In telecommunications, the application layer is the seventh and last layer of the ISO / OSI model for computer networks. Its function is to interface and provide services for application processes; in transmission, therefore, it forwards the requests to the underlying presentation level, while in reception it receives them. An application program interacts with one of the transport layer protocols to receive data or send it by passing it in the required form. Among the most common services offered by the application layer are semantic conversions between associated application processes.
DYNAMIC HOST CONFIGURATION PROTOCOL
In telecommunications and IT, the Dynamic Host Configuration Protocol (acronym DHCP, lit. “dynamic IP configuration protocol”) is an application protocol (auxiliary) that allows devices or terminals of a certain local network to automatically receive each access request , from an IP network (such as a LAN), the IP configuration necessary to establish a connection and operate on a wider network based on Internet Protocol, i.e. interoperate with all the other sub-networks by exchanging data, as long as they are also integrated with the same way with the IP protocol. The protocol is implemented as a network service or as a type of server: for example in Unix and Unix-like systems it is implemented in the dhcpd daemon, in those based on Microsoft’s Active Directory and/or Windows Server by the dhcp server service.
GENERALITY
In a network based on the IP protocol, each computer needs an IP address, chosen in such a way that it belongs to the set of possible addresses assigned to the entire subnet (i.e. to the Net_ID) to which it is connected and that is unique, i.e. not there are other computers that are already using that address. In fact, the task of manually assigning IP addresses to computers entails a significant burden for network administrators, especially in large networks or in the case of numerous computers that connect in rotation only at certain hours or days. In addition, the IPv4 addresses available (currently used in almost all networks in the world) with the increase of computers connected to the Internet have begun to become scarce, decreasing the availability of fixed IPs for any static configurations. DHCP supports this task automatically and dynamically, that is, only when requested by the host. It is mainly used in local networks, especially over Ethernet. In other contexts, similar functions are performed within PPP. Once the network configuration has been received, the station or computer on the local network becomes a host (guest) of the Internet in effect and can undertake Web browsing sessions and all other services offered by the network itself. In fact, a DHCP service is also performed by a simple home router. Depending on the implementation, the DHCP server can have three methods of allocating IP addresses:
DYNAMIC ALLOCATION
It is the automatic allocation of temporary addresses. Dynamic allocation for a given period is called ‘lease‘. The client can extend it by further request or can release the leased address at any time if it is no longer needed. If there is a shortage of addresses, the DHCP server reuses leased addresses with the expired time.
AUTOMATIC ALLOCATION
The DHCP server automatically assigns an IP address to a requesting client in the range defined by the administrator. This is the same as in dynamic allocation, but the DHCP server maintains a table of past IP address assignments, so that it can preferentially assign the same old IP address to a client.
MANUAL ALLOCATION
The DHCP server issues a private IP address dependent on each client’s MAC Address, based on a predefined mapping by the administrator. This feature is referred to in various ways: such as static DHCP assignment in the DD-WRT, fixed address from the dhcpd documentation, address reservation from Netgear, DHCP or static DHCP reservation by Cisco and Linksys, and IP address reservation or MAC / IP address binding from various other router manufacturers. If no match is found for the client’s MAC address, the server can optionally not resort to dynamic or automatic assignment. DHCP is used for Internet Protocol version 4 (IPv4) as well as for IPv6. Although both versions serve the same purpose, the protocol details for IPv4 and IPv6 differ enough that they can be considered two separate protocols. For IPv6 operation, devices can alternatively use stateless address autoconfiguration. IPv6 hosts can also use link-local addressing to achieve operations limited to the local network link.
COMPONENTS OF THE PROTOCOL
The DHCP client is a computer that needs to obtain a valid IP address for the subnet to which it is connected, it is also the program that takes care of requesting the IP address and configuring it. The DHCP server is the computer that assigns IP addresses, it is also the process that performs this function. Sometimes this feature is built into a router. The DHCP Relay is the computer (or more often a function implemented in a router) that takes care of forwarding DHCP requests to a server, if this is not on the same subnet. This component is only required if a DHCP server is to serve multiple subnets. There must be at least one DHCP Relay for each subnet served. Each Relay must be explicitly configured to forward requests to one or more servers.
PARAMETERS MANAGED BY DHCP
The DHCP protocol is also used to assign the computer various parameters necessary for its correct functioning on the network to which it is connected. Among the most common, in addition to the dynamic assignment of the IP address, we can mention:
Subnet mask
Default gateway
DNS server addresses
Default DNS domain name
WINS server addresses
NTP server addresses
Address of a tftp server and name of a file to load for computers that load the operating system image from the network, for example via the pre-boot execution environment.
WPAD proxy configuration parameters
However, there is support in the protocol for assigning many other parameters, defined in RFC 2132, via DHCP.
REQUEST AND ATTRIBUTION OF ADDRESS
An image showing a typical DHCP session; each message could be either broadcast or unicast, depending on the capabilities of the DHCP client. DHCP uses the UDP protocol, the registered ports are 67 for the server and 68 for the client. When a computer wants to obtain an address via DHCP, it triggers the DHCP client process. At this time, the computer does not have a valid IP address, so it cannot use all the features of the network. The procedure described by the protocol consists of several handshakes between client and server, i.e. packet exchange, obviously all encapsulated in datalink level frames, such as Ethernet: First of all, the client sends a packet called DHCPDISCOVER in broadcast, with the source IP address placed conventionally to 0.0.0.0, and destination 255.255.255.255 (broadcast address). The packet is received by all hosts present in the same broadcast domain, and therefore by any DHCP servers present, which can respond (or not) with a DHCPOFFER packet in which they propose an IP address and other configuration parameters to the client . This return packet is addressed to the client’s datalink level address (to its MAC Address – it does not yet have an IP address) or in Unicast. If in the broadcast domain there are also one or more DHCP Relays, these forward the packet to their reference server, which can always respond to the client through the Relay. The Relay agent communicates to the server its IP address on the subnet from which it received the DHCPDISCOVER packet, allowing the server to understand which subnet the request came from, and then offer an address for the correct subnet. A DHCP server that is to serve several IP subnets must be configured to know the parameters of each (network address, subnet mask, broadcast address, gateway address). The client waits for a certain time to receive one or more offers, then selects one, and sends a DHCPREQUEST (or DHCPACCEPT) packet in broadcast, indicating within the packet, with the “server identifier” field, which server has selected. This packet also reaches all DHCP servers on the network (directly or via a Relay). The server that has been selected confirms the assignment of the address with a DHCPACK packet (again addressed in broadcast to the client’s datalink level address, possibly through a Relay); the other servers are automatically informed that their offer was not chosen by the client, and that there is another DHCP server on the subnet.
FURTHER DETAILS
DISCOVERY
The DHCP client broadcasts a DHCPDISCOVER message on the network subnet using the destination address 255.255.255.255 (limited broadcast) or the specific subnet broadcast address (directed broadcast). A DHCP client may also request its last known IP address. If the client remains connected to the same network, the server may grant the request. Otherwise, it depends whether the server is set up as authoritative or not. An authoritative server denies the request, causing the client to issue a new request. A non-authoritative server simply ignores the request, leading to an implementation-dependent timeout for the client to expire the request and ask for a new IP address.
For example, if HTYPE is set to 1, to specify that the medium used is Ethernet, HLEN is set to 6 because an Ethernet address (MAC address) is 6 octets long. The CHADDR is set to the MAC address used by the client. Some options are set as well.
OFFER
When a DHCP server receives a DHCPDISCOVER message from a client, which is an IP address lease request, the DHCP server reserves an IP address for the client and makes a lease offer by sending a DHCPOFFER message to the client. This message contains the client’s client id (traditionally a MAC address), the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The DHCP server may also take notice of the hardware-level MAC address in the underlying transport layer: according to current RFCs the transport layer MAC address may be used if no client ID is provided in the DHCP packet. The DHCP server determines the configuration based on the client’s hardware address as specified in the CHADDR (client hardware address) field. Here the server, 192.168.1.1, specifies the client’s IP address in the YIADDR (your IP address) field.
REQUEST
In response to the DHCP offer, the client replies with a DHCPREQUEST message, broadcast to the server,[a] requesting the offered address. A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer. The client will produce a gratuitous ARP in order to find if there is any other host present in the network with same IP address. If there is no reply by other host, then there is no host with same IP configuration in the network and the message is broadcast to server showing the acceptance of IP address. Based on required server identification option in the request and broadcast messaging, servers are informed whose offer the client has accepted. When other DHCP servers receive this message, they withdraw any offers that they have made to the client and return the offered IP address to the pool of available addresses.
ACKNOWLEDGEMENT
When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed. The protocol expects the DHCP client to configure its network interface with the negotiated parameters. After the client obtains an IP address, it should probe the newly received address (e.g. with ARP Address Resolution Protocol) to prevent address conflicts caused by overlapping address pools of DHCP servers.
EXPIRY AND RENEWAL OF IP ADDRESSES
At this point, the client is allowed to use the received address for a limited time, called the lease time. Before it expires, it will have to try to renew it by sending a new DHCPREQUEST packet to the server, which will reply with a DHCPACK if it wants to extend the address assignment. These are normal Unicast IP packets exchanged between two computers that have valid addresses. If the client fails to renew the address, he will return to the initial state trying to get another one.
IDENTIFICATION AND AUTHENTICATION OF THE CLIENT
The client identifies itself to the server through a client-id field of the DHCP packets. This field normally has the MAC address of the network card for which the address is requested as its value, but it can also be configured manually. This is the only form of authentication available for DHCP, and it is quite weak, as it uses data that is broadcast over the local network, and therefore can be easily found by any other computer connected to the same network. There are more robust ways to control access to a network, but they require support from the switches that the users are connected to, such as IEEE 802.1x. A server should try to always assign the same IP address on each subnet to the same client, but there is no guarantee that this is possible, unless an address is associated exclusively with one client. The server can use the client-id field to decide which address to assign to the client, or what other parameters to pass to it, or even not respond to the client’s request at all. Security, in terms of access to a network, is not ensured by static IP addresses but by the implementation of authentication policies both on the domain side and, possibly, on the firewall: the use of dynamic addresses has no impact on security as it is a service base that greatly facilitates the addition of client resources, not having to resort to specialized configuration every time, even if only the insertion of the physical connection parameters to the network. As mentioned, the logical connection must be managed through authentication permissions. Apart from clients in the sense of users, there are services and resources that typically must be statically addressed: printers, routers, servers, recording or surveillance systems, etc.
IDENTIFICATION OF THE SERVER
The server identifies itself to the client with its own IP address. A client could then decide to accept addresses only from a server that is already known. Any computer connected to a subnet could act as a DHCP server for the computers on that subnet, or as a relay to an arbitrary DHCP server. It is therefore possible that a computer that is misconfigured or deliberately for illegal purposes illegally offers IP addresses, creating network malfunctions and / or serious security problems. A computer that has received the IP address from a badly configured DHCP server will not be able to use the network. If, on the other hand, the abusive DHCP server is configured for illegal purposes, the consequences can be even worse: in fact, it can offer addresses that it knows are unused, or on an IP subnet other than the official one, thus avoiding generating conflicts with the official server. , and indicate itself as the default gateway. It will then have to redirect the connections made by the clients to the official gateway using IP masquerading. At this point, it will be able to intercept and sniff all the traffic generated by clients, who may not easily notice the difference. To prevent these risks, some switches offer a feature called “DHCP snooping”, whereby they analyze all DHCP packets passing through them, stopping those that did not originate from authorized servers.
FORWARD DHCP
In small networks, where only one IP subnet is managed, DHCP clients communicate directly with DHCP servers. However, DHCP servers can also provide IP addresses for multiple subnets. In this case, a DHCP client that has not yet acquired an IP address cannot communicate directly with the DHCP server using IP routing, because it does not have a router IP address, does not know the IP address of a router, and does not know the IP address. IP address of the DHCP server. To allow DHCP clients on subnets not directly served by DHCP servers to communicate with DHCP servers, you can install DHCP relay agents on these subnets. The DHCP client broadcasts on the local link; the Relay agent receives the broadcast and transmits it to one or more DHCP servers using Unicast. The Relay Agent stores its IP address in the GIADDR field of the DHCP packet. The DHCP server uses GIADDR to determine the subnet on which the Relay Agent received the broadcast and assigns an IP address on that subnet. When the DHCP server responds to the client, it sends the response to the GIADDR address, again using Unicast. The Relay Agent then retransmits the response on the local network. In this situation, the communication between the Relay agent and the DHCP server typically uses the source and destination UDP port 67.
RELIABILITY
DHCP ensures reliability in several ways: periodic renewal, rebinding, and failover. DHCP clients are assigned leases that last for a certain period of time. Clients begin trying to renew the lease once half of the lease interval has expired. They do this by sending a DHCPREQUEST message in Unicast to the DHCP server that granted the original lease. If the server is down or unreachable, it will not respond to the DHCPREQUEST. However, in this case the client repeats the DHCPREQUEST from time to time, so if the DHCP server is reset or becomes reachable again, the DHCP client will be able to contact it and renew the lease. If the DHCP server is unreachable for a long period of time, the DHCP client will attempt to rebind, broadcasting its DHCPREQUEST rather than in Unicast. Once transmitted, the DHCPREQUEST message will reach all available DHCP servers. If any other DHCP server is able to renew the lease, it will do so at this time. For rebinding to work, when the client successfully contacts a backup DHCP server, that server must have accurate client binding information. Maintaining accurate binding information between two servers is a complicated issue; if both servers are capable of updating the same lease database, there must be a mechanism to avoid conflicts between updates on independent servers. A proposal for the implementation of fault-tolerant DHCP servers was sent to the Internet Engineering Task Force, but never formalized. If the rebinding fails, the lease will eventually expire. When the lease expires, the client must stop using the IP address granted to it in its lease. It will then restart the DHCP process from the beginning by broadcasting a DHCPDISCOVER message. Since the lease has expired, it will accept any IP address offered. Once it has a new address (presumably from a different DHCP server) it will again be able to use the network. However, as its IP address has changed, all connections in progress will be dropped.
AI DEEPENING
What is DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network protocol used to automate the process of configuring IP addresses and other essential network settings on devices in a network. Its main purpose is to dynamically assign IP addresses to devices connecting to a network, without requiring them to be configured manually.
How DHCP works
DHCP follows a well-defined process based on four main steps, known as DORA:
1. Discovery:
When a device (called a “client”) connects to a network and does not have an IP address configured, it sends a DHCPDISCOVER broadcast message. This message is sent to all DHCP servers in the network to find an available server.
2. Offer:
DHCP servers in the network respond to the DHCPDISCOVER message by sending a DHCPOFFER message to the client. This message contains an IP address that the DHCP server has decided to offer to the client, along with other information such as the subnet mask, default gateway, and DNS servers.
3. Request:
The client, after receiving one or more offers from the servers, chooses one of these offers and sends a DHCPREQUEST message to the DHCP server that made the chosen offer. This step confirms that the client accepts the proposed IP address and settings.
4. Acknowledge:
The DHCP server sends an acknowledgement message called DHCPACK, which informs the client that it can use the IP address and other settings for a defined period of time (called a “lease,” or tenancy).
Main components of a DHCP server
1. Dynamically assigned IP address:
The DHCP server manages a pool of available IP addresses to be dynamically assigned to clients. The addresses are issued for a fixed period of time, after which they must be renewed.
2. Configuration options:
In addition to the IP address, the DHCP server can provide a range of other information necessary for client communication within the network, such as:
-Subnetwork mask: Specifies which portion of the IP address represents the network.
-Default Gateway: The IP address of the router or gateway that allows the client to access external networks.
-DNS Servers: The addresses of DNS servers for domain name resolution.
-Lease Duration: The length of time the client can use the IP address before it needs to be renewed.
3. Lease:
Each IP address assigned by the DHCP server is given a “lease” for a certain period of time. When the lease expires, the client must renew the address or obtain a new one. Clients can attempt to renew their lease by sending a DHCPREQUEST message before the time expires.
4. Reserved (static) IPs:
In addition to dynamic addresses, a DHCP server can also be configured to assign fixed IP addresses to specific devices, based on their MAC address. This is useful for devices such as servers or printers that require a stable, fixed IP address.
Modes of assigning IP addresses
DHCP offers several modes for assigning IP addresses:
-Dynamic: IP addresses are assigned temporarily and can change each time the client reconnects to the network.
-Automatic: IP addresses are assigned permanently, even if the device disconnects and reconnects later.
-Static: IP addresses are assigned manually by the network administrator for specific devices, usually by matching the MAC address.
Advantages of DHCP.
1. Ease of management: DHCP simplifies network administration by eliminating the need to manually configure IP addresses on individual devices.
2. Avoids IP address conflicts: Because DHCP automatically assigns IP addresses, the risk of duplicate IP addresses (two devices with the same IP) is reduced.
3. Quick and automatic configuration: Devices can be quickly added to a network without having to manually set up network configurations.
Security and considerations.
Despite its advantages, DHCP can be vulnerable to certain types of attacks:
-DHCP Spoofing Attacks: An attacker can insert his own DHCP server into the network and provide incorrect configurations or bogus IP addresses to clients.
-Rogue DHCP Server: An unauthorized DHCP server can be introduced into a network and distribute IP configurations that divert traffic to unsafe destinations.
To mitigate these risks, measures such as:
-MAC Filtering: Restrict DHCP to devices with specific MAC addresses.
-DHCP Snooping: A technique to monitor DHCP operations and prevent unauthorized DHCP servers.
Conclusion
DHCP is one of the most widely used protocols in modern networks for automatically configuring IP addresses. It significantly reduces the administrative burden and makes networks more flexible and easier to manage, while requiring some attention on the security side.
Leave A Comment