Leksion 04 - DHCP


Konfigurimi i nje serveri DHCP qe sherben konfigurime IP ne dy rrjeta te ndryshem

DHCP server serving two subnets



Per te realizuar kete ushtrim:
  • se pari do te sigurohemi qe VMWARE nuk e ka te aktivizuar serverin DHCP ne rrjetat virtuale VMNET8 dhe VMNET9
  • se dyti do te sigurohemi qe makinat CentOS2 dhe CentOS3 jane te lidhur perkatesisht me rrjetat virtuale VMNET8 dhe VMNET9
  • se treti do te konfigurojme sejcilen nga makinat CentOS2 dhe CentOS3  qe  te kerkojne nje konfigurim IP nepermjet DHCP

Instalimi dhe konfigurimi i serverit DHCP

LAB







Dynamic Host Configuration Protocol (DHCP) is a network protocol that automatically assigns TCP/IP information to client machines. Each DHCP client connects to the centrally located DHCP server, which returns the network configuration (including the IP address, gateway, and DNS servers) of that client.

Why Use DHCP?

DHCP is useful for automatic configuration of client network interfaces. When configuring the client system, you can choose DHCP instead of specifying an IP address, netmask, gateway, or DNS servers. The client retrieves this information from the DHCP server. DHCP is also useful if you want to change the IP addresses of a large number of systems. Instead of reconfiguring all the systems, you can just edit one configuration file on the server for the new set of IP addresses. If the DNS servers for an organization changes, the changes happen on the DHCP server, not on the DHCP clients. When you restart the network or reboot the clients, the changes go into effect.
If an organization has a functional DHCP server correctly connected to a network, laptops and other mobile computer users can move these devices from office to office.

Configuring a DHCP Server

The dhcp package contains an Internet Systems Consortium (ISC) DHCP server. 
First, install the package as the superuser:

~]# yum install dhcp

Installing the dhcp package creates a file, /etc/dhcp/dhcpd.conf, which is merely an empty configuration file:

~]# cat /etc/dhcp/dhcpd.conf 
# DHCP Server Configuration file. 
# see /usr/share/doc/dhcp*/dhcpd.conf.sample

The sample configuration file can be found at /usr/share/doc/dhcp-<version>/dhcpd.conf.sample
You should use this file to help you configure /etc/dhcp/dhcpd.conf, which is explained in detail below.
DHCP also uses the file /var/lib/dhcpd/dhcpd.leases to store the client lease database

Configuration File

The first step in configuring a DHCP server is to create the configuration file that stores the network information for the clients. Use this file to declare options and global options for client systems.
The configuration file can contain extra tabs or blank lines for easier formatting. Keywords are case-insensitive and lines beginning with a hash sign (#) are considered comments.
There are two types of statements in the configuration file:
  • Parameters — State how to perform a task, whether to perform a task, or what network configuration options to send to the client.
  • Declarations — Describe the topology of the network, describe the clients, provide addresses for the clients, or apply a group of parameters to a group of declarations.
The parameters that start with the keyword option are referred to as options. These options control DHCP options; whereas, parameters configure values that are not optional or control how the DHCP server behaves.
Parameters (including options) declared before a section enclosed in curly brackets ({ }) are considered global parameters. Global parameters apply to all the sections below it.
 Note:
If the configuration file is changed, the changes do not take effect until the DHCP daemon is restarted with the command
 service dhcpd restart.
Instead of changing a DHCP configuration file and restarting the service each time, using the omshell command provides an interactive way to connect to, 
query, and change the configuration of a DHCP server. By using omshell, all changes can be made while the server is running.

The example below provides a dhcp.conf configuration file

subnet 192.168.1.0 netmask 255.255.255.0 

option routers 192.168.1.254; 
option subnet-mask 255.255.255.0; 
option domain-search "example.com"; 
option domain-name-servers 192.168.1.1; 
option time-offset -18000; # Eastern Standard Time 
range 192.168.1.10 192.168.1.100; 
}



This configuration file defines a subnet and declares options for the dhcp configurations.
It defines a parameter called range which defines the range of available IP addresses ( 192.168.1.10-192.168.1.100)
The routers, subnet-mask, domain-search, domain-name-servers, and time-offset options are used for any host statements declared below it.
For :
  • every subnet which will be served, and 
  • for every subnet to which the DHCP server is connected, 
there must be one subnet declaration, which tells the DHCP daemon how to recognize that an address is on that subnet
A subnet declaration is required for each subnet even if no addresses will be dynamically allocated to that subnet.
In this example, there are global options for every DHCP client in the subnet and a range declared. 
Clients are assigned an IP address within the range.

To configure a DHCP server that leases a dynamic IP address to a system within a subnet, modify  the example below with your values. 
It declares a default lease time, maximum lease time, and network configuration values for the clients. 
This example assigns IP addresses in the range 192.168.1.10 and 192.168.1.100 to client systems.

default-lease-time 600; 
max-lease-time 7200; 
option subnet-mask 255.255.255.0; 
option broadcast-address 192.168.1.255; 
option routers 192.168.1.254; 
option domain-name-servers 192.168.1.1, 192.168.1.2; 
option domain-search "example.com"; 
subnet 192.168.1.0 netmask 255.255.255.0 

range 192.168.1.10 192.168.1.100; 
}


To assign an IP address to a client based on the MAC address of the network interface card, use the hardware ethernet parameter within a host declaration. 

As demonstrated in the example below , the host apex declaration specifies that the network interface card with the MAC address 00:A0:78:8E:9E:AA 
always receives the IP address 192.168.1.4.
Note that you can also use the optional parameter host-name to assign a host name to the client.

host apex 
option host-name "apex.example.com"; 
hardware ethernet 00:A0:78:8E:9E:AA; 
fixed-address 192.168.1.4; 
}



All subnets that share the same physical network should be declared within a shared-network declaration as shown in the example below.
Parameters within the shared-network, but outside the enclosed subnet declarations, are considered to be global parameters. 
The name of the shared-network must be a descriptive title for the network, such as using the title 'test-lab' to describe all the subnets in a test lab environment.

shared-network name 
option domain-search "test.redhat.com"; 
option domain-name-servers ns1.redhat.com, ns2.redhat.com; 
option routers 192.168.0.254; 
#more parameters for shared-network 

subnet 192.168.1.0 netmask 255.255.252.0 
#parameters for subnet 
range 192.168.1.1 192.168.1.254; 

subnet 192.168.2.0 netmask 255.255.252.0 
#parameters for subnet 
range 192.168.2.1 192.168.2.254; 

}


The group declaration is used to apply global parameters to a group of declarations. 
For example, shared networks, subnets, and hosts can be grouped.


group 

option routers 192.168.1.254; 
option subnet-mask 255.255.255.0; 
option domain-search "example.com"; 
option domain-name-servers 192.168.1.1; 
option time-offset -18000; # Eastern Standard Time 

host apex
{
option host-name "apex.example.com";
hardware ethernet 00:A0:78:8E:9E:AA;
fixed-address 192.168.1.4;
}

host raleigh
{
option host-name "raleigh.example.com";
hardware ethernet 00:A1:DD:74:C3:F2;
fixed-address 192.168.1.6;
}

}



You can use the provided sample configuration file as a starting point and add custom configuration options to it. 
To copy this file to the proper location, use the following command:


cp /usr/share/doc/dhcp-<version_number>/dhcpd.conf.sample /etc/dhcp/dhcpd.conf

where <version_number> is the DHCP version number.

or use the nano editor.

Lease Database

On the DHCP server, the file /var/lib/dhcpd/dhcpd.leases stores the DHCP client lease database. 
Do not change this file. 
DHCP lease information for each recently assigned IP address is automatically stored in the lease database. 
The information includes:
  • the length of the lease, 
  • to whom the IP address has been assigned, 
  • the start and end dates for the lease, 
  • and the MAC address of the network interface card that was used to retrieve the lease.
All times in the lease database are in Coordinated Universal Time (UTC), not local time.

The lease database is recreated from time to time so that it is not too large. 
First, all known leases are saved in a temporary lease database. 
The dhcpd.leases file is renamed dhcpd.leases~ and the temporary lease database is written to dhcpd.leases.
The DHCP daemon could be killed or the system could crash after the lease database has been renamed to the backup file but before the new file has been written. 
If this happens, the dhcpd.leases file does not exist, but it is required to start the service. 
Do not create a new lease file. If you do, all old leases are lost which causes many problems. 
The correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start the daemon.


Starting and Stopping the Server

Starting the DHCP server for the first time
When the DHCP server is started for the first time, it fails unless the dhcpd.leases file exists
You should create the files /var/lib/dhcpd/dhcpd.leases  if it does not exist.
If the same server is also running BIND as a DNS server, this step is not necessary, as starting the named service automatically checks for a dhcpd.leases file.

To start the DHCP service, use the command /sbin/service dhcpd start
To stop the DHCP server, use the command /sbin/service dhcpd stop.
By default, the DHCP service does not start at boot time.

A a default the DHCP Server listens on all attached interfaces.
If more than one network interface is attached to the system, but the DHCP server should only be started on one of the interfaces, 
you can configure the DHCP server to start only on that device. 

In /etc/sysconfig/dhcpd, add the name of the interface to the list of 

DHCPDARGS:
# Command line options here 
DHCPDARGS=eth0

This is useful for a firewall machine with two network cards. 
One network card can be configured as a DHCP client to retrieve an IP address to the Internet. 
The other network card can be used as a DHCP server for the internal network behind the firewall. 
Specifying only the network card connected to the internal network makes the system more secure because users can not connect to the daemon via the Internet.

Other command line options that can be specified in /etc/sysconfig/dhcpd include:
  • -p <portnum> — Specifies the UDP port number on which dhcpd should listen. The default is port 67. The DHCP server transmits responses to the DHCP clients at a port number one greater than the UDP port specified. For example, if the default port 67 is used, the server listens on port 67 for requests and responds to the client on port 68. If a port is specified here and the DHCP relay agent is used, the same port on which the DHCP relay agent should listen must be specified
  • -f — Runs the daemon as a foreground process. This is mostly used for debugging.
  • -d — Logs the DHCP server daemon to the standard error descriptor. This is mostly used for debugging. If this is not specified, the log is written to /var/log/messages.
  • -cf <filename> — Specifies the location of the configuration file. The default location is /etc/dhcp/dhcpd.conf.
  • -lf <filename> — Specifies the location of the lease database file. If a lease database file already exists, it is very important that the same file be used every time the DHCP server is started. It is strongly recommended that this option only be used for debugging purposes on non-production machines. The default location is /var/lib/dhcpd/dhcpd.leases.

DHCP Relay Agent

The DHCP Relay Agent (dhcrelay) allows for the relay of DHCP and BOOTP requests from a subnet with no DHCP server on it to one or more DHCP servers on other subnets.
When a DHCP client requests information, the DHCP Relay Agent forwards the request to the list of DHCP servers specified when the DHCP Relay Agent is started. 
When a DHCP server returns a reply, the reply is broadcast or unicast on the network that sent the original request.
The DHCP Relay Agent listens for DHCP requests on all interfaces unless the interfaces are specified in /etc/sysconfig/dhcrelay with the INTERFACES directive.
To start the DHCP Relay Agent, use the command service dhcrelay start.


Understanding relay agents

A relay agent is a small program that relays DHCP/BOOTP messages between clients and servers on different subnets. 
DHCP/BOOTP relay agents are part of the DHCP and BOOTP standards and function according to the Request for Comments (RFCs), 
standard documents that describe protocol design and related behavior.


How relay agents work

A relay agent relays DHCP/BOOTP messages that are broadcast on one of its connected physical interfaces, such as a network adapter, to other remote subnets to which it is connected by other physical interfaces. The following illustration shows how client C on Subnet 2 obtains a DHCP address lease from DHCP server 1 on Subnet


DHCP/BOOTP relay agent

  1. DHCP client C broadcasts a DHCP/BOOTP discover message (DHCPDISCOVER) on Subnet 2, as a User Datagram Protocol (UDP) datagram using the well-known UDP server port of 67 (the port number reserved and shared for BOOTP and DHCP server communication).
  2. The relay agent, in this case a DHCP/BOOTP relay-enabled router, examines the gateway IP address field in the DHCP/BOOTP message header. If the field has an IP address of 0.0.0.0, the agent fills it with the relay agent or router's IP address and forwards the message to the remote Subnet 1 where the DHCP server is located.
  3. When DHCP server 1 on remote Subnet 1 receives the message, it examines the gateway IP address field for a DHCP scope that can be used by the DHCP server to supply an IP address lease.
  4. If DHCP server 1 has multiple DHCP scopes, the address in the gateway IP address field identifies the DHCP scope from which to offer an IP address lease.
  5. For example, if the gateway IP address field has an IP address of 10.0.0.2, the DHCP server checks its available set of address scopes for a scope range of addresses that matches the class A IP network that includes the gateway address as a host. In this case, the DHCP server would make a check for a scope of addresses between 10.0.0.1 and 10.0.0.254. If a matching scope exists, the DHCP server selects an available address from the matched scope to use in an IP address lease offer response to the client.
  6. When DHCP server 1 receives the DHCPDISCOVER message, it processes and sends an IP address lease offer (DHCPOFFER) directly to the relay agent identified in the gateway IP address  field.
  7. The router then relays the address lease offer (DHCPOFFER) to the DHCP client.

Configuring a DHCP Client

To configure a DHCP client manually, modify the /etc/sysconfig/network file to enable networking,

and the configuration file for each network device in the /etc/sysconfig/network-scripts directory. 

In this directory, each device should have a configuration file named ifcfg-eth0, where eth0 is the network device name.
Make sure that the /etc/sysconfig/network-scripts/ifcfg-eth0 file contains the following lines:

DEVICE=eth0 
BOOTPROTO=dhcp 
ONBOOT=yes

To use DHCP, set a configuration file for each device.

Other options for the network script include:

DHCP_HOSTNAME — Only use this option if the DHCP server requires the client to specify a hostname before receiving an IP address.
PEERDNS=<answer>, where <answer> is one of the following:

yes — Modify /etc/resolv.conf with information from the server. If using DHCP, then yes is the default.
no — Do not modify /etc/resolv.conf.