How does the DHCP server detect IP address conflicts that pass through the relay proxy (gratuitous ARP is definitely not acceptable)

Suggestion: Read my post, DHCP principles and IP address conflict detection.

1. Summary of DHCP server Conflict Detection

2. the working principle of the DHCP relay agent for forensics conflicts with the IP address because it is not in the same subnet, so gratuitous ARP is definitely not old)

DHCP server Conflict Detection

Engineers often ask the following question: to improve DHCP redundancy in a sub-network, two DHCP servers are set up at the same time and the same address pool range is configured, for example, 192.168.2.1-192.168.2.254/24). Then, will the two DHCP servers allocate the same IP address twice to different hosts ?, For example, DHCP server A allocates an IP address of 192.168.2.5, and DHCP server B allocates another IP address of 192.168.2.5, which may cause IP address conflicts on the network. The answer is that there will be no IP address conflict, because most DHCP servers adopt the conflict detection feature. That is to say, the DHCP server performs the conflict detection before it is ready to provide an IP address to a host on the network, there are roughly two ways to detect ARP requests: one is that the DHCP server sends an ARP request to the network about the IP address of the opportunity IP to be allocated to the DHCP client, if no response is received, the address is not used. Of course, you do not want to receive an ARP response. If you receive a response, the address is used. DHCP does not allocate the address; another solution is that the DHCP server sends an icmp echo packet to the network before assigning an IP address. If no host responds, the IP address is not used and can be allocated, on the contrary, no.

DHCP works based on broadcast and unicast. At least the discover message sent by the client must be broadcast, because it is required to find the DHCP server in the network. It is known that the router is a layer-3 device that blocks network broadcast, then, the DHCP server and client located on different interfaces of the vro cannot work normally, because the Discover message of the client is cut off by the vro. In this cross-network DHCP deployment environment, a concept called Relay Agent is proposed. In Cisco IOS, the help address is Helper address) it can help DHCP clients apply for IP addresses and other TCP/IP parameters across routers, so as to solve the problem that DHCP cannot work properly due to the separation of broadcast domains. Figure 9.23 shows how DHCP relay proxy works.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/00525M621-0.png "title =" 1.png"/>

• Step 1:The DHCP Client sends the DHCP Discover broadcast to find the DHCP server on the local subnet. There is no doubt that this query will fail because no DHCP server is deployed on the local subnet. However, at this time, the DHCP relay proxy router R1 E1/0192.168.5.1) will receive the Discover broadcast message.

• Step 2:The relay proxy router will help the DHCP client to apply for an IP address from the specified DHCP server. In this case, the specified DHCP server is actually used to specify who is the DHCP server on the relay router, for example, if 192.168.4.1 is declared as a DHCP server, the DHCP relay router will unicast the Discover message to the DHCP server 192.168.4.1). Note that the relay sends the Discover message to the DHCP server in Unicast mode, because the relay clearly knows which DHCP server it should apply,

• Step 3:The DHCP server responds to the relay's Discover message in Unicast mode and sends an Offer message, which includes the opportunity IP address (192.168.5.2) That DHCP can provide to the relay ), the Offer message provided by the DHCP server to the relay is shown in Figure 9.24. This Offer message is sent as a unicast message because the DHCP server knows who the relay is, the IP address of the relay is included in the message. It is worth noting that the DHCP server will perform IP address conflict detection before providing the opportunity IP192.168.5.2 to the relay, it needs to know the IP address 192.168.5.2, whether a host is using it on the network, and its detection method is to send an ICMP echo message whose destination address is 192.168.5.2. If no response is received, this indicates that the address is not used and can be allocated. Otherwise, it cannot be used. The DHCP server also checks the connectivity with the relay to ensure that the relay can successfully obtain the Offer message, this process can be confirmed by the data frame shown in Figure 9.25. Why does the DHCP server not use ARP for IP address conflict detection? The reason is simple, because in the DHCP environment where IP addresses are requested through relay, the IP addresses provided by DHCP are generally not the IP address range of the local subnet, and ARP cannot work through the router.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/00525J255-1.png "style =" float: none; "title =" 2.png"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/00525L113-2.png "style =" float: none; "title =" 3.png"/>

• Step 4:The relay initiates a DHCP Request message to the DHCP server. The message is still sent in Unicast mode, which is different from the working principle of DHCP on the local subnet, in the local subnet, this process should be sent in the form of broadcasting. In the relay environment, the relay sends messages in Unicast mode, because in this case, the communication parties are clear that there cannot be any other DHCP server providing IP addresses to the relay, for two reasons: the first reason is that the relay device explicitly instructs the DHCP server to which it applies for an IP address. The second reason is that when the relay initiates a DHCP Discover message, it is sent by unicast, there will be no second DHCP server to provide IP addresses for relay, because it will not be passionate about itself.

• Step 5:After receiving the relay unicast Request message, the DHCP server returns an ACK message to the relay, indicating that the IP address lease period takes effect. Note that the message is still sent as a unicast message, the reason is already described. Here we will not repeat it.

• Step 6:In fact, steps 2 to 5 above are completely transparent to the DHCP client, and it does not see the process of applying for IP addresses by relay. It can only see the DHCP message interaction process between the relay and itself. When the DHCP relay successfully obtains the address from the DHCP server, the relay will send a DHCP Offer message to the DHCP client, tell the DHCP client the IP address that can be provided to it. Note that the relay does not need to detect whether the IP address may conflict with the network, this process has been detected in step 3.

• Step 7:After receiving the Offer message provided by the DHCP relay, the DHCP client will send a DHCP Request message to the DHCP relay to formally Request the IP address. The message is sent in the form of broadcast. The reason why the message is sent in the form of broadcast is clearly stated in the standard DHCP environment.

• Step 8:After receiving the Request message from the client, the DHCP relay will respond to an ACK message and send it to the DHCP client. After the DHCP client receives the ACK message, the IP address assigned to the DHCP relay uses "the target IP address of the Free ARP request is the same as that of the source IP address, and it does not want to receive any response)" for final address conflict detection. Then use the IP address.

Note: As far as DHCP relay is concerned, it is not qualified to issue IP addresses and other TCP/IP attributes. It is only a proxy DHCP client that applies to the DHCP server, the process of relay and DHCP server interacting with DHCP messages is transparent to the DHCP client.

This article is from the "unknown Christ" blog. For more information, contact the author!