linux basic services (DHCP)

DHCP

Article catalog

What is DHCP

DHCP, the dynamic host configuration protocol, is a local area network protocol. It uses UDP protocol to work. It automatically assigns IP addresses to internal local area networks or network providers. It uses 67(DHCP server) and 68(DHCP client) ports for central management of all computers to users or network management of internal networks.

How DHCP works

DHCP messages are as follows:

1.DHCP DISCOVER: the packet sent by the client during the DHCP process is the beginning of the DHCP protocol
2.DHCP OFFER: the response made by the server after receiving DHCP DISCOVER, including the IP (yiaddr) given to the client, the MAC address of the client, the lease expiration time, the ID of the server and other information
3.DHCP REQUEST: the response of the client to the DHCP OFFER sent by the server. It will also be used at the time of renewal.
4.DHCP ACK: the successful confirmation message sent by the server after receiving the DHCP REQUEST from the client. When establishing a connection, the client will not confirm that the IP and other information allocated to it can be used until it receives the message.
5.DHCP NAK: the opposite message of DHCP ACK, indicating that the server refused the request of the client.
6.DHCP RELEASE: generally, it occurs when the client is shut down or offline. This message will enable the DHCP server to release the IP address of the client sending this message
7. DHCP information: the message sent by the client requesting some information from the server
8.DHCP DECLINE: when the client finds that the IP address assigned by the server cannot be used (such as IP address conflict), it will send this message to inform the server to prohibit the use of the IP address.

After knowing the DHCP message, we further understand the working principle of DHCP:

  1. Client request IP address
                               . Because the client does not know which network it belongs to, the source address of the packet is 0.0.0.0, and the destination address is 255.255.255.255. Then the DHCP discover information is attached to broadcast to the network.
    The waiting time of                             . If there is no response, the client retransmits the broadcast packet four times (in 2, 4, 8, 16 seconds intervals, plus a random length of time between 1-1000 milliseconds). If no response is received from the DHCP Server, the client selects an IP address from 169.254.0.0/16, the private IP address automatically reserved. And rebroadcast every 5 minutes. If you receive a response from a server, continue the IP lease process.
  2. Provide IP address rental
                                   .
                             

(1) Go to the log file of the server to find whether the user has rented an IP before. If there is an IP that is currently not used, provide the IP to the client.
(2) If the configuration file provides a specific fixed IP for the MAC address, the fixed IP is provided to the client.
(3) If the above two conditions are not met, it will select the first vacant IP from those addresses that have not been leased out, and respond to a DHCP OFFER packet (including IP address, subnet mask, address lease term and other information) to the client through UDP 68 port together with other TCP/IP settings. At this time, broadcast is still used for communication. The source IP address is the IP address of DHCP Server and the target address is 255.255.255.255. At the same time, the DHCP Server keeps the IP address it provides for this client so that it will not assign this IP address to other DHCP clients.

  1. Accept IP lease
                                      Server which server will accept the IP address provided by which server, other DHCP servers cancel their DHCP offer
                              . At the same time, the client will send an ARP packet to the network to query whether there are other machines on the network using the IP address. If it is found that the IP address has been occupied, the client will send a DHCP declinet packet to the DHCP Server, refuse to accept its DHCP offer, and resend the DHCP discover information.
  2. Lease confirmation
                                   . Lease expiration time starts
  3. Expiry of lease
                            . If the client receives the DHCP ACK message package responded by the server, the client will update its configuration according to the new lease term provided in the package and other updated TCP/IP parameters, and the IP lease update is completed. If you do not receive a response from the server, the client continues to use the existing IP address because there is still 50% of the current lease term.
                              . If not, by the end of the lease, the client must give up the IP address and reapply. If no DHCP is available at this time, the client uses one of the random addresses in 169.254.0.0/16 and tries again every 5 minutes.
    However, most of the current DHCP client programs will actively re apply for IP according to the lease time, so even if there is a lease term, there is no need to manually re apply for IP at a certain point in time.

Three allocation mechanisms of DHCP

Assignment type effect
Automatic allocation The DHCP server specifies a permanent IP address for the specified client. As long as the DHCP client successfully rents the IP address from the DHCP server, the address can be used permanently.
Dynamic allocation The DHCP server assigns a time limited IP address to the host. When the address expires or the client gives up the address actively, the original address may be assigned to other clients. This method is often used in the original dial-up Internet. Only in this way can the IP address eliminated from a client machine be reused.
Manual allocation The network administrator specifies the IP address of the client. At this time, all DHCP does is to tell the client the IP address assigned by the network administrator.

Set up DHCP

Install dchp service, yum

[root@localhost ~]# yum -y install dhcp

View generated profiles

[root@localhost ~]# cat /etc/dhcp/dhcpd.conf 
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example   --This is the path where the template file is located. We usually overwrite the file to the configuration file for configuration
#   see  dhcpd.conf (5) Man page -- you can also use the man manual for help
#
[root@localhost ~]# 

Overwrite template file contents to dhcp.conf In profile

[root@localhost ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: Overwrite or not"/etc/dhcp/dhcpd.conf"? y
[root@localhost ~]# cat /etc/dhcp/dhcpd.conf    --It can be seen that the content of the file has changed
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;
......

Next, we can modify the configuration file to implement DHCP IP allocation

[root@localhost ~]# vim /etc/dhcp/dhcpd.conf 

Find the following in the configuration file:

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "example.org";           				  --Edit domain name
option domain-name-servers ns1.example.org, ns2.example.org;  --Edit as current native IP address

default-lease-time 600;										  --Set minimum lease time
max-lease-time 7200;										  --Set maximum lease time
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

subnet 10.152.187.0 netmask 255.255.255.0 {        --Set network segments assigned to clients(Current network segment of this server)
# Add the following to {}
		range 0.0.0.0 0.0.0.0;                     --Set up what the client gets ip Address range                              
		option subnet-mask 255.255.255.0;		   --Set subnet mask
		option routers 0.0.0.0;					   --Set gateway address
}

# This is a very basic subnet declaration.

Take 192.168.1.0 network segment as an example:

option domain-name "haha.com "; -- domain name set to haha.com
 Option domain name servers 192.168.1.10; -- the IP of this server is 192.168.1.10

Default lease time 60000; -- minimum lease is 60000 seconds
 Max lease time 720000; -- Max lease time 720000 seconds

subnet 192.168.1.0 netmask 255.255.255.0 {-- the network segment assigned to the client is 1.0
        range 192.168.1.20 192.168.1.30; -- IP range assigned to clients is 1.20-1.30
        Option subnet mask 255.255.255.0; -- subnet mask 255.255.255.0
        Option routes 192.168.1.1; -- gateway 1.1
}

After modification, restart the service
If the error is reported, please check whether the content of the configuration file is configured correctly

[root@localhost ~]# systemctl restart dhcpd
[root@localhost ~]# 

After the configuration is completed, the dhcp service needs to be added to the firewall release policy (both the client and the server are required)

[root@localhost ~]# Firewall CMD -- add service = dhcp -- configure dhcp temporary release policy
success
[root@localhost ~]# Firewall CMD -- add service = DHCP -- permanent -- permanent release (if there is no temporary configuration, restart the system)
success
[root@localhost ~]# Firewall CMD -- list all -- get the current firewall policy list
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: dhcp dhcpv6-client ssh								--You can see that there are dhcp,Explain to add release strategy
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 
[root@localhost ~]# 

After the server configuration is completed, go to the client for simple configuration (the server and the client must use a network card):
In ifcfg-ens33 configuration file, change BOOTPROTO(IP acquisition method) to dhcp acquisition

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes

After restarting the network service
The client uses the command dhclient -d to obtain the IP address assigned by DHCP

[root@localhost ~]# dhclient -d
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/virbr0-nic/52:54:00:e7:7b:0e
Sending on   LPF/virbr0-nic/52:54:00:e7:7b:0e
Listening on LPF/virbr0/52:54:00:e7:7b:0e
Sending on   LPF/virbr0/52:54:00:e7:7b:0e
Listening on LPF/ens33/00:0c:29:e9:b5:92
Sending on   LPF/ens33/00:0c:29:e9:b5:92
Sending on   Socket/fallback
DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0xd551836)
DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 5 (xid=0x5f625df4)
DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x291f6dab)
DHCPNAK from 192.168.200.254 (xid=0x291f6dab)
DHCPDISCOVER on ens33 to 255.255.255.255 port 67 interval 8 (xid=0x49d731ce)
DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x49d731ce)
DHCPOFFER from 192.168.1.10
DHCPNAK from 192.168.200.254 (xid=0x49d731ce)
DHCPACK from 192.168.1.10 (xid=0x49d731ce)
bound to 192.168.1.20 -- renewal in 2775 seconds.     --As you can see, 192.168.1.20IP address

ifconfig view IP

[root@localhost ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.20  netmask 255.255.255.0  broadcast 192.168.1.255

We can also do reservation address and reserve the specified IP address to the specified client
Find the following in the configuration file to modify

# will still come from the host declaration.

host passacaglia {
  hardware ethernet 0:0:c0:5d:bd:95;       --Set the MAC address
  fixed-address 192.168.1.25;              --Set the assigned IP address					
  server-name "haha.com";				   --domain name
}

After restarting the service, use the command to get

[root@localhost ~]# dhclient -d
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/virbr0-nic/52:54:00:e7:7b:0e
Sending on   LPF/virbr0-nic/52:54:00:e7:7b:0e
Listening on LPF/virbr0/52:54:00:e7:7b:0e
Sending on   LPF/virbr0/52:54:00:e7:7b:0e
Listening on LPF/ens33/00:0c:29:e9:b5:92
Sending on   LPF/ens33/00:0c:29:e9:b5:92
Sending on   Socket/fallback
DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x453c093e)
DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 3 (xid=0x560d9223)
DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x63786751)
DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 8 (xid=0x560d9223)
DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 11 (xid=0x453c093e)
DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x63786751)
DHCPNAK from 192.168.200.254 (xid=0x63786751)
DHCPDISCOVER on ens33 to 255.255.255.255 port 67 interval 7 (xid=0x17c2455a)
DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x17c2455a)
DHCPOFFER from 192.168.1.10
DHCPNAK from 192.168.200.254 (xid=0x17c2455a)
DHCPACK from 192.168.1.10 (xid=0x17c2455a)
bound to 192.168.1.25 -- renewal in 2948 seconds.      --To see this place is to get our reserved address
  

If you want to know more about dhcp, please refer to the link:
Link: DHCP details
Link: How DHCP works
Link: Linux basic DHCP

Tags: network firewall Mac yum

Posted on Tue, 09 Jun 2020 02:54:58 -0400 by Volte6