The DHCP service is a process that responds to client requests. When a computer that is a DHCP client boots up on the network for the first time, a four-step process is initiated.
1. The client machine broadcasts a request for an IP address. The request is broadcast on Port 67 and is known as a DHCP Discovery Broadcast.
2. Any and all DHCP servers that exist on the local network subnet will respond to the client with a direct DHCP Offer. If there are no local DHCP servers but there is a relay agent and it has forwarded the client's broadcast to a remote DCHP server, that server responds with the DHCP Offer.
3. It's first come, first served as the client takes the first offer it gets and responds with another broadcast, which is known as a DHCP Request. This request confirms the IP address it received from the DHCP server. A relay agent will forward the request when needed. A server whose offer was not accepted puts the offered IP address back into its address pool.
4. The DHCP server whose offer was accepted then responds with a DHCP Acknowledgment message that includes the lease duration and any other configuration information that the server has been set up to provide. At the point at which the client receives the acknowledgment, it then binds the new address to its IP stack and starts using it.
The DHCP server gives out addresses according to a specific selection algorithm. Basically, the server starts handing out addresses from the bottom of its scope range and works its way toward the top. It won't give out a previously used, expired address to a new client until all unused addresses are exhausted. After all addresses are used at some point, the server then assigns addresses that were released or expired, based on the amount of time the address has been available. Addresses that haven't been used for the longest amount of time are the server's first choice for reuse. Keep in mind, though, that as with all other lease assignments, the server will use conflict-detection techniques to make sure the IP is, in reality, unused.
Both the server and the client have ways to check for IP duplication. The server can be configured to ping an IP address before it assigns that address to a client. This option is turned off by default as the functionality is largely duplicated as we will see in a moment by the client. This method requires that the ping request fail before the DHCP server will go ahead and issue an IP address to the client. This means that the more pings, the longer the process will take. Each ping takes about a second. If successful, the DHCP server selects another address and pings it before issuing it to the client. To set up the conflict-detection method on the server, follow these directions:
1. Right-click the server in the DHCP console and choose Properties.
3. Set Conflict detection attempts to a number greater than zero. A word to the wise: A number greater than 2 is not a good idea. This number determines how many times your DHCP server will test an IP address before leasing it to a client. The DHCP server uses the Packet Internet Groper (ping) process to test available scope IP addresses before including these addresses in DHCP lease offers to clients. If the ping is successful, the IP address is in use on the network. As a result, the DHCP server won't offer to lease that specific address to a client. If, however, the ping request fails and times out, the IP address is considered not to be in use on the network. The DHCP
Continued server then offers the address to a client. Keep in mind that each additional conflict-detection attempt delays the DHCP server response by a second while waiting for the ping request to time out. This increases the load on the server.
The client sends out an ARP broadcast on the local subnet before it replies to a DHCP offer with a DHCP Request. This broadcast is aimed at determining if a local host is already using the IP address that the DHCP server offered. If it determines that the address is already in use, it will send a DHCP Decline broadcast back to the DHCP server and make another DHCP Discovery broadcast. The server that offered the declined IP marks as bad that specific IP address in its pool and keeps from reissuing it again by adding it to its list of active leases with the name BAD_ADDRESS. When you see this entry in the Active Leases list and you are able to determine that the system that caused the error is no longer on the network, you can release that address back into the pool by deleting it from the Active Leases list.
The IP address that's provided to the client is good as long as the lease duration lasts. The default lease time for a Windows 2000 DHCP server is three days, while that for the Windows Server 2003 DHCP server is eight days. Either can be modified by the administrator. Renewals take place in the following manner:
■ Halfway through the lease period, the client will attempt to contact the DHCP server and renew the lease by sending a directed DHCP Request. If the request is successful and is able to renew, the client machine gets a full new lease on the same IP address it was using. If, on the other hand, it fails to contact the server at the 50 percent point of the lease, it continues to use the leased IP address.
■ When 85.5 percent, or seven-eighths, of the lease time has expired, the client again tries to contact the DHCP server to renew the lease. If it fails this time, it will continue to attempt renewal at regular intervals until the lease expires. At that point, the client will drop the address it has been using and will initiate a DHCP Discovery broadcast. This will continue every five minutes until a server responds to the broadcast.
■ As well as the renewal requests described, the client will attempt to renew its lease every time it restarts. This attempt occurs even if the lease has expired while the server was offline.
Any time any of the configuration options that the DHCP server provides are changed since the client's last renewal, they'll be updated on the client as needed.
If the client's lease expired while the client was offline and the IP address it was given has been reissued to another client, the DHCP server will respond to the client's renewal request with a Negative Acknowledgment (NACK). A NACK
can also occur when the scope that the client had received its lease from has been deactivated by an administrator. At any point that a client receives a NACK in response to a renewal request, the client immediately ceases to use the IP address it was previously assigned and starts sending out DHCP Discovery broadcasts to obtain a new IP address lease.
The duration of the scope's lease helps determine the amount of network traffic that DHCP clients will generate, especially when the DHCP is configured to send updates to the DNS. Compared to other network services, the DHCP service doesn't produces an undue amount of traffic, but traffic should be monitored so that an accurate picture of the actual bandwidth being used can be determined.
Lease duration also affects the amount of time that the DHCP server can be offline before problems might arise. With the default lease of eight days provided by the Windows Server 2003 DHCP server, most clients will have a remaining lease of between four and eight days because of the continuous nature of the lease process. If the DHCP server were taken offline for two or three days but the network environment was otherwise stable, the only clients that would encounter trouble would be new clients that have never received the initial IP lease. All other clients would be good for at least four days.
The bad side of long durations is that changes to the scope IP options take longer to propagate to the clients. In our example, if a new DNS server was added to the network, it would take at four days before most of the clients would receive the updated DNS entry from the DHCP server.
While it may appear that there is some work involved in setting up and maintaining DHCP servers on your network, the alternative—static address configuration—is labor intensive and not practical for large networks. Our next goal is to understand scopes and superscopes and how subnets might be mapped to either.
Was this article helpful?