DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to dynamically assign an Internet Protocol (IP) address to any device, or node, on a network so they can communicate using IP. DHCP automates and centrally manages these configurations rather than requiring network administrators to manually assign IP addresses to all network devices. DHCP can be implemented on small local networks, as well as large enterprise networks.
DHCP will assign new IP addresses in each location when devices are moved from place to place, which means network administrators do not have to manually configure each device with a valid IP address or reconfigure the device with a new IP address if it moves to a new location on the network. Versions of DHCP are available for use in IP version 4 (IPv4) and IP version 6 (IPv6). IPv6 became an industry standard in 2017 — nearly 20 years after its specifications were first published. While the adoption rate of IPv6 was slow, by July 2019, more than 29% of Google users were making inquiries using IPv6.
How DHCP works
DHCP runs at the application layer of the Transmission Control Protocol/IP (TCP/IP) stack to dynamically assign IP addresses to DHCP clients and to allocate TCP/IP configuration information to DHCP clients. This includes subnet mask information, default gateway IP addresses and domain name system (DNS) addresses.
DHCP is a client-server protocol in which servers manage a pool of unique IP addresses, as well as information about client configuration parameters, and assign addresses out of those address pools. DHCP-enabled clients send a request to the DHCP server whenever they connect to a network.
Clients configured with DHCP broadcast a request to the DHCP server and request network configuration information for the local network to which they’re attached. A client typically broadcasts a query for this information immediately after booting up. The DHCP server responds to the client request by providing IP configuration information previously specified by a network administrator. This includes a specific IP address, as well as a time period — also called a lease — for which the allocation is valid. When refreshing an assignment, a DHCP client requests the same parameters, but the DHCP server may assign a new IP address based on policies set by administrators. DHCP clients can also be configured on an Ethernet interface.
A DHCP server manages a record of all the IP addresses it allocates to network nodes. If a node is relocated in the network, the server identifies it using its Media Access Control (MAC) address, which prevents the accidental configuration of multiple devices with the same IP address. Configuring a DHCP server also requires the creation of a configuration file, which stores network information for clients.
DHCP is not a routable protocol, nor is it a secure one. DHCP is limited to a specific local area network, which means a single DHCP server per LAN is adequate or two servers for use in case of a failover. Larger networks may have a wide area network (WAN) containing multiple individual locations. Depending on the connections between these points and the number of clients in each location, multiple DHCP servers can be set up to handle the distribution of addresses. If network administrators want a DHCP server to provide addressing to multiple subnets on a given network, they must configure DHCP relay services located on interconnecting routers that DHCP requests have to cross. These agents relay messages between DHCP clients and servers located on different subnets.
DHCP lacks any built-in mechanism that would enable clients and servers to authenticate each other. Both are vulnerable to deception — one computer pretending to be another — and to attack, where rogue clients can exhaust a DHCP server’s IP address pool.
When managing many DHCP servers or DHCP servers in a WAN, users can make use of a command line. Users should also be aware that starting, stopping and restarting will affect the running of the daemon.
Components
DHCP is made up of numerous components, such as the DHCP server, client and relay. The DHCP server — typically either a server or router — is a networked device that runs on the DHCP service. The DHCP server holds IP addresses, as well as related information pertaining to configuration. The DHCP client is a device — such as a computer or phone — that can connect to a network and communicate with a DHCP server. The DHCP relay will manage requests between DHCP clients and servers. Typically, relays are used when an organization has to handle large or complex networks. Other components include the IP address pool, subnet, lease and DHCP communications protocol.
Static vs. dynamic DHCP leases
With dynamic DHCP, a client does not own the IP address assigned to it but instead leases it for a period of time. Each time a device with a dynamic IP address is powered up, it must communicate with the DHCP server to lease another IP address. Wireless devices are examples of clients that are assigned dynamic IP addresses when they connect to a network. On the other hand, static devices — such as web servers and switches — are assigned permanent IP addresses.
Under a dynamic DHCP setup, a client may also have to perform certain activities that lead to terminating its IP address and then reconnecting to the network using a different IP address. DHCP lease times can vary depending on how long a user is likely to need an internet connection at a particular location. Devices release their IP addresses when their DHCP leases expire and then request a renewal from the DHCP server if they are staying online. The DHCP server may assign a new address rather than renewing an old one.
The typical dynamic DHCP lease cycle is as follows:
- A client acquires an IP address lease through the allocation process of requesting one from the DHCP server.
- If a client already has an IP address from an existing lease, it will need to refresh its IP address when it reboots after being shut down and will contact the DHCP server to have an IP address reallocated.
- Once a lease is active, the client is said to be bound to the lease and to the address.
- Once the lease has expired, a client will contact the server that initially granted the lease to renew it so it can keep using its IP address.
- If a client is moving to a different network, its dynamic IP address will be terminated, and it will request a new IP address from the DHCP server of the new network.
DHCP uses and functions
DHCP is used to distribute IP addresses within a network and to configure the proper subnet mask, default gateway and DNS server information on the device.
DHCP, including RFC (Request for Comments) 8415 — the draft version released in November 2018 — can also be used by ordinary electronic devices whose manufacturers want them to be part of the internet of things (IoT). DHCP is one method of connecting a device — such as refrigerators and lawn sprinkler systems — to the internet using a Manufacturer Usage Description (MUD), suggested by the Internet Engineering Task Force (IETF).
An individual may also confuse DNS with Windows Internet Naming Service (WINS) servers. A WINS server is used to accomplish the same goal but in a different way using a different protocol. WINS is part of Microsoft networking topology but is not largely used today — DNS has replaced WINS.
Pros and cons of DHCP
DHCP makes it easier for network administrators to add or move devices within a network, whether it be a LAN or WAN. But DHCP is not inherently secure, and if malicious actors access the DHCP server, they can wreak havoc. Also, if the DHCP server does not have a backup and the server fails, so do the devices served by it.
Security
One of the key vulnerabilities of DHCP has been the use of so-called man in the middle (MitM) attacks, in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
DHCP servers have also been the subject of multiple memory corruption vulnerabilities. In these, attackers have targeted the Windows DHCP Server service. When successful, the attacks can lead to a full compromise of Microsoft Active Directory (AD). One such vulnerability, patched by Microsoft, was the Common Vulnerabilities and Exposures (CVE)-2019-0725 Windows DHCP Server Remote Code Execution (RCE) Vulnerability.
History of DHCP
DHCP is an extension of a 1985 network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is more advanced, and DHCP servers can handle BOOTP client requests if any BOOTP clients exist on a network segment. Using one central BOOTP server to serve hosts on many IP subnets, BOOTP introduced the concept of a relay agent that allowed BOOTP packets to be forwarded across networks. BOOTP required a manual process to add configuration information for each client, however, and did not provide a mechanism for reclaiming IP addresses no longer in use.
DHCP Operation:
Dynamic Host Configuration Protocol(DHCP) is an application layer protocol which is used to provide:
- Subnet Mask (Option 1 – e.g., 255.255.255.0)
- Router Address (Option 3 – e.g., 192.168.1.1)
- DNS Address (Option 6 – e.g., 8.8.8.8)
- Vendor Class Identifier (Option 43 – e.g., ‘unifi’ = 192.168.1.9 ##where unifi = controller)
DHCP is based on a client-server model and based on discovery, offer, request, and ACK.
DHCP port number for server is 67 and for the client is 68. It is a Client server protocol which uses UDP services. IP address is assigned from a pool of addresses. In DHCP, the client and the server exchange mainly 4 DHCP messages in order to make a connection, also called DORA process, but there are 8 DHCP messages in the process.
These messages are given as below
DHCP discover message –
This is a first message generated in the communication process between server and client. This message is generated by Client host in order to discover if there is any DHCP server/servers are present in a network or not. This message is broadcasted to all devices present in a network to find the DHCP server. This message is 342 or 576 bytes long
- As shown in the figure, source MAC address (client PC) is 08002B2EAF2A, destination MAC address(server) is FFFFFFFFFFFF, source IP address is 0.0.0.0(because PC has no IP address till now) and destination IP address is 255.255.255.255 (IP address used for broadcasting). As the discover message is broadcast to find out the DHCP server or servers in the network therefore broadcast IP address and MAC address is used.
- DHCP offer message –
The server will respond to host in this message specifying the unleased IP address and other TCP configuration information. This message is broadcasted by server. Size of message is 342 bytes. If there are more than one DHCP servers present in the network then client host will accept the first DHCP OFFER message it receives. Also a server ID is specified in the packet in order to identify the server.
- Now, for the offer message, source IP address is 172.16.32.12 (server’s IP address in the example), destination IP address is 255.255.255.255 (broadcast IP address) ,source MAC address is 00AA00123456, destination MAC address is FFFFFFFFFFFF. Here, the offer message is broadcast by the DHCP server therefore destination IP address is broadcast IP address and destination MAC address is FFFFFFFFFFFF and the source IP address is server IP address and MAC address is server MAC address.
Also the server has provided the offered IP address 192.16.32.51 and lease time of 72 hours(after this time the entry of host will be erased from the server automatically) . Also the client identifier is PC MAC address (08002B2EAF2A) for all the messages.
- DHCP request message –
When a client receives a offer message, it responds by broadcasting a DHCP request message. The client will produce a gratuitous ARP in order to find if there is any other host present in the network with same IP address. If there is no reply by other host, then there is no host with same TCP configuration in the network and the message is broadcasted to server showing the acceptance of IP address .A Client ID is also added in this message.
- Now, the request message is broadcast by the client PC therefore source IP address is 0.0.0.0(as the client has no IP right now) and destination IP address is 255.255.255.255 (broadcast IP address) and source MAC address is 08002B2EAF2A (PC MAC address) and destination MAC address is FFFFFFFFFFFF.
Note – This message is broadcast after the ARP request broadcast by the PC to find out whether any other host is not using that offered IP. If there is no reply, then the client host broadcast the DHCP request message for the server showing the acceptance of IP address and Other TCP/IP Configuration.
- DHCP acknowledgement message –
In response to the request message received, the server will make an entry with specified client ID and bind the IP address offered with lease time. Now, the client will have the IP address provided by server.
- Now the server will make an entry of the client host with the offered IP address and lease time. This IP address will not be provided by server to any other host. The destination MAC address is FFFFFFFFFFFF and the destination IP address is 255.255.255.255 and the source IP address is 172.16.32.12 and the source MAC address is 00AA00123456 (server MAC address).
- DHCP negative acknowledgement message –
Whenever a DHCP server receives a request for IP address that is invalid according to the scopes that is configured with, it send DHCP Nak message to client. Eg-when the server has no IP address unused or the pool is empty, then this message is sent by the server to client.
- DHCP decline –
If DHCP client determines the offered configuration parameters are different or invalid, it sends DHCP decline message to the server .When there is a reply to the gratuitous ARP by any host to the client, the client sends DHCP decline message to the server showing the offered IP address is already in use.
- DHCP release –
A DHCP client sends DHCP release packet to server to release IP address and cancel any remaining lease time.
- DHCP inform –
If a client address has obtained IP address manually then the client uses a DHCP inform to obtain other local configuration parameters, such as domain name. In reply to the dhcp inform message, DHCP server generates DHCP ack message with local configuration suitable for the client without allocating a new IP address. This DHCP ack message is unicast to the client.
Note – All the messages can be unicast also by dhcp relay agent if the server is present in different network.
Advantages – The advantages of using DHCP include:
- centralized management of IP addresses
- ease of adding new clients to a network
- reuse of IP addresses reducing the total number of IP addresses that are required
- simple reconfiguration of the IP address space on the DHCP server without needing to reconfigure each client
The DHCP protocol gives the network administrator a method to configure the network from a centralised area.
With the help of DHCP, easy handling of new users and reuse of IP address can be achieved.
Disadvantages – Disadvantage of using DHCP is:
- IP conflict can occur
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu