configuring relevant network parameters.

However, it is also troublesome to use the DHCP server to allocate IP addresses, that is, when the host of a certain computer is not enabled due to a business trip or other reasons, the next time he will wait for work, when the host is opened, the IP address changes. This is unacceptable. In this case, some network security policies for IP addresses, such as limiting Internet access based on IP addresses, will become invalid.

I. Causes

This is mainly based on the working principle of the DHCP server. The DHCP server manages IP addresses based on the lease.

After the client host logs on to the network for the first time, it obtains an IP address from the DHCP server, including the lease. Unless the lease has expired, the client will not send the REQUEST information to the DHCP server the next time you log on to the network, but directly send the chcp request information. DHCP negative uwqi will try to make the customer segment use the original IP address. If there are no special circumstances, you only need to directly check the dhcp pack. However, if the IP address has been used by other hosts, the server will not allow the IP address to be used, but send a dhcp discover to the client, obtain the latest IP address from the server. It can be seen that when the lease term expires and the client does not continue to lease, the IP address may change. Because some employees are on a business trip, sometimes the lease cannot be renewed on the server after the lease term expires, resulting in the change of the IP addresses of the two login networks before and after.

In the beginning, DHCP manages IP addresses in the form of a lease to solve the problem of missing IP addresses. Each network device in the enterprise network must use a unique IP address. If the IP address is repeated, the IP address conflict will occur, affecting the normal use of related network devices. Therefore, when the lease expires, the DHCP server releases the IP address and uses it for other hosts. In addition, when DHCP assigns IP addresses to other hosts, the IP addresses in the IP address pool are allocated from small to large, which increases the chance of IP address changes.

In addition, many enterprises use IP addresses to execute some network management policies. For example, some employees are limited to access the network by IP address or some employees are allowed to use QQ and other instant chat tools according to the IP address. Although enterprises can achieve this through MAC addresses. However, it is troublesome to manage MAC addresses. If you are asked to enter an IP address or a MAC address, we will certainly choose to enter an IP address, because it is easy to input. The most important thing is that it will not be wrong. MAC address input errors are much higher.

On the one hand, the DHCP server will constantly change the IP address of the customer segment when the client lease expires. On the other hand, we hope that the IP address of the client can be relatively stable. Can't enterprises use DHCP servers? Actually not. As long as you have a little bit of brains, we can also let the DHCP server provide a fixed IP address to the client.

Ii. Solutions

Next I will take Microsoft's DHCP server as an example to talk about how to fix this IP address.

1. Open Microsoft's DCHP Server Management window, right-click the DCHP server, and choose "create scope" from the menu. Then, a dialog window is displayed, and relevant content is filled in step by step based on the wizard. For example, IP addresses that can be used and IP addresses that cannot be used. When entering this information, the network administrator is asked to enter a "server-assigned percentage Lease Term". The default value is 8 days. Although this time can be changed to a large enough value, the lease term will still expire. If an employee has a long vacation such as maternity leave, the IP address may change after the employee returns to work. Therefore, we aim to set this term to an unlimited length, that is, this lease is a permanent lease. In this way, you can use the DHCP server to allocate a fixed IP address. However, when creating a new scope, it cannot be specified as unlimited. Modify the scope after it is created.

2. After the scope is set up, the lease is only eight days by default. That is to say, if the client does not apply to the DHCP server in time after the eight-day lease is completed (for example, if an employee is on a business trip or on vacation just a few days before the lease term expires ), this IP address is likely to change. Therefore, we need to set the lease term to an unlimited length. In the DHCP server management window, select the scope we just created. Right-click, select "properties" from the menu, and find the "Lease Term of DHCP client" option. We can see that there are two single regions: "Limit" and "unlimited. By default, the option is "limited to" and its lease term is eight days. In order to achieve the goal of a fixed IP address, we select "unlimited" as this option ". In this case, there is no IP address lease. The DHCP server will not take the IP address back.

3. Although sometimes we can set the term of the lease to be long enough, this can also be achieved. However, it is generally not safe. Because it is very likely that the employee is on vacation a few days before the expiration date, the maximum lease is useless. Therefore, it is recommended that the network administrator set the lease to unlimited. Otherwise, it is likely to be a loss.

3. Four Notes

This method is not applicable to all scenarios. Sometimes some restrictions are imposed based on the actual situation.

First, check whether the number of clients and the number of IP addresses reserved by the DHCP server are sufficient. If the number of IP addresses reserved by the DHCP server is only 200, and the number of DCHP clients is 201, a client may not be able to obtain the IP address due to insufficient IP addresses. If a short lease is used, the DCHP server will promptly reclaim the IP addresses of those hosts that are not currently in use, solving the urgent need. It can be seen that to set the IP lease of the DHCP server to unlimited, a prerequisite is the IP address space of the DCHP server, which can meet the existing needs. Otherwise, the lease must be used, and the lease must be set to be short enough. Otherwise, the client may not be able to obtain the IP address in time due to insufficient IP addresses.

Second, when some clients do not need to use this IP address, they must be promptly released. For example, if the computer may break down or be upgraded, you need to use DHCP commands on the client before replacing the original computer, manually release the IP address. Otherwise, after the host is changed, the DHCP server does not know that the client is no longer in use and will occupy the IP address for a long time. This is different from the DHCP server using the lease. If a lease is used, when the lease term is full and the client does not apply for it, the DHCP server will automatically reclaim the IP address. Therefore, when the network administrator sets the lease as "unlimited", you must note that when changing the network device, even if the IP address is manually released. Otherwise, if unused IP addresses are accumulated, the IP addresses in the DHCP server will be used up sooner or later.

Third, for some network devices, such as network printers, firewalls, and application software servers, we do not recommend that you use this method to obtain IP addresses and other related network parameters. In other words, we recommend that you manually configure the IP address and other parameters for these devices. This is mainly for the sake of insurance. When the DHCP server fails or the client fails to connect to the DHCP server, IP address confusion still occurs. Therefore, for enterprise application servers with high stability requirements, we recommend that the network administrator manually manage the IP addresses, that is, manually configure them. However, the IP address must be excluded from the DHCP server. Otherwise, IP addresses may conflict.

Fourth, note that if no restrictions are imposed on the lease, an important feature of the DHCP server will be lost, that is, the function to help save IP addresses. We all know that DHCP can implement many functions, such as preventing IP address conflicts and automatically configuring related network parameters. In addition, an important function is to improve the utilization of IP addresses. That is to say, when a client is not used, its IP address may be withdrawn to other clients to improve the IP address utilization. If we set the lease to unlimited, we will not be able to enjoy this function. However, if the number of IP addresses is greater than the number of enterprise clients, this function does not matter.

In short, the DHCP server brings great convenience to our network administrator. We need to flexibly configure the DHCP server to meet our daily needs. If you do not have a DHCP server, you need to manually configure network parameters for each client host, such as IP addresses, DNS addresses, and gateway information. In addition, if the network planning changes, you may also need to change network parameters such as the network mask. The workload can be imagined, and you need to change it on one platform. If a DHCP server is used, you only need to configure it on the DHCP server, and the parameters on the client will be changed accordingly. Therefore, our network administrator should learn to develop strengths and circumvent weaknesses and flexibly configure DHCP servers.