For example, let's take the first form-DHCP explanation, one form-dhcp
DHCP: The network Protocol of the Dynamic Host Configuration Protocol LAN, which uses UDP Protocol and is usually applied in a large local network environment. It is mainly used to centrally manage and assign IP addresses, allows hosts in the network environment to dynamically obtain IP addresses, Gateway Addresses, DNS server addresses, and other information, and improve the address usage. Detailed descriptions are provided in RFC 2131. DHCP has three ports, of which UDP67 and UDP68 are normal DHCP Service ports, respectively used as DHCP Server and DHCP Client Service ports; port 546 is used for DHCPv6 Client, not for DHCPv4, it is a DHCP failover service, which requires special activation. DHCP failover is used for "Hot Standby.
The DHCP protocol uses the client/server model. The dynamic allocation of host addresses is driven by the network host. When the DHCP server receives information from the requested address of the network host, it will send the relevant address configuration and other information to the network host for dynamic configuration of the network host address information.
DHCP has the following functions:
1. ensure that any IP Address can only be used by one DHCP client at the same time.
2. DHCP should be able to assign users a permanent fixed IP address.
3. DHCP should be able to coexist with hosts that obtain IP addresses in other ways (for example, hosts with IP addresses manually configured ).
4. the DHCP server should provide services to the existing BOOTP client.
DHCP has three mechanisms for IP Address Allocation: (among the three address allocation methods, only dynamic allocation can reuse addresses that are no longer needed by the client .)
1) Automatic Allocation method (Automatic Allocation). The DHCP server specifies a permanent IP address for the host. Once the DHCP Client successfully rents a permanent IP address from the DHCP server for the first time, this address can be permanently used.
2) Dynamic Allocation Method (Dynamic Allocation). The DHCP server specifies an IP address with a time limit to the host. When the address expires or the host explicitly says it is abandoned, this address can be used by other hosts.
3) in Manual Allocation mode (Manual Allocation), the Client IP address is specified by the network administrator, and the DHCP server only tells the client host the specified IP address.
To put it simply, how DHCP works:
1) Client Server searching: Send the discover packet through broadcast and find the dhcp server
2) Server Response Request: unicast sends an offer package and responds to the client. The client network lease is provided for selection. After receiving the client request, the server will perform the following work on the client's mac address and its own set data:
A) Find the ip address used by the user in the login file of the server. If there is an ip address and no one is using it, this ip address is provided as a client.
B) if an additional fixed ip address is provided for the mac address in the configuration file and the ip address is not used, the ip address is provided to the client.
C) if the preceding conditions are not met, the unused ip parameters are randomly used to the client and recorded in the leases file.
3) the client sends an ip request: broadcasts the request packet and selects the network parameter lease provided by a server to return to the server. In addition, the customer has the opportunity to send a broadcast packet to all hosts in the LAN and inform him that he has accepted the server lease.
4) confirm the lease on the server: unicast Ack packets, the server and the client confirm the lease relationship and record it to the server's leases file.
Next, let's talk about the concepts of DHCP:
DHCP Client: a DHCP Client that requests IP addresses through the DHCP protocol. DHCP client is an interface-level concept. If a host has multiple Ethernet interfaces, each interface on the host can be configured as a DHCP client. Each Vlan interface on a vswitch can also be configured as a DHCP client.
DHCP Server: DHCP Server, which provides IP addresses for DHCP clients and manages assigned IP addresses.
DHCP Relay: a DHCP Relay. When a DHCP client applies for an IP address across CIDR blocks, it can forward DHCP packets.
DHCP Security: DHCP Security features to manage valid user IP addresses
DHCP Snooping: a DHCP listener that records the user information applied for an IP address from a layer-2 device.
The DHCP packet format is shown in the right figure. The fields are defined as follows: packet format
Fields in the message are described as follows: op, the packet type. 1 indicates the request message, and 2 indicates the Response Message. Htype: hardware address type. 1 indicates the Ethernet hardware address of 10 Mb/s. Hlen: the length of the hardware address. In Ethernet, the value is 6. Hops: Number of hops. The client is set to 0 and can also be set by a proxy server. Xid, transaction ID, a random number selected by the client, is used by the server and the client to exchange requests and responses between them, and the client uses it to match requests and responses. This ID is set by the client and returned by the server. It is a 32-bit integer. Secs, filled by the client, indicates the number of seconds used after the client obtains the IP address or the IP address is renewed. Flags, flag field. This 16-bit field is currently only useful for the leftmost bit. The value 0 indicates unicast and 1 indicates broadcast. Ciaddr: the IP address of the client. Only when the client is in the Bound, Renew, and Rebinding status and can respond to ARP requests can it be filled. Yiaddr, "Your Own" or the IP address of the client. Siaddr indicates the IP address of the server to be used in the next phase of the DHCP protocol process. Giaddr is the IP address of the DHCP repeater. // Note: the client hardware address is not the gateway chaddr defined in the address pool. The client must set its "chaddr" field. This field is also available in the Ethernet frame header of a UDP packet. However, it is difficult or impossible to obtain this field in the Ethernet frame header by checking the UDP packet, if this field is set in the DHCP packet carried by UDP, the user process can easily obtain this value. Sname: an optional server host name. This field is an empty string and is filled by the server. File, the startup file name, is an empty string. The DHCP Discover message is a "generic" name or an empty character. The DHCP Offer message provides the full name of the valid directory path. Options, an optional parameter field in the format of "code + Length + data ". There are eight types of DHCP packets: DHCP Discover, DHCP Offer, DHCP Request, dhcp ack, dhcp nak, DHCP Release, DHCP Decline, and DHCP Inform. The functions of each packet type are described in table 1. When describing the IP Address requested by the DHCP DiscoverDHCP client, the DHCP client does not know the location of the DHCP server. Therefore, the DHCP Client sends the request packet in broadcast mode in the local network. This packet becomes the Discover packet, the purpose is to find the DHCP server in the network. All DHCP servers that receive the Discover packet will send a response message. The DHCP client can then know the location of the DHCP server in the network. After the DHCP OfferDHCP server receives the Discover packet, it finds a suitable IP address in the configured address pool, and adds the corresponding lease term and other configuration information (such as gateway and DNS server ), construct an Offer packet and send it to the user to inform the user that the server can provide an IP address for it. <It only tells the client that the IP address can be provided and is pre-allocated. The client also needs to use ARP to check whether the IP address is repeated.>
The DHCP Request DHCP Client may receive many Offer requests, so you must select one of these responses. The Client usually selects the first server that responds to the Offer packet as its target server, responds to a broadcast Request message, and notifies the selected server. After the DHCP Client successfully obtains the IP address, it will send a unicast Request message to the DHCP server during the lease period of 1/2. If the dhcp ack packet is not received, when the lease period is 3/4, send Broadcast Request Message renewal period. After receiving the Request message, the dhcp ackdhcp server finds whether there is a lease record based on the user MAC contained in the Request message. If yes, it sends an ACK message as a response to notify the user that the assigned IP address can be used.
Dhcp nak if the DHCP server does not find the corresponding lease record after receiving the Request message or the IP address cannot be allocated properly for some reason, it will send the NAK message as a response, notifies the user that an appropriate IP address cannot be assigned. DHCP Release when the user no longer needs to use the assigned IP address, the user will take the initiative to send a Release message to the DHCP server, telling the server user no longer need to assign an IP address, the DHCP server will Release the bound lease. After the DHCP DeclineDHCP client receives the ACK packet from the DHCP server, it detects the address conflict assigned by the server through address conflict detection or fails to be used due to other reasons, it sends a Decline packet, the IP address assigned by the Notification Server is unavailable. If the DHCP InformDHCP client needs to obtain more detailed configuration information from the DHCP server, it will send an Inform message to the server for request. After the server receives the report, it will search based on the lease, find the corresponding configuration information and send an ACK message to respond to the DHCP client.
1. setup process
Yum-y install dhcp *
(1/4): dhclient-4.1.1-53.P1.el6.centos.x86_64.rpm | 322 kB ### DHCP (Dynamic Host Configuration Protocol) is a protocol which allowsindividual devices on an IP network to get their onetworkwn Configuration information (IP address, subnetmask, broadcast address, etc .) from a DHCP server. the overall purpose of DHCP is to make iteasier to administer a large network. the dhcp package des Isc dhcp service and relay agent. relay proxy and service in isc dhcp. (2/4): dhcp-4.1.1-53.P1.el6.centos.x86_64.rpm | 823 kB ### DHCP (Dynamic Host Configuration Protocol) is a protocol which allowsindividual devices on an IP network to get their onetworkwn Configuration information (IP address, subnetmask, broadcast address, etc .) from a DHCP server. the overall purpose of DHCP is to make iteasier to administer a large network. the dhcp package includes des theISC DHCP service and relay agent. to use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. the dhcp package providesthe isc dhcp service and relay agent. (3/4): dhcp-common-4.1.1-53.P1.el6.centos.x86_64.rpm | 144 kB ### manage DHCP (Dynamic Host Configuration Protocol) is a protocol which allowsindividual devices on an IP network to get their own networkconfiguration information (IP address, subnetmask, broadcast address, etc .) from a DHCP server. the overall purpose of DHCP is to make iteasier to administer a large network. (4/4): dhcp-devel-4.1.1-53.P1.el6.centos.x86_64.rpm | 158 kB # Header files and API documentation for using the isc dhcp libraries. thelibdhcpctl and libomapi static libraries are also encoded in this package.
Configuration process
1. Check the dhcpd. conf configuration file. You are prompted to refer to the template configuration file.
cat /etc/dhcp/dhcpd.conf## DHCP Server Configuration file.# see /usr/share/doc/dhcp*/dhcpd.conf.sample# see 'man 5 dhcpd.conf'#
cat /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample > /etc/dhcp/dhcpd.conf
2. Edit the configuration file
[root@dhcp dhcp]# cat /etc/dhcp/dhcpd.conf ddns-update-style interim;ignore client-updates;subnet 192.168.1.0 netmask 255.255.255.0 {# --- default gatewayoption routers 192.168.1.0;option subnet-mask 255.255.255.0;option time-offset -18000; # Eastern Standard Time# option ntp-servers 192.168.1.1;# option netbios-name-servers 192.168.1.1;# --- Selects point-to-point node (default is hybrid). Don't change # -- you understand Netbios very well # option netbios-node-type 2;range dynamic-bootp 192.168.1.200 192.168.1.230;default-lease-time 21600;max-lease-time 43200;# we want the nameserver to appear at a fixed address }
3. Start the service; service dhcpd restart
4. configuration file description
Dhcpd. conf parameter description/etc/dhcpd. conf usually includes three parts: parameters, declarations, and option. 1. parameters (parameters) in the DHCP configuration file: shows how the task is executed, whether the task is to be executed, or which network configuration options are sent to the customer ddns-update-style configure DHCP-DNS interactive update mode. Default-lease-time specifies the length of the lease time, in seconds. Max-lease-time specifies the maximum lease time length, in seconds. Hardware specifies the NIC interface type and MAC address. Server-name notifies DHCP client server name. Get-lease-hostnames flag checks the IP address used by the client. The fixed-address ip address is assigned to the client as a fixed address. Authritative rejects incorrect IP address requirements. 2. declarations (Declaration) in the DHCP configuration file: used to describe the network layout, provide the customer's IP address, and other shared-network to tell whether some sub-networks share the same network. Subnet describes whether an IP address belongs to this subnet. Range: The range in which IP addresses are terminated. For host names, refer to special hosts. Group provides a declaration for a group of parameters. Allow unknown-clients; whether the deny unknown-client dynamically allocates IP addresses to unknown users. Allow bootp; whether deny bootp responds to the activation query. Allow booting; whether deny booting responds to user queries. The name of the file whose filename starts to start. Applied to the diskless workstation. Next-server: Set the Host Name of the server from the boot file and apply it to the diskless workstation. 3. option in the DHCP configuration file: used to configure optional DHCP parameters. All parameters use the option keyword as the start subnet-mask to set the subnet mask for the client. Domain-name indicates the DNS name of the client. Domain-name-servers specifies the IP address of the DNS server for the client. Host-name specifies the host name of the client. Routers sets the default gateway for the client. Broadcast-address: Set the broadcast address for the client. Ntp-server sets the IP address of the server for the client network time. Time-offset is the offset time set by the client and Greenwich Mean time, in seconds. Note: If the client uses a Windows operating system, do not select the "host-name" option, that is, do not specify the host name for the client.
Working principle:
The DHCP protocol uses UDP as the transmission protocol. The host sends the request message to port 67 of the DHCP server, and the DHCP server responds to port 68 of the host. A detailed interaction process is shown in figure.
- That is, the DHCP Client's process of searching for the DHCP Server corresponds to the client's process of sending the DHCP Discovery. Because the DHCP Server corresponds to the DHCP client, the DHCP Discovery packets sent by the DHCP client are broadcast packets, the source address is 0.0.0.0 and the destination address is 255.255.255.255. All hosts on the network that support TCP/IP will receive the DHCP Discovery packet, but only the DHCP Server will receive the packet.
If Multiple DHCP servers exist in the network, Multiple DHCP servers will reply to the DHCP Discovery packet.
If no DHCP Server exists in the same vlan and the VlanIf is configured with the DHCP Relay function, the Vlanif is a DHCP Relay, DHCP Relay modifies the source IP address of the DHCP packet to the IP address of the Vlanif packet, and the destination IP address is the IP address of the DHCP Server configured by DHCP Relay. In the DHCP packet, change giaddress to the IP address of VlanIf. And send the DHCP Discovery to the DHCP Server through unicast.
- The DHCP Server provides a stage, that is, the DHCP Offer stage sent by the DHCP Server in response to the DHCP Discovery
After receiving the DHCP Discovery packet, the DHCP Server resolves the Subnet to which the IP address of the request belongs. And from dhcpd. obtain an available IP address from the matched subnet in the conf file (select an IP address from the available IP address segment, and then send an ICMP packet to ping the IP address, if you receive an ICMP packet from the IP address, discard the IP address and reselect the IP address to continue the ICMP packet test until you find an IP address that is not used by anyone in the network, used to prevent IP addresses dynamically allocated from conflicting with the IP addresses of other devices in the network. This IP address conflict detection mechanism can be configured.) It is set in the yiaddress field in the DHCP Discovery message, indicates the IP address assigned to the client, and sets the Option for this Subnet configuration for the Lease, such as the default leases Lease period, maximum Lease period, and router.
DHCP selects an IP address from the address pool with the following priority:
1) existing Ip Mac correspondence
2) Previous IP addresses of the Client
3) read the value of Requested Ip Address Option in the Discovery message. If yes and the Ip Address is available
4) Select an IP address from the configured Subnet:
The DHCP Server resolves the Subnet to which the IP address of the DHCP Discovery request belongs. First, check whether the giaddress In the DHCP Discovery message has a DHCP Relay. If yes, obtain from the available IP address segments in subnet described in giaddress and assign an IP address. If giaddress does not have an IP address, the IP address is allocated from the CIDR Block of the interface bound to the DHCP Server.
- After receiving DHCP Offer packets from several DHCP servers, the DHCP Client selects one of them as the destination DHCP Server. The selection policy is usually the DHCP Server to which the first response DHCP Offer packet belongs.
Then, a DHCP Request packet is broadcasted, which contains information such as the IP Address requested from the target DHCP server. The broadcast method is used to notify other DHCP servers that they will select the IP address provided by the DHCP Server.
- When the DHCP Server receives the DHCP Request sent by the DHCP Client and confirms the IP address to be provided for the DHCP Client, it wants the DHCP Client to respond to a packet containing the IP address and other options, to tell the DHCP Client that the IP address can be used. Then, the DHCP Client can bind the IP address to the NIC. In addition, all other DHCP servers will reclaim their previous IP addresses provided for the DHCP Client.
- After the DHCP Client logs on again, it sends a DHCP Request message that contains the IP address information previously allocated by the DHCP Server. After the DHCP Server receives the Request, attempt to allow the DHCP client to continue using the IP address. Then an ACK message is returned.
However, if the IP address cannot be assigned to the DHCP Client again, DHCP replies with a nak message. When the DHCP Client receives the NAK message, it resends the DHCP Discovery message to obtain the IP address again.
- The IP address obtained by DHCP has a lease. After the lease expires, the DHCP Server recycles the IP address. Therefore, if the DHCP Client wants to continue using the IP address, it must update the lease. The update method is that when the current lease term is over half, the DHCP Client will send a DHCP Renew message to Renew the lease term.
When the lease term exceeds 50%, the DHCP Client will send a DHCPRequest message to the DHCP Server in Unicast form to renew the IP address. If the DHCP Client successfully receives the dhcp ack packet sent by the DHCP Server, the IP address lease period is extended accordingly. If the dhcp ack packet sent by the DHCP Server is not received, the DHCP Client continues to use the IP address. When the lease term exceeds 87.5%, the DHCP Client sends a DHCPRequest message to the DHCP Server in broadcast form to renew the IP address. If the DHCP Client successfully receives the dhcp ack packet sent by the DHCP Server, the IP address lease period is extended accordingly. If the dhcp ack packet sent by the DHCP Server is not received, the DHCP Client continues to use this IP address, the DHCP Client will not send a DHCP Release message to the DHCP Server until the IP address expires during the lease period, releasing the IP address and starting the new IP address application process. It should be noted that the DHCP client can receive DHCPOFFER packets from Multiple DHCP servers, and may then accept any DHCPOFFER packet, but the client usually only accepts the first DHCPOFFER packet received. In addition, the [1] address specified by the DHCP server DHCPOFFER is not necessarily the Final allocated address. Normally, the DHCP server retains the address until the client sends a formal request. The DHCP server is formally requested to assign the address DHCPREQUEST to a broadcast packet to allow all other DHCP servers that send DHCPOFFER packets to receive the packet, and then release the offline packet (pre-allocated) the IP address of the client. If the address sent to the DHCP client has been used by other DHCP clients, the client will send the DHCPDECLINE packet to the server to reject the allocated address information. During the negotiation process, if the address information in the REQUEST message sent by the DHCP Client is incorrect, for example, the client has been migrated to a new subnet or the lease has expired, the DHCP server sends a DHCPNAK message to the DHCP Client, asking the client to re-initiate the address request process.
Acquisition Process
1. view the client message log;
First Retrieval
May 29 12:27:38 66 dhclient [26828]: DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 8 (xid = 0x3acc5b99) May 29 12:27:38 66 dhclient [26828]: DHCPOFFER from 192.168.1.2May 29 12:27:38 66 dhclient [26828]: DHCPREQUEST on eth2 to 255.255.255 port 67 (xid = 0x3acc5b99) May 29 12:27:38 66 dhclient [26828]: DHCPACK from 192.168.1.2 (xid = release) may 29 12:27:40 66 NET [26875]:/sbin/dhclient-script: updated/etc/resolv. confMay 29 12:27:40 66 dhclient [26828]: bound to 192.168.1.47 -- renewal in 39792 seconds.
Disconnect and re-obtain May 29 13:26:40 66 dhclient [41297]: DHCPREQUEST on eth3 to route 0000255 port 67 (xid = 0x207c094c) May 29 13:26:40 66 dhclient [41297]: DHCPACK from 192.168.1.2 (xid = 0x207c094c) May 29 13:26:42 66 NET [41351]:/sbin/dhclient-script: updated/etc/resolv. confMay 29 13:26:42 66 dhclient [41297]: bound to 192.168.1.157 -- renewal in 38792 seconds.
2. packet capture Analysis;
Tcpdump-I any-w dhcp. pcap 'udp and port 67 and port 68'
Capture packets when obtaining information for the first time;
1. Discover package Analysis
2. OFFER
(1) the DHCP server still uses the broadcast address as the destination address, because the Client requesting IP Address allocation does not have its own ip address, multiple clients may use the IP address 0.0.0.0 as the source IP address to send an IP allocation request to the DHCP server. DHCP cannot use the IP address 0.0.0.0 as the destination IP address. Therefore, the IP address is still broadcast, tell the requesting Client that this is a usable DHCP server.
(2) the DHCP server provides an available IP Address. In the Your (client) IP Address field of the packet, you can see the available IP Address Provided by the DHCP server.
(3) As shown in the red rectangle, the server also sends information such as the subnet mask, router, DNS, domain name, and IP address lease period.
3 REQUEST package
4. ACK package
The following information is contained in the data package, indicating that the resource information is allocated to the Client.
Your (client) IP address: available IP address assigned to the Client.
There are many options. The first two items are the Message Type (ACK) sent by the DHCP server and the identity of the server. The following items are:
Subnet Mask: Subnet Mask of the IP address assigned to the Client;
Router: Router
Domain Name Server: DNS, Domain Name Server
Domain Name: Domain Name
IP Address Lease Time: IP Lease period.
Simulate reboot host packet capture