Transcript DHCP Server - University of Delaware

BOOTP
Bootstrap Protocol
(RFC 951)
and
DHCP
Dynamic Host Configuration Protocol
(RFC 2131)
Michael Sadowsky
CISC 856-010
University of Delaware
October 12, 2004
Why BOOTP?
1.
2.
3.
4.
What’s my IP address?
What’s my subnet mask?
Who’s my router?
Who’s my DNS server?
DNS
Server
File
Server
192.168.1.3 192.168.1.4
ee:ee:ee:ee:ee:01
ee:ee:ee:ee:ee:03
ee:ee:ee:ee:ee:02
ee:ee:ee:ee:ee:04
 Diskless Workstations 
Router
192.168.1.1
Boot Server
192.168.1.2
Internet
BOOTP: Bootstrap Protocol
• RFC 951
• Designed for diskless workstations
• Supplies static configuration:
– IP address
– Subnet mask
– Router IP address
– Name server IP address
– Boot image
BOOTP Operation
Port 68/UDP
Port 67/UDP
BOOTP Client (A)
BOOTP Server (B)
BOOTP request
BOOTP request
67 | 68 255.255.255.255 | 0.0.0.0ff:ff:ff:ff:ff:ff | ee:ee:ee:ee:ee:01
BOOTP reply
ee:ee:ee:ee:ee:05 | ee:ee:ee:ee:ee:01 192.168.1.2 | 255.255.255.255 67 | 68
BOOTP
UDP
IP
BOOTP reply
Ethernet
BOOTP PDU Format
Operation Code
Hardware Type
Hardware Length
Transaction ID
Number of seconds
Unused
Client IP address
Your IP address
Server IP address
Gateway IP address
Client hardware address
(16 bytes)
Server name
(64 bytes)
Boot file name
(128 bytes)
Options
(up to 64 bytes)
4 bytes
Hop Count
BOOTP Problem
ee:ee:ee:ee:ee:01
ee:ee:ee:ee:ee:03
ee:ee:ee:ee:ee:02
DNS
Server
192.168.1.3
ee:ee:ee:ee:ee:04
File
Server
192.168.1.4
Router
New Roaming
Client
What is my network
configuration?
192.168.1.1
Boot Server
192.168.1.2
Internet
I don’t know, I’ve never
seen you here before.
BOOTP Limitations
• Static configuration
• Does not dynamically allocate IP
addresses
• Manual administrator intervention to
add/remove clients
DHCP Motivations
• Automatic network configuration for clients
• No administrator intervention
• Effective allocation of limited addresses
• Support for transient/roaming systems
DHCP Evolution
• DHCP is an extension of Bootstrap
Protocol
• Uses same basic PDU format for
backwards compatibility
• Introduces pool of IP addresses for
dynamic assignment
• Concept of temporary leased addresses
DHCP PDU Format
Operation Code
Hardware Type
Hardware Length
Hop Count
Transaction ID
Number of seconds
Flag (1 bit) | (15 unused bits MBZ)
Client IP address
Your IP address
Server IP address
Gateway IP address
Client hardware address
(16 bytes)
Server name
(64 bytes)
Boot file name
(128 bytes)
Options
(up to 312 bytes)
4 bytes
DHCP PDU Format
• Broadcast bit is to inform server if it can
respond with unicast IP PDUs or if it must
instead broadcast the reply to the entire
network.
• DHCP PDU has 312 bytes for options
versus 64 bytes in BOOTP PDU
• DHCP messages carried in options portion
of the PDU
Typical Options
Tag(0)
Tag
Padding
Length(N)
Value
N bytes
Tag (255)
End of options
Tag ID
Function
Tag ID
Function
1
Subnet Mask
13
Boot File size
37
TCP Default TTL
72
WWW Server
69
SMTP Server
61
Client Identifier
54
Server Identifier
66
TFTP Server
3
Time server
53
DHCP Message
4
DNS name server
55
Parameter Request List
Message Types
• Type identified by value field of option with tag 53:
–
–
–
–
–
–
–
–
DHCPDISCOVER (1)
DHCPOFFER (2)
DHCPREQUEST (3)
DHCPDECLINE (4)
DHCPACK (5)
DHCPNACK (6)
DHCPRELEASE (7)
DHCPINFORM (8)
DHCP Client State Diagram
Initializing
Lease Expired
DHCPNACK
DHCPOFFER
DHCPDISCOVER
Selecting
DHCPREQUEST
Requesting
Lease 50% Expired
DHCPREQUEST
Renewing
DHCPACK
DHCPACK
Lease Cancelled
DHCPRELEASE
BOUND
DHCPACK
Lease 87.5% Expired
DHCPREQUEST
Lease Expired
DHCPNACK
Rebinding
Allocating New Address
DHCP Server
DHCPDISCOVER
DHCP Server
DHCP Client
DHCPDISCOVER
DHCPOFFER
DHCPOFFER
DHCPREQUEST
Client attempts to
discover available DHCP
servers
Servers reply with
address offers
Client selects which offer
to accept
DHCPREQUEST
DHCPACK
DHCPRELEASE
Client notifies servers of
choice
Server acknowledges
client use of address
Client gives up use of
address
Address Renewing Scenario
DHCP Server
DHCP Server
DHCP Client
Client makes request
Server acknowledges request; lease
begins
DHCPREQUEST
DHCPACK
Time passes; 50% of lease expires
Client makes request to renew
address
No response from server, client
times out and sends request again
Server responds with negative
acknowledgement, address can not
be renewed
DHCPDISCOVER
DHCPREQUEST
DHCPREQUEST
DHCPNACK
DHCPDISCOVER
Client begins discovery phase to find a new address
to lease
Renewing a Previous Address
DHCP Server
DHCP Client
DHCPREQUEST
DHCPACK
DHCPREQUEST
DHCPACK
DHCP Server
Client requests its previously
assigned address.
Servers respond granting the
request.
Ignore DHCPACKs when a
connection has been
established.
DHCP Problem
DNS
Server
192.168.1.3
ee:ee:ee:ee:ee:03
ee:ee:ee:ee:ee:01
ee:ee:ee:ee:ee:02
ee:ee:ee:ee:ee:04
Router
192.168.1.1
File
Server
192.168.1.4
DHCP Server
192.168.1.2
• What is the problem here?
• Routers do not forward IP broadcast PDUs
DHCP Infrastructure
• Use relay agents to transmit DHCP
messages between physical networks
• Prohibitive/costly to have DHCP server on
each physical LAN segment
DHCP Security Considerations
• Hostile environments with open physical
access to network
• Rouge DHCP server on network
• Denial of service by exhausting address
pool
• Authentication introduced in RFC 3118 but
not implemented