CCNA 640-802 khanusah

Sunday, November 16, 2008

DHCP Relay Agents

DHCP Relay Agent Overview

The Dynamic Host Configuration Protocol (DHCP) is a service that runs at the application layer of the TCP/IP protocol stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. This includes subnet mask information, default gateway IP addresses, DNS IP addresses, and WINS IP addresses. The DHCP protocol is derived from the Bootstrap Protocol (BOOTP) protocol. The DHCP server is configured with a predetermined pool of IP addresses (scopes), from which it allocates IP addresses to DHCP clients. During the boot process, DHCP clients request IP addresses, and obtain leases for IP addresses from the DHCP server.

When the DHCP client boots up on the network, the DHCP lease process occurs between the DHCP server and DHCP client. During the DHCP lease process, the DHCP scopes configured for a DHCP server is used to provide DHCP clients with IP addresses.

The DHCP lease process consists of four messages sent between the DHCP server and the DHCP client:

* DHCPDISCOVER message: This message is sent by a client when it boots up on the network to request an IP address lease from a DHCP server. The message is sent as a broadcast packet over the network, requesting for a DHCP server to respond to it
* DHCPOFFER message: This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers.
* DHCPREQUEST message: The client sends the initial DHCP server which responded to its request a DHCP Request message. The message indicates that the client is requesting the particular IP address for lease.
* DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client.

Because the DHCPDISCOVER message is a broadcast message, and broadcasts only cross other segments when they are explicitly routed, you might have to configure a DHCP Relay Agent on the router interface so that all DHCPDISCOVER messages can be forwarded to your DHCP server. Alternatively, you can configure the router to forward DHCP messages and BOOTP message. In a routed network, you would need DHCP Relay Agents if you plan to implement only one DHCP server.

For DHCP to operate, all of client computers should be able to contact the DHCP server. DHCP relies on the network topology, and is in turn relied on by all TCP/IP based hosts within your networking environment. Therefore, if your network has multiple segments, you have to perform either of the following:

* Place a DHCP server on each segment
* Place a DHCP Relay Agent on each segment
* Configure your routers to forward broadcast messages.

The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages. The DHCP Relay Agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet, or which is not located on the local subnet. If you have no configured DHCP Relay Agent, your clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you have to configure the DHCP Relay Agent on the subnet that contains the remote clients, so that it can relay DHCP broadcast messages to your DHCP server.

The systems that can use the DHCP Relay Agent are:

* Windows NT Server
* Windows 2000 Server
* Windows Server 2003

In routed networks, you need to either enable your routers to forward DHCP broadcast messages or configure a DHCP Relay Agent for the following reasons:

* The router will drop DHCP broadcast messages if it is not configured to forward them, and no DHCP Relay Agent exists.
* The DHCP lease process would not be able to place. The initial message sent by the DHCP client is a broadcast message.

Configuring the DHCP Relay Agent

The process for configuring the DHCP Relay Agent is outlined below:

* Enable Routing and Remote Access Server (RRAS)
* Install the DHCP Relay Agent routing protocol
* Configure DHCP Relay Agent properties
* Configure/enable the DHCP Relay Agent on the router interface to forward DHCP broadcast messages.
* View statistical information on the operation of the DHCP Relay Agent

How to enable Routing and Remote Access Server (RRAS)

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console.
2. Right-click the node of your server, and then choose Configure And Enable Routing and Remote Access from the shortcut menu.
3. The Routing and Remote Access Server Setup Wizard launches.
4. Click Next on the initial page of the wizard.
5. On the Configuration page, select the Custom Configuration option. Click Next.
6. On the Custom Configuration page, enable the LAN Routing checkbox. Click Next.
7. Verify your configuration settings on the Summary page.
8. Click Finish.
9. Click Yes when prompted to start the RRAS service.

How to install the DHCP Relay Agent routing protocol

1. Open the Routing And Remote Access console
2. Expand the IP Routing node in the console tree.
3. Right-click the General node, and then select New Routing Protocol from the shortcut menu.
4. The New Routing Protocol dialog box opens.
5. Select DHCP Relay Agent.
6. Click OK.

How to configure DHCP Relay Agent properties

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console.
2. Expand the IP Routing node in the console tree.
3. Right-click the DHCP Relay Agent node, and then select Properties from the shortcut menu.
4. On the General tab, enter the IP address of the DHCP server in the Server Address text box, and click Add.
5. Repeat the above step for each DHCP server that you have to add.
6. Click OK.

How to enable the DHCP Relay Agent on a router interface

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console.
2. Expand the IP Routing node in the console tree.
3. Right-click the DHCP Relay Agent node and then select New Interface from the shortcut menu.
4. Select the interface that is on the same subnet as the DHCP clients.
5. Click OK.
6. In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox is selected on the General tab.
7. You can change the Hop-Count Threshold and Boot Threshold values.
8. Click OK.

How to view statistical information on the operation of the DHCP Relay Agent

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console.
2. Select the DHCP Relay Agent node, and view the statistical information that is displayed in the details pane of the Routing And Remote Access console:
* Received requests
* Received replies
* Discarded requests
* Discarded replies

DHCP and Remote Access

DHCP and Remote Access Overview

When a remote computer connects to a remote access server, it is automatically provided with an IP address when the Point-to-Point Protocol (PPP) connection is established.

You can configure the RRAS server to allocate IP addresses to remote clients from:

* A static range of IP addresses: This method is usually implemented when there are no internal DHCP servers.
* An existing DHCP Server: This is achieved by relaying clients to the DHCP server for IP address allocation.

If you have an internal DHCP server, you should configure the remote access server to allocate IP addresses via this server. If your DHCP server is not within broadcast range of the RRAS server, you must perform the one of the following configuration as well:

* Configure the DHCP Relay Agent on the remote access server.
* Configure the DHCP Relay Agent on the same subnet as the remote access server.

The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet. The router will drop DHCP broadcast messages if it is not configured to forward them, and no DHCP Relay Agent exists. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you have to configure the DHCP Relay Agent on the subnet that contains the remote client, so that it can relay DHCP broadcast messages to your DHCP server.

If the remote access server is configured to obtain IP addresses from a DHCP server, to distribute these IP addresses to clients, the following process occurs:

1. When the remote access server starts for the first time, it obtains a block of IP addresses from the DHCP server.
2. The first IP address is used for the remote access server.
3. The remainder of the IP addresses, the remote access server distributes to all TCP/IP based remote access clients during the PPP connection establishment process.
4. When the remote access server needs over 10 IP addresses, it obtains additional blocks of 10 addresses.
5. If the DHCP server was unavailable when the remote access server started, the remote access server assigns its own IP address through Automatic Private IP Addressing (APIPA).

Configuring the RRAS server to use the DHCP server option

To configure your RRAS server to use the DHCP server to obtain IP addresses to distribute to remote TCP/IP clients, you need to perform the following steps:

* Configure the DHCP Relay Agent on the remote access server, or on the same subnet.
* Configure the RRAS server to allocate IP addresses via the Dynamic Host Configuration Protocol (DHCP) option.

To install and configure the DHCP Relay Agent,

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console.
2. Expand the IP Routing node in the console tree, right-click the General node, and then select New Routing Protocol from the shortcut menu.
3. When the New Routing Protocol dialog box opens, select DHCP Relay Agent.
4. Click OK.
5. Expand the IP Routing node in the console tree.
6. Right-click the DHCP Relay Agent node and then select New Interface from the shortcut menu.
7. Select the interface and click OK.
8. In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox is selected on the General tab.
9. Click OK.
10. Right-click the DHCP Relay Agent node, and select Properties from the shortcut menu.
11. Enter the DHCP server's IP address. Click Add
12. Click OK.

To configure the RRAS server to distribute IP addresses via the Dynamic Host Configuration Protocol (DHCP) option,

1. Open the Routing And Remote Access console.
2. Right-click the RRAS server node and then select Properties from the shortcut menu.
3. Click the IP tab.
4. In the IP Address Assignment area of the IP tab, click the Dynamic Host Configuration Protocol (DHCP) option.
5. Click OK.

The different DHCP and RRAS Configurations

The method in which a remote client obtains IP addressing information is determined by the different configuration options which can be specified. The actual method which a remote client will use is determined by these IP configuration settings.

The different DHCP and RRAS configurations that can be specified are:

* The IP address is assigned from the static address pool on the RRAS server: This method is enabled when you select the Static Address Pool option on the IP tab of the RRAS server properties dialog box.

To configure this method:
1. Open the Routing And Remote Access console.
2. Right-click the RRAS server node and then select Properties from the shortcut menu.
3. Click the IP tab.
4. In the Static Address Pool option.
5. Click Add
6. Set the start IP address and end IP address to define the address range for the static address pool.
7. Click OK.

Because a remote client can only obtain IP addresses from the RRAS server, it has to access the DHCP server to obtain any other TCP/IP configuration information, such as a DNS server IP address, or WINS server IP address. For this to occur, you have to configure a DHCP Relay Agent for the RRAS server.
* The IP address is assigned from the DHCP server via a DHCP Relay Agent: For this method, the Dynamic Host Configuration Protocol (DHCP) option is configured on the IP tab of the RRAS server properties dialog box. Here, the DHCP Relay Agent is configured on the RRAS server. The DHCP server distributes IP addresses and all other TCP/IP configuration information.
* The IP address is assigned to the security object of the user (Active Directory): For this method, the IP address for the remote client is configured in the properties page of the particular user's security object. When the client connects to the RRAS server, the IP address configured in the properties page is used. The settings configured in the Remote Access Policy are simply ignored.

How to create a new user object in Active Directory

1. Click Start, Administrative Tools, and click the Active Directory Users And Computers console.
2. In the console tree, select the OU wherein you want to create the new user object
3. From the Action menu, click New, and then click User
4. In the New Object - User dialog box, enter information for the fields listed below:
* First name, Initials, Last name, Full name (automatically populated), User logon name, User logon name (pre-Windows 2000).
5. Click Next
6. Enter a password in the Password field, and verify the password in the Confirm password field.
7. If you leave the User must change password at next logon checkbox enabled, the user has to specify a new password at next logon. Click Next
8. Verify the settings that you entered on the Summary page.
9. Click Finish to create the new user object

How to configure an IP address for a user object in Active Directory

1. Click Start, Administrative Tools, and click the Active Directory Users And Computers console.
2. Right-click the domain, and select Find from the shortcut menu. The Find option is used to locate objects in Active Directory. You can specify that the search should be performed on the Active Directory directory, or on a particular OU, and you can specify various other search criteria and options.
3. Enter the username that you want to statically assign an IP address for. Click Find Now to locate the particular user object.
4. Double-click the username in the search results window to open the properties page of the user object.
5. Click the Dial-in tab.
6. Enable the Assign A Static IP checkbox.
7. Enter an IP address in the available box.
8. Click OK

Understanding DHCP

DHCP Overview

An IP address can be defined as a unique numeric identifier (address) that is assigned to each computer operating in a TCP/IP based network. Manually configuring computers with IP addresses and other TCP/IP configuration parameters is not an intricate task. However, manually configuring thousands of workstations with unique IP addresses would be a time consuming, and cumbersome experience. When you manually assign IP addresses, you increase the risk of duplicating IP address assignments, configuring the incorrect subnet masks, and incorrectly configuring other TCP/IP configuration parameters.

This is where the Dynamic Host Configuration Protocol (DHCP) becomes important. The Dynamic Host Configuration Protocol (DHCP) is a service that does the above mentioned tasks for administrators, thereby saving simplifying the administration of IP addressing in TCP/IP based networks. TCP/IP configuration was basically a manual process before the DHCP protocol was introduced. One of the main disadvantages of manually assigning IP addresses to hundreds of computers is that it could result in the assigned IP addresses not being unique. In a TCP/IP based network, to uniquely identify computers on the network, each computer must have a unique IP address. To communicate on the Internet and private TCP/IP network, all hosts defined on the network must have IP addresses. The 32-bit IP address identifies a particular host on the network.

You should only use manual address assignment under these circumstances:

* When there are no configured DHCP servers on the network and the network haves multiple network segments.
* When you are configuring a computer as a DHCP server, you assign that computer a static IP address.
* When you configure computers as important network servers such as domain controllers, or DNS servers; you manually assign the IP address to these computers.

DHCP is a service and protocol which runs on a Windows Server 2003 operating system. DHCP functions at the application layer of the TCP/IP protocol stack. One of the primary tasks of the protocol is to automatically assign IP addresses to DHCP clients. A server running the DHCP service is called a DHCP server. The DHCP protocol automates the configuration of TCP/IP clients because IP addressing occurs through the system. You can configure a server as a DHCP server so that the DHCP server can automatically assign IP addresses to DHCP clients, and with no manual intervention. IP addresses that are assigned via a DHCP server are regarded as dynamically assigned IP addresses. The DHCP server assigns IP addresses from a predetermined IP address range(s), called a scope.

The functions of the DHCP server are outlined below:

* Dynamically assign IP addresses to DHCP clients.
* Allocate the following TCP/IP configuration information to DHCP clients:
o Subnet mask information
o Default gateway IP addresses
o Domain Name System (DNS) IP addresses
o Windows Internet Naming Service (WINS) IP addresses

You can increase the availability of DHCP servers by using the 80/20 Rule if you have two DHCP servers located on different subnets.

The 80/20 Rule is applied as follows:

* Allocate 80 percent of the IP addresses to the DHCP server which resides on the local subnet.
* Allocate 20 percent of the IP addresses to the DHCP Server on the remote subnet.

If the DHCP server that is allocated with 80 percent of the IP addresses has a failure, the remote DHCP server would resume assigning the DHCP clients with IP addresses.

Because the DHCP service is a very important service in a TCP/IP based network, the following implementations are strongly recommended.

* Small networks should have at least one DHCP server.
* Large networks should have multiple implementations of DHCP servers. This implementation configuration enables the following benefits:
o Fault tolerance is provided
o The address space can be split.

The framework for the DHCP protocol is defined in RFC 2131. The DHCP protocol stems from the Bootstrap Protocol (BOOTP) protocol. BOOTP enables clients to boot up from the network instead of booting up from the hard drive. The DHCP server has a predefined pool of IP addresses, from which it allocates IP addresses to DHCP clients. During the boot process, DHCP clients request IP addresses, and obtain leases for IP addresses from the DHCP server.

When the DHCP client boots on the network, a negotiation process called the DHCP lease process occurs between the DHCP server and client. The negotiation process comprises of four messages, sent between the DHCP server and the DHCP client.

* Two messages from the client
* Two messages from the DHCP server

DHCP scopes

A scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP clients. A scope contains specific configuration information for clients that have IP addresses which are within the particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. Scopes for DHCP servers are configured by administrators.

A DHCP has to have at least one scope, which includes the following properties.

* The specified range of IP addresses which are going to be leased to DHCP clients.
* The subnet mask
* The DHCP scope options (DNS IP addresses, WINS IP addresses).
* The lease duration. The default of 8 days is suitable for small networks.
* Any reservations. Reservations include elements such as a client always receiving the same IP addresses and TCP/IP configuration information when it starts.

Therefore, when you start designing your DHCP strategy, and you are defining the scopes for your DHCP servers, you should clarify the following.

* The start and end addresses which would define the range of addresses you want to utilize.
* The subnet mask of the particular subnet.
* The amount of time that the lease should be for the IP addresses leased from your scopes.
* All other TCP/IP configuration information which you want assigned to DHCP clients.
* Determine those IP addresses that you want to reserve for clients.
* Determine whether any clients using statically assigned IP addresses need to be excluded from the address pool.

If you have multiple scopes, remember that clients can only obtain IP addresses from the subnet to which they belong. Clients cannot obtain IP addresses from scopes that are connected with different subnets. However, if your clients should be able to obtain IP addresses from other scopes, you can configure a superscope.

A superscope is the grouping of scopes under one administrative entity that enables clients to obtain IP addresses, and renew IP addresses from any scope that is part of the superscope.

Superscopes are typically created for under the following circumstances:

* The existing scope.s IP addresses supply is being depleted.
* You want to use two DHCP servers on the same subnet. This is usually for providing redundancy.
* You need to move clients from one range of IP addresses to a different range of IP addresses.

The DHCP Lease Process

The DHCP lease process, also known as the DHCP negotiation process, is a fairly straightforward process.

The DHCP lease process is described below:

1. The DHCP Discover message is sent from the client to the DHCP server. This is the message used to request an IP address lease from a DHCP server. The message is sent when the client boots up. The DHCP Discover message is a broadcast packet that is sent over the network, requesting for a DHCP server to respond to it.
2. The DHCP servers that have a valid range of IP addresses, sends an offer message to the client. The DHCP Offer message is the response that the DHCP server sends to the client. The DHCP Offer message informs the client that the DHCP server has an available IP address. The DHCP Offer message includes the following information:
* IP address of the DHCP server which is offering the IP address.
* MAC address of the client.
* Subnet mask
* Length of the lease
3. The client sends the DHCP server a DHCP Request message. This message indicates that the client accepted the offer from the first DHCP server which responded to it. It also indicates that the client is requesting the particular IP address for lease. The client broadcasts the acceptance message so that all other DHCP servers who offered addresses can withdraw those addresses. The message contains the IP address of the DHCP server which it has selected.
4. The DHCP server sends the client a DHCP Acknowledge message. The DHCP Acknowledge message is actually the process of assigning the IP address lease to the client.

Understanding DHCP and DNS Integration

With Windows Server 2003 Active Directory, Domain Name System (DNS) is the main name resolution method used to provide clients with name to IP address resolution. This in turn enables clients to locate resources on the network. The Dynamic DNS (DDNS) feature, initially introduced in Windows 2000, enables clients to automatically register their IP addresses and host names with a DNS server. When the DHCP service is running on a server, the DHCP server register the IP address of clients in DNS when the clients receive IP addresses from the DHCP server. The client no longer contacts the DDNS server to register its IP addresses because the Windows Server 2003 DHCP service dynamically updates the DNS records on behalf the client.

With Windows Server 2003 DHCP, three options are available for registering IP addresses in DNS. The options can be configured for the DHCP server, or for each individual scope.

The options which can be specified to enable/disable the DHCP service to dynamically update DNS records on behalf the client are:

* The DHCP server can be configured to not register any IP address of the DHCP clients when it assigns IP addresses to these clients.
* The DHCP server can be configured to at all times register all IP address of clients when they receive IP addresses from the DHCP server.
* The default option results in the DHCP server registering the IP addresses of clients with the authoritative DNS server, based on the client.s request for an IP address.

The Advantages of using DHCP

The main advantages of using DHCP are summarized below:

* DHCP is included with Windows Server 2003: To implement DHCP requires no additional costs.
* Centralized, simpler management of IP addressing: You can manage IP addressing from a central location.
* DHCP also provides for the simple deployment of other configuration options, such as default gateway and DNS suffix.
* Because the system assigns IP addresses, it leads to less incorrect configurations of IP addresses. This is mainly due to IP configuration information being entered at one location, and the server distributing this information to clients.
* Duplicated IP addresses are prevented.
* IP addresses are also preserved. DHCP servers only allocate IP addresses to clients when they request them.
* The DHCP service of Windows Server 2003 can assign IP addresses to both individual hosts, and multicast groups. Multicast groups are used when communication occurs with server clusters.
* The Windows Server 2003 DHCP service supports clustering. This enables you to set up high availability DHCP servers.
* In Windows Server 2003, DHCP integrates with Dynamic DNS (DDNS). This facilitates dynamic IP address management because the DHCP server registers the client computer.s Address (A) records and pointer (PTR) records in the DNS database when the client obtains an IP address. This is made possible through DHCP integration with Dynamic DNS (DDNS).
* You can monitor the pool of available IP addresses, and also be notified when the IP address pool reaches a certain threshold.
* Through authorizing DHCP servers in Active Directory, you can restrict your DHCP servers to only those that are authorized. Active Directory also allows you to specify those clients that the DHCP server can allocate addresses to.
* Dynamic IP addressing through DHCP easily scales from small to large networking environments.

The Disadvantages of using DHCP

The main disadvantages of using DHCP are summarized below:

* The DHCP server can be a single point of failure in networking environments that only have one DHCP server.
* If your network has multiple segments, you have to perform either of the following additional configurations:
o Place a DHCP server on each segment
o Place a DHCP relay agent on each segment
o Configure routers to forward Bootstrap Protocol (BootP) broadcasts.
* All incorrectly defined configuration information will automatically be propagated to your DHCP clients.
* There are a few DHCP client implementations that do not function correctly with a Windows Server 2003 DHCP server.

Designing a DHCP Strategy

In order for DHCP to operate successfully, all of your client computers should be able to contact the DHCP server, and contact it at any time. DHCP relies on the network topology, and is in turn relied on by all TCP/IP based hosts within your networking environment.

The factors that should be included or determined, when you design a DHCP strategy and determine the placement of the DHCP servers are listed below:

* Determine the network topology.
* Determine the number of hosts on your network.
* Determine the number of subnets that DHCP will be supporting
* Determine the location of your routers.
* Determine the transmission speed between your network segments.
* Determine whether Dynamic DNS (DDNS) will be used.
* Determine the number of clients that DHCP will be allocating IP addresses to.
* Determine the location of these clients.
* Identify those clients, if any, which could possibly not be able to use DHCP for IP addresses allocation.
* Identify clients which will be using BOOTP.
* Identify the WAN links which could possibly cause a failure that could prevent clients from accessing the DHCP server.
* Define the dedicated or reserved IP addresses that should be excluded from the DHCP address pool range.

The main design requirements associated with DHCP are:

* It is recommended to implement at least two DHCP servers to provide redundancy. Having two different DHCP servers ensures a highly available DHCP infrastructure because it could prevent issues which arise when network link failure occurs.
* If your network has multiple segments, you have to perform either of the following:
o Place a DHCP server on each segment
o Place a DHCP relay agent on each segment
o Configure your routers to forward Bootstrap Protocol (BootP) broadcasts.

The failover methods which you should consider implementing when you design a DHCP implementation are:

* Deploy a standby DHCP server: In this failover method, the standby DHCP server is configured with the same scope of the primary DHCP server. The standby DHCP server is only brought online when the primary DHCP server has a failure.
* Deploy a clustered server: Implementing a clustered server provides failover capabilities.
* Split the scopes: You can split the scopes of your DHCP servers when they are placed on different subnets. This provides failover when the DHCP server has a failure, or when a subnet fails. When splitting the scopes, bear in mind that you do not need to split the scopes in equal proportions. It is recommended to place a larger portion of the scope on the DHCP server that actually serves the local subnet.

Determining the number of DHCP servers and placement

The number of DHCP servers you would need to implement is determined by the following factors:

* Network topology
* Server hardware would influence the number of DHCP clients which the DHCP server would be capable of servicing. Server hardware also affects the performance of your DHCP servers.
* Network configuration
* Routing configuration
* Availability requirements of the DHCP servers
* The number of clients which the DHCP servers are going to service.

In a routed network, you would need DHCP relay agents if you plan to implement only one DHCP server. The systems that can use the DHCP Relay Agent are: Windows NT Server, Windows 2000 Server, and Windows Server 2003. It is recommended to place the DHCP server on the subnet that has the majority of hosts.
DHCP server requirements

If you are implementing only one DHCP server, you should definitely test that the DHCP server is capable of handling the client load. When deciding on which server to use to run the DHCP service, bear in mind that the performance of the server influences the performance of the DHCP service.

The performance of a server can be enhanced when the server has:

* Multiple CPUs
* Multiple network cards
* High performance hard drives.

If you are implementing multiple DHCP servers, place DHCP servers on all subnets which are connected via slow, unstable WAN links. This in turn prevents DHCP messages from being transmitted over the WAN.
Enabling DHCP support for non Microsoft DHCP clients

For networks that have only Microsoft client computers, setting up your DHCP clients is a fairly easy task. The type of clients which you want your DHCP server to service could lead to additional DHCP design and DHCP configuration requirements.

The different types of clients are:

* Non Microsoft DHCP clients: These clients may need support for certain DHCP features. Non Microsoft DHCP clients do not necessarily support vendor extensions.
* Non DHCP Clients: Clients that do not support DHCP have to be manually assigned with IP addresses.
* BOOTP Clients: These are clients that do not support IP leases. BOOTP clients request IP addresses whenever they start.

DHCP Security Considerations

The aspects which you need to resolve to secure your DHCP environment are:

* Because the IP address number in a scope is limited, an unauthorized user could initiate a denial-of-service (DoS) attack by requesting/obtaining a large numbers of IP addresses.
* An unauthorized user could use a rogue DHCP server to offer incorrect IP addresses to your DHCP clients.
* A denial-of-service (DoS) attack can by launched through an unauthorized user that performs a large number of DNS dynamic updates via the DHCP server.
* Assigning DNS IP addresses and WINS IP addresses through the DHCP server increases the possibility of an unauthorized user using this information to attack your DNS and WINS servers.

To secure your DHCP environment, use the following strategies:

* Implement firewalls.
* Close all open unused ports.
* If necessary, use VPN tunnels.
* You can use MAC address filters.
* Use 128-bit Wired Equivalent Privacy (WEP) encryption in wireless networks.
* Disable broadcasting the Service Set IDentifier (SSID) in wireless networks.

DHCP Design Best Practices

The best practices for designing a DHCP environment are summarized below:

* Plan your DHCP implementation strategy. You should identify all physical and logical subnets, and each router between your different subnets.
* If your routers can be configured to forward DHCP broadcasts, apply this configuration. You need to add a DHCP relay agent if your routers cannot be configured to forward DHCP broadcasts.
* It is recommended to configure a DHCP server for size as follows:
o 10, 0000 or less clients for which to provide services.
o 1, 000 or less scopes
* Improve the performance of your DHCP. This can be done by using the following:
o High performance hard drives
o Hardware RAID disk controller
* The DHCP service should not be running on a domain controller if it is going to update DNS records for legacy clients. You should place your DHCP servers and domain controllers on separate computers.
* Splitting the address range between two DHCP servers provides fault tolerance.
* Apply the 80/20 rule when you are creating scopes.
* All Windows NT 4 domain controllers should be upgraded to Windows Server 2003 before you deploy your DHCP servers.
* If you have two DHCP servers, and you are using reservations for clients; create the reservations on each DHCP server. This would enable a client to obtain its IP address from either of the DHCP servers.
* If you are using Windows Server 2003 DHCP services use the following DHCP specific features:
o Secure Updates: This forces a computer to be authenticated in Active Directory before it can obtain an IP address from a DHCP server.
o Dynamic DNS (DDNS) services: The DHCP server can register IP addresses in DNS on behalf of clients
o DHCP authorization: This ensures that a Windows 2000 DHCP server or Windows Server 2003 DHCP has to be authorized in Active Directory in order for it to operate in your networking environment.

Configuring DHCP

Configuring the DHCP Server Environment

The primary steps required for configuring and managing your DHCP server environment are:

* Install the DHCP service on a server
* Authorize the DHCP server in Active Directory.
* Configure the necessary DHCP scopes for your subnets.
* Configure superscopes and multicast scopes
* Configure the DHCP lease duration.
* Configure the DHCP options.
* Configure the DHCP reservations.
* Configure the BOOTP tables.
* Configure DHCP and DDNS integration.
* Configure split scopes for fault tolerance.

How to install the DHCP service

1. Click Start, Control Panel, and then click Add Or Remove Programs.
2. When the Add Or Remove Programs dialog box opens, click Add/Remove Windows Components.
3. This starts the Windows Components Wizard.
4. In the Components list box, select Networking Services, and then click the Details button.
5. The Networking Services dialog box opens.
6. In the Subcomponents Of Networking Services list box, check the Dynamic Host Configuration Protocol (DHCP) checkbox.
7. Click OK.
8. Click Next.
9. When The Completing The Windows Components Wizard page is displayed, click Finish.

How to manage the DHCP service from the DHCP console

The DHCP console, the management console for administering the DHCP service, is automatically installed when you install the DHCP service on a Windows 2000 or Windows Server 2003 computer. When you open the DHCP console, the left pane or console tree lists the available DHCP servers.

Each DHCP server node has the following folders:

* Scope(s) folder
* Server Options folder

Each scope contains the following additional folders:
o Address Pool: This view lists address pool information.
o Address Leases: This view contains an entry for each existing IP address lease. An entry includes the following information:
+ Client computer name to which the particular IP address lease was allocated.
+ The IP address associated with the lease.
+ Lease expiration information.
o Reservations: This view indicates which IP addresses are reserved, and the particular devices which have these reserved IP addresses.
o Scope Options: This view shows the options which are configured for the particular scope.

The Action menu includes a number of options which are useful when managing your DHCP servers.

To start, stop, pause, resume, or restart the DHCP service,

1. Click Start, All Programs, Administrative Tools and then click DHCP.
2. The DHCP console opens.
3. Select the DHCP server that you want to manage in the console tree.
4. From the Action menu, click All Tasks, and choose between the following options:
* Start, to start the DHCP service
* Stop, to stop the DHCP service
* Pause, to pause the DHCP service
* Resume, to continue the DHCP service after it was paused.
* Restart, to stop and then automatically restart the DHCP service

How to manage the DHCP service from the command-line

Use the following commands to manage the DHCP service from the command-line:

* Net Start Dhcpserver
* Net Stop Dhcpserver
* Net Pause Dhcpserver
* Net Continue Dhcpserver

How to authorize the DHCP server in Active Directory

If the Active Directory directory service is running in your networking environment, you have to authorize the DHCP in Active Directory so that it can provide IP addresses to your DHCP clients. When you authorize the DHCP server, the IP address of the server is added to the Active Directory object that contains the list of authorized DHCP servers.

You would need to manually authorize the DHCP server in Active Directory under the following circumstances:

* When the DHCP service is installed on a stand-alone server
* When the DHCP service is installed on a member server of an Active Directory domain.

To authorize the DHCP server in Active Directory

1. Click Start, All Programs, Administrative Tools and then click DHCP to open the DHCP console.
2. In the console tree, expand the DHCP server node.
3. Click the DHCP server that you want to authorize.
4. Click the Action menu, and then select Authorize.
5. After waiting for approximately 45 minutes for the authorization to occur, right-click the DHCP server, and verify that Unauthorize is displayed on the shortcut menu.

The various administration tasks for configuring DHCP scopes

The various functions associated with configuring and managing DHCP scopes are summarized below:

* Creating new scopes for your DHCP servers: You would need the following information when you create a new scope:
o The IP address range for the scope: The start and end IP addresses that defines the address range for the new scope.
o The IP addresses that should be excluded from the IP address pool.
o The IP addresses that should be reserved.
o The configuration parameters which you want to set for the DHCP options.
* Configuring properties for a scope
* Configuring scope options
* Configuring reservations
* Configuring exclusions
* Creating a new superscope
* Creating a multicast scope

How to create a new scope

1. Click Start, All Programs, Administrative Tools and then click DHCP to open the DHCP console.
2. In the console tree, expand the DHCP server node.
3. Select the DHCP server.
4. Click the Action menu, and then select New Scope.
5. The New Scope Wizard starts.
6. Click Next on the initial page of the New Scope Wizard.
7. On the Scope Name page, enter a name for the new scope in the Name text box.
8. Enter a description in the Description text box. Click Next.
9. On the IP Address Range page, enter the start IP address and end IP address that defines the range of new scope in the Start IP Address text box, and End IP Address text box respectively.
10. Enter the subnet mask in the Subnet Mask text box.
11. Select the value in the Length spin box. The subnet length mask is automatically defined as 24. Click Next.
12. On the Add Exclusions page, using the Start IP Address and End IP Address text boxes, define any exclusions. Click Add. Click Next.
13. On the Lease Duration page, you can change the default lease duration of 8 days. Use the Days, Hours and Minutes boxes to define the lease duration. Click Next.
14. On Configure DHCP Options page, click the Yes, I Want To Configure These Options Now option and then click Next.
15. On the Router (Default Gateway) page, enter the IP address of the default gateway (router) that connects the subnet to the network. Click Add. Click Next.
16. On the Domain Name And DNS Servers page, enter the default parent domain name that clients will be using to locate network hosts, in the Parent Domain box.
17. Enter the name of the DNS server that you want clients to use for name to IP address resolution in the lower portion of the Domain Name And DNS Servers page. Click Add ad then click Next.
18. On the WINS Server page, if applicable, enter the IP address of the WINS server. Click Add and then click Next.
19. On the Activate Scope page, click the Yes, I want to activate this scope now option. Click Next.
20. On the Completing The New Scope Wizard page, click Next.

How to change existing scope properties

To change existing scope properties, use the General tab of the Scope Properties dialog box. The scope properties that can be changed are:

* Scope Name text box: Enables you to change the name of the scope.
* Start IP Address and End IP Address text boxes: Enables you to change the range of the existing scope.
* Subnet Mask text box: This is automatically populated, based on the IP address range that is specified.
* Lease Duration For DHCP Clients area of the General tab: Use the Days, Hours and Minutes boxes to change the existing lease duration for IP addresses of this scope.

How to configure DHCP options

DHCP options are settings which you define the DHCP server to distribute to your DHCP clients when it assigns IP addresses to clients. The DHCP options are client specific. If a DHCP client does not support a particular option, the option is ignored for the particular client.

The common DHCP options which you can define in the DHCP console are:

* Router (003): Indicates the default gateway router.
* DNS Servers (006): Indicates the DNS servers
* DNS Domain Name (015): Indicates the parent DNS domain name for the DNS locater service.
* ARP Cache Timeout (035): Indicates the timeout for the ARP cache entries
* WINS Servers (044): Indicates the WINS servers.
* WINS Node Type (046): Indicates the NetBIOS.
* Classless Static Routes (249): Indicates the destination, router and mask for static routes.

There are four different types of DHCP options. The DHCP options are applied in a particular sequence, with any previously applied option being overwritten by any conflicting later applied option.

The DHCP options and the order in which they are applied are listed below:

1. Server options: These options apply to each scope configured on the DHCP server, and also apply to all clients that obtain an IP address from the particular DHCP server. Server options are always applied first.
2. Scope options: These options are applied at the scope level, and after the Server options are applied. Scope options are applicable to a particular scope only.
3. User and Vendor Class options: You can use User classes to assign options to clients that have the same requirements. Vendor classes can be used to assign vendor specific options to clients that have the same vendor.
4. Reserved options. Reservations work differently from the above mentioned options. Each reservation has to be manually configured by an administrator.

To configure User Class options,

1. Open the DHCP console.
2. Right-click the DHCP server you want to work with, and select Define User Classes from the shortcut menu.
3. When the DHCP User Classes dialog box opens, click the Add button to create a new class.
4. The New Class dialog box opens.
5. In the Display name field, enter the name for the new class.
6. In the Description field, enter a description for new class.
7. In the ID field, enter the class ID.
8. Click OK to create the new user class.
9. The newly created class should be displayed in the DHCP User Classes dialog box.
10. Click Close to close the DHCP User Classes dialog box, and to return to the DHCP console.
11. If you want to configure the class options at the server level, right-click the Server Options node in the console tree and select Configure Options from the shortcut menu.
12. If you want to configure the class options at the scope level, right-click the Scope Options node and select Configure Options from the shortcut menu.
13. Click the Advanced tab, and choose the class which you just created from the User Class drop-down list.
14. Set the options which you want specified for the class.
15. Click OK.

How to configure DHCP reservations

1. Open the DHCP console
2. Expand the DHCP server node in the console tree, and then expand the Scope node.
3. Right-click Reservations node, and select New Reservation from the shortcut menu.
4. When the New Reservation dialog box opens, enter the following information in the fields provided in the dialog box:
* Reservation Name: Enter a name for the new reservation that uniquely identifies the particular client that is being reserved.
* IP Address: Enter the reserved IP address in this text box
* MAC Address: Enter the MAC address of the NIC of the client.
* Description: Enter a useful description (optional).
* The options which can be selected under the Supported Types area of the New Reservation dialog box are:
o Both
o DHCP Only
o BOOTP Only
5. Click OK.
How to configure BOOTP table entries

The DHCP service in Windows Server 2003 includes support for BOOTP clients. Before you can configure BOOTP client support, you first have to allow the BOOTP table folder to be viewed in the DHCP console. To do this,
1. Open the DHCP console.
2. Right-click the DHCP server node and select Properties from the shortcut menu.
3. On the General tab, click the Show the BOOTP table folder checkbox.
4. Click OK.
5. Proceed to right-click the BOOTP table folder, and select New Boot Image from the shortcut menu.
6. When the Add BOOTP Entry dialog box opens, enter the following information:
* Boot image file name
* Server path to the boot file image
* IP address or name of the Trivial File Transfer Protocol (TFTP)
7. Click Add to create the new BOOTP table.

To enable dynamic BOOTP client support for a DHCP scope,
1. Open the DHCP console.
2. Expand the DHCP server node and the Scope node in the console tree.
3. Right-click the particular scope and then select Properties from the shortcut menu.
4. Click the Advanced tab.
5. In the Assign IP Addresses Dynamically To Clients Of area, select Both, or select BOOTP only.
6. In the Lease Duration For BOOTP Clients area, change the lease duration if required.
7. Click OK.

The available vendor extensions that a Windows Server 2003 DHCP server can offer a BOOTP client are listed below:
* BOOTP code 1; Subnet Mask
* BOOTP code 3; Router
* BOOTP code 4; Time Server
* BOOTP code 5; Name Server
* BOOTP code 9; LPR Server
* BOOTP code 12; Computer Name
* BOOTP code 15; Domain Name
* BOOTP code 17; Root Path
* BOOTP code 42; NTP Servers
* BOOTP code 44; WINS Server
* BOOTP code 45; NetBIOS over TCP/IP Datagram Distribution Server
* BOOTP code 46; NetBIOS over TCP/IP Node Type
* BOOTP code 47; NetBIOS over TCP/IP Scope
* BOOTP code 48; Window System Font Server
* BOOTP code 49; Window System Display Manager
* BOOTP code 69; SMTP Server
* BOOTP code 70; POP3 Server
How to create a DHCP superscope
1. Open the DHCP console
2. Right-click the DHCP server in the console tree, and select New Superscope from the shortcut menu.
3. The New Superscope Wizard starts.
4. On the initial page of the New Superscope Wizard, click Next.
5. On the Superscope Name page, provide a name for the new superscope. Click Next.
6. On the Select Scopes page, select one or numerous scopes that you want to be part of the new superscope. Click Next.
7. On the Completing the New Superscope Wizard page, click Finish to create the new superscope.
8. Verify that the newly created DHCP superscope is displayed in the DHCP console.

To activate a superscope
1. Open the DHCP console.
2. Right-click the superscope that you want to activate, and select Activate from the shortcut menu.
How to delete a superscope
1. Open the DHCP console.
2. Right-click the superscope that you want to delete, and select Delete from the shortcut menu.
3. Only the superscope is deleted. All the scopes that were contained in the deleted superscope remain intact.
How to create a multicast scope
1. Open the DHCP console
2. Right-click the DHCP server in the console tree, and select New Multicast Scope from the shortcut menu.
3. The New Multicast Scope Wizard starts.
4. On the initial page of the New Multicast Scope Wizard, click Next.
5. On the Multicast Name page, provide a name for the new multicast scope. Click Next.
6. On the IP Address Range page, enter the start IP address and the end IP address for the new multicast scope.
7. Specify the Time to Live (TTL), and then click Next.
8. On the Add Exclusions page, enter the IP addresses in the address range which should be excluded. Click Next.
9. On the Lease Duration page, accept or change the default lease duration of 30 days. Click Next.
10. On the Activate Multicast Scope page, click Yes to activate the scope immediately.
11. On the Completing the New Multicast Scope Wizard page, click Finish to create the new multicast scope.
12. Verify that the newly created multicast scope is displayed in the DHCP console.
How to enable DHCP and DNS integration
1. Open the DHCP console.
2. Right-click the DHCP server, and then select Properties from the shortcut menu.
3. When the Server Properties dialog box opens, click the DNS tab.
4. Ensure that the Enable DNS Dynamic Updates According To The Settings Below checkbox is selected
5. Select the Dynamically Update DNS A And PTR Records Only If Requested By The DHCP Clients option.
6. Select the Discard A And PTR Records When Lease Is Deleted checkbox.
7. Click OK.
How to configure clients for dynamic addressing from a DHCP server
1. Click Start, Control Panel, and then click Network Connections.
2. Right-click the network connection you want to work with, and then click Properties from the shortcut menu.
3. If you are working with the local area connection, on the General tab, select Internet Protocol (TCP/IP), and then click the Properties button
4. When the Internet Protocol (TCP/IP) Properties dialog box opens, click the Obtain An IP Address Automatically option.
5. If you want the client to automatically obtain DNS server information from the DHCP server, select the Obtain DNS Server Address Automatically option.
6. Click OK.
How to enable server-end conflict detection
1. Open the DHCP console
2. Right-click the DHCP server in the console tree, and select Properties from the shortcut menu.
3. When the Server Properties dialog box opens, click the Advanced tab.
4. Set the number of times that the DHCP server should run conflict detection prior to it leasing an IP address to a client.
5. Click OK.
How to configure split scopes and clustering for fault tolerance
1. Configure all the necessary scopes for your DHCP servers
2. Configure your exclusions, on the basis that the primary DHCP server will be managing 80 percent of the address pool, and the secondary will be managing 20 percent of the address pool.
3. Configure a superscope that includes all the scopes for the subnet.
4. From the Administrative Tools folder, open the Cluster Administrator management tool.
5. Choose the cluster that will host the DHCP service.
6. From the File menu, click Configure Application.
7. The Configure Application Wizard starts next.
8. Click Next on the initial page of the Configure Application Wizard.
9. Select the Use an Existing Virtual Server option.
10. Select the group, and select the Create A New Virtual Server option.
11. Create a new virtual server through the Wizard.
12. Select the Yes, Create A Cluster Resource For My Application Now option, and then select the DHCP resource type. Click Next.
13. Provide a name and description for the DHCP resource. Click Next.
14. Click Advanced Properties, and then click the Dependencies tab.
15. Click the Modify button.
16. Select the IP address, physical disk, and name for the DHCP server. Click OK.
17. On the Application Resource Name and Description page, click Next.
18. Verify your configuration settings, and then click Finish.
19. Right-click the DHCP resource, and select Bring Online from the shortcut menu.
20. You have to authorize the DHCP server in Active Directory.

DHCP Leasing

An Overview of DHCP

In TCP/IP based networks, a unique IP address must be assigned to each computer. An IP address is a unique numeric identifier that identifies computers on the network. The Dynamic Host Configuration Protocol (DHCP) is a service that can be implemented to automatically assign unique IP addresses to DHCP clients.

DHCP runs at the application layer of the TCP/IP protocol stack to provide the following functions in TCP/IP networks:

Dynamically assign IP addresses to DHCP clients.
Allocate the following TCP/IP configuration information to DHCP clients:

Subnet mask information
Default gateway IP addresses
Domain Name System (DNS) IP addresses
Windows Internet Naming Service (WINS) IP addresses.

RFC 2131 defines the framework for the DHCP protocol. The DHCP protocol stems from the Bootstrap Protocol (BOOTP) protocol. The DHCP server is configured with a predetermined pool of IP addresses, from which it allocates IP addresses to DHCP clients. During the boot process, DHCP clients request IP addresses, and obtain leases for IP addresses from the DHCP server.

When the DHCP client boots up on the network, a negotiation process called the DHCP lease process occurs between the DHCP server and client. The DHCP lease process is also known as the DHCP negotiation process, and is a fairly straightforward process. The remainder of this Article focuses on the DHCP leasing and the DHCP lease process

DHCP Leases

The DHCP lease process is a process that occurs when a computer which is a DHCP client initially boots up on the network, to provide an IP address and any additional TCP/IP configuration parameters to these clients.

The terminology and concepts used when discussing DHCP leasing or the DHCP lease process is summarized below:

DHCP lease: This is the amount of time for which a DHCP client is allowed to make use of a specific IP addresses. The default setting for the DHCP lease is 8 days.
DHCP lease process: The process which occurs when the client initially boots up on the network. The DHCP lease process enables DHCP clients to automatically obtain IP addresses from a DHCP server.
DHCP Discovery Broadcast message: This is a message sent over the network by a client computer that wants to obtain an IP address from a DHCP server.
DHCP Offer message: This is message sent by DHCP servers that serves as a reply to a Discovery Broadcast message.
DHCP Request Broadcast message: This message indicates that the client accepted an IP address offer from the first DHCP server which responded to it. The client broadcasts this particular message so that all the other DHCP servers that offered addresses to the client can withdraw their IP addresses.
DHCP Acknowledge message: This message is sent by the DHCP server to the DHCP client, and is the process whereby which the IP address lease is assigned to the client.
Unlimited lease duration: If you do not want the IP address assigned for a particular client to expire, you assign an unlimited lease duration.
DHCP scopes: A scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP clients. A scope contains specific configuration information for clients that have IP addresses which are within a particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. During the DHCP lease process, the DHCP scopes configured for a DHCP server is used to provide a DHCP client with an IP address.
You can configure different lease duration settings for each DHCP scope.
The lease duration rules which should be implemented when you determine the lease duration time for the scope of each of your subnets are:

Use a shorter lease duration time if you have numerous mobile users, and if you are working in an environment that constantly has configuration changes.
Use a longer lease duration time if the following statements are true:

There are no mobile computers
The environment does not continually experience configuration changes

Increase the default setting of 8 days if the number of IP addresses for each subnet is by far greater than the number of DHCP devices within your environment.
Use a shorter lease duration period if you have a limited number of IP addresses for each subnet, and you are near to meeting limit.

Understanding the DHCP Lease Process

The DHCP lease process is a four-step process that occurs when a DHCP client initially boots up on the network. The DHCP process remains unchanged since its initial introduction with Windows NT 4.0. During the DHCP lease process, negotiation for an IP address occurs between a DHCP server and a client that needs to obtain an IP address.

In a TCP/IP based network, to uniquely identify computers on the network, each computer must have a unique IP address. To communicate on the Internet and private TCP/IP network, all hosts defined on the network must have IP addresses. The 32-bit IP address identifies a particular host on the network. With DHCP, the system assigns IP addresses to clients, which in turn leads to less incorrect configurations of IP addresses. This is mainly due to IP configuration information being entered at one location, and the server distributing this information to clients. Duplicated IP addresses are also prevented.

The DHCP lease process that occurs between the DHCP server and client is a simple process. The negotiation process for an IP address consists of four messages sent between the DHCP server and the DHCP client.

Two messages from the client
Two messages from the DHCP server

When the server assigns IP addresses to DHCP clients, it starts allocating addresses commencing from the bottom of its scope range, and starts moving to the top of its scope range.

All unused addresses have to be used before the DHCP server:

Allocates a previously used IP addresses to a new DHCP client. The DHCP server first assigns IP addresses that have not been used for the longest amount of time prior to assigning other previously used IP addresses.
Allocates an expired IP addresses to a new DHCP client

During the four-step DHCP lease process, the events that occur are defined by the types of DHCP messages which are exchanged between the DHCP server and DHCP client:

DHCPDISCOVER message: This message is used to request an IP address lease from a DHCP server. The message is sent when the client boots up on the network. The message is sent as a broadcast packet over the network, requesting for a DHCP server to respond to it
DHCPOFFER message: This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers.
DHCPREQUEST message: The client sends the initial DHCP server which responded to its request a DHCP Request message. The message basically indicates that the client is requesting the particular IP address for lease. The other DHCP servers who offered addresses withdraw those addresses at this point.
DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client.

The four steps involved in the DHCP lease process is often called DORA:

Discover
Offer
Request
Acknowledge

The Different Types of DHCP Messages

A complete list of all the different types of DHCP messages are:

DHCPDISCOVER message: Used by DHCP clients to request an IP address lease from a DHCP server.
DHCPOFFER message: The DHCP server sends this message in response to a DHCPDISCOVER message.
DHCPREQUEST message: The DHCP client sends this message to one of the DHCP servers that replied to its request to obtain an IP address
DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client, and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client.
DHCPNACK message: This message is sent by the DHCP server to the DHCP client to indicate that the requested IP address is not invalid any more.
DHCPRELEASE message: This is a message which a DHCP client sends to a DHCP server before its specified lease duration limit is reached.
DHCPDECLINE message: This is a message sent by the DHCP client to the DHCP server. A DHCPDECLINE message indicates that the DHCP client is refusing the IP addresses lease offered by the particular DHCP server.
DHCPINFORM messages: This a message used by the DHCP client and the DHCP server for the following purposes:

DHCP server end: This message is used when the DHCP service queries Active Directory to verify that the DHCP server is authorized to offer IP addresses to DHCP clients.
DHCP client end: When the DHCP client has an IP address, the message is used to obtain DHCP options.

STEP 1: The Discover Phase

The discovery process is the initial step in the DHCP lease process.

The discovery stage is initiated when the following events occur:

When a DHCP client boots up for the first time, and starts the TCP/IP stack.
When you move from using a manually assigned IP address to using the DHCP protocol to dynamically assign IP addresses
When a particular IP address is requested, and is unavailable.

A DHCP client starts the DHCP lease process by broadcasting for an IP address. A DHCP client can be configured by selecting the Obtain An IP Address Automatically option in the TCP/IP addressing properties of the particular client.

The main events that occur, and points to remember about the initial step of the DHCP lease process can be summarized as follows:

A DHCP client boots up for the first time and starts the TCP/IP stack
The client broadcasts a DHCPDISCOVER message over the network, requesting an IP addresses from a DHCP server.
The DHCPDISCOVER message is sent on UDP port 68 and destination port 67.
Because the client has no IP address at this stage, and does not know the IP address of the DHCP servers running in the network, the discover message uses the following standard address information:

Address of client: 0.0.0.0
Broadcast destination address: 255.255.255.255

The discover message also contains the following information:
- Media Access Control (MAC) address of the requesting NIC
- NetBIOS name of the client.
The DHCP servers that responds to the discover message use the MAC address and NetBIOS name to identify the client computer, so that it can forward the correct client computer the DHCP offer message.
After the client sends the initial discover message, the client waits for 1 second for an IP addresses offer from a DHCP server.
If no offer is received from a DHCP server, the client tries again at intervals of 2, 4, 6, and 16 seconds.
If no reply is received after this, the client automatically assigns its own IP address through Automatic Private IP Addressing (APIPA).
The client continues though to broadcast the discover message at 5 minute intervals until it obtains an IP address from a DHCP server.

STEP 2: The Lease Offer Phase

The DHCP servers listening on the segment of the client that broadcast the discover message, receives the broadcast message of the client. This step in the DHCP lease process occurs when the DHCP servers which have available valid IP addresses, offer the requesting client an IP address in the form of a DHCPOFFER message.

The DHCPOFFER message contains the following information:

IP address of the DHCP server which is offering the IP address.
MAC address of the DHCP server.
The offered IP address
The subnet mask associated with the offered IP address
The lease duration/period.
MAC address of the client.

When a DHCP server offers an IP address to a client, it reserves that particular IP address in its database for the DHCP client. This reservation prevents a DHCP server from offering the same IP address to a different DHCP client. Only when a client refuses an IP address, is the IP address no longer reserved in the database of a DHCP server.

The client accepts the IP address in the DHCP offer message from the first DHCP server which responds to its request. The client basically broadcasts a DHCPREQUEST message to indicate that it has accepted an IP address.

STEP 3: The Lease Selection Phase

The third step in the DHCP lease process occurs when the client selects an IP addresses from the responses which it received from the DHCP servers. The client sends the first DHCP server that offered an IP address, a DHCPREQUEST message. This message indicates that the client accepted the offer from the first DHCP server which responded to it. It also indicates that the client is requesting the particular IP address for lease. The client broadcasts the DHCPREQUEST message so that all other DHCP servers who offered addresses can withdraw those addresses. The DHCPREQUEST message contains the IP address of the DHCP server which it has selected.

STEP 4: The Lease Acknowledgment Phase

When a DHCP server receives the DHCPREQUEST message from a client, it responds to the particular client with a DHCPACK message. At this stage, the DHCP server flags the IP address which it offered to the client as being leased in its database.

The DHCPACK message contains the following information:

IP address to be assigned to the client
Any other TCP/IP configuration information.

It is also possible for a DHCP server to reply to the DHCP client with a DHCPNACK message. This message basically indicates that the DHCP server is withdrawing its previously offered IP address. A DHCPNACK message is sent when the IP address which was previously offered is no longer valid. A DHCPNACK message is usually sent when clients attempt to renew a lease for a previously assigned IP address.

DHCP Lease Renewal

If you do not want the IP address assigned for a particular client to expire, and you have enough IP addresses to assign, you can specify the lease duration as an unlimited lease duration. In instances when the lease duration is not specified as an unlimited lease duration, the lease duration will expire.

A DHCP client sends the DHCP server a new lease request message when the DHCP lease period is half over (at 50 percent), requesting the DHCP server to allow it to continue using the same IP address. This process is called lease renewal. During lease renewal, the DHCP server resets the lease period, and passes the client any configuration option changes that need to be applied. If the DHCP server does not respond to a client's initial lease renewal request, the client continues to use the IP addresses. The DHCP client sends another lease renewal request to the DHCP server when 87.5 percent of the lease period has elapsed. At this stage, if the DHCP server does not respond, any other DHCP server responds to the message.

The lease renewal process is an automatic process. A DHCP client can however manually initiate the lease renewal process. You can at any time, manually initiate the lease renewal process from the DHCP client end. The ipconfig command's /renew and /release switches can be used to request a renewal of a lease, and to release an existing lease duration.

The functions carried out by the switches of the ipconfig command are:

ipconfig /renew: Used to request a lease renewal by the DHCP client. This command is usually used in combination with the ipconfig /release command.
ipconfig /release: Used to release an IP address lease. At this stage, the DHCP server flags the released IP address as being available again. The ipconfig /renew command usually follows the ipconfig /release command.
ipconfig /setclassid classID: This command is used to set a class ID for the DHCP client

backup types

Introduction

”Oh no, the hard disk crashed, all data is gone, what do I do now?” Recognize this? I hope not. Every administrator should have backed up all the data. And to do that we need some kind of software (ok, we can do it manually by using ctrl+c and ctrl+v, but do you want to do that?). The backup utility in Windows Server 2003 is such software. And it’s better then ever now, with things like Open File Backup (files can be accessed by users the same time it’s backed up). The storage medium can be a logical drive, such as your hard disk, a removable drive, or a library with disks or tapes controlled by a robot. Read on and find out what’s new, how you perform backups and how it works.

What is backup?

Before we start with the actually backup we must know what we are doing. This section will give you all the information you need to understand how backup works.

Types of backups

Normal backup
The normal backup is…normal (surprised?). So, what does this mean? It simply means that it copies all the files you have marked to be backed up, and marks the files as having been backed up. You also only need the most recent copy of the backup file (other types of backups requires several files, see below) to restore. This type is usually what you use the first time you backup files.
Incremental backup
The incremental backup backs up only those files that have been created or changed since last incremental or normal backup. It also marks the files as having been backed up. A combination of Normal backups and Incremental backups is common, and also a very good combination. It also requires the least amount if storage space and is fast for backing up the data. The disadvantage of this is that it’s time-consuming to recover files, simply because you need the last normal backup set and all incremental backup sets, which can be stored on several backup drives or tapes.
Differential backup
The differential backup is similar to the incremental backup and only copies files that have been created or changed since the last normal or incremental backup. No, it wasn’t a typo, it doesn’t check if a differential backup has been run. This is because differential backups does not mark files as having been backed up. A combination of differential backups and normal backups is more time-consuming concerning the backup part then the incremental + normal backups are. But on the other hand it is faster to restore data because all you need is the last normal backup and the last differential backup.
Copy backup
A copy backup copies all the files you have selected, but does not mark the files as having been backed up. This backup type is useful when you must backup single files between normal and incremental backups because it does not affect these operations.
Daily backup
The daily backup copies all the files that you have selected that have been modified on the day, without marking the files as having been backed up.

Volume Shadow Copy Technology

This is a new technology in Windows Server 2003 that did not exist in Windows 2000 Server. This technology is used to create a copy of the original volume at the time a backup is initiated. Data is then backed up from the shadow copy instead of the original volume. By doing this, all activity such as file changes, will not affect the backup, because it is using the shadow copy instead, which is not changed. So with this new feature users can access files during a backup, files are not skipped because they were in use, files open appears to be closed.

You should use Volume Shadow Copy, but you can disable it. The only time when you want to disable it is when you don’t have enough free disk space. As you can imagine you need as much extra disk space as the file you will backup uses. This consumption of disk space is however temporarily and will be free when the backup is completed.

If sufficient temporary disk space is not available Windows Server 2003 cannot complete shadow copy and the backup will skip open files.

To use this feature you must use NTFS as file system.

Volume Shadow Copy does not mean that you from now on can backup when the server usage is high. You should always backup when it’s low, for example at nights and weekends.

[Volume Shadow Copy can be used for several other things. In this text I’m covering the backup part of Volume Shadow Copy.]

Permissions

Not everyone can backup files and folders and you must have certain permission to do this. To be able to backup any file and folder on a local computer you must be an administrator or a backup operator in a local group on that computer. Likewise, to be able to backup any computer in a domain you must be administrator or backup operator on the domain or a domain with which they have a two-way trust relationship.

You can however always backup files and folders for which you have ownership of or one or more of the following permissions for the file and/or folder: Read, Read and execute, Modify, Full Control.

You can also be limited in the backup because of disk-quota restrictions that may restrict your access to the hard disk. To check this, right click the disk you want to save the data to and click Properties. Then click the Quota tab.

Good practice is to limit access to a backup file so only administrators and the owner (the one who created the backup file) is able to restore files and folders. This is available as an option during the backup wizard.

System state data

You can choose to do a System State backup, and this is very important if you want to be able to get a functional system in the event of a crash. This table shows which components that are backed up on a System State backup.

Component	Included in System State Backup
Boot files and system files	Yes
Registry	Yes
COM+	Yes
System files under Windows File Protection	Yes
Active Directory, directory service	If it’s a domain
SYSVOL directory	If it’s a domain controller
IIS Metadirectory	If it’s installed
Certificate Services database	If it’s a Certificate Services server
Cluster Service information	If it’s within a cluster

You don’t have to know which of these components to backup. The Backup Utility included in Windows Server 2003 will choose this when you perform a System State backup. Likewise you cannot choose which components to restore; all the System State data will be restored. This is due to dependencies among the components. You can however restore the System State data to an alternative location. This does not mean that you can restore it to another computer and think it will work as the one you backed up. Not all data is restored when you restore to an alternative location. Only the components System boot files, registry files, SYSVOL directory files and Cluster database information files will be restored.

Restore system state data

If you are running in a non-domain environment all you have to do is follow the restore wizard (more about this later). But if you have to restore a Domain Controller it is not that simple. There are three different restore methods:

Primary restore
Normal restore
Authoritative restore

Depending on what you have to restore, if it must be restored to other Domain Controllers, or if you have more then one Domain Controller you use different methods.

Primary restore
This is the type you should use when all Domain Controllers are lost and you are building up the domain from backup. But you should only use this when restoring the first replica set (SYSVOL and File Replication Service is example of replicated data sets). This is also the type you use when restoring a standalone Domain Controller.
Normal restore
When doing a normal restore, Backup is working in nonauthoritative mode. That means that any data (including Active Directory objects) will have their original sequence number. This is the number AD replication uses to detect if there are any new objects to replicate to other servers. So when you use Normal restore any data will appear as old and will therefore not replicate to other servers. If newer data is available, it will of course replicate to the restored server. This method is used when restoring all but the first replica set and when restoring a single domain controller in a replicated environment.
Authoritative restore
This is the third method. To perform an authoritative restore you have to run a utility called Ntdsutil. This must be run after you have restored the System State data, but before you restart the server. When you perform this kind of restore the sequence number of Active Directory objects are changed so that it has a higher number. This will ensure that any data you restore will be replicated (because Active Directory replication thinks it’s new). This is a little bit difficult to understand, but if you compare this to Normal restore, Normal restore will always mark objects as old, and authoritative restore will always mark objects as new. So simply said, use Authoritative restore when you have changed something and the change has been replicated to all other servers and you want to undo the change.

Remember: You must start a Domain Controller in Directory Services Restore Mode (press F8 during startup) to be able to restore System State data on a Domain Controller.

Backup data

We will use this backup scheme to create our backups.

Day	Type of backup
Friday night	Full backup (normal)
Saturday night	Incremental, files and folders only
Sunday night	Incremental, files and folders only
Monday night	Incremental, files and folders only
Tuesday night	Incremental, files and folders only
Wednesday night	Incremental, files and folders only
Thursday night	Incremental, files and folders only

Designing a good backup scheme is not always as simple as you might think. Questions like, what should I backup and when should I back it up occurs. The answer to these questions varies for every network and every server. Say that you will back up a Domain Controller and you add objects to Active Directory all the time. Then the above scheme would not be recommended. You’ll have to backup System State data at least one more time during the week (if not every day). The above scheme does likewise not have to apply web servers. You’ll have to find out when the load is as low as possible on the web server and use this information to find out what kind of backup scheme you want to use. Here are some general rules:

Backup when the load is as low as possible
If System State data is changed frequently, back it up more often
If files and folders are changed often, perform Full Backup more often
You will most likely have to perform backups beside this scheme. When doing this, if it is possible, do not use Full Backup or Incremental Backup because it can disturb the normal backup scheme (files are marked as already backed up). Sooner or later you won’t know where files are and it can be very time-consuming to restore.
Consider what you think is most important, a fast backup or to be able to restore fast, you cannot have both these features.

Click Start->Run and type ntbackup
Click the Advanced Mode link
Click Backup Wizard (Advanced)
Click Next
Make sure Back up everything on this computer is selected and click Next

We will backup to a file, you can place it wherever you want, just make sure you name it Friday and click Next

Click Advanced
Make sure Normal is selected as type of backup and click Next

Check the box Verify data after backup and click Next (You will most likely have errors when the backup is completed and verified. This is because System State data is changed all the time. If there are too many errors, there might be problems with the file you are using to back up data.)
Click Replace the existing backups and click Next

Click Later and in the Job Name box type Friday Nights, click Set Schedule
In Schedule Task select Weekly and as Start time 11:00 PM (or whenever you want the backup to be scheduled). Make sure it’s set to run every 1 week and on Fridays. Click OK

You will be prompted to run the task as a user. Use a user with privileges to backup data.
Click Next
Click Finish

The Backup Wizard should close and you should be back in the Backup Utility. You can now verify that the backup is scheduled by clicking on the Schedule Jobs tab.

In case you want to edit the backup you can do it from here. Just click the backup symbol on the day you want to edit.

Click the Welcome tab and start the Backup Wizard again.
Click Next
Select Backup selected files, drives or network data and click Next
Expand My Computer in the left pane and select all drives (in my case C: and D:) and click Next

Name it Monday and click Next
Click Advanced
Select Incremental as type of backup and click Next
Check the box Verify data after backup and click Next
Click Replace the existing backups and click Next
Click Later and in the Job Name box type Monday Nights, click Set Schedule
In Scheduled Task select Weekly and as Start time 11:00 PM (or whenever you want the backup to be scheduled). Make sure it’s set to run every 1 week and on Mondays.
Click Advanced and set the Start Date the same day as when the full backup will run. In my case that is January 03, 2003, so that is the start date I choose. Click OK, click OK
You will be prompted to run the task as a user. Use a user with privileges to backup data.
Click Next
Click Finish

Use the steps above to create incremental backups for the other five days of week. Of course all this can be done by writing a script, but I’ll leave that for now. And again, this is only a suggestion for a backup strategy. A backup strategy varies from company to company and it is not something you develop in one hour. You must analyze and find out what fits your company best. Also remember that if you followed the steps above, you will only save the backup files for a week. This is probably not what you want, and you have to schedule a script to move the files every week.

Where are the log files?

Of course you should read the log files so you are sure that the backup was successful. You do this be looking in Event Viewer for error messages, and you can also read a complete report by clicking Report on the Tools menu. If you want to log more or less, take a look in the Options on the Tools menu, and click on the Backup Log tab.

Restore data

It’s Wednesday, and you discover that an important file is corrupt. The question is, how do I restore the file from a backup? Well, it’s quite simple. The first thing we have to do is locate where the file are. If we know where on the disk it’s supposed to be, we can start from the latest incremental backup (Tuesday) and try to find it. If it’s not there, it means that the file was not altered, and we have to try the next file (Monday). On the other hand if we do not know where the file is, we have to restore the full backup file (Friday), find the file, and then find out if there is a newer version.

If the Backup Utility is not open, open it and click on the Advanced Mode link.
Click Restore Wizard
Click Next
Expand Tuesday.bkf, find the file you want to restore and check the box in front of the file. In my case it is 0055.txt in D:\sql

Click Next
Click Advanced
Select Single Folder. This is because I am only restoring one file, and I don’t want to restore it to the original location. If I choose Alternate Location it will keep the folder structure (in my case it will create the folder sql). Usually you will use Alternate Location when restoring files.

In Folder Name type where you want to restore the file (in my case c:\restore) and click Next
Select Leave existing files and click Next
Make sure Restore security settings and Preserve existing volume mount points are selected and click Next
Click Finish

That’s it! The file is restored.

You use the same process to restore System State data. Just remember that if you are restoring the System State data on a Domain Controller you must start the computer in Directory Services Restore Mode, which you access be pressing F8 when the computer is starting. And if you want to perform an Authoritative restore, remember to run ntdsutil before restarting the computer. More info about the ntdsutil can be found by typing ntdsutil /? in a command prompt.

Use the Restore and Manage Media tab

This is the tab where you format tapes, mark a tape as free, delete catalogs etc. And everything is very simple to do, just right click the object you want to do something with, and choose what you want to do.

Advanced Options

There are a lot of other options you can set to get the Backup Utility to work as you want. You access this from the Tools menu and then click Options. I will not write about everything here, instead I recommend you take a look there and if there is some option you do not understand, use the ? in the upper right to get more info about it.

Recovery Console

When nothing else works, Recovery Console saves you. You can use Recovery Console when you cannot boot into safe mode to read and write data (including NTFS) on local drives, enable and disable services, and many other things.

You can start the Recovery Console in two ways:

Boot the Windows Server 2003 CD and start the setup. When the text-based setup begins follow the prompts and choose recover by pressing R
Select Recovery Console from the list of available Operating Systems. To do this you must run a x86-based computer and install Recovery Console.

When you have started the Recovery Console, you will have to choose which Operating System to recover (if you are multi-booting). After that you will be prompted for the password for the administrator account. When you are logged on you will get a console from which you perform all tasks. This console is very similar to the command prompt in Windows Server 2003. The only command you have to remember is help. By writing that you will get a list of available commands to use. If you don’t know how to use a command, write the command name followed by /? . To exit the Recovery Console, write exit.

Install Recovery Console

You can only install the Recovery Console on a x86-based computer.

Click Start and then Run
Type (where x is the CD-ROM drive letter) x:\i386\winnt32.exe /cmdcons
Follow the wizard

Remove Recovery Console

Open My Computer and double click the hard drive on which you installed the Recovery Console
Click on Tools->Folder Options
Click on the View tab, check Show hidden files and folders and clear the Hide protected operating system files check box
At the root directory delete the folder Cmdcons and the file Cmldr
Right click My Computer and click Properties
Click on the Advanced tab and under Startup and Recovery click the Settings button
In System startup click the Edit button. This will display boot.ini in Notepad
Remove the entry for Recovery Console, it will look like: C:\cmdcons\bootsect.dat=”Microsoft Windows Recovery Console” /cmdcons
Save the file

Remember that the boot.ini is a very important file, and if you modify this incorrectly you can cause the computer to not boot up.

Automated System Recovery

Do you remember Emergency Repair Disk (ERD)? Forget about it. Well, ok, not yet, you have probably still some Windows 2000 Servers. But ERD is replaced by Automated System Recovery (ASR) in Windows Server 2003. ASR is a last resort and should only be used when options like Safe Mode and Last Known Good Configuration fails. ASR consists of two parts – backup and restore. The backup part can be accessed through the Automated System Recovery Preparation Wizard in the Backup Utility. This wizard backs up the System State data, system services and all disks associated with the operating system components. It also creates a floppy disk that you should store in a safe place. This floppy disk contains for example information about the backup.

When recovering by using ASR it will use the floppy disk to read the disk configuration and restore the disk signatures, volumes and partitions that is required to start your computer. ASR then installs a simple installation of Windows and automatically starts to restore from the backup ASR created in the wizard.

ASR will not backup data files. That should be backed up separately.

Create an ASR set

Start the Backup Utility by clicking Start->Run and type ntbackup
The Backup or Restore Wizard starts by default, we will not use this(though we could) , so click the Advanced mode link
On the Welcome tab, click Automated System Recovery Wizard
The wizard is pretty self-explained so follow it

Recover using ASR

Boot from the Windows Server 2003 CD and start the installation.
If you have a mass storage controller and must install drivers for it, do that by pressing F6 when prompted
Press F2 when prompted. You will be prompted to insert the ASR floppy, do that.
Follow the wizard
You will reboot and if you pressed F6 previously, do that again when prompted
Follow the wizard

CCNA 640-802 khanusah

Blog Archive

About Me

Sunday, November 16, 2008

DHCP Relay Agents

DHCP and Remote Access

Understanding DHCP

Configuring DHCP

DHCP Leasing

An Overview of DHCP

DHCP Leases

Understanding the DHCP Lease Process

The Different Types of DHCP Messages

STEP 1: The Discover Phase

STEP 2: The Lease Offer Phase

STEP 3: The Lease Selection Phase

STEP 4: The Lease Acknowledgment Phase

DHCP Lease Renewal

backup types