Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) client/server is a Windows Sockets program that is used to provide automatic and dynamic configuration of various TCP/IP protocol components. The server is configured with "scopes," which are ranges of IP addresses, to distribute to network clients as they start on the network. The DHCP server can also provide the additional configuration parameters that are associated with the IP addresses. For example, a scope that includes a specific range of IP addresses may also be associated with default gateway, DNS server, and NetBIOS Name Server (WINS), with which the DHCP clients can be configured.
Obtaining Configuration Parameters Using DHCP
When a DHCP-enabled client starts for the very first time, it broadcasts a DHCP Discover request onto the local subnet. Any DHCP server that receives the request may respond with a DHCP Offer that contains proposed configuration parameters. The client can evaluate the offer, and respond with a DHCP request to accept it. The server finalizes the transaction with a DHCP ACK. The following example explains this sequence.
First, the DHCP Discover is sent as the stack initializes:
Time Source IP Dest IP Prot Description
0.000 0.0.0.0 255.255.255.255 DHCP Discover (xid=68256CA8)
+ FRAME: Base frame properties
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
+ ETHERNET: Destination address : 255.255.255.255
+ ETHERNET: Source address : 00DD01075715
ETHERNET: Frame Length : 342 (0x0156)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 328
(0x0148)
IP: ID = 0x0; Proto = UDP; Len: 328
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
+ IP: Service Type = 0 (0x0)
IP: Total Length = 328 (0x148)
IP: Identification = 0 (0x0)
+ IP: Flags Summary = 0 (0x0)
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 32 (0x20)
IP: Protocol = UDP - User Datagram
IP: CheckSum = 0x99A6
IP: Source Address = 0.0.0.0
IP: Destination Address = 255.255.255.255
IP: Data: Number of data bytes remaining = 308 (0x0134)
UDP: IP Multicast: Src Port: BOOTP Client, (68); Dst Port: BOOTP
Server (67); Length = 308 (0x134)
UDP: Source Port = BOOTP Client
UDP: Destination Port = BOOTP Server
UDP: Total length = 308 (0x134) bytes
UDP: CheckSum = 0x4A0E
UDP: Data: Number of data bytes remaining = 300 (0x012C)
DHCP: Discover (xid=68256CA8)
DHCP: Op Code (op) = 1 (0x1)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 1747283112 (0x68256CA8)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0............... = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client Ethernet Address (chaddr) = 00DD01075715
DHCP: Server Host Name (sname) = <Blank>
DHCP: Boot File Name (file) = <Blank>
DHCP: Magic Cookie = [OK]
DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP Discover
DHCP: Client-identifier = (Type: 1) 00 dd 01 07 57 15
DHCP: Host Name = DAVEMAC4
DHCP: End of this option field
There are several interesting points to note in the DHCP discover packet. First, it is sent as a broadcast at both the link layer and the IP layer. Second, the DHCP broadcast flag is set to 0, indicating that the client is capable of receiving a response that is directed to its MAC address (indicated by chaddr). This means that the DHCP server is not required to broadcast the response.
Note
Windows NT version 3.5 computers required a broadcast response and did not set this flag to 0.
Finally, note that there is a transaction ID (XID) used to track each configuration sequence. Any response to this discover packet should reference the same XID.
A DHCP offer follows:
Time Source IP Dest IP Prot Description
0.165 172.16.113.254 172.16.112.13 DHCP Offer (xid=68256CA8)
+ FRAME: Base frame properties
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
+ ETHERNET: Destination address : 00DD01075715
+ ETHERNET: Source address : 00000C1AEBC5
ETHERNET: Frame Length : 590 (0x024E)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 576
(0x0240)
IP: ID = 0x906; Proto = UDP; Len: 576
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
+ IP: Service Type = 0 (0x0)
IP: Total Length = 576 (0x240)
IP: Identification = 2310 (0x906)
+ IP: Flags Summary = 0 (0x0)
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 31 (0x1F)
IP: Protocol = UDP - User Datagram
IP: CheckSum = 0xAF0D
IP: Source Address = 172.16.113.254
IP: Destination Address = 172.16.112.13
IP: Data: Number of data bytes remaining = 556 (0x022C)
UDP: Src Port: BOOTP Server, (67); Dst Port: BOOTP Client (68); Length
= 556 (0x22C)
DHCP: Offer (xid=68256CA8)
DHCP: Op Code (op) = 2 (0x2)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 1747283112 (0x68256CA8)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0............... = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 172.16.112.13
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 172.16.112.1
DHCP: Client Ethernet Address (chaddr) = 00DD01075715
DHCP: Server Host Name (sname) = <Blank>
DHCP: Boot File Name (file) = <Blank>
DHCP: Magic Cookie = [OK]
DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP Offer
DHCP: Subnet Mask = 255.255.255.0
DHCP: Renewal Time Value (T1) = 1 Days, 12:00:00
DHCP: Rebinding Time Value (T2) = 2 Days, 15:00:00
DHCP: IP Address Lease Time = 3 Days, 0:00:00
DHCP: Server Identifier = 172.16.113.254
DHCP: End of this option field
The DHCP offer is also interesting. The XID is the same as that in the discover packet. It is a directed offer, not sent as a broadcast, and it is directed to the MAC address of the client and to the proposed IP address for the client. The source address is from a different subnet (172.16.113) than the subnet that the client is attached to, indicating that both the discover and the offer must have traversed a router. This can be verified by checking the DHCP "giaddr" field, that is set to 172.16.112.1. As you might suspect, a router is configured to forward DHCP broadcasts from this subnet to the one where the DHCP server is located. DHCP forwarding is discussed in RFC 1542, and routers used for this purpose must explicitly support the RFC and be configured accordingly.
Next, the client accepts the offer:
Time Source IP Dest IP Prot Description
0.172 0.0.0.0 255.255.255.255 DHCP Request (xid=08186BD1)
+ FRAME: Base frame properties
+ ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
+ IP: ID = 0x100; Proto = UDP; Len: 328
+ UDP: IP Multicast: Src Port: BOOTP Client, (68); Dst Port: BOOTP
Server (67); Length = 308 (0x134)
DHCP: Request (xid=08186BD1)
DHCP: Op Code (op) = 1 (0x1)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 135818193 (0x8186BD1)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0............... = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client Ethernet Address (chaddr) = 00DD01075715
DHCP: Server Host Name (sname) = <Blank>
DHCP: Boot File Name (file) = <Blank>
DHCP: Magic Cookie = [OK]
DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP Request
DHCP: Client-identifier = (Type: 1) 00 dd 01 07 57 15
DHCP: Requested Address = 172.16.112.13
DHCP: Server Identifier = 172.16.113.254
DHCP: Host Name = DAVEMAC4
DHCP: Parameter Request List = (Length: 7) 01 0f 03 2c 2e 2f 06
DHCP: End of this option field
The request is again broadcast, and the proposed IP address from the server is referenced. The request is broadcast for a reason¾the client could have received more than one offer and, by broadcasting its request, it allows the other DHCP servers to see that it isn't going to use their offers.
Finally, the client acknowledges that it will accept the lease:
Time Source IP Dest IP Prot Description
0.061 172.16.113.254 172.16.112.13 DHCP ACK (xid=08186BD1)
+ FRAME: Base frame properties
+ ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
+ IP: ID = 0xA06; Proto = UDP; Len: 576
+ UDP: Src Port: BOOTP Server, (67); Dst Port: BOOTP Client (68);
Length = 556 (0x22C)
DHCP: ACK (xid=08186BD1)
DHCP: Op Code (op) = 2 (0x2)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 135818193 (0x8186BD1)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0............... = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 172.16.112.13
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 172.16.112.1
DHCP: Client Ethernet Address (chaddr) = 00DD01075715
DHCP: Server Host Name (sname) = <Blank>
DHCP: Boot File Name (file) = <Blank>
DHCP: Magic Cookie = [OK]
DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP ACK
DHCP: Renewal Time Value (T1) = 1 Days, 12:00:00
DHCP: Rebinding Time Value (T2) = 2 Days, 15:00:00
DHCP: IP Address Lease Time = 3 Days, 0:00:00
DHCP: Server Identifier = 172.16.113.254
DHCP: Subnet Mask = 255.255.255.0
DHCP: Domain Name = (Length: 22) 63 73 77 61 74 63 70 2e 6d
69 63 72 6f 73 6f 66 ...
DHCP: Router = 172.16.112.1
DHCP: NetBIOS Name Service = 172.16.113.254
DHCP: NetBIOS Node Type = (Length: 1) 08
DHCP: End of this option field
The acknowledgment is the final packet of the transaction, and it contains all of the configuration parameters that the client will use.
Lease Expiration and Renewal
DHCP-supplied configurations are "leased" from the server. Periodically, the client will contact the server to renew the lease. The protocol and implementation are very robust and configurable, and short-term server or network outages do not generally affect lease renewal. For example, DHCP clients start to try to renew their lease when 50 percent of the lease time has expired. Repeated attempts are made to contact the DHCP server and renew the lease, until 87.5 percent of the lease time has expired. At this point, the client attempts to get a new lease from any available DHCP server.
When a DHCP client is rebooted, it attempts to verify that the lease it holds is valid for the current subnet. If it is moved to another subnet and rebooted, the following sequence takes place:
Source Destination Source IP Destination IP Pro Description
davemacp *BROADCAST 0.0.0.0 255.255.255.255 DHCP Request (xid=6E3A2E74)
router *BROADCAST 10.57.8.1 255.255.255.255 DHCP NACK (xid=6E3A2E74)
davemacp *BROADCAST 0.0.0.0 255.255.255.255 DHCP Discover (xid=51CA7FED)
router davemacp 10.57.8.1 10.57.13.152 DHCP Offer (xid=51CA7FED)
davemacp *BROADCAST 0.0.0.0 255.255.255.255 DHCP Request (xid=2081237D)
router davemacp 10.57.8.1 10.57.13.152 DHCP ACK (xid=2081237D)
In this example the portable computer "davemacp" is moved to a new subnet and re-started. It broadcasts a DHCP request for renewal of its old parameters, but the DHCP server responsible for the new subnet recognized that these were invalid for the subnet and NAK'd them. The DHCP client software automatically went through a normal discovery process to get reconfigured with parameters that are valid for the new location. For additional information on DHCP, see Chapter 7, "Managing Microsoft DHCP Servers."