1.4 Novell DHCP Service

A Novell DHCP server automatically assigns IP addresses and other configuration information to clients upon request or when the clients are restarted. Automatic assignment of configuration information reduces the amount of work required to configure and manage a large IP network.

In addition, integrating DHCP with eDirectory enables you to enter all configuration information into one distributed database. This greatly simplifies network administration and provides for the replication of DHCP configuration information.

The Novell DHCP Service provides the following features:

  • All DHCP configuration is managed in eDirectory, facilitating enterprise-wide management.

  • DHCP options can be set at the following levels:

    • Service level

    • Shared Network level

    • Subnet level

    • Pool level

    • Host level

    • Class level

  • You can deny service to unwanted devices by creating Host objects identified with the MAC address of the device and setting deny booting for the host.

  • The DHCP software updates /var/lib/dhcp/db/dhcpd.leases file to record all address assignments to clients.

  • You can use Dynamic DNS (DDNS) to update DNS with information about addresses assigned and rescinded.

  • The DHCP software enables the server to cache addresses and other configuration information from eDirectory for quick response.

  • You can configure the DHCP server to ping an address to verify that no other device is using it before assigning the address to a client.

  • It provides fault tolerance as follows:

    • A server can survive a temporary local eDirectory service outage and recover automatically.

    • DHCP configuration is replicated like other eDirectory data.

  • The DHCP server can work with any DNS server.

  • The Failover Peer protocol support allows two DHCP servers to share a common address pool that ensures continuous availability of the network.

  • The import or export DHCP service is supported to transfer the DHCP service configuration from files in Linux dhcpd.conf format into eDirectory or from eDirectory to a text file in a dhcpd.conf format.

The Novell DHCP service supports the standards of the following RFCs:

  • RFC 2131: Dynamic Host Configuration Protocol

  • RFC 2132: DHCP Options and BOOTP Vendor Extensions

  • RFC 2241: DHCP Options and Novell Directory Services

  • RFC 2242: NetWare/IP Domain Name and Information

Novell DHCP Services also supports the BOOTP standards of the following RFCs:

  • RFC 1497: BOOTP Vendor Information Extensions

  • RFC 1534: Interoperation Between BOOTP and DHCP

  • RFC 1542: Clarifications and Extensions for the Bootstrap Protocol

1.4.1 DHCP Options

The Novell DHCP service supports vendor options, DHCP options, and BOOTP parameters as defined in Internet RFC 2132 with a few exceptions. A table listing the option codes and names is found in Section A.3, DHCP Option Descriptions.

DHCP Options for eDirectory

Novell has defined three DHCP options for eDirectory. These options eliminate the need to provide this information each time users log in.

Option 85 provides the IP address of one or more eDirectory servers for the client to contact for access to the eDirectory database. Option 86 provides the name of the eDirectory tree the client will be contacting. Option 87 provides the eDirectory context the client should use.

For detailed information about using these options, refer to Internet ‘RFC 2241’, DHCP Options for Novell Directory Services.

NetWare/IP Options

Novell uses option codes 62 and 63 in the DHCP packet for NetWare/IP. Option 62 contains the NetWare/IP domain name.

Option 63, the IPX Compatibility option, contains general configuration information such as the primary DSS, the preferred DSS, and the nearest servers. Option 63 also provides additional information in the form of suboptions, listed in the table below.

Table 1-5 Suboptions Codes and Meaning

Suboption Codes

Meaning

5

If the value of this field is 1, the client should perform a NetWare Nearest Server Query to find out its nearest NetWare/IP server.

6

Provides a list of up to five addresses of NetWare Domain SAP/RIP servers.

7

Provides a list of up to five addresses of the nearest NetWare/IP servers.

8

Indicates the number of times a NetWare/IP client should attempt to communicate with a given DSS server at startup.

9

Indicates the amount of delay in seconds between each NetWare/IP client attempt to communicate with a given DSS server at start-up.

10

If the value is 1, the NetWare/IP client should support NetWare/IP Version 1.1 compatibility.

11

Identifies the Primary Domain SAP/RIP Service server (DSS) for this NetWare/IP domain.

Refer to Internet ‘RFC 2242’ and NetWare IP Domain Name and Information for detailed information about using these NetWare/IP options.

DHCP eDirectory Objects

When you select Novell DHCP Services during the OES installation, the eDirectory schema is extended to enable the creation of DHCP objects and the following objects are created:

  • dhcpLocator (Locator object)

  • DHCPGroup (Group object)

Only one copy of these objects exists in the context that is specified during OES installation. The DNS servers, DHCP servers, and the Management Console must have access to these objects.

The DHCPGroup object is a standard eDirectory group object. This object is used to grant the necessary rights to the eDirectory user used by the DHCP server to access the DHCP objects

The dhcpLocator object is created during the OES installation and has references to dhcpServer and dhcpService objects. The creator of the Locator object grants Read and Write permissions to this object to the network administrators.

1.4.2 eDirectory Objects for DHCP

The following eDirectory objects are supported in DHCP:

Figure 1-16 shows a basic configuration of the DHCP objects. This structure might be used for a small to medium-size network.

Figure 1-16 eDirectory Objects for DHCP

DHCP Service

The DHCP Service object is a container object that contains the DHCP configuration for the entire network, a subset of the network, or a single server. It is made up of configuration details of shared networks, subnets, classes, pools and hosts. Depending on your organizational needs, there can be more than one DHCP Service object in the network.

Java Console enables you to create service objects with the same name if they are located in different containers. However, it is recommended to create service objects with unique names since Java Console displays only service object name instead of the FQDN. Therefore, it is difficult to distinguish between service objects with the same name.

DHCP Server

The DHCP Server object serves one or more DHCP service objects. Each DHCP server can be associated with one or more DHCP services depending on the needs of your organization. In a typical scenario, there must be one DHCP Server object configured for every system running DHCP Service.

Keeping the DHCP server and its configuration details as separate entities provides much-needed flexibility in associating and switching between DHCP servers and configurations.

Shared Network

All subnets that share the same physical network can be grouped under a Shared Network object.

Some installations have physical networks on which more than one IP subnet operates. For example, if there is a site-wide requirement that 8-bit subnet masks be used, but a department with a single physical Ethernet network expands to the point where it has more than 254 nodes, it might be necessary to run two 8-bit subnets on the same Ethernet until a new physical network can be added. In this case, the subnet declarations for these two networks must be enclosed in a shared-network declaration.

A shared network object must be created under a service object.

Subnet

The Subnet object enables you to distribute IP addresses and DHCP options to each network.

Because the DHCP Service object is the fundamental object of the hierarchy of the network, a subnet object must be created under a service element in the hierarchy. If your organizational setup requires the subnet object to be grouped under a shared network, create the subnet object under a service-shared network hierarchy.

The subnet statement is used to provide dhcpd with enough information to tell whether or not an IP address is on that subnet. It can also be used to provide subnet-specific parameters and to specify what addresses can be dynamically allocated to clients booting on that subnet.

Pool

The pool declaration can be used to specify a pool of addresses that are treated differently than another pool of addresses, even on the same subnet. It is also possible to set up entirely different subnets for known and unknown clients. You can create multiple pool objects under a Subnet object. The pool object must be created under a service-shared network-subnet or service-subnet hierarchy.

You can create multiple pool objects under a Subnet object.

Class

The Class object helps in segregating clients into classes, and these clients can be treated differently depending on the class they are in. This separation can be done either with a conditional statement, or with a match statement within the class declaration. It is also possible to create automatic subclasses based on the contents of the client packet. You can also set a limit on the number of clients within a class or subclass.A subclass is a class with the same name as a regular class, but with a specific submatch expression

To group clients into different classes based on conditional expression, you can specify a match expression within a class statement in the following manner:

match if substring (option dhcp-client-identifier, 1, 3) = "RAS";

A subclass is a class with the same name as a regular class, but with a specific submatch expression that is hashed for quick matching. To automatically create lease-limited subclasses based on client parameters, use the spawn with statement.

The option value sent by the client is checked with the dynamically created subclasses for the specified class and if a match is found, the client will be classified under that subclass and treated accordingly.

If no match is found, the server creates a new subclass and logs the information in the lease file, and the client is classified in this new subclass. After classification, it is processed according to the rule set for the class.

Host

The Host object represents a client in the network with statically assigned IP address. It is identified by a host name.

The DHCP Management Utility can be used to configure host objects that are manually assigned. When configuring an individual host object, you can provide specific options that override global options or those set at the subnet/service level.

Zone

The DHCP Zone object contains the references to Domain Name System (DNS).

A DHCP server uses this information to perform dynamic updates for the zone objects. A DNS server must be configured to allow updates for the zone that the DHCP server is updating.

TSIG Key

A TSIG key is used for authenticating dynamic updates to a DNS server. TSIG uses shared secret keys as a cryptographically secure means of authenticating a DNS update.

Failover

The Failover Peer protocol allows only two DHCP servers to share a common address pool. This ensures continuous availability of the network. The process defines the role of a primary server and a secondary server.

Each server has about half of the available IP addresses in the Pool at any given time for allocation. During a prolonged failure of the primary server, the secondary server recovers all the addresses that the primary server had available for allocation, and begins to reuse them.

1.4.3 Java Management Console for DHCP (OES Linux)

The Java Management Console can be used to configure and manage DHCP (OES Linux) objects based on eDirectory. It is an independent executable Java application. To launch Java Console:

On Windows: Click Start > Programs > DNS-DHCP Management Console > DNSDHCP. It can also be launched by double-clicking the DNSDHCP shortcut icon created on the desktop.

On Linux: Open a terminal console and run the command ./dnsdhcp-jc-launch.sh from the location /opt/novell/dnsdhcp/console/.

When the Java Management Console is launched, it prompts you to select a tree as the target eDirectory context.

You must log in to the desired eDirectory tree before launching the Java Management Console. To manage objects in a different eDirectory tree, you must exit the utility, change the context to the other eDirectory tree, and launch the utility again. The current eDirectory tree name is displayed in the utility's title bar.

The Java Management Console manages one tree at a time. Figure 1-17 shows the main user interface window for DHCP (OES Linux) Services.

Figure 1-17 DHCP (OES Linux) Java-based Management Console User Interface

For more information, see:

DHCP (OES Linux)

DHCP objects can be accessed via the DHCP (OES Linux) tab. There are three panes within each tab page. The left pane displays the managed DHCP objects in tree form. The right pane displays detailed information about the object that is selected in the left or bottom pane. The bottom pane lists the Linux DHCP servers configured to provide necessary services.Resources are organized according to the object hierarchy and the implicit ordering of objects. In the left pane, all the DHCP Service objects are listed in alphanumeric order.All of the objects are created as eDirectory objects and are subject to Linux Administrator conventions. Therefore, when creating a new object, you should always name the object first in each Create dialog box.The Create dialog box for these objects has browsing capability in the eDirectory tree, so an administrator with Write or Supervisor rights can select a specific context.A newly created object's button on the toolbar is context-sensitive in relation to the selected item in either service's left tree pane. Your rights to the objects are not verified until you perform an update, delete, or create against the target objects.The DHCP objects available in the new object dialog’s creation list box depend on the selected object in the left tree pane.

After a new DHCP object has been created, the Java Management Console grants the objects Read and Write rights to the dhcpLocator object.

For fast and efficient searching, the distinguished names of newly created Service objects and Server objects are added to the corresponding attribute of the dhcpLocator object. Renaming or deleting these objects is automatically performed by eDirectory because of the built-in feature for eDirectory distinguished names.

After a new DHCP object has been created, the Java Management Console gives you the choice of staying in its current focus or setting the focus on the newly created object. The utility also displays its detailed information in the right pane. This feature is provided as a convenience to administrators and can be used by selecting the Define Additional Properties check box.

Toolbar

The Management Console offers no menu items. All functions are provided by the toolbar. The functions that are relevant for the item selected in the left tree pane or bottom server pane are highlighted to show their availability.

Figure 1-18 DHCP (OES Linux) Toolbar

If you position the cursor over the icon, the icon's name appears. The following table lists when each toolbar button is enabled in relationship to the selected object.

Table 1-6 Period when the Toolbar Buttons are Enabled

Toolbar Button

Enabled

Exit

Always enabled

Create

Always enabled

Delete

Always enabled

Save

When fields have been changed for updates or changes

Refresh tree

Always enabled

Custom Options

When DHCP service is selected

Import

Always enabled

Export

Always enabled

Start/stop service

When DHCP server is selected

Find

When Service, Subnet, TSIG key,Zone, shared network, class, host, failover peer is selected

Help

Always enabled

Status Bar

The status bar displays in the bottom pane of the Management Console. When an object is selected, the status of that object is displayed in the status bar. Figure 1-19 displays the status bar for the Server LinuxDHCP_Japan server.

Figure 1-19 DHCP (OES Linux) Status Bar

Server Status

The icon for the Linux DHCP Server changes depending on its status. Table 1-7, DHCP (OES Linux) Server Icons explains the various DHCP (OES Linux) server icons along with their states.

Table 1-7 DHCP (OES Linux) Server Icons

Icon

Description of the DHCP Server State

Indicates that the process to find out the DHCP server state has not been initiated.

Indicates that the DHCP server is inactive. This icon is displayed when sfcbd is up and dhcpd is down.

Indicates that the server is active. This icon is displayed when both sfcbd and dhcpd are up and running.

Indicates that there has been a communication failure while trying to identify the DHCP server status.

This animated icon indicates that a process is on to identify the status of the DHCP server.

Object Creation Rules

These are certain rules that govern the creation and manipulation of objects in the Linux DHCP object hierarchy.

The DHCP Server object and DHCP service object can be created in the context of an Organization (O),Organizational Unit (OU), Locality (L), or Country (C).

For fast and efficient search operations, the distinguished names of the newly created service and DHCP servers are added to the corresponding attribute of the Locator object. Renaming or deleting these objects is automatically performed by eDirectory because of the built-in feature for eDirectory distinguished names.

Locator object cannot be created from Java Console. However, during installation if these contexts are specified, then you can create the locator object.

Locator object can be created in the Top, tree root, and domain containers along with existing Country, Locality, Organization, and Organizational Unit containers.

DHCP Server object is always created under NCP server container. You cannot select a separate container for server object from Java Console.

DHCP pool object can only be created under a DHCP subnet object and a DHCP subnet object can only be created under a DHCP service object.