Dynamic Host Configuration Protocol (DHCP) | Computer Networks - Computer Science Engineering (CSE) PDF Download

Table of contents
Introduction
What is DHCP?
Why Use DHCP?
How DHCP Works
DHCP Relay Agent in Computer Network

Introduction

Dynamic Host Configuration Protocol (DHCP) is a network protocol used to automate the assignment of IP addresses and other network configuration parameters to devices such as computers, smartphones, and printers. Instead of manually configuring each device, DHCP allows devices to connect to a network and receive necessary information like IP address, subnet mask, default gateway, and DNS server addresses automatically from a DHCP server. This simplifies network management, especially in large networks, by ensuring devices can communicate effectively without configuration conflicts.

What is DHCP?

DHCP stands for Dynamic Host Configuration Protocol. It is crucial for enterprise networks, helping to manage IP address allocation for devices like desktops, laptops, and cellphones. As an application layer protocol, DHCP operates on a client-server model and involves discovery, offer, request, and acknowledgment (ACK) steps.

Subnet Mask (Option 1 - e.g., 255.255.255.0)
Router Address (Option 3 - e.g., 192.168.1.1)
DNS Address (Option 6 - e.g., 8.8.8.8)
Vendor Class Identifier (Option 43 - e.g.,
'unifi' = 192.168.1.9 ##where unifi = controller)

Why Use DHCP?

DHCP automates and centralizes IP address management. It maintains unique IP addresses for hosts via a server, handling TCP/IP configuration and address allocation through lease offers.

Components of DHCP

DHCP Server: Holds IP addresses and configuration information.
DHCP Client: Receives configuration information from the server.
DHCP Relay: Facilitates communication between the client and server.
IP Address Pool: A range of IP addresses managed by the DHCP server.
Subnets: Smaller network segments for easier management.
Lease: The duration for which the IP information is valid.
DNS Servers: Provided by DHCP to help resolve domain names.
Default Gateway: The device for routing packets outside the local network.
Options: Additional configuration parameters.
Renewal: Clients can renew leases to maintain valid IP addresses.
Failover: Ensures redundancy with multiple servers.
Dynamic Updates: Automatically updates DNS records.
Audit Logging: Keeps logs of all DHCP transactions.

DHCP Packet Format

Hardware Length: An 8-bit field specifying the length of the physical address in bytes. For example, the value for Ethernet is 6.
Hop Count: An 8-bit field that defines the maximum number of hops a packet can travel.
Transaction ID: A 4-byte field containing an integer. Set by the client, this identification number is used to match a reply with its corresponding request. The server returns the same value in its reply.
Number of Seconds: A 16-bit field indicating the number of seconds that have passed since the client started the boot process.
Flag: A 16-bit field where only the leftmost bit is used, and the rest should be set to 0. The leftmost bit indicates a forced broadcast reply from the server. If the reply is to be unicast to the client, the destination IP address of the IP packet is the address assigned to the client.
Client IP Address: A 4-byte field containing the client’s IP address. If the client does not have this information, this field is set to 0.
Your IP Address: A 4-byte field that contains the client’s IP address, filled by the server upon the client’s request.
Server IP Address: A 4-byte field containing the server’s IP address, provided by the server in a reply message.
Gateway IP Address: A 4-byte field containing the router’s IP address, provided by the server in a reply message.
Client Hardware Address: The client’s physical address. While the server can retrieve this address from the frame sent by the client, it is more efficient if the address is explicitly supplied by the client in the request message.
Server Name: A 64-byte field optionally filled by the server in a reply packet. It contains a null-terminated string of the server’s domain name. If the server does not provide data for this field, it must fill it with 0s.
Boot Filename: A 128-byte field optionally filled by the server in a reply packet. It contains a null-terminated string of the full pathname of the boot file. The client can use this path to retrieve additional booting information. If the server does not provide data for this field, it must fill it with 0s.
Options: A 64-byte field that can carry either additional information or specific vendor information, used only in a reply message. The server uses a "magic cookie," formatted as an IP address with the value 99.130.83.99. When the client reads the message, it looks for this magic cookie, and if present, the next 60 bytes are treated as options.

How DHCP Works

DHCP operates on the application layer of the TCP/IP protocol, dynamically assigning IP addresses and allocating TCP/IP configuration to clients. The process involves exchanging four main messages: discover, offer, request, and acknowledgment (DORA), but includes eight messages in total.

Working of DHCP

DHCP Messages

DHCP Discover Message: This is the initial message in the communication process between the client and the server. It is generated by the client host to determine if any DHCP servers are available in the network. This message is broadcast to all devices on the network to locate the DHCP server. It typically has a size of 342 or 576 bytes. In this message, the source MAC address (client PC) is 08002B2EAF2A, the destination MAC address is FFFFFFFFFFFF, the source IP address is 0.0.0.0 (as the PC has not been assigned an IP address yet), and the destination IP address is 255.255.255.255 (the broadcast IP address). The broadcast addresses are used to discover DHCP servers in the network.
DHCP discover message
DHCP Offer Message: In response to the DHCP Discover message, the server sends a DHCP Offer message to the client, specifying an available IP address and other TCP/IP configuration details. This message is broadcast by the server and is 342 bytes long. If multiple DHCP servers respond, the client will accept the first DHCP Offer it receives. The server ID is included in the packet to identify the server. In this message, the source IP address is 172.16.32.12 (server’s IP address), the destination IP address is 255.255.255.255 (broadcast IP address), the source MAC address is 00AA00123456, and the destination MAC address is FFFFFFFFFFFF. The server provides the offered IP address 192.16.32.51 and a lease time of 72 hours. The client identifier is the PC’s MAC address (08002B2EAF2A) for all messages.
DHCP offer message
DHCP Request Message: Upon receiving an offer, the client responds with a DHCP Request message, which is broadcast to the network. The client also sends a gratuitous ARP to check if any other device is using the same IP address. If there is no response, the client proceeds with broadcasting the DHCP Request message to accept the IP address. This message includes a client ID. The source IP address is 0.0.0.0 (since the client has no IP yet), the destination IP address is 255.255.255.255 (broadcast IP address), the source MAC address is 08002B2EAF2A (client PC), and the destination MAC address is FFFFFFFFFFFF.
DHCP request message
DHCP Acknowledgment Message: The server responds to the DHCP Request message with a DHCP Acknowledgment message. This message confirms that the IP address is allocated to the client and records the client’s ID and lease time. The source IP address is 172.16.32.12 (server’s IP address), the source MAC address is 00AA00123456 (server MAC address), the destination IP address is 255.255.255.255 (broadcast IP address), and the destination MAC address is FFFFFFFFFFFF. The client now has the IP address assigned by the server, and this address will not be provided to any other host.
DHCP acknowledgment message
DHCP Negative Acknowledgment Message: If a DHCP server receives a request for an invalid IP address or has no available IP addresses (the pool is empty), it sends a DHCP Nak (Negative Acknowledgment) message to the client.
DHCP Decline: If the DHCP client finds the offered configuration parameters invalid or already in use, it sends a DHCP Decline message to the server. For example, if another host replies to the gratuitous ARP, indicating the offered IP address is already in use, the client will send a DHCP Decline message to the server.
DHCP Release: The DHCP client sends a DHCP Release packet to the server to relinquish the IP address and cancel any remaining lease time.
DHCP Inform: If a client has manually obtained an IP address, it uses a DHCP Inform message to request other local configuration parameters, such as the domain name. The server replies with a DHCP Ack message containing the local configuration details suitable for the client without allocating a new IP address. This DHCP Ack message is unicast to the client.

Note: All DHCP messages can also be unicast by a DHCP relay agent if the server is on a different network.

Security Considerations

Limited IP Addresses: Prevent server flooding and ensure essential devices stay connected.
Fake DHCP Servers: Prevent unauthorized servers from issuing fake IPs.
DNS Access: Restrict access to sensitive data through DNS settings, using firewalls and VPNs for protection.

Protection Against DHCP Starvation Attack

A DHCP starvation attack occurs when a hacker floods the server with IP requests, exhausting available addresses. This can lead to a denial of service for legitimate users and enable man-in-the-middle attacks.

Reasons to Automate DHCP

Automating DHCP reduces manual management, allowing for seamless network expansion without additional staffing. It prevents common issues like printer connectivity problems and subnet incompatibilities.

Advantages

Centralized IP address management.
Automated TCP/IP configuration.
Easier addition of new clients.
Efficient IP address reuse.
Simplified reconfiguration.
Centralized network administration.
Handling of new users and IP address reuse.

Disadvantages

Potential IP conflicts.
Clients may connect to unauthorized servers.
Network access depends on DHCP server availability.
Machine names may not update with new IP addresses.

Conclusion

DHCP simplifies network setup by automatically assigning IP addresses and configurations. While it offers significant convenience, it requires careful security management to prevent issues like IP address exhaustion and unauthorized data access. Robust measures, including firewalls and VPNs, are essential to protect against network disruptions and ensure the efficient management of connections.

DHCP Relay Agent in Computer Network

To assign an IP address to the host dynamically, the DHCP client exchanges DHCP messages with the DHCP server in the DORA process.

In the DORA process, the discover and request message is broadcast, the offer and the acknowledgement message is broadcast or unicast depending upon the value of the broadcast flag i.e. If the value of the broadcast flag is 1, then the offer and acknowledgement message is broadcast and if 0, the messages are unicast. But this is valid only when the DHCP server is present in the same network because the router doesn’t forward any broadcast packet. What if the server is present in a different network? Here comes the role of DHCP relay agent.

DHCP Relay Agent

The DHCP relay agent is any TCP/IP host which is used to forward requests and replies between the DHCP server and client when the server is present on a different network. Relay agents receive DHCP messages and then generate a new DHCP message to send out on another INTERFACE. Also, the DHCP relay agent adds a giaddr (gateway address of the packet) field and also the Relay agent information option 82 if enabled. The options field is removed when the server reply is forwarded to the host.

DHCP relay agents are commonly used in large enterprise networks where the DHCP server is located on a different network segment than the client devices.The DHCP relay agent listens for DHCP broadcast messages from the client devices and then forwards those messages to the DHCP server, encapsulating them in a unicast packet.The DHCP relay agent may be configured with one or more IP addresses of DHCP servers that it can forward requests to.The giaddr field in the DHCP relay agent message is used to indicate the IP address of the relay agent interface on which the message was received.The Relay Agent Information option (option 82) may be used to add additional information to the DHCP request message, such as the interface or port number on which the request was received, or the VLAN ID of the requesting device.DHCP relay agents may be implemented in dedicated hardware devices, or they may be implemented in software on routers or other network devices.Some DHCP relay agents may include additional features such as DHCP packet filtering, rate limiting, or access control based on the source or destination IP address.If a DHCP relay agent is not properly configured, it can cause delays or failures in the DHCP process, leading to network connectivity issues for client devices.

Note – The discover and request messages are unicast by the DHCP relay agent.

Example –