NDS and DHCP: Configuring the DHCP Service in NetWare 5
Articles and Tips:
01 Apr 1999
If you have spent much time configuring TCP/IP devices, you know that you must configure quite a few parameters. In addition to setting basic configuration parameters such as an IP address, a subnet mask, a default router, and the IP address of at least one Domain Naming System (DNS) server, you may need to define other parameters as well. If you have one hundred TCP/IP hosts, you must ensure that more than four hundred parameters are correct and that one hundred IP addresses do not conflict with each other. To make matters worse, whenever a host moves to a different subnet, you must review the parameters and modify them as required. If network administration isn't demanding enough, managing TCP/IP adds even more to your workload.
There is a solution to your TCP/IP configuration woes: Dynamic Host Configuration Protocol (DHCP) can automatically assign a variety of configuration parameters to TCP/IP devices. DHCP clients are not configured with static parameters. Instead, when a DHCP client enters the network, the client communicates with a DHCP server, which assigns the client a lease to use a specified IP address. The client can also retrieve a variety of configuration parameters such as its subnet mask, default router address, and DNS server address.
The effort required to set up DHCP is amply repaid by the ease with which clients can be relocated. When a DHCP client moves to a new location or is added to a subnet, the client automatically retrieves an IP address and other parameters that are appropriate for the new location.
The DHCP service in NetWare 5 supports several client parameters (called options in DHCP terminology) that relate to NetWare functions. For example, NetWare clients can learn the IP addresses of Novell Directory Services (NDS) servers, their NDS tree names, and their initial NDS context from DHCP. By querying DHCP, NetWare clients can establish their settings for using the Service Location Protocol (SLP). (For more information about SLP, see "Service Location Protocol: Discovering Services in a Pure IP Environment," NetWare Connection, July 1998, pp. 32-37. You can download this article from http://www.nwconnection.com/jul.98/slp78.) In addition, DHCP can distribute a variety of settings for NetWare/IP.
This article is the first in a two-part series that describes the operation of DHCP and explains how to implement DHCP with NetWare 5. To manage DHCP effectively, you need to understand how DHCP manages client leases. With this background, you will understand how to implement DHCP on servers and clients.
HOW DHCP MANAGES IP ADDRESS LEASES
DHCP has evolved from the older Bootstrap Protocol (BOOTP). Although you can use BOOTP to configure clients with IP addresses and a few other parameters, BOOTP lacks the extensibility of DHCP and does not support client leases.
A lease enables DHCP to grant the use of an IP address to a client for a predetermined period of time. As the lease approaches expiration, the client can attempt to renew the lease. If the lease expires without being renewed successfully, the client loses its IP address and must obtain a new lease. This approach enables DHCP servers to manage pools of IP addresses that can be recycled as clients are added to and removed from the network.
Figure 4 illustrates the interaction between DHCP servers and clients. The lease process works in the following way:
When a DHCP client enters the network, this client enters an initializing state and broadcasts a DHCPDISCOVER message on the local network. Every DHCP server that receives the DHCPDISCOVER message and can offer an IP address lease for the network on which the message originated responds with a DHCPOFFER message. This message includes an IP address and associated configuration information.
After sending an initializing message, the DHCP client enters a selecting state in which the client waits for DHCPOFFER messages and examines any messages it receives.
The DHCP client selects one of the DHCPOFFER messages and enters a requesting state by sending a DHCPREQUEST message to the DHCP server that issued the DHCPOFFER message. The DHCPREQUEST message requests a lease for the offered configuration.
If the DHCP server can still grant the request, this server generates a DHCPACK (acknowledgment) message that puts the IP address and configuration information in the form of a lease. The network administrator specifies the length of the lease.
When the DHCP client receives the DHCPACK message, this client enters a bound state in which it configures itself with the parameters specified by the lease. (A DHCP client in a bound state has a network address and can communicate with other IP devices.) The DHCP client retains this lease for the length of time specified. If the DHCP client is restarted, it communicates with the DHCP server and attempts to access the active lease.
When the lease time approaches an interval called the T1 interval, the DHCP client attempts to renew the lease by sending a unicast DHCPREQUEST message to the DHCP server that granted the lease. Typically, the T1 interval is approximately 50 percent of the lease time. The T1 interval is determined by client default settings or by parameters received from DHCP.
If the server that granted the lease cannot renew the lease at the T1 interval, the DHCP client continues to use the lease until the T2 interval is reached. At this time, the DHCP client enters a rebinding state and attempts to solicit a lease from all available DHCP servers by broadcasting DHCPREQUEST messages. If a new lease is granted, the DHCP client begins to use the new lease. The DHCP server that granted the lease will remove the old lease from its database when the lease has expired.
If the DHCP client does not receive a response from another DHCP server at the T2 interval, most DHCP clients display a message to notify the user that the IP address lease has been lost. The DHCP client then returns to an initializing state in which this client starts the DHCP discovery process again.
Figure 4: This diagram illustrates the states of a DHCP client as it obtains and renews its DHCP lease.
Although the DHCP lease process sounds complicated, the interactions between the DHCP client and DHCP servers are usually invisible to the user. DHCP clients typically obtain and renew their leases in the background. Users seldom need to intervene manually.
In some instances, you may want to assign a fixed IP address to a particular DHCP client, such as the web server on your company's intranet. Users access the web server using its domain name, which DNS maps to a fixed IP address. You don't want DHCP to assign a different IP address to the web server because this new address would invalidate the web server's Address resource record. However, you may want to use DHCP to configure the web server's TCP/IP parameters such as its default router. To achieve these goals, you can configure DHCP so that the web server always receives the same IP address when it leases its IP address.
DHCP AND ROUTERS
If a DHCP client does not have an IP address, this client broadcasts a DHCPDISCOVER message requesting an address lease from any available DHCP server. Why does the DHCP client use a broadcast message? When the DHCP client first enters the network, this client is in an initializing state and does not have a TCP/IP configuration. The DHCP client does not know the IP address of a DHCP server and cannot use a unicast message to communicate. The DHCP client's only recourse is to send a message to the general broadcast IP address (255.255.255.255).
Broadcast messages present problems on routed networks because IP routers do not forward messages sent to address 255.255.255.255. Each node must examine a broadcast packet to determine if it should be received. If broadcast messages were sent across routers, these messages would cascade throughout the internetwork and would loop through any redundant paths until their time to live counters had expired.
If DHCP clients must use broadcast messages to communicate with DHCP servers, how can they communicate if a router separates the DHCP client from its DHCP server? You must configure the router to use a feature called BOOTP forwarding to forward DHCP broadcasts. (Because DHCP is derived from the older BOOTP protocol, the two protocols use similar messages to request IP addresses from servers.)
Figure 5 illustrates a network with two routers, three subnets, one DHCP server, and several DHCP clients. Both routers are configured as BOOTP forwarders. As part of their configurations, the routers know the IP address of the DHCP server. The routers receive clients' DHCPDISCOVER messages and act as intermediaries between the clients and the servers.
Figure 5: BOOTP forwarding enables DHCP clients to communicate through routers with DHCP servers.
Because the routers know the IP address of the DHCP server, they can use a unicast message to communicate with the DHCP server, and of course, unicast messages can be routed. If the DHCP server responds with a DHCPOFFER message, this server directs the message to the BOOTP forwarder, which, in turn, directs the message to the DHCP client.
If multiple DHCP servers are available, you can configure the BOOTP forwarders with the IP addresses of each DHCP server. Each DHCP server then has the opportunity to respond to all client requests.
To configure NetWare servers as BOOTP forwarders, load the BOOTPFWD NetWare Loadable Module (NLM). On NetWare 4 and NetWare 5 servers, you use the INETCFG utility to configure this NLM. To configure BOOTP forwarding on a NetWare 5 server, complete the following steps:
Select Protocols in the Internetworking Configuration menu.
Select TCP/IP in the Protocol Configuration menu.
Select Expert Configuration Options in the TCP/IP Protocol Configuration form.
Select BOOTP Forwarding Configuration in the TCP/IP Expert Configuration form to open the BootP Forwarding Configuration Options form, which is used to complete steps 6, 7, and 8.
Select BootP Servers List to display a list of BOOTP server IP addresses. Press the Insert key to add an IP address to the list. You must configure at least one BOOTP server before BOOTP packet forwarding can be enabled.
To load BOOTP on the server, change the BootP Packet Forwarding field to Enabled.
Select one of the following three values in the Log Operation field:
Do Not Log disables logging. Logging should not be necessary unless you are troubleshooting the BOOTP protocol.
Log to BootP Screen logs messages to the BOOTP protocol monitor screen.
Log to File logs messages to a file. If messages will be logged to a file, the Log File field specifies the path name of the log file. The default path name is SYS:\ETC\BOOTP.LOG.
Press the Escape key to return to the Internetworking Configuration main menu, and select the Reinitialize System option to activate the BOOTPFWD NLM.
THE NETWARE 5 DHCP SERVICE
The NetWare 5 DHCP service relies on five objects that are added to the NDS schema:
DHCP Server Objects. You create a DHCP Server object for each NetWare 5 server that is running the DHCP service. DHCP Server objects are leaf objects that you can place in Country (C), Organization (O), and Organizational Unit (OU) container objects.
Subnet Objects. You create a Subnet object for each IP subnet that supports DHCP clients. A subnet is a contiguous address space that is defined by an IP network address and subnet mask. Subnet objects are container objects in which the DNS/DHCP Management Console places Subnet Address Range objects and IP Address objects. You can place subnet objects in C, O, and OU containers.
Subnet Address Range Objects. You create a Subnet Address Range object to allocate part or all of the addresses on a subnet for dynamic address assignment. Subnet Address Range objects are leaf objects that are created in Subnet container objects. IP Address Objects. An IP Address object defines each active IP address assignment that the DHCP service makes. The DHCP service creates most IP Address objects as it dynamically assigns and terminates leases, but you can create IP Address objects manually to make static address assignments. IP Address objects are leaf objects that are created in Subnet objects.
Subnet Pool Objects. You define Subnet Pool objects to support dynamic IP lease assignments on virtual LANs (VLANs). Subnet Pool objects are leaf objects that you can place in C, O, and OU containers. (The second article in this series will discuss Subnet Pool objects in more depth.)
There is a drawback associated with dynamic IP address assignment. Most DHCP clients do not have fixed IP addresses. When a DHCP client enters the network for the first time, the client receives the next available IP address. The client's IP address may change from time to time if the client is unable to renew a lease. If clients' IP addresses can change, how do you create DNS Address resource records that map client names to IP addresses?
Dynamic DNS, a recent enhancement to DHCP and DNS, solves this problem. Dynamic DNS enables DHCP to inform DNS when clients receive, change, or lose their IP addresses. The NetWare 5 DNS and DHCP services support Dynamic DNS. (The second article in this series will discuss support for Dynamic DNS.)
PREPARING TO CONFIGURE THE NETWARE 5 DHCP SERVICE
Before you can configure the NetWare 5 DHCP service, you must add the DNS and DHCP schema extensions to NDS and configure a client to use the DNS/DHCP Management Console. These procedures are described in "NDS and DNS: Configuring DNS Services in NetWare 5." (See NetWare Connection, Feb. 1999, pp. 29-38. You can download this article from http://www.nwconnection.com/feb.99/dns29.) This article also explains the fundamentals of using the DNS/DHCP Management Console--fundamentals that also apply to the DHCP service.
For example, Figure 6 shows the DNS/DHCP Management Console after a variety of DHCP objects have been created. You can view the DHCP configuration by selecting the DHCP Server tab above the toolbar.
Figure 6: This figure illustrates the DHCP objects required to support the network shown in Figure 5.
The sample network shown in Figure 5 contains three subnets with DHCP clients and servers on each subnet. The IP addressing for a subnet is defined by the subnet's network ID and its subnet mask. This sample network includes the following subnets:
192.168.1.0 with subnet mask 255.255.255.0
192.168.2.0 with subnet mask 255.255.255.0
192.168.3.0 with subnet mask 255.255.255.0
This sample network includes one DHCP server that supports clients on all subnets. As mentioned earlier, for networks such as this one, you must enable BOOTP forwarding on the routers. To configure the DHCP server on this network, you complete the following steps:
Define a DHCP Server object that describes the server.
Create a Subnet object for each subnet.
Create a Subnet Address Range object for each subnet.
Activate the DHCP service.
The following sections describe these steps in more depth.
CREATING AND MANAGING DHCP SERVER OBJECTS
You begin configuring the DHCP service by creating at least one DHCP Server object. You must create a DHCP Server object for each NetWare 5 server that will run the DHCP service (the DHCPSRVR NLM).
You will probably want to store DHCP objects in separate NDS containers so that you can easily delegate management responsibilities to the users who will manage the DHCP service. (The second article in this series will explain how to design your company's DHCP infrastructure for NDS.) You must have the Create right for any container object in which you want to create an NDS object. DHCP Server objects are created in the container object that holds the NetWare 5 Server object, but you can move the DHCP Server objects to other container objects as needed.
You complete the following steps to create a DHCP Server object:
Select the DHCP Service tab in the DNS/DHCP Management Console, and click the Create button in the toolbar.
Select the DHCP Server option in the Create New DHCP Record menu, and click the OK button.
The Create DHCP Server dialog box appears, containing two fields:
Click the Create button.
After the DHCP Server object is created, a server icon is added at the bottom of the DNS/DHCP Management Console screen. The DHCP Server object is given the name DHCP_servername. (Servername is the name of the NetWare 5 server associated with the object.)
Until the DHCPSRVR NLM is loaded on the DHCP server, its icon is marked with a red slash, indicating that the server is inactive. To activate the DHCP service, you must assign at least one Subnet object and one Subnet Address Range object to the DHCP Server object; otherwise, the DHCP server does not have any IP addresses to assign to DHCP clients. (The procedure for activating the DHCPSRVR NLM is explained later in this article.)
CREATING AND MANAGING SUBNET OBJECTS
After you create the DHCP Server object, you must create the Subnet objects for your organization's network. To create a Subnet object, complete the following steps:
Click the Create button in the DNS/DHCP Management Console toolbar.
Select the Subnet option in the Create New DHCP Record menu, and click the OK button.
Complete the Create Subnet dialog box as follows:
Subnet Name. Enter a descriptive name for the subnet.
Select NDS Context. Specify the distinguished name of the NDS context in which the Subnet object will be created, or click the NDS Browse button to browse the NDS tree.
Subnet Address. Enter the network address associated with the subnet.
Subnet Mask. Enter the subnet mask associated with the subnet.
Default DHCP Server. Select a DHCP server that will service clients for the subnet.
Define Additional Properties. Select this box if you want the DNS/DHCP Management Console to display the object's properties after it is created.
Click the Create button.
Subnet objects are displayed in the tree in the left-hand pane of the DNS/DHCP Management Console. Subnet Address Range objects and IP Address objects appear under Subnet objects in the tree.
Certain IP addresses cannot be assigned to devices. Specifically, the host ID portion of the IP address cannot be all 0s or all 1s. You don't need to be concerned about these addresses. The DNS/DHCP Management Console automatically creates IP Address objects that exclude these addresses from the addresses that can be assigned for the subnet. In Figure 6, for example, you can see an IP address object for IP address 192.168.1.0. (The second article in this series will discuss IP Address objects in more depth.)
In Figure 6, a Subnet object is selected so that you can see this object's detail parameters. There are three tabs in the detail pane for a Subnet object: the Addressing tab, the Subnet Options tab, and the Other DHCP Options tab. The following sections explain the Addressing tab and the Subnet Options tab. The second article will explain the Other DHCP Options tab, which is used to define parameters that are assigned to DHCP clients.
The Addressing Tab
After you create a Subnet object, you cannot modify the Subnet Address or Subnet Mask fields. To modify these values, you must delete the Subnet object and recreate it. You can, however, modify the following fields on the Addressing tab:
DNS Zone for Dynamic Update. In this field you specify the name of a DNS domain that is updated by Dynamic DNS. (The second article in this series will discuss dynamic DNS.)
Domain Name. You use this optional field to specify the value of the Domain Name DHCP option (option number 15). You can use this field to specify a domain name that will be concatenated to the host name supplied by the client. For example, if the Domain Name field contains the name pseudo-corp.com and the host name is blythe, the value of the Domain Name option will be blythe.pseudo-corp.com. This field is used to configure Dynamic DNS and will be explained in more depth in the second article in this series.
Subnet Pool Preference. You use this optional field to designate the subnet as a member of a subnet pool. (The second article in this series will discuss subnet pools.)
Default DHCP Server. This field specifies the DHCP server that provides leases for this subnet. If more than one DHCP Server object has been created, you can select the server you want.
Comments. Because subnets are often reconfigured, you may want to record the purpose and history of the subnet in the Comments field.
The Subnet Options Tab
The Subnet Options tab for a Subnet object contains two radio buttons that specify the duration of leases assigned for this subnet:
Permanent. Leases will have indefinite duration unless revoked by a network administrator. A network administrator revokes a lease by deleting the IP Address object associated with the lease.
Timed. Leases are assigned for a limited time and must be renewed periodically. (See Figure 4.)
Because DHCP clients receive parameters in addition to their IP addresses, assigning permanent leases or leases with long durations is usually a bad strategy. If DHCP clients configure their default router addresses through DHCP and the address of the default router changes, these clients will not receive updated settings until the clients renew their leases. DHCP clients with permanent leases do not receive parameter updates unless they are rebooted or the lease is manually renewed by the user.
The default lease duration of three days seems to be a good compromise that enables DHCP clients to retain their leases through a normal weekend without generating high levels of DHCP traffic that may result if leases were of shorter duration. You may want to use short leases on subnets that support large numbers of transient users. For example, suppose that your organization's field salespeople return to the office periodically and connect their notebooks to the network to download sales figures. These salespeople do not need multiday leases. In fact, if you use short-term leases, a small pool of addresses can support a large number of infrequent users.
CREATING AND MANAGING SUBNET ADDRESS RANGE OBJECTS
To have a fully functioning subnet, you must create at least one Subnet Address Range object to establish a group of IP addresses that can be assigned to DHCP clients. In many cases, you will not want all of the IP addresses on a subnet to be assigned dynamically. For example, routers and servers usually require fixed IP addresses and often cannot be configured as DHCP clients. Therefore, it is quite common to create Subnet Address Range objects that include only part of the addresses that are available on a subnet.
To create a Subnet Address Range object, you complete the following steps:
Using the DNS/DHCP Management Console, select the Subnet object that contains the IP addresses associated with the Subnet Address Range object.
Click the Create button in the toolbar.
Select the Subnet Address Range option in the Create New DHCP Record menu, and click the OK button.
Complete the Create Subnet Address Range dialog box as follows:
Subnet Address Range Name. Enter a descriptive name for the subnet address range.
Start Address. Enter the first IP address in the subnet address range.
End Address. Enter the last IP address in the subnet address range.
Define Additional Properties. Select this box if you want the DNS/DHCP Management Console to display the Subnet Address Range object's properties after it is created.
Click the Create button.
Figure 6 shows a Subnet Address Range object for the address range 192.168.1.25 through 192.168.1.255. Notice that the DNS/DHCP Management Console created an IP Address object for address 192.168.1.255. This particular type of IP Address object is referred to as an exclusion IP Address object. Exclusion IP Address objects are used to ensure that illegal addresses are not assigned to clients, and are located under Subnet Address Range or Subnet objects. (The second article in this series will discuss IP Address objects.)
To change the addresses for a Subnet Address Range object, you must delete the object and recreate it. Other parameters on the details page can be modified, however. You can select a DHCP Server in the DHCP Server field and can describe the purpose and history of the Subnet Address Range in the Comments field.
The remaining fields pertain to Dynamic DNS, which will be discussed in the second article in this series. In that article, you will learn more about the Range Type, Auto Hostname Starts With, and DNS Update Option fields.
STARTING AND STOPPING THE DHCP SERVICE
If you complete the steps outlined in this article, you are ready to run a basic DHCP service. To start the service, enter the following command at the NetWare 5 server console:
When you load the DHCPSRVR NLM, the red slash is cleared from the DHCP Server icon in the DNS/DHCP Management Console.
The DHCPSRVR NLM accepts several parameters. You can view a complete list of options by including the -H option in the LOAD command:
LOAD DHCPSRVR -H
For example, the -D option is particularly useful; this option activates a background screen log of DHCP packets. You can use this log to troubleshoot communication between the DHCP server and its clients.
The DHCP service running on the server does not check NDS for configuration changes. If you make any changes to the parameters of the DHCP Server object or to the Subnet objects or Subnet Address Range objects that the DHCP server supports, you must pause and restart the DHCP service. You can pause and restart the service from the DNS/DHCP Management Console if you do not want to unload and reload the DHCPSRVR NLM.
To pause the DHCP service, select the DHCP Server object in the DNS/DHCP Management Console, and click the Start/Stop Service button in the toolbar. When the DHCP service is stopped, the DHCP server icon is marked with a red circle, indicating that the DHCPSRVR NLM is loaded but is not responding to client requests. Click the Start/Stop Service button again to restart the DHCP service.
CONFIGURING DHCP CLIENTS
Configuring Windows NT and Windows 98/95 computers as DHCP clients is easy. You simply open the Network dialog box in the Control Panel, and then complete the steps for the operating system you are using:
For Windows NT, select the Protocols tab, select the TCP/IP Protocol entry, click Properties, and then select the Obtain an IP Address From a DHCP Server radio button. Restart the computer to activate the changes.
For Windows 98/95, select the TCP/IP protocol that binds to your network adapter, click Properties, and then select the Obtain an IP Address Automatically radio button. Restart the computer to activate the changes.
THOSE ARE THE BASICS
This article explained how to set up a basic NetWare 5 DHCP service. The second article in this series will explain how to manage a more complex DHCP environment. You will learn how to perform the following tasks:
Examine, release, and renew leases by using Windows 98/95 and Windows NT client utilities
Use and manage IP Address objects and Subnet Pool objects
Use Dynamic DNS
Use DHCP options to configure clients
Troubleshoot the NetWare 5 DHCP service
Design your company's DHCP infrastructure for NDS
Drew Heywood is a network administrator who currently spends most of his time writing books and articles about networking. He is the author of several books including Novell's Guide to TCP/IP and intraNetWare, written for Novell Press. Drew holds CNE and MCSE certifications.
Drew would like to thank Chuck Flood, who works for Novell Inc. Chuck was a great resource in helping Drew write this article: Chuck provided technical advice and reviewed the finished article.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.