vicomsoft top banner
arrow iconHome arrow iconProducts arrow iconDownloads arrow iconCompany arrow iconSupport arrow iconContact us arrow iconLibrary arrow iconChannels
DHCP Q&A - Part Two
The following DHCP Questions & Answers are extracted from a compilation by John Wobus, and are reproduced here with his kind permission.

A full copy of DHCP FAQ's by John Wobus can be found at: http://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.html.

For more on this and other subjects covered in these White Papers, sign up to our free Newsletter today.

Questions

  1. What is DHCP?
  2. How is it different than BOOTP or RARP?
  3. Why shouldn't clients assign IP numbers without the use of a server?
  4. Can DHCP support statically defined addresses?
  5. Can a BOOTP client boot from a DHCP server?
  6. Can a DHCP client boot from a BOOTP server?
  7. Is a DHCP server "supposed" to be able to support a BOOTP client?
  8. Is a DHCP client "supposed to" be able to use a BOOTP server?
  9. Can a DHCP client update its DNS entry through DHCP?
  10. Can a DHCP server back up another DHCP server?
  11. When will the server to server protocol be defined?
  12. In a subnetted environment, how does the DHCP server discover what subnet a request has come from?

  13. If a physical LAN has more than one logical subnet, how can different groups of clients be allocated addresses on different subnets?
  14. Where is DHCP defined?
  15. What other sources of information are available?
  16. Can DHCP support remote access?

  17. Can a client have a home address and still float?
  18. How can I relay DHCP if my router does not support it?
  19. How do I migrate my site from BOOTP to DHCP?
  20. Can you limit which MAC addresses are allowed to roam?
  21. What are the Gotcha's ?

DHCP Server Q&A - Part One

Setting up the Vicomsoft DHCP Server

Download this article as a .PDF

Answers
  1. What is DHCP?

    DHCP stands for "Dynamic Host Configuration Protocol".

  2. How is it different than BOOTP or RARP?

    DHCP is based on BOOTP and maintains some backward compatibility. The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. Additionally, DHCP allows for recovery and reallocation of network addresses through a leasing mechanism.

    RARP is a protocol used by Sun and other vendors that allows a computer to find out its own IP number, which is one of the protocol parameters typically passed to the client system by DHCP or BOOTP. RARP doesn't support other parameters and using it, a server can only serve a single LAN. DHCP and BOOTP are designed so they can be routed.

  3. Why shouldn't clients assign IP numbers without the use of a server?

    It is theoretically possible for client-machines to find addresses to use by picking an address out of the blue and broadcasting a request of all the other client machines to see if they are using them. Appletalk is designed around this idea, and Apple's MacTCP can be configured to do this for IP. However, this method of IP address assignment has disadvantages.

    • A computer that needs a permanently-assigned IP number might be turned off and lose its number to a machine coming up. This has problems both for finding services and for security.

    • A network might be temporarily divided into two non-communicating networks while a network component is not functioning. During this time, two different client-machines might end up claiming the same IP number. When the network comes back, they start malfunctioning.

    • If such dynamic assignment is to be confined to ranges of IP addresses, then the ranges are configured in each desktop machine rather than being centrally administered. This can lead both to hidden configuration errors and to difficulty in changing the range. Another problem with the use of such ranges is keeping it easy to move a computer from one subnet to another.

  4. Can DHCP support statically defined addresses?

    Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation.

  5. Can a BOOTP client boot from a DHCP server?

    Only if the DHCP server is specifically written to also handle BOOTP queries.

  6. Can a DHCP client boot from a BOOTP server?

    Only if the DHCP client were specifically written to make use of the answer from a BOOTP server. It would presumably treat a BOOTP reply as an unending lease on the IP address.

    In particular, the TCP/IP stack included with Windows 95 does not have this capability.

  7. Is a DHCP server "supposed to" be able to support a BOOTP client?

    The RFC on such interoperability (1534) is clear: "In summary, a DHCP server: ... MAY support BOOTP clients," (section 2). The word "MAY" indicates such support, however useful, is left as an option.

  8. Is a DHCP client "supposed to" be able to use a BOOTP server?

    The RFC on such interoperability (1534) is clear: "A DHCP client MAY use a reply from a BOOTP server if the configuration returned from the BOOTP server is acceptable to the DHCP client." (section 3). The word "MAY" indicates such support, however useful, is left as an option.

    A source of confusion on this point is the following statement in section 1.5 of RFC 1541: "DHCP must provide service to existing BOOTP clients." However, this statement is one in a list of "general design goals for DHCP", i.e. what the designers of the DHCP protocol set as their own goals. It is not in a list of requirements for DHCP servers.

  9. Can a DHCP client update its DNS entry through DHCP?

    No. There has been some discussion about adding this ability to DHCP.

    (Note: as far as I can tell, the DNS needs no protocol update since the server already tells the clients how long they can use the information they receive; what is really needed is a DNS server that can make fuller use of this feature and that co-operates with a DHCP server, perhaps through the use of some new "DHCP-server-to-DNS-server" protocol).

  10. Can a DHCP server back up another DHCP server?

    You can have two or more servers handing out leases for different addresses. If each has a dynamic pool accessible to the same clients, then even if one server is down, one of those clients can lease an address from the other server.

    However, without communication between the two servers to share their information on current leases, when one server is down, any client with a lease from it will not be able to renew their lease with the other server. Such communication is the purpose of the "server to server protocol" (see next question). It is possible that some server vendors have addressed this issue with their own proprietary server-to-server communication.

  11. When will the server to server protocol be defined?

    The DHCP WG of the IETF is actively investigating the issues in inter-server communication. The protocol should be defined "soon".

  12. In a subnetted environment, how does the DHCP server discover what subnet a request has come from?

    DHCP client messages are sent to off-net servers by DHCP relay agents, which are often a part of an IP router. The DHCP relay agent records the subnet from which the message was received in the DHCP message header for use by the DHCP server.

    Note: a DHCP relay agent is the same thing as a BOOTP relay agent, and technically speaking, the latter phrase is correct.

  13. If a physical LAN has more than one logical subnet, how can different groups of clients be allocated addresses on different subnets?

    One way to do this is to preconfigure each client with information about what group it belongs to. A DHCP feature designed for this is the user class option. To do this, the client software must allow the user class option to be preconfigured and the server software must support its use to control which pool a client's address is allocated from.

  14. Where is DHCP defined?

    In Internet RFCs.

    • RFC1541
      R. Droms, "Dynamic Host Configuration Protocol", 10/27/1993. RFC1534
      R. Droms, "Interoperation Between DHCP and BOOTP", 10/08/1993. RFC1533
      S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor Extensions", 10/08/1993.
    Note that there was an earlier RFC that defined DHCP, RFC 1531, but it was quickly superseded by RFC 1541. A web site for RFCs is: http://ds.internic.net/ds/dspg1intdoc.html

  15. What other sources of information are available? http://www.bucknell.edu/
  16. Can DHCP support remote access?

    PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility as DHCP or BOOTP in handing out other parameters. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT's remote access support does this.

    A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters using this feature of DHCP.

    SLIP has no standard way in which a server can hand a client an IP address, but many communications servers support non-standard ways of doing this that can be utilized by scripts, etc. Thus, like communications servers supporting PPP, such communications servers could also support the use of DHCP to acquire the IP addressees to give out.

    I am not currently aware of any way in which DHCP can support client-computers served solely by PPP or SLIP. Such a computer doesn't have the IEEE-style MAC address that DHCP requires to act as its key to determining which client-computer is which within the same subnet. Communications servers that acquire IP numbers for their clients via DHCP run into the same roadblock in that they have just one MAC address, but need to acquire more than one IP address. One way such a communications server can get around this problem is through the use of a set of unique pseudo-MAC addresses for the purposes of its communications with the DHCP server. Another way (used by Shiva) is to use a different "client ID type" for your hardware address. Client ID type 1 means you're using MAC addresses. However, client ID type 0 means an ASCII string.

  17. Can a client have a home address and still float?

    There is nothing in the protocol to keep a client that already has a leased or permanent IP number from getting a(nother) lease on a temporary basis on another subnet (i.e., for that laptop which is almost always in one office, but occasionally is plugged in a conference room or class room). Thus it is left to the server implementation to support such a feature. I've heard that Microsoft's NT-based server can do it.

  18. How can I relay DHCP if my router does not support it?

    A server on a net(subnet) can relay DHCP or BOOTP for that net. Microsoft has software to make Windows NT do this.

  19. How do I migrate my site from BOOTP to DHCP?

    I don't have an answer for this, but will offer a little discussion. The answer depends a lot on what BOOTP server you are using and how you are maintaining it. If you depend heavily on BOOTP server software to support your existing clients, then the demand to support clients that support DHCP but not BOOTP presents you with problems. In general, you are faced with the choice:

    • Find a server that is administered like your BOOTP server only that also serves DHCP. For example, one popular BOOTP server, the CMU server, has been patched so that it will answer DHCP queries.

    • Run both a DHCP and a BOOTP server. It would be good if I could find out the gotcha's of such a setup.

    • Adapt your site's administration to one of the available DHCP/BOOTP servers.

    • Handle the non-BOOTP clients specially, e.g. turn off DHCP and configure them statically: not a good solution, but certainly one that can be done to handle the first few non-BOOTP clients at your site.

  20. Can you limit which MAC addresses are allowed to roam?

    Sites may choose to require central pre-configuration for all computers that will be able to acquire a dynamic address. A DHCP server could be designed to implement such a requirement, presumably as an option to the server administrator.

  21. What are the Gotcha's ?

    • A malicious user could make trouble by putting up an unofficial DHCP server.
      • The immediate problem would be a server passing out numbers already belonging to some computer yielding the potential for two or more "innocent bystander" nodes ending up with the same IP number. Net result is problems using the nodes, possibly intermittent of one or the other is sometimes turned off.
      • A lot of problems are possible if a renegade server manages to get a client to accept its lease offering, and feeds the client its own version of other booting parameters. One scenario is a client that loads its OS over the network via tftp being directed to a different file (possibly on a different server), thus allowing the perpetrator to take over the client. Given that boot parameters are often made to control many different things about the computers' operation and communication, many other scenarios are just as serious.
      Note that BOOTP has the same vulnerabilities.

    • The "broadcast flag": DHCP includes a way in which client implementations unable to receive a packet with a specific IP address can ask the server or relay agent to use the broadcast IP address in the replies (a "flag" set by the client in the requests). The definition of DHCP states that implementations "should" honor this flag, but it doesn't say they "must". Some Microsoft TCP/IP implementations used this flag, which meant in practical terms, relay agents and servers had to implement it. A number of BOOTP-relay-agent implementations (e.g. in routers) handled DHCP just fine except for the need for this feature, thus they announced new versions stated to handle DHCP.

    • Some of the virtual LAN schemes, i.e., those that use the packet's IP number to decide which "virtual LAN" a client-computer is on for the purposes of TCP/IP, don't work when using DHCP to dynamically assign addresses. DHCP servers and relay agents use their knowledge of what LAN the client-station is on to select the subnet number for the client-station's new IP address whereas such switches use the subnet number sent by the client-station to decide which (virtual) LAN to put the station on.

    • Routers are sometimes configured so that one LAN on one port has multiple network (or subnet) numbers. When the router is relaying requests from such a LAN to the DHCP server, it must pass along as IP number that is associated with one of the network (or subnet) numbers. The only way the DHCP server can allocate addresses on one of the LAN's other network (or subnet) numbers is if the DHCP server is specifically written to have a feature to handle such cases, and it has a configuration describing the situation.

    • The knowledge that a particular IP number is associated with a particular node is often used for various functions. Examples are: for security purposes, for network management, and even for identifying resources. Furthermore, if the DNS's names are going to identify IP numbers, the numbers, the IP numbers have to be stable. Dynamic configuration of the IP numbers undercuts such methods. For this reason, some sites try to keep the continued use of dynamically allocable IP numbers to a minimum.

    • With two or more servers serving a LAN, clients that are moved around (e.g. mobile clients) can end up with redundant leases. Consider a home site with two DHCP servers, a remote site with DHCP services, and a mobile client. The client first connects to the home site and receives an address from one of the two serves. He/she then travels to the remote site (without releasing the lease at the home site) and attempts to use the acquired address. It is of course NAK'ed and the client receives an address appropriate for the remote site. The client then returns home and tries to use the address from the remote site. It is NAK'ed but now the client broadcasts a DHCPDISCOVER to get a address. The server that holds the previous lease will offer the address back to the client but there is no guarantee that the client will accept that address; consequently, it is possible for the client to acquire an address on the other server and therefore have two leases within the site. The problem can be solved by using only one server per subnet/site and can be mitigated by short lease lengths. But in a very mobile environment, it is possible for these transient servers to consume more than their fair share of addresses.

    • If departments, offices, or individuals run DHCP servers with their own small address pools on LANs shared by other departments, offices, or individuals, they can find that their addresses are being used by anyone on the LAN that happens to set their IP configuration to use DHCP.
DHCP Server Q&A - Part One

Setting up the Vicomsoft DHCP Server

page base
Home| Test a site| Products| Downloads| Company| Support| Contact us| Library| Channels| Privacy| Ts&Cs
Content of this page in its entirety is protected by US & UK Copyright © 2007 Vicomsoft Ltd.
Reproduction in electronic and written form is expressly forbidden except for personal use.
Anti Spam| Antispam| Anti-spam| Content Filter| Content Filtering| Email Filter| E-mail Filter| Email Filtering| E-mail Filtering| Email Filtering Software| Employee Monitoring| Filtering Software| Internet Abuse| Internet Content Filter| Internet Filter| Internet Filtering| Internet Filters| Internet Management| Internet Monitor| Internet Monitoring| Phishing| Porn Filter| Porn Filters| Spam| Spam Filter| Spam Filtering| Spyware| Web Filter| Web Filtering| Web Filters| Instant Messaging| AIM| AOL Instant Messenger| ICQ| Yahoo Messenger| MSN Messenger| Peer-to Peer| P2P| eDonkey| Emule| Kademlia| BitTorrent| Gnutella| Morpheus| LimeWire| Kazaa| Internet telephony| Skype