Introduction
Dynamic Host Configuration Protocol DHCP (Dynamic Host Configuration Protocol) is a standard protocol defined by RFC 1541 (replaced by RFC 2131), which allows servers to dynamically assign IP addresses and configuration information to clients.
Use UDP protocol, C/S mode.
The dhcp server uses 67/UDP, and the dhcp client uses 68/UDP.
IP allocation method
- Fixedly assign an IP address to a client
- Randomly and permanently assign addresses to clients
- Randomly assign addresses to clients for a period of time ( commonly used )
The effective use period of the address is called the lease period. Before the lease expires, the client must request the server to continue the lease. The server can continue to use after accepting the request, otherwise it will be unconditionally given up
Twenty-eight principles
To avoid the downtime of a single DHCP server, the client will not be able to obtain an IP address. Usually there are multiple DHCP servers; however, there is no supervision mechanism between DHCP servers, and there is no guarantee that there will be no conflicts in the assigned addresses. Two DHCP servers can be used.
If there are 200 hosts on the host A side and 200 hosts on the host B side, the DHCP servers divide the dynamic IP ranges controlled according to the 28th principle, DHCP A: 10.0.0.1~10.0.0.160 and 192.168.0.161~192.168.0.200, DHCP B: 10.0.0.161~10.0.0.200 and 192.168.0.1~192.168.0.160; Host A obtains the IP of network segment 10, if DHCP A fails, it can obtain the IP of network segment 10 in DHCP B through the DHCP relay; host B in the same way
DHCP relay
By default, routers isolate broadcast packets and do not send received broadcast packets from one subnet to another. When the DHCP server and the client are not in the same subnet, the router acting as the default gateway of the client sends the broadcast packet to the subnet where the DHCP server is located. This function is called DHCP relay (DHCP Relay).
DHCP working process
The types of packets involved in the working process of DHCP and their functions are as follows:
1. DHCP DISCOVER : The first message for the client to start the DHCP process is a broadcast message requesting an IP address and other configuration parameters.
2. DHCP OFFER : The server's response to the DHCP DISCOVER message is a unicast (or broadcast) message containing a valid IP address and configuration.
3. DHCP REQUEST : The client responds to the DHCP OFFER message, indicating that it accepts the relevant configuration. This message is also sent when the client renews the IP address lease.
4. DHCP DECLINE : When the client finds that the IP address assigned by the server cannot be used (for example, when the IP address conflicts), it will send this message to notify the server to prohibit the use of the IP address.
5. DHCP ACK : The server's confirmation response message to the client's DHCP REQUEST message. After receiving this message, the client actually obtains the IP address and related configuration information.
6. DHCP NAK : The server rejects the client's DHCP REQUEST message. After the client receives this message, it will restart the new DHCP process.
7. DHCP RELEASE : The client actively releases the IP address allocated by the server. After the server receives the message, it recycles the IP address and distributes it to other clients.
8. DHCP INFORM : After the client obtains the IP address, it sends this message to request other network configuration information of the server, such as DNS.
Renew the lease
- When 50% of the lease period has passed, the client sends a unicast DHCP REQUEST message to the server to renew the lease period.
- If the DHCP ACK message from the server is received, the lease period will be extended accordingly, and the lease renewal will be successful. If no DHCP ACK message is received, the client continues to use this IP address. When 87.5% of the lease period has passed, send a broadcast DHCP REQUEST message to the server to renew the lease period.
- If the DHCP ACK message from the server is received, the lease period will be extended accordingly, and the lease renewal will be successful. If no DHCP ACK message is received, the client continues to use this IP address. When the lease expires, the client automatically gives up using this IP address and starts a new DHCP process.
accomplish
package
Server
dhcp-server (in centos8), dhcp (centos7 and before)
| /usr/sbin/dhcpd | dhcp service main program |
| /etc/dhcp/dhcpd.conf | dhcp service configuration file |
| /usr/share/doc/dhcp-server/dhcpd.conf.example | dhcp configuration file template |
| /usr/lib/systemd/system/dhcpd.service | dhcp service service file |
| /var/lib/dhcpd/dhcpd.leases | address assignment records |
client
dhcp-client
| /usr/sbin/dhclient | client program |
| /var/lib/dhclient | IP information obtained automatically |
configuration file
View dhcp configuration file template
[root@wenzi ~]# vim /usr/share/doc/dhcp-server/dhcpd.conf.example
#指定客户端默认的域,局部或全局
option domain-name "example.org";
#指定客户端默认的DNS,局部或全局
option domain-name-servers ns1.example.org, ns2.example.org;
#最小租期时间,单位 秒
default-lease-time 600;
#最长租期时间 单位 秒
max-lease-time 7200;
#通过配置syslog.conf定义日志文件存放何处
log-facility local7;
#在这个子网上不提供服务,但是声明它可以帮助DHCP服务器理解网络拓扑
subnet 10.152.187.0 netmask 255.255.255.0 {
}
#这是一个非常基本的子网声明
subnet 10.254.239.0 netmask 255.255.255.224 {
#客户端获取动态IP的范围,可有多个range,但IP范围不能重叠
range 10.254.239.10 10.254.239.20;
#为客户端指定默认网关
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
#这个声明允许BOOTP(DHCP协议前身)客户端获取动态地址,我们不建议这样做。
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
#针对单独子网配置
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
#广播地址
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
#通过host 任意名 {} 配置
host passacaglia {
#单个客户端主机MAC地址
hardware ethernet 0:0:c0:5d:bd:95;
#获取bootloader启动文件的名称
filename "vmunix.passacaglia";
#去 toccata.example.com 主机获取 vmunix.passacaglia 文件
server-name "toccata.example.com";
}
#通过host 任意名 {} 配置单个客户端主机使得IP和MAC地址绑定,固定IP
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
#固定客户端主机的IP地址
fixed-address fantasia.example.com;
}
#您可以声明一类客户端,然后基于此进行地址分配
#下面的示例显示了某个类中的所有客户端,获取10.17.224/24子网上的地址,所有其它客户端获取10.0.29/24 #子网上的地址的情况。
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
#告知是否为一些子网络分享相同网络
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}