Saturday 17 March 2012

DHCP Server , DHCP client and DHCP Relay FAQ

DHCP Server, DHCP Client and DHCP Relay FAQ


DHCP is one of very interesting protocol. The more i know about this protocol, the more i really gets fascinated. And i am really surprised by how less people know about this DHCP protocol. It is used by everyone but very few people actually knows how it works. I have put this as DHCP server , DHCP Client and DHCP relay FAQ page and i want to cover all the questions related to this protocol and it will help you for your DHCP related interviews as well.

Q.1)  What standard do you refer for DHCP ?

A.1) DHCP stands for Dynamic host control protocol. And we should refer RFC 2131 to know about it. The old RFC is 1541.

Q.2) On what protocol DHCP is based on?

A.2) DHCP is based on bootstrap protocol or bootp protocol defined in RFC 951.

Q.3) What is BootP Protocol ? Tell important points .

A.3) a) Bootstrap protocol (BOOTP) allows a diskless client machine to discover its own IP address, the address of a server host, and the name of a file to be loaded into memory and executed. Here diskless refer to the devices which are in network and does not have permanent disks and uses tftp/remote file for bootup.

       b) The BOOTP protocol uses two reserved port numbers, 'BOOTP client' (68) and 'BOOTP server' (67). The client sends requests using 'BOOTP server' as the destination port; this is usually a broadcast. The server sends replies using 'BOOTP client' as the destination port; depending on the kernel or driver facilities in the server, this may or may not be a broadcast address.

Q.4) How many types of DHCP messages are present?A.4) There are in total 8 type of message :



Q.5) Explain Basic message exchange between DHCP Client and DHCP Server?

A.5)   Client ->  DHCPDISCOVER
         Server -> DHCPOFFER
         Client->   DHCPREQUEST
         Server -> DHCPACK

Q.6) Explain a case in which DHCPDECLINE message will be sent.A.6) DHCPDECLINE message is sent by the DHCP client to the DHCP Server when the server assigns ip address which is already used in the network.

Q.7) When ARP is used in the DHCP sever -DHCP client message exchange?

A.7) ARP is used two times. When DHCP server gets DHCPDISCOVER message it searches in the pool pick one ip address and sends ARP request or ICMP ECHO Request packet with the picked ip address to the network. This is to check if any one is using the ip address which the DHCP Server is going to assign to the client. The second time is when the client gets the DHCPOFFER packet with the ip address mentioned in it. It sends DHCPREQUEST packet to the Server and after this send Gratious ARP request with the IP address offered by the server to the network. If it gets reply it sends DHCPDECLINE to server and does not take the ip address. If no body replies to it , the DHCP Client starts using the offered IP address.

Q.7) What is the lease time?

A.7) The lease time is given by the DHCP Server to the DHCP Client. It is the duration in which the DHCP client can use the ip address assigned by the server. The clients renews it when 50 % of the time remains. Lets say DHCP server has assigned ip address to the client for lease time 1 hr .After 30 min the DHCP client will send DHCP Request for the renewal of the lease time. It the server is present the time will extend to again 1 hr from the time it requested to renew the lease. Lets say 3.00-4.00 is its previous lease time. When at 3.30 it asks to renew the time will be extended from 3.30 to 4.30. Lets say DHCP server is not reachable in that case still the client can use the IP address and wait for 87.5 % of the time . After this time again it will send DHCPREQUEST to the server. If it gets reply it extends the  lease time again for one hr from the time it requested . If it did not get reply again it is allowed to use the IP address up to the lease time. Once the lease time expires it has to re initiate the whole process.

Q.8) Do DHCP server maintain the Lease time database ? Do they retain the database if we reboot the Server?

A.8) Yes, they maintain the lease time database and that is why if the client request the ip address it will first see its database and if matching MAC address entry is there it will assign the same ip address to the client.
Generally database will not be persistent and will get deleted if we reboot the server. But mainly it depends on Vendor implementation.

Q.9) How we can see message exchange and how we can generate all type of DHCP messages?

A.8) We need atleast one DHCP server, 2 DHCP clients and Wireshark installed to see the message exchange. Following is the scenario where you can see different DHCP message exchanges :

             For DHCP sever you can use  any of the following : windows server 2003, linux dhcpd deamon, tftpd server
                   DHCP client can be any windows PC. Install wireshark in both server and client.

          a) Messages 1 : DHCPDiscover, DHCPOFFER, DHCPREQUEST, DHCPACK

                            PC1 (DHCP Server )     -----------------------------  PC2 (DHCP client)                        
 Configure DHCP server pool in server. Connect the DHCP client PC with cross cable. Open wireshark and observe the DHCP messages. You can see all 4 messages.

        b) Message 2 :  DHCPRELEASE

            In DHCP client PC open command prompt and type ipconfig /release . You will observe DHCPRELEASE message in the server.

       c) Message 3 : DHCP DECLINE
             You need two clients. One static and one through DHCP server. Try to first assign ip address to dhcp client, reboot the client or just remove it from network meanwhile give the same static ip to another client. Now connect the dhcp client when the server assigns the ip address the client will do gratious arp and as static ip is already present it will send DHCPDECLINE message to the Server.

        d) Message 3: DHCPNAK

              DHCPNAK is sent by server when the requested ip address is from other subnet or when the requested ip address by the DHCP client cannot be assigned by the Server. This you can generate by changing the pool of DHCP server or by using two DHCP server. First configure pool lets say in DHCP server. Let client get the ip address. Disconnect this server and Connect another server with IP oll as When the client sends DHCPREQUEST it will ask for the previous ip address which is not present in pool so the server will send NAK. This can be tested using Windows 2003 server. I think in linux servers this is not implemented and it will be silent and wont send any message.

       e) Message 4 : DHCPINFORM
           This is new message added and is supported by only few servers. This message is generated by Windows XP OS and once connection is idle leave the setup for some time , you can observe this message.

Q.10) What is DHCP Relay ?

A.10) DHCP Relay is used in router as the DHCP messages are broadcast messages the router will not forward the DISCOVER message to other subnet . If you want the router to forward the messages to other subnet we can enable DHCP Relay in the router. It will simply forward the message to server and responses back to the client.
If you have any doubt about DHCP please ask in comments.

Now my turn for asking some question, please put your answer in comments:

1)  Why we need two ports 67,68 for DHCP? Why it was not managed using only one port like http?

2)  What is the packet size for DHCP packets?