1.4 DHCP

The Dynamic Host Configuration Protocol (DHCP) uses a client/server structure to provide configuration parameters to hosts. DHCP consists of a protocol for providing host-specific configuration parameters from a DHCP server (or collection of DHCP servers) to a host, and a mechanism to allocate network addresses to a host.

NOTE:In this document, the term host refers to a network device that requires an IP address and might have a hostname.

When the DHCP server is loaded, it reads its configuration information from eDirectory and stores the information in its cache. As the DHCP server assigns addresses to clients, it updates eDirectory, adding IP address objects or modifying their eDirectory status information. The DHCP server can be configured to maintain an audit log of this activity. For information about maintaining an audit log of DHCP server activity, see Configuring DHCP Auditing.

The network administrator can view objects to see how addresses have been assigned.

For more information, see:

A Novell DHCP server automatically assigns IP addresses and other configuration information to clients upon request or when the clients are restarted. Automatic assignment of configuration information reduces the amount of work required to configure and manage a large IP network.

In addition, integrating DHCP with eDirectory enables you to enter all configuration information into one distributed database. This greatly simplifies network administration and provides for the replication of DHCP configuration information.

DHCP provides for both static and dynamic configuration of IP clients. Static configuration enables you to assign a specific IP address and configuration to a client with a specific machine or MAC address. When DHCP assigns IP addresses dynamically, IP clients are assigned an IP address that is chosen from a range of available addresses. You can use dynamic address assignments when you are not concerned about which IP address a particular client uses. Each IP client that requests an address assignment can also use the other DHCP configuration parameters.

DHCP can limit the amount of time a DHCP client can use an IP address. This is known as the lease time. You can use the lease time to allow a large number of clients to use a limited number of IP addresses.

DHCP is based on BOOTP and maintains some backward compatibility. Novell DHCP servers can be configured to respond to requests from BOOTP clients.

NOTE:In order to use the Novell DHCP server, the Novell DNS server must be a DNS designated primary server for both the forward and reverse zones.

Novell DNS/DHCP Services provides the following DHCP features:

Novell DNS/DHCP Services supports the features that were previously provided by Novell DHCP server 2.0 and supports the standards of the following RFCs:

Novell DNS/DHCP Services also supports the BOOTP standards of the following RFCs:

For more information, see:

1.4.1 DHCP and BOOTP

DHCP is based on the Bootstrap protocol (BOOTP) and maintains some backward compatibility. BOOTP was designed for manual configuration of the host information in a server database. Novell has extended support for BOOTP to provide Dynamic BOOTP support. A pool of addresses can be set up for BOOTP address assignment so that each BOOTP address does not need to be configured separately.

From the clients’ point of view, DHCP is an extension of BOOTP, enabling existing BOOTP clients to interoperate with DHCP servers without requiring any change to the client initialization software. Some new, additional options optimize DHCP client-server interaction.

There are two primary differences between BOOTP and DHCP. DHCP defines methods through which clients receive IP addresses for a specified period of time, enabling serial reassignment of addresses to different clients. There is no concept of a lease time in BOOTP; address assignments (even in Dynamic BOOTP) are permanent. In addition, DHCP provides a method for a client to acquire all of the IP configuration parameters it requires to operate.

If multiple servers service a single subnet, only the principal server can be designated as an automatic BOOTP server.

Another difference between the two protocols is a change in terminology to clarify the meaning of the Vendor Extension field in BOOTP messages. With DHCP, this field is called the Option field.

Using a BOOTP Relay Agent

A BOOTP relay agent (also known as a forwarder) is an Internet host that passes DHCP messages between DHCP clients and DHCP servers in a subnet environment. The forwarder usually resides on an IP router; however, any Novell server on a subnet can run the bootpfwd.nlm.The DHCP service in Novell DNS/DHCP Services provides relay agent functions as specified in the BOOTP protocol specification (Internet RFC 951).

When a client starts up, it sends a UDP broadcast message, called a Discover packet, to address 0xFFFFFFFF over port 67 requesting an address.

The forwarder has an IP address on the network and acts like a DHCP server, listening for Discover packets from clients on its LAN that are meant for a DHCP server. The forwarder must be configured with the destination address of the actual DHCP server on a different LAN segment that will provide DHCP service.

The DHCP server must be configured to serve the subnet on which the forwarder is located. The DHCP server must have a subnet address range to provide service.

After receiving a Discover packet from a client, the forwarder reformats the packet and sends it to the DHCP server. The DHCP server responds to the forwarder with an Offer packet containing an address for the client.

When the forwarder receives the Offer packet from the DHCP server, the forwarder contacts the client and provides the IP address and lease information.

NOTE:The BOOTP protocol, unlike DHCP, does not provide a mechanism for a client to accept only a single offer of an IP address; therefore, the iManager utility and the Management Console allow only the server that is specified as the default server in a Subnet object to be assigned to any address ranges that include BOOTP addresses. If you want to assign other servers to the address ranges, you should change the address range type so that it doesn’t include BOOTP. If the range type includes BOOTP, you will not be allowed to change the DHCP server assigned to the range.

1.4.2 IP Address Allocation

Allocation of IP addresses, either temporary or permanent, is one of the two primary services provided by DHCP. The client requests an IP address, and the DHCP server (or collection of DHCP servers) provides an address and guarantees not to give that address to another client within a specified time. Additionally, the server tries to return the same address to the client each time the client requests an address. The period of time over which an IP address is allocated to a client is called a lease.

DHCP supports three methods of IP address allocation:

A network can use one or more of these methods. The network administrator decides which methods to use.

Dynamic BOOTP Allocation

Dynamic BOOTP enables a DHCP server to assign permanent addresses to BOOTP clients from a pool of addresses. No manual configuration of the client is required prior to address allocation.

Dynamic DHCP Allocation

Dynamic DHCP allocation is the only method enabling automatic reuse of addresses no longer required by a client. Dynamic DHCP allocation is useful for assigning an address to a client that will be connected temporarily to the network or for sharing a limited number of IP addresses among a group of clients that do not require permanently assigned IP addresses.

Dynamic DHCP allocation is also useful for assigning an IP address to a new client installed on a network on which IP addresses are scarce and must be reclaimed when older hosts are removed. An additional benefit to dynamic DHCP allocation is that when a client’s lease is renewed, the DHCP server refreshes the client’s configuration.

Manual Allocation

Manual or static allocation is used to assign addresses to DHCP or BOOTP clients. A specific IP address is assigned to the client based on an identifier such as the client’s hardware or MAC address.

Manual allocation of DHCP eliminates the error-prone method of manually configuring hosts with IP addresses in networks for which IP address management without DHCP is desired. Manual allocation can be permanent or can be set to expire at a future time. When you manually allocate addresses, you can also create corresponding DNS Resource Records, thereby eliminating another error-prone activity.

Lease Options

A client acquires a lease for a fixed period of time. The length of the lease can be a number of hours or days, or it can be for an indefinite period.

After a lease for an IP address has been granted, a client can issue a request to extend its lease. The client can also issue a message to the server to release the address back to the server when the address is no longer required.

If a network has a limited number of IP addresses and must reassign them, the DHCP server reassigns an address when the lease has expired. The server uses configuration information to choose addresses to reuse. For example, the server might choose the least recently assigned address for reassignment. After receiving an address assignment, the host determines whether the address is in use by another host before accepting the address.

IMPORTANT:Address duplication sometimes occurs with Windows 95 clients. If a Windows 95 client receives a response indicating that the assigned address is in use by another device, a message indicates the IP address conflict. However, the client does not send a DHCPDECLINE message as required by RFC 1534, section 4.4.1.

To minimize the chance of address duplication, the DHCP server can be configured to ping an address to test its validity before assigning it to a host. If the server receives a response from another device (indicating ownership of the address), the current address assignment is withdrawn so that another address can be assigned to the host.

1.4.3 Virtual LAN Environments

In environments using a virtual LAN (VLAN), multiple subnets might be defined on one physical subnet segment. For example, one physical subnet segment might contain several Class C addresses to form a larger address range than allowed for a Class C address. To accommodate a VLAN environment, a Subnet Pool object must be configured on the DHCP server to bind the multiple subnets together.

If a forwarder forwards client requests from a physical subnet segment with multiple subnet bindings and these subnets are bound to a single subnet pool, the collection of addresses available in configured subnet address ranges is available to all clients (DHCP or BOOTP) on that physical subnet. This is the primary use of the subnet pool.

Clients that are on the same subnet as the DHCP server do not need to be configured for the subnet pool if the server is bound to all local subnet addresses, or if the server has an address on each local subnet.

1.4.4 DHCP Auditing

Auditing can be used to perform an analysis of historical data and to help diagnose operational difficulties. Auditing uses a Btrieve database to store and manage data providing meaningful trend analysis.

When auditing is enabled, every incidence of address deletion, addition, and rejection is recorded in the audit log. The beginning and end of each session is marked to aid in reviewing the audit log. The beginning session contains records defining the session in terms of addresses already assigned.

Other major events or alert situations that cause SNMP traps are also audited. Other incoming DHCP requests are also logged, including honored renewal requests and those rejected or dropped.

1.4.5 DHCP Options

Novell DNS/DHCP Services supports vendor options, DHCP options, and BOOTP parameters as defined in Internet RFC 2132 with a few exceptions. A table listing the option codes and names is found in Section A.3, DHCP Option Descriptions.

Novell DNS/DHCP Services also supports new options defined for NetWare over TCP/IP and existing NetWare/IP options.

DHCP Options for eDirectory

Novell has defined three DHCP options for eDirectory. These options eliminate the need to provide this information each time users log in.

Option 85 provides the IP address of one or more eDirectory servers for the client to contact for access to the eDirectory database. Option 86 provides the name of the eDirectory tree the client will be contacting. Option 87 provides the eDirectory context the client should use.

For detailed information about using these options in NetWare 6.5, refer to Internet RFC 2241, DHCP Options for Novell Directory Services.

NetWare/IP Options

Novell uses option codes 62 and 63 in the DHCP packet for NetWare/IP. Option 62 contains the NetWare/IP domain name.

Option 63, the IPX Compatibility option, contains general configuration information such as the primary DSS, the preferred DSS, and the nearest servers. Option 63 also provides additional information in the form of suboptions, listed in the table below:

Table 1-3 Suboption Codes and Meaning

Suboption Codes

Meaning

5

If the value of this field is 1, the client should perform a NetWare Nearest Server Query to find out its nearest NetWare/IP server.

6

Provides a list of up to five addresses of NetWare Domain SAP/RIP servers.

7

Provides a list of up to five addresses of the nearest NetWare/IP servers.

8

Indicates the number of times a NetWare/IP client should attempt to communicate with a given DSS server at startup.

9

Indicates the amount of delay in seconds between each NetWare/IP client attempt to communicate with a given DSS server at start-up.

10

If the value is 1, the NetWare/IP client should support NetWare/IP Version 1.1 compatibility.

11

Identifies the Primary Domain SAP/RIP Service server (DSS) for this NetWare/IP domain.

12

Identifies the network number of the virtual IPX™ network created by the IPX Compatibility feature.

13

The IPX Stale Time suboption specifies the minimum interval in minutes that must expire before hosts try to refresh their Migration Agent addressing information.

14

Specifies the addresses of one or more Migration Agent servers for the IP nodes to use to communicate with IPX Nodes.

Refer to Internet RFC 2242 and NetWare/IP Domain Name and Information for detailed information about using these NetWare/IP options.

1.4.6 eDirectory Objects for DHCP

The following new eDirectory objects support DHCP:

Figure 1-13 shows a basic configuration of the DHCP objects. This structure might be used for a small to medium-size network.

Figure 1-13 eDirectory Objects for DHCP

DHCP Server Object

The DHCP server object (or service object) is created by extending the NetWare Core Protocol (NCP) server object. During the server object creation, the DHCP server reference is set in the NCP server.

The DHCP server object represents the DHCP server and contains a multivalued attribute listing the subnet ranges the DHCP server is servicing. The DHCP server also contains all server-specific configuration and policy information. A DHCP server object can be contained in an Organization (O), Organizational Unit (OU), Country (C), or Locality (L).

Address Range Object

The Address Range object is primarily used to denote a range of addresses to create a pool of addresses for dynamic address assignment or to identify a range of addresses to be excluded from address assignment. Optionally, the Address Range object stores the start of a hostname that can be assigned to clients when addresses are assigned.

You can use multiple Address Range objects under a Subnet object. You can also specify different range types, such as a range for dynamic address assignment, a range for BOOTP clients, or a range to be excluded from the subnet.

Subnet Pool Object

The Subnet Pool object provides support for multiple subnets through a DHCP or BOOTP forwarder by identifying a pool of subnets for remote LAN address assignments. A Subnet Pool object can be contained in an Organization (O), Organizational Unit (OU), Country (C), or Locality (L).

DHCP servers are not required to be on the local subnet to which they assign addresses. If you want, they can be deployed centrally to service remote subnets. However, the initial DHCP/BOOTP discover requests are not sent to a DHCP server unless a DHCP/BOOTP forwarder that is on the same computer as the client has been configured to forward the addresses.

The Subnet Pool object contains a list of subnet object references and comments.

Subnet Object

The Subnet object represents a subnet and is the most fundamental DHCP object. The Subnet object can be contained in an Organization (O), an Organizational Unit (OU), a Country (C), or a Locality (L). The Subnet object acts as a container object for the IP Address and Address Range objects. A Subnet object’s specific DHCP options and configuration parameters apply to the entire subnet and override the global options.

Using the Subnet Object to Manage IP Addresses

The Lease Time attribute of the Subnet object enables a dynamic DHCP client to specify a lease time for the entire subnet. Lease expiration time can be modified for each manual IP address allocation.

An IP address can be returned to a DHCP server for one of the following reasons:

  • The address is explicitly released by a DHCP client.

  • The address is implicitly released because the lease has expired.

  • An assigned lease is canceled.

If a DHCP client requests an IP address on the same subnet again before the previously assigned address expires, the same address is provided. If the IP address assignment is for a different subnet but the client already has a valid IP address entry in the DHCP server database, three possible actions can occur, depending on the IP Address Assignment Policy attribute of the DHCP server. The three actions are listed in the table below.

Table 1-4 IP Assignment Policy and the appropriate DHCP Server Action

IP Assignment Policy

DHCP Server Action

Delete Duplicate

If the client moves to another subnet supported by the same DHCP server, delete any previous IP address assigned to the client, release the original address back to the pool, and assign a new address.

Allow Duplicate

If the client moves to another subnet, assign the new address and leave the old address unchanged in the database.

No Duplicate

If the client moves to another subnet and the old address is still valid, do not assign a new address.

The address deletion might delete a permanent IP object that is dynamically or manually assigned. Therefore, a client with a Delete Duplicate policy can have a walking manual IP object, but it cannot walk out of the service scope of a single DHCP server. In order for a DHCP server to assign an address to a walking manual IP object, the address assignment must be from a DHCP server’s reserved Subnet Address Range with the Range Type set to Dynamic DHCP, Dynamic BOOTP and DHCP, or Dynamic DHCP with Automatic Hostname Generation.

The dhcpsrvr.nlm software supports local address assignments that obtain IP addresses from multiple local subnets. For example, a DHCP server might have multiple IP addresses bound to one of its network interface cards. Each address is a server address on a separate subnet. No special configuration of the eDirectory database is required.

The dhcpsrvr.nlm software also supports remote address assignments that obtain IP addresses from multiple remote subnets. This feature requires all such subnets to be identified with a Subnet Pool object.

IP Address Object

The IP Address object represents a single IP address. The IP Address object must include an address number and an assignment type. The address can be assigned manually, automatically, or dynamically, or it can be excluded from DHCP address assignment.

You can configure IP Address objects that are manually assigned or excluded from assignment. For dynamically or automatically assigned client addresses, DHCP creates an IP Address object under the subnet where the address is assigned.

An IP address can be assigned to a client based on the client’s MAC address. These IP Address objects can also receive specific DHCP options.

When configuring an individual IP Address object, you can provide specific options that override global options or those set at the subnet level. When you create or modify an IP Address object manually, you can also create the necessary DNS resource records.