DHCP server is not the Almighty God

DHCP (Dynamic Host Allocation Protocol) servers are widely used in enterprise networks. Visible, the advantages of the DHCP server are obvious. If you are manually managing an IP address in an enterprise LAN with 100 to 200 computers, it is a very heavy work. Accidentally, may cause the network address the conflict, and so on. So in the scale of the enterprise network, the use of hand-assigned IP address is not appropriate.

Therefore, many enterprises now network administrators through the DHCP server to manage the enterprise's IP address. A DHCP server network administrator can configure only a few common parameters, such as DNS addresses, on a DHCP server without having to set these parameters to each computer repeatedly, and when these parameters are changed, there is no need to change the table, just change it on the DHCP server; D The HCP server can guarantee that the IP address of the enterprise LAN is unique, and will not lease the same IP address to two hosts and so on. DHCP server power is indeed very powerful, but it is not omnipotent. The DHCP server also has a number of drawbacks. When designing a DHCP server environment, our network administrators need to understand these flaws and avoid them as much as possible during the design process.

The following author on their own understanding of the operation of the DHCP server defects, to talk about their own views. You are welcome to compensate and discuss this issue.

Defect One: The DHCP server cannot communicate across routes to clients unless the router allows BOOTP forwarding.

Some enterprises in order to security considerations, may be the enterprise's Network for physical division, divided into several separate network segments to control their access to each other. If there is a chemical enterprise, their research and development department is a relatively confidential department. Hosts in other departments are not able to access their networks. And their networks can access other departments ' networks. Technically, it's very simple. It is possible to divide the research and development department and other departments of the company into two relatively independent networks through the IP address breaking feature. They can then be connected by routers to control their access to each other on the router.

However, if a DHCP server is adopted in the enterprise LAN, some problems may arise. Because the DHCP protocol cannot cross the road due to client communication, unless the router allows BOOTP forwarding. In other words, if the enterprise in the subnet division, if a network segment in the company set up a DHCP server, another network segment is not able to obtain the IP address from this DHCP server.

What methods should we adopt to address this limitation?

The author's most commonly used method is to use fixed IP address to solve. In other words, although the network administrator to the enterprise network divided into different network segments, but this is purely for security reasons. Therefore, sometimes the number of hosts in a network segment is not much. If you divide a research and development department into a subnet, it is 10 PCs. To this end, we also do not move other brain, directly to the subnet of the host by hand assigned IP address. The other hosts are set up as clients of the DHCP server, and the IP address is obtained from the DHCP server. This is one of the simplest and most practical ways to deal with this. Don't bother thinking about configuring the DHCP server proxy, opening the BOOTP protocol forwarding function of the router, and so on. These are all a fuss.

If the business is not for security reasons, it needs to be considered separately. If some enterprises are relatively large, is a group of enterprises, the following have each subsidiary. When they design the network, they have a DHCP server on the group and then a subnet to each subsidiary. In this case, a subnet within the number of hosts may be more, at this point, if the use of manually assigned IP address is not realistic. To do this, we can forward the BOOTP protocol in the router, so that the host in other network segments can also get multiple IP addresses from this DHCP server.

Defect Two: If the network has a non-DHCP client, the DHCP server can not be found.

If the enterprise's local area network is a DHCP client computer and a network device that is not a DHCP client, the DHCP server is the IP address of the network device that is not known to be a DHCP client. If the IP addresses used by these non-DHCP clients are not assigned to DHCP clients, it is likely that the network IP address will conflict.

This situation in some network servers more enterprises, the situation is particularly numerous. If the enterprise can sometimes add a network print server to the enterprise, manually configure it with an IP address of 192.168.0.203. The original IP address pool on the Enterprise DHCP server is 192.168.0 020 through 192.168.0.200. Later, because the address was not enough, the address pool was changed to 192.168.0.020 to 192.168.0.220. Perhaps the network administrator inadvertently, 192.168.0.203 this IP address has been assigned to a network printer. At this point, when the IP address is put into the address pool of the DHCP server, if the server assigns this IP address to other network devices, it may cause the network address conflict and cause the network communication fault.

Therefore, this situation is particularly easy to do when manually assigning addresses to and from the DHCP server automatically assigned addresses. Because the DHCP server is not able to discover which IP addresses in its own address pool have been used by other non-DHCP server clients.